This adds verification for getting layer data out
of layerstore. These failures should only be possible
if layer metadata files have been manually changed
of if something is wrong with tar-split algorithm.
Failing early makes sure we don’t upload invalid data
to the registries where it would fail after someone
tries to pull it.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit e29e580f7fe628e936925681a4885d0b655bb151)
Upstream-commit: 50a498ea1c49cc3caa81bb9fb1417de387117e89
Component: engine
inotify event is trigged immediately there's data written to disk.
But at the time that the inotify event is received, the json line might
not fully saved to disk. If the json decoder tries to decode in such
case, an io.UnexpectedEOF will be trigged.
We used to retry for several times to mitigate the io.UnexpectedEOF error.
But there are still flaky tests caused by the partial log entries.
The daemon knows exactly when there are new log entries emitted. We can
use the pubsub package to notify all the log readers instead of inotify.
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
try to fix broken test. will squash once tests pass
Signed-off-by: Shijiang Wei <mountkin@gmail.com>
Upstream-commit: b1594c59f5e0d1ac898eacde8d91b1ba33c2b626
Component: engine
Ubuntu ships apparmor_parser 2.9 erroniously as "2.8.95". Fix the
incorrect version check for >=2.8, when in fact 2.8 deosn't support the
required feature.
Signed-off-by: Aleksa Sarai <asarai@suse.com>
Upstream-commit: 284d9d451e93baff311b501018cae2097f76b134
Component: engine
Using {{if major}}{{if minor}} doesn't work as expected when the major
version changes. In addition, this didn't support patch levels (which is
necessary in some cases when distributions ship apparmor weirdly).
Signed-off-by: Aleksa Sarai <asarai@suse.com>
Upstream-commit: 4bf7a84c969b9309b0534a61af55b8bb824acc0a
Component: engine
* Add network mode `none` to list of possible values for API version 1.15 - 1.23
* For API version 1.21 - 1.23 add explanation that any other value is taken as a custom network's name
Signed-off-by: Roland Huß <roland@jolokia.org>
Upstream-commit: c80b36c938306ef9cc9ad6865cfc251a694f59aa
Component: engine
Make sure the image configuration is not overriden by the default
value in the `create` flag.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: a252516ec19c9c83055a882da894712f2e812ecc
Component: engine
Ideally I would love to just remove this check entirely because its
seems pretty useless. An old client talking to a new server isn't
an error condition, nor is it something to even worry about - its a normal
part of life. Flooding my screen (and logs) with a warning that isn't
something I (as an admin) need to be concerned about is silly and a
distraction when I need to look for real issues. If anything this should
be printed on the cli not the daemon since its the cli that needs to be
concerned, not the daemon.
However, since when you debug an issue it might be interesting to know the
client is old I decided to pull back a little and just change it from
a Warning to a Debug logrus call instead.
If others want it removed I still do that though :-)
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: 059ad5d0a975ab4970fe0be45a79ffa0ef35e366
Component: engine
In Docker 1.10 and earlier, "docker build" can do a build FROM a private
repository that hasn't yet been pulled. This doesn't work on master. I
bisected this to https://github.com/docker/docker/pull/19414.
AuthConfigs is deserialized from the HTTP request, but not included in
the builder options.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 6fed46aeb97943315aed12f2dc62565f7bcc53dc
Component: engine
