0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

199 commits

Author SHA1 Message Date
Ramkumar Chinchani
0d823092f8 README: bring doc up-to-date
Highlight distinguishing features.
Update ecosystem tools section.
2020-09-24 10:19:10 -07:00
Shivam Mishra
971404f6ee search/cve: fix log messages 2020-09-23 12:47:50 -07:00
Shivam Mishra
d63f715fe5 search/cve: exclude unsupported images from fixed-tag list.
If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list.

Fixes issue #130
2020-09-22 09:24:04 -07:00
Ramkumar Chinchani
31687991d4
Merge pull request #135 from shimish2/Issue-132
Fixes issue #132
2020-09-10 10:49:41 -07:00
Shivam Mishra
cd0206fe6c Fixes issue #132, if image does not have any fixed tags, empty list with no error should be returned 2020-09-08 16:41:06 -07:00
Ramkumar Chinchani
aa6683854f
Merge pull request #133 from tsnaik/cve-sort
cli: group CVEs by severity
2020-09-08 09:29:17 -07:00
Tanmay Naik
f5867ce0b6 cli: group CVEs by severity 2020-09-04 13:56:47 -04:00
Ramkumar Chinchani
ebfc5958dd
Merge pull request #123 from tsnaik/cve
cli: add commands for fetching CVE
2020-08-21 10:02:49 -07:00
Tanmay Naik
c590b86d14 cli: add commands for CVE
Uses GraphQL API of zot to fetch CVE info

- Get all images affected by a CVE (input: CVEID)
- Get all CVEs of a layer (input: image:tag)
- Get all layers of an image which have resolved a CVE (input: image,
CVEID)
- Get all layers of an image affected by a CVE (input: image, CVEID)
2020-08-21 12:42:01 -04:00
Ramkumar Chinchani
abc22dcdcd
Merge pull request #128 from shimish2/fixbuild
Enable wait option during travis ci build
2020-08-19 19:37:43 -07:00
Shivam Mishra
a8e5a01972 Enable wait option during travis ci build because bazel build takes time and does not print any message on console due to which build exits 2020-08-19 17:46:54 -07:00
Ramkumar Chinchani
2e7b7aec4f
Merge pull request #124 from shimish2/FixedTags
Add support to scan images for CVEs
2020-08-19 14:27:15 -07:00
Shivam Mishra
5f230bd8ff Added unit test cases 2020-08-19 00:19:35 -07:00
Shivam Mishra
ed254159a0 Added support for searching fixed tag given cve and an image 2020-08-18 23:53:04 -07:00
Shivam Mishra
72ae02ca4b Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-18 23:05:52 -07:00
Shivam Mishra
2cf2c16137 Added graphql api feature for image vulnerability scanning 2020-08-18 22:44:34 -07:00
Shivam Mishra
baa5d247ec Enable trivy db download and update 2020-08-18 21:46:17 -07:00
Shivam Mishra
e537f27f00 Added search extension and integrated trivy to support image vulnerability scanning 2020-08-18 21:03:48 -07:00
Ramkumar Chinchani
a06ad7e701
Merge pull request #127 from shimish2/dedupe-fix
Dedupe fix
2020-08-17 16:33:25 -07:00
Shivam Mishra
3a30290e08 Using "destRecord" as a path in DeleteBlob function instead of "dst".
dstRecord :- blob path stored in cache.
dst :- blob path that is trying to be uploaded.

Currently, if the actual blob on disk may have been removed by GC/delete, during syncing the cache dst is being passed to DeleteBlob function and retry section is being continuously called because DeleteBlob function never deletes dst path (doesn't exist in db), dstRecord should be passed into DeleteBlob function because dstRecord is actual blob path stored in db.

If dst and dstRecord path value is same then this issue will not be produced and DeleteBlob method will delete the blob info from cache but if both are different then DeleteBlob method will try to delete dst path which is not in cache.

Note:- boltdb delete method return nil even when value doesn't exist (https://godoc.org/github.com/boltdb/bolt#Bucket.Delete)
2020-08-12 10:06:20 -07:00
Ramkumar Chinchani
703eb182fe
Merge pull request #126 from rchincha/skopeo
ci/cd: install skopeo
2020-08-10 21:49:33 -07:00
Ramkumar Chinchani
5c14da5dc5 ci/cd: install skopeo
zot trivy extensions test code needs an oci layout as test data.
Install skopeo to help with that.
2020-08-10 10:10:53 -07:00
Ramkumar Chinchani
b2ef9ab124
Merge pull request #118 from tsnaik/cli-tls-verify
cli: add option to ignore TLS verification
2020-07-17 15:53:09 -07:00
Tanmay Naik
6285a730a1 cli: add option to ignore TLS verification
adds a property in config : "verify-tls"
2020-07-17 17:48:42 -04:00
Serge Hallyn
e0cdc6b6a4
Merge pull request #116 from rchincha/s3
stacker: fix stacker build
2020-07-15 12:00:58 -05:00
Ramkumar Chinchani
f9b2092bd9 stacker: fix stacker build 2020-07-14 20:14:21 -07:00
Ramkumar Chinchani
728eb7f6fc
Merge pull request #113 from rchincha/s2
stacker: fix stacker build
2020-07-14 20:08:18 -07:00
Ramkumar Chinchani
adc6859cd6 stacker: fix stacker build 2020-07-14 13:31:57 -07:00
Ramkumar Chinchani
2ac675e682
Merge pull request #115 from tsnaik/cli-fix
cli: move client-only code out of the server flow
2020-07-14 11:17:12 -07:00
Tanmay Naik
bb9fbd2ef9 cli: move client-only code out of the server flow
earlier, some of the client exclusive code was being run on zot server
instance too.

cli: fix the bug: spinner is not stopped with -o
2020-07-14 13:35:56 -04:00
Ramkumar Chinchani
e639b4814e
Merge pull request #114 from rchincha/ro
auth: support a read-only mode
2020-07-13 10:09:03 -07:00
Ramkumar Chinchani
78be4cbe3c auth: support a read-only mode
This is useful if we want to roll out experimental versions of zot
pointing to some storage shared with another zot instance.

Also, when under storage full conditions, will be useful to turn on this
flag to prevent further writes.
2020-07-10 21:48:35 -07:00
Ramkumar Chinchani
74f48e6ad3
Merge pull request #108 from rchincha/systemd
systemd: add a systemd service example file
2020-07-07 13:18:46 -07:00
Ramkumar Chinchani
7e0a3a6617
Merge branch 'master' into systemd 2020-07-07 13:02:49 -07:00
Serge Hallyn
811a424858
Merge pull request #112 from rchincha/gc
gc: add a policy to skip garbage collecting new blobs
2020-07-07 13:01:33 -05:00
Ramkumar Chinchani
324a517ea3 gc: add a policy to skip garbage collecting new blobs
We perform inline garbage collection of orphan blobs. However, the
dist-spec poses a problem because blobs begin their life as orphan blobs
and then a manifest is add which refers to these blobs.

We use umoci's GC() to perform garbage collection and policy support
has been added recently which can control whether a blob can be skipped
for GC.

In this patch, we use a time-based policy to skip blobs.
2020-07-06 15:52:35 -07:00
Ramkumar Chinchani
80244f1282
Merge pull request #103 from tsnaik/search-core
cli: add command to list images
2020-07-02 12:09:03 -07:00
Tanmay Naik
ad684ac44b cli: add config and images command
Extends the existing zot CLI to add commands for listing all images and
their details on a zot server.
Listing all images introduces the need for configurations.

Each configuration has a name and URL at the least. Check 'zot config
-h' for more details.

The user can specify the URL of zot server explicitly while running the
command or configure a URL and pass it directly.

Adding a configuration:
zot config add aci-zot <zot-url>

Run 'zot config --help' for more.

Listing all images:
zot images --url <zot-url>

Pass a config instead of the url:
zot images <config-name>

Filter the list of images by image name:
zot images <config-name> --name <image-name>

Run 'zot images --help' for all details

- Stores configurations in '$HOME/.zot' file

Add CLI README
2020-07-02 14:30:35 -04:00
Ramkumar Chinchani
4a1519bb1d
Merge pull request #107 from shimish2/BuildPipelineUpgrade
Upgraded build pipeline
2020-06-26 15:20:13 -07:00
Shivam Mishra
af77876306 Upgraded build pipeline
Go version changed to 1.14.4
Golangci-lint changed to 1.26.0
Bazel version changed to 3.0.0
Bazel rules_go version changed to 0.23.3
Bazel gazelle version changed to v0.21.0
Bazel build tools version changed to 0.25.1
Bazel skylib version changed to 1.0.2
2020-06-25 23:43:31 -07:00
Ramkumar Chinchani
557ac6b5c1 systemd: add a systemd service example file
Copy this file into /etc/systemd/system, and

\# systemctl enable zot
\# systemctl start zot
2020-06-25 17:50:30 -07:00
Ramkumar Chinchani
ff4a300057
Merge pull request #109 from shimish2/OpensuseChange
Changed umoci import path
2020-06-25 17:49:26 -07:00
Shivam Mishra
85d3e1db4b Changed umoci import path 2020-06-25 17:04:32 -07:00
Ramkumar Chinchani
3dc9885ee9 update the size field when existing manifest entry is updated
An existing manifest descriptor in index.json can be updated with
different manifest contents for the same/existing tag. We were updating
the digest but not the size field causing GC to report an error.

Add a unit test case to cover this.

Add logs.
2020-06-18 16:20:43 -07:00
Ramkumar Chinchani
c374f9dbcb
Merge pull request #98 from tsnaik/fix-htpasswd
fix: the bug when htpasswd has multiple creds
2020-06-18 15:57:25 -07:00
Tanmay Naik
3f3f7e3f8c tests: add better tests for 3cfb2b3 2020-06-17 20:17:49 -04:00
Tanmay Naik
904ae763d7 tests: add unit tests for fix 3cfb2b3 2020-06-09 19:18:33 -04:00
Tanmay Naik
3cfb2b30a6 fix: the bug when htpasswd has multiple creds
earlier, when you had more than one creds in htpasswd file separated by
newline, it used to only read the first cred in the file and ignore the
rest.
2020-06-09 17:19:01 -04:00
Tanmay Naik
d16cbb0b10 .gitignore: add .vscode/ 2020-06-09 17:18:30 -04:00
Ramkumar Chinchani
dbb0a2d57a
Merge pull request #93 from rchincha/d2
dedupe: record relative path for cache entries
2020-05-28 12:16:54 -07:00