Project

Profile

Help

Actions
Send by e-mail Copy link

Story #3747

closed

Add a config option to the importer to accept foreign layers

Added by ipanova@redhat.com almost 6 years ago. Updated about 5 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Target Release - Docker:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Some images like windows base images, contain artifacts whose distribution is restricted by license.
when these images where pushed to a registry, restricted artifacts where skipped/not included.

For this reason we were skipping sync of foreign layers.

With the recent changes, due to use case of registries with air gapped network, now it's possible to push to the registry foreign layers, by enabling -allow-nondistributable-artifacts daemon option.

From client side, foreign layers are now pulled from the registry if possible, falling back to the URLs in the image manifest otherwise. As far as i know that's done in docker for Windows. Linux version is still ignoring foreign layers during pull.

We need to add option `--allow-foreign-layers` to the importer, so during sync we could fetch them on explicit request. Defaults to false.
It will also cover the upload use case, otherwise we'd ignore the foreign layer to be uploaded to Pulp.

Example of a image with foreign layers:

$ ./done-docker-token portainer/portainer:windows-amd64-1.13.0
{
  "schemaVersion": 2,
  "config": {
    "digest": "sha256:7cc9ff24526dfffdb8c188e6bae7e11d75d1ac5731d85e6fdccd5c7382d84207",
    "size": 2369,
    "mediaType": "application/vnd.docker.container.image.v1+json"
  },
  "layers": [
    {
      "digest": "sha256:bce2fbc256ea437a87dadac2f69aabd25bed4f56255549090056c1131fad0277",
      "size": 252691002,
      "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip",
      "urls": [
        "https://go.microsoft.com/fwlink/?linkid=837858"
      ]
    },
    {
      "digest": "sha256:4a8c367fd46d2e2da2a8b0fa02158540e13b3a9015daf9f17d1af354a591492f",
      "size": 121971948,
      "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip",
      "urls": [
        "https://go.microsoft.com/fwlink/?linkid=848906"
      ]
    },
    {
      "digest": "sha256:feedefe2c110863b761bb71ba7199fefe1058afecbe68752d051c2ca0899e266",
      "size": 3684048,
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip"
    },
    {
      "digest": "sha256:bb652e12abcfb1b0681c29dcff44a842f54869d6a5d6c57de1523b275af77c17",
      "size": 952,
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip"
    },
    {
      "digest": "sha256:4addfdf3b551b41da10b28fb9e0e0702d568e68ce2330183220384358f0f7d9c",
      "size": 947,
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip"
    },
    {
      "digest": "sha256:ad5cdcb7aa1e047a4ac348b74b5652c8a16fcb3dd013c288f8e65a095995c1d4",
      "size": 948,
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip"
    },
    {
      "digest": "sha256:6bd5a5818cacdc9744192da603a8765e793ac1b5dcb1bf1efacbe81df875ea06",
      "size": 943,
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip"
    }
  ],
  "mediaType": "application/vnd.docker.distribution.manifest.v2+json"
Actions
Send by e-mail Copy link

Also available in: Atom PDF