Attempt layer mounts from up to 3 source repositories, possibly
falling back to a standard blob upload for cross repository pushes.
Addresses compatiblity issues with token servers which do not grant
multiple repository scopes, resulting in an authentication failure for
layer mounts, which would otherwise cause the push to terminate with an
error.
Signed-off-by: Brian Bland <brian.bland@docker.com>
Upstream-commit: 1d3480f9ba3525309030497d5c8a3dd5725ed15a
Component: engine
This way we won't encounter any problems with one test using cached data from a different
test.
Signed-off-by: cyli <cyli@twistedmatrix.com>
Upstream-commit: 0617521ba2ce160899852bb707c15bae7309f18a
Component: engine
Also renames BlobSumService to V2MetadataService, BlobSum to
V2Metadata
Signed-off-by: Brian Bland <brian.bland@docker.com>
Upstream-commit: 63099477189ea14f3122f6aa37fa7c60d33562c7
Component: engine
Tracks source repository information for each blob in the blobsum
service, which is then used to attempt to mount blobs from another
repository when pushing instead of having to re-push blobs to the same
registry.
Signed-off-by: Brian Bland <brian.bland@docker.com>
Upstream-commit: 7289c7218e2101eb94fb90f2cb22e1412d016984
Component: engine
Add DockerSchema1RegistrySuite which uses this registry, and make
applicable integration tests run as part of this suite.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 1fa2e3115105f6b2334f452bd08415e8f00633d7
Component: engine
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.
Add v1 migration code.
Update registry, api/*, and daemon packages to use the reference
package's types where applicable.
Update daemon package to use image/layer/tag stores instead of the graph
package
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Upstream-commit: 4352da7803d182a6013a5238ce20a7c749db979a
Component: engine
This fixes an issue where two images with the same filesystem contents
and configuration but different remote IDs could share a v1Compatibility
file, resulting in corrupted manifests.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 0ab6b1d9221f7a2a65c6565fed8f3d6f29fcec2d
Component: engine
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Upstream-commit: 52021ac2a4f2b32a6ad7444b182b569c616e500e
Component: engine
Notary is capable of acting in offline mode, making use of cache TUF data.
When ping is not successful, notary should still be attempted without error.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 5e11cd43aa21a9d0eb1f5f205f05dc7b14ee4d43
Component: engine
This test relies on a race condition, and has been failing often in CI.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 6cc38775bbff9b9304e551b26593af9c867c61bb
Component: engine
The practice of buffering to a tempfile during a pushing contributes massively
to slow V2 push performance perception. The protocol was actually designed to
avoid precalculation, supporting cut-through data push. This means we can
assemble the layer, calculate its digest and push to the remote endpoint, all
at the same time.
This should increase performance massively on systems with slow disks or IO
bottlenecks.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 349aef06d51a9425f70a877585fe45283366c2c4
Component: engine
Currently some notary tests change the system clock to check for expiration.
Skip these tests until the code can be refactored to not rely on updating the system clock.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: bf3c1e6a3afc951e41643b8d55d4ac25fa9cb06d
Component: engine
Update help line to allow 90 characters instead of 80
The trust flag pushes out the help description column wider, requiring more room to display help messages.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 259cadb0b19a9049302e78fec529b0105efabb1d
Component: engine
Clean up tests to remove duplicate code
Add tests which run pull and create in an isolated configuration directory.
Add build test for untrusted tag
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 871d2b96ed5cf234c41a5e731a34fc9deda4e9f1
Component: engine
Created date util function
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
Upstream-commit: 1406cb35fd814a987b91f92ed1a4b61a21205736
Component: engine
Added notary server to docker base image.
Created trust suite which runs trust server for running trusted commands.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 58a1de9b59594948df152f0003e759b77bcaa56a
Component: engine
pushV2Tag already deduplicates layers, but the scope of this
deduplication is only for a particular tag. If we are pushing all tags
in a repository, we may check layers several times. Fix this by moving
the layersSeen map from the pushV2Tag function to the v2Pusher struct.
In addition to avoiding some useless round-trips, this makes the "docker
push" output less confusing. It formerly could contain many repeated
lines like:
124e2127157f: Image already exists
124e2127157f: Image already exists
...
Add test coverage based on the "docker push" output: a hash should not
appear multiple times when pushing multiple tags.
Fixes#14873
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 810d3b2642d4a82dc186d6eff8c2e487ee624bc5
Component: engine
To avoid manually creating and destroying registrys in tests.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: f696b1071a296bee1f4ac7cafa807ce337fb9f2c
Component: engine
It prints test name and duration for each test.
Also performs deleteAllContainers after each test.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: dc944ea7e48d11a2906e751d3e61daf08faee054
Component: engine
Add ability to refer to an image by repository name and digest using the
format repository@digest. Works for pull, push, run, build, and rmi.
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Upstream-commit: a2b0c9778feac970524b98ef7a91b5528fdeb9d5
Component: engine
Manifest is now generated during a v2 push, not relying on previously generated hashes. When pushing a layer, the hash is directly calculated from the tar contents which will be pushed. Computing the hash on push ensures that the hash contents always match what is seen by the registry. This also mitigates issues with tarsum differences and permits using pure SHA digests.
Additionally the new manifest function is moved to the unit tests since it is no longer called outside the tests.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: d172f1253a6a277dce71cd59b0d87119f3ed282e
Component: engine
Before the V2 registry changes, images with no config could be pushed.
This change fixes a regression that made those images not able to be
pushed to a registry.
Signed-off-by: Euan Kemp <euank@euank.com>
Upstream-commit: d477d42dd3e6a98f82c6ed2abb1dfeeb2782539f
Component: engine
