Skip to main content

DockerRuntime

bv_runtime::docker

Struct DockerRuntime 

Source 
pub struct DockerRuntime;

Implementations§

Source§

impl DockerRuntime

Source

pub fn pull_verified( &self, image: &OciRef, expected_digest: &str, progress: &dyn ProgressReporter, ) -> Result<ImageDigest>

Pull image and bail if the registry-reported digest does not match expected_digest.

pull itself does not enforce this: it returns whatever digest the registry hands back. Most callers (bv sync) already cross-check against the lockfile, but the bv run and bv conform paths short circuit through is_locally_available, which only proves that a matching RepoDigests entry exists in the local cache, not that the upstream image still resolves to the pinned sha. New code that requires a digest pin should call this method instead of pull.

Source

pub fn pull_verified_v2( &self, image: &OciRef, expected_image_digest: &str, layers: &[LayerDescriptor], progress: &dyn ProgressReporter, ) -> Result<ImageDigest>

Pull image, verify the image digest, then verify each per-layer digest from layers against what Docker reports for the pulled image.

Callers that hold a LockfileEntry with spec_kind = FactoredOci should call this instead of pull_verified so that individual conda-package layer tampering is caught immediately after pull.

Error messages include the expected and actual digest plus the layer position so that upstream tampering is easy to diagnose.

Source

pub fn verify_layer_digests( &self, image: &OciRef, expected_layers: &[LayerDescriptor], ) -> Result<()>

Verify per-layer digests for an already-pulled image.

Uses docker manifest inspect (or docker image inspect) to obtain the layer list and cross-checks each digest against the lockfile entry. On mismatch, the error message names the layer index, the expected digest, and the actual digest to make upstream tampering easy to diagnose.

Trait Implementations§

Source§

impl Clone for DockerRuntime

Source§

fn clone(&self) -> DockerRuntime

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl ContainerRuntime for DockerRuntime

Source§

fn name(&self) -> &str

Source§

fn health_check(&self) -> Result<RuntimeInfo>

Source§

fn pull( &self, image: &OciRef, progress: &dyn ProgressReporter, ) -> Result<ImageDigest>

Source§

fn run(&self, spec: &RunSpec) -> Result<RunOutcome>

Source§

fn inspect(&self, digest: &ImageDigest) -> Result<ImageMetadata>

Source§

fn is_locally_available(&self, image_ref: &str, digest: &str) -> bool

Check whether image_ref@digest is already in the local Docker cache.
Source§

fn gpu_args(&self, profile: &GpuProfile) -> Vec<String>

Source§

fn mount_args(&self, mounts: &[Mount]) -> Vec<String>

Source§

fn ensure_layers( &self, _layers: &[LayerSpec], _progress: &dyn ProgressReporter, ) -> Result<()>

Pull only the specified layers, deduplicating against the local cache. Read more
Source§

fn assemble_image( &self, image: &OciRef, _layers: &[LayerSpec], progress: &dyn ProgressReporter, ) -> Result<ImageRef>

Assemble a runnable image from a manifest whose layers are all locally available (guaranteed by a preceding ensure_layers call). Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.