tarsum is not actually used by the registry. Remove support for it.
Convert numerous uses in unit tests to SHA256.
Update docs to remove mentions of tarsums (which were often inaccurate).
Remove tarsum dependency.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Fixes a huge problem where a nginx variable was not escaped and nginx was adding the literal string "always" to all requests.
The most obvious result was that basic auth was entirely broken.
Signed-off-by: Carson Anderson <ca@carson-anderson.com>
If this example was copied and pasted, the shell would try to interpolate `$upstream_http_docker_distribution_api_version` and `$docker_distribution_api_version`.
Signed-off-by: Andrew Meredith <andymeredith@gmail.com>
This change clarifies the way the catalog endpoint returns results
when pagination was not explicitly requested.
Signed-off-by: Patrick Devine <patrick.devine@docker.com>
This extends the specification for the Bearer token response to include
information pertaining to when an issued Bearer token will expire.
This also allows the client to accept `access_token` as an alias for `token`.
Signed-off-by: Matt Moore <mattmoor@google.com>
The docs don't render emoji, so replaced the `⚠️` with
a `**Warning**:` to keep the formatting consisten with
`**Note**:` used in other parts of the docs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This adds a variable to help nginx add the
Docker-Distribution-Api-Version when using basic auth, and not add the
header when it sees it from the upstream.
Also fix some minor spelling/grammar issues.
Signed-off-by: Sharif Nassar <sharif@mrwacky.com>
It seems that enabling proxy stops my instance from accepting local pushes, but I can't find mention of that in the docs.
Signed-off-by: Jason Freidman <jason@periscope.io>
This allows the administrator to specify an externally-reachable URL for
the registry. It takes precedence over the X-Forwarded-Proto and
X-Forwarded-Host headers, and the hostname in the request.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Associate HTTP 401s with Authentication errors rather than Authorization
errors. Changes the meaning of the UNAUTHORIZED error to be authentication
specific.
Defines DENIED error code to be associated with authorization
errors which result in HTTP 403 responses.
Add 'No Such Repository' errors to more endpoints.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This PR add some description to manifest spec.
It clarifies the relationship between `fsLayers` and `history` fields.
Signed-off-by: xiekeyang <xiekeyang@huawei.com>
Add "readonly" under the storage/maintenance section. When this is set
to true, uploads and deletions will return 503 Service Unavailable
errors.
Document the parameter and add some unit testing.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Split the discussion of v2 authentication into two parts:
1) A specification of the handshake between the client, registry and
authentication service.
2) A description of how `docker/distribution` implements this using JWT.
This should make it clearer that `#2` is an implementation detail, and
that clients should regard tokens as opaque entities that only the
registry and authentication service should understand.
Signed-off-by: Matt Moore <mattmoor@google.com>