Story #4244
closed
Convert manifest to schema1 when older clients are pulling by tag
100%
Description
Problem:¶
When pulling newer format manifest by tag old clients are not supported.
Solution:¶
Rewrite available manifest to schema1 to support old clients.
Workflow:¶
Fetch the available manifest from the storage backend, if it exists. Parse incoming accept headers from client (client indicates support for certain manifest formats) and if necessary rewrite manifest when it is being fetched by tag. If it is being fetched by digest, conversion is not possible.
- If available manifest is a manifest list - within the manifest list find the image manifest corresponding to the default platform and arch (amd64 platform and linux OS). If no suitable manifest is found in the manifest list, return a 404 error.
If necessary( based on incoming accept headers), convert the image manifest to schema1. Invoke Schema1ManifestBuilder to create skeleton of schema1 format. Populate the builder with the data incoming from parsed image manifest schema2 json.
Sign schema1 manifest with the provided signing key (in config). If no signing key is provided generate an ephemeral rsa key to be used for signing converted manifests.
- If available manifest is a manifest schema2 , if necessary( based on incoming accept headers), convert the image manifest to schema1.
- If available manifest is a manifest schema1, return as is.
Signed Manifest Field Description¶
Signed manifests include an image manifest and a list of signatures. A signature consists of the following fields:
header JOSE
A JSON Web Signature
signature string
A signature for the image manifest, signed by a private key
protected string
The signed protected header
Optional conversion¶
The conversion will be optional. There will be a boolean flag called for example 'schema_conversion` added as a parameter to the docker distribution [0] where its default value would be set to False.
Conversion would happen only if enabled.
[0] https://github.com/pulp/pulp_docker/blob/master/pulp_docker/app/models.py#L297
https://docs.docker.com/registry/spec/manifest-v2-2/#backward-
Opened questions:¶
Do we convert manifest schema2 if it had foreign layers?
Related issues
Updated by amacdona@redhat.com over 5 years ago
I think this affects the Tag view and the Manifest/ManifestList views.
Updated by ipanova@redhat.com about 5 years ago
- Tracker changed from Issue to Story
- Subject changed from Support old (v2s2) clients that do not support manifest lists to Support old clients that do not support v2s2
- Description updated (diff)
- % Done set to 0
Updated by ipanova@redhat.com about 5 years ago
- Subject changed from Support old clients that do not support v2s2 to Support old clients that do not support v2s2 when pulling by tag
- Description updated (diff)
Updated by ipanova@redhat.com almost 5 years ago
Shall we make this conversion optional? we could introduce a flag to the docker distribution where its default value would be set to False.
Conversion would happen only if enabled.
Updated by ipanova@redhat.com almost 5 years ago
- Is duplicate of Issue #5146: Docker sync missing schema version 1 manifests added
Updated by ipanova@redhat.com over 4 years ago
- Subject changed from Support old clients that do not support v2s2 when pulling by tag to Convert manifest to schema1 when older clients are pulling by tag
Updated by ipanova@redhat.com over 4 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to ipanova@redhat.com
Updated by ipanova@redhat.com over 4 years ago
- Status changed from ASSIGNED to NEW
Updated by ipanova@redhat.com over 4 years ago
- Tags Pulp 3 docker blocker added
Updated by ipanova@redhat.com over 4 years ago
- Assignee deleted (
ipanova@redhat.com)
Updated by mihai.ibanescu@gmail.com over 4 years ago
Updated by lmjachky over 4 years ago
- Status changed from NEW to POST
- Assignee set to lmjachky
Added by Lubos Mjachky over 4 years ago
Added by Lubos Mjachky over 4 years ago
Revision 42183b9c | View on GitHub
Execute implemented schema conversion from the registry
Added by Lubos Mjachky over 4 years ago
Revision 42183b9c | View on GitHub
Execute implemented schema conversion from the registry
Added by Lubos Mjachky over 4 years ago
Revision 42183b9c | View on GitHub
Execute implemented schema conversion from the registry
Updated by Anonymous over 4 years ago
- Status changed from POST to MODIFIED
Applied in changeset commit:pulp_docker|42183b9cea99a2bc244e7c4ca9363cbf5a4121c9.
Updated by ipanova@redhat.com over 4 years ago
- Project changed from Docker Support to Container Support
Updated by ipanova@redhat.com over 4 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
.
Execute implemented schema conversion from the registry
closes #4244 https://pulp.plan.io/issues/4244