Commit graph

2467 commits

Author SHA1 Message Date
Clayton Coleman
23f8ca88e1
If the request already has the scope, don't force token fetch
AuthorizeRequest() injects the 'pull' scope if `from` is set
unconditionally. If the current token already has that scope, it will
be inserted into the scope list twice and `addedScopes` will be set to
true, resulting in a new token being fetched that has no net new scopes.

Instead, check whether `additionalScopes` are actually new.

Signed-off-by: Clayton Coleman <ccoleman@redhat.com>
2017-08-23 19:27:37 -04:00
Stephen Day
5f6282db7d Merge pull request #2371 from lazize/patch-1
Fix registry version argument
2017-08-17 10:56:59 -07:00
Leonardo Azize Martins
3f771adca6 Fix registry version argument
Signed-off-by: Leonardo Azize Martins <leonardo.azize@scania.com>
2017-08-17 08:35:39 +02:00
Derek McGowan
e0b4f55f2b Merge pull request #2366 from stevvooe/remove-logging-dependencies
registry: remove dependency on logrus for client
2017-08-15 11:03:52 -07:00
Stephen J Day
860b28c5b9
registry: remove dependency on logrus for client
To simplify the vendoring story for the client, we have now removed the
requirement for `logrus` and the forked `context` package (usually
imported as `dcontext`). We inject the logger via the metrics tracker
for the blob cache and via options on the token handler. We preserve
logs on the proxy cache for that case. Clients expecting these log
messages may need to be updated accordingly.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-08-15 10:28:38 -07:00
Stephen Day
06fa77aa11 Merge pull request #2360 from stevvooe/remove-context-type
context: remove definition of Context
2017-08-11 16:30:26 -07:00
Stephen J Day
9c88801a12
context: remove definition of Context
Back in the before time, the best practices surrounding usage of Context
weren't quite worked out. We defined our own type to make usage easier.
As this packaged was used elsewhere, it make it more and more
challenging to integrate with the forked `Context` type. Now that it is
available in the standard library, we can just use that one directly.

To make usage more consistent, we now use `dcontext` when referring to
the distribution context package.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-08-11 15:53:31 -07:00
Stephen Day
7a8efe719e Merge pull request #2350 from jonjohnsonjr/spec-typo
Fix typo in api spec
2017-08-04 12:10:18 -07:00
Jon Johnson
3d7803ec8c Fix typo in api spec
Signed-off-by: Jon Johnson <jonjohnson@google.com>
2017-07-28 10:13:32 -07:00
Derek McGowan
edc3ab29cd Merge pull request #2316 from igmor/logrus_case_dep_update
Update logrus and logrus-logstash-hook libraries
2017-07-26 10:46:10 -07:00
Aaron Lehmann
e18fe7d3f4 Merge pull request #2346 from riyazdf/security-list
add CONTRIBUTING info for security issues
2017-07-24 17:40:39 -07:00
Stephen Day
cb851f6598 Merge pull request #2345 from mstanleyjones/put-back-image
Put back v2-registry-auth.png
2017-07-24 15:01:48 -07:00
Riyaz Faizullabhoy
f7fb45f59a add CONTRIBUTING info for security issues
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2017-07-24 14:58:32 -07:00
Misty Stanley-Jones
1d95716792 Put back v2-registry-auth.png
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-07-24 14:27:16 -07:00
Stephen Day
91c507a39a Merge pull request #2340 from stevvooe/limit-payload-size
registry/{storage,handlers}: limit content sizes
2017-07-20 13:57:55 -07:00
Derek McGowan
5cfdfbdce5 Merge pull request #2338 from stevvooe/api-typo
api: url typo in specification
2017-07-18 15:49:00 -07:00
Stephen J Day
5e5156afa3
api: url typo in specification
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-07-18 14:48:55 -07:00
Aaron Lehmann
fb90a182a9 Merge pull request #2336 from fate-grand-order/fixed
fix misspelling "algorithm" for cache/redis/redis.go
2017-07-18 11:56:19 -07:00
fate-grand-order
a11fe173d5 fix misspelling "algorithm" for cache/redis/redis.go
Signed-off-by: Helen Chen <chenjg@harmonycloud.cn>
2017-07-18 16:02:42 +08:00
Stephen J Day
55ea440428
registry/{storage,handlers}: limit content sizes
Under certain circumstances, the use of `StorageDriver.GetContent` can
result in unbounded memory allocations. In particualr, this happens when
accessing a layer through the manifests endpoint.

This problem is mitigated by setting a 4MB limit when using to access
content that may have been accepted from a user. In practice, this means
setting the limit with the use of `BlobProvider.Get` by wrapping
`StorageDriver.GetContent` in a helper that uses `StorageDriver.Reader`
with a `limitReader` that returns an error.

When mitigating this security issue, we also noticed that the size of
manifests uploaded to the registry is also unlimited. We apply similar
logic to the request body of payloads that are full buffered.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-07-06 17:13:39 -07:00
Aaron Lehmann
f86db6b226 Merge pull request #2315 from ipanova/mediatype-typo
Fixing image manifest schema2 medaitype typo in docs.
2017-06-27 11:58:08 -07:00
Aaron Lehmann
caa175c710 Merge pull request #2299 from dmage/regulator
Fix signalling Wait in regulator.enter
2017-06-23 15:25:35 -07:00
Derek McGowan
b9f76758ae Merge pull request #2310 from dmage/digest
Update Docker-Content-Digest if manifest list is rewritten
2017-06-23 15:07:39 -07:00
Igor Morozov
a97d7c0c15 moved Sirupsen to sirupsen on a case sensitive system
Signed-off-by: Igor Morozov <igor@adhoc05-sjc1.prod.uber.internal>
2017-06-23 20:28:48 +00:00
Ina Panova
5ccd03d28a Fixing image manifest schema2 medaitype typo in docs.
Signed-off-by: Ina Panova <ipanova@redhat.com>
2017-06-23 12:25:52 +02:00
Oleg Bulatov
5b1b6afae2 Update Docker-Content-Digest if manifest list is rewritten
If the client doesn't support manifest lists, the registry will
rewrite a manifest list into the old format. The Docker-Content-Digest
header should be updated in this case.

Signed-off-by: Oleg Bulatov <oleg@bulatov.me>
2017-06-16 16:20:14 +02:00
Oleg Bulatov
258345ba0d Fix signalling Wait in regulator.enter
In some conditions, regulator.exit may not send a signal to blocked
regulator.enter.

Let's assume we are in the critical section of regulator.exit and r.available
is equal to 0. And there are three more gorotines. One goroutine also executes
regulator.exit and waits for the lock. Rest run regulator.enter and wait for
the signal.

We send the signal, and after releasing the lock, there will be lock
contention:

  1. Wait from regulator.enter
  2. Lock from regulator.exit

If the winner is Lock from regulator.exit, we will not send another signal to
unlock the second Wait.

Signed-off-by: Oleg Bulatov <obulatov@redhat.com>
2017-06-02 15:41:55 +02:00
Stephen Day
1e2f10eb65 Merge pull request #2281 from sixeyed/patch-1
Add ARGs for cross-compiling
2017-05-24 13:58:24 -07:00
Derek McGowan
a1576d6e21 Merge pull request #2165 from kevinetc123/patch-1
fix some misspells
2017-05-24 11:18:20 -07:00
Derek McGowan
49bb3242da Merge pull request #2282 from mstanleyjones/put-back-architecture-doc
Put architecture.md back into distribution repo
2017-05-23 13:10:21 -07:00
Misty Stanley-Jones
b0f98e9382 Put architecture.md back into distribution repo
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-05-23 11:24:11 -07:00
Derek McGowan
079f5b179d Merge pull request #2276 from nycholas/patch-1
Update README.md
2017-05-23 10:30:50 -07:00
Elton Stoneman
646fc9702c Add ARGs for cross-compiling
Add build args. Defaults to Linux/x64 so no change to existing image, but can build for other platforms - e.g.
```
docker build --build-arg GOOS=windows -t distribution-builder:windows .
```

Signed-off-by: Elton Stoneman <elton@sixeyed.com>
2017-05-23 10:02:15 +01:00
Nycholas de Oliveira e Oliveira
5573a13f15 Update README.md
Signed-off-by: Nycholas de Oliveira e Oliveira <nycholas@gmail.com>
2017-05-18 10:11:41 -03:00
Derek McGowan
a528cc1fc3 Merge pull request #2206 from stevvooe/update-resumable-hash
vendor: update resumable dependency
2017-05-17 13:09:54 -07:00
Stephen J Day
f01bcc8f62
vendor: update resumable dependency
Updates resumable hash implementation to Go 1.8 equivalent. This should
be a major speedup, since it includes a number of optimizations from Go
1.7.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-05-16 15:12:58 -07:00
Stephen Day
83f857ca12 Merge pull request #2207 from docker/update-go-1.8
go 1.8: update dockerfile and circle
2017-05-16 13:16:41 -07:00
Derek McGowan
9098f843d6 Merge pull request #2275 from IamBusy/master
Remove unused function
2017-05-16 11:51:13 -07:00
Derek McGowan
df1e488526
Update registry build to use go 1.8
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2017-05-16 11:33:57 -07:00
william wei
37ca688dc0 Remove unused function
Signed-off-by: william wei <1342247033@qq.com>
2017-05-16 17:47:13 +08:00
Derek McGowan
ce936a8591 Merge pull request #2262 from m-masataka/add_description_of_timeout
DOC:configuration.md: Change description of interval.
2017-05-05 11:45:43 -07:00
Masataka Mizukoshi
7d8dab5fdc DOC:configuration.md: Change description of interval.
Signed-off-by: Masataka Mizukoshi <m.mizukoshi.wakuwaku@gmail.com>
2017-05-04 19:14:29 +00:00
Stephen Day
a40abc69f2 Merge pull request #2245 from aaronlehmann/fetch-origin
[CI] Fetch origin before diffing
2017-05-04 11:51:08 -07:00
Stephen Day
7cc8e701c9 Merge pull request #2264 from luislobo/patch-1
Fixed #htpasswd link
2017-05-04 11:24:27 -07:00
Luis Lobo Borobia
212f47c318
Fixed #htpasswd link
Fixed #htpasswd link

Signed-off-by: Luis Lobo Borobia <luislobo@gmail.com>
2017-05-03 23:19:44 -05:00
Masataka Mizukoshi
05ac637aec DOC:configuration.md: Change description of interval.
Signed-off-by: Masataka Mizukoshi <m.mizukoshi.wakuwaku@gmail.com>
2017-05-01 09:28:32 +00:00
Derek McGowan
1d7824702b Merge pull request #2247 from yuwaMSFT2/revendorazuresdk
closes #2224 re-vendor the latest Azure Storage SDK for better performance
2017-04-27 10:54:25 -07:00
Derek McGowan
b7d5d9bfed Merge pull request #2258 from tt/return-early-to-prevent-nil-pointer-dereference
Return early to prevent nil pointer dereference
2017-04-27 09:38:03 -07:00
Troels Thomsen
1935c8d50b Return early to prevent nil pointer dereference
Signed-off-by: Troels Thomsen <troels@thomsen.io>
2017-04-27 14:59:37 +02:00
Derek McGowan
f4a1d3e0d5 Merge pull request #2230 from tt/support-session-token
Support session token
2017-04-26 12:53:50 -07:00