Commit graph

5051 commits

Author SHA1 Message Date
Vidar
e4f126c10e nginx does not support bcrypt when using auth_basic (#4332) 2017-08-29 15:34:27 -07:00
Derek McGowan
30578ca329 Merge pull request #2384 from smarterclayton/client_retry
Support HEAD requests without Docker-Content-Digest header
2017-08-25 15:06:52 -07:00
Clayton Coleman
a2015272c1
Support HEAD requests without Docker-Content-Digest header
A statically hosted registry that responds correctly to GET with a
manifest will load the right digest (by looking at the manifest body and
calculating the digest). If the registry returns a HEAD without
`Docker-Content-Digest`, then the client Tags().Get() call will return
an empty digest.

This commit changes the client to fallback to loading the tag via GET if
the `Docker-Content-Digest` header is not set.

Signed-off-by: Clayton Coleman <ccoleman@redhat.com>
2017-08-25 17:18:01 -04:00
Derek McGowan
d9e0121fef Merge pull request #2382 from smarterclayton/scope_check
If the request already has the scope, don't fetchToken again
2017-08-24 15:50:00 -07:00
Emmanuel Briney
90a402d946 fix registry template plist location for launchctl (#4333) 2017-08-23 16:34:49 -07:00
Wang Jie
aa6e69711a Update compatibility.md (#4321) 2017-08-23 16:29:19 -07:00
Clayton Coleman
23f8ca88e1
If the request already has the scope, don't force token fetch
AuthorizeRequest() injects the 'pull' scope if `from` is set
unconditionally. If the current token already has that scope, it will
be inserted into the scope list twice and `addedScopes` will be set to
true, resulting in a new token being fetched that has no net new scopes.

Instead, check whether `additionalScopes` are actually new.

Signed-off-by: Clayton Coleman <ccoleman@redhat.com>
2017-08-23 19:27:37 -04:00
Wang Jie
c1950e123d Update index.md (#4323) 2017-08-22 16:47:45 -07:00
Wang Jie
aa2955a748 Update index.md (#4322) 2017-08-22 16:47:11 -07:00
Wang Jie
3ae7d9ca65 Update insecure.md (#4318) 2017-08-22 16:45:22 -07:00
Wang Jie
e98a162c62 Update osx-setup-guide.md (#4316) 2017-08-22 16:43:21 -07:00
Wang Jie
d18e3a63be Update filesystem.md (#4324)
Is this change OK? Or, organizing these in a table is better?
2017-08-22 16:25:51 -07:00
Stephen J Day
1618b49d5b
registry/handlers: ignore notfound on storage driver healthcheck
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-08-21 15:04:31 -07:00
Stephen Day
5f6282db7d Merge pull request #2371 from lazize/patch-1
Fix registry version argument
2017-08-17 10:56:59 -07:00
Leonardo Azize Martins
3f771adca6 Fix registry version argument
Signed-off-by: Leonardo Azize Martins <leonardo.azize@scania.com>
2017-08-17 08:35:39 +02:00
Jim Galasyn
a25006234f Add China registry mirror section (#84) 2017-08-15 23:31:15 -07:00
Derek McGowan
e0b4f55f2b Merge pull request #2366 from stevvooe/remove-logging-dependencies
registry: remove dependency on logrus for client
2017-08-15 11:03:52 -07:00
Stephen J Day
860b28c5b9
registry: remove dependency on logrus for client
To simplify the vendoring story for the client, we have now removed the
requirement for `logrus` and the forked `context` package (usually
imported as `dcontext`). We inject the logger via the metrics tracker
for the blob cache and via options on the token handler. We preserve
logs on the proxy cache for that case. Clients expecting these log
messages may need to be updated accordingly.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-08-15 10:28:38 -07:00
Stephen Day
06fa77aa11 Merge pull request #2360 from stevvooe/remove-context-type
context: remove definition of Context
2017-08-11 16:30:26 -07:00
Stephen J Day
9c88801a12
context: remove definition of Context
Back in the before time, the best practices surrounding usage of Context
weren't quite worked out. We defined our own type to make usage easier.
As this packaged was used elsewhere, it make it more and more
challenging to integrate with the forked `Context` type. Now that it is
available in the standard library, we can just use that one directly.

To make usage more consistent, we now use `dcontext` when referring to
the distribution context package.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-08-11 15:53:31 -07:00
Stephen Day
7a8efe719e Merge pull request #2350 from jonjohnsonjr/spec-typo
Fix typo in api spec
2017-08-04 12:10:18 -07:00
Robert Steward
a95492280b Fix borked link (#4097) 2017-08-04 11:52:24 -07:00
Misty Stanley-Jones
a1088938b0 Remove sentence about super old Docker (#4099) 2017-08-04 11:12:02 -07:00
Andrew Lively
2aa6e2ae80 Documentation typo fix (#4087)
Fixed a typo in the "Setting things up" section to correct "ese" to "these"
2017-08-03 15:47:21 -07:00
Vega Chou
c2bbc7eab7 fix default secrets path in container (#4011) 2017-08-01 12:03:05 -07:00
Victoria Bialas
3c1aeebc2a Fix links to subtopics in index.md files by include full path (#4054)
* for all links to , changed to full path

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>

* fixed link in Swarm Tutorial per review comments

Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2017-07-31 18:54:08 -07:00
Jon Johnson
3d7803ec8c Fix typo in api spec
Signed-off-by: Jon Johnson <jonjohnson@google.com>
2017-07-28 10:13:32 -07:00
Peter Kokot
23c116b75f Fix link to requirements (#3970)
This patch fixes link to Docker registry requirements from the Apache recipe.
2017-07-26 17:15:48 -07:00
Peter Kokot
a59d321e8d Fix link to requirements in Nginx recipe (#3969) 2017-07-26 16:23:00 -07:00
Derek McGowan
edc3ab29cd Merge pull request #2316 from igmor/logrus_case_dep_update
Update logrus and logrus-logstash-hook libraries
2017-07-26 10:46:10 -07:00
Aaron Lehmann
e18fe7d3f4 Merge pull request #2346 from riyazdf/security-list
add CONTRIBUTING info for security issues
2017-07-24 17:40:39 -07:00
Stephen Day
cb851f6598 Merge pull request #2345 from mstanleyjones/put-back-image
Put back v2-registry-auth.png
2017-07-24 15:01:48 -07:00
Riyaz Faizullabhoy
f7fb45f59a add CONTRIBUTING info for security issues
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2017-07-24 14:58:32 -07:00
Misty Stanley-Jones
c6f6c44e56 Remove v2-registry-auth image (#3965)
Put it back upstream instead
2017-07-24 14:44:49 -07:00
Misty Stanley-Jones
1d95716792 Put back v2-registry-auth.png
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-07-24 14:27:16 -07:00
Stephen Day
91c507a39a Merge pull request #2340 from stevvooe/limit-payload-size
registry/{storage,handlers}: limit content sizes
2017-07-20 13:57:55 -07:00
YuJie
20f225005a Fix the sentence
Signed-off-by: YuJie <390282283@qq.com>
2017-07-20 05:52:56 +08:00
Derek McGowan
5cfdfbdce5 Merge pull request #2338 from stevvooe/api-typo
api: url typo in specification
2017-07-18 15:49:00 -07:00
Stephen J Day
5e5156afa3
api: url typo in specification
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-07-18 14:48:55 -07:00
Aaron Lehmann
fb90a182a9 Merge pull request #2336 from fate-grand-order/fixed
fix misspelling "algorithm" for cache/redis/redis.go
2017-07-18 11:56:19 -07:00
fate-grand-order
a11fe173d5 fix misspelling "algorithm" for cache/redis/redis.go
Signed-off-by: Helen Chen <chenjg@harmonycloud.cn>
2017-07-18 16:02:42 +08:00
John Mulhausen
cb3f2ace6d Update mirror.md 2017-07-13 13:21:08 -07:00
Jim Galasyn
cf36ad3cb2 Improve tip on log messages (#3888)
* Improve tip on log messages

* Reformat per feedback
2017-07-13 12:07:43 -07:00
Jim Galasyn
82998e1077 Add tip about error message in registry cache (#3874) 2017-07-12 11:59:00 -07:00
Stephen J Day
55ea440428
registry/{storage,handlers}: limit content sizes
Under certain circumstances, the use of `StorageDriver.GetContent` can
result in unbounded memory allocations. In particualr, this happens when
accessing a layer through the manifests endpoint.

This problem is mitigated by setting a 4MB limit when using to access
content that may have been accepted from a user. In practice, this means
setting the limit with the use of `BlobProvider.Get` by wrapping
`StorageDriver.GetContent` in a helper that uses `StorageDriver.Reader`
with a `limitReader` that returns an error.

When mitigating this security issue, we also noticed that the size of
manifests uploaded to the registry is also unlimited. We apply similar
logic to the request body of payloads that are full buffered.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-07-06 17:13:39 -07:00
leonstrand
b19b19cc70 Fixed spelling of 'exammple' (#3769) 2017-06-30 16:40:26 -07:00
Misty Stanley-Jones
31619aedd3 Reorganize registry deployment guide (#3485)
* Reorganize registry deployment guide

Also add information about pushing non-distributable
layers to private registries

Also add an example of running a registry as a swarm service
2017-06-28 08:31:29 -07:00
Misty Stanley-Jones
8ac75794dd Point to newer registry topic (#3719) 2017-06-27 16:33:43 -07:00
Aaron Lehmann
f86db6b226 Merge pull request #2315 from ipanova/mediatype-typo
Fixing image manifest schema2 medaitype typo in docs.
2017-06-27 11:58:08 -07:00
Aaron Lehmann
caa175c710 Merge pull request #2299 from dmage/regulator
Fix signalling Wait in regulator.enter
2017-06-23 15:25:35 -07:00