Commit graph

1627 commits

Author SHA1 Message Date
Luke Carpenter
58e5c619ac Include configuration explanation for intermediate TLS certificates
Intermediate certificates are issued by TLS providers who themselves are
an intermediate of a certificate in the trust store. Therefore, to prove
the chain of trust is valid, you need to include their certificate as
well as yours when you send your certificate to the client.

Contrary to what I said in issue #683, distribution can handle these
certificate bundles like nginx. As discussed in #docker-distribution,
I have updated the deployment documentation (which recommends the use of
a TLS certificate from a provider) to include instructions on how to
handle the intermediate certificate when a user is configuring
distribution.

Signed-off-by: Luke Carpenter <x@rubynerd.net>
2015-07-09 23:33:08 +01:00
Mary Anthony
fa32197c81 Fixing old ref to DHE to DTR fixes #681
Signed-off-by: Mary Anthony <mary@docker.com>
2015-07-08 14:05:49 -07:00
Derek McGowan
bdcae0597f Merge pull request #544 from dmcgowan/refactor-client-auth
Refactor client auth
2015-07-08 11:54:07 -07:00
Derek McGowan
8fc782ae09 Fix typo in Version doc
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-08 11:02:47 -07:00
Derek McGowan
3531b22b46 Add challenge manager interface
Challenger manager interface is used to handle getting authorization challenges from an endpoint as well as extracting challenges from responses.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-01 15:00:25 -07:00
Derek McGowan
c8fac94617 Separate version and challenge parsing from ping
Replace ping logic with individual functions to extract API version and authorization challenges. The response from a ping operation can be passed into these function. If an error occurs in parsing, the version or challenge will not be used. Sending the ping request is the responsibility of the caller.
APIVersion has been converted from a string to a structure type. A parse function was added to convert from string to the structure type.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-01 15:00:25 -07:00
Derek McGowan
5a7dab4670 Refactor client auth
Move client auth into a separate package.
Separate ping from the authorizer and export Challenges type.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-01 15:00:25 -07:00
Stephen Day
c56e28826e Merge pull request #670 from stevvooe/remove-ipc
Remove half-baked Storage Driver IPC support
2015-06-30 19:21:54 -07:00
Stephen Day
457c8d1563 Merge pull request #656 from jpoler/master
Increase timeout of http.Client for Docker Registry V2 client.
2015-06-30 19:07:53 -07:00
Jon Poler
f09051fe54 Remove timeout for http.Client in registry/client/repository.go.
Timeouts should not be a discrete period of time, because they end
up being arbitrary and may be difficult to gauge correctly against
very large Docker layers. Rather, timeouts should be set at the
transport level using the SetDeadline attribute on a net.Conn
object.

Signed-off-by: Jon Poler <jonathan.poler@apcera.com>
2015-06-30 17:35:24 -07:00
Stephen Day
c1423aa2aa Merge pull request #675 from RichardScothern/fix-ctx
Pass correct context into tracer
2015-06-30 11:18:51 -07:00
Richard Scothern
3629aac84f Pass correct context into tracer
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-06-30 10:28:14 -07:00
Stephen Day
0122a6f1ff Merge pull request #667 from stevvooe/fix-broken-docs-link
Fix broken specification link in docs
2015-06-29 18:56:04 -07:00
Stephen Day
b61cb718c9 Merge pull request #673 from docker/amylindburg-patch-1
Add relevant goal to Roadmap
2015-06-29 18:06:05 -07:00
Amy Lindburg
84631b4d2b Add relevant goal to Roadmap
Signed-off-by: Amy Lindburg <amy.lindburg@docker.com>
2015-06-29 17:46:51 -07:00
Stephen Day
e266c684d0 Merge pull request #671 from RichardScothern/false-err
Prevent the ErrUnsupportedMethod error from being returned up the stack.
2015-06-29 16:53:40 -07:00
Stephen J Day
d3d4423ff7 Remove half-baked Storage Driver IPC support
This removes documentation and code related to IPC based storage driver
plugins. The existence of this functionality was an original feature goal but
is now not maintained and actively confusing incoming contributions. We will
likely explore some driver plugin mechanism in the future but we don't need
this laying around in the meantime.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-29 16:52:12 -07:00
Richard Scothern
0edb91185b Prevent the ErrUnsupportedMethod error from being returned up the stack.
It eventually causes the go http library to do a double WriteHeader()
which is an error

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-06-29 16:44:09 -07:00
Olivier Gambier
702d9ddcbc Merge pull request #668 from stevvooe/update-authors
Update AUTHORS file
2015-06-27 14:51:47 +02:00
Stephen J Day
b616f3f455 Update AUTHORS file
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-26 17:27:19 -07:00
Stephen J Day
17562b3f44 Fix broken specification link in docs
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-26 17:21:21 -07:00
Stephen Day
3830c87469 Merge pull request #666 from docker/revert-661-add-authentication
Revert "Updates to authentication"
2015-06-26 14:22:26 -07:00
Stephen Day
eec0e998af Revert "Updates to authentication"
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-26 14:21:57 -07:00
Stephen Day
5ed143bc06 Merge pull request #659 from vdemeester/specs-api-table-fix
Fix table render in specs/api.md
2015-06-26 10:17:35 -07:00
moxiegirl
16a63c8b78 Merge pull request #661 from moxiegirl/add-authentication
Updates to authentication
2015-06-26 03:22:34 -07:00
Mary Anthony
9510ef3637 Updates to authentication
Fixing heading not rendering
Fixing bad links:
deployed.md > deploying.md
spec/auth/token.md > /spec/auth/token.md

Signed-off-by: Mary Anthony <mary@docker.com>
2015-06-26 03:08:26 -07:00
Vincent Demeester
536e2fccf9 Fix table render in specs/api.md
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2015-06-26 10:34:48 +02:00
Stephen Day
763eefee55 Merge pull request #660 from moxiegirl/add-authentication
Adding metadata files
2015-06-25 18:02:44 -07:00
Mary Anthony
eec3ca02ba Adding metadata files
Signed-off-by: Mary Anthony <mary@docker.com>
2015-06-25 17:32:57 -07:00
Stephen Day
b6faf3fa9f Merge pull request #645 from RichardScothern/manifest-cache-headers
Cache headers for manifests.
2015-06-25 13:20:39 -07:00
Stephen Day
d0fda14e85 Merge pull request #570 from dmcgowan/docker-integration
contrib: Docker integration tests
2015-06-19 12:49:27 -07:00
Richard Scothern
1bc740b0d5 Add Etag header for manifests.
Return 304 (Not Modified) if retrieved with If-None-Match header

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-06-19 10:44:21 -07:00
Stephen Day
851d3c3459 Merge pull request #647 from duglin/BlobTestFix
Add 'message' back to BlobTest sample json
2015-06-18 18:51:47 -07:00
Doug Davis
7bb98181ab Add 'message' back to BlobTest sample json
Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-06-18 18:24:54 -07:00
Stephen Day
7549a2cca4 Merge pull request #646 from duglin/revertErrorsJSON
Add back in the "errors" wrapper in the Errors serialization
2015-06-18 18:17:21 -07:00
Doug Davis
cb45ec56ff Add back in the "errors" wrapper in the Errors serialization
See: https://github.com/docker/distribution/pull/548/files#r32794064

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-06-18 18:00:26 -07:00
Stephen Day
d2ca423500 Merge pull request #638 from duglin/MoveHTTPRC
Move challenge http status code logic
2015-06-18 12:03:29 -07:00
Stephen Day
0f01b997c7 Merge pull request #642 from dmp42/2.fixdocs
Fixed doc generation
2015-06-17 19:02:01 -07:00
Olivier Gambier
4e95367e55 Fixed doc generation
+ rollback the (now) unecessary changes

Signed-off-by: Olivier Gambier <olivier@docker.com>
2015-06-17 18:58:53 -07:00
Stephen Day
f89e584aa5 Merge pull request #637 from stevvooe/fix-build-without-rados
Ensure that rados is disabled without build tag
2015-06-17 18:38:27 -07:00
Doug Davis
c4eb195cc1 Move challenge http status code logic
See: 3ea67df373/registry/handlers/app.go (L498)

Per the comment on line 498, this moves the logic of setting the http
status code into the serveJSON func, leaving the auth.Challenge.ServeHTTP()
func to just set the auth challenge header.

Signed-off-by: Doug Davis <dug@us.ibm.com>
2015-06-17 18:23:55 -07:00
Olivier Gambier
b5977c0868 Merge pull request #641 from moxiegirl/hugo-test-fixes
Hugo final 1.7 Documentation PR -- please read carefully
2015-06-17 18:04:53 -07:00
Mary Anthony
1aa8b00bdf Adding in the better sed
Renaming to index.md;rereading of Hugo showed me my mistake; removing commented out/Markdown has no comment feature
Updating with Olivier. Yay! It looks great

Signed-off-by: Mary Anthony <mary@docker.com>
2015-06-17 17:31:13 -07:00
Stephen J Day
b65a4a8713 Ensure that rados is disabled without build tag
This ensures that rados is not required when building the registry. This was
slightly tricky in that when the flags were applied, the rados package was
completely missing. This led to a problem where rados was basically unlistable
and untestable as a package. This was fixed by simply adding a doc.go file that
is included whether rados is built or not.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-16 20:00:02 -07:00
Stephen Day
3ea67df373 Merge pull request #623 from ahmetalpbalkan/azure-vendor
storage/driver/azure: Update vendored Azure SDK
2015-06-16 17:41:38 -07:00
Ahmet Alp Balkan
daa22cacba storage/driver/azure: Update vendored Azure SDK
This change refreshes the updated version of Azure SDK
for Go that has the latest changes.

I manually vendored the new SDK (github.com/Azure/azure-sdk-for-go)
and I removed `management/` `core/` packages manually simply because
they're not used here and they have a fork of `net/http` and `crypto/tls`
for a particular reason. It was introducing a 44k SLOC change otherwise...

This also undoes the `include_azure` flag (actually Steven removed the
driver from imports but forgot to add the build flag apparently, so the
flag wasn't really including azure. 😄 ). This also must be obsolete
now.

Fixes #620, #175.

Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2015-06-16 17:13:44 -07:00
Stephen Day
25f9e314d2 Merge pull request #636 from stevvooe/uuid-generate-detect-eperm
Correctly detect EPERM on crypto/rand.Random.Read failure
2015-06-16 16:39:18 -07:00
Stephen Day
939b199154 Merge pull request #616 from RichardScothern/debug_build
Enable the registry to be built with debug symbols
2015-06-16 16:19:15 -07:00
Stephen J Day
7e35d16cb6 Correctly detect EPERM on crypto/rand.Random.Read failure
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2015-06-16 13:06:58 -07:00
moxiegirl
020bd0b45f Merge pull request #631 from moxiegirl/test-tooling
Updating for new docs build and tooling infrastructure 1.7 release; Thank you Olivier. I promise to look at all of this after Dockercon.  We'll make it perfect.
2015-06-15 17:57:25 -07:00