- Add a *version* file placeholder.
- Update autogen and builds to use it and an autogen build flag
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 8054a303870b81eebe05e38261c1b68197b68558
Component: engine
This updates the vendored docker/distribution to the current master
branch.
Note the following changes:
- The manifest package was split into manifest/schema1. Most references
to the manifest package in the engine needed to be updated to use
schema1 instead.
- Validation functions in api/v2 were replaced by the
distribution/reference package. The engine code has been updated to
use the reference package for validation where necessary. A future PR
will change the engine to use the types defined in
distribution/reference more comprehensively.
- The reference package explicitly allows double _ characters in
repository names. registry_test.go was updated for this.
- TestPullFailsWithAlteredManifest was corrupting the manifest JSON, now
that the schema1 package unmarshals the correct payload. The test is
being changed to modify the JSON without affecting its length, which
allows the pull to succeed to the point where digest validation
happens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 257c59251bd9a03aea4f3188a8160c54f37950ae
Component: engine
This reverts commit d5cd032a86617249eadd7142227c5355ba9164b4.
Commit caused issues on systems with case-insensitive filesystems.
Revert for now
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: b78ca243d9fc25d81c1b50008ee69f3e71e940f6
Component: engine
- Move autogen/dockerversion to version
- Update autogen and "builds" to use this package and a build flag
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: d5cd032a86617249eadd7142227c5355ba9164b4
Component: engine
Without this buffering, the compressor was outputting 64 bytes at a
time to the HTTP stream, which was resulting in absurdly small chunk
sizes and a lot of extra overhead. The buffering restores the chunk size
to 32768 bytes, which matches the behavior with 1.8.2.
Times pushing to a local registry:
1.8.2: 0m18.934s
master: 0m20.564s
master+this commit: 0m17.593s
Fixes: #17038
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: bb69f10df91fe5ed044e7f0c81a118a2b666757d
Component: engine
To be coherent with /images/json (images command)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: f664f6e4b19d4e155d78af2eacddcd941dae4fce
Component: engine
PR #15493 removed compression of layers when pushing them to a V2
registry. This this makes layer uploads larger than they should be.
This commit restores the compression. It uses an io.Pipe to turn the
gzip compressor output Writer into a Reader, so the ReadFrom method can
be used on the BlobWriter (which is very important for avoiding many
PATCH requests per layer).
Fixes#17209Fixes#17038
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 4dce280d96797b6a82e3eb54243e21bce7f55e5d
Component: engine
Also remove unused func `newTempFile` and prevent a possible deadlock
between pull_v2 `attemptIDReuse` and graph `register`
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: f6577be1c93150149c291f9d18375d7bcae9ebb1
Component: engine
Lookup the graph parent reference to detect a builder cache miss before
looping the whole graph image index to build a parent-children tree.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: f9e81b40f4065e3d0851172759ef58fda6572cce
Component: engine
also fix a typo in pkg/truncindex package comment
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 56f5e3459f8d7477d2aa60dee02bc7cd8a8731ad
Component: engine
After v1.8.3 layer checksum is used for image ID
validation. Rewriting the checksums on push would
mean that next pulls will get different image IDs
and pulls may fail if its detected that same
manifest digest can now point to new image ID.
Fixes#17178
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: fb4a7256921b9863bd27079ec821b9612368fee8
Component: engine
Ensure v2 registries are given more than 5 seconds to return a ping and avoid an unnecessary fallback to v1.
Elevates log level about failed v2 ping to a warning to match the warning related to using v1 registries.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: f8ea4ad16d51f6f062be2c250be26d731b92bd3c
Component: engine
Remove all unneeded disk operations (reload TagStore, umarshal image)
for checking if image still points to same ID. Now slowest part is
queries to sqlite which hopefuly will be removed soon.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: f256d8ad2d1fbd9407d2b7a8eb69c96665c4015e
Component: engine
Tags and digests are kept in the same storage. We want to make sure that they are completely separated - tags are something users set and digests can only be set by pull-by-digest code path.
Reverts #14664
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: d08ca5c2b65d442f37424957e53d81f96356d12c
Component: engine
Add a unit test for validateManifest which ensures extra data can't be
injected by adding data to the JSON object outside the payload area.
This also removes validation of legacy signatures at pull time. This
starts the path of deprecating legacy signatures, whose presence in the
very JSON document they attempt to sign is problematic. These
signatures were only checked for official images, and since they only
caused a weakly-worded message to be printed, removing the verification
should not cause impact.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 011bfd666eeb21a111ca450c42a3893ad03c9324
Component: engine
Generate a hash chain involving the image configuration, layer digests,
and parent image hashes. Use the digests to compute IDs for each image
in a manifest, instead of using the remotely specified IDs.
To avoid breaking users' caches, check for images already in the graph
under old IDs, and avoid repulling an image if the version on disk under
the legacy ID ends up with the same digest that was computed from the
manifest for that image.
When a calculated ID already exists in the graph but can't be verified,
continue trying SHA256(digest) until a suitable ID is found.
"save" and "load" are not changed to use a similar scheme. "load" will
preserve the IDs present in the tar file.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 504e67b867865a2835e8002c01087a2cfd7bfd0e
Component: engine
Adds support for the daemon to handle user namespace maps as a
per-daemon setting.
Support for handling uid/gid mapping is added to the builder,
archive/unarchive packages and functions, all graphdrivers (except
Windows), and the test suite is updated to handle user namespace daemon
rootgraph changes.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Upstream-commit: 442b45628ee12ebd8e8bd08497896d5fa8eec4bd
Component: engine
also fix a typo in pkg/truncindex package comment
Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
Upstream-commit: 292a1564dca2f32b9158a6886fadee1cc184f987
Component: engine
progressreader.Broadcaster becomes broadcaster.Buffered and
broadcastwriter.Writer becomes broadcaster.Unbuffered.
The package broadcastwriter is thus renamed to broadcaster.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: 2391233404e2e6892c79a24f31cc99715c086b21
Component: engine
