1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Commit graph

16 commits

Author SHA1 Message Date
Noah Treuhaft
67fdf574d5 Add daemon option to push foreign layers
The --allow-nondistributable-artifacts daemon option specifies
registries to which foreign layers should be pushed.  (By default,
foreign layers are not pushed to registries.)

Additionally, to make this option effective, foreign layers are now
pulled from the registry if possible, falling back to the URLs in the
image manifest otherwise.

This option is useful when pushing images containing foreign layers to a
registry on an air-gapped network so hosts on that network can pull the
images without connecting to another server.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2017-05-16 14:36:36 -07:00
Noah Treuhaft
7ffb4ad81a
Disable v1 protocol for the default registry
All images in the default registry (AKA docker.io, index.docker.io, and
registry-1.docker.io) are available via the v2 protocol, so there's no
reason to use the v1 protocol.  Disabling it prevents useless fallbacks.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-11-11 00:23:25 -08:00
allencloud
582803f00a support insecure registry in configuration reload
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-10-20 07:54:31 +08:00
Tonis Tiigi
7a8c7b47cf Fix govet for go1.7
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2016-09-02 19:07:54 -07:00
Vincent Demeester
636c276f67
Add Unit test to daemon.SearchRegistryForImages…
… and refactor a little bit some daemon on the way.

- Move `SearchRegistryForImages` to a new file (`daemon/search.go`) as
  `daemon.go` is getting pretty big.
- `registry.Service` is now an interface (allowing us to decouple it a
  little bit and thus unit test easily).
- Add some unit test for `SearchRegistryForImages`.
- Use UniqueExactMatch for search filters
- And use empty restore id for now in client.ContainerStart.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2016-05-24 11:07:11 +02:00
Vincent Demeester
b9361f02da Merge pull request #20970 from dmcgowan/login-oauth
OAuth support for registries
2016-03-14 15:49:44 +01:00
David Calavera
59586d02b1 Move registry service options to the daemon configuration.
Allowing to set their values in the daemon configuration file.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-03-10 11:53:11 -05:00
Derek McGowan
e896d1d7c4 Add support for identity token with token handler
Use token handler options for initialization.
Update auth endpoint to set identity token in response.
Update credential store to match distribution interface changes.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-03-09 13:47:57 -08:00
Derek McGowan
f2d481a299 Login update and endpoint refactor
Further differentiate the APIEndpoint used with V2 with the endpoint type which is only used for v1 registry interactions
Rename Endpoint to V1Endpoint and remove version ambiguity
Use distribution token handler for login

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-01 11:52:32 -08:00
Aaron Lehmann
79db131a35 Change APIEndpoint to contain the URL in a parsed format
This allows easier URL handling in code that uses APIEndpoint.
If we continued to store the URL unparsed, it would require redundant
parsing whenver we want to extract information from it. Also, parsing
the URL earlier should give improve validation.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-17 17:48:15 -08:00
David Calavera
8e034802b7 Remove usage of pkg sockets and tlsconfig.
- Use the ones provided by docker/go-connections, they are a drop in replacement.
- Remove pkg/sockets from docker.
- Keep pkg/tlsconfig because libnetwork still needs it and there is a
  circular dependency issue.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-29 19:27:12 -05:00
Aaron Lehmann
a57478d65f Do not fall back to the V1 protocol when we know we are talking to a V2 registry
If we detect a Docker-Distribution-Api-Version header indicating that
the registry speaks the V2 protocol, no fallback to V1 should take
place.

The same applies if a V2 registry operation succeeds while attempting a
push or pull.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-16 15:02:03 -08:00
Tonis Tiigi
ffded61dad Update Named reference with validation of conversions
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Tonis Tiigi
2655954c2d Add own reference package wrapper
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Tonis Tiigi
4352da7803 Update daemon and docker core to use new content addressable storage
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.

Add v1 migration code.

Update registry, api/*, and daemon packages to use the reference
package's types where applicable.

Update daemon package to use image/layer/tag stores instead of the graph
package

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:25 -08:00
Richard Scothern
39f2f15a35 Prevent push and pull to v1 registries by filtering the available endpoints.
Add a daemon flag to control this behaviour.  Add a warning message when pulling
an image from a v1 registry.  The default order of pull is slightly altered
with this changset.

Previously it was:
https v2, https v1, http v2, http v1

now it is:
https v2, http v2, https v1, http v1

Prevent login to v1 registries by explicitly setting the version before ping to
prevent fallback to v1.

Add unit tests for v2 only mode.  Create a mock server that can register
handlers for various endpoints.  Assert no v1 endpoints are hit with legacy
registries disabled for the following commands:  pull, push, build, run and
login.  Assert the opposite when legacy registries are not disabled.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-09-25 15:59:42 -07:00