Lisca Ana-Roberta
62775cc095
fixed failed tests for all skopeo versions
...
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
skopeo verifications
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
skopeo verifications modified makefile
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
modified how to get digest and fixed makefile
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
fixed failed tests for all skopeo versions
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
echo skopeo version
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
skopeo verifications
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
skopeo verifications modified makefile
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
modified how to get digest and fixed makefile
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
skopeo failed tests fixed
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
changed function name
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
fixed lost modifications
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
fixed code coverage and dead code
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
2022-05-27 08:19:07 -07:00
Shivam Mishra
0dd00e7883
fix extension endpoints
...
Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-05-25 13:46:43 -07:00
Ramkumar Chinchani
6b841809e3
fix CVE-2022-29173/GHSA-66x3-6cw3-v5gj
...
https://github.com/project-zot/zot/security/dependabot/16
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-25 11:34:24 -07:00
Petu Eusebiu
da4acaf178
sync: preserve upstream digests after syncing images
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-05-25 10:19:36 -07:00
Petu Eusebiu
bd730150a8
sync: allow HTTP redirects when GETing signatures blobs
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-05-25 10:19:36 -07:00
Petu Eusebiu
aeb8a5da39
sync: specify contentType in headers when GETing cosign manifest
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-05-25 10:19:36 -07:00
Shivam Mishra
dcdeb935fd
use zot as an extension name, ext as a component and search as a module
...
add endpoints field in ext discover api
distribution spec extension discover api has endpoints field required.
https://github.com/opencontainers/distribution-spec/blob/main/extensions/_oci.md#extensions-property-descriptions
Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-05-24 19:12:40 -07:00
Shivam Mishra
36c9631000
ext: use distribution spec route prefix for extension api
...
Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions
Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-05-22 16:35:16 -07:00
Ramkumar Chinchani
287ac05ddc
update linter version to 1.46.2
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-20 11:53:56 -07:00
Catalin Hofnar
20a60cbad4
Enhance sync logic - stop blob redownloads and re-pushes ( #479 #480 )
...
Changed imagesToCopyFromUpstream to return a map[string][]types.ImageReference from just an array of refs
Rewrote some logic in sync.go to use the new signature of imagesToCopyFromUpstream
Split getLocalImageRef by adding function getLocalCachePath
Adapted tests for new changes, added some tests
Merged #481
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-05-16 10:05:01 -07:00
Alex Stan
d325c8b5f4
Fix problems signaled by new linter version v1.45.2
...
PR (linter: upgrade linter version #405 ) triggered lint job which failed
with many errors generated by various linters. Configurations were added to
golangcilint.yaml and several refactorings were made in order to improve the
results of the linter.
maintidx linter disabled
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-04-27 09:55:44 -07:00
Petu Eusebiu
89c5f4f604
sync: fix functions which compare signatures
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-04-15 10:31:37 -07:00
Petu Eusebiu
4e20ab8a5d
go.mod: update dependencies
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-04-15 10:31:37 -07:00
Andreea-Lupu
9454c77be2
make scrub inline and periodic
...
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2022-04-01 13:38:24 -07:00
Petu Eusebiu
03dd558ec6
sync: fix inconsistent test
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-03-31 09:19:07 -07:00
Petu Eusebiu
be910cf01c
lint: Move out config reloader context from controller struct
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-03-24 10:50:01 -07:00
Petu Eusebiu
353b0c6034
Move api constants in separate 'constants' package to avoid circular imports
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-03-24 10:50:01 -07:00
Petu Eusebiu
f53dc9eb8d
sync: Add a new flag to enforce syncing only signed images, closes #455
...
sync: When checking if a image is already synced also check for changes in upstream signatures.
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-03-24 10:50:01 -07:00
laurentiuNiculae
0d148e1d6b
new config option for sync-destination
...
Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
2022-03-21 08:12:34 -07:00
Petu Eusebiu
6d04ab3cdc
sync: support reloading sync config when the config file changes
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-03-18 11:24:11 -07:00
Shivam Mishra
b8010e1ee4
routes: changes required to do browser authentication
...
whenever we make a request that contains header apart from CORS allowed header, browser sends a preflight request
and in response accept *Access-Control-Allow-Headers*.
preflight request is in form of OPTIONS method, added new http handler func to set headers
and returns HTTP status ok in case of OPTIONS method.
in case of authorization, request contains authorization header
added authorization header in Access-Control-Allow-Headers list
added AllowOrigin field in HTTPConfig this field value is set to Access-Control-Allow-Origin header and will give zot adminstrator to limit incoming request.
Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-03-08 17:42:54 -08:00
Eng Zer Jun
0d77b60de7
test: use T.TempDir
to create temporary test directory
...
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-03-07 12:28:49 -08:00
Ramkumar Chinchani
95e4b2054b
upgrade module deps
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-04 13:10:58 -08:00
Ramkumar Chinchani
8db3e1b192
CVE-2022-23649: fix dependabot alert
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-02 12:01:14 -08:00
Petu Eusebiu
45968e0bb7
sync: fix inconsistent test, used inject error fw for hard to reach test cases
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-03-01 09:56:27 -08:00
Ramkumar Chinchani
38a110314b
gc: add a gcDelay param
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-14 14:03:22 -08:00
Petu Eusebiu
35eeedb22a
sync: pull only missing images, not everything, closes #335
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-02-14 08:09:18 -08:00
Shivam Mishra
37d150e32f
search: graphql api to give detailed repo info
...
DetailedRepoInfo graphql api returns detailed repo info given repo name
repo contains its manifests info
Each manifest entry contains digest,signed, tag and layers info
Each layer info containes digest, size
Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-02-10 16:34:13 -08:00
Alexei Dodon
47c9b6244e
Added config enable=true/false for extensions with default value as enabled closes #258
...
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2022-02-09 09:53:49 -08:00
Ramkumar Chinchani
d2aa016cdb
storage: flush/sync contents to disk on file close
...
Behavior controlled by configuration (default=off)
It is a trade-off between performance and consistency.
References:
[1] https://github.com/golang/go/issues/20599
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-07 12:08:01 -08:00
Petu Eusebiu
f89925fb27
sync: periodically retry if on-demand fails inline, closes #281
...
sync: don't return error on sync signatures, just skip them, closes #375
sync: sync signatures on demand
sync on demand: in case of parallel requests pull image just once, closes #344
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-02-07 09:04:13 -08:00
Ramkumar Chinchani
87084f286b
storage: improve/fix oci image validation
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-02-02 13:31:41 -08:00
Petu Eusebiu
a0e65379c8
sync: for a prefix, allow multiple registries as a list instead of only one, closes #343
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-02-01 09:45:09 -08:00
Petu Eusebiu
b9250a783a
Use InsecureSkipVerify only with https upstreams
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-01-29 20:00:27 -08:00
Alexei Dodon
f47c8222c2
bug: Storage used per zot repo metric is broken
...
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2022-01-26 18:43:14 -08:00
Petu Eusebiu
89b143805e
Remove sync http handler, not needed anymore since added sync on demand
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-01-25 09:18:23 -08:00
Petu Eusebiu
1109bb4dde
sync: Added support for syncing notary/cosign signatures, closes #261
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-01-13 08:45:59 -08:00
Alexei Dodon
c4d34b7269
Added storage latency histogram metric
...
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2022-01-10 11:55:39 -08:00
Ramkumar Chinchani
ac3801ea2d
lint: upgrade golangci-lint
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-20 17:20:35 -08:00
Petu Eusebiu
5f04092e71
Fix negative WaitGroup counter at runtime
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-12-17 16:52:34 -08:00
Petu Eusebiu
c86f44cc53
Disable sync periodically polling when pollInterval is not configured
...
Filtering out sync on demand images based on content configuration
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-12-14 08:59:50 -08:00
Petu Eusebiu
627cb97ef1
Add wait group for graceful shutdown, closes #302
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-12-08 10:04:52 -08:00
Petu Eusebiu
63a75216ed
sync: allow for saving to a subpath, closes #307
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-12-07 10:13:20 -08:00
Ramkumar Chinchani
96226af869
move references to zotregistry.io and project-zot
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2021-12-05 10:52:27 -08:00
Alexei Dodon
f99fa37623
ci/cd: unit test hangs for a long time intermittently closes #286
...
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-11-29 14:07:49 -08:00
Petu Eusebiu
fff6107310
Sync prefix can be an exact match or a glob pattern, closes #297
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-29 13:10:13 -08:00
Petu Eusebiu
f0ef10fa50
sync: cleanup the orphaned private download dir on failure, closes 282
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-25 10:31:45 -08:00
Petu Eusebiu
7ada50e9c8
sync: skip tls verify on /v2/_catalog when a registry is configured with tls-verify false
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-25 10:31:45 -08:00
Alexei Dodon
e900b09cfb
Fix data races in tests, closes #255
...
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-11-17 13:23:59 -08:00
Petu Eusebiu
5c07e19c8d
Changed sync behaviour, it used to copy images over http interface
...
now it copies to a local cache and then it copies over storage APIs
- accept all images with or without signatures
- disable sync writing to stdout
- added more logs
- fixed switch statement in routes
- fixed enabling sync multiple times for storage subpaths
closes #266
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-11-15 09:32:43 -08:00
Alexei Dodon
8e4d828867
Implement an API for performance monitoring
...
Signed-off-by: Alexei Dodon <adodon@cisco.com>
2021-11-12 11:14:10 -08:00
Petu Eusebiu
f7ae491d22
Fix data race in sync tests
...
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-25 10:50:05 -07:00
Petu Eusebiu
19003e8a71
Added new extension "sync"
...
Periodically poll registries and pull images according to sync's config
Added sync on demand, syncing when clients asks for an image which
zot doesn't have.
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2021-10-21 10:32:46 -07:00
Shivam Mishra
d930adbd49
search: update trivy
...
trivy updated to v0.20.0
trivy-db updated to bec0c6a
fanal updated to f7efd1b
2021-10-13 16:37:31 -07:00
Petu Eusebiu
7d077eaf5a
Added storage interface
2021-10-11 17:38:46 -07:00
Shivam Mishra
63fef3e48c
search: added graphql api to return repository list with latest tag
2021-09-27 14:36:20 -07:00
Petu Eusebiu
3a59b9f487
Use freeport to get ports for zot servers in tests
2021-06-29 13:58:39 -07:00
Andrei Aaron
792e82cbdf
Add an 'enable' flag in the server configuration to enable gql-based searches
...
"extensions": {
"search": {
"enable": true
}
}
2021-06-24 12:15:25 -07:00
Andrei Aaron
519ea75d9a
Implement a way to search for an image by manifest, config or layer digest
...
```
Usage:
zot images [config-name] [flags]
Flags:
-d, --digest string List images containing a specific manifest, config, or layer digest
[...]
```
2021-06-24 12:15:25 -07:00
Shivam Mishra
28974e81dc
config: support multiple storage locations
...
added support to point multiple storage locations in zot by running multiple instance of zot in background.
see examples/config-multiple.json for more info about config.
Closes #181
2021-05-21 10:18:28 -07:00
Shivam Mishra
a7c17b7c16
spec: added support for mount request using hard link
2021-05-04 09:42:29 -07:00
Ramkumar Chinchani
affdd85986
build: remove bazel
...
The idea initially was to use bazel to do our builds, however golang
build system is now good enough and our code base is entirely go.
It is also slowing down our travis ci/cd pipeline.
2020-12-21 15:30:13 -08:00
Shivam Mishra
b0ed625a2e
build: increase wait timeout for travis bazel build process
2020-10-27 19:30:06 -07:00
Shivam Mishra
46beb30fc1
build: add build tags to create customizable binaries
2020-10-22 17:20:07 -07:00
Shivam Mishra
14214a5794
test: add unit test to verify lock changes
2020-10-16 14:58:45 -07:00
Shivam Mishra
25ad71787a
test: minimize trivy db download tests to avoid api rate limit
2020-10-15 14:32:37 -07:00
Shivam Mishra
8075eadc1a
test: add wait for trivy db download in test case
2020-10-02 16:47:54 -07:00
Shivam Mishra
971404f6ee
search/cve: fix log messages
2020-09-23 12:47:50 -07:00
Shivam Mishra
d63f715fe5
search/cve: exclude unsupported images from fixed-tag list.
...
If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list.
Fixes issue #130
2020-09-22 09:24:04 -07:00
Shivam Mishra
cd0206fe6c
Fixes issue #132 , if image does not have any fixed tags, empty list with no error should be returned
2020-09-08 16:41:06 -07:00
Shivam Mishra
5f230bd8ff
Added unit test cases
2020-08-19 00:19:35 -07:00
Shivam Mishra
ed254159a0
Added support for searching fixed tag given cve and an image
2020-08-18 23:53:04 -07:00
Shivam Mishra
72ae02ca4b
Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning
2020-08-18 23:05:52 -07:00
Shivam Mishra
2cf2c16137
Added graphql api feature for image vulnerability scanning
2020-08-18 22:44:34 -07:00
Shivam Mishra
baa5d247ec
Enable trivy db download and update
2020-08-18 21:46:17 -07:00
Shivam Mishra
e537f27f00
Added search extension and integrated trivy to support image vulnerability scanning
2020-08-18 21:03:48 -07:00