Now that canonicalRef merely wraps a distreference.Canonical, adding no
functionality, just use a distreference.Canonical directly.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Similar to the .our/.upstream dance in namedRef, add a second,
write-only implementation in canonicalRef. Except now we go a bit faster
and skip the .our/.upstream member names.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Now that taggedRef merely wraps a distreference.NamedTagged, adding no
functionality, just use a distreference.NamedTagged directly. This also
simplifies XWithTag to merely call distreference.WithTag.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Instead, call NamedTagged.Tag in all users.
XNamedTagged is now equivalent to distreference.NamedTagged.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Similar to the .our/.upstream dance in namedRef, add a second,
write-only implementation in taggedRef. Except now we go a bit faster
and skip the .our/.upstream member names.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Instead call distreference.FamiliarString() for SOME uses, generally for
error messages and StringWithinTransport().
In signature/policy_reference_match.go and signature/docker.go, where we
care about equality but not exactly about the kind of normalization, call
XNamed.String() instead, with the same rationale as the earlier
Name/FamiliarName choice.
In copy.Image, when creating a singature, use .String() (i.e. the fully
explicit form), for that extra bit of safety.
In tests, generally use the simpler .String() and modify expected
results, instead of calling FamilarString().
XNamed is now equivalent to distreference.Named, all the extra methods
have went away.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Instead call distreference.FamiliarName() in SOME uses.
In signature/policy_reference_match.go, where we care about equality but
not exactly about the kind of normalization, call XNamed.Name()
instead. That compares the fully-explicit instaed of the
fully-minimized name forms. If both canonicalizations are consistent,
this should not matter—and if they weren’t, using the fully explicit
form should be safer. (Also, .Name() is likely to be a bit faster, but
that really doesn’t matter all that much.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Instead of embedding a distreference.Named as a private field, embed it
as an anonymous field, making namedRef a valid distreference.Named
implementation.
This is EXTREMELY ugly. In theory, docker/distribution/reference
should be able to work with any valid input implementing
distreference.Named() equally, based on only what the public method
implementations return. In practice, the code expects specific
implementations of internal interfaces, and merely embeding a
distreference.Named into our struct makes our struct _not_ implement
these internal interfaces. We are forced to explicitly define
forwarding methods, using an undocumented knowledge that the returned
distreference.Named implements them.
Soon enough we will completely eiliminate namedRef and use a
distreference.Named directly, and then distreference can keep playing
these ugly games without us having to care.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Now that namedRef.our values are only used for computing other
namedRef.our values, drop the struct member and all code computing it,
including the entirety of our normalization code.
We still keep .upstream as a private member instead of using
distreference.Named directly, or making namedRef an implementation of
distreference.Named.
BEHAVIOR CHANGE: We used to minimize the input and then check whether it
is a 64-char hex string, now distreference.ParseNormalizedNamed first
checks for a 64-char hext string and then normalized (and by expanding,
not minimizing). Hence, things like docker.io/$64hexchars are now
accepted, which is a behavior change (noticed by the tests). Though,
there is really no risk of confusing such a value with a digest reference,
so this behavior change seems quite acceptable.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Call the newly provided distreference.FamilarName and
distreference.FamiliarString instead of using our minimal canonical
version.
This removes the last “externally-visible” uses of .our.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
In the “new” methods introduced in docker/reference.[X]Named,
to return the fully expanded host/path/both, instead of using .our and
expanding it in splitHostname, rely on the fully-expanded .upstream and
its fully-expanded .Name(), and the newly introduced
distreference.Domain() and distreference.Path() helpers.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Start transitioning from .our uses to .upstream. First in the simplest
cases: taggedRef.Tag() and canonicalRef.Digest() are values in principle
unaffected by the name canonicalization, so this should be an obviously
correct change which does not change behavior.
Starting with this one to demostrate the principle of moving step by
step.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
To start a transition to the upstream distreference.Named
canonicalization semantics, first start computing the upstream value:
In namedRef (and its subtypes), carry BOTH an "our" field (with existing
semantics, canonical = minimal) and "upstream" field (with the upstream
semantics, canonical = fully explicit).
.upstream is currently essentially write-only: it is used _only_ to compute
further .upstream values. Therefore, this does not change behavior
(perhaps apart from a bit more error checking which now happens on the
upstream value).
To make this reasonably possible, some of the public methods return a
*namedRef instead of a public type, which breaks golint. This is
temporary.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is an intermediate step which will eventually go away.
The goal of this PR is to get rid of c/i/docker/daemon/reference and to
replace uses of it by direct calls to docker/distribution/reference.
We can't do that safely and easily, because the two have different
semantics for reference.Named.Name() and reference.Named.String(): we
return a minimized version, e.g. "busybox", upstream returns an expanded
version, e.g. "docker.io/library/busybox".
BEFORE this commit the difference is hidden by using
docker/distribution/reference.WithName, which allows using the minimized
version, and works with it correctly; but because we want to use the
upstream canonicalization code, which will change semantics, we can't
just mix and match.
To make the distinction explicit, this commmit adds an X to ALL public
names from c/i/docker/daemon/reference. E.g. a reference.XNamed type,
which has methods XName and XString.
This is pretty large, but does not change behavior at all. By
inspection it is clear to see that reference.XNamed and subtypes does
not expose any of the non-X, conflicting, method names.
Using e.g.
> git diff --word-diff-regex=.|grep -F '{+'|grep -v '^\([^{]\|{+X+}\)*{\?$'
it is possible to see that most lines in this diff only add a single X
letter, and manually inspect the few lines which don't match the regexp.
The only REALLY new code is an explicit definition of namedRef.XName()
and namedRef.XString(), and two newly added casts to namedRef in cases
where we need to use the underlying distreference.Reference within
a reference.XNamed value. Strictly speaking these changes change
behavior, in that third-party implementations of reference.XNamed are no
longer accepted; but we broke them by renaming at all.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
docker/distribution/reference.ParseNamed now (as of
6170ac53daed40ebbebc9fe5f482495d01f09f12) refuses input in a
non-fully-explicit form; the new ParseNormalizedNamed accepts it and
normalizes it into the fully explicit form. (One would expect it to be
the other way around…)
So, use ParseNormalizedNamed now. This is a minimal fix for the failing
tests.
Because docker/distribution/reference now does all the normalization, we
can use it and drop our docker/docker/reference fork (which will go away
upstream), at least in the short term. (Longer-term we may need to
reintroduce it again if projectatomic/docker decided to modify _that_.)
But that’s more than just fixing the tests, so that will be a separate
PR.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
There has been a change in upstream (docker/distribution), where they
now require users of the digest library to load algorithms into the
binary (in other words they do .Available checks on crypto algorithms).
This fixes the unit test failures with "unsupported digest algorithm".
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Miloslav Trmač