This fix avoids overwritting the previous error messages, ensures the client gets the correct error messages and not just the most recent message during the pull request.
For this `var lastErr` replaced with a slice which acts as a temp place holder for the list of returned error messages for every attempt.
The slice is later joined and returned to the caller function after searching for the image with diffirent versions(v2,v1,v0).
Updated the code with check for no space left on device error occurance and prevent the
daemon on falling back to v1,v0.
Incorporated the comments from @calavera, @RichardScothern, @cpuguy83
Signed-off-by: Anil Belur <askb23@gmail.com>
Upstream-commit: 31cdc63419a29badad2d79590db83fe617ee8e03
Component: engine
- Add a *version* file placeholder.
- Update autogen and builds to use it and an autogen build flag
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 8054a303870b81eebe05e38261c1b68197b68558
Component: engine
This updates the vendored docker/distribution to the current master
branch.
Note the following changes:
- The manifest package was split into manifest/schema1. Most references
to the manifest package in the engine needed to be updated to use
schema1 instead.
- Validation functions in api/v2 were replaced by the
distribution/reference package. The engine code has been updated to
use the reference package for validation where necessary. A future PR
will change the engine to use the types defined in
distribution/reference more comprehensively.
- The reference package explicitly allows double _ characters in
repository names. registry_test.go was updated for this.
- TestPullFailsWithAlteredManifest was corrupting the manifest JSON, now
that the schema1 package unmarshals the correct payload. The test is
being changed to modify the JSON without affecting its length, which
allows the pull to succeed to the point where digest validation
happens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 257c59251bd9a03aea4f3188a8160c54f37950ae
Component: engine
This reverts commit d5cd032a86617249eadd7142227c5355ba9164b4.
Commit caused issues on systems with case-insensitive filesystems.
Revert for now
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: b78ca243d9fc25d81c1b50008ee69f3e71e940f6
Component: engine
- Move autogen/dockerversion to version
- Update autogen and "builds" to use this package and a build flag
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: d5cd032a86617249eadd7142227c5355ba9164b4
Component: engine
Pick up name regexp change in distribution to allow matching of hostnames as a valid component of a repository.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: b5b0da5fec235df864f5d84292b277aee80e5e3a
Component: engine
Search terms shouldn't be restricted to only full valid repository
names. It should be perfectly valid to search using a part of a name,
even if it ends with a period, dash or underscore.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Upstream-commit: f04e8fdb9bbcdad28de5c328b7de3f3abdae0b5a
Component: engine
Add a daemon flag to control this behaviour. Add a warning message when pulling
an image from a v1 registry. The default order of pull is slightly altered
with this changset.
Previously it was:
https v2, https v1, http v2, http v1
now it is:
https v2, http v2, https v1, http v1
Prevent login to v1 registries by explicitly setting the version before ping to
prevent fallback to v1.
Add unit tests for v2 only mode. Create a mock server that can register
handlers for various endpoints. Assert no v1 endpoints are hit with legacy
registries disabled for the following commands: pull, push, build, run and
login. Assert the opposite when legacy registries are not disabled.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Upstream-commit: 39f2f15a35121f348e1a87db4203bcb72e632b16
Component: engine
Remove possible circular dependency that prevented us from using a real
type.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: 719886d4352cba3f2cd0092e052bb4cb67d51417
Component: engine
This patch splits LookupEndpoints into LookupPullEndpoints and
LookupPushEndpoints so that mirrors added with --registry-mirror are
skipped in the list returned by LookupPushEndpoints.
Fixes https://github.com/docker/distribution/issues/823
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: b899977ee283d6bccf35ad9a079ed92a291ad34c
Component: engine
Some structures use int for sizes and UNIX timestamps. On some
platforms, int is 32 bits, so this can lead to the year 2038 issues and
overflows when dealing with large containers or layers.
Consistently use int64 to store sizes and UNIX timestamps in
api/types/types.go. Update related to code accordingly (i.e.
strconv.FormatInt instead of strconv.Itoa).
Use int64 in progressreader package to avoid integer overflow when
dealing with large quantities. Update related code accordingly.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 1f61084d83aea37b212468aaa975020094b7f7c9
Component: engine
This patch fixes a bug where a user specifies a v1 mirror for
--registry-mirror and pull an image from the Hub.
It used to not fallback because of an unexpected error returned when
trying to JSON marshal nginx output.
We now ensure that any unexpected error falls back to the next endpoint
in the list.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: a21ba12f4e7f11c17e6d665716f3060b9923b11c
Component: engine
Currently login and search do not load per registry certificates.
This is a regression caused by the last refactor since this was recently fixed.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: e863a07b89599fd4a03d34491d67c09c6bc84444
Component: engine
Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest.
On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server.
If a tag is given, the cli will resolve the tag into a digest and pull by digest.
After pulling, if a tag is given the cli makes a request to tag the image.
Use certificate directory for notary requests
Read certificates using same logic used by daemon for registry requests.
Catch JSON syntax errors from Notary client
When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user.
Provide a generic error when a JSON syntax error occurs.
Catch expiration errors and wrap in additional context.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: ed13c3abfb242905ec012e8255dc6f26dcf122f6
Component: engine
* Add godoc documentation where it was missing
* Change identifier names that don't match Go style, such as INDEX_NAME
* Rename RegistryInfo to PingResult, which more accurately describes
what this structure is for. It also has the benefit of making the name
not stutter if used outside the package.
Updates #14756
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 4fcb9ac40ce33c4d6e08d5669af6be5e076e2574
Component: engine
This patch creates a new cli package that allows to combine both client
and daemon commands (there is only one daemon command: docker daemon).
The `-d` and `--daemon` top-level flags are deprecated and a special
message is added to prompt the user to use `docker daemon`.
Providing top-level daemon-specific flags for client commands result
in an error message prompting the user to use `docker daemon`.
This patch does not break any old but correct usages.
This also makes `-d` and `--daemon` flags, as well as the `daemon`
command illegal in client-only binaries.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 96ce3a194aab2807fdd638825b9ea7cb9ba55c36
Component: engine
V1 mirrors do not mirror the index and those endpoints should
only be indexes.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Upstream-commit: 6b36a488e77c9d91c8eacb07053bff263bda04f3
Component: engine
If a registry mirror is using TLS, ensure that certs for it
are picked up from /etc/docker/certs.d
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Upstream-commit: cb57b256892b7d6c046cf28e45b9114f28f07aa3
Component: engine
The only uses of RequestAuthorization and its associated functions were
removed in 19515a7ad859b28c474d81e756ac245afcd968e3 ("Update graph to
use vendored distribution client for the v2 codepath")
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 962dc622d94a17a30a5926e8155da87a7e39e933
Component: engine
- fully capitalize HTTP in HTTPHeaders
- comment for CONFIGFILE
- camelcase and privatize oldConfigfile, defaultIndexserver
- remove unused var errConfigFileMissing
- comments for methods and functions throughout
- external references to renamed variables changed
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
Upstream-commit: dea49b7474f0efcefe4618b6133330f0bb5e2c84
Component: engine
Currently canonical name gets set to the local name and displayed in the errors.
Canonical name should be the unique and canonical name for an image.
Use docker.io as the canonical domain for images on the public registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 7f48cd7dce6fdc077bcde0962e0aa0e73fb63225
Component: engine
The docker/distribution dependency was updated in the previous commit to allow
repository name components to only consist of a single letter. The unit tests
have been updated to cement this change.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 451789cf88d678ed887a29b0aeeeccab5d6c735a
Component: engine
By adding this header AuthTransport will add Basic authentication to the request and allow 'docker search' results to include private images.
Signed-off-by: Matt Moore <mattmoor@google.com>
Upstream-commit: 5a170484d1d6fab982727987425fa154c96cf25e
Component: engine
The registry client's TLS configuration used the
default cipher list, including RC4. This change
copies the default cipher list from Golang 1.4 and
removes RC4 from that list. RC4 ciphers are considered
weak and vulnerable to a number of attacks.
Uses the tlsconfig package to define allowed ciphers.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 37846bff586e6f3d6bf35b66cce560ce4c57a619
Component: engine
