Update get and set functions to use digests.
Update push code to use the digest type instead of string
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: c0b44218196ab597d22eb6344e8770fdee73067b
Component: engine
Move graph related functions in image to graph package.
Consolidating graph functionality is the first step in refactoring graph into an image store model.
Subsequent refactors will involve breaking up graph into multiple types with a strongly defined interface.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 2b58b677a54950bc78c13760ef79fe6284154847
Component: engine
To ensure manifest integrity when pulling by digest, this changeset ensures
that not only the remote digest provided by the registry is verified but also
that the digest provided on the command line is checked, as well. If this check
fails, the pull is cancelled as with an error. Inspection also should that
while layers were being verified against their digests, the error was being
treated as tech preview image signing verification error. This, in fact, is not
a tech preview and opens up the docker daemon to man in the middle attacks that
can be avoided with the v2 registry protocol.
As a matter of cleanliness, the digest package from the distribution project
has been updated to latest version. There were some recent improvements in the
digest package.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 06612cc0fee103bf6f46429e3cd572725ef72948
Component: engine
This patch removes the need for requestFactories and decorators
by implementing http.RoundTripper transports instead.
It refactors some challenging-to-read code.
NewSession now takes an *http.Client that can already have a
custom Transport, it will add its own auth transport by wrapping
it.
The idea is that callers of http.Client should not bother
setting custom headers for every handler but instead it should
be transparent to the callers of a same context.
This patch is needed for future refactorings of registry,
namely refactoring of the v1 client code.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: a01cc3ca7729c3ce635fef7c1db837b5c6ae1028
Component: engine
No logic changes should be in here, just moving things around.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: bb9da6ba9294a8eab8f4dfaf7cf07c57959fe608
Component: engine
This makes `registry.Service` a first class type and does not use jobs
to interact with this type.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 03d3d79b2b3f8b720fff2d649aff0ef791cff417
Component: engine
Update registry package to use the v2 registry api from distribution. Update interfaces to directly take in digests.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 62009ef77efcbe30afea0cd124f3fbff0d5030cd
Component: engine
When buffering to file add support for compressing the tar contents. Since digest should be computed while writing buffer, include digest creation during buffer.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 851c64725d0b1b37e51fa0d0df744bbe82ad4c7b
Component: engine
When pushing to the official registry, v2 push will be attempted first. If the v2 endpoint is unavailable, a push to v1 will occur. If a v2 push is started and failed, the push operation will fail. Pulling non-official images the official v2 registry is also enabled to pull the newly push images. When a pull of a v2 image fails, v1 will always be attempted.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 770e9b6b819b495a933b2f467bf768a1b785d5ad
Component: engine
Add ability to refer to an image by repository name and digest using the
format repository@digest. Works for pull, push, run, build, and rmi.
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Upstream-commit: a2b0c9778feac970524b98ef7a91b5528fdeb9d5
Component: engine
Added method in StreamFormatter to handle calls
from progressreader. Solves #10959
Signed-off-by: bobby abbott <ttobbaybbob@gmail.com>
Upstream-commit: 12b278d3540bc32699e8c2197b556188fd98b77b
Component: engine
Manifest is now generated during a v2 push, not relying on previously generated hashes. When pushing a layer, the hash is directly calculated from the tar contents which will be pushed. Computing the hash on push ensures that the hash contents always match what is seen by the registry. This also mitigates issues with tarsum differences and permits using pure SHA digests.
Additionally the new manifest function is moved to the unit tests since it is no longer called outside the tests.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: d172f1253a6a277dce71cd59b0d87119f3ed282e
Component: engine
pushV2Image() calls TarLayer() which returns an archive. One needs to
Close() the archive once done otherwise it will leave mounted devices
if devicemapper graph driver is being used.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Upstream-commit: 064ff42d6d34b9c92e634f30ac1549d9786ab26f
Component: engine
Pushing by image ID is not allowed in the Docker CLI and not supported by the registry. An unnamed image also cannot be pushed to a private registry, since no endpoint is specified and it will default to the hub. The hub also does not support this use case, therefore removing the code path is the best solution.
The ability to push a layer without a name is unsupported by the v2 registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: db2d875b5e621378baf690d261969712fbfffcfd
Component: engine
On pull treat an unavailable v2 registry as a non-error fallback.
On push only show v2 error message in debug mode.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: c8a06069bcee4214cd03468343aec7fcc4a37143
Component: engine
No longer push to the official v2 registry when it is available. This allows pulling images from the v2 registry without defaulting push. Only pull official images from the v2 official registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 88fdcfef02cdc8b4fcff10cded6a89a42a360ec1
Component: engine
When progress reader closes it overwrites the progress line with the full progress bar, replaces the completed message.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 0091c490dd31b9b9a5248cacaaf1f515ff26a5e7
Component: engine
