The --allow-nondistributable-artifacts daemon option specifies
registries to which foreign layers should be pushed. (By default,
foreign layers are not pushed to registries.)
Additionally, to make this option effective, foreign layers are now
pulled from the registry if possible, falling back to the URLs in the
image manifest otherwise.
This option is useful when pushing images containing foreign layers to a
registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.
Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
If a reference passed to the pull code contains both a tag and a digest,
currently the tag is used instead of the digest in the request to the
registry. This is the wrong behavior. Change it to favor the digest.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
The diff id resolution currently relies on a stored mapping for
archive digest to diff id. This mapping could be derived from
the image configuration if the image configuration is available.
On linux the image config is pulled in parallel and may not be
available. On windows, however, it is always pulled first and can
be used to supplement the stored mapping for images which may not
have this mapping from being side loaded. This becomes useful when
combined with side loaded foreign layers.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Without this fix the error the client might see is:
target is unknown
which wasn't helpful to me when I saw this today. With this fix I
now see:
MediaType is unknown: 'text/html'
which helped me track down the issue to the registry I was talking to.
Signed-off-by: Doug Davis <dug@us.ibm.com>
Per request for more debug info on how the engine deals with
multi-platform "manifest list" images, this adds information about the
manifest list entries and whether it found an os/arch match, and the
digest of the match.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Fallback errors are not an error, but an
informational message.
This changes those errors to be logged
as "Info" instead of "Error".
After this patch, debug logs look like this;
DEBU[0050] Calling GET /_ping
DEBU[0050] Calling POST /v1.27/images/create?fromImage=localhost%3A5000%2Ffoo&tag=latest
DEBU[0050] Trying to pull localhost:5000/foo from https://localhost:5000 v2
WARN[0050] Error getting v2 registry: Get https://localhost:5000/v2/: http: server gave HTTP response to HTTPS client
INFO[0050] Attempting next endpoint for pull after error: Get https://localhost:5000/v2/: http: server gave HTTP response to HTTPS client
DEBU[0050] Trying to pull localhost:5000/foo from http://localhost:5000 v2
INFO[0050] Attempting next endpoint for pull after error: manifest unknown: manifest unknown
DEBU[0050] Trying to pull localhost:5000/foo from https://localhost:5000 v1
DEBU[0050] attempting v1 ping for registry endpoint https://localhost:5000/v1/
DEBU[0050] Fallback from error: Get https://localhost:5000/v1/_ping: http: server gave HTTP response to HTTPS client
INFO[0050] Attempting next endpoint for pull after error: Get https://localhost:5000/v1/_ping: http: server gave HTTP response to HTTPS client
DEBU[0050] Trying to pull localhost:5000/foo from http://localhost:5000 v1
DEBU[0050] [registry] Calling GET http://localhost:5000/v1/repositories/foo/images
ERRO[0050] Not continuing with pull after error: Error: image foo:latest not found
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Remove forked reference package. Use normalized named values
everywhere and familiar functions to convert back to familiar
strings for UX and storage compatibility.
Enforce that the source repository in the distribution metadata
is always a normalized string, ignore invalid values which are not.
Update distribution tests to use normalized values.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Use resolving to repo info as the split point between the
legitimate reference package and forked reference package.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
As noted by #30083, the new strict checking of mediatypes misses some
cases where earlier bugs caused nonstandard mediatypes to be stored in
manifests. Two of the known cases are text/html and application/json,
which were returned by certain registries and stored by earlier versions
of Docker. Add special cases for text/html and application/json.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This patch fixed below 4 types of code line
1. Remove unnecessary variable assignment
2. Use variables declaration instead of explicit initial zero value
3. Change variable name to underbar when variable not used
4. Add erro check and return for ignored error
Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>
When storeLayer.Parent returns the parent layer, it needs to use the same logic as Get where it wraps in a describablyStoreLayer if the layer is describable. Otherwise, on Windows, this can result in pushing the foreign layers, which is not supposed to be allowed.
This fixes https://github.com/docker/docker/issues/30080.
Signed-off-by: Stefan J. Wernli <swernli@microsoft.com>
The `digest` data type, used throughout docker for image verification
and identity, has been broken out into `opencontainers/go-digest`. This
PR updates the dependencies and moves uses over to the new type.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
- Make it possible to define a shorter waiting time of httputils
- Make a small hack to reduce the waiting time on distribution/xfer
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Ke Li <kel@splunk.com>
Add missing changes
Signed-off-by: Ke Li <kel@splunk.com>
User errors.New to create error
Signed-off-by: Ke Li <kel@splunk.com>
Move plugins to shared distribution stack with images.
Create immutable plugin config that matches schema2 requirements.
Ensure data being pushed is same as pulled/created.
Store distribution artifacts in a blobstore.
Run init layer setup for every plugin start.
Fix breakouts from unsafe file accesses.
Add support for `docker plugin install --alias`
Uses normalized references for default names to avoid collisions when using default hosts/tags.
Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: liwenqi <vikilwq@zju.edu.cn>
update some files in the folder of distribution/xfer
Signed-off-by: liwenqi <vikilwq@zju.edu.cn>
correct again
Signed-off-by: liwenqi <vikilwq@zju.edu.cn>
Move configurations into a single file.
Abstract download manager in pull config.
Add supports for schema2 only and schema2 type checking.
Add interface for providing push layers.
Abstract image store to generically handle configurations.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
When building a manifest during a push operation, all layers must have
an associated descriptor. If a layer is missing a descriptor, that leads
to a panic.
A break inside a switch in layerAlreadyExists meant to break from the
loop surrounding the switch, but instead breaks from the switch. This
causes the loop to continue, and can overwrite the descriptor with an
empty one, leading to the panic.
Also, fix layerAlreadyExists not to abort the push when a speculative
stat on a candidate layer digest fails with an error. This could happen
in situations like a potential cross-repository mount where the user
does not have permission to access the source repository.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Modified newV1DependencyImage and generateDependencyImages not to return
errors instead of always return nil.
Signed-off-by: Daehyeok Mun <daehyeok@gmail.com>