TrueCloudLab/distribution
13
0
Fork 3
Code Issues 3 Pull requests Projects Releases 2 Packages Wiki Activity Actions
distribution/registry/storage/manifeststore.go

136 lines
3.8 KiB
Go
Raw Normal View History

Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
package storage
import (
"fmt"
Move layer interface definitions to distribution package After consideration, it has been decided that the interfaces defined in the storage package provide a good base for interacting with various registry instances. Whether interacting with a remote API or a local, on-disk registry, these types have proved flexible. By moving them here, they can become the central components of interacting with distribution components. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-12 00:49:49 +00:00
"github.com/docker/distribution"
Integrate context with storage package This changeset integrates context with the storage package. Debug messages have been added to exported methods. Existing log messages will now include contextual details through logger fields to aid in debugging. This integration focuses on logging and may be followed up with a metric-oriented change in the future. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-09 22:44:58 +00:00
ctxu "github.com/docker/distribution/context"
Move manifest to discrete package Because manifests and their signatures are a discrete component of the registry, we are moving the definitions into a separate package. This causes us to lose some test coverage, but we can fill this in shortly. No changes have been made to the external interfaces, but they are likely to come. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 21:21:29 +00:00
"github.com/docker/distribution/manifest"
Rich error reporting for manifest push To provide rich error reporting during manifest pushes, the storage layers verifyManifest stage has been modified to provide the necessary granularity. Along with this comes with a partial shift to explicit error types, which represents a small move in larger refactoring of error handling. Signature methods from libtrust have been added to the various Manifest types to clean up the verification code. A primitive deletion implementation for manifests has been added. It only deletes the manifest file and doesn't attempt to add some of the richer features request, such as layer cleanup.
2014-11-26 20:52:52 +00:00
"github.com/docker/libtrust"
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
)
type manifestStore struct {
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
repository *repository
Refactor storage to use new backend layout This change refactors the storage backend to use the new path layout. To facilitate this, manifest storage has been separated into a revision store and tag store, supported by a more general blob store. The blob store is a hybrid object, effectively providing both small object access, keyed by content address, as well as methods that can be used to manage and traverse links to underlying blobs. This covers common operations used in the revision store and tag store, such as linking and traversal. The blob store can also be updated to better support layer reading but this refactoring has been left for another day. The revision store and tag store support the manifest store's compound view of data. These underlying stores provide facilities for richer access models, such as content-addressable access and a richer tagging model. The highlight of this change is the ability to sign a manifest from different hosts and have the registry merge and serve those signatures as part of the manifest package. Various other items, such as the delegate layer handler, were updated to more directly use the blob store or other mechanism to fit with the changes. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-14 20:02:43 +00:00
revisionStore *revisionStore
tagStore *tagStore
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
}
Move layer interface definitions to distribution package After consideration, it has been decided that the interfaces defined in the storage package provide a good base for interacting with various registry instances. Whether interacting with a remote API or a local, on-disk registry, these types have proved flexible. By moving them here, they can become the central components of interacting with distribution components. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-12 00:49:49 +00:00
var _ distribution.ManifestService = &manifestStore{}
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
// func (ms *manifestStore) Repository() Repository {
// return ms.repository
// }
func (ms *manifestStore) Tags() ([]string, error) {
Integrate context with storage package This changeset integrates context with the storage package. Debug messages have been added to exported methods. Existing log messages will now include contextual details through logger fields to aid in debugging. This integration focuses on logging and may be followed up with a metric-oriented change in the future. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-09 22:44:58 +00:00
ctxu.GetLogger(ms.repository.ctx).Debug("(*manifestStore).Tags")
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
return ms.tagStore.tags()
Implement Tags method on ManifestService
2014-12-09 19:06:51 +00:00
}
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
func (ms *manifestStore) Exists(tag string) (bool, error) {
Integrate context with storage package This changeset integrates context with the storage package. Debug messages have been added to exported methods. Existing log messages will now include contextual details through logger fields to aid in debugging. This integration focuses on logging and may be followed up with a metric-oriented change in the future. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-09 22:44:58 +00:00
ctxu.GetLogger(ms.repository.ctx).Debug("(*manifestStore).Exists")
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
return ms.tagStore.exists(tag)
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
}
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
func (ms *manifestStore) Get(tag string) (*manifest.SignedManifest, error) {
Integrate context with storage package This changeset integrates context with the storage package. Debug messages have been added to exported methods. Existing log messages will now include contextual details through logger fields to aid in debugging. This integration focuses on logging and may be followed up with a metric-oriented change in the future. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-09 22:44:58 +00:00
ctxu.GetLogger(ms.repository.ctx).Debug("(*manifestStore).Get")
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
dgst, err := ms.tagStore.resolve(tag)
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
if err != nil {
return nil, err
}
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
return ms.revisionStore.get(dgst)
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
}
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
func (ms *manifestStore) Put(tag string, manifest *manifest.SignedManifest) error {
Integrate context with storage package This changeset integrates context with the storage package. Debug messages have been added to exported methods. Existing log messages will now include contextual details through logger fields to aid in debugging. This integration focuses on logging and may be followed up with a metric-oriented change in the future. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-09 22:44:58 +00:00
ctxu.GetLogger(ms.repository.ctx).Debug("(*manifestStore).Put")
Add payload and signatures method to SignedManifest To provide easier access to digestible content, the paylaod has been made accessible on the signed manifest type. This hides the specifics of the interaction with libtrust with the caveat that signatures may be parsed twice. We'll have to have a future look at the interface for manifest as we may be making problematic architectural decisions. We'll visit this after the initial release. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-28 22:54:09 +00:00
// TODO(stevvooe): Add check here to see if the revision is already
// present in the repository. If it is, we should merge the signatures, do
// a shallow verify (or a full one, doesn't matter) and return an error
// indicating what happened.
Refactor storage to use new backend layout This change refactors the storage backend to use the new path layout. To facilitate this, manifest storage has been separated into a revision store and tag store, supported by a more general blob store. The blob store is a hybrid object, effectively providing both small object access, keyed by content address, as well as methods that can be used to manage and traverse links to underlying blobs. This covers common operations used in the revision store and tag store, such as linking and traversal. The blob store can also be updated to better support layer reading but this refactoring has been left for another day. The revision store and tag store support the manifest store's compound view of data. These underlying stores provide facilities for richer access models, such as content-addressable access and a richer tagging model. The highlight of this change is the ability to sign a manifest from different hosts and have the registry merge and serve those signatures as part of the manifest package. Various other items, such as the delegate layer handler, were updated to more directly use the blob store or other mechanism to fit with the changes. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-14 20:02:43 +00:00
// Verify the manifest.
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
if err := ms.verifyManifest(tag, manifest); err != nil {
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
return err
}
Refactor storage to use new backend layout This change refactors the storage backend to use the new path layout. To facilitate this, manifest storage has been separated into a revision store and tag store, supported by a more general blob store. The blob store is a hybrid object, effectively providing both small object access, keyed by content address, as well as methods that can be used to manage and traverse links to underlying blobs. This covers common operations used in the revision store and tag store, such as linking and traversal. The blob store can also be updated to better support layer reading but this refactoring has been left for another day. The revision store and tag store support the manifest store's compound view of data. These underlying stores provide facilities for richer access models, such as content-addressable access and a richer tagging model. The highlight of this change is the ability to sign a manifest from different hosts and have the registry merge and serve those signatures as part of the manifest package. Various other items, such as the delegate layer handler, were updated to more directly use the blob store or other mechanism to fit with the changes. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-14 20:02:43 +00:00
// Store the revision of the manifest
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
revision, err := ms.revisionStore.put(manifest)
Refactor storage to use new backend layout This change refactors the storage backend to use the new path layout. To facilitate this, manifest storage has been separated into a revision store and tag store, supported by a more general blob store. The blob store is a hybrid object, effectively providing both small object access, keyed by content address, as well as methods that can be used to manage and traverse links to underlying blobs. This covers common operations used in the revision store and tag store, such as linking and traversal. The blob store can also be updated to better support layer reading but this refactoring has been left for another day. The revision store and tag store support the manifest store's compound view of data. These underlying stores provide facilities for richer access models, such as content-addressable access and a richer tagging model. The highlight of this change is the ability to sign a manifest from different hosts and have the registry merge and serve those signatures as part of the manifest package. Various other items, such as the delegate layer handler, were updated to more directly use the blob store or other mechanism to fit with the changes. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-14 20:02:43 +00:00
if err != nil {
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
return err
}
Refactor storage to use new backend layout This change refactors the storage backend to use the new path layout. To facilitate this, manifest storage has been separated into a revision store and tag store, supported by a more general blob store. The blob store is a hybrid object, effectively providing both small object access, keyed by content address, as well as methods that can be used to manage and traverse links to underlying blobs. This covers common operations used in the revision store and tag store, such as linking and traversal. The blob store can also be updated to better support layer reading but this refactoring has been left for another day. The revision store and tag store support the manifest store's compound view of data. These underlying stores provide facilities for richer access models, such as content-addressable access and a richer tagging model. The highlight of this change is the ability to sign a manifest from different hosts and have the registry merge and serve those signatures as part of the manifest package. Various other items, such as the delegate layer handler, were updated to more directly use the blob store or other mechanism to fit with the changes. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-14 20:02:43 +00:00
// Now, tag the manifest
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
return ms.tagStore.tag(tag, revision)
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
}
Refactor storage to use new backend layout This change refactors the storage backend to use the new path layout. To facilitate this, manifest storage has been separated into a revision store and tag store, supported by a more general blob store. The blob store is a hybrid object, effectively providing both small object access, keyed by content address, as well as methods that can be used to manage and traverse links to underlying blobs. This covers common operations used in the revision store and tag store, such as linking and traversal. The blob store can also be updated to better support layer reading but this refactoring has been left for another day. The revision store and tag store support the manifest store's compound view of data. These underlying stores provide facilities for richer access models, such as content-addressable access and a richer tagging model. The highlight of this change is the ability to sign a manifest from different hosts and have the registry merge and serve those signatures as part of the manifest package. Various other items, such as the delegate layer handler, were updated to more directly use the blob store or other mechanism to fit with the changes. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-14 20:02:43 +00:00
// Delete removes all revisions of the given tag. We may want to change these
// semantics in the future, but this will maintain consistency. The underlying
// blobs are left alone.
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
func (ms *manifestStore) Delete(tag string) error {
Integrate context with storage package This changeset integrates context with the storage package. Debug messages have been added to exported methods. Existing log messages will now include contextual details through logger fields to aid in debugging. This integration focuses on logging and may be followed up with a metric-oriented change in the future. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-09 22:44:58 +00:00
ctxu.GetLogger(ms.repository.ctx).Debug("(*manifestStore).Delete")
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
revisions, err := ms.tagStore.revisions(tag)
Rich error reporting for manifest push To provide rich error reporting during manifest pushes, the storage layers verifyManifest stage has been modified to provide the necessary granularity. Along with this comes with a partial shift to explicit error types, which represents a small move in larger refactoring of error handling. Signature methods from libtrust have been added to the various Manifest types to clean up the verification code. A primitive deletion implementation for manifests has been added. It only deletes the manifest file and doesn't attempt to add some of the richer features request, such as layer cleanup.
2014-11-26 20:52:52 +00:00
if err != nil {
return err
}
Refactor storage to use new backend layout This change refactors the storage backend to use the new path layout. To facilitate this, manifest storage has been separated into a revision store and tag store, supported by a more general blob store. The blob store is a hybrid object, effectively providing both small object access, keyed by content address, as well as methods that can be used to manage and traverse links to underlying blobs. This covers common operations used in the revision store and tag store, such as linking and traversal. The blob store can also be updated to better support layer reading but this refactoring has been left for another day. The revision store and tag store support the manifest store's compound view of data. These underlying stores provide facilities for richer access models, such as content-addressable access and a richer tagging model. The highlight of this change is the ability to sign a manifest from different hosts and have the registry merge and serve those signatures as part of the manifest package. Various other items, such as the delegate layer handler, were updated to more directly use the blob store or other mechanism to fit with the changes. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-14 20:02:43 +00:00
for _, revision := range revisions {
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
if err := ms.revisionStore.delete(revision); err != nil {
Rich error reporting for manifest push To provide rich error reporting during manifest pushes, the storage layers verifyManifest stage has been modified to provide the necessary granularity. Along with this comes with a partial shift to explicit error types, which represents a small move in larger refactoring of error handling. Signature methods from libtrust have been added to the various Manifest types to clean up the verification code. A primitive deletion implementation for manifests has been added. It only deletes the manifest file and doesn't attempt to add some of the richer features request, such as layer cleanup.
2014-11-26 20:52:52 +00:00
return err
}
}
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
return ms.tagStore.delete(tag)
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
}
Refactor storage to use new backend layout This change refactors the storage backend to use the new path layout. To facilitate this, manifest storage has been separated into a revision store and tag store, supported by a more general blob store. The blob store is a hybrid object, effectively providing both small object access, keyed by content address, as well as methods that can be used to manage and traverse links to underlying blobs. This covers common operations used in the revision store and tag store, such as linking and traversal. The blob store can also be updated to better support layer reading but this refactoring has been left for another day. The revision store and tag store support the manifest store's compound view of data. These underlying stores provide facilities for richer access models, such as content-addressable access and a richer tagging model. The highlight of this change is the ability to sign a manifest from different hosts and have the registry merge and serve those signatures as part of the manifest package. Various other items, such as the delegate layer handler, were updated to more directly use the blob store or other mechanism to fit with the changes. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-14 20:02:43 +00:00
// verifyManifest ensures that the manifest content is valid from the
// perspective of the registry. It ensures that the name and tag match and
// that the signature is valid for the enclosed payload. As a policy, the
// registry only tries to store valid content, leaving trust policies of that
// content up to consumers.
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
func (ms *manifestStore) verifyManifest(tag string, mnfst *manifest.SignedManifest) error {
Add error return to Repository method on Registry The method (Registry).Repository may now return an error. This is too allow certain implementationt to validate the name or opt to not return a repository under certain conditions. In conjunction with this change, error declarations have been moved into a single file in the distribution package. Several error declarations that had remained in the storage package have been moved into distribution, as well. The declarations for Layer and LayerUpload have also been moved into the main registry file, as a result. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-13 21:59:50 +00:00
var errs distribution.ErrManifestVerification
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
if mnfst.Name != ms.repository.Name() {
Cleanup image verification error handling This diff removes a few early outs that caused errors to be unreported and catches a missed error case for signature verification from libtrust. More work needs to be done around ensuring consistent error handling but this is enough to make the API work correctly.
2014-12-02 00:13:01 +00:00
// TODO(stevvooe): This needs to be an exported error
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
errs = append(errs, fmt.Errorf("repository name does not match manifest name"))
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
}
Decouple manifest signing and verification It was probably ill-advised to couple manifest signing and verification to their respective types. This changeset simply changes them from methods to functions. These might not even be in this package in the future. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 23:46:47 +00:00
if mnfst.Tag != tag {
Cleanup image verification error handling This diff removes a few early outs that caused errors to be unreported and catches a missed error case for signature verification from libtrust. More work needs to be done around ensuring consistent error handling but this is enough to make the API work correctly.
2014-12-02 00:13:01 +00:00
// TODO(stevvooe): This needs to be an exported error.
errs = append(errs, fmt.Errorf("tag does not match manifest tag"))
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
}
Decouple manifest signing and verification It was probably ill-advised to couple manifest signing and verification to their respective types. This changeset simply changes them from methods to functions. These might not even be in this package in the future. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 23:46:47 +00:00
if _, err := manifest.Verify(mnfst); err != nil {
Rich error reporting for manifest push To provide rich error reporting during manifest pushes, the storage layers verifyManifest stage has been modified to provide the necessary granularity. Along with this comes with a partial shift to explicit error types, which represents a small move in larger refactoring of error handling. Signature methods from libtrust have been added to the various Manifest types to clean up the verification code. A primitive deletion implementation for manifests has been added. It only deletes the manifest file and doesn't attempt to add some of the richer features request, such as layer cleanup.
2014-11-26 20:52:52 +00:00
switch err {
case libtrust.ErrMissingSignatureKey, libtrust.ErrInvalidJSONContent, libtrust.ErrMissingSignatureKey:
Add error return to Repository method on Registry The method (Registry).Repository may now return an error. This is too allow certain implementationt to validate the name or opt to not return a repository under certain conditions. In conjunction with this change, error declarations have been moved into a single file in the distribution package. Several error declarations that had remained in the storage package have been moved into distribution, as well. The declarations for Layer and LayerUpload have also been moved into the main registry file, as a result. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-13 21:59:50 +00:00
errs = append(errs, distribution.ErrManifestUnverified{})
Rich error reporting for manifest push To provide rich error reporting during manifest pushes, the storage layers verifyManifest stage has been modified to provide the necessary granularity. Along with this comes with a partial shift to explicit error types, which represents a small move in larger refactoring of error handling. Signature methods from libtrust have been added to the various Manifest types to clean up the verification code. A primitive deletion implementation for manifests has been added. It only deletes the manifest file and doesn't attempt to add some of the richer features request, such as layer cleanup.
2014-11-26 20:52:52 +00:00
default:
Cleanup image verification error handling This diff removes a few early outs that caused errors to be unreported and catches a missed error case for signature verification from libtrust. More work needs to be done around ensuring consistent error handling but this is enough to make the API work correctly.
2014-12-02 00:13:01 +00:00
if err.Error() == "invalid signature" { // TODO(stevvooe): This should be exported by libtrust
Add error return to Repository method on Registry The method (Registry).Repository may now return an error. This is too allow certain implementationt to validate the name or opt to not return a repository under certain conditions. In conjunction with this change, error declarations have been moved into a single file in the distribution package. Several error declarations that had remained in the storage package have been moved into distribution, as well. The declarations for Layer and LayerUpload have also been moved into the main registry file, as a result. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-13 21:59:50 +00:00
errs = append(errs, distribution.ErrManifestUnverified{})
Cleanup image verification error handling This diff removes a few early outs that caused errors to be unreported and catches a missed error case for signature verification from libtrust. More work needs to be done around ensuring consistent error handling but this is enough to make the API work correctly.
2014-12-02 00:13:01 +00:00
} else {
errs = append(errs, err)
}
Rich error reporting for manifest push To provide rich error reporting during manifest pushes, the storage layers verifyManifest stage has been modified to provide the necessary granularity. Along with this comes with a partial shift to explicit error types, which represents a small move in larger refactoring of error handling. Signature methods from libtrust have been added to the various Manifest types to clean up the verification code. A primitive deletion implementation for manifests has been added. It only deletes the manifest file and doesn't attempt to add some of the richer features request, such as layer cleanup.
2014-11-26 20:52:52 +00:00
}
}
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
Decouple manifest signing and verification It was probably ill-advised to couple manifest signing and verification to their respective types. This changeset simply changes them from methods to functions. These might not even be in this package in the future. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-02 23:46:47 +00:00
for _, fsLayer := range mnfst.FSLayers {
Refactor storage API to be registry oriented In support of making the storage API ready for supporting notifications and mirroring, we've begun the process of paring down the storage model. The process started by creating a central Registry interface. From there, the common name argument on the LayerService and ManifestService was factored into a Repository interface. The rest of the changes directly follow from this. An interface wishlist was added, suggesting a direction to take the registry package that should support the distribution project's future goals. As these objects move out of the storage package and we implement a Registry backed by the http client, these design choices will start getting validation. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-17 02:24:07 +00:00
exists, err := ms.repository.Layers().Exists(fsLayer.BlobSum)
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
if err != nil {
errs = append(errs, err)
}
if !exists {
Move layer interface definitions to distribution package After consideration, it has been decided that the interfaces defined in the storage package provide a good base for interacting with various registry instances. Whether interacting with a remote API or a local, on-disk registry, these types have proved flexible. By moving them here, they can become the central components of interacting with distribution components. Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-12 00:49:49 +00:00
errs = append(errs, distribution.ErrUnknownLayer{FSLayer: fsLayer})
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
}
}
if len(errs) != 0 {
// TODO(stevvooe): These need to be recoverable by a caller.
Rich error reporting for manifest push To provide rich error reporting during manifest pushes, the storage layers verifyManifest stage has been modified to provide the necessary granularity. Along with this comes with a partial shift to explicit error types, which represents a small move in larger refactoring of error handling. Signature methods from libtrust have been added to the various Manifest types to clean up the verification code. A primitive deletion implementation for manifests has been added. It only deletes the manifest file and doesn't attempt to add some of the richer features request, such as layer cleanup.
2014-11-26 20:52:52 +00:00
return errs
Initial implementation of image manifest storage This change implements the first pass at image manifest storage on top of the storagedriver. Very similar to LayerService, its much simpler due to less complexity of pushing and pulling images. Various components are still missing, such as detailed error reporting on missing layers during verification, but the base functionality is present.
2014-11-22 03:39:52 +00:00
}
return nil
}
Reference in a new issue Copy permalink