contains equal length History and FSLayer arrays.
This is required to prevent malformed manifests being put to the registry and
failing external verification checks.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
There is a constraint on the length of the name in a reference, so
WithName should be checking this instead of potentially creating a
reference that doesn't comply with the rules.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This was using a different regexp from the intended one. This meant that
tags with uppercase characters were not accepted.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This extends the specification for the Bearer token response to include
information pertaining to when an issued Bearer token will expire.
This also allows the client to accept `access_token` as an alias for `token`.
Signed-off-by: Matt Moore <mattmoor@google.com>
The docs don't render emoji, so replaced the `⚠️` with
a `**Warning**:` to keep the formatting consisten with
`**Note**:` used in other parts of the docs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The proxy scheduler implemented its own timer state machine. It's
simpler and more efficient to leverage the Go runtime's timer heap by
using time.AfterFunc.
This commit adds a time.Timer to each scheduler entry, and starts and
stops those timers as necessary. Then the mainloop goroutine and its
associated logic are not needed.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This adds a variable to help nginx add the
Docker-Distribution-Api-Version when using basic auth, and not add the
header when it sees it from the upstream.
Also fix some minor spelling/grammar issues.
Signed-off-by: Sharif Nassar <sharif@mrwacky.com>
To ensure that we only unmarshal the verified payload into the contained
manifest, we first copy the entire incoming buffer into Raw and then unmarshal
only the Payload portion of the incoming bytes. If the contents is later
verified, the caller can then be sure that the contents of the Manifest fields
can be trusted.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Various improvements motivated by early real-world use in engine code
under development:
- Make `WithDigest` return `Canonical`, since the return value always
has a name and a digest.
- Introduce a `NamedTagged` type, which can be used for strongly typing
cases where something must have a name and a tag.
- Rename `ParseNamed` to `WithName`, and create a
`ParseNamed` that accepts tags and digests (returning a `Named` type).
The new `ParseNamed` makes code using the reference package much less
verbose, since typical use cases require a name, and this is an
additional type assertion and error case after every `Parse` call.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
These functions allow a Named type to be combined with a tag or a
digest. WithTag will replace the ImageReference function in
github.com/docker/docker/utils as the Docker Engine transitions to the
reference package.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>