func runPush(dockerCli *command.DockerCli, remote string) error { ref, err := reference.ParseNamed(remote) if err != nil { return err } // Resolve the Repository name from fqn to RepositoryInfo repoInfo, err := registry.ParseRepositoryInfo(ref) if err != nil { return err } ctx := context.Background() // Resolve the Auth config relevant for this server authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index) requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfo.Index, "push") if command.IsTrusted() { return trustedPush(ctx, dockerCli, repoInfo, ref, authConfig, requestPrivilege) } responseBody, err := imagePushPrivileged(ctx, dockerCli, authConfig, ref.String(), requestPrivilege) if err != nil { return err } defer responseBody.Close() return jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil) }
func runLoad(dockerCli *client.DockerCli, opts loadOptions) error { var input io.Reader = dockerCli.In() if opts.input != "" { file, err := os.Open(opts.input) if err != nil { return err } defer file.Close() input = file } if !dockerCli.Out().IsTerminal() { opts.quiet = true } response, err := dockerCli.Client().ImageLoad(context.Background(), input, opts.quiet) if err != nil { return err } defer response.Body.Close() if response.Body != nil && response.JSON { return jsonmessage.DisplayJSONMessagesToStream(response.Body, dockerCli.Out(), nil) } _, err = io.Copy(dockerCli.Out(), response.Body) return err }
func handleStreamResponse(resp *http.Response, streamOptions *streamOptions) error { var err error if !streamOptions.useJSONDecoder && resp.Header.Get("Content-Type") != "application/json" { if streamOptions.setRawTerminal { _, err = io.Copy(streamOptions.stdout, resp.Body) } else { _, err = stdcopy.StdCopy(streamOptions.stdout, streamOptions.stderr, resp.Body) } return err } // if we want to get raw json stream, just copy it back to output // without decoding it if streamOptions.rawJSONStream { _, err = io.Copy(streamOptions.stdout, resp.Body) return err } if st, ok := streamOptions.stdout.(interface { io.Writer FD() uintptr IsTerminal() bool }); ok { err = jsonmessage.DisplayJSONMessagesToStream(resp.Body, st, nil) } else { err = jsonmessage.DisplayJSONMessagesStream(resp.Body, streamOptions.stdout, 0, false, nil) } return err }
func runLoad(dockerCli *command.DockerCli, opts loadOptions) error { var input io.Reader = dockerCli.In() if opts.input != "" { file, err := os.Open(opts.input) if err != nil { return err } defer file.Close() input = file } // To avoid getting stuck, verify that a tar file is given either in // the input flag or through stdin and if not display an error message and exit. if opts.input == "" && dockerCli.In().IsTerminal() { return fmt.Errorf("requested load from stdin, but stdin is empty") } if !dockerCli.Out().IsTerminal() { opts.quiet = true } response, err := dockerCli.Client().ImageLoad(context.Background(), input, opts.quiet) if err != nil { return err } defer response.Body.Close() if response.Body != nil && response.JSON { return jsonmessage.DisplayJSONMessagesToStream(response.Body, dockerCli.Out(), nil) } _, err = io.Copy(dockerCli.Out(), response.Body) return err }
// ImagePullPrivileged pulls the image and displays it to the output func (cli *DockerCli) ImagePullPrivileged(ctx context.Context, authConfig types.AuthConfig, ref string, requestPrivilege types.RequestPrivilegeFunc, all bool) error { encodedAuth, err := EncodeAuthToBase64(authConfig) if err != nil { return err } options := types.ImagePullOptions{ RegistryAuth: encodedAuth, PrivilegeFunc: requestPrivilege, All: all, } responseBody, err := cli.client.ImagePull(ctx, ref, options) if err != nil { return err } defer responseBody.Close() return jsonmessage.DisplayJSONMessagesToStream(responseBody, cli.Out(), nil) }
func runPush(dockerCli *command.DockerCli, name string) error { named, err := reference.ParseNamed(name) // FIXME: validate if err != nil { return err } if reference.IsNameOnly(named) { named = reference.WithDefaultTag(named) } ref, ok := named.(reference.NamedTagged) if !ok { return fmt.Errorf("invalid name: %s", named.String()) } ctx := context.Background() repoInfo, err := registry.ParseRepositoryInfo(named) if err != nil { return err } authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index) encodedAuth, err := command.EncodeAuthToBase64(authConfig) if err != nil { return err } responseBody, err := dockerCli.Client().PluginPush(ctx, ref.String(), encodedAuth) if err != nil { return err } defer responseBody.Close() if command.IsTrusted() { repoInfo.Class = "plugin" return image.PushTrustedReference(dockerCli, repoInfo, named, authConfig, responseBody) } return jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil) }
func runImport(dockerCli *client.DockerCli, opts importOptions) error { var ( in io.Reader srcName = opts.source ) if opts.source == "-" { in = dockerCli.In() } else if !urlutil.IsURL(opts.source) { srcName = "-" file, err := os.Open(opts.source) if err != nil { return err } defer file.Close() in = file } source := types.ImageImportSource{ Source: in, SourceName: srcName, } options := types.ImageImportOptions{ Message: opts.message, Changes: opts.changes.GetAll(), } clnt := dockerCli.Client() responseBody, err := clnt.ImageImport(context.Background(), source, opts.reference, options) if err != nil { return err } defer responseBody.Close() return jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil) }
func runLoad(dockerCli *command.DockerCli, opts loadOptions) error { var input io.Reader = dockerCli.In() if opts.input != "" { // We use system.OpenSequential to use sequential file access on Windows, avoiding // depleting the standby list un-necessarily. On Linux, this equates to a regular os.Open. file, err := system.OpenSequential(opts.input) if err != nil { return err } defer file.Close() input = file } // To avoid getting stuck, verify that a tar file is given either in // the input flag or through stdin and if not display an error message and exit. if opts.input == "" && dockerCli.In().IsTerminal() { return fmt.Errorf("requested load from stdin, but stdin is empty") } if !dockerCli.Out().IsTerminal() { opts.quiet = true } response, err := dockerCli.Client().ImageLoad(context.Background(), input, opts.quiet) if err != nil { return err } defer response.Body.Close() if response.Body != nil && response.JSON { return jsonmessage.DisplayJSONMessagesToStream(response.Body, dockerCli.Out(), nil) } _, err = io.Copy(dockerCli.Out(), response.Body) return err }
// TrustedPush handles content trust pushing of an image func (cli *DockerCli) TrustedPush(ctx context.Context, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, requestPrivilege types.RequestPrivilegeFunc) error { responseBody, err := cli.ImagePushPrivileged(ctx, authConfig, ref.String(), requestPrivilege) if err != nil { return err } defer responseBody.Close() // If it is a trusted push we would like to find the target entry which match the // tag provided in the function and then do an AddTarget later. target := &client.Target{} // Count the times of calling for handleTarget, // if it is called more that once, that should be considered an error in a trusted push. cnt := 0 handleTarget := func(aux *json.RawMessage) { cnt++ if cnt > 1 { // handleTarget should only be called one. This will be treated as an error. return } var pushResult distribution.PushResult err := json.Unmarshal(*aux, &pushResult) if err == nil && pushResult.Tag != "" && pushResult.Digest.Validate() == nil { h, err := hex.DecodeString(pushResult.Digest.Hex()) if err != nil { target = nil return } target.Name = registry.ParseReference(pushResult.Tag).String() target.Hashes = data.Hashes{string(pushResult.Digest.Algorithm()): h} target.Length = int64(pushResult.Size) } } var tag string switch x := ref.(type) { case reference.Canonical: return errors.New("cannot push a digest reference") case reference.NamedTagged: tag = x.Tag() } // We want trust signatures to always take an explicit tag, // otherwise it will act as an untrusted push. if tag == "" { if err = jsonmessage.DisplayJSONMessagesToStream(responseBody, cli.Out(), nil); err != nil { return err } fmt.Fprintln(cli.out, "No tag specified, skipping trust metadata push") return nil } if err = jsonmessage.DisplayJSONMessagesToStream(responseBody, cli.Out(), handleTarget); err != nil { return err } if cnt > 1 { return fmt.Errorf("internal error: only one call to handleTarget expected") } if target == nil { fmt.Fprintln(cli.out, "No targets found, please provide a specific tag in order to sign it") return nil } fmt.Fprintln(cli.out, "Signing and pushing trust metadata") repo, err := cli.getNotaryRepository(repoInfo, authConfig, "push", "pull") if err != nil { fmt.Fprintf(cli.out, "Error establishing connection to notary repository: %s\n", err) return err } // get the latest repository metadata so we can figure out which roles to sign err = repo.Update(false) switch err.(type) { case client.ErrRepoNotInitialized, client.ErrRepositoryNotExist: keys := repo.CryptoService.ListKeys(data.CanonicalRootRole) var rootKeyID string // always select the first root key if len(keys) > 0 { sort.Strings(keys) rootKeyID = keys[0] } else { rootPublicKey, err := repo.CryptoService.Create(data.CanonicalRootRole, "", data.ECDSAKey) if err != nil { return err } rootKeyID = rootPublicKey.ID() } // Initialize the notary repository with a remotely managed snapshot key if err := repo.Initialize(rootKeyID, data.CanonicalSnapshotRole); err != nil { return notaryError(repoInfo.FullName(), err) } fmt.Fprintf(cli.out, "Finished initializing %q\n", repoInfo.FullName()) err = repo.AddTarget(target, data.CanonicalTargetsRole) case nil: // already initialized and we have successfully downloaded the latest metadata err = cli.addTargetToAllSignableRoles(repo, target) default: return notaryError(repoInfo.FullName(), err) } if err == nil { err = repo.Publish() } if err != nil { fmt.Fprintf(cli.out, "Failed to sign %q:%s - %s\n", repoInfo.FullName(), tag, err.Error()) return notaryError(repoInfo.FullName(), err) } fmt.Fprintf(cli.out, "Successfully signed %q:%s\n", repoInfo.FullName(), tag) return nil }
func runInstall(dockerCli *command.DockerCli, opts pluginOptions) error { // Parse name using distribution reference package to support name // containing both tag and digest. Names with both tag and digest // will be treated by the daemon as a pull by digest with // an alias for the tag (if no alias is provided). ref, err := distreference.ParseNamed(opts.name) if err != nil { return err } alias := "" if opts.alias != "" { aref, err := reference.ParseNamed(opts.alias) if err != nil { return err } aref = reference.WithDefaultTag(aref) if _, ok := aref.(reference.NamedTagged); !ok { return fmt.Errorf("invalid name: %s", opts.alias) } alias = aref.String() } ctx := context.Background() index, err := getRepoIndexFromUnnormalizedRef(ref) if err != nil { return err } remote := ref.String() _, isCanonical := ref.(distreference.Canonical) if command.IsTrusted() && !isCanonical { if alias == "" { alias = ref.String() } var nt reference.NamedTagged named, err := reference.ParseNamed(ref.Name()) if err != nil { return err } if tagged, ok := ref.(distreference.Tagged); ok { nt, err = reference.WithTag(named, tagged.Tag()) if err != nil { return err } } else { named = reference.WithDefaultTag(named) nt = named.(reference.NamedTagged) } trusted, err := image.TrustedReference(ctx, dockerCli, nt, newRegistryService()) if err != nil { return err } remote = trusted.String() } authConfig := command.ResolveAuthConfig(ctx, dockerCli, index) encodedAuth, err := command.EncodeAuthToBase64(authConfig) if err != nil { return err } registryAuthFunc := command.RegistryAuthenticationPrivilegedFunc(dockerCli, index, "plugin install") options := types.PluginInstallOptions{ RegistryAuth: encodedAuth, RemoteRef: remote, Disabled: opts.disable, AcceptAllPermissions: opts.grantPerms, AcceptPermissionsFunc: acceptPrivileges(dockerCli, opts.name), // TODO: Rename PrivilegeFunc, it has nothing to do with privileges PrivilegeFunc: registryAuthFunc, Args: opts.args, } responseBody, err := dockerCli.Client().PluginInstall(ctx, alias, options) if err != nil { if strings.Contains(err.Error(), "target is image") { return errors.New(err.Error() + " - Use `docker image pull`") } return err } defer responseBody.Close() if err := jsonmessage.DisplayJSONMessagesToStream(responseBody, dockerCli.Out(), nil); err != nil { return err } fmt.Fprintf(dockerCli.Out(), "Installed plugin %s\n", opts.name) // todo: return proper values from the API for this result return nil }