- Remove deprecated buildImage* functions
- Rename buildImageNew to buildImage
- Use *check.C in fakeContext* setup and in getIdByName
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: c10f6ef43f884306eb3ef60b2d19fdc931cf34cc
Component: engine
There is still ways to go
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: 87e3fcfe1e059780c4ee57abb097296fd29e09af
Component: engine
Most of the code is now on pkg/integration.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: def13fa23c812d367e3c61d9c39bdcee66929c17
Component: engine
I felt it made more sence 👼
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Upstream-commit: ce964a607ad7395af7b74a0ba1efc5ab3cb15790
Component: engine
Instead of having the misconfigured token server test
fail after maxing out retries, only retry a few times
then return an error which will not retry.
Referenced by #19425
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 3f5392fddaa3a25b97f083487b85bf0a158fdd15
Component: engine
Always attempt to add digest even when tag already exists.
Ensure digest does not currently exist.
When image id is mismatched, output an error log.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 33984f256b1a281b1130ac7e8edb7bc311750ccf
Component: engine
from a docker push output digest.DigestRegexp.FindString(output) does
not retrive the sha256: prefixed digest but just a string - in many
cases it's the registry host. The checks in the code are completely
wrong then. Fix this by using the DigestRegexp from the
distribution/reference package which correctly retrieves the digest
from the output.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 0bc88d5b0a14e6c7291bb5fbf99283a05511d07c
Component: engine
Before, the TCP handshake had to time out (approx 30s) before
this test completed. If you use a hostname that doesn't resolve,
then it fails faster.
Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com>
Upstream-commit: 431e7b65733f2eb627bf69502355a66a35121e04
Component: engine
Since 1.9, Docker Content Trust Offline key has been renamed to
Root key and the Tagging key has been renamed to Repository key.
The corresponding environment variables
`DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE`
`DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE`
have also been deprecated and renamed to
`DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE`
`DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE`
This fix removed the deprecated ENV passphrase variables for
1.12 and updated the docs.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Upstream-commit: 1f0d5aba50803ff401197f96f6a830384d0c04c5
Component: engine
The prior error message caused confusion. If a user attempts to push an
image up to a registry, but they misspelled (or forgot to properly tag
their image) they would see the message 'Repository does not exist', which
is not very clear and causes some to think that there might be a problem
with the registry or connectivity to it, when the problem was simply just
that an image with that tag specified does not exist locally.
Signed-off-by: Dave MacDonald <mindlapse@gmail.com>
Upstream-commit: e57900a2695165bda111758e931e7c3c38449a9f
Component: engine
The error message was changed from "unauthorized: access to the
requested resource is not authorized" to "unauthorized: authentication
required".
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Upstream-commit: 37e2103e640861b02a1ea0253df749a527a87e1b
Component: engine
It will ignore tags in all other delegation roles.
Signed-off-by: cyli <cyli@twistedmatrix.com>
Upstream-commit: 623ccc2f319ec28929c75a09bba76916c84f0d2b
Component: engine
and for which the tag conforms to path restrictions.
Signed-off-by: cyli <cyli@twistedmatrix.com>
Upstream-commit: 497a58e6e48277bbee214d701e3d671eb8975797
Component: engine
- cherry-pick from 1.10.3 branch: 0186f4d4223a094a050d06f456355da3ae431468
- add token service test suite
- add integration test (missing in 1.10.3 branch)
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 1b5c2e1d722757a55364fb45cf3fcec7f2c75fb4
Component: engine
- add test for pull from private registry with no credentials
- add test for push to docker hub with no credentials
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Signed-off-by: Antonio Murdaca <amurdaca@localhost.localdomain>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 6d23c3c57a733436d902b7883f2f0b00846df9e2
Component: engine
Fix and add test for case c) in #21054
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Upstream-commit: 497d545093bce4f01455bf8d2e1658435dbb040b
Component: engine
This PR adds the "notary" binary requirement for tests.
Previously, NotaryHosting was checking for the "notary-server"
binary under the name notaryBinary. This renames that reference to
notaryServerBinary, so that notaryBinary can rightly refer
to the actual "notary" binary.
Currently only one test actually uses the notary binary, so it's been
updated accordingly.
Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
Upstream-commit: db700a678d1da4275553ff7201e2597c7a8016ee
Component: engine
Concurrent uploads which share layers worked correctly as of #18353,
but unfortunately #18785 caused a regression. This PR removed the logic
that shares digests between different push sessions. This overlooked the
case where one session was waiting for another session to upload a
layer.
This commit adds back the ability to propagate this digest information,
using the distribution.Descriptor type because this is what is received
from stats and uploads, and also what is ultimately needed for building
the manifest.
Surprisingly, there was no test covering this case. This commit adds
one. It fails without the fix.
See recent comments on #9132.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 5c99eebe81958a227dfaed1145840374ce50bbbb
Component: engine
Attempt layer mounts from up to 3 source repositories, possibly
falling back to a standard blob upload for cross repository pushes.
Addresses compatiblity issues with token servers which do not grant
multiple repository scopes, resulting in an authentication failure for
layer mounts, which would otherwise cause the push to terminate with an
error.
Signed-off-by: Brian Bland <brian.bland@docker.com>
Upstream-commit: 1d3480f9ba3525309030497d5c8a3dd5725ed15a
Component: engine
This way we won't encounter any problems with one test using cached data from a different
test.
Signed-off-by: cyli <cyli@twistedmatrix.com>
Upstream-commit: 0617521ba2ce160899852bb707c15bae7309f18a
Component: engine
Also renames BlobSumService to V2MetadataService, BlobSum to
V2Metadata
Signed-off-by: Brian Bland <brian.bland@docker.com>
Upstream-commit: 63099477189ea14f3122f6aa37fa7c60d33562c7
Component: engine
Tracks source repository information for each blob in the blobsum
service, which is then used to attempt to mount blobs from another
repository when pushing instead of having to re-push blobs to the same
registry.
Signed-off-by: Brian Bland <brian.bland@docker.com>
Upstream-commit: 7289c7218e2101eb94fb90f2cb22e1412d016984
Component: engine
Add DockerSchema1RegistrySuite which uses this registry, and make
applicable integration tests run as part of this suite.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 1fa2e3115105f6b2334f452bd08415e8f00633d7
Component: engine
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.
Add v1 migration code.
Update registry, api/*, and daemon packages to use the reference
package's types where applicable.
Update daemon package to use image/layer/tag stores instead of the graph
package
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 4352da7803d182a6013a5238ce20a7c749db979a
Component: engine
This fixes an issue where two images with the same filesystem contents
and configuration but different remote IDs could share a v1Compatibility
file, resulting in corrupted manifests.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 0ab6b1d9221f7a2a65c6565fed8f3d6f29fcec2d
Component: engine
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Upstream-commit: 52021ac2a4f2b32a6ad7444b182b569c616e500e
Component: engine
Notary is capable of acting in offline mode, making use of cache TUF data.
When ping is not successful, notary should still be attempted without error.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 5e11cd43aa21a9d0eb1f5f205f05dc7b14ee4d43
Component: engine
This test relies on a race condition, and has been failing often in CI.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 6cc38775bbff9b9304e551b26593af9c867c61bb
Component: engine
The practice of buffering to a tempfile during a pushing contributes massively
to slow V2 push performance perception. The protocol was actually designed to
avoid precalculation, supporting cut-through data push. This means we can
assemble the layer, calculate its digest and push to the remote endpoint, all
at the same time.
This should increase performance massively on systems with slow disks or IO
bottlenecks.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 349aef06d51a9425f70a877585fe45283366c2c4
Component: engine
