-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds support for oci manifests and manifestlists #2076
Conversation
registry/handlers/images.go
Outdated
isAnOCIManifest := isSchema2 && (schema2Manifest.MediaType == ocischema.MediaTypeManifest) | ||
isAnOCIManifestList := isManifestList && (manifestList.MediaType == manifestlist.MediaTypeOCIManifestList) | ||
|
||
badCombinations := [][]bool{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Classic example of why to avoid bools to ascertain support.
Please refactor this method to handle these different cases in a way that is maintainable in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aight.. yeah was one of the things I didn't refactor from 2021 bit ugly ..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikebrow I see. 🐹 🎈
May want to refactor this before we do a big change...
I don't have a better suggestion for this yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can replace the bad combo list with easier to read/update error checks.. like this:
if (isSchema2 && !isAnOCIManifest) && (supportsOCISchema && !supportsSchema2) {
fmt.Printf("\n\nmanifest is schema2 but accept header only supports OCISchema \n\n")
w.WriteHeader(http.StatusNotFound)
return
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this comment will be addressed with update
MediaTypeManifestList = "application/vnd.docker.distribution.manifest.list.v2+json" | ||
// MediaTypeOCIManifestList specifies the mediaType for OCI compliant manifest | ||
// lists. | ||
MediaTypeOCIManifestList = "application/vnd.oci.image.manifest.list.v1+json" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure that these packages should do duel-OCI-docker support, as it may make subtle differences hard to manage for future contributors.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I should hope there are never any differences in functionality between OCIManifestList and docker ManifestList... Since it's currently in synch.. there is a bit of good karma here in keeping it the same package :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OCI has added fields that Docker's format does not have.
Codecov Report
@@ Coverage Diff @@
## master #2076 +/- ##
==========================================
- Coverage 60.8% 51.55% -9.26%
==========================================
Files 129 132 +3
Lines 11901 12122 +221
==========================================
- Hits 7236 6249 -987
- Misses 3764 5092 +1328
+ Partials 901 781 -120
Continue to review full report at Codecov.
|
manifest/ocischema/manifest.go
Outdated
} | ||
|
||
// Manifest defines a schema2 manifest. | ||
type Manifest struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any way we can better leverage opencontainers/image-spec/specs-go
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about we vendor it, import it, and refactor this code after they have an approved v1.0.0?
Otherwise, yes I can do that.
Side note: I see we are missing OCI manifest annotations support...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As an aside would have to do the split ocimanifest list out as a separate package if we're to bring in opencontainers/image-spec/specs-go.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikebrow annotations support, is that lacking on this PR or something needed on the OCi-side?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lacking in the PR.. the field wasn't in the manifest struct.. was probably added to the oci spec after you guys started this code. Will pick it up when vendoring in the oci spec go code. Not sure what we'll need to do, if anything, to make it first class or if we should just store and retrieve.
For example, should we close it or just take it as a proposed change? |
@@ -110,7 +110,7 @@ type FileWriter interface { | |||
// number of path components separated by slashes, where each component is | |||
// restricted to alphanumeric characters or a period, underscore, or | |||
// hyphen. | |||
var PathRegexp = regexp.MustCompile(`^(/[A-Za-z0-9._-]+)+$`) | |||
var PathRegexp = regexp.MustCompile(`^(/[A-Za-z0-9._:-]+)+$`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What new paths are we storing? This addition of :
will break the registry on windows.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From Vince's notes: "Added : to the regexp used to determine valid paths, which is necessary for the prepending of oci:"
This is for prepending "oci:" for all tags applied to oci manifests to keep the oci: tags separate from the docker tags for docker images.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Guess windows has ":" reserved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will change the prepending to "oci." instead of "oci:"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changing to oci. with the update
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, we simply don't use schemes and namespaces in tags. This is a horrid hack and not really workable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wish I new that before I tried to make it work :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like this change still needs to be removed.
manifest/ocischema/builder.go
Outdated
|
||
// Add config to the blob store | ||
m.Config, err = mb.bs.Put(ctx, MediaTypeConfig, mb.configJSON) | ||
// Override MediaType, since Put always replaces the specified media |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
`since Put always replaces the specified media
- // type with application/octet-stream in the descriptor it returns.`
This behavior is not fixed. We can change that, if necessary.
Either way, this code should not make assumptions about what config is pointed to. It should really take this as an argument to the constructor.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I took a look at changing this and that led me to the blobStore.Put code which states the following at line 77 of registry/storage/blobstore.go:
// TODO(stevvooe): Write out mediatype here, as well.
return distribution.Descriptor{
Size: int64(len(p)),
// NOTE(stevvooe): The central blob store firewalls media types from
// other users. The caller should look this up and override the value
// for the specific repository.
MediaType: "application/octet-stream",
Digest: dgst,
}, bs.driver.PutContent(ctx, bp, p)
Simple enough to change this to use the passed in mediaType.. but not sure what you meant by it's supposed to firewall the media types.. :-) Just confirming.. do you want me to change this code in blobstore to use the passed in mediaType and go remove all the overwrites being done after puts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
or should this change coincide with some sort of filter/approver being added for puts coming in through the blobServiceListener?
I recoded 2021 (starting mostly from scratch)... to fix some testing bugs in #2021, and more importantly to move it from the design in 2021 where the docker schema2 was overloaded to also have oci support in it, to a design with a new schema type. You didn't like the design in 2021 so I started it over :-) This can be merged on top of 2021 or we can just start from here. |
@mikebrow This approach looks like a good start. Mostly, we would like to make this as simple as using |
Thanks for doing this @mikebrow ! |
Done
…On Wed, Nov 23, 2016, 21:10 Stephen Day ***@***.***> wrote:
@vbatts <https://github.com/vbatts> Should we close #2021
<#2021>?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2076 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAEF6WkWQo6dcvEmiNM9knqR8USHaZnkks5rBPIEgaJpZM4K4uct>
.
|
What's next here? |
@vbatts v1.0 spec hopefully :) Discussed this a little bit yesterday. Given the current timeline we should aim for having this in the 2.8 registry release. We can possibly time such a release around the release of v1.0 image spec as well. The 2.7 release should probably be done sooner and not wait for this change. Would it be helpful if we milestoned this? Maybe we can consider merging this using the image spec release candidate after we cut a 2.7 release branch. |
good to hear. All the pieces of the OCI mediatypes that this deals with are
pretty calm.
…On Wed, Apr 5, 2017 at 2:53 PM Derek McGowan ***@***.***> wrote:
@vbatts <https://github.com/vbatts> v1.0 spec hopefully :)
Discussed this a little bit yesterday. Given the current timeline we
should aim for having this is a 2.8 registry release. We can possibly time
such a release around the release of v1.0 image spec as well. The 2.7
release should probably be done sooner and not wait for this change.
Would it be helpful if we milestoned this? Maybe we can consider merging
this with the image spec candidate after we cut a 2.7 release branch.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2076 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAEF6cx8q71aQlYIQ9mQRu_Z4T16IcrMks5rs-MVgaJpZM4K4uct>
.
|
@mikebrow ready to rebase this??? 🤓 |
@mikebrow Pretty please? It is time... 💯 🥇 |
cool.. I'm on it.. |
👾 ✨ |
PR rebased.. and nit comments addressed. |
The only comment I didn't address (I believe) is vendoring the image spec and refactoring this code to use it. Want to do that on a subsequent PR or this one? Oh yeah and it's missing annotations support. |
OCI Image manifests and indexes are supported both with and without an embeded MediaType (the field is reserved according to the spec). Test storing and retrieving both types from the manifest store. Signed-off-by: Owen W. Taylor <[email protected]>
Please sign your commits following these rules: $ git clone -b "ocitype" [email protected]:mikebrow/distribution.git somewhere
$ cd somewhere
$ git rebase -i HEAD~842354379640
editor opens
change each 'pick' to 'edit'
save the file and quit
$ git commit --amend -s --no-edit
$ git rebase --continue # and repeat the amend for each commit
$ git push -f Amending updates the existing PR. You DO NOT need to open a new one. |
Handle OCI manifests and image indexes without a media type Signed-off-by: Mike Brown <[email protected]>
@dmcgowan @crosbymichael FYI.. this is the PR for OCI support in the registry that we discussed at the dockercon containerd maintainer face to face. |
Thanks for the ping @mikebrow |
manifest/ocischema/builder.go
Outdated
} | ||
|
||
// SetMediaType is for testing purposes, we want to be able to create an OCI image with | ||
// either an MediaType either empty, or with the OCI image value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be reworded
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reworded...
Signed-off-by: Mike Brown <[email protected]>
I was testing this with containerd and pushes work but on a pull i get an error registry logs:
ctr
|
manifest/ocischema/builder.go
Outdated
// valid media type for oci image manifests currently: "" or "application/vnd.oci.image.manifest.v1+json" | ||
func (mb *Builder) SetMediaType(mediaType string) { | ||
if mediaType != "" && mediaType != v1.MediaTypeImageManifest { | ||
panic("Invalid media type for OCI image manifest") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we sure we want a panic here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. Addressed.
} | ||
) | ||
|
||
func init() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this how distribution handles things or can this be moved out of an init?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's how distribution registers the manifest media types (schema types), see:
https://github.com/docker/distribution/blob/master/manifest/schema2/manifest.go#L56
for the example that registers docker's schema2 manifest.
In this case we're setting up to handle "application/vnd.oci.image.manifest.v1+json"
Signed-off-by: Mike Brown <[email protected]>
Initially I was thinking it made sense, given oci schema's near identical alignment with docker schema2 manifests to go with version 2 as the initial oci schema manifest version number. WDYT make it 0, 1, or stick with 2? |
|
Signed-off-by: Mike Brown <[email protected]>
LGTM |
LGTM Thanks everyone for testing this and your patience. Note to use the OCI manifests with Docker you will need to update to a newer version which has support for these media types. Support is being backported to all supported version of Docker released in the last year. |
Oh man y'all
…On Fri, Jul 20, 2018, 13:21 Derek McGowan ***@***.***> wrote:
Merged #2076 <#2076>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2076 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAEF6cD5qxiv_CFCIKq2uSwLCnYOC8Wiks5uIhGcgaJpZM4K4uct>
.
|
Here is a draft of the oci manifest/manifest lists that addresses @stevvooe 's request in pr #2021 for oci manifest to be it's own schema.
Also fixes some test case failure issues.
Signed-off-by: Mike Brown [email protected]