0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

c8d/push: Ignore :port when comparing source repository

Browse source 
Distribution source labels don't store port of the repository. If the
content was obtained from repository 172.17.0.2:5000 then its
corresponding label will have a key "containerd.io/distribution.source.172.17.0.2".

Fix the check in canBeMounted to ignore the :port part of the domain.

This also removes the check which prevented insecure repositories to use
cross-repo mount - the real cause was the mismatch in domain comparison.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This commit is contained in:
Paweł Gronowski 2023-03-31 15:42:02 +02:00
parent 4a34c501c1
commit e1dd9c0396
No known key found for this signature in database
GPG key ID: B85EFCFE26DEF92A
1 changed files with 8 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
daemon/containerd/image_push.go
View file

@ -73,7 +73,7 @@ func (i *ImageService) PushImage(ctx context.Context, targetRef reference.Named,
var limiter *semaphore.Weighted = nil // TODO: Respect max concurrent downloads/uploads
mountableBlobs, err := i.findMissingMountable(ctx, store, jobs, target, targetRef, limiter)
mountableBlobs, err := findMissingMountable(ctx, store, jobs, target, targetRef, limiter)
if err != nil {
return err
}
@ -146,7 +146,7 @@ func (i *ImageService) PushImage(ctx context.Context, targetRef reference.Named,
// findMissingMountable will walk the target descriptor recursively and return
// missing contents with their distribution source which could potentially
// be cross-repo mounted.
func (i *ImageService) findMissingMountable(ctx context.Context, store content.Store, jobs *jobs,
func findMissingMountable(ctx context.Context, store content.Store, jobs *jobs,
target ocispec.Descriptor, targetRef reference.Named, limiter *semaphore.Weighted,
) (map[digest.Digest]distributionSource, error) {
mountableBlobs := map[digest.Digest]distributionSource{}
@ -169,7 +169,7 @@ func (i *ImageService) findMissingMountable(ctx context.Context, store content.S
}
for _, source := range sources {
if canBeMounted(desc.MediaType, targetRef, i.registryService.IsInsecureRegistry, source) {
if canBeMounted(desc.MediaType, targetRef, source) {
mutex.Lock()
mountableBlobs[desc.Digest] = source
mutex.Unlock()
@ -252,7 +252,7 @@ func (source distributionSource) GetReference(dgst digest.Digest) (reference.Nam
// canBeMounted returns if the content with given media type can be cross-repo
// mounted when pushing it to a remote reference ref.
func canBeMounted(mediaType string, targetRef reference.Named, isInsecureFunc func(string) bool, source distributionSource) bool {
func canBeMounted(mediaType string, targetRef reference.Named, source distributionSource) bool {
if containerdimages.IsManifestType(mediaType) {
return false
}
@ -261,11 +261,10 @@ func canBeMounted(mediaType string, targetRef reference.Named, isInsecureFunc fu
}
reg := reference.Domain(targetRef)
// Cross-repo mount doesn't seem to work with insecure registries.
isInsecure := isInsecureFunc(reg)
if isInsecure {
return false
// Remove :port suffix from domain
// containerd distribution source label doesn't store port
if portIdx := strings.LastIndex(reg, ":"); portIdx != -1 {
reg = reg[:portIdx]
}
// If the source registry is the same as the one we are pushing to