Commit graph

35 commits

Author SHA1 Message Date
TaylorKanper
18b2b9f455 Added some secure compilation options PIE
Signed-off-by: TaylorKanper <tony_kanper@hotmail.com>
2022-04-06 08:41:29 +08:00
TaylorKanper
69b1e01166 Added some secure compilation options, especially PIE and RELRO.
Signed-off-by: TaylorKanper <tony_kanper@hotmail.com>
2022-04-02 10:09:59 +08:00
David Luu
1e625d0076 Added flag for user configurable cipher suites
Configuration of list of cipher suites allows a user to disable use
of weak ciphers or continue to support them for legacy usage if they
so choose.

List of available cipher suites at:
https://golang.org/pkg/crypto/tls/#pkg-constants

Default cipher suites have been updated to:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_256_GCM_SHA384

MinimumTLS has also been updated to include TLS 1.3 as an option
and now defaults to TLS 1.2 since 1.0 and 1.1 have been deprecated.

Signed-off-by: David Luu <david@davidluu.info>
2021-02-25 14:19:56 -06:00
Sebastiaan van Stijn
1d33874951
go.mod: change imports to github.com/distribution/distribution/v3
Go 1.13 and up enforce import paths to be versioned if a project
contains a go.mod and has released v2 or up.

The current v2.x branches (and releases) do not yet have a go.mod,
and therefore are still allowed to be imported with a non-versioned
import path (go modules add a `+incompatible` annotation in that case).

However, now that this project has a `go.mod` file, incompatible
import paths will not be accepted by go modules, and attempting
to use code from this repository will fail.

This patch uses `v3` for the import-paths (not `v2`), because changing
import paths itself is a breaking change, which means that  the
next release should increment the "major" version to comply with
SemVer (as go modules dictate).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-02-08 18:30:46 +01:00
sayboras
66809646d9 Migrate to golangci-lint
Signed-off-by: Tam Mach <sayboras@yahoo.com>
2020-02-14 08:11:16 +11:00
Alex Laties
92d213d2c1 allow for VERSION and REVISION to be passed in during docker builds
Signed-off-by: Alex Laties <agl@tumblr.com>
2019-06-26 18:06:51 -04:00
Derek McGowan
97cb7f35b0
Update release documents
Remove redundant AUTHORS file in favor of relying
on .mailmap for keeping track of author names.
Move older changelogs to release directory.
Move release checklist to releases README.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-09-26 18:30:44 -07:00
Derek McGowan
dc49f84dcc
Update build to use travis
Update Makefile targets

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2018-08-01 16:54:54 -07:00
Aaron Lehmann
299b90b0bd Makefile: Restore vendor directory after dep-validate
Currently, this target makes changes to the vendor directory, which may
overwrite local changes or cause build errors. It's better to restore
the original vendor directory after running the check.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2017-03-20 11:12:03 -07:00
Derek McGowan
acad7c43a8
Enable dependency validation
Re-enable dependency validation using vndr instead of godep

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-23 15:45:04 -08:00
yuexiao-wang
8530d65c9b Add targets for Makefile
Signed-off-by: yuexiao-wang <wang.yuexiao@zte.com.cn>
2016-11-01 17:48:25 +08:00
Derek McGowan
d9dc966209
Cleanup makefile
Use find instead of wildcard to get go files since wildcard does not
do recursive lookups via `**`, missing most go files.
Do lazy evaluations of variables which are not needed immediately.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-10-10 17:30:47 -07:00
Aaron Lehmann
20525e390a Makefile: don't look for golint and godep in specific places
Using $GOPATH/bin/godep or $GOPATH/bin/golint is problematic because
$GOPATH can contain multiple colon-separated paths.

We should just run these like normal binaries. The user should make sure
their $PATH contains $GOPATH/bin, if necessary. This is part of normal
Go setup.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-03-31 11:00:28 -07:00
Olivier Gambier
d1444b56e9 Fix GCS
Signed-off-by: Olivier Gambier <olivier@docker.com>
2016-03-22 10:50:52 -07:00
Olivier Gambier
59401e277b Dependency validation enforce
Signed-off-by: Olivier Gambier <olivier@docker.com>
2016-03-22 10:45:50 -07:00
Olivier Gambier
53e3c1d7b2 Fix godeps
Signed-off-by: Olivier Gambier <olivier@docker.com>
2016-03-22 10:45:50 -07:00
Olivier Gambier
77e69b9cf3 Move to vendor
Signed-off-by: Olivier Gambier <olivier@docker.com>
2016-03-22 10:45:49 -07:00
Stephen J Day
7230e9def7 Makefile: remove AUTHORS from default target
While it is generally good practice to look before jumping, many
developers enjoy running `make` without reading the Makefile and
indiscriminately use `git add -A`. This behavior, coupled with
generating AUTHORS in the default target result in garbage in various
PRs and extra round trips to remove said garbage.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-02-22 12:56:23 -08:00
Richard Scothern
c3c932f4e1 Use go 1.5 on the build machine
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-11-11 09:50:59 -08:00
Stephen J Day
7835d261d8 Add generic content digest tool
Previously a useful gist, this changeset polishes the original tarsum tool into
a utility that can be used to calculate content digests. Any algorithm from the
digest package is supported with additional support from tarsum.

This tool is very useful for quickly checking backend digests and verifying
correctness.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-20 14:55:34 -07:00
Stephen J Day
bc5835ba2d Remove dist tool from distribution
We are headed in a different direction. The dist tool analog will not be a part
of this repository.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-08-06 17:35:36 -07:00
Aaron Lehmann
5a37b46421 Fix go vet in CI
It's necessary to compile the code first; otherwise go vet silently
fails to load imports.

Fixes #807.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-08-03 11:29:10 -07:00
Stephen Day
939b199154 Merge pull request #616 from RichardScothern/debug_build
Enable the registry to be built with debug symbols
2015-06-16 16:19:15 -07:00
Mary Anthony
832cb9d52c Updating for Hugo
Updating for tooling tests
Updating with the new sed scripts to protect links
updating with new image
Updating with comments

Signed-off-by: Mary Anthony <mary@docker.com>
2015-06-15 14:39:33 -07:00
Richard
17db4d9e11 Enable the registry to be built with debug information with an environment
variable 'DISABLE_OPTIMIZATION'.

$ DISABLE_OPTIMIZATION=true make binaries

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-06-11 17:22:08 -07:00
Vincent Giersch
394eea0231 Storage Driver: Ceph Object Storage (RADOS)
This driver implements the storagedriver.StorageDriver interface and
uses Ceph Object Storage as storage backend.

Since RADOS is an object storage and no hierarchy notion, the
following convention is used to keep the filesystem notions stored in
this backend:

* All the objects data are stored with opaque UUID names prefixed
  (e.g. "blob:d3d232ff-ab3a-4046-9ab7-930228d4c164).
* All the hierarchy information are stored in rados omaps, where the
  omap object identifier is the virtual directory name, the keys in
  a specific are the relative filenames and the values the blob
  object identifier (or empty value for a sub directory).

  e.g. For the following hierarchy:

     /directory1
     /directory1/object1
     /directory1/object2
     /directory1/directory2/object3

  The omap "/directory1" will contains the following key / values:
    - "object1" "blob:d3d232ff-ab3a-4046-9ab7-930228d4c164"
    - "object2" "blob:db2e359d-4af0-4bfb-ba1d-d2fd029866a0"
    - "directory2" ""

  The omap "/directory1/directory2" will contains:
    - "object3" "blob:9ae2371c-81fc-4945-80ac-8bf7f566a5d9"

* The MOVE is implemented by changing the reference to a specific
  blob in its parent virtual directory omap.

This driver stripes rados objects to a fixed size (e.g. 4M). The idea
is to keep small objects (as done by RBD on the top of RADOS) that
will be easily synchronized accross OSDs. The information of the
original object (i.e total size of the chunks) is stored as a Xattr
in the first chunk object.

Signed-off-by: Vincent Giersch <vincent.giersch@ovh.net>
2015-05-20 01:44:34 +00:00
Derek McGowan
21504560e1 Update final upload chunk api doc
Updates description about content length and location

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-04-15 17:55:15 -07:00
Mary Anthony
636a19b212 Retooling to allow for docs build
Adding docs build to the Makefile
Adding in Sven's changes to the Makefile
Removing DS_store file
Updating per Stephen's comments
Update with Stephen's final comment

Signed-off-by: Mary Anthony <mary@docker.com>
2015-04-03 14:55:24 -07:00
Frederick F. Kautz IV
65450aca98 Removing dependencies from Makefile AUTHORS target that break build in pristine git env
Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
2015-02-23 15:11:04 -08:00
Stephen J Day
8865a1ba3c Add dist binary target to Makefile
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-16 14:25:17 -08:00
Stephen J Day
b429176dd7 Move API specification into correct position
The goal is to maintain a specification heirarchy under doc/spec. This change
sets the example. The Makefile has also been changed update the AUTHORS file
and can now generate the specification.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-06 17:49:50 -08:00
Stephen J Day
d513d07e5f Add common targets to Makefile
A nice set of common default targets have been added to the Makefile to make
running tests and building binaries more straightforward. Running the Makefile
before committing should make build failures less common.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-02-06 15:39:11 -08:00
Stephen J Day
9abefef2a3 Quote argument in Makefile clean target
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-30 11:13:45 -08:00
Stephen J Day
d0abfe0b92 Report version in registry binary
We've added support to the registry command to report the current version of
the distribution package. The version package is generated with a shell script
that gets the latest tag and add "+unknown". This allows builds from "go get"
and "go install" to have a rough version number. Generated periodically, it
will provide a decent indication of what code built the binary. For more
accurate versioning, one can build with the "binaries" make target. Linker
flags are used to replace the version string with the actual current tag at
build time.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-29 18:32:01 -08:00
Stephen J Day
deddda5d29 Autogenerate AUTHORS file for distribution repo
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-01-14 16:25:27 -08:00