Commit graph

1956 commits

Author SHA1 Message Date
Stephen J Day
76624704c3 Correct unmarshal order for SignedManifest
To ensure that we only unmarshal the verified payload into the contained
manifest, we first copy the entire incoming buffer into Raw and then unmarshal
only the Payload portion of the incoming bytes. If the contents is later
verified, the caller can then be sure that the contents of the Manifest fields
can be trusted.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-10-14 14:37:34 -07:00
Richard Scothern
fa3c275d63 Merge pull request #1093 from aaronlehmann/reference-improvements
Usability improvements for reference package
2015-10-14 14:19:41 -07:00
Aaron Lehmann
16eea0cc47 Usability improvements for reference package
Various improvements motivated by early real-world use in engine code
under development:

- Make `WithDigest` return `Canonical`, since the return value always
  has a name and a digest.

- Introduce a `NamedTagged` type, which can be used for strongly typing
  cases where something must have a name and a tag.

- Rename `ParseNamed` to `WithName`, and create a
  `ParseNamed` that accepts tags and digests (returning a `Named` type).
  The new `ParseNamed` makes code using the reference package much less
  verbose, since typical use cases require a name, and this is an
  additional type assertion and error case after every `Parse` call.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-10-13 16:07:34 -07:00
Richard Scothern
4c4112bdcf Merge pull request #1035 from aaronlehmann/host-parameter-alternate
Add http.host parameter
2015-10-13 14:03:48 -07:00
Stephen Day
bfd1f423c5 Merge pull request #1033 from jlhawn/api_spec_update_auth_errors
[api spec] Update authN and authZ errors
2015-10-13 13:52:18 -07:00
Stephen Day
8aec18217a Merge pull request #963 from dmcgowan/reference-update
[Carry 690] Add a new reference package abstracting tags and digests
2015-10-13 13:15:43 -07:00
Richard Scothern
6a4cdab380 Merge pull request #1083 from BrianBland/fixSwiftDocs
Fixes documentation for swift driver "container" parameter
2015-10-13 11:57:43 -07:00
Sharif Nassar
929595c7d1 Fix spelling
Signed-off-by: Sharif Nassar <sharif@mrwacky.com>
2015-10-12 16:11:30 -07:00
Aaron Lehmann
b07d759241 Add WithTag and WithDigest combinator functions
These functions allow a Named type to be combined with a tag or a
digest. WithTag will replace the ImageReference function in
github.com/docker/docker/utils as the Docker Engine transitions to the
reference package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-10-12 16:00:33 -07:00
Derek McGowan
3943c4165c Make Named,Tagged, and Digested implement Reference
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-09 16:14:08 -07:00
Derek McGowan
6bd5b8c24e Update regexp to support repeated dash and double underscore
In order to support valid hostnames as name components, supporting repeated dash was added.
Additionally double underscore is now allowed as a separator to loosen the restriction for previously supported names.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-09 16:14:08 -07:00
Derek McGowan
bcda04d6cd Add field type for serialization
Since reference itself may be represented by multiple types which implement the reference inteface, serialization can lead to ambiguous type which cannot be deserialized.
Field wraps the reference object to ensure that the correct type is always deserialized, requiring an extra unwrap of the reference after deserialization.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-09 16:05:49 -07:00
Derek McGowan
31a448a628 Update to provide small and clear interfaces
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-09 16:05:49 -07:00
Tibor Vass
f8c09b6a7d Add a new reference package abstracting repositories, tags and digests
There seems to be a need for a type that represents a way of pointing
to an image, irrespective of the implementation.

This patch defines a Reference interface and provides 3 implementations:
- TagReference: when only a tag is provided
- DigestReference: when a digest (according to the digest package) is
  provided, can include optional tag as well

Validation of references are purely syntactic.

There is also a strong type for tags, analogous to digests, as well
as a strong type for Repository from which clients can access the
hostname alone, or the repository name without the hostname, or both
together via the String() method.

For Repository, the files names.go and names_test.go were moved from
the v2 package.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-10-09 16:05:34 -07:00
Brian Bland
90fe4b9256 Fixes documentation for swift driver "container" parameter
No longer claims that an additional segments container is used

Signed-off-by: Brian Bland <brian.bland@docker.com>
2015-10-08 16:51:57 -07:00
Derek McGowan
1d266b00e1 Merge pull request #1079 from mattmoor/allow-hostname-parts
Allow hostname components in component names.
2015-10-08 16:49:42 -07:00
Richard Scothern
515b9596e7 Fix a race condition in pull through cache population by removing the functionality
of readers joining current downloads.  Concurrent requests for the same blob
will not block, but only the first instance will be comitted locally.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-10-08 16:12:29 -07:00
Matt Moore
74c32a0a51 Allow hostname components in component names.
Fixes https://github.com/docker/distribution/issues/1062

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.

Signed-off-by: Matt Moore <mattmoor@google.com>
2015-10-08 11:29:54 -07:00
Richard Scothern
4946d0d035 Merge pull request #1072 from compnski/patch-1
Update configuration.md
2015-10-08 10:12:21 -07:00
Jason Freidman
1c1917fd5a Update configuration.md
It seems that enabling proxy stops my instance from accepting local pushes, but I can't find mention of that in the docs.

Signed-off-by: Jason Freidman <jason@periscope.io>
2015-10-07 20:02:58 -07:00
Richard Scothern
a0007130cf Merge pull request #1076 from harche/patch-2
fixing registry version command example
2015-10-07 10:09:15 -07:00
harche
4ff7656ba1 Typo in command to check registry version
Signed-off-by: Harshal <p.harshal@gmail.com>
2015-10-07 16:38:42 +05:30
Richard Scothern
89bedf1e7f Merge pull request #1048 from docker/docs-secure-default
Correct the default setting of s3's "secure" parameter in configuration.md
2015-10-01 10:26:38 -07:00
Richard Scothern
61a4a1362c Merge pull request #950 from jackpgriffin/master
Skip creating swift container if already exists
2015-10-01 10:15:54 -07:00
Aaron Lehmann
7f83bfd8af Correct the default setting of s3's "secure" parameter in configuration.md
This defaults to true in the code, but the doc claimed it defaults to
false.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-30 18:41:06 -07:00
Aaron Lehmann
0a6988195e Add http.host parameter
This allows the administrator to specify an externally-reachable URL for
the registry. It takes precedence over the X-Forwarded-Proto and
X-Forwarded-Host headers, and the hostname in the request.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-30 15:12:01 -07:00
Derek McGowan
618ffe118b Merge pull request #1005 from xiekeyang/spec
add description to manifest spec
2015-09-30 11:47:16 -07:00
Richard Scothern
e760fb2dc6 Merge pull request #988 from tt/fix-incorrect-default
Fix incorrect default
2015-09-30 10:40:11 -07:00
Josh Hawn
0f670bdc91 [api spec] Update authN and authZ errors
Associate HTTP 401s with Authentication errors rather than Authorization
errors. Changes the meaning of the UNAUTHORIZED error to be authentication
specific.

Defines DENIED error code to be associated with authorization
errors which result in HTTP 403 responses.

Add 'No Such Repository' errors to more endpoints.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-09-30 09:12:31 -07:00
Stephen Day
497133f567 Merge pull request #1045 from tt/remove-duplicate-dependency-definition
Remove duplicate dependency definition
2015-09-30 13:19:35 +02:00
Stephen Day
7f2ffe0ad1 Merge pull request #1036 from dmcgowan/digest-set-update
Add remove and list functions to digest set
2015-09-30 13:17:41 +02:00
Stephen Day
ca2156d558 Merge pull request #1024 from aaronlehmann/avoid-testing-import
Avoid importing "testing" in externally-facing code
2015-09-30 13:14:42 +02:00
Troels Thomsen
6a3496d9a5 Remove duplicate dependency definition
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-30 10:48:28 +02:00
Troels Thomsen
5fc0c2f0b7 Use revision of saved package
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-30 10:48:21 +02:00
xiekeyang
da8ef7585d add description to manifest spec
This PR add some description to manifest spec.
It clarifies the relationship between `fsLayers` and `history` fields.

Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-09-30 10:16:46 +08:00
Richard Scothern
64660c68f2 Merge pull request #1042 from tt/upgrade-amazon-library
Upgrade Amazon library
2015-09-29 17:50:41 -07:00
Troels Thomsen
cca9f74eec Upgrade Amazon library to revision aa6e716d710a0c7941cb2075cfbb9661f16d21f1
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-30 00:29:17 +02:00
Aaron Lehmann
6acb3a0d7e Avoid importing "testing" in externally-facing code
The "testing" package adds some flags in its init function, so utilities
that import distribution code may print a page of extra testing flags in
their help output.

This commit solves the issue by moving an import of "testing" in the
registry/storage/cache package to a new
registry/storage/cache/cachecheck package, which is only imported by
tests.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-29 10:06:39 -07:00
Derek McGowan
dc6c54489c Add remove and list functions to digest set
Add mutex protection around set access

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-09-29 10:04:15 -07:00
Aaron Lehmann
14a4b4d9d6 Merge pull request #1001 from RichardScothern/fix-atrocity
Don't return nil, nil from functions
2015-09-28 13:34:11 -07:00
Troels Thomsen
cfe50c9ef4 Fix incorrect default
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2015-09-28 10:08:17 +02:00
Richard Scothern
d03c56129c Merge pull request #991 from mattmoor/expires_in_proposal
Fixes #684
2015-09-25 15:23:28 -07:00
Richard Scothern
07b05a72bb Merge pull request #999 from nakedible-p/patch-1
Remove initial access check from S3 driver
2015-09-25 15:23:03 -07:00
Richard Scothern
794975e9e6 Merge pull request #1014 from shyr/patch-3
Minor grammar fix : duplicated coordinators.
2015-09-23 10:04:33 -07:00
Sungho Moon
7bf66b6855 Minor grammar fix : duplicated coordinators.
Signed-off-by: Sungho Moon <sungho.moon@navercorp.com>
2015-09-23 11:40:13 +09:00
Aaron Lehmann
a601f92336 Add an "enabled" parameter under "readonly", and make it as if the mutable handlers don't exist when read-only mode is enabled
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-22 15:49:26 -07:00
Aaron Lehmann
c9bb330b71 Add a read-only mode as a configuration option
Add "readonly" under the storage/maintenance section. When this is set
to true, uploads and deletions will return 503 Service Unavailable
errors.

Document the parameter and add some unit testing.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-22 15:47:48 -07:00
Nuutti Kotivuori
26d8344872 Remove initial access check from S3 driver
In the S3 storage driver there is currently an initial access permission check by listing the bucket. If this check fails, registry will panic and exit.

However, this check is broken in two ways. First of all it strips the final slash from the root directory path, meaning that any access permissions which limit access to a single directory will fail, because S3 treats the path as strict prefix match. Secondly it fails to strip any leading slash that might be present, unlike the other access places, which means that the path used is different as a leading slash is allowed and significant in a filename in S3.

Since there is also a periodic health check which correctly checks access permissions and shows the error more cleanly, the best solution seems to be to just remove this initial access check.

Signed-off-by: Nuutti Kotivuori <nuutti.kotivuori@poplatek.fi>
2015-09-19 12:47:12 +03:00
Richard Scothern
f36ab5a834 Don't return a nil array and a nil error if the Tags endpoint cannot be found
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-18 16:19:41 -07:00
Richard Scothern
924913b4c3 Avoid returning nil, nil when fetching a manifest by tag by introducing a new
error ErrManifestNotModified which can be checked by clients.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-18 16:19:37 -07:00