1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Commit graph

21 commits

Author SHA1 Message Date
Aaron Lehmann
65370be888 Send push information to trust code out-of-band
The trust code used to parse the console output of `docker push` to
extract the digest, tag, and size information and determine what to
sign. This is fragile and might give an attacker control over what gets
signed if the attacker can find a way to influence what gets printed as
part of the push output.

This commit sends the push metadata out-of-band. It introduces an `Aux`
field in JSONMessage that can carry application-specific data alongside
progress updates. Instead of parsing formatted output, the client looks
in this field to get the digest, size, and tag from the push.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 10:57:50 -08:00
David Calavera
907407d0b2 Modify import paths to point to the new engine-api package.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-06 19:48:59 -05:00
Tonis Tiigi
eeb2d4c1ad Clean up reference type switches
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:53 -08:00
Tonis Tiigi
2655954c2d Add own reference package wrapper
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Daniel Nephin
96c10098ac Move IndexInfo and ServiceConfig types to api/types/registry/registry.go
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-14 11:28:02 -05:00
Daniel Nephin
5b321e3287 Move AuthConfig to api/types
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-14 11:22:01 -05:00
Daniel Nephin
920ea13516 Refactor ResolveAuthConfig to remove the builder dependency on cli code.
registry.ResolveAuthConfig() only needs the AuthConfigs from the ConfigFile, so
this change passed just the AuthConfigs.

Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-11 19:31:24 -08:00
David Calavera
e78f02c4db Implement docker pull with standalone client lib.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-09 12:05:00 -05:00
Tonis Tiigi
4352da7803 Update daemon and docker core to use new content addressable storage
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.

Add v1 migration code.

Update registry, api/*, and daemon packages to use the reference
package's types where applicable.

Update daemon package to use image/layer/tag stores instead of the graph
package

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:25 -08:00
Lei Jitang
2b0927c9ac Use consistent command description
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-10-08 08:46:21 -04:00
Aaron Lehmann
d4836cd7ec Documentation improvements and code cleanups for graph package
Expand the godoc documentation for the graph package.

Centralize DefaultTag in the graphs/tag package instead of defining it
twice.

Remove some unnecessary "config" structs that are only used to pass
a few parameters to a function.

Simplify the GetParentsSize function - there's no reason for it to take
an accumulator argument.

Unexport some functions that aren't needed outside the package.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-30 14:27:10 -07:00
Derek McGowan
ed13c3abfb Use notary library for trusted image fetch and signing
Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest.
On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server.
If a tag is given, the cli will resolve the tag into a digest and pull by digest.
After pulling, if a tag is given the cli makes a request to tag the image.

Use certificate directory for notary requests

Read certificates using same logic used by daemon for registry requests.

Catch JSON syntax errors from Notary client

When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user.
Provide a generic error when a JSON syntax error occurs.

Catch expiration errors and wrap in additional context.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-24 14:08:20 -07:00
Tibor Vass
96ce3a194a cli: new daemon command and new cli package
This patch creates a new cli package that allows to combine both client
and daemon commands (there is only one daemon command: docker daemon).

The `-d` and `--daemon` top-level flags are deprecated and a special
message is added to prompt the user to use `docker daemon`.

Providing top-level daemon-specific flags for client commands result
in an error message prompting the user to use `docker daemon`.

This patch does not break any old but correct usages.

This also makes `-d` and `--daemon` flags, as well as the `daemon`
command illegal in client-only binaries.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-07-23 19:44:46 -04:00
Ma Shimiao
f38232b475 Unify docker commands' usage in man and help
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-07-02 10:33:26 +08:00
Josh Hawn
4cb0c93f92 api/client: Allow for multi-line usage help
Subcommands can provide multiple usage synopses.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-06-10 16:14:45 -07:00
John Howard
aed8f9f76e Windows: Build load.go
Signed-off-by: John Howard <jhoward@microsoft.com>
2015-05-12 14:26:57 -07:00
Doug Davis
18c9b6c645 Add .docker/config.json and support for HTTP Headers
This PR does the following:
- migrated ~/.dockerfg to ~/.docker/config.json. The data is migrated
  but the old file remains in case its needed
- moves the auth json in that fie into an "auth" property so we can add new
  top-level properties w/o messing with the auth stuff
- adds support for an HttpHeaders property in ~/.docker/config.json
  which adds these http headers to all msgs from the cli

In a follow-on PR I'll move the config file process out from under
"registry" since it not specific to that any more. I didn't do it here
because I wanted the diff to be smaller so people can make sure I didn't
break/miss any auth code during my edits.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-04-20 13:05:24 -07:00
Antonio Murdaca
5670c6c695 Refactor utils/flags.go, fixes #11892
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-03-29 03:22:46 +02:00
Don Kjer
6b2eeaf896 Fix for issue 9922: private registry search with auth returns 401
Signed-off-by: Don Kjer <don.kjer@gmail.com>
2015-03-26 18:59:16 +00:00
Peggy Li
b5d0380108 Add godoc-style docstrings to Cmd... methods
Signed-off-by: Peggy Li <peggyli.224@gmail.com>
2015-03-25 14:17:11 -07:00
Joey Gibson
58690c9cca api/client - The code for all cli commands are in one file #11610
Signed-off-by: Joey Gibson <joey@joeygibson.com>
2015-03-24 23:57:23 -04:00