Commit graph

318 commits

Author SHA1 Message Date
Jessica Frazelle
cb4f91608e Fix conflicts.
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
2014-12-11 17:14:53 -08:00
Jessie Frazelle
e646feca25 Merge pull request #9345 from jfrazelle/bump_v1.4.0
Bump version to 1.4.0
2014-12-11 16:31:29 -08:00
Jessica Frazelle
bcf8beacd4 Merge branch master into bump_v1.4.0
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
2014-12-11 15:00:03 -08:00
Michael Crosby
4fb344f6a0 Merge pull request #9620 from tiborvass/merge_release_v1.3.3
Merge release v1.3.3
2014-12-11 13:53:32 -08:00
unclejack
fdd4f4f2d1 validate image ID properly & before load
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>

Conflicts:
	graph/load.go
2014-12-11 16:29:27 -05:00
Tibor Vass
6932ad3a77 Merge pull request #9617 from tiborvass/bump_v1.3.3
Bump v1.3.3
2014-12-11 15:31:43 -05:00
6fa196282d Merge pull request #9604 from crosbymichael/registry-fruit-loops
Prevent infinite loop with var overshadowing
2014-12-11 10:36:47 -05:00
Michael Crosby
6ad54e3df6 Refactor put image function's redirect loop
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-10 18:11:27 -08:00
Michael Crosby
3911c8b8dc Prevent loop with var overshadowing
Incase of a 3xx redirect the var was being overshowed and ever changed
causing an infinite loop.

Fixes #9480

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2014-12-10 17:43:21 -08:00
unclejack
b62a9ac989 validate image ID properly & before load
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
2014-12-09 14:56:16 -05:00
Tibor Vass
e9bdaeb6c6 Merge pull request #9316 from tiborvass/bump_v1.3.2
Bump v1.3.2
2014-11-24 16:49:28 -05:00
Vaidas Jablonskis
df85a0f700 registry: fix ServerAddress setting
This ensures that ServerAddress is set, while previously it was getting
set after configFile.Configs.

Signed-off-by: Vaidas Jablonskis <jablonskis@gmail.com>
2014-11-24 18:26:41 +00:00
Tibor Vass
6638cd7bc7 Add the possibility of specifying a subnet for --insecure-registry
Signed-off-by: Tibor Vass <teabee89@gmail.com>

Conflicts:
	registry/endpoint.go
2014-11-14 14:20:19 -08:00
Tibor Vass
8065dad50b registry: parse INDEXSERVERADDRESS into a URL for easier check in isSecure
Signed-off-by: Tibor Vass <teabee89@gmail.com>
2014-11-14 14:20:19 -08:00
Tibor Vass
8b0e8b6621 Put mock registry address in insecureRegistries for unit tests
Signed-off-by: Tibor Vass <teabee89@gmail.com>

Conflicts:
	registry/registry_mock_test.go
2014-11-14 14:20:19 -08:00
Tibor Vass
44d97c1fd0 registry: refactor registry.IsSecure calls into registry.NewEndpoint
Signed-off-by: Tibor Vass <teabee89@gmail.com>

Conflicts:
	registry/endpoint.go
	registry/endpoint_test.go
	registry/registry_test.go
2014-11-14 14:05:31 -08:00
Tibor Vass
ae0ebb9d07 Add the possibility of specifying a subnet for --insecure-registry
Signed-off-by: Tibor Vass <teabee89@gmail.com>
2014-11-14 12:31:11 -08:00
Tibor Vass
f0920e61bf registry: parse INDEXSERVERADDRESS into a URL for easier check in isSecure
Signed-off-by: Tibor Vass <teabee89@gmail.com>
2014-11-13 07:02:24 -08:00
Tibor Vass
cca910e878 Put mock registry address in insecureRegistries for unit tests
Signed-off-by: Tibor Vass <teabee89@gmail.com>
2014-11-12 20:34:03 -06:00
Tibor Vass
80255ff224 registry: refactor registry.IsSecure calls into registry.NewEndpoint
Signed-off-by: Tibor Vass <teabee89@gmail.com>
2014-11-12 20:34:03 -06:00
Erik Hollensbe
524aa8b1a6 registry: always treat 127.0.0.1 as insecure for all cases anytime anywhere
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
2014-11-12 12:14:43 -08:00
Johan Euphrosine
8582d04393 registry: default --insecure-registry to localhost and 127.0.0.1
Signed-off-by: Johan Euphrosine <proppy@google.com>
2014-11-12 09:12:42 -08:00
Tibor Vass
c00cd583e9 Merge pull request #9095 from proppy/is-secure-test
registry: add tests for IsSecure
2014-11-11 16:52:36 -05:00
Johan Euphrosine
cd246befe2 registry: add tests for IsSecure
Signed-off-by: Johan Euphrosine <proppy@google.com>
2014-11-11 11:02:32 -08:00
Vincent Batts
7dd4199fe8 registry: don't iterate through certs
the golang tls.Conn does a fine job of that.
http://golang.org/src/pkg/crypto/tls/handshake_client.go?#L334

Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-11-04 16:12:23 -05:00
Tibor Vass
eba996acfb Merge pull request #8870 from tiborvass/merge_release_v1.3.1
Merge release v1.3.1
2014-10-30 20:24:34 -04:00
Tibor Vass
47a494e0fd Fix login command
Signed-off-by: Tibor Vass <teabee89@gmail.com>
2014-10-30 19:44:44 -04:00
Tibor Vass
1b72e0234e Do not verify certificate when using --insecure-registry on an HTTPS registry
Signed-off-by: Tibor Vass <teabee89@gmail.com>

Conflicts:
	registry/registry.go
	registry/registry_test.go
	registry/service.go
	registry/session.go

Conflicts:
	registry/endpoint.go
	registry/registry.go
2014-10-30 19:44:09 -04:00
Michael Crosby
552c17d618 Don't hard code true for auth job
Signed-off-by: Michael Crosby <michael@docker.com>

Conflicts:
	registry/service.go
2014-10-30 19:41:55 -04:00
Michael Crosby
50e11c9d8e Refactor IsSecure change
Fix issue with restoring the tag store and setting static configuration
from the daemon. i.e. the field on the TagStore struct must be made
internal or the json.Unmarshal in restore will overwrite the insecure
registries to be an empty struct.

Signed-off-by: Michael Crosby <michael@docker.com>

Conflicts:
	graph/pull.go
	graph/push.go
	graph/tags.go
2014-10-30 19:41:55 -04:00
unclejack
034c1cfb9d make http usage for registry explicit
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)

Conflicts:
	daemon/config.go
	daemon/daemon.go
	graph/pull.go
	graph/push.go
	graph/tags.go
	registry/registry.go
	registry/service.go
2014-10-30 19:41:55 -04:00
Tibor Vass
96272e1c9a Merge pull request #8861 from tiborvass/bump_v1.3.1
Bump v1.3.1
2014-10-30 12:43:43 -04:00
Tibor Vass
0481c669c7 Fix login command
Signed-off-by: Tibor Vass <teabee89@gmail.com>
2014-10-30 09:17:11 -04:00
Victor Vieux
5685221c5f Merge pull request #8387 from vbatts/vbatts-registry_test_enpoint
registry/endpoint: make it testable
2014-10-29 13:36:17 -07:00
Jessie Frazelle
21ba3078b6 Merge pull request #8669 from monsterzz/8668-dualstack-registry
Use dual-stack Dialer when talking to registy
2014-10-29 12:03:12 -07:00
Michael Crosby
751e25119f Merge pull request #8836 from jfrazelle/hub-login-error
Fix error on successful login.
2014-10-28 18:09:17 -07:00
Jessica Frazelle
22f87eb9be Fix error on successful login.
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle)
2014-10-28 17:42:03 -07:00
Igor Dolzhikov
1a8edd0d55 excluding unused transformation to []byte
Signed-off-by: Igor Dolzhikov <bluesriverz@gmail.com>
2014-10-28 01:04:36 +06:00
Alexandr Morozov
0827b71157 Mass gofmt
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2014-10-24 15:11:48 -07:00
Alexandr Morozov
32654af8b6 Use logrus everywhere for logging
Fixed #8761

Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
2014-10-24 15:03:06 -07:00
Vincent Batts
bcbb7e0c41 registry/endpoint: make it testable
Signed-off-by: Vincent Batts <vbatts@redhat.com>
2014-10-24 16:27:17 -04:00
Tibor Vass
d81951fffa Merge pull request #8423 from unclejack/lint_changes
lint changes part 1
2014-10-21 12:15:58 -04:00
Gleb M Borisov
ef57ab120c Use dual-stack Dialer when talking to registy
Signed-off-by: Gleb M. Borisov <borisov.gleb@gmail.com>
2014-10-21 03:59:11 +04:00
Daniel, Dao Quang Minh
dff0678909 Avoid fallback to SSL protocols < TLS1.0
Signed-off-by: Tibor Vass <teabee89@gmail.com>

Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)

Conflicts:
	registry/registry.go
2014-10-20 16:51:06 -04:00
Tibor Vass
798fd3c764 Do not verify certificate when using --insecure-registry on an HTTPS registry
Signed-off-by: Tibor Vass <teabee89@gmail.com>

Conflicts:
	registry/registry.go
	registry/registry_test.go
	registry/service.go
	registry/session.go
2014-10-20 16:51:06 -04:00
Michael Crosby
27ddc260e2 Don't hard code true for auth job
Signed-off-by: Michael Crosby <michael@docker.com>

Conflicts:
	registry/service.go
2014-10-20 16:51:05 -04:00
Michael Crosby
2b9798fa19 Refactor IsSecure change
Fix issue with restoring the tag store and setting static configuration
from the daemon. i.e. the field on the TagStore struct must be made
internal or the json.Unmarshal in restore will overwrite the insecure
registries to be an empty struct.

Signed-off-by: Michael Crosby <michael@docker.com>

Conflicts:
	graph/pull.go
	graph/push.go
	graph/tags.go
2014-10-20 16:51:05 -04:00
unclejack
8b1c40732a make http usage for registry explicit
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)

Conflicts:
	daemon/config.go
	daemon/daemon.go
	graph/pull.go
	graph/push.go
	graph/tags.go
	registry/registry.go
	registry/service.go
2014-10-20 16:51:05 -04:00
Dan Walsh
3a6fe4c5c9 On Red Hat Registry Servers we return 404 on certification errors.
We do this to prevent leakage of information, we don't want people
to be able to probe for existing content.

According to RFC 2616, "This status code (404) is commonly used when the server does not
wish to reveal exactly why the request has been refused, or when no other response i
is applicable."

https://www.ietf.org/rfc/rfc2616.txt

10.4.4 403 Forbidden

   The server understood the request, but is refusing to fulfill it.
   Authorization will not help and the request SHOULD NOT be repeated.
   If the request method was not HEAD and the server wishes to make
   public why the request has not been fulfilled, it SHOULD describe the
   reason for the refusal in the entity.  If the server does not wish to
   make this information available to the client, the status code 404
   (Not Found) can be used instead.

10.4.5 404 Not Found

   The server has not found anything matching the Request-URI. No
   indication is given of whether the condition is temporary or
   permanent. The 410 (Gone) status code SHOULD be used if the server
   knows, through some internally configurable mechanism, that an old
   resource is permanently unavailable and has no forwarding address.
   This status code is commonly used when the server does not wish to
   reveal exactly why the request has been refused, or when no other
   response is applicable.

When docker is running through its certificates, it should continue
trying with a new certificate even if it gets back a 404 error code.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2014-10-20 13:20:48 -04:00
Tibor Vass
4c89bdaba2 Merge pull request #8588 from dqminh/remove-sslv3
remove sslv3 from server's TLS supported versions
2014-10-17 12:05:48 -04:00