github.com/zhouyu0/docker-note@v0.0.0-20190722021225-b8d3825084db/distribution/push_v2.go (about)

     1  package distribution // import "github.com/docker/docker/distribution"
     2  
     3  import (
     4  	"context"
     5  	"errors"
     6  	"fmt"
     7  	"io"
     8  	"runtime"
     9  	"sort"
    10  	"strings"
    11  	"sync"
    12  
    13  	"github.com/docker/distribution"
    14  	"github.com/docker/distribution/manifest/schema1"
    15  	"github.com/docker/distribution/manifest/schema2"
    16  	"github.com/docker/distribution/reference"
    17  	"github.com/docker/distribution/registry/api/errcode"
    18  	"github.com/docker/distribution/registry/client"
    19  	apitypes "github.com/docker/docker/api/types"
    20  	"github.com/docker/docker/distribution/metadata"
    21  	"github.com/docker/docker/distribution/xfer"
    22  	"github.com/docker/docker/layer"
    23  	"github.com/docker/docker/pkg/ioutils"
    24  	"github.com/docker/docker/pkg/progress"
    25  	"github.com/docker/docker/pkg/stringid"
    26  	"github.com/docker/docker/registry"
    27  	"github.com/opencontainers/go-digest"
    28  	"github.com/sirupsen/logrus"
    29  )
    30  
    31  const (
    32  	smallLayerMaximumSize  = 100 * (1 << 10) // 100KB
    33  	middleLayerMaximumSize = 10 * (1 << 20)  // 10MB
    34  )
    35  
    36  type v2Pusher struct {
    37  	v2MetadataService metadata.V2MetadataService
    38  	ref               reference.Named
    39  	endpoint          registry.APIEndpoint
    40  	repoInfo          *registry.RepositoryInfo
    41  	config            *ImagePushConfig
    42  	repo              distribution.Repository
    43  
    44  	// pushState is state built by the Upload functions.
    45  	pushState pushState
    46  }
    47  
    48  type pushState struct {
    49  	sync.Mutex
    50  	// remoteLayers is the set of layers known to exist on the remote side.
    51  	// This avoids redundant queries when pushing multiple tags that
    52  	// involve the same layers. It is also used to fill in digest and size
    53  	// information when building the manifest.
    54  	remoteLayers map[layer.DiffID]distribution.Descriptor
    55  	// confirmedV2 is set to true if we confirm we're talking to a v2
    56  	// registry. This is used to limit fallbacks to the v1 protocol.
    57  	confirmedV2 bool
    58  	hasAuthInfo bool
    59  }
    60  
    61  func (p *v2Pusher) Push(ctx context.Context) (err error) {
    62  	p.pushState.remoteLayers = make(map[layer.DiffID]distribution.Descriptor)
    63  
    64  	p.repo, p.pushState.confirmedV2, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "push", "pull")
    65  	p.pushState.hasAuthInfo = p.config.AuthConfig.RegistryToken != "" || (p.config.AuthConfig.Username != "" && p.config.AuthConfig.Password != "")
    66  	if err != nil {
    67  		logrus.Debugf("Error getting v2 registry: %v", err)
    68  		return err
    69  	}
    70  
    71  	if err = p.pushV2Repository(ctx); err != nil {
    72  		if continueOnError(err, p.endpoint.Mirror) {
    73  			return fallbackError{
    74  				err:         err,
    75  				confirmedV2: p.pushState.confirmedV2,
    76  				transportOK: true,
    77  			}
    78  		}
    79  	}
    80  	return err
    81  }
    82  
    83  func (p *v2Pusher) pushV2Repository(ctx context.Context) (err error) {
    84  	if namedTagged, isNamedTagged := p.ref.(reference.NamedTagged); isNamedTagged {
    85  		imageID, err := p.config.ReferenceStore.Get(p.ref)
    86  		if err != nil {
    87  			return fmt.Errorf("tag does not exist: %s", reference.FamiliarString(p.ref))
    88  		}
    89  
    90  		return p.pushV2Tag(ctx, namedTagged, imageID)
    91  	}
    92  
    93  	if !reference.IsNameOnly(p.ref) {
    94  		return errors.New("cannot push a digest reference")
    95  	}
    96  
    97  	// Pull all tags
    98  	pushed := 0
    99  	for _, association := range p.config.ReferenceStore.ReferencesByName(p.ref) {
   100  		if namedTagged, isNamedTagged := association.Ref.(reference.NamedTagged); isNamedTagged {
   101  			pushed++
   102  			if err := p.pushV2Tag(ctx, namedTagged, association.ID); err != nil {
   103  				return err
   104  			}
   105  		}
   106  	}
   107  
   108  	if pushed == 0 {
   109  		return fmt.Errorf("no tags to push for %s", reference.FamiliarName(p.repoInfo.Name))
   110  	}
   111  
   112  	return nil
   113  }
   114  
   115  func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id digest.Digest) error {
   116  	logrus.Debugf("Pushing repository: %s", reference.FamiliarString(ref))
   117  
   118  	imgConfig, err := p.config.ImageStore.Get(id)
   119  	if err != nil {
   120  		return fmt.Errorf("could not find image from tag %s: %v", reference.FamiliarString(ref), err)
   121  	}
   122  
   123  	rootfs, err := p.config.ImageStore.RootFSFromConfig(imgConfig)
   124  	if err != nil {
   125  		return fmt.Errorf("unable to get rootfs for image %s: %s", reference.FamiliarString(ref), err)
   126  	}
   127  
   128  	platform, err := p.config.ImageStore.PlatformFromConfig(imgConfig)
   129  	if err != nil {
   130  		return fmt.Errorf("unable to get platform for image %s: %s", reference.FamiliarString(ref), err)
   131  	}
   132  
   133  	l, err := p.config.LayerStores[platform.OS].Get(rootfs.ChainID())
   134  	if err != nil {
   135  		return fmt.Errorf("failed to get top layer from image: %v", err)
   136  	}
   137  	defer l.Release()
   138  
   139  	hmacKey, err := metadata.ComputeV2MetadataHMACKey(p.config.AuthConfig)
   140  	if err != nil {
   141  		return fmt.Errorf("failed to compute hmac key of auth config: %v", err)
   142  	}
   143  
   144  	var descriptors []xfer.UploadDescriptor
   145  
   146  	descriptorTemplate := v2PushDescriptor{
   147  		v2MetadataService: p.v2MetadataService,
   148  		hmacKey:           hmacKey,
   149  		repoInfo:          p.repoInfo.Name,
   150  		ref:               p.ref,
   151  		endpoint:          p.endpoint,
   152  		repo:              p.repo,
   153  		pushState:         &p.pushState,
   154  	}
   155  
   156  	// Loop bounds condition is to avoid pushing the base layer on Windows.
   157  	for range rootfs.DiffIDs {
   158  		descriptor := descriptorTemplate
   159  		descriptor.layer = l
   160  		descriptor.checkedDigests = make(map[digest.Digest]struct{})
   161  		descriptors = append(descriptors, &descriptor)
   162  
   163  		l = l.Parent()
   164  	}
   165  
   166  	if err := p.config.UploadManager.Upload(ctx, descriptors, p.config.ProgressOutput); err != nil {
   167  		return err
   168  	}
   169  
   170  	// Try schema2 first
   171  	builder := schema2.NewManifestBuilder(p.repo.Blobs(ctx), p.config.ConfigMediaType, imgConfig)
   172  	manifest, err := manifestFromBuilder(ctx, builder, descriptors)
   173  	if err != nil {
   174  		return err
   175  	}
   176  
   177  	manSvc, err := p.repo.Manifests(ctx)
   178  	if err != nil {
   179  		return err
   180  	}
   181  
   182  	putOptions := []distribution.ManifestServiceOption{distribution.WithTag(ref.Tag())}
   183  	if _, err = manSvc.Put(ctx, manifest, putOptions...); err != nil {
   184  		if runtime.GOOS == "windows" || p.config.TrustKey == nil || p.config.RequireSchema2 {
   185  			logrus.Warnf("failed to upload schema2 manifest: %v", err)
   186  			return err
   187  		}
   188  
   189  		logrus.Warnf("failed to upload schema2 manifest: %v - falling back to schema1", err)
   190  
   191  		manifestRef, err := reference.WithTag(p.repo.Named(), ref.Tag())
   192  		if err != nil {
   193  			return err
   194  		}
   195  		builder = schema1.NewConfigManifestBuilder(p.repo.Blobs(ctx), p.config.TrustKey, manifestRef, imgConfig)
   196  		manifest, err = manifestFromBuilder(ctx, builder, descriptors)
   197  		if err != nil {
   198  			return err
   199  		}
   200  
   201  		if _, err = manSvc.Put(ctx, manifest, putOptions...); err != nil {
   202  			return err
   203  		}
   204  	}
   205  
   206  	var canonicalManifest []byte
   207  
   208  	switch v := manifest.(type) {
   209  	case *schema1.SignedManifest:
   210  		canonicalManifest = v.Canonical
   211  	case *schema2.DeserializedManifest:
   212  		_, canonicalManifest, err = v.Payload()
   213  		if err != nil {
   214  			return err
   215  		}
   216  	}
   217  
   218  	manifestDigest := digest.FromBytes(canonicalManifest)
   219  	progress.Messagef(p.config.ProgressOutput, "", "%s: digest: %s size: %d", ref.Tag(), manifestDigest, len(canonicalManifest))
   220  
   221  	if err := addDigestReference(p.config.ReferenceStore, ref, manifestDigest, id); err != nil {
   222  		return err
   223  	}
   224  
   225  	// Signal digest to the trust client so it can sign the
   226  	// push, if appropriate.
   227  	progress.Aux(p.config.ProgressOutput, apitypes.PushResult{Tag: ref.Tag(), Digest: manifestDigest.String(), Size: len(canonicalManifest)})
   228  
   229  	return nil
   230  }
   231  
   232  func manifestFromBuilder(ctx context.Context, builder distribution.ManifestBuilder, descriptors []xfer.UploadDescriptor) (distribution.Manifest, error) {
   233  	// descriptors is in reverse order; iterate backwards to get references
   234  	// appended in the right order.
   235  	for i := len(descriptors) - 1; i >= 0; i-- {
   236  		if err := builder.AppendReference(descriptors[i].(*v2PushDescriptor)); err != nil {
   237  			return nil, err
   238  		}
   239  	}
   240  
   241  	return builder.Build(ctx)
   242  }
   243  
   244  type v2PushDescriptor struct {
   245  	layer             PushLayer
   246  	v2MetadataService metadata.V2MetadataService
   247  	hmacKey           []byte
   248  	repoInfo          reference.Named
   249  	ref               reference.Named
   250  	endpoint          registry.APIEndpoint
   251  	repo              distribution.Repository
   252  	pushState         *pushState
   253  	remoteDescriptor  distribution.Descriptor
   254  	// a set of digests whose presence has been checked in a target repository
   255  	checkedDigests map[digest.Digest]struct{}
   256  }
   257  
   258  func (pd *v2PushDescriptor) Key() string {
   259  	return "v2push:" + pd.ref.Name() + " " + pd.layer.DiffID().String()
   260  }
   261  
   262  func (pd *v2PushDescriptor) ID() string {
   263  	return stringid.TruncateID(pd.layer.DiffID().String())
   264  }
   265  
   266  func (pd *v2PushDescriptor) DiffID() layer.DiffID {
   267  	return pd.layer.DiffID()
   268  }
   269  
   270  func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.Output) (distribution.Descriptor, error) {
   271  	// Skip foreign layers unless this registry allows nondistributable artifacts.
   272  	if !pd.endpoint.AllowNondistributableArtifacts {
   273  		if fs, ok := pd.layer.(distribution.Describable); ok {
   274  			if d := fs.Descriptor(); len(d.URLs) > 0 {
   275  				progress.Update(progressOutput, pd.ID(), "Skipped foreign layer")
   276  				return d, nil
   277  			}
   278  		}
   279  	}
   280  
   281  	diffID := pd.DiffID()
   282  
   283  	pd.pushState.Lock()
   284  	if descriptor, ok := pd.pushState.remoteLayers[diffID]; ok {
   285  		// it is already known that the push is not needed and
   286  		// therefore doing a stat is unnecessary
   287  		pd.pushState.Unlock()
   288  		progress.Update(progressOutput, pd.ID(), "Layer already exists")
   289  		return descriptor, nil
   290  	}
   291  	pd.pushState.Unlock()
   292  
   293  	maxMountAttempts, maxExistenceChecks, checkOtherRepositories := getMaxMountAndExistenceCheckAttempts(pd.layer)
   294  
   295  	// Do we have any metadata associated with this layer's DiffID?
   296  	v2Metadata, err := pd.v2MetadataService.GetMetadata(diffID)
   297  	if err == nil {
   298  		// check for blob existence in the target repository
   299  		descriptor, exists, err := pd.layerAlreadyExists(ctx, progressOutput, diffID, true, 1, v2Metadata)
   300  		if exists || err != nil {
   301  			return descriptor, err
   302  		}
   303  	}
   304  
   305  	// if digest was empty or not saved, or if blob does not exist on the remote repository,
   306  	// then push the blob.
   307  	bs := pd.repo.Blobs(ctx)
   308  
   309  	var layerUpload distribution.BlobWriter
   310  
   311  	// Attempt to find another repository in the same registry to mount the layer from to avoid an unnecessary upload
   312  	candidates := getRepositoryMountCandidates(pd.repoInfo, pd.hmacKey, maxMountAttempts, v2Metadata)
   313  	isUnauthorizedError := false
   314  	for _, mountCandidate := range candidates {
   315  		logrus.Debugf("attempting to mount layer %s (%s) from %s", diffID, mountCandidate.Digest, mountCandidate.SourceRepository)
   316  		createOpts := []distribution.BlobCreateOption{}
   317  
   318  		if len(mountCandidate.SourceRepository) > 0 {
   319  			namedRef, err := reference.ParseNormalizedNamed(mountCandidate.SourceRepository)
   320  			if err != nil {
   321  				logrus.Errorf("failed to parse source repository reference %v: %v", reference.FamiliarString(namedRef), err)
   322  				pd.v2MetadataService.Remove(mountCandidate)
   323  				continue
   324  			}
   325  
   326  			// Candidates are always under same domain, create remote reference
   327  			// with only path to set mount from with
   328  			remoteRef, err := reference.WithName(reference.Path(namedRef))
   329  			if err != nil {
   330  				logrus.Errorf("failed to make remote reference out of %q: %v", reference.Path(namedRef), err)
   331  				continue
   332  			}
   333  
   334  			canonicalRef, err := reference.WithDigest(reference.TrimNamed(remoteRef), mountCandidate.Digest)
   335  			if err != nil {
   336  				logrus.Errorf("failed to make canonical reference: %v", err)
   337  				continue
   338  			}
   339  
   340  			createOpts = append(createOpts, client.WithMountFrom(canonicalRef))
   341  		}
   342  
   343  		// send the layer
   344  		lu, err := bs.Create(ctx, createOpts...)
   345  		switch err := err.(type) {
   346  		case nil:
   347  			// noop
   348  		case distribution.ErrBlobMounted:
   349  			progress.Updatef(progressOutput, pd.ID(), "Mounted from %s", err.From.Name())
   350  
   351  			err.Descriptor.MediaType = schema2.MediaTypeLayer
   352  
   353  			pd.pushState.Lock()
   354  			pd.pushState.confirmedV2 = true
   355  			pd.pushState.remoteLayers[diffID] = err.Descriptor
   356  			pd.pushState.Unlock()
   357  
   358  			// Cache mapping from this layer's DiffID to the blobsum
   359  			if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{
   360  				Digest:           err.Descriptor.Digest,
   361  				SourceRepository: pd.repoInfo.Name(),
   362  			}); err != nil {
   363  				return distribution.Descriptor{}, xfer.DoNotRetry{Err: err}
   364  			}
   365  			return err.Descriptor, nil
   366  		case errcode.Errors:
   367  			for _, e := range err {
   368  				switch e := e.(type) {
   369  				case errcode.Error:
   370  					if e.Code == errcode.ErrorCodeUnauthorized {
   371  						// when unauthorized error that indicate user don't has right to push layer to register
   372  						logrus.Debugln("failed to push layer to registry because unauthorized error")
   373  						isUnauthorizedError = true
   374  					}
   375  				default:
   376  				}
   377  			}
   378  		default:
   379  			logrus.Infof("failed to mount layer %s (%s) from %s: %v", diffID, mountCandidate.Digest, mountCandidate.SourceRepository, err)
   380  		}
   381  
   382  		// when error is unauthorizedError and user don't hasAuthInfo that's the case user don't has right to push layer to register
   383  		// and he hasn't login either, in this case candidate cache should be removed
   384  		if len(mountCandidate.SourceRepository) > 0 &&
   385  			!(isUnauthorizedError && !pd.pushState.hasAuthInfo) &&
   386  			(metadata.CheckV2MetadataHMAC(&mountCandidate, pd.hmacKey) ||
   387  				len(mountCandidate.HMAC) == 0) {
   388  			cause := "blob mount failure"
   389  			if err != nil {
   390  				cause = fmt.Sprintf("an error: %v", err.Error())
   391  			}
   392  			logrus.Debugf("removing association between layer %s and %s due to %s", mountCandidate.Digest, mountCandidate.SourceRepository, cause)
   393  			pd.v2MetadataService.Remove(mountCandidate)
   394  		}
   395  
   396  		if lu != nil {
   397  			// cancel previous upload
   398  			cancelLayerUpload(ctx, mountCandidate.Digest, layerUpload)
   399  			layerUpload = lu
   400  		}
   401  	}
   402  
   403  	if maxExistenceChecks-len(pd.checkedDigests) > 0 {
   404  		// do additional layer existence checks with other known digests if any
   405  		descriptor, exists, err := pd.layerAlreadyExists(ctx, progressOutput, diffID, checkOtherRepositories, maxExistenceChecks-len(pd.checkedDigests), v2Metadata)
   406  		if exists || err != nil {
   407  			return descriptor, err
   408  		}
   409  	}
   410  
   411  	logrus.Debugf("Pushing layer: %s", diffID)
   412  	if layerUpload == nil {
   413  		layerUpload, err = bs.Create(ctx)
   414  		if err != nil {
   415  			return distribution.Descriptor{}, retryOnError(err)
   416  		}
   417  	}
   418  	defer layerUpload.Close()
   419  	// upload the blob
   420  	return pd.uploadUsingSession(ctx, progressOutput, diffID, layerUpload)
   421  }
   422  
   423  func (pd *v2PushDescriptor) SetRemoteDescriptor(descriptor distribution.Descriptor) {
   424  	pd.remoteDescriptor = descriptor
   425  }
   426  
   427  func (pd *v2PushDescriptor) Descriptor() distribution.Descriptor {
   428  	return pd.remoteDescriptor
   429  }
   430  
   431  func (pd *v2PushDescriptor) uploadUsingSession(
   432  	ctx context.Context,
   433  	progressOutput progress.Output,
   434  	diffID layer.DiffID,
   435  	layerUpload distribution.BlobWriter,
   436  ) (distribution.Descriptor, error) {
   437  	var reader io.ReadCloser
   438  
   439  	contentReader, err := pd.layer.Open()
   440  	if err != nil {
   441  		return distribution.Descriptor{}, retryOnError(err)
   442  	}
   443  
   444  	size, _ := pd.layer.Size()
   445  
   446  	reader = progress.NewProgressReader(ioutils.NewCancelReadCloser(ctx, contentReader), progressOutput, size, pd.ID(), "Pushing")
   447  
   448  	switch m := pd.layer.MediaType(); m {
   449  	case schema2.MediaTypeUncompressedLayer:
   450  		compressedReader, compressionDone := compress(reader)
   451  		defer func(closer io.Closer) {
   452  			closer.Close()
   453  			<-compressionDone
   454  		}(reader)
   455  		reader = compressedReader
   456  	case schema2.MediaTypeLayer:
   457  	default:
   458  		reader.Close()
   459  		return distribution.Descriptor{}, fmt.Errorf("unsupported layer media type %s", m)
   460  	}
   461  
   462  	digester := digest.Canonical.Digester()
   463  	tee := io.TeeReader(reader, digester.Hash())
   464  
   465  	nn, err := layerUpload.ReadFrom(tee)
   466  	reader.Close()
   467  	if err != nil {
   468  		return distribution.Descriptor{}, retryOnError(err)
   469  	}
   470  
   471  	pushDigest := digester.Digest()
   472  	if _, err := layerUpload.Commit(ctx, distribution.Descriptor{Digest: pushDigest}); err != nil {
   473  		return distribution.Descriptor{}, retryOnError(err)
   474  	}
   475  
   476  	logrus.Debugf("uploaded layer %s (%s), %d bytes", diffID, pushDigest, nn)
   477  	progress.Update(progressOutput, pd.ID(), "Pushed")
   478  
   479  	// Cache mapping from this layer's DiffID to the blobsum
   480  	if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{
   481  		Digest:           pushDigest,
   482  		SourceRepository: pd.repoInfo.Name(),
   483  	}); err != nil {
   484  		return distribution.Descriptor{}, xfer.DoNotRetry{Err: err}
   485  	}
   486  
   487  	desc := distribution.Descriptor{
   488  		Digest:    pushDigest,
   489  		MediaType: schema2.MediaTypeLayer,
   490  		Size:      nn,
   491  	}
   492  
   493  	pd.pushState.Lock()
   494  	// If Commit succeeded, that's an indication that the remote registry speaks the v2 protocol.
   495  	pd.pushState.confirmedV2 = true
   496  	pd.pushState.remoteLayers[diffID] = desc
   497  	pd.pushState.Unlock()
   498  
   499  	return desc, nil
   500  }
   501  
   502  // layerAlreadyExists checks if the registry already knows about any of the metadata passed in the "metadata"
   503  // slice. If it finds one that the registry knows about, it returns the known digest and "true". If
   504  // "checkOtherRepositories" is true, stat will be performed also with digests mapped to any other repository
   505  // (not just the target one).
   506  func (pd *v2PushDescriptor) layerAlreadyExists(
   507  	ctx context.Context,
   508  	progressOutput progress.Output,
   509  	diffID layer.DiffID,
   510  	checkOtherRepositories bool,
   511  	maxExistenceCheckAttempts int,
   512  	v2Metadata []metadata.V2Metadata,
   513  ) (desc distribution.Descriptor, exists bool, err error) {
   514  	// filter the metadata
   515  	candidates := []metadata.V2Metadata{}
   516  	for _, meta := range v2Metadata {
   517  		if len(meta.SourceRepository) > 0 && !checkOtherRepositories && meta.SourceRepository != pd.repoInfo.Name() {
   518  			continue
   519  		}
   520  		candidates = append(candidates, meta)
   521  	}
   522  	// sort the candidates by similarity
   523  	sortV2MetadataByLikenessAndAge(pd.repoInfo, pd.hmacKey, candidates)
   524  
   525  	digestToMetadata := make(map[digest.Digest]*metadata.V2Metadata)
   526  	// an array of unique blob digests ordered from the best mount candidates to worst
   527  	layerDigests := []digest.Digest{}
   528  	for i := 0; i < len(candidates); i++ {
   529  		if len(layerDigests) >= maxExistenceCheckAttempts {
   530  			break
   531  		}
   532  		meta := &candidates[i]
   533  		if _, exists := digestToMetadata[meta.Digest]; exists {
   534  			// keep reference just to the first mapping (the best mount candidate)
   535  			continue
   536  		}
   537  		if _, exists := pd.checkedDigests[meta.Digest]; exists {
   538  			// existence of this digest has already been tested
   539  			continue
   540  		}
   541  		digestToMetadata[meta.Digest] = meta
   542  		layerDigests = append(layerDigests, meta.Digest)
   543  	}
   544  
   545  attempts:
   546  	for _, dgst := range layerDigests {
   547  		meta := digestToMetadata[dgst]
   548  		logrus.Debugf("Checking for presence of layer %s (%s) in %s", diffID, dgst, pd.repoInfo.Name())
   549  		desc, err = pd.repo.Blobs(ctx).Stat(ctx, dgst)
   550  		pd.checkedDigests[meta.Digest] = struct{}{}
   551  		switch err {
   552  		case nil:
   553  			if m, ok := digestToMetadata[desc.Digest]; !ok || m.SourceRepository != pd.repoInfo.Name() || !metadata.CheckV2MetadataHMAC(m, pd.hmacKey) {
   554  				// cache mapping from this layer's DiffID to the blobsum
   555  				if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{
   556  					Digest:           desc.Digest,
   557  					SourceRepository: pd.repoInfo.Name(),
   558  				}); err != nil {
   559  					return distribution.Descriptor{}, false, xfer.DoNotRetry{Err: err}
   560  				}
   561  			}
   562  			desc.MediaType = schema2.MediaTypeLayer
   563  			exists = true
   564  			break attempts
   565  		case distribution.ErrBlobUnknown:
   566  			if meta.SourceRepository == pd.repoInfo.Name() {
   567  				// remove the mapping to the target repository
   568  				pd.v2MetadataService.Remove(*meta)
   569  			}
   570  		default:
   571  			logrus.WithError(err).Debugf("Failed to check for presence of layer %s (%s) in %s", diffID, dgst, pd.repoInfo.Name())
   572  		}
   573  	}
   574  
   575  	if exists {
   576  		progress.Update(progressOutput, pd.ID(), "Layer already exists")
   577  		pd.pushState.Lock()
   578  		pd.pushState.remoteLayers[diffID] = desc
   579  		pd.pushState.Unlock()
   580  	}
   581  
   582  	return desc, exists, nil
   583  }
   584  
   585  // getMaxMountAndExistenceCheckAttempts returns a maximum number of cross repository mount attempts from
   586  // source repositories of target registry, maximum number of layer existence checks performed on the target
   587  // repository and whether the check shall be done also with digests mapped to different repositories. The
   588  // decision is based on layer size. The smaller the layer, the fewer attempts shall be made because the cost
   589  // of upload does not outweigh a latency.
   590  func getMaxMountAndExistenceCheckAttempts(layer PushLayer) (maxMountAttempts, maxExistenceCheckAttempts int, checkOtherRepositories bool) {
   591  	size, err := layer.Size()
   592  	switch {
   593  	// big blob
   594  	case size > middleLayerMaximumSize:
   595  		// 1st attempt to mount the blob few times
   596  		// 2nd few existence checks with digests associated to any repository
   597  		// then fallback to upload
   598  		return 4, 3, true
   599  
   600  	// middle sized blobs; if we could not get the size, assume we deal with middle sized blob
   601  	case size > smallLayerMaximumSize, err != nil:
   602  		// 1st attempt to mount blobs of average size few times
   603  		// 2nd try at most 1 existence check if there's an existing mapping to the target repository
   604  		// then fallback to upload
   605  		return 3, 1, false
   606  
   607  	// small blobs, do a minimum number of checks
   608  	default:
   609  		return 1, 1, false
   610  	}
   611  }
   612  
   613  // getRepositoryMountCandidates returns an array of v2 metadata items belonging to the given registry. The
   614  // array is sorted from youngest to oldest. If requireRegistryMatch is true, the resulting array will contain
   615  // only metadata entries having registry part of SourceRepository matching the part of repoInfo.
   616  func getRepositoryMountCandidates(
   617  	repoInfo reference.Named,
   618  	hmacKey []byte,
   619  	max int,
   620  	v2Metadata []metadata.V2Metadata,
   621  ) []metadata.V2Metadata {
   622  	candidates := []metadata.V2Metadata{}
   623  	for _, meta := range v2Metadata {
   624  		sourceRepo, err := reference.ParseNamed(meta.SourceRepository)
   625  		if err != nil || reference.Domain(repoInfo) != reference.Domain(sourceRepo) {
   626  			continue
   627  		}
   628  		// target repository is not a viable candidate
   629  		if meta.SourceRepository == repoInfo.Name() {
   630  			continue
   631  		}
   632  		candidates = append(candidates, meta)
   633  	}
   634  
   635  	sortV2MetadataByLikenessAndAge(repoInfo, hmacKey, candidates)
   636  	if max >= 0 && len(candidates) > max {
   637  		// select the youngest metadata
   638  		candidates = candidates[:max]
   639  	}
   640  
   641  	return candidates
   642  }
   643  
   644  // byLikeness is a sorting container for v2 metadata candidates for cross repository mount. The
   645  // candidate "a" is preferred over "b":
   646  //
   647  //  1. if it was hashed using the same AuthConfig as the one used to authenticate to target repository and the
   648  //     "b" was not
   649  //  2. if a number of its repository path components exactly matching path components of target repository is higher
   650  type byLikeness struct {
   651  	arr            []metadata.V2Metadata
   652  	hmacKey        []byte
   653  	pathComponents []string
   654  }
   655  
   656  func (bla byLikeness) Less(i, j int) bool {
   657  	aMacMatch := metadata.CheckV2MetadataHMAC(&bla.arr[i], bla.hmacKey)
   658  	bMacMatch := metadata.CheckV2MetadataHMAC(&bla.arr[j], bla.hmacKey)
   659  	if aMacMatch != bMacMatch {
   660  		return aMacMatch
   661  	}
   662  	aMatch := numOfMatchingPathComponents(bla.arr[i].SourceRepository, bla.pathComponents)
   663  	bMatch := numOfMatchingPathComponents(bla.arr[j].SourceRepository, bla.pathComponents)
   664  	return aMatch > bMatch
   665  }
   666  func (bla byLikeness) Swap(i, j int) {
   667  	bla.arr[i], bla.arr[j] = bla.arr[j], bla.arr[i]
   668  }
   669  func (bla byLikeness) Len() int { return len(bla.arr) }
   670  
   671  // nolint: interfacer
   672  func sortV2MetadataByLikenessAndAge(repoInfo reference.Named, hmacKey []byte, marr []metadata.V2Metadata) {
   673  	// reverse the metadata array to shift the newest entries to the beginning
   674  	for i := 0; i < len(marr)/2; i++ {
   675  		marr[i], marr[len(marr)-i-1] = marr[len(marr)-i-1], marr[i]
   676  	}
   677  	// keep equal entries ordered from the youngest to the oldest
   678  	sort.Stable(byLikeness{
   679  		arr:            marr,
   680  		hmacKey:        hmacKey,
   681  		pathComponents: getPathComponents(repoInfo.Name()),
   682  	})
   683  }
   684  
   685  // numOfMatchingPathComponents returns a number of path components in "pth" that exactly match "matchComponents".
   686  func numOfMatchingPathComponents(pth string, matchComponents []string) int {
   687  	pthComponents := getPathComponents(pth)
   688  	i := 0
   689  	for ; i < len(pthComponents) && i < len(matchComponents); i++ {
   690  		if matchComponents[i] != pthComponents[i] {
   691  			return i
   692  		}
   693  	}
   694  	return i
   695  }
   696  
   697  func getPathComponents(path string) []string {
   698  	return strings.Split(path, "/")
   699  }
   700  
   701  func cancelLayerUpload(ctx context.Context, dgst digest.Digest, layerUpload distribution.BlobWriter) {
   702  	if layerUpload != nil {
   703  		logrus.Debugf("cancelling upload of blob %s", dgst)
   704  		err := layerUpload.Cancel(ctx)
   705  		if err != nil {
   706  			logrus.Warnf("failed to cancel upload: %v", err)
   707  		}
   708  	}
   709  }