This updates the vendored docker/distribution to the current master
branch.
Note the following changes:
- The manifest package was split into manifest/schema1. Most references
to the manifest package in the engine needed to be updated to use
schema1 instead.
- Validation functions in api/v2 were replaced by the
distribution/reference package. The engine code has been updated to
use the reference package for validation where necessary. A future PR
will change the engine to use the types defined in
distribution/reference more comprehensively.
- The reference package explicitly allows double _ characters in
repository names. registry_test.go was updated for this.
- TestPullFailsWithAlteredManifest was corrupting the manifest JSON, now
that the schema1 package unmarshals the correct payload. The test is
being changed to modify the JSON without affecting its length, which
allows the pull to succeed to the point where digest validation
happens.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Makes it possible to filter containers by image, using
--filter=ancestor=busybox and get all the container running busybox
image and image based on busybox (to the bottom).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
The process of pulling an image spawns a new goroutine for each layer in the
image manifest. If any of these downloads fail we would stop everything and
return the error, even though other goroutines would still be running and
writing output through a progress reader which is attached to an http response
writer. Since the request handler had already returned from the first error,
the http server panics when one of these download goroutines makes a write to
the response writer buffer.
This patch prevents this crash in the daemon http server by waiting for all of
the download goroutines to complete, even if one of them fails. Only then does
it return, terminating the request handler.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
We noticed a regression since the 1.7.1 patch after some refactoring. This
patch corrects the behavior and adds integration tests for modified manifest
and rootfs layer blobs.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest.
On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server.
If a tag is given, the cli will resolve the tag into a digest and pull by digest.
After pulling, if a tag is given the cli makes a request to tag the image.
Use certificate directory for notary requests
Read certificates using same logic used by daemon for registry requests.
Catch JSON syntax errors from Notary client
When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user.
Provide a generic error when a JSON syntax error occurs.
Catch expiration errors and wrap in additional context.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The intention of the user is to download a verified image if explicitly
pulling with a digest and falling back to v1 registry circumvents that
protection.
Signed-off-by: Nuutti Kotivuori <naked@iki.fi>
Since docker test suite is now using gocheck, ``defer
deleteContainer(…)`` is not needed anymore.
Fixes#12705
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Add ability to refer to an image by repository name and digest using the
format repository@digest. Works for pull, push, run, build, and rmi.
Signed-off-by: Andy Goldstein <agoldste@redhat.com>