2018-02-05 21:05:59 +00:00
package distribution // import "github.com/docker/docker/distribution"
2016-02-11 22:08:49 +00:00
import (
2023-06-23 00:33:17 +00:00
"context"
2017-07-19 14:20:13 +00:00
"fmt"
2016-02-11 22:08:49 +00:00
"net/url"
"strings"
"syscall"
2023-09-13 15:41:45 +00:00
"github.com/containerd/log"
2023-08-30 16:31:46 +00:00
"github.com/distribution/reference"
2016-11-29 21:13:42 +00:00
"github.com/docker/distribution"
2016-02-11 22:08:49 +00:00
"github.com/docker/distribution/registry/api/errcode"
2019-08-05 14:37:47 +00:00
v2 "github.com/docker/distribution/registry/api/v2"
2016-02-11 22:08:49 +00:00
"github.com/docker/distribution/registry/client"
2016-03-12 17:01:01 +00:00
"github.com/docker/distribution/registry/client/auth"
2016-02-11 22:08:49 +00:00
"github.com/docker/docker/distribution/xfer"
2018-01-11 19:53:06 +00:00
"github.com/docker/docker/errdefs"
2018-08-03 13:41:05 +00:00
"github.com/pkg/errors"
2016-02-11 22:08:49 +00:00
)
// fallbackError wraps an error that can possibly allow fallback to a different
// endpoint.
type fallbackError struct {
// err is the error being wrapped.
err error
2016-02-11 23:45:29 +00:00
// transportOK is set to true if we managed to speak HTTP with the
// registry. This confirms that we're using appropriate TLS settings
// (or lack of TLS).
transportOK bool
2016-02-11 22:08:49 +00:00
}
// Error renders the FallbackError as a string.
func ( f fallbackError ) Error ( ) string {
2016-07-25 21:52:27 +00:00
return f . Cause ( ) . Error ( )
}
func ( f fallbackError ) Cause ( ) error {
return f . err
2016-02-11 22:08:49 +00:00
}
2017-07-19 14:20:13 +00:00
type notFoundError struct {
cause errcode . Error
ref reference . Named
}
func ( e notFoundError ) Error ( ) string {
switch e . cause . Code {
case errcode . ErrorCodeDenied :
// ErrorCodeDenied is used when access to the repository was denied
2018-08-03 13:41:05 +00:00
return errors . Wrapf ( e . cause , "pull access denied for %s, repository does not exist or may require 'docker login'" , reference . FamiliarName ( e . ref ) ) . Error ( )
2017-07-19 14:20:13 +00:00
case v2 . ErrorCodeManifestUnknown :
2018-08-03 13:41:05 +00:00
return errors . Wrapf ( e . cause , "manifest for %s not found" , reference . FamiliarString ( e . ref ) ) . Error ( )
2017-07-19 14:20:13 +00:00
case v2 . ErrorCodeNameUnknown :
2018-08-03 13:41:05 +00:00
return errors . Wrapf ( e . cause , "repository %s not found" , reference . FamiliarName ( e . ref ) ) . Error ( )
2017-07-19 14:20:13 +00:00
}
// Shouldn't get here, but this is better than returning an empty string
return e . cause . Message
}
func ( e notFoundError ) NotFound ( ) { }
func ( e notFoundError ) Cause ( ) error {
return e . cause
}
2022-10-27 12:31:35 +00:00
// unsupportedMediaTypeError is an error issued when attempted
// to pull unsupported content.
type unsupportedMediaTypeError struct {
MediaType string
}
func ( e unsupportedMediaTypeError ) InvalidParameter ( ) { }
// Error returns the error string for unsupportedMediaTypeError.
func ( e unsupportedMediaTypeError ) Error ( ) string {
return "unsupported media type " + e . MediaType
}
2022-02-27 19:46:24 +00:00
// translatePullError is used to convert an error from a registry pull
2016-11-15 23:06:48 +00:00
// operation to an error representing the entire pull operation. Any error
// information which is not used by the returned error gets output to
// log at info level.
2022-02-27 19:46:24 +00:00
func translatePullError ( err error , ref reference . Named ) error {
2016-11-10 23:14:33 +00:00
switch v := err . ( type ) {
case errcode . Errors :
if len ( v ) != 0 {
for _ , extra := range v [ 1 : ] {
2023-06-23 00:33:17 +00:00
log . G ( context . TODO ( ) ) . WithError ( extra ) . Infof ( "Ignoring extra error returned from registry" )
2016-11-10 23:14:33 +00:00
}
2022-02-27 19:46:24 +00:00
return translatePullError ( v [ 0 ] , ref )
2016-11-10 23:14:33 +00:00
}
case errcode . Error :
switch v . Code {
2017-07-19 14:20:13 +00:00
case errcode . ErrorCodeDenied , v2 . ErrorCodeManifestUnknown , v2 . ErrorCodeNameUnknown :
return notFoundError { v , ref }
2016-11-10 23:14:33 +00:00
}
case xfer . DoNotRetry :
2022-02-27 19:46:24 +00:00
return translatePullError ( v . Err , ref )
2016-11-10 23:14:33 +00:00
}
2017-11-29 04:09:37 +00:00
return errdefs . Unknown ( err )
2016-11-10 23:14:33 +00:00
}
2020-12-03 21:15:18 +00:00
func isNotFound ( err error ) bool {
switch v := err . ( type ) {
case errcode . Errors :
for _ , e := range v {
if isNotFound ( e ) {
return true
}
}
case errcode . Error :
switch v . Code {
case errcode . ErrorCodeDenied , v2 . ErrorCodeManifestUnknown , v2 . ErrorCodeNameUnknown :
return true
}
}
return false
}
2016-02-11 22:08:49 +00:00
// continueOnError returns true if we should fallback to the next endpoint
// as a result of this error.
2017-11-15 00:06:17 +00:00
func continueOnError ( err error , mirrorEndpoint bool ) bool {
2016-02-11 22:08:49 +00:00
switch v := err . ( type ) {
case errcode . Errors :
if len ( v ) == 0 {
return true
}
2017-11-15 00:06:17 +00:00
return continueOnError ( v [ 0 ] , mirrorEndpoint )
2016-02-11 22:08:49 +00:00
case errcode . Error :
2019-06-18 01:42:24 +00:00
return mirrorEndpoint
2016-02-11 22:08:49 +00:00
case * client . UnexpectedHTTPResponseError :
return true
2022-02-27 19:46:24 +00:00
case imageConfigPullError :
// imageConfigPullError only happens with v2 images, v1 fallback is
2017-11-15 00:06:17 +00:00
// unnecessary.
// Failures from a mirror endpoint should result in fallback to the
// canonical repo.
return mirrorEndpoint
2022-10-27 12:31:35 +00:00
case unsupportedMediaTypeError :
return false
2016-02-11 22:08:49 +00:00
case error :
2017-05-23 14:22:32 +00:00
return ! strings . Contains ( err . Error ( ) , strings . ToLower ( syscall . ESRCH . Error ( ) ) )
2016-02-11 22:08:49 +00:00
}
// let's be nice and fallback if the error is a completely
// unexpected one.
// If new errors have to be handled in some way, please
// add them to the switch above.
return true
}
// retryOnError wraps the error in xfer.DoNotRetry if we should not retry the
// operation after this error.
func retryOnError ( err error ) error {
switch v := err . ( type ) {
case errcode . Errors :
2016-03-14 20:11:35 +00:00
if len ( v ) != 0 {
return retryOnError ( v [ 0 ] )
}
2016-02-11 22:08:49 +00:00
case errcode . Error :
switch v . Code {
2016-07-12 00:06:23 +00:00
case errcode . ErrorCodeUnauthorized , errcode . ErrorCodeUnsupported , errcode . ErrorCodeDenied , errcode . ErrorCodeTooManyRequests , v2 . ErrorCodeNameUnknown :
2016-02-11 22:08:49 +00:00
return xfer . DoNotRetry { Err : err }
}
case * url . Error :
2016-03-18 17:54:05 +00:00
switch v . Err {
case auth . ErrNoBasicAuthCredentials , auth . ErrNoToken :
2016-03-12 17:01:01 +00:00
return xfer . DoNotRetry { Err : v . Err }
}
2016-02-11 22:08:49 +00:00
return retryOnError ( v . Err )
2022-10-27 12:31:35 +00:00
case * client . UnexpectedHTTPResponseError , unsupportedMediaTypeError :
2016-02-11 22:08:49 +00:00
return xfer . DoNotRetry { Err : err }
case error :
2016-11-29 21:13:42 +00:00
if err == distribution . ErrBlobUnknown {
return xfer . DoNotRetry { Err : err }
}
2016-02-11 22:08:49 +00:00
if strings . Contains ( err . Error ( ) , strings . ToLower ( syscall . ENOSPC . Error ( ) ) ) {
return xfer . DoNotRetry { Err : err }
}
}
// let's be nice and fallback if the error is a completely
// unexpected one.
// If new errors have to be handled in some way, please
// add them to the switch above.
return err
}
2017-07-19 14:20:13 +00:00
type invalidManifestClassError struct {
mediaType string
class string
}
func ( e invalidManifestClassError ) Error ( ) string {
return fmt . Sprintf ( "Encountered remote %q(%s) when fetching" , e . mediaType , e . class )
}
func ( e invalidManifestClassError ) InvalidParameter ( ) { }
type invalidManifestFormatError struct { }
func ( invalidManifestFormatError ) Error ( ) string {
return "unsupported manifest format"
}
func ( invalidManifestFormatError ) InvalidParameter ( ) { }
type reservedNameError string
func ( e reservedNameError ) Error ( ) string {
return "'" + string ( e ) + "' is a reserved name"
}
func ( e reservedNameError ) Forbidden ( ) { }
2023-09-19 12:51:21 +00:00
disable pulling legacy image formats by default
This patch disables pulling legacy (schema1 and schema 2, version 1) images by
default.
A `DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE` environment-variable is
introduced to allow re-enabling this feature, aligning with the environment
variable used in containerd 2.0 (`CONTAINERD_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE`).
With this patch, attempts to pull a legacy image produces an error:
With graphdrivers:
docker pull docker:1.0
1.0: Pulling from library/docker
[DEPRECATION NOTICE] Docker Image Format v1, and Docker Image manifest version 2, schema 1 support will be removed in an upcoming release. Suggest the author of docker.io/library/docker:1.0 to upgrade the image to the OCI Format, or Docker Image manifest v2, schema 2. More information at https://docs.docker.com/go/deprecated-image-specs/
With the containerd image store enabled, output is slightly different
as it returns the error before printing the `1.0: pulling ...`:
docker pull docker:1.0
Error response from daemon: [DEPRECATION NOTICE] Docker Image Format v1 and Docker Image manifest version 2, schema 1 support is disabled by default and will be removed in an upcoming release. Suggest the author of docker.io/library/docker:1.0 to upgrade the image to the OCI Format or Docker Image manifest v2, schema 2. More information at https://docs.docker.com/go/deprecated-image-specs/
Using the "distribution" endpoint to resolve the digest for an image also
produces an error:
curl -v --unix-socket /var/run/docker.sock http://foo/distribution/docker.io/library/docker:1.0/json
* Trying /var/run/docker.sock:0...
* Connected to foo (/var/run/docker.sock) port 80 (#0)
> GET /distribution/docker.io/library/docker:1.0/json HTTP/1.1
> Host: foo
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Api-Version: 1.45
< Content-Type: application/json
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/dev (linux)
< Date: Tue, 27 Feb 2024 16:09:42 GMT
< Content-Length: 354
<
{"message":"[DEPRECATION NOTICE] Docker Image Format v1, and Docker Image manifest version 2, schema 1 support will be removed in an upcoming release. Suggest the author of docker.io/library/docker:1.0 to upgrade the image to the OCI Format, or Docker Image manifest v2, schema 2. More information at https://docs.docker.com/go/deprecated-image-specs/"}
* Connection #0 to host foo left intact
Starting the daemon with the `DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE`
env-var set to a non-empty value allows pulling the image;
docker pull docker:1.0
[DEPRECATION NOTICE] Docker Image Format v1 and Docker Image manifest version 2, schema 1 support is disabled by default and will be removed in an upcoming release. Suggest the author of docker.io/library/docker:1.0 to upgrade the image to the OCI Format or Docker Image manifest v2, schema 2. More information at https://docs.docker.com/go/deprecated-image-specs/
b0a0e6710d13: Already exists
d193ad713811: Already exists
ba7268c3149b: Already exists
c862d82a67a2: Already exists
Digest: sha256:5e7081837926c7a40e58881bbebc52044a95a62a2ea52fb240db3fc539212fe5
Status: Image is up to date for docker:1.0
docker.io/library/docker:1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-27 16:30:46 +00:00
type invalidArgumentErr struct { error }
func ( invalidArgumentErr ) InvalidParameter ( ) { }
func DeprecatedSchema1ImageError ( ref reference . Named ) error {
msg := "[DEPRECATION NOTICE] Docker Image Format v1 and Docker Image manifest version 2, schema 1 support is disabled by default and will be removed in an upcoming release."
if ref != nil {
msg += " Suggest the author of " + ref . String ( ) + " to upgrade the image to the OCI Format or Docker Image manifest v2, schema 2."
}
msg += " More information at https://docs.docker.com/go/deprecated-image-specs/"
return invalidArgumentErr { errors . New ( msg ) }
2023-09-19 12:51:21 +00:00
}
