Commit graph

73 commits

Author SHA1 Message Date
Sebastiaan van Stijn
bee8f006fe
registry: serviceConfig: don't embed registry.ServiceConfig
Just define it as a type, which makes it slightly easier to consume.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:12:30 +01:00
Sebastiaan van Stijn
2b5dc81582
registry: move allowNondistributableArtifacts, isSecureIndex to config
This felt slightly more natural to make it a function of the config type itself.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:12:28 +01:00
Sebastiaan van Stijn
382b986520
registry: make defaultService.ServiceConfig() more idiomatic
The intent of this function is to return a copy of the service's configuration,
and to copy / dereference the options in its configuration.

The code was doing this in slightly complicated fashion. This patch;

- adds a `copy()` function to serviceConfig
- rewrites the code to use a slightly more idiomatic approach, using one of
  the approaches described in "golang SliceTricks" https://github.com/golang/go/wiki/SliceTricks#copy
- changes defaultService.ServiceConfig() to use this function, and updates
  its godoc to better describe that it returns a copy.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:12:27 +01:00
Sebastiaan van Stijn
18de76a420
registry: make serviceConfig.loadInsecureRegistries() more atomic
This removes the ugly hack where we stored the current config, tried to
reconfigure the service, and rolled back to the stored copy on failures.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:12:25 +01:00
Sebastiaan van Stijn
9cb0aa4c91
registry: minor improvements and cleanup
- registry: newIndexInfo(): minor refactor
- registry: loadAllowNondistributableArtifacts() minor refactor
  initialise the slices with a length.
- registry: defaultService.Search(): minor refactor
  Perform all manipulation earlier, so that it's not needed to scroll up
  to learn what's done.
- various other minor cleanups

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:12:21 +01:00
Sebastiaan van Stijn
d3c3e2c867
registry: remove unneeded alias for api/types/registry import
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:12:19 +01:00
Sebastiaan van Stijn
79aa65c1fa
registry: return "errdefs" compatible error types
Adding some small utility functions to make generating them easier.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:12:13 +01:00
Sebastiaan van Stijn
98202c86ad
registry: remove ErrInvalidRepositoryName
This error was only returned in a single location, and not used anywhere
as a specific type.

The error returned by `validateNoScheme()` also appeared to only be used in
one case; in all other cases, the error itself was ignored, and replaced with
a custom error. Because of this, this patch also replace `validateNoScheme()`
with a `hasScheme()` function that returns a boolean, to better match how it's
used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:09:15 +01:00
Sebastiaan van Stijn
6e3e657ea6
registry: un-export config.LoadXXX() functions
Un-export:

- config.LoadAllowNondistributableArtifacts()
- config.LoadInsecureRegistries()
- config.LoadMirrors()

The config type is already un-exported; this also un-exports these functions
to be explicit they're internal only.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:09:11 +01:00
Sebastiaan van Stijn
2bcf4628a7
registry: remove TODO for removing localhost as insecure by default
While this was intended t be a stop-gap solution, it's been there for years and
users depend on this. It's also still complicated to secure _localhost_, so
by now, we'd probably have to be realistic, and consider this to be "permanent".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:07:58 +01:00
Sebastiaan van Stijn
d9261561f9
registry: add TODO for removing ParseSearchIndexInfo()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 17:07:56 +01:00
Sebastiaan van Stijn
7d70d95d8e
registry: add DefaultRegistryHost const, and improve documentation
This is more in line with other consts that are used for defaults, and makes it
slightly easier to consume than DefaultV2Registry, e.g. see:
https://github.com/oras-project/oras-go/blob/v1.1.0/pkg/auth/docker/resolver.go#L81-L84

Note that both the "index.docker.io" and "registry-1.docker.io" domains
are here for historic reasons and backward-compatibility. These domains
are still supported by Docker Hub (and will continue to be supported), but
there are new domains already in use, and plans to consolidate all legacy
domains to new "canonical" domains. Once those domains are decided on, we
should update these consts (but making sure to preserve compatibility with
existing installs, clients, and user configuration).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-27 13:48:27 +01:00
Sebastiaan van Stijn
b5835646eb
registry: remove const for 'Docker-Distribution-Api-Version' header
This header was used for fallbacks to v1 registries, but it's no longer
used, and marked optional / legacy in the OCI distribution-spec:

https://github.com/opencontainers/distribution-spec/blob/v1.0.0/spec.md#legacy-docker-support-http-headers

> Because of the origins this specification, the client MAY encounter
> Docker-specific headers, such as `Docker-Content-Digest`, or
> `Docker-Distribution-API-Version`. These headers are OPTIONAL and
> clients SHOULD NOT depend on them.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-24 22:08:28 +02:00
Sebastiaan van Stijn
ab47fd2f72
registry: use consts for default registry
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 14:06:28 +01:00
Justin Cormack
98fc09128b Remove the rest of v1 manifest support
As people are using the UUID in `docker info` that was based on the v1 manifest signing key, replace
with a UUID instead.

Remove deprecated `--disable-legacy-registry` option that was scheduled to be removed in 18.03.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2019-03-02 10:46:37 -08:00
Vincent Demeester
5433ceb12e
Migrate DockerTrustSuite to docker/cli e2e tests
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-03-19 09:26:35 +01:00
Daniel Nephin
4f0d95fa6e Add canonical import comment
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-02-05 16:51:57 -05:00
Yong Tang
b075cd2d78 Merge pull request #34495 from ripcurld0/registry_mirror_json
Exit if service config is loaded unsuccessfully on startup
2017-09-18 21:59:14 -07:00
Boaz Shuster
5258297dac Exit if service config is loaded unsuccessfully on startup
Signed-off-by: Boaz Shuster <ripcurld.github@gmail.com>
2017-09-17 18:50:16 +03:00
Daniel Nephin
f7f101d57e Add gosimple linter
Update gometalinter

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-09-12 12:09:59 -04:00
Daniel Nephin
73ec0ff86b Remove command line flag install from registry package.
Settings flags is the responsibility of the application (cmd/) not a library

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-29 15:55:09 -04:00
Daniel Nephin
9b47b7b151 Fix golint errors.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-18 14:23:44 -04:00
Derek McGowan
1009e6a40b
Update logrus to v1.0.1
Fixes case sensitivity issue

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2017-07-31 13:16:46 -07:00
Josh Soref
39bcaee47b
Spelling fixes
* additional
* ambiguous
* anonymous
* anything
* application
* because
* before
* building
* capabilities
* circumstances
* commit
* committer
* compresses
* concatenated
* config
* container
* container's
* current
* definition
* delimiter
* disassociates
* discovery
* distributed
* doesnotexist
* downloads
* duplicates
* either
* enhancing
* enumerate
* escapable
* exactly
* expect
* expectations
* expected
* explicitly
* false
* filesystem
* following
* forbidden
* git with
* healthcheck
* ignore
* independent
* inheritance
* investigating
* irrelevant
* it
* logging
* looking
* membership
* mimic
* minimum
* modify
* mountpoint
* multiline
* notifier
* outputting
* outside
* overridden
* override
* parsable
* plugins
* precedence
* propagation
* provided
* provides
* registries
* repositories
* returning
* settings
* should
* signals
* someone
* something
* specifically
* successfully
* synchronize
* they've
* thinking
* uninitialized
* unintentionally
* unmarshaling
* unnamed
* unreferenced
* verify

Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-03 13:13:09 -07:00
Noah Treuhaft
67fdf574d5 Add daemon option to push foreign layers
The --allow-nondistributable-artifacts daemon option specifies
registries to which foreign layers should be pushed.  (By default,
foreign layers are not pushed to registries.)

Additionally, to make this option effective, foreign layers are now
pulled from the registry if possible, falling back to the URLs in the
image manifest otherwise.

This option is useful when pushing images containing foreign layers to a
registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2017-05-16 14:36:36 -07:00
Yong Tang
e49589505a Validate insecure registry (--insecure-registry) values
This fix is based on:
https://github.com/docker/docker/issues/29936#issuecomment-277494885

Currently the insecure registry is only checked to see if it contains
scheme (`http(s)://`) or not. No fully validation is done and this
caused many confusions like in #29936.

This fix tries to address the issue.

This fix adds additional validation so that an insecure registry
is validated to make sure it is in `host:port` format where host
could be IPv4/IPv6 or a host name, and port could be an integer
between 0-65535.

Additional unit tests have been added.

This fix is related to #29936.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-02-14 13:13:23 -08:00
Derek McGowan
3a1279393f
Use distribution reference
Remove forked reference package. Use normalized named values
everywhere and familiar functions to convert back to familiar
strings for UX and storage compatibility.

Enforce that the source repository in the distribution metadata
is always a normalized string, ignore invalid values which are not.
Update distribution tests to use normalized values.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-02-07 11:08:37 -08:00
Derek McGowan
0421f5173d
Remove use of forked reference package for cli
Use resolving to repo info as the split point between the
legitimate reference package and forked reference package.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-01-19 16:04:50 -08:00
Yong Tang
8dadeaf8ea Return error when insecure registry contains scheme
While investigating 29936 I noticed one potential issue
in `LoadInsecureRegistries`.

The implementation of the func assumes that the format
of insecure registry should be `host:port` if not CIDR.
However, it is very common that user may incorrectly
provide a registry with a scheme (e.g, `http://myregistry.com:5000`)
Such a registry format with a scheme will cause docker pull to
always try https endpoint.

The reason is that the func of `isSecureIndex()` actually will
check for the map of the index server for `myregistry.com:5000`
while the insecure registry only has a record of `http://myregistry.com:5000`.
As a consequence, docker assumes that `myregistry.com:5000` is not
a insecure registry and will go ahead with https endpoint.

This fix addresses the issue by error out insecure registries with scheme.

A unit test has been added.

This fix is related to 29936.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2017-01-13 19:19:30 -08:00
allencloud
5b9348c553 support registry mirror config reload
Signed-off-by: allencloud <allen.sun@daocloud.io>
2017-01-04 11:04:00 +08:00
Derek McGowan
a12b466183
Add class to repository scope
Expose registry error translation for plugin distribution

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-21 22:18:50 -08:00
Noah Treuhaft
7ffb4ad81a
Disable v1 protocol for the default registry
All images in the default registry (AKA docker.io, index.docker.io, and
registry-1.docker.io) are available via the v2 protocol, so there's no
reason to use the v1 protocol.  Disabling it prevents useless fallbacks.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-11-11 00:23:25 -08:00
allencloud
582803f00a support insecure registry in configuration reload
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-10-20 07:54:31 +08:00
Michael Crosby
91e197d614 Add engine-api types to docker
This moves the types for the `engine-api` repo to the existing types
package.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2016-09-07 11:05:58 -07:00
Daniel Nephin
fb83394714 Convert dockerd to use cobra and pflag
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2016-08-25 13:09:03 -04:00
Stefan J. Wernli
adee28458c Fixing v2 registry restriction for non-linux platforms.
This fixes the hard coded restriction for non-linux platforms to v2 registries.  Previously, the check was above the flag parsing, which would overwrite the hard coded value and prevent correct operation.  This change also removes the related daemon flag from Windows to avoid confusion, as it has no meaning when the value is going to always be hard coded to true.

Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
2016-07-20 16:14:40 -07:00
Sebastiaan van Stijn
64a8317a5a Improve flag help consistency, and update docs
This adds the `--live-restore` option to the documentation.

Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-07-16 01:58:01 +02:00
allencloud
28d3c22e55 1.change validateNoSchema into validateNoScheme
2.change schema into scheme in docs and some annotations.

Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-03-31 12:29:15 +08:00
David Calavera
12c67f42d8 Merge pull request #21100 from aaronlehmann/remove-windows-specific-registry
Remove Windows-specific default registry definitions
2016-03-11 09:31:55 -08:00
Aaron Lehmann
87535ca2e9 Remove Windows-specific default registry definitions
Going forward, Docker won't use a different default registry on Windows.
This changes Windows to use the standard Docker Hub registry as the
default registry.

There is a plan in place to migrate existing images from the Windows
registry to Hub's normal registry, in advance of the 1.11 release. In
the mean time, images on the Windows registry can be accessed by
prefixing them with `registry-win-tp3.docker.io/`.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-10 18:33:14 -08:00
David Calavera
59586d02b1 Move registry service options to the daemon configuration.
Allowing to set their values in the daemon configuration file.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-10 11:53:11 -05:00
Derek McGowan
f2d481a299 Login update and endpoint refactor
Further differentiate the APIEndpoint used with V2 with the endpoint type which is only used for v1 registry interactions
Rename Endpoint to V1Endpoint and remove version ambiguity
Use distribution token handler for login

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-01 11:52:32 -08:00
Aaron Lehmann
79db131a35 Change APIEndpoint to contain the URL in a parsed format
This allows easier URL handling in code that uses APIEndpoint.
If we continued to store the URL unparsed, it would require redundant
parsing whenver we want to extract information from it. Also, parsing
the URL earlier should give improve validation.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-17 17:48:15 -08:00
David Calavera
907407d0b2 Modify import paths to point to the new engine-api package.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-06 19:48:59 -05:00
Richard Scothern
b18fadd115 Show the legacy registry flag only in the daemon arguments
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-01-04 14:52:39 -08:00
Tonis Tiigi
ffded61dad Update Named reference with validation of conversions
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Tonis Tiigi
2655954c2d Add own reference package wrapper
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Daniel Nephin
96c10098ac Move IndexInfo and ServiceConfig types to api/types/registry/registry.go
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-14 11:28:02 -05:00
Tonis Tiigi
4352da7803 Update daemon and docker core to use new content addressable storage
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.

Add v1 migration code.

Update registry, api/*, and daemon packages to use the reference
package's types where applicable.

Update daemon package to use image/layer/tag stores instead of the graph
package

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:25 -08:00
David Calavera
b665730d2c Make NormalizeLocalName to not reach the network to normalize names.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-11-17 03:31:32 -05:00