Test #4461
closedAs a user i can configure download of the foreign layers
Description
Some images like windows base images, contain artifacts whose distribution is restricted by license.
When these images are pushed to a registry, restricted artifacts are skipped/not included by default.
These artifacts are called foreign layers and have "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip"
Remote should have a Boolean "*allow_foreign_layers*" option which would control the download of the foreign layers.
Set to False (default):
Pulp will check the mediatype and simply will skip the foreign layers.
Case: do not sync content which is restricted by a license without explicit acknowledgment in the Remote config
From client side, it will follow the url specified in the details of the layer in the manifest.
Set to True:
Pulp will download the foreign layers by following the url.
Case: due to use case of registries with air gaped network, now it's possible to push to the registry foreign layers, by enabling -allow-nondistributable-artifacts daemon option. From client side, foreign layers are now pulled from the registry if possible, falling back to the URLs in the image manifest otherwise. As far as i know that's done in docker for Windows. Linux version is still ignoring foreign layers during pull.
Related issues