Marcus Martins
db1bf93098
Add leeway to JWT nbf and exp checking
...
Adds a constant leeway (60 seconds) to the nbf and exp claim check to
account for clock skew between the registry servers and the
authentication server that generated the JWT.
The leeway of 60 seconds is a bit arbitrary but based on the RFC
recommendation and hub.docker.com logs/metrics where we don't see
drifts of more than a second on our servers running ntpd.
I didn't attempt to make the leeway configurable as it would add extra
complexity to the PR and I am not sure how Distribution prefer to
handle runtime flags like that.
Also, I am simplifying the exp and nbf check for readability as the
previous `NOT (A AND B)` with cmp operators was not very friendly.
Ref:
https://tools.ietf.org/html/rfc7519#section-4.1.5
Signed-off-by: Marcus Martins <marcus@docker.com>
2016-07-18 17:47:30 -07:00
Richard Scothern
ba927007b0
Merge pull request #1677 from RichardScothern/tonyhb-fix-s3-gc-error
...
Move GC into storage package and add tests
2016-04-28 14:09:58 -07:00
Richard Scothern
a7dda2ce93
Merge pull request #1665 from andrewhsu/middleware-redirect
...
add middleware storage driver for redirect
2016-04-27 15:05:52 -07:00
Richard Scothern
69ba30dc03
Add a test with a missing _manifests directory
...
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-04-27 13:34:25 -07:00
Richard Scothern
ea492aca1a
Move garbage collect code into storage package
...
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-04-27 13:34:25 -07:00
Tony Holdstock-Brown
a5aaae1f06
Ensure GC continues marking if _manifests is nonexistent
...
Signed-off-by: Tony Holdstock-Brown <tony@docker.com>
2016-04-27 13:33:36 -07:00
Richard Scothern
6a992e1348
Merge pull request #1675 from sergeyfd/master
...
Fix wording for dry-run flag in usage message for garbage collector.
2016-04-27 10:08:53 -07:00
Serge Dubrouski
32193bdcf0
Fix wording for dry-run flag in useage message for garbage collector.
...
Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com>
2016-04-26 19:44:23 -06:00
Andrew Hsu
09a9b0cf90
separate the go/non-go imports and reorder
...
Signed-off-by: Andrew Hsu <andrewhsu@acm.org> (github: andrewhsu)
2016-04-26 14:33:54 -07:00
Richard Scothern
47d14555c0
Merge pull request #1644 from fh1ch/clarify-kid-format
...
Clarify kid format for JWT token auth in docs
2016-04-25 17:01:15 -07:00
Richard Scothern
d654cfd985
Merge pull request #1623 from dmcgowan/docker-integration-readme
...
Integration test readme update
2016-04-25 16:10:19 -07:00
Richard Scothern
c83afea0c9
Merge pull request #1660 from jhaohai/cn-north-1-fix
...
Add cn-north-1 to valid check
2016-04-25 16:07:54 -07:00
Richard Scothern
ef32134592
Merge pull request #1666 from sergeyfd/master
...
Add blobWrtiter.Close() call into blobWriter.Commit()
2016-04-25 16:02:48 -07:00
Richard Scothern
96f796fb01
Merge pull request #1670 from vadmeste/fix_parts_sorting
...
s3 driver: Sorting completed parts by part number for a better accordance with S3 spec
2016-04-25 16:02:17 -07:00
Andrew Hsu
c4df027d41
modify redirect test to include port
...
Signed-off-by: Andrew Hsu <andrewhsu@acm.org> (github: andrewhsu)
2016-04-25 11:52:46 -07:00
Andrew Hsu
fe9509f8f3
added config doc for redirect middleware
...
Signed-off-by: Andrew Hsu <andrewhsu@acm.org> (github: andrewhsu)
2016-04-25 11:52:39 -07:00
Andrew Hsu
80248c3d3a
scheme and host mandatory in baseurl
...
Signed-off-by: Andrew Hsu <andrewhsu@acm.org> (github: andrewhsu)
2016-04-25 11:52:25 -07:00
Andrew Hsu
059bc5f5ef
separate the go/non-go imports and reorder
...
Signed-off-by: Andrew Hsu <andrewhsu@acm.org> (github: andrewhsu)
2016-04-25 11:52:03 -07:00
Anis Elleuch
987faca8a6
Sorting completed parts by part number for a better accordance with the S3 spec
...
Signed-off-by: Anis Elleuch <vadmeste@gmail.com>
2016-04-23 22:36:04 +01:00
Serge Dubrouski
21f38a74e6
Add blobWrtiter.Close() call into blobWriter.Commit()
...
Signed-off-by: Serge Dubrouski <sergeyfd@gmail.com>
2016-04-22 19:23:17 -06:00
Andrew Hsu
4b217ccbf5
add middleware storage driver for redirect
...
Signed-off-by: Andrew Hsu <andrewhsu@acm.org> (github: andrewhsu)
2016-04-21 16:02:52 -07:00
jhaohai
f76c622d8c
add cn-north-1 to valid check
...
Signed-off-by: jhaohai <jhaohai@foxmail.com>
2016-04-21 11:51:34 +08:00
Richard Scothern
cd27f179f2
Merge pull request #1635 from hopkings2008/notifytype
...
use context.GetLogger to replace logrus in listener
2016-04-19 10:04:23 -07:00
Fabio Huser
17756eb43e
Clarify kid format for JWT token auth in docs
...
The kid value can have an arbitrary format according JOSE specification, but Docker distribution expects a specific format (libtrust fingerprint) to work. This is not written in the documentation so far and is only mentioned in the libtrust source code itself.
Signed-off-by: Fabio Huser <fabio@fh1.ch>
2016-04-17 12:04:15 +02:00
Richard Scothern
9d491698cc
Merge pull request #1641 from RichardScothern/ifollowtherules
...
Correction for JSON example.
2016-04-15 09:52:20 -07:00
Richard Scothern
b72d74464a
Correction for JSON example.
...
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-04-15 09:22:44 -07:00
yuzou
f2686b8db4
use context.GetLogger to replace logrus in listener
...
Signed-off-by: yuzou <zouyu7@huawei.com>
2016-04-15 11:18:26 +08:00
Richard Scothern
05b0ab0302
Merge pull request #1630 from hopkings2008/notifytype
...
fix typepo for log message of layer push event in blobServiceListener…
2016-04-14 10:39:58 -07:00
yuzou
098005177f
fix typepo for log message of layer push event in blobServiceListener Put function.
...
Signed-off-by: yuzou <zouyu7@huawei.com>
2016-04-14 16:41:35 +08:00
Richard Scothern
e90ff92895
Merge pull request #1625 from moxiegirl/fix-1598
...
Updated per conversation with Richard
2016-04-13 09:46:43 -07:00
Mary Anthony
6bce49d51d
Updated per conversation with Richard
...
Removing draft
Richard's comments and some fixes
Signed-off-by: Mary Anthony <mary@docker.com>
2016-04-13 06:43:11 -07:00
Derek McGowan
ab2394446c
Integration test readme update
...
Updates the readme to mention running the tests using golem.
Also provides instructions for making test development easier.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-04-12 14:03:56 -07:00
Richard Scothern
c6f63e298e
Merge pull request #1619 from RichardScothern/gc-docs
...
Extend garbage collection documentation.
2016-04-12 10:25:43 -07:00
Richard Scothern
f9bcbd44ca
Extend garbage collection documentation.
...
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-04-11 17:43:25 -07:00
Richard Scothern
467fc068d8
Merge pull request #1622 from aaronlehmann/schema2-config-mediatype
...
Use correct media type for config blob in schema2 manifest
2016-04-11 17:23:03 -07:00
Aaron Lehmann
2de3f1a62a
Use correct media type for config blob in schema2 manifest
...
The schema2 manifest builder fills in this part of the manifest based on
the descriptor it gets back from BlobIngester's Put method. It passes
the correct media type to Put, but Put ends up replacing this value with
application/octet-stream in its return value.
This commit works around the issue in the manifest builder. Arguably Put
should not be changing the media type in its return value, but this
commit is a targeted fix to keep it very low-risk for possible inclusion
in Docker 1.11.
Fixes #1621 (but maybe we should open a separate issue for the media
type behavior in the distribution client, and the unnecessary stat).
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-04-11 17:05:41 -07:00
Richard Scothern
4c119524f1
Merge pull request #1604 from ArdaXi/custom-s3-skip-region-check
...
Only check validity of S3 region if not using custom endpoint
2016-04-08 15:38:24 -07:00
Richard Scothern
437eeeda44
Merge pull request #1605 from majewsky/swift/deal-with-outdated-container-listings
...
registry/storage/swift: detect and fix outdated container listings
2016-04-08 15:38:06 -07:00
Richard Scothern
55f1b7651f
Merge pull request #1590 from RichardScothern/s3-permission-scopes
...
Document required IAM permissions for S3 storage driver.
2016-04-06 14:46:12 -07:00
Richard Scothern
e4817cfc94
Remove ListAllMyBuckets from the S3 permission scope.
...
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-04-06 14:22:08 -07:00
Stefan Majewsky
67321cb622
detect outdated container listings during Stat() and getAllSegments()
...
Signed-off-by: Stefan Majewsky <stefan.majewsky@sap.com>
2016-04-06 15:21:27 +02:00
Arien Holthuizen
dbb6e28da2
Only check validity of S3 region if not using custom endpoint
...
Signed-off-by: Arien Holthuizen <aholthuizen@schubergphilis.com>
2016-04-06 13:38:09 +02:00
Richard Scothern
27e0be3e95
Merge pull request #1583 from dmcgowan/golem-integration-tests
...
Update docker integration tests to use golem
2016-04-05 15:38:01 -07:00
Richard Scothern
75e55632fd
Merge pull request #1597 from tonyhb/log-upload-copy-errors
...
Ensure we log io.Copy errors and bytes copied/total in uploads
2016-04-05 09:46:12 -07:00
Derek McGowan
2ea61dc04f
Add temporary cache directory
...
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-04-04 19:57:40 -07:00
Derek McGowan
17f7f60d77
Update docker integration tests to use golem
...
Use registry example from golem repository.
Use the golem test runner for the docker integration environment
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-04-04 19:57:40 -07:00
Tony Holdstock-Brown
25c5efdef9
Ensure we log io.Copy errors and bytes copied/total in uploads
...
Signed-off-by: Tony Holdstock-Brown <tony@docker.com>
2016-04-04 17:21:36 -07:00
Richard Scothern
20fa47886d
Merge pull request #1592 from estesp/manifest-spec-example-fix
...
Correct examples and architecture references in v2.2 spec
2016-04-04 10:39:54 -07:00
Phil Estes
bf9f80eaff
Correct examples and architecture references in v2.2 spec
...
Add link to the official list of $GOOS and $GOARCH values and correct
values that were incorrectly listed in the spec examples.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
2016-04-03 17:50:22 -04:00
Olivier Gambier
ff6f38ccb6
Merge pull request #1588 from aaronlehmann/golint-godep-location
...
Makefile: don't look for golint and godep in specific places
2016-03-31 15:21:40 -07:00