Commit graph

2055 commits

Author SHA1 Message Date
Stephen Day
2b0952dca1 Merge pull request #2342 from stevvooe/limit-payload-size-25
[release/2.5] registry/{storage,handlers}: limit content sizes
2017-07-20 13:55:19 -07:00
Stephen J Day
58d239d723
registry/{storage,handlers}: limit content sizes
Under certain circumstances, the use of `StorageDriver.GetContent` can
result in unbounded memory allocations. In particualr, this happens when
accessing a layer through the manifests endpoint.

This problem is mitigated by setting a 4MB limit when using to access
content that may have been accepted from a user. In practice, this means
setting the limit with the use of `BlobProvider.Get` by wrapping
`StorageDriver.GetContent` in a helper that uses `StorageDriver.Reader`
with a `limitReader` that returns an error.

When mitigating this security issue, we also noticed that the size of
manifests uploaded to the registry is also unlimited. We apply similar
logic to the request body of payloads that are full buffered.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
(cherry picked from commit 55ea440428)
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-07-20 13:39:13 -07:00
Derek McGowan
9bc9d212ec Merge pull request #2122 from mstanleyjones/configuration_changes_backport
Backport #2116 to releases/2.5
2017-01-03 15:43:27 -08:00
Derek McGowan
fcbea606cb Improve formatting of configuration.md
Backported from master to release/2.5

Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-01-03 14:44:46 -08:00
Derek McGowan
6b114e6d8f Merge pull request #2081 from Windfarer/release/2.5
fix panic when using storage redirect middleware
2017-01-03 10:19:19 -08:00
Eric Yang
6c985f7f63 Update main.go
Signed-off-by: Eric Yang <windfarer@gmail.com>
2016-11-24 20:41:49 +08:00
Derek McGowan
2c3b616fee Merge pull request #2054 from mstanleyjones/2.5_metadata_fixes
2.5 metadata fixes
2016-11-14 15:23:15 -08:00
Derek McGowan
5adfbe34db
Remove newlines from end of error strings
Golint now checks for new lines at the end of go error strings,
remove these unneeded new lines.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-14 14:10:23 -08:00
Richard Scothern
cfe7079300
Satisfy the latest go lint rules
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-11-14 13:48:06 -08:00
Misty Stanley-Jones
abd2d765ac Metadata and formatting fixes needed for Jekyll build
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit 49d6706ce9d952718725350d82d9ea7deb4f7326)
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-11-11 11:58:31 -08:00
Misty Stanley-Jones
6b3ccf9640 Convert Markdown frontmatter to YAML
Some frontmatter such as the weights, menu stuff, etc is no longer used
'draft=true' becomes 'published: false'

Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit f180e9a934)
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit c5a8e74c562cd62db83df69ec71d9cee3e346317)
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-11-11 11:58:31 -08:00
Misty Stanley-Jones
a8402a2253 Merge pull request #1985 from johndmulhausen/master
Remove old documentation source, add README on migration
(cherry picked from commit c372264f17)

Signed-off-by: Misty Stanley-Jones <misty@docker.com>
(cherry picked from commit f1219102a421c15f5c6fc437c1e1ec951424d9b5)
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-11-11 11:58:31 -08:00
Derek McGowan
0a22649f66 Update to fix lint errors
Context should use type values instead of strings.
Updated direct calls to WithValue, but still other uses of string keys.
Update Acl to ACL in s3 driver.

Cherry-picked to release/2.5 branch

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-11-11 11:58:28 -08:00
Edgar Lee
12acdf0a6c Stop ErrFinishedWalk from escaping from Repositories walk
Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-08-26 11:20:37 -07:00
Edgar Lee
45b84c9512 Use typecast over reflect for error type checking
Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-08-26 11:19:18 -07:00
Edgar Lee
8160a430be Handle new errors returned from catalog repository listing
Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-08-26 11:19:06 -07:00
Edgar Lee
a405d3e88b Improve catalog enumerate runtime by an order of magnitude
Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-08-26 11:10:53 -07:00
Stephen J Day
2aa09ff9a8 registry/storage: more efficient path compare in catalog
Previous component-wise path comparison is recursive and generates a
large amount of garbage. This more efficient version simply replaces the
path comparison with the zero-value to sort before everything. We do
this by replacing the byte-wise comparison that swaps a single character
inline for the separator comparison, such that separators sort first.

The resulting implementation provides component-wise path comparison
with no cost incurred for allocation or stack frame.

Direction of the comparison is also reversed to match Go style.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-08-26 11:08:59 -07:00
Edgar Lee
fdc51bb1f2 Stop ErrFinishedWalk from escaping from Repositories walk
Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-08-26 11:08:41 -07:00
Sebastien Coavoux
0567fa3c2a Fix: Compare path properly when list repository in catalog. #1854
Signed-off-by: Sebastien Coavoux <alignak@pyseb.cx>
2016-08-26 11:07:41 -07:00
Edgar Lee
22a59f2512 Refactor errVal named parameter for catalog repositories to err
Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-08-26 11:07:32 -07:00
Edgar Lee
734caef0f4 Fix storage drivers dropping non EOF errors when listing repositories
This fixes errors other than io.EOF from being dropped when a storage driver
lists repositories. For example, filesystem driver may point to a missing
directory and errors, which then gets subsequently dropped.

Signed-off-by: Edgar Lee <edgar.lee@docker.com>
2016-08-26 11:07:24 -07:00
Richard Scothern
edd7cb5249 Merge pull request #1739 from cezarsa/master
[Swift] Expose EndpointType parameter in driver
2016-06-15 10:33:48 -07:00
Sven Dowideit
e472758825 Merge pull request #1788 from SvenDowideit/move-build-doc
Move the building.md doc to the top of the git repo
2016-06-15 10:57:13 +10:00
Sven Dowideit
51be30beb1 Move the building.md doc to the top of the git repo
Closes #1776

Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2016-06-15 20:26:16 +10:00
Charles Smith
879dc2fa38 Merge pull request #1791 from londoncalling/fix-broken-links-PR-23492
fixed broken link due to topic re-org in PR#23492
2016-06-14 14:20:35 -07:00
Victoria Bialas
c0987a9e1b fixed broken link due to topic re-org in PR#23492
Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2016-06-14 13:56:17 -07:00
Richard Scothern
f4296d55fc Merge pull request #1787 from RichardScothern/nr
Re-add support for non-resumable digests
2016-06-14 10:37:47 -07:00
Richard Scothern
ccfa25cf00 If resumable digest support is disabled, detct this when closing the blobwriter
and allow the close to continue.  Also update the name of the function.

Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-06-13 17:35:06 -07:00
Richard Scothern
1fc752c718 Merge pull request #1706 from aibaars/registry-size-close
Blobwriter: call BlobWriter.Size after BlobWriter.Close
2016-06-13 16:29:35 -07:00
Richard Scothern
337ceb2b40 Merge pull request #1786 from RichardScothern/admin
Prepare for the release.
2016-06-13 16:09:09 -07:00
Richard Scothern
6e2dd4fa68 Prepare for the release.
Update .mailmap, AUTHORS and MAINTAINERS files.

Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-06-13 16:03:16 -07:00
Richard Scothern
6445220d0d Merge pull request #1785 from RichardScothern/changelog
Changelog for 2.5
2016-06-13 15:52:33 -07:00
Richard Scothern
c2af377920 Changelog for 2.5
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-06-13 15:37:26 -07:00
Cezar Sa Espinola
afb262bd5f
Update swift driver docs removing dup table and adding endpointtype
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
2016-06-13 19:30:24 -03:00
Cezar Sa Espinola
7f72092940
Expose EndpointType parameter in swift storage driver
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
2016-06-13 19:28:45 -03:00
Cezar Sa Espinola
5ad9d19ff6
Update vendored version of ncw/swift library
Signed-off-by: Cezar Sa Espinola <cezarsa@gmail.com>
2016-06-13 19:28:05 -03:00
Richard Scothern
fb106e167a Merge pull request #1465 from dmcgowan/token-server-oauth
Integration token server supporting oauth
2016-06-13 15:01:06 -07:00
Richard Scothern
4e08e7d1d6 Merge pull request #1775 from dmcgowan/get-content-digest
Add option to get content digest from manifest get
2016-06-13 14:59:05 -07:00
Richard Scothern
805b94eb2b Merge pull request #1770 from Windfarer/fix-link-patch
Fixing link patch
2016-06-13 14:34:42 -07:00
Richard Scothern
1bf52359f1 Merge pull request #1782 from tianon/accept-lists
Update "Accept" header parsing for list values
2016-06-13 14:33:46 -07:00
Aaron Lehmann
9198d642ba Merge pull request #1779 from dmcgowan/letsencrypt-support
Let's Encrypt support
2016-06-13 10:48:55 -10:00
Richard Scothern
015df6cdea Add documentation for let's encrypt
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-06-13 11:45:18 -07:00
Derek McGowan
be2ed961aa Add support for Let's Encrypt
Add configuration and certificate manager to use letsencrypt

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-06-13 11:30:42 -07:00
Tianon Gravi
8907f7d189 Update "Accept" header parsing for list values
In Go's header parsing, the same header multiple times results in multiple entries in the `r.Header[...]` slice, but Go does no further parsing beyond that (and in https://golang.org/cl/4528086 it was determined that until/unless the stdlib itself needs it, Go will not do so).

The consequence here for parsing of `Accept:` headers is that we support the way Go outputs headers, but not all language HTTP libraries have a facility to output multiple headers instead of a single list header.

This change ensures that the following (valid) header blocks all parse to the same result for the purposes of what is being tested here:

```
Accept: a/b
Accept: b/c
Accept: d/e
```

```
Accept: a/b; q=0.5, b/c
Accept: d/e
```

```
Accept: a/b; q=0.1, b/c; q=0.2, d/e; q=0.8
```

Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
2016-06-10 16:52:27 -07:00
Derek McGowan
1c99939221 Vendor letsencrypt packages
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-06-09 17:56:43 -07:00
Derek McGowan
125f4ff7d7 Add option to get content digest from manifest get
The client may need the content digest to delete a manifest using the digest used by the registry.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-06-08 17:02:29 -07:00
Richard Scothern
75882f079c Merge pull request #1774 from RichardScothern/catalog-clarifcation
Clarify API documentation around catalog fetch behavior
2016-06-08 12:59:09 -07:00
Richard Scothern
352924cd85 Clarify API documentation around catalog fetch behavior
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-06-08 10:39:17 -07:00
Richard Scothern
2cbf54df6c Merge pull request #1773 from zhouhaibing089/comment-fix
Fix incorrect comment about auth type
2016-06-08 10:31:49 -07:00