... to prevent panics if the value does not contain a :, or other unexpected
values (e.g. a path traversal).
Don't bother on paths where we computed the digest ourselves, or it is already trusted
for other reasons.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Add support to push image with unknown digest and no tag to
a registry. This will be used by farm build to construct a list
of multi arch builds after pushing images built on each node.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Enable HTTP(S) keep-alive to improve network performance and reduce
latency. We need several HTTP(S) requests before we get to request the
blob and each of them requires a new HTTP(S) connection and that slows
down significantly pulling images, especially on networks with a
higher latency (e.g. wifi).
This will allow multiple requests to be sent over a single connection,
reducing the overhead of establishing new connections for each
request.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We are trying to speed up startup time of apps based on
containers/image regex takes some time on every start
when in init. Moving this to a sync.Once should not
effect any change on the system.
Only changing internal regexp, since changing external would be a
breaking change to the library.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
... instead of httpResponseToError, or even raw manual error
logging.
NOTE: This breaks status-based checks, like 401 and 429.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
`github.com/pkg/errors` is deprecated since quite some time so we now
use the native error wrapping for more idiomatic golang.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
NOTE design decisions:
- We can read Cosign data from lookaside
- We ONLY write Cosign data to Cosign attachments, never
to lookaside; because lookaside is set up by default, that
would be too confusing.
- We ONLY use Cosign attachments at all if the user opts in
via registries.d.
One concern is performance impact of the extra round-trip
for large-scale operations like (skopeo sync).
Short-term, a much more worrying is the risk that we probably
have the "is this failure just a missing atachment manifest,
or a real failure reading it?" heuristic wrong, so without an
opt-in, _all_ image reads are going to fail. This might eventually
go away after more testing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is a bit more repetitive in most callers. The benefit is
that we only read the files once per newImageSource, even if there
are multiple mirrors.
We will also read more items from the config.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is not locally worth it, but it is a proof of the concept,
and consistent with stubs.ImplementsPutBlobPartial.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This matches internal/imagedestination/impl.Properties; it's not
quite worth it for the single value, but the consistency is
attractive.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This will allow imports of errors and pkg/errors to
coexist in a single package, avoid adding accidental
new uses via errors.New(), make any potential new
additions more visible in reviews.
Files that can import errors only (typically
because they only use errors.New) have been updated to
that import instead of renaming.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This means we won't save the stack, which is cheaper
(and possibly might break callers' format strings that
want to print the stack, but we never promised the stack
to be available).
Use either fmt.Errorf, or errors.New (usually as a local
edit, not carring about errors.new vs. pkg/errors.New;
that's going to be cleaned up later).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
CloudFront returns an unquoted ':' in the boundary, special handle it.
It is needed for partial pulls from quay.io.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Per https://github.com/containers/image/issues/1010 , it seems
the header is not populated by AWS ECR.
We were actually computing the digest from the manifest bytes
already, so this is both more robust and simpler.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Mostly just name changes that should not change behavior,
apart from ioutil.ReadDir -> os.ReadDir avoiding per-item
lstat(2) in some cases.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... to be at least a bit protected against credentials in logs.
I did try to find all uses, but it's possible I have missed some.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is, sadly, wasteful, because NewRequestWithContext() only accepts
a string and parses it again, but it gives us more type safety, and simplifies
at least some callers.
Most importantly, this will also allow us to call url.Redacted() for logging.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Following the now-established pattern, introduce private.ImageSource
(with a new SupportsGetBlobAt() method), implement it in
dockerImageSource, and use a wrapped version in c/image/copy.
This gives us private.ImageSource and private.ImageDestination,
to allow for future features.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The way we actually use this, injecting a progress-reporting
proxy, the PutBlobPartial method doesn't have access to the
full ImageSource; so, differentiate more clearly between
this small interface and an ImageSource.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The goal is to establish a practical/convenient naming for
internal-only interfaces, now that we are going to start using them
much more frequently.
Design concerns:
- Don't duplicate any public package name (to avoid the
publicTypes/internalTypes names in every single user).
Rules out "types", "image" (as in "image.Destination").
- Don't just use "internal", to keep that around for
very localized private utilities, like oci/internal
"private", as a more or less synonym to "internal", seems
to work acceptably well: we will have types.ImageDestination
and private.ImageDestination.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
No point in handling them in generic code, and callers that
aren't expecting StatusPartialContent could be confused.
Should not change behavior of GetBlobAt; might in change behavior of
other callers if they unexpectedly received the relevant HTTP status
codes.
This ~mechanically moves the code without much restructuring.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
ghcr.io converts a multirange request to a 200 response when the
client request too much data.
If the server replies with a 200 status to a partial request then
split the body ignoring any additional content that wasn't requested
by the caller.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
add inline documentation to clarify the expectation for the chunks
specified to the GetBlobAt() function.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
... just for the general principle of avoiding hard-coded
copy&pasted data.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Podman and other tools already add Error: to the front of returned error
message, and this ends up as a stutter.
podman pull fedora.io/fred
Trying to pull fedora.io/fred:latest...
Error: Error initializing image from source docker://fedora.io/fred:latest: invalid character '<' looking for beginning of value
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add DockerLogMirrorChoice to types.SystemContext for keeping log level of the physical pull source of images.
Crio could set it log the image source if it's from a mirror.
Signed-off-by: Qi Wang <qiwan@redhat.com>
While container/image is not affected by CVE-2020-15157 future
generations may wonder why authentication is turned off on additional
URLs provided by certain blobs.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Set default rootless sigstore to ~/.local/share/containers/sigstore if the caller is non-root.
Export the func ConfiguredSignatureStorageBase() for Podman image sign implementation.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Miloslav Trmač