Summary of the invention:
In view of this, the purpose of the present invention is to provide the scan methods and equipment of a kind of mirror image installation package informatin, with solutionTechnical problem at least one of certainly in the prior art.
Specifically, the first aspect of the present invention, provides a kind of scan method of mirror image installation package informatin, including walk as followsIt is rapid:
Repo:tag list present in designated mirror warehouse;
Mirror image in repo:tag list is traversed;
Wherein, described the step of traversing to mirror image in repo:tag list, includes:
Mirror image manifest file corresponding with repo:tag list is downloaded to locally;
Parse mirror image manifest file;
Check manifest file;
Download image file;
The data of image file are scanned.
By adopting the above technical scheme, the multiple scanning and repeated downloads for avoiding mirror image, improve sweeping for mirror image installation kitEfficiency is retouched, network flow is reduced.
Preferably, pass through repo:tag list present in API designated mirror warehouse.
Preferably, mirror image manifest file corresponding with repo:tag list is downloaded to locally by API.
Preferably, mirror image manifest file storage is in local CACHE DIRECTORY.
Preferably, the step of parsing mirror image manifest file includes:
Parse mirror image manifest file;
Obtain the id list of Image Planes;
Sequence group stratification chained list;
Judge in layer chained list whether to be multilayer,
If it has, then it is downloaded image file step,
If it has not, then executing the security sweep to not scanned mirror image, that is, download another in repo:tag listCorresponding mirror image manifest file is to locally.
Preferably, the step of verification manifest file includes:
Judge that the installation package informatin record of layer whether there is in cache database,
If it is, obtaining the installation package informatin of layer from cache database, and execute the safety to not scanned mirror imageScanning, i.e. another corresponding mirror image manifest file in downloading repo:tag list to local,
If it has not, then downloading image file.
Preferably, the step of downloading image file includes:
The compressed package of Image Planes is downloaded to locally;
Judge whether to download successfully,
If it has not, then continue the compressed package of downloading Image Planes,
If it has, then being decompressed to compressed package.
Determine it is furthermore preferred that downloading unsuccessful number to the compressed package of Image Planes,
If unsuccessful number is more than 3 times, the security sweep to not scanned mirror image is executed, i.e. downloading repo:tag columnAnother corresponding mirror image manifest file in table to local,
If unsuccessful number is less than 3 times, continue the compressed package for downloading Image Planes.
It is furthermore preferred that the compressed package of the Image Planes is saved in local temp directory.
It is furthermore preferred that described the step of decompressing to compressed package, includes:
Judge that the specified file being extracted whether there is,
If it has, then the file after decompression is scanned,
If it has not, then executing the security sweep to not scanned mirror image, that is, download another in repo:tag listCorresponding mirror image manifest file is to locally.
Preferably, the step of data to image file are scanned include:
File after progressive scan decompression,
Execute the security sweep to not scanned mirror image, i.e. another corresponding mirror image in downloading repo:tag listManifest file is to locally.
Preferably, after being scanned to the data of image file, before executing to the security sweep of not scanned mirror image,Further include following steps:
The installation package informatin of layer is obtained,
The installation package informatin of layer is stored in cache database.
By adopting the above technical scheme, by updating the installation package informatin of the layer in cache database, make cache database moreBe it is perfect, improve scan efficiency.
Another aspect of the present invention, provides a kind of scanning device of mirror image installation package informatin, and the equipment includes: processingDevice;
Storage device, for storing one or more programs;
One or more of programs are executed by one or more of processors, so that one or more of processorsRealize above-mentioned scan method.
Another aspect of the present invention, provides a kind of storage medium, and the storage medium includes one or more programs, instituteAbove-mentioned scan method can be executed by stating one or more programs.
In conclusion the invention has the following advantages:
1. by adopting the above technical scheme, avoiding the repetition of mirror image from sweeping by the verification to related mirror image manifest fileIt retouches and repeated downloads, improves the scan efficiency of mirror image installation kit, reduce network flow.
2. by adopting the above technical scheme, improving the comprehensive of scanning by the traversal to related mirror image, ensure that mirror imageUsing safe.
3. by adopting the above technical scheme, making cache database by updating the installation package informatin of the layer in cache databaseIt is more perfect, improve scan efficiency.
Specific embodiment:
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, completeSite preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based onEmbodiment in the present invention, those of ordinary skill in the art are obtained every other under that premise of not paying creative laborEmbodiment shall fall within the protection scope of the present invention.
It is only to be not intended to limit the invention merely for for the purpose of describing particular embodiments in terminology used in the present invention.It is also intended in the present invention and the "an" of singular used in the attached claims, " described " and "the" including majorityForm, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and wrapsIt may be combined containing one or more associated any or all of project listed.
Below to this application involves some concepts explain:
Docker: being the application container engine of an open source, allows developer that can be packaged their application and relies on packetInto a transplantable container, then it is published on the Linux machine of any prevalence, also may be implemented to virtualize.Container isSandbox mechanism is used completely, does not have any interface between each other.
Mirror image warehouse: Docker mirror image leaves warehouse concentratedly, and different hosts can download Docker mirror from the warehousePicture.
The mirror image warehouse that Docker hub:Docker official provides.
Docker Registry: the privately owned mirror image warehouse that user builds as needed.
Manifest file: the meta data file of image file.
Layer chained list: the data structure of std::list<Layerlnfo>xxx form.
API: application programming interface.It is some functions predetermined, it is therefore an objective to which application program and exploit person are providedMember is able to the ability of one group of routine of access based on certain software or hardware, and is not necessarily to access source code, or understand internal work mechanismDetails.
The present invention will be described in detail by way of examples below.
The embodiment of the present application solves the prior art by providing the scan method and equipment of a kind of mirror image installation package informatinIn, for mirror image installation kit when carrying out security sweep, CPU (central processing unit), memory, network performance consumption are big, and scanning speed is slowAt least one technical problem in, improves scan efficiency.
The technical solution of the embodiment of the present application is in order to solve the above technical problems, general thought is as follows:
A kind of scan method of mirror image installation package informatin, includes the following steps: repo present in designated mirror warehouse:Tag list;Mirror image in repo:tag list is traversed;
Wherein, described the step of traversing to mirror image in repo:tag list includes: downloading and repo:tag list pairThe mirror image manifest file answered is to locally;Parse mirror image manifest file;Check manifest file;Download mirror image textPart;The data of image file are scanned.
In order to better understand the above technical scheme, in conjunction with appended figures and specific embodiments to upperTechnical solution is stated to be described in detail.
In a preferred embodiment of the present invention, a kind of scan method of mirror image installation package informatin is provided, is such as schemedShown in 1- Fig. 3, include the following steps:
Step S101: repo:tag list present in designated mirror warehouse;
In the specific implementation process, the mirror image warehouse can be publicly-owned mirror image warehouse such as Docker hub, orPrivately owned mirror image warehouse such as Docker Registry.
It in the specific implementation process, may include one or more image file labels, the mirror in repo:tag listAs file is for building corresponding running environment such as java, python environment, or the relevant program of operation.
As an alternative embodiment, by repo:tag list present in API designated mirror warehouse, specifically, it can be realized by Registry API and repo:tag list is specified.
Step S102: traversing the mirror image in repo:tag list, confirms the safety of mirror image;
Wherein, in the step S102 further include:
Step S1021: downloading mirror image manifest file corresponding with repo:tag list is to locally;
In the specific implementation process, mirror image manifest file storage is in local CACHE DIRECTORY, the CACHE DIRECTORYIt can be one or more.
In the specific implementation process, the manifest file for downloading a mirror image every time, as all mirror image manifestAfter the completion of file is downloaded, the ergodic process is considered as completion.
By adopting the above technical scheme, mirror image manifest file data amount is small, and has correspondingly with image fileRelationship, therefore download mirror image manifest file and the scan efficiency of image file can be improved, reduce the consumption of network flow.
As an alternative embodiment, downloading mirror image manifest text corresponding with repo:tag list by APIPart is to local, specifically, can realize the downloading to mirror image manifest file by Registry API.
Step S1022: parsing mirror image manifest file;
As an alternative embodiment, the step of parsing mirror image manifest file, includes:
Parse mirror image manifest file;
Obtain the id list of Image Planes;
Sequence group stratification chained list;
Judge in layer chained list whether to be multilayer,
If it has, then it is downloaded image file step,
If it has not, executing step S1021, another corresponding mirror image manifest file in repo:tag list is downloadedTo local.
In the specific implementation process, the id of Image Planes is directly obtained from the Layers field of manifest file (layer field)It takes.Layers field (layer field) is an array, and first element of array is first layer, and second element of array isTwo layers, and so on, layered chained list is organized in sequence.
In the specific implementation process, the id information of Image Planes is obtained by parsing mirror image manifest file, then passes through mirrorAs layer id information inquires local cache, available installation package informatin.The installation package informatin is the journey installed in the systemThe set of the information of the corresponding title+version in sequence library (openssl, boost, curl, python2.7...).
Step S1023: verification manifest file;
As an alternative embodiment, the step of verification manifest file, includes:
Judge that the installation package informatin record of layer whether there is in cache database,
If it is, obtaining the installation package informatin of layer from cache database, step S1021, downloading repo:tag column are executedAnother corresponding mirror image manifest file in table to local,
If it has not, then downloading image file.
In the specific implementation process, the cache database can be set in local computer or LAN server,When installation package informatin record is present in cache database, this is pulled according to installation package informatin record and is mirrored to locally specified positionIt sets.
In the specific implementation process, it when installation package informatin record does not exist in cache database, then needs from mirror image storehouseDownload corresponding image file in library.
In the specific implementation process, judge installation package informatin record with the presence or absence of in cache database according to the information of layer idIn.
By adopting the above technical scheme, it to the mirror image for recording installation package informatin in cache database, is directly pulled,Network flow has been saved, scan efficiency is improved.
Step S1024: downloading image file;
As an alternative embodiment, the step of downloading image file, includes:
The compressed package of Image Planes is downloaded to locally;
Judge whether to download successfully,
If it has not, then continue the compressed package of downloading Image Planes,
If it has, then being decompressed to compressed package.
In the specific implementation process, the compressed package of the Image Planes includes mirror image data, position data of each layer etc..
In the specific implementation process, the compressed package of Image Planes is saved in local temp directory.
Determine as an alternative embodiment, downloading unsuccessful number to the compressed package of Image Planes,
If unsuccessful number is more than 3 times, S1021 is thened follow the steps, another in downloading repo:tag list is correspondingMirror image manifest file to local,
If unsuccessful number is less than 3 times, continue the compressed package for downloading Image Planes.
In the specific implementation process, the image file that the unsuccessful number of downloading is more than 3 times is recorded, and generates downloadingThe record file of failure mirror image, consults convenient for user and manually adds to such mirror image.
By adopting the above technical scheme, skip and be not easy the mirror image that is not present in downloading or mirror image warehouse, avoid scanner program intoEnter endless loop, ensure that the reliable and stable of scanning process, trouble-free operation.
As an alternative embodiment, described the step of decompressing to compressed package, includes:
Judge that the specified file being extracted whether there is,
If it has, then the file after decompression is scanned,
If it has not, then downloading another corresponding mirror image manifest file in repo:tag list to local.
Step S1025: the data of image file are scanned.
As an alternative embodiment, the data to image file include: the step of being scanned
File after progressive scan decompression,
Step S1021 is executed, downloads another corresponding mirror image manifest file in repo:tag list to locally.
As an alternative embodiment, before executing step S1021, also being wrapped after progressively scanning the file after decompressionInclude following steps:
The installation package informatin of layer is obtained,
The installation package informatin of layer is stored in cache database,
By adopting the above technical scheme, by updating the installation package informatin of the layer in cache database, make cache database moreBe it is perfect, reduce the repeated downloads of image file, improve scan efficiency.
Based on the same inventive concept, the present invention provides a kind of scanning device of mirror image installation package informatin, the equipment packetsIt includes:
Processor;
Storage device, for storing one or more programs;
One or more of programs are executed by one or more of processors, so that one or more of processorsRealize above-mentioned scan method.
Based on the same inventive concept, the present invention provides a kind of storage medium, the storage medium includes one or moreProgram, one or more of programs can be executed by processor to complete above-mentioned scan method.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosureMember and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actuallyIt is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technicianEach specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceedThe scope of the present invention.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be withIt realizes by another way.Another point, shown or discussed mutual coupling, direct-coupling or communication connection canTo be the indirect coupling or communication connection of device or unit through some interfaces, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unitThe component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multipleIn network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unitIt is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It should be appreciated that can be combined with each other combination in the embodiment of the present application from power, each embodiment, feature, can realizeSolve aforementioned technical problem.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent productIt is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other wordsThe part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meterCalculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be aPeople's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are depositedThe various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined hereinGeneral Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the inventionIt is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase oneThe widest scope of cause.