This patch splits LookupEndpoints into LookupPullEndpoints and
LookupPushEndpoints so that mirrors added with --registry-mirror are
skipped in the list returned by LookupPushEndpoints.
Fixes https://github.com/docker/distribution/issues/823
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: b899977ee283d6bccf35ad9a079ed92a291ad34c
Component: engine
Expand the godoc documentation for the graph package.
Centralize DefaultTag in the graphs/tag package instead of defining it
twice.
Remove some unnecessary "config" structs that are only used to pass
a few parameters to a function.
Simplify the GetParentsSize function - there's no reason for it to take
an accumulator argument.
Unexport some functions that aren't needed outside the package.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: d4836cd7ec1c085c5a5caa7eb7f5eda4ace10eb6
Component: engine
pushV2Tag already deduplicates layers, but the scope of this
deduplication is only for a particular tag. If we are pushing all tags
in a repository, we may check layers several times. Fix this by moving
the layersSeen map from the pushV2Tag function to the v2Pusher struct.
In addition to avoiding some useless round-trips, this makes the "docker
push" output less confusing. It formerly could contain many repeated
lines like:
124e2127157f: Image already exists
124e2127157f: Image already exists
...
Add test coverage based on the "docker push" output: a hash should not
appear multiple times when pushing multiple tags.
Fixes#14873
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 810d3b2642d4a82dc186d6eff8c2e487ee624bc5
Component: engine
Currently the layer array is initialized with the first layer then the first layer is appened to the layer list. Adding the first layer twice causes the layer to appear twice in the manifest, making a duplicate push and pull attempt occur.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 35081ea4b6711b1cfccb67b0f0d691b7adc85ff6
Component: engine
Update get and set functions to use digests.
Update push code to use the digest type instead of string
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: c0b44218196ab597d22eb6344e8770fdee73067b
Component: engine
Move graph related functions in image to graph package.
Consolidating graph functionality is the first step in refactoring graph into an image store model.
Subsequent refactors will involve breaking up graph into multiple types with a strongly defined interface.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 2b58b677a54950bc78c13760ef79fe6284154847
Component: engine
To ensure manifest integrity when pulling by digest, this changeset ensures
that not only the remote digest provided by the registry is verified but also
that the digest provided on the command line is checked, as well. If this check
fails, the pull is cancelled as with an error. Inspection also should that
while layers were being verified against their digests, the error was being
treated as tech preview image signing verification error. This, in fact, is not
a tech preview and opens up the docker daemon to man in the middle attacks that
can be avoided with the v2 registry protocol.
As a matter of cleanliness, the digest package from the distribution project
has been updated to latest version. There were some recent improvements in the
digest package.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
Upstream-commit: 06612cc0fee103bf6f46429e3cd572725ef72948
Component: engine
This patch removes the need for requestFactories and decorators
by implementing http.RoundTripper transports instead.
It refactors some challenging-to-read code.
NewSession now takes an *http.Client that can already have a
custom Transport, it will add its own auth transport by wrapping
it.
The idea is that callers of http.Client should not bother
setting custom headers for every handler but instead it should
be transparent to the callers of a same context.
This patch is needed for future refactorings of registry,
namely refactoring of the v1 client code.
Signed-off-by: Tibor Vass <tibor@docker.com>
Upstream-commit: a01cc3ca7729c3ce635fef7c1db837b5c6ae1028
Component: engine
No logic changes should be in here, just moving things around.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Upstream-commit: bb9da6ba9294a8eab8f4dfaf7cf07c57959fe608
Component: engine
This makes `registry.Service` a first class type and does not use jobs
to interact with this type.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: 03d3d79b2b3f8b720fff2d649aff0ef791cff417
Component: engine
Update registry package to use the v2 registry api from distribution. Update interfaces to directly take in digests.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 62009ef77efcbe30afea0cd124f3fbff0d5030cd
Component: engine
When buffering to file add support for compressing the tar contents. Since digest should be computed while writing buffer, include digest creation during buffer.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 851c64725d0b1b37e51fa0d0df744bbe82ad4c7b
Component: engine
When pushing to the official registry, v2 push will be attempted first. If the v2 endpoint is unavailable, a push to v1 will occur. If a v2 push is started and failed, the push operation will fail. Pulling non-official images the official v2 registry is also enabled to pull the newly push images. When a pull of a v2 image fails, v1 will always be attempted.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 770e9b6b819b495a933b2f467bf768a1b785d5ad
Component: engine
Add ability to refer to an image by repository name and digest using the
format repository@digest. Works for pull, push, run, build, and rmi.
Signed-off-by: Andy Goldstein <agoldste@redhat.com>
Upstream-commit: a2b0c9778feac970524b98ef7a91b5528fdeb9d5
Component: engine
Added method in StreamFormatter to handle calls
from progressreader. Solves #10959
Signed-off-by: bobby abbott <ttobbaybbob@gmail.com>
Upstream-commit: 12b278d3540bc32699e8c2197b556188fd98b77b
Component: engine
Manifest is now generated during a v2 push, not relying on previously generated hashes. When pushing a layer, the hash is directly calculated from the tar contents which will be pushed. Computing the hash on push ensures that the hash contents always match what is seen by the registry. This also mitigates issues with tarsum differences and permits using pure SHA digests.
Additionally the new manifest function is moved to the unit tests since it is no longer called outside the tests.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: d172f1253a6a277dce71cd59b0d87119f3ed282e
Component: engine
pushV2Image() calls TarLayer() which returns an archive. One needs to
Close() the archive once done otherwise it will leave mounted devices
if devicemapper graph driver is being used.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Upstream-commit: 064ff42d6d34b9c92e634f30ac1549d9786ab26f
Component: engine
Pushing by image ID is not allowed in the Docker CLI and not supported by the registry. An unnamed image also cannot be pushed to a private registry, since no endpoint is specified and it will default to the hub. The hub also does not support this use case, therefore removing the code path is the best solution.
The ability to push a layer without a name is unsupported by the v2 registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: db2d875b5e621378baf690d261969712fbfffcfd
Component: engine
On pull treat an unavailable v2 registry as a non-error fallback.
On push only show v2 error message in debug mode.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: c8a06069bcee4214cd03468343aec7fcc4a37143
Component: engine
No longer push to the official v2 registry when it is available. This allows pulling images from the v2 registry without defaulting push. Only pull official images from the v2 official registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 88fdcfef02cdc8b4fcff10cded6a89a42a360ec1
Component: engine
