0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

362 commits

Author SHA1 Message Date
Ramkumar Chinchani
f2d4b57638
Merge pull request #145 from shimish2/embededbinary
customizable binaries
2020-10-28 09:11:03 -07:00
Shivam Mishra
b0ed625a2e build: increase wait timeout for travis bazel build process 2020-10-27 19:30:06 -07:00
Shivam Mishra
46beb30fc1 build: add build tags to create customizable binaries 2020-10-22 17:20:07 -07:00
Ramkumar Chinchani
17dce7e63b
Merge pull request #146 from shimish2/rchincha-origin-locks
routes: refactor locks to handle large file uploads
2020-10-19 10:21:38 -07:00
Shivam Mishra
7439feb1c2 build: set timeout in travis make build process to avoid timeout failure 2020-10-18 20:55:17 -07:00
Shivam Mishra
14214a5794 test: add unit test to verify lock changes 2020-10-16 14:58:45 -07:00
Ramkumar Chinchani
386c72d332 routes: refactor locks to handle large file uploads
The storage layer is protected with read-write locks.
However, we may be holding the locks over unnecessarily large critical
sections.

The typical workflow is that a blob is first uploaded via a per-client
private session-id meaning the blob is not publicly visible yet. When
the blob being uploaded is very large, the transfer takes a long time
while holding the lock.

Private session-id based uploads don't really need locks, and hold locks
only when blobs are published after the upload is complete.
2020-10-16 13:33:11 -07:00
Shivam Mishra
25ad71787a test: minimize trivy db download tests to avoid api rate limit 2020-10-15 14:32:37 -07:00
Ramkumar Chinchani
0dcff98c1f
Merge pull request #143 from shimish2/testchanges
test: add wait for trivy db download in test case
2020-10-08 13:38:51 -07:00
Shivam Mishra
8075eadc1a test: add wait for trivy db download in test case 2020-10-02 16:47:54 -07:00
Ramkumar Chinchani
ea0ef61a65
Merge pull request #140 from rchincha/readme
README: bring doc up-to-date
2020-09-24 11:43:33 -07:00
Ramkumar Chinchani
f91cc72aa9
Merge branch 'master' into readme 2020-09-24 10:28:53 -07:00
Ramkumar Chinchani
0d823092f8 README: bring doc up-to-date
Highlight distinguishing features.
Update ecosystem tools section.
2020-09-24 10:19:10 -07:00
Ramkumar Chinchani
6cf54c3212
Merge pull request #134 from shimish2/Issue-130
search/cve: exclude unsupported images from fixed-tag list.
2020-09-24 10:05:30 -07:00
Shivam Mishra
971404f6ee search/cve: fix log messages 2020-09-23 12:47:50 -07:00
Shivam Mishra
d63f715fe5 search/cve: exclude unsupported images from fixed-tag list.
If image vulnerability scan does not support any media type, considering those images as an infected image and now this images will not be shown in fixed images list.

Fixes issue #130
2020-09-22 09:24:04 -07:00
Ramkumar Chinchani
31687991d4
Merge pull request #135 from shimish2/Issue-132
Fixes issue #132
2020-09-10 10:49:41 -07:00
Shivam Mishra
cd0206fe6c Fixes issue #132, if image does not have any fixed tags, empty list with no error should be returned 2020-09-08 16:41:06 -07:00
Ramkumar Chinchani
aa6683854f
Merge pull request #133 from tsnaik/cve-sort
cli: group CVEs by severity
2020-09-08 09:29:17 -07:00
Tanmay Naik
f5867ce0b6 cli: group CVEs by severity 2020-09-04 13:56:47 -04:00
Ramkumar Chinchani
ebfc5958dd
Merge pull request #123 from tsnaik/cve
cli: add commands for fetching CVE
2020-08-21 10:02:49 -07:00
Tanmay Naik
c590b86d14 cli: add commands for CVE
Uses GraphQL API of zot to fetch CVE info

- Get all images affected by a CVE (input: CVEID)
- Get all CVEs of a layer (input: image:tag)
- Get all layers of an image which have resolved a CVE (input: image,
CVEID)
- Get all layers of an image affected by a CVE (input: image, CVEID)
2020-08-21 12:42:01 -04:00
Ramkumar Chinchani
abc22dcdcd
Merge pull request #128 from shimish2/fixbuild
Enable wait option during travis ci build
2020-08-19 19:37:43 -07:00
Shivam Mishra
a8e5a01972 Enable wait option during travis ci build because bazel build takes time and does not print any message on console due to which build exits 2020-08-19 17:46:54 -07:00
Ramkumar Chinchani
2e7b7aec4f
Merge pull request #124 from shimish2/FixedTags
Add support to scan images for CVEs
2020-08-19 14:27:15 -07:00
Shivam Mishra
5f230bd8ff Added unit test cases 2020-08-19 00:19:35 -07:00
Shivam Mishra
ed254159a0 Added support for searching fixed tag given cve and an image 2020-08-18 23:53:04 -07:00
Shivam Mishra
72ae02ca4b Added image format validation to validate media type because squashfs image media type not supported for vulnerability scanning 2020-08-18 23:05:52 -07:00
Shivam Mishra
2cf2c16137 Added graphql api feature for image vulnerability scanning 2020-08-18 22:44:34 -07:00
Shivam Mishra
baa5d247ec Enable trivy db download and update 2020-08-18 21:46:17 -07:00
Shivam Mishra
e537f27f00 Added search extension and integrated trivy to support image vulnerability scanning 2020-08-18 21:03:48 -07:00
Ramkumar Chinchani
a06ad7e701
Merge pull request #127 from shimish2/dedupe-fix
Dedupe fix
2020-08-17 16:33:25 -07:00
Shivam Mishra
3a30290e08 Using "destRecord" as a path in DeleteBlob function instead of "dst".
dstRecord :- blob path stored in cache.
dst :- blob path that is trying to be uploaded.

Currently, if the actual blob on disk may have been removed by GC/delete, during syncing the cache dst is being passed to DeleteBlob function and retry section is being continuously called because DeleteBlob function never deletes dst path (doesn't exist in db), dstRecord should be passed into DeleteBlob function because dstRecord is actual blob path stored in db.

If dst and dstRecord path value is same then this issue will not be produced and DeleteBlob method will delete the blob info from cache but if both are different then DeleteBlob method will try to delete dst path which is not in cache.

Note:- boltdb delete method return nil even when value doesn't exist (https://godoc.org/github.com/boltdb/bolt#Bucket.Delete)
2020-08-12 10:06:20 -07:00
Ramkumar Chinchani
703eb182fe
Merge pull request #126 from rchincha/skopeo
ci/cd: install skopeo
2020-08-10 21:49:33 -07:00
Ramkumar Chinchani
5c14da5dc5 ci/cd: install skopeo
zot trivy extensions test code needs an oci layout as test data.
Install skopeo to help with that.
2020-08-10 10:10:53 -07:00
Ramkumar Chinchani
b2ef9ab124
Merge pull request #118 from tsnaik/cli-tls-verify
cli: add option to ignore TLS verification
2020-07-17 15:53:09 -07:00
Tanmay Naik
6285a730a1 cli: add option to ignore TLS verification
adds a property in config : "verify-tls"
2020-07-17 17:48:42 -04:00
Serge Hallyn
e0cdc6b6a4
Merge pull request #116 from rchincha/s3
stacker: fix stacker build
2020-07-15 12:00:58 -05:00
Ramkumar Chinchani
f9b2092bd9 stacker: fix stacker build 2020-07-14 20:14:21 -07:00
Ramkumar Chinchani
728eb7f6fc
Merge pull request #113 from rchincha/s2
stacker: fix stacker build
2020-07-14 20:08:18 -07:00
Ramkumar Chinchani
adc6859cd6 stacker: fix stacker build 2020-07-14 13:31:57 -07:00
Ramkumar Chinchani
2ac675e682
Merge pull request #115 from tsnaik/cli-fix
cli: move client-only code out of the server flow
2020-07-14 11:17:12 -07:00
Tanmay Naik
bb9fbd2ef9 cli: move client-only code out of the server flow
earlier, some of the client exclusive code was being run on zot server
instance too.

cli: fix the bug: spinner is not stopped with -o
2020-07-14 13:35:56 -04:00
Ramkumar Chinchani
e639b4814e
Merge pull request #114 from rchincha/ro
auth: support a read-only mode
2020-07-13 10:09:03 -07:00
Ramkumar Chinchani
78be4cbe3c auth: support a read-only mode
This is useful if we want to roll out experimental versions of zot
pointing to some storage shared with another zot instance.

Also, when under storage full conditions, will be useful to turn on this
flag to prevent further writes.
2020-07-10 21:48:35 -07:00
Ramkumar Chinchani
74f48e6ad3
Merge pull request #108 from rchincha/systemd
systemd: add a systemd service example file
2020-07-07 13:18:46 -07:00
Ramkumar Chinchani
7e0a3a6617
Merge branch 'master' into systemd 2020-07-07 13:02:49 -07:00
Serge Hallyn
811a424858
Merge pull request #112 from rchincha/gc
gc: add a policy to skip garbage collecting new blobs
2020-07-07 13:01:33 -05:00
Ramkumar Chinchani
324a517ea3 gc: add a policy to skip garbage collecting new blobs
We perform inline garbage collection of orphan blobs. However, the
dist-spec poses a problem because blobs begin their life as orphan blobs
and then a manifest is add which refers to these blobs.

We use umoci's GC() to perform garbage collection and policy support
has been added recently which can control whether a blob can be skipped
for GC.

In this patch, we use a time-based policy to skip blobs.
2020-07-06 15:52:35 -07:00
Ramkumar Chinchani
80244f1282
Merge pull request #103 from tsnaik/search-core
cli: add command to list images
2020-07-02 12:09:03 -07:00