To ensure that we only unmarshal the verified payload into the contained
manifest, we first copy the entire incoming buffer into Raw and then unmarshal
only the Payload portion of the incoming bytes. If the contents is later
verified, the caller can then be sure that the contents of the Manifest fields
can be trusted.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Various improvements motivated by early real-world use in engine code
under development:
- Make `WithDigest` return `Canonical`, since the return value always
has a name and a digest.
- Introduce a `NamedTagged` type, which can be used for strongly typing
cases where something must have a name and a tag.
- Rename `ParseNamed` to `WithName`, and create a
`ParseNamed` that accepts tags and digests (returning a `Named` type).
The new `ParseNamed` makes code using the reference package much less
verbose, since typical use cases require a name, and this is an
additional type assertion and error case after every `Parse` call.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
These functions allow a Named type to be combined with a tag or a
digest. WithTag will replace the ImageReference function in
github.com/docker/docker/utils as the Docker Engine transitions to the
reference package.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
In order to support valid hostnames as name components, supporting repeated dash was added.
Additionally double underscore is now allowed as a separator to loosen the restriction for previously supported names.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Since reference itself may be represented by multiple types which implement the reference inteface, serialization can lead to ambiguous type which cannot be deserialized.
Field wraps the reference object to ensure that the correct type is always deserialized, requiring an extra unwrap of the reference after deserialization.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
There seems to be a need for a type that represents a way of pointing
to an image, irrespective of the implementation.
This patch defines a Reference interface and provides 3 implementations:
- TagReference: when only a tag is provided
- DigestReference: when a digest (according to the digest package) is
provided, can include optional tag as well
Validation of references are purely syntactic.
There is also a strong type for tags, analogous to digests, as well
as a strong type for Repository from which clients can access the
hostname alone, or the repository name without the hostname, or both
together via the String() method.
For Repository, the files names.go and names_test.go were moved from
the v2 package.
Signed-off-by: Tibor Vass <tibor@docker.com>
of readers joining current downloads. Concurrent requests for the same blob
will not block, but only the first instance will be comitted locally.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Fixes https://github.com/docker/distribution/issues/1062
This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).
It deviates from the RFC in the following ways:
1) Allow underscores where we allow hyphens (hostnames don't allow
underscores, which we must for backwards compatibility).
2) Leave "top-level" name segments unrestricted (domains require an
alpha character to begin a top-level domain, e.g. "com").
3) DO NOT allow a trailing dot, as permitted by FQDNs.
Signed-off-by: Matt Moore <mattmoor@google.com>
It seems that enabling proxy stops my instance from accepting local pushes, but I can't find mention of that in the docs.
Signed-off-by: Jason Freidman <jason@periscope.io>
This allows the administrator to specify an externally-reachable URL for
the registry. It takes precedence over the X-Forwarded-Proto and
X-Forwarded-Host headers, and the hostname in the request.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Associate HTTP 401s with Authentication errors rather than Authorization
errors. Changes the meaning of the UNAUTHORIZED error to be authentication
specific.
Defines DENIED error code to be associated with authorization
errors which result in HTTP 403 responses.
Add 'No Such Repository' errors to more endpoints.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)