Wang Yan
9a3ff11330
fix go check issues
...
G404: Replace math rand with crypto rand
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-11-16 17:46:08 +08:00
Milos Gajdos
18230b7b34
Merge pull request #3384 from wy65701436/release/2.7-cp-3169
...
[backport release/2.7]Added flag for user configurable cipher suites
2021-03-23 15:23:04 +00:00
Derek McGowan
09109ab50a
Fix gosimple checks
...
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-03-23 21:03:20 +08:00
Manish Tomar
89e6568e34
Remove err nil check
...
since type checking nil will not panic and return appropriately
Signed-off-by: Manish Tomar <manish.tomar@docker.com>
Signed-off-by: wang yan <wangyan@vmware.com>
2021-03-23 21:03:16 +08:00
Manish Tomar
3c64ff10bb
Fix gometalint errors
...
Signed-off-by: Manish Tomar <manish.tomar@docker.com>
Signed-off-by: wang yan <wangyan@vmware.com>
2021-03-23 21:03:10 +08:00
sayboras
f807afbf85
Migrate to golangci-lint
...
Signed-off-by: Tam Mach <sayboras@yahoo.com>
Signed-off-by: wang yan <wangyan@vmware.com>
2021-03-23 21:02:54 +08:00
David Luu
cc341b0110
Added flag for user configurable cipher suites
...
Configuration of list of cipher suites allows a user to disable use
of weak ciphers or continue to support them for legacy usage if they
so choose.
List of available cipher suites at:
https://golang.org/pkg/crypto/tls/#pkg-constants
Default cipher suites have been updated to:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_256_GCM_SHA384
MinimumTLS has also been updated to include TLS 1.3 as an option
and now defaults to TLS 1.2 since 1.0 and 1.1 have been deprecated.
Signed-off-by: David Luu <david@davidluu.info>
2021-03-23 18:42:12 +08:00
Wang Yan
3fe1d67ace
close the io.ReadCloser from storage driver
...
Backport PR #3309 to release/2.7
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-02-23 18:48:00 +08:00
Smasherr
cf8615dedf
Remove empty Content-Type header
...
Fixes #3288
Signed-off-by: Smasherr <soundcracker@gmail.com>
(cherry picked from commit c8d90f904f
)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-16 11:15:10 +01:00
Thomas Berger
e2f006ac2b
S3 Driver: added comment for missing KeyCount workaround
...
Signed-off-by: Thomas Berger <loki@lokis-chaos.de>
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-10 22:41:10 +08:00
Eohyung Lee
0a1e4a57e2
Fix s3 driver for supporting ceph radosgw
...
Radosgw does not support S3 `GET Bucket` API v2 API but v1.
This API has backward compatibility, so most of this API is working
correctly but we can not get `KeyCount` in v1 API and which is only
for v2 API.
Signed-off-by: Eohyung Lee <liquidnuker@gmail.com>
2020-03-10 22:35:31 +08:00
Vishesh Jindal
afa91463d6
Bugfix: Make ipfilteredby not required
...
Signed-off-by: Vishesh Jindal <vishesh92@gmail.com>
(cherry picked from commit f9a0506191
)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 19:41:02 +01:00
David Wu
caf43bbcc2
default autoredirect to false
...
Signed-off-by: David Wu <david.wu@docker.com>
2019-01-04 13:47:17 -08:00
Derek McGowan
aa985ba889
Merge pull request #2711 from davidswu/autoredirect
...
add autoredirect auth config
2018-11-27 15:48:25 -08:00
Matt Tescher
7c4d584e58
add bugsnag logrus hook
...
Signed-off-by: Matt Tescher <matthew.tescher@docker.com>
2018-10-25 14:52:10 -07:00
Yongxin Li
de8636b78c
typo fix about overridden
...
Signed-off-by: Yongxin Li <yxli@alauda.io>
2018-09-27 20:27:09 +08:00
Rui Cao
569d18aef9
Fix some typos
...
Signed-off-by: Rui Cao <ruicao@alauda.io>
2018-09-24 09:05:44 +08:00
David Wu
2e1e6307dd
add autoredirect to option
...
Signed-off-by: David Wu <david.wu@docker.com>
2018-09-20 19:33:06 -07:00
David Wu
b2bd465760
fix checks
...
Signed-off-by: David Wu <david.wu@docker.com>
2018-09-20 15:24:27 -07:00
Viktor Stanchev
f730f3ab77
add autoredirect auth config
...
It redirects the user to to the Host header's domain whenever they try to use
token auth.
Signed-off-by: David Wu <david.wu@docker.com>
2018-09-20 14:47:43 -07:00
Olivier Gambier
16128bbac4
Merge pull request #2707 from davidswu/go-1.11
...
remove dependencies on resumable
2018-09-20 12:47:44 -07:00
liyongxin
6133840f49
typo fix from existant to existent
...
Signed-off-by: liyongxin <yxli@alauda.io>
Signed-off-by: Yongxin Li <yxli@alauda.io>
2018-09-13 19:37:13 +08:00
David Wu
a927fbdb9b
track digest offset in blobwriter
...
Signed-off-by: David Wu <david.wu@docker.com>
2018-09-12 14:53:27 -07:00
David Wu
bd41413d57
remove closenotifier
...
Signed-off-by: David Wu <david.wu@docker.com>
2018-09-11 16:14:10 -07:00
David Wu
166874ade9
fix gofmt and goimports
...
Signed-off-by: David Wu <david.wu@docker.com>
2018-09-11 16:14:10 -07:00
David Wu
877d706b38
remove dependencies on resumable
...
Signed-off-by: David Wu <david.wu@docker.com>
2018-09-11 08:21:27 -07:00
Derek McGowan
642075f42c
Merge pull request #2631 from whoshuu/feature/improve-gcs-driver
...
Improve gcs driver
2018-09-05 17:48:03 -07:00
Derek McGowan
15de837aa8
Merge pull request #2704 from dmcgowan/fix-2703
...
Fix registry stripping newlines from manifests
2018-09-05 17:46:56 -07:00
Huu Nguyen
7a195dd5ca
Add back include_gcs build constraint
...
Signed-off-by: Huu Nguyen <whoshuu@gmail.com>
2018-09-05 15:48:30 -07:00
Huu Nguyen
69299d93d9
Use existing jwtConf instead of creating a scoped one
...
Signed-off-by: Huu Nguyen <whoshuu@gmail.com>
2018-09-05 15:48:30 -07:00
Tony Holdstock-Brown
f9187b2572
Add regulator to GCS
...
Signed-off-by: Huu Nguyen <whoshuu@gmail.com>
2018-09-05 15:48:30 -07:00
Andrey Kostov
b424c3d870
Better error handling for GCS credential argument addition
...
Signed-off-by: Andrey Kostov <kostov.andrey@gmail.com>
2018-09-05 15:48:29 -07:00
Andrey Kostov
78238ef1a0
Add credentials argument for GCS driver
...
Signed-off-by: Andrey Kostov <kostov.andrey@gmail.com>
2018-09-05 15:48:29 -07:00
Derek McGowan
c88728f217
Fix registry stripping newlines from manifests
...
Content must be preserved exactly
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-09-05 13:40:42 -07:00
Ryan Abrams
6b73a9ab89
Ignore missing paths during enumeration
...
It's possible to run into a race condition in which the enumerator lists
lots of repositories and then starts the long process of enumerating through
them. In that time if someone deletes a repo, the enumerator may error out.
Signed-off-by: Ryan Abrams <rdabrams@gmail.com>
2018-09-05 10:17:08 -07:00
David Wu
8d7e4cd388
fix goimports and gofmt
...
Signed-off-by: David Wu <david.wu@docker.com>
2018-09-04 17:45:39 -07:00
Olivier Gambier
90705d2fb8
Merge pull request #2362 from twistlock/populate_htpasswd
...
Create and populate htpasswd file if missing
2018-08-31 00:25:37 -07:00
Derek McGowan
b12bd4004a
Merge pull request #2639 from andrew-leung/manifesteventlayers
...
Add configurable layers in manifest events
2018-08-28 16:03:05 -07:00
Derek McGowan
059f301d54
Merge pull request #2685 from manishtomar/mani-graceful-shutdown
...
Graceful shutdown
2018-08-27 14:24:53 -07:00
Olivier Gambier
3354cf98e3
Merge pull request #2680 from manishtomar/mani-fix-mem-leak
...
fix memory leak introduced in PR #2648
2018-08-24 14:35:12 -07:00
Derek McGowan
ef859e1b21
Merge pull request #2474 from vikstrous/disable-v1-master
...
disable schema1 by default, add a config flag to enable it
2018-08-24 10:58:39 -07:00
Olivier
53bd46af5c
Merge pull request #2651 from mikebrow/manifest-version-test-on-put
...
adds validation testing for schema version values
2018-08-20 12:19:40 -07:00
Olivier
6411087274
Merge pull request #2681 from dmcgowan/update-yaml
...
Update yaml parser
2018-08-20 12:18:21 -07:00
David Wu
0b0d470281
use aws sdk to validate regions
...
Signed-off-by: David Wu <david.wu@docker.com>
2018-08-20 11:02:14 -07:00
Andrew Leung
5e4b81a578
Use references terminology instead of layers.
...
Signed-off-by: Andrew Leung <anwleung@gmail.com>
2018-08-20 10:01:40 -07:00
Manish Tomar
40efb602d6
Add support to gracefully shutdown the server
...
This is done by draining the connections for configured time after registry receives a SIGTERM signal.
This adds a `draintimeout` setting under `HTTP`. Registry doesn't drain
if draintimeout is not provided.
Signed-off-by: Manish Tomar <manish.tomar@docker.com>
2018-08-20 10:01:26 -07:00
Derek McGowan
f0ee5720a5
Update yaml parser
...
Mark the top level Loglevel field as deprecated
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-08-14 16:42:36 -07:00
Manish Tomar
13f8189f2a
fix memory leak introduced in PR #2648
...
context.App.repoRemover is single registry instance stored throughout
app run. It was wrapped in another remover when processing each request.
This remover happened to be remover got from previous request. This way
every remover created was stored in infinite linked list causing memory
leak. Fixing it by storing the wrapped remover inside the request context
which will get gced when request context is gced. This was introduced in
PR #2648 .
Signed-off-by: Manish Tomar <manish.tomar@docker.com>
2018-08-14 16:41:45 -07:00
Mike Brown
2fdb2ac270
adds validation testing for schema version values
...
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
2018-08-14 08:53:54 -05:00
Derek McGowan
5f37adaa41
Merge pull request #2673 from dmp42/TLS
...
Remove ciphers that do not support perfect forward secrecy
2018-08-10 16:03:59 -07:00