1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Commit graph

25 commits

Author SHA1 Message Date
David Calavera
cf721c23e7 Client credentials store.
This change implements communication with an external credentials store,
ala git-credential-helper. The client falls back the plain text store,
what we're currently using, if there is no remote store configured.

It shells out to helper program when a credential store is
configured. Those programs can be implemented with any language as long as they
follow the convention to pass arguments and information.

There is an implementation for the OS X keychain in https://github.com/calavera/docker-credential-helpers.
That package also provides basic structure to create other helpers.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-29 13:01:31 -05:00
David Calavera
fe53be4e17 Apply context changes to the client.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-02-04 13:59:57 -05:00
Aaron Lehmann
ff17cd0bf0 Introduce a client-side version of resolveAuthConfig
This is similar to the version in the registry package, but uses the
daemon's default index (as opposed to the default for the client's
platform) if using the "official index".

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-02-03 11:01:29 -08:00
Aaron Lehmann
65370be888 Send push information to trust code out-of-band
The trust code used to parse the console output of `docker push` to
extract the digest, tag, and size information and determine what to
sign. This is fragile and might give an attacker control over what gets
signed if the attacker can find a way to influence what gets printed as
part of the push output.

This commit sends the push metadata out-of-band. It introduces an `Aux`
field in JSONMessage that can carry application-specific data alongside
progress updates. Instead of parsing formatted output, the client looks
in this field to get the digest, size, and tag from the push.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 10:57:50 -08:00
David Calavera
907407d0b2 Modify import paths to point to the new engine-api package.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2016-01-06 19:48:59 -05:00
Tonis Tiigi
2655954c2d Add own reference package wrapper
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-12-16 11:58:52 -08:00
Jess Frazelle
adf1ffd53b Merge pull request #18416 from toli/disable-official-repo-check-in-push
Removing the restriction to push to an 'official' repo
2015-12-15 08:52:36 -08:00
Daniel Nephin
96c10098ac Move IndexInfo and ServiceConfig types to api/types/registry/registry.go
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-14 11:28:02 -05:00
Daniel Nephin
5b321e3287 Move AuthConfig to api/types
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-14 11:22:01 -05:00
toli
0d824c760e Removing the restriction to push to a 'official' repo
Signed-off-by: toli <toli@docker.com>
2015-12-14 07:45:00 -08:00
Daniel Nephin
920ea13516 Refactor ResolveAuthConfig to remove the builder dependency on cli code.
registry.ResolveAuthConfig() only needs the AuthConfigs from the ConfigFile, so
this change passed just the AuthConfigs.

Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2015-12-11 19:31:24 -08:00
David Calavera
42670e30ee Implement docker push with standalone client lib.
Signed-off-by: David Calavera <david.calavera@gmail.com>
2015-12-09 12:05:00 -05:00
Tonis Tiigi
4352da7803 Update daemon and docker core to use new content addressable storage
Add distribution package for managing pulls and pushes. This is based on
the old code in the graph package, with major changes to work with the
new image/layer model.

Add v1 migration code.

Update registry, api/*, and daemon packages to use the reference
package's types where applicable.

Update daemon package to use image/layer/tag stores instead of the graph
package

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2015-11-24 09:40:25 -08:00
Lei Jitang
2b0927c9ac Use consistent command description
Signed-off-by: Lei Jitang <leijitang@huawei.com>
2015-10-08 08:46:21 -04:00
Derek McGowan
ed13c3abfb Use notary library for trusted image fetch and signing
Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest.
On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server.
If a tag is given, the cli will resolve the tag into a digest and pull by digest.
After pulling, if a tag is given the cli makes a request to tag the image.

Use certificate directory for notary requests

Read certificates using same logic used by daemon for registry requests.

Catch JSON syntax errors from Notary client

When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user.
Provide a generic error when a JSON syntax error occurs.

Catch expiration errors and wrap in additional context.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-24 14:08:20 -07:00
Tibor Vass
96ce3a194a cli: new daemon command and new cli package
This patch creates a new cli package that allows to combine both client
and daemon commands (there is only one daemon command: docker daemon).

The `-d` and `--daemon` top-level flags are deprecated and a special
message is added to prompt the user to use `docker daemon`.

Providing top-level daemon-specific flags for client commands result
in an error message prompting the user to use `docker daemon`.

This patch does not break any old but correct usages.

This also makes `-d` and `--daemon` flags, as well as the `daemon`
command illegal in client-only binaries.

Signed-off-by: Tibor Vass <tibor@docker.com>
2015-07-23 19:44:46 -04:00
Ma Shimiao
9a4cbb358d api/client: unify format of args check
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-07-08 17:29:47 +08:00
Ma Shimiao
f38232b475 Unify docker commands' usage in man and help
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
2015-07-02 10:33:26 +08:00
Josh Hawn
4cb0c93f92 api/client: Allow for multi-line usage help
Subcommands can provide multiple usage synopses.

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
2015-06-10 16:14:45 -07:00
Doug Davis
bb9da6ba92 Move CLI config processing out from under registry dir
No logic changes should be in here, just moving things around.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-04-23 10:18:38 -07:00
Doug Davis
18c9b6c645 Add .docker/config.json and support for HTTP Headers
This PR does the following:
- migrated ~/.dockerfg to ~/.docker/config.json. The data is migrated
  but the old file remains in case its needed
- moves the auth json in that fie into an "auth" property so we can add new
  top-level properties w/o messing with the auth stuff
- adds support for an HttpHeaders property in ~/.docker/config.json
  which adds these http headers to all msgs from the cli

In a follow-on PR I'll move the config file process out from under
"registry" since it not specific to that any more. I didn't do it here
because I wanted the diff to be smaller so people can make sure I didn't
break/miss any auth code during my edits.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-04-20 13:05:24 -07:00
Antonio Murdaca
5670c6c695 Refactor utils/flags.go, fixes #11892
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-03-29 03:22:46 +02:00
Don Kjer
6b2eeaf896 Fix for issue 9922: private registry search with auth returns 401
Signed-off-by: Don Kjer <don.kjer@gmail.com>
2015-03-26 18:59:16 +00:00
Peggy Li
b5d0380108 Add godoc-style docstrings to Cmd... methods
Signed-off-by: Peggy Li <peggyli.224@gmail.com>
2015-03-25 14:17:11 -07:00
Joey Gibson
58690c9cca api/client - The code for all cli commands are in one file #11610
Signed-off-by: Joey Gibson <joey@joeygibson.com>
2015-03-24 23:57:23 -04:00