Commit graph

18 commits

Author SHA1 Message Date
Antonio Murdaca
1b5c2e1d72 distribution: errors: do not access the errors slice if it's empty
- cherry-pick from 1.10.3 branch: 0186f4d422
- add token service test suite
- add integration test (missing in 1.10.3 branch)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-03-16 09:00:39 +01:00
Aaron Lehmann
7cf894ce10 Fix pulling images that contain no layers at all
The download manager assumed there was at least one layer involved in
all images. This can be false if the image is essentially a copy of
`scratch`.

Fix a nil pointer dereference that happened in this case. Add
integration tests that involve schema1 and schema2 manifests.

Fixes #21213

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-15 11:10:03 -07:00
Antonio Murdaca
44152144ca cliconfig: credentials: support getting all auths
docker build is broken because it sends to the daemon the full
cliconfig file which has only Email(s). This patch retrieves all auth
configs from the credentials store.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-03-02 17:48:56 +01:00
Ken Cochrane
aee260d4eb Remove email address field from login
This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server.

Signed-off-by: Ken Cochrane <kencochrane@gmail.com>
2016-02-29 17:53:27 -08:00
David Calavera
cf721c23e7 Client credentials store.
This change implements communication with an external credentials store,
ala git-credential-helper. The client falls back the plain text store,
what we're currently using, if there is no remote store configured.

It shells out to helper program when a credential store is
configured. Those programs can be implemented with any language as long as they
follow the convention to pass arguments and information.

There is an implementation for the OS X keychain in https://github.com/calavera/docker-credential-helpers.
That package also provides basic structure to create other helpers.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-29 13:01:31 -05:00
Tibor Vass
e8ce350669 Merge pull request #19424 from aaronlehmann/revert-multiple-pull-errors
Revert reporting of multiple pull errors
2016-01-19 09:51:54 -05:00
Aaron Lehmann
87338bf0fa Revert reporting of multiple pull errors
Revert the portions of #17617 that report all errors when a pull
falls back, and go back to just reporting the last error. This was nice
to have, but causes some UX issues because nonexistent images show
additional "unauthorized" errors.

Keep the part of the PR that handled ENOSPC, as this appears to work
even without tracking multiple errors.

Fixes #19419

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-18 15:49:08 -08:00
Stefan Scherer
4f339570cb Skip failing tests on ARM to get red/green feedback from Jenkins
Signed-off-by: Stefan Scherer <scherer_stefan@icloud.com>
2016-01-18 17:00:15 +01:00
Aaron Lehmann
ad6c1b7649 Add integration test for pulling a manifest list
The test injects a synthetic manifest list into the registry blob store,
since there isn't a tool for pushing them yet.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 17:27:31 -08:00
Aaron Lehmann
1fa2e31151 Build a pre-schema2 registry to test schema1 push/pull
Add DockerSchema1RegistrySuite which uses this registry, and make
applicable integration tests run as part of this suite.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 17:27:31 -08:00
Aaron Lehmann
9d6acbee92 When a manifest is not found, allow fallback to v1
PR #18590 caused compatibility issues with registries such as gcr.io
which support both the v1 and v2 protocols, but do not provide the same
set of images over both protocols. After #18590, pulls from these
registries would never use the v1 protocol, because of the
Docker-Distribution-Api-Version header indicating that v2 was supported.

Fix the problem by making an exception for the case where a manifest is
not found. This should allow fallback to v1 in case that image is
exposed over the v1 protocol but not the v2 protocol.

This avoids the overly aggressive fallback behavior before #18590 which
would allow protocol fallback after almost any error, but restores
interoperability with mixed v1/v2 registry setups.

Fixes #18832

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-21 18:19:38 -08:00
Antonio Murdaca
4c3c3fedf8 integration-cli: docker_cli_pull_local_test.go: remove not needed Commentf(s)
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2015-11-27 17:10:09 +01:00
Antonio Murdaca
a415b0c220 Merge pull request #18199 from aditirajagopal/16756-docker_cli_pull_local_test
Checkers on docker_cli_pull_local_test.go
2015-11-27 17:04:28 +01:00
Aditi Rajagopal
bc2682badc Checkers on docker_cli_pull_local_test.go
Applying #16756 to integration-cli/docker_cli_pull_local_test.go

Signed-off-by: Aditi Rajagopal <arajagopal@us.ibm.com>
2015-11-24 12:53:43 -05:00
Tonis Tiigi
4352da7803 Update daemon and docker core to use new content addressable storage
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.

Add v1 migration code.

Update registry, api/*, and daemon packages to use the reference
package's types where applicable.

Update daemon package to use image/layer/tag stores instead of the graph
package

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:25 -08:00
heartlock
dc9dd188cf update pull-local#16756
Signed-off-by: heartlock <21521209@zju.edu.cn>
2015-10-11 09:57:25 +08:00
Aaron Lehmann
23e68679f0 Fix race condition when waiting for a concurrent layer pull
Before, this only waited for the download to complete. There was no
guarantee that the layer had been registered in the graph and was ready
use. This is especially problematic with v2 pulls, which wait for all
downloads before extracting layers.

Change Broadcaster to allow an error value to be propagated from Close
to the waiters.

Make the wait stop when the extraction is finished, rather than just the
download.

This also fixes v2 layer downloads to prefix the pool key with "layer:"
instead of "img:". "img:" is the wrong prefix, because this is what v1
uses for entire images. A v1 pull waiting for one of these operations to
finish would only wait for that particular layer, not all its
dependencies.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-11 10:52:34 -07:00
Arnaud Porterie
f324f4851f Update image pull tests
Update and migrate existing tests to the `DockerHubPullSuite`. Most
tests were preserved, but refactored and made more exhaustive. One test
was deliberately removed (`TestPullVerified`) as it is unreliable and
that the feature was obsoleted by content trust.

Move all trust related tests to `docker_cli_pull_trusted_test.go`.

Move tests depending on a local registry to `docker_cli_pull_local_test.go`.

Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
2015-09-03 15:57:41 -07:00