1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Commit graph

10 commits

Author SHA1 Message Date
Brian Goff
d7a41325fa Un-export non-externally used functions
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2015-11-08 15:51:27 -05:00
Aaron Lehmann
257c59251b Vendor updated version of docker/distribution
This updates the vendored docker/distribution to the current master
branch.

Note the following changes:

- The manifest package was split into manifest/schema1. Most references
  to the manifest package in the engine needed to be updated to use
  schema1 instead.

- Validation functions in api/v2 were replaced by the
  distribution/reference package. The engine code has been updated to
  use the reference package for validation where necessary. A future PR
  will change the engine to use the types defined in
  distribution/reference more comprehensively.

- The reference package explicitly allows double _ characters in
  repository names. registry_test.go was updated for this.

- TestPullFailsWithAlteredManifest was corrupting the manifest JSON, now
  that the schema1 package unmarshals the correct payload. The test is
  being changed to modify the JSON without affecting its length, which
  allows the pull to succeed to the point where digest validation
  happens.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-11-02 12:40:18 -08:00
yuzou
5f59f52c14 In NewV2Repository, check the suffix of endpoint.URL and append 'v2' correctly.
Signed-off-by: yuzou <zouyu7@huawei.com>
2015-10-21 11:43:31 +08:00
Derek McGowan
f8ea4ad16d Increase ping timeout
Ensure v2 registries are given more than 5 seconds to return a ping and avoid an unnecessary fallback to v1.
Elevates log level about failed v2 ping to a warning to match the warning related to using v1 registries.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-10-16 15:34:35 -07:00
Aaron Lehmann
011bfd666e Unmarshal signed payload when pulling by digest
Add a unit test for validateManifest which ensures extra data can't be
injected by adding data to the JSON object outside the payload area.

This also removes validation of legacy signatures at pull time. This
starts the path of deprecating legacy signatures, whose presence in the
very JSON document they attempt to sign is problematic.  These
signatures were only checked for official images, and since they only
caused a weakly-worded message to be printed, removing the verification
should not cause impact.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-10-12 10:51:28 -07:00
xiekeyang
e451ddbf46 Fix: Docker Daemon didn't send actual actions client ask for to Token Server
The Docker Daemon should send actual actions client ask for to issue tokens,

not all the permissions that client is guaranteed.

Signed-off-by: xiekeyang <xiekeyang@huawei.com>
2015-08-30 16:40:26 +08:00
Aaron Lehmann
d4836cd7ec Documentation improvements and code cleanups for graph package
Expand the godoc documentation for the graph package.

Centralize DefaultTag in the graphs/tag package instead of defining it
twice.

Remove some unnecessary "config" structs that are only used to pass
a few parameters to a function.

Simplify the GetParentsSize function - there's no reason for it to take
an accumulator argument.

Unexport some functions that aren't needed outside the package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-30 14:27:10 -07:00
Srini Brahmaroutu
1d6e443119 /graph fix lin errors/warnings
Addresses #14756
Signed-off-by: Srini Brahmaroutu <srbrahma@us.ibm.com>
2015-07-29 20:59:36 +00:00
Derek McGowan
ed13c3abfb Use notary library for trusted image fetch and signing
Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest.
On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server.
If a tag is given, the cli will resolve the tag into a digest and pull by digest.
After pulling, if a tag is given the cli makes a request to tag the image.

Use certificate directory for notary requests

Read certificates using same logic used by daemon for registry requests.

Catch JSON syntax errors from Notary client

When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user.
Provide a generic error when a JSON syntax error occurs.

Catch expiration errors and wrap in additional context.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-24 14:08:20 -07:00
Derek McGowan
19515a7ad8 Update graph to use vendored distribution client for the v2 codepath
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Signed-off-by: Tibor Vass <tibor@docker.com>
2015-07-16 13:13:47 -04:00