github.com/zhouyu0/docker-note@v0.0.0-20190722021225-b8d3825084db/distribution/push_v2.go (about) 1 package distribution // import "github.com/docker/docker/distribution" 2 3 import ( 4 "context" 5 "errors" 6 "fmt" 7 "io" 8 "runtime" 9 "sort" 10 "strings" 11 "sync" 12 13 "github.com/docker/distribution" 14 "github.com/docker/distribution/manifest/schema1" 15 "github.com/docker/distribution/manifest/schema2" 16 "github.com/docker/distribution/reference" 17 "github.com/docker/distribution/registry/api/errcode" 18 "github.com/docker/distribution/registry/client" 19 apitypes "github.com/docker/docker/api/types" 20 "github.com/docker/docker/distribution/metadata" 21 "github.com/docker/docker/distribution/xfer" 22 "github.com/docker/docker/layer" 23 "github.com/docker/docker/pkg/ioutils" 24 "github.com/docker/docker/pkg/progress" 25 "github.com/docker/docker/pkg/stringid" 26 "github.com/docker/docker/registry" 27 "github.com/opencontainers/go-digest" 28 "github.com/sirupsen/logrus" 29 ) 30 31 const ( 32 smallLayerMaximumSize = 100 * (1 << 10) // 100KB 33 middleLayerMaximumSize = 10 * (1 << 20) // 10MB 34 ) 35 36 type v2Pusher struct { 37 v2MetadataService metadata.V2MetadataService 38 ref reference.Named 39 endpoint registry.APIEndpoint 40 repoInfo *registry.RepositoryInfo 41 config *ImagePushConfig 42 repo distribution.Repository 43 44 // pushState is state built by the Upload functions. 45 pushState pushState 46 } 47 48 type pushState struct { 49 sync.Mutex 50 // remoteLayers is the set of layers known to exist on the remote side. 51 // This avoids redundant queries when pushing multiple tags that 52 // involve the same layers. It is also used to fill in digest and size 53 // information when building the manifest. 54 remoteLayers map[layer.DiffID]distribution.Descriptor 55 // confirmedV2 is set to true if we confirm we're talking to a v2 56 // registry. This is used to limit fallbacks to the v1 protocol. 57 confirmedV2 bool 58 hasAuthInfo bool 59 } 60 61 func (p *v2Pusher) Push(ctx context.Context) (err error) { 62 p.pushState.remoteLayers = make(map[layer.DiffID]distribution.Descriptor) 63 64 p.repo, p.pushState.confirmedV2, err = NewV2Repository(ctx, p.repoInfo, p.endpoint, p.config.MetaHeaders, p.config.AuthConfig, "push", "pull") 65 p.pushState.hasAuthInfo = p.config.AuthConfig.RegistryToken != "" || (p.config.AuthConfig.Username != "" && p.config.AuthConfig.Password != "") 66 if err != nil { 67 logrus.Debugf("Error getting v2 registry: %v", err) 68 return err 69 } 70 71 if err = p.pushV2Repository(ctx); err != nil { 72 if continueOnError(err, p.endpoint.Mirror) { 73 return fallbackError{ 74 err: err, 75 confirmedV2: p.pushState.confirmedV2, 76 transportOK: true, 77 } 78 } 79 } 80 return err 81 } 82 83 func (p *v2Pusher) pushV2Repository(ctx context.Context) (err error) { 84 if namedTagged, isNamedTagged := p.ref.(reference.NamedTagged); isNamedTagged { 85 imageID, err := p.config.ReferenceStore.Get(p.ref) 86 if err != nil { 87 return fmt.Errorf("tag does not exist: %s", reference.FamiliarString(p.ref)) 88 } 89 90 return p.pushV2Tag(ctx, namedTagged, imageID) 91 } 92 93 if !reference.IsNameOnly(p.ref) { 94 return errors.New("cannot push a digest reference") 95 } 96 97 // Pull all tags 98 pushed := 0 99 for _, association := range p.config.ReferenceStore.ReferencesByName(p.ref) { 100 if namedTagged, isNamedTagged := association.Ref.(reference.NamedTagged); isNamedTagged { 101 pushed++ 102 if err := p.pushV2Tag(ctx, namedTagged, association.ID); err != nil { 103 return err 104 } 105 } 106 } 107 108 if pushed == 0 { 109 return fmt.Errorf("no tags to push for %s", reference.FamiliarName(p.repoInfo.Name)) 110 } 111 112 return nil 113 } 114 115 func (p *v2Pusher) pushV2Tag(ctx context.Context, ref reference.NamedTagged, id digest.Digest) error { 116 logrus.Debugf("Pushing repository: %s", reference.FamiliarString(ref)) 117 118 imgConfig, err := p.config.ImageStore.Get(id) 119 if err != nil { 120 return fmt.Errorf("could not find image from tag %s: %v", reference.FamiliarString(ref), err) 121 } 122 123 rootfs, err := p.config.ImageStore.RootFSFromConfig(imgConfig) 124 if err != nil { 125 return fmt.Errorf("unable to get rootfs for image %s: %s", reference.FamiliarString(ref), err) 126 } 127 128 platform, err := p.config.ImageStore.PlatformFromConfig(imgConfig) 129 if err != nil { 130 return fmt.Errorf("unable to get platform for image %s: %s", reference.FamiliarString(ref), err) 131 } 132 133 l, err := p.config.LayerStores[platform.OS].Get(rootfs.ChainID()) 134 if err != nil { 135 return fmt.Errorf("failed to get top layer from image: %v", err) 136 } 137 defer l.Release() 138 139 hmacKey, err := metadata.ComputeV2MetadataHMACKey(p.config.AuthConfig) 140 if err != nil { 141 return fmt.Errorf("failed to compute hmac key of auth config: %v", err) 142 } 143 144 var descriptors []xfer.UploadDescriptor 145 146 descriptorTemplate := v2PushDescriptor{ 147 v2MetadataService: p.v2MetadataService, 148 hmacKey: hmacKey, 149 repoInfo: p.repoInfo.Name, 150 ref: p.ref, 151 endpoint: p.endpoint, 152 repo: p.repo, 153 pushState: &p.pushState, 154 } 155 156 // Loop bounds condition is to avoid pushing the base layer on Windows. 157 for range rootfs.DiffIDs { 158 descriptor := descriptorTemplate 159 descriptor.layer = l 160 descriptor.checkedDigests = make(map[digest.Digest]struct{}) 161 descriptors = append(descriptors, &descriptor) 162 163 l = l.Parent() 164 } 165 166 if err := p.config.UploadManager.Upload(ctx, descriptors, p.config.ProgressOutput); err != nil { 167 return err 168 } 169 170 // Try schema2 first 171 builder := schema2.NewManifestBuilder(p.repo.Blobs(ctx), p.config.ConfigMediaType, imgConfig) 172 manifest, err := manifestFromBuilder(ctx, builder, descriptors) 173 if err != nil { 174 return err 175 } 176 177 manSvc, err := p.repo.Manifests(ctx) 178 if err != nil { 179 return err 180 } 181 182 putOptions := []distribution.ManifestServiceOption{distribution.WithTag(ref.Tag())} 183 if _, err = manSvc.Put(ctx, manifest, putOptions...); err != nil { 184 if runtime.GOOS == "windows" || p.config.TrustKey == nil || p.config.RequireSchema2 { 185 logrus.Warnf("failed to upload schema2 manifest: %v", err) 186 return err 187 } 188 189 logrus.Warnf("failed to upload schema2 manifest: %v - falling back to schema1", err) 190 191 manifestRef, err := reference.WithTag(p.repo.Named(), ref.Tag()) 192 if err != nil { 193 return err 194 } 195 builder = schema1.NewConfigManifestBuilder(p.repo.Blobs(ctx), p.config.TrustKey, manifestRef, imgConfig) 196 manifest, err = manifestFromBuilder(ctx, builder, descriptors) 197 if err != nil { 198 return err 199 } 200 201 if _, err = manSvc.Put(ctx, manifest, putOptions...); err != nil { 202 return err 203 } 204 } 205 206 var canonicalManifest []byte 207 208 switch v := manifest.(type) { 209 case *schema1.SignedManifest: 210 canonicalManifest = v.Canonical 211 case *schema2.DeserializedManifest: 212 _, canonicalManifest, err = v.Payload() 213 if err != nil { 214 return err 215 } 216 } 217 218 manifestDigest := digest.FromBytes(canonicalManifest) 219 progress.Messagef(p.config.ProgressOutput, "", "%s: digest: %s size: %d", ref.Tag(), manifestDigest, len(canonicalManifest)) 220 221 if err := addDigestReference(p.config.ReferenceStore, ref, manifestDigest, id); err != nil { 222 return err 223 } 224 225 // Signal digest to the trust client so it can sign the 226 // push, if appropriate. 227 progress.Aux(p.config.ProgressOutput, apitypes.PushResult{Tag: ref.Tag(), Digest: manifestDigest.String(), Size: len(canonicalManifest)}) 228 229 return nil 230 } 231 232 func manifestFromBuilder(ctx context.Context, builder distribution.ManifestBuilder, descriptors []xfer.UploadDescriptor) (distribution.Manifest, error) { 233 // descriptors is in reverse order; iterate backwards to get references 234 // appended in the right order. 235 for i := len(descriptors) - 1; i >= 0; i-- { 236 if err := builder.AppendReference(descriptors[i].(*v2PushDescriptor)); err != nil { 237 return nil, err 238 } 239 } 240 241 return builder.Build(ctx) 242 } 243 244 type v2PushDescriptor struct { 245 layer PushLayer 246 v2MetadataService metadata.V2MetadataService 247 hmacKey []byte 248 repoInfo reference.Named 249 ref reference.Named 250 endpoint registry.APIEndpoint 251 repo distribution.Repository 252 pushState *pushState 253 remoteDescriptor distribution.Descriptor 254 // a set of digests whose presence has been checked in a target repository 255 checkedDigests map[digest.Digest]struct{} 256 } 257 258 func (pd *v2PushDescriptor) Key() string { 259 return "v2push:" + pd.ref.Name() + " " + pd.layer.DiffID().String() 260 } 261 262 func (pd *v2PushDescriptor) ID() string { 263 return stringid.TruncateID(pd.layer.DiffID().String()) 264 } 265 266 func (pd *v2PushDescriptor) DiffID() layer.DiffID { 267 return pd.layer.DiffID() 268 } 269 270 func (pd *v2PushDescriptor) Upload(ctx context.Context, progressOutput progress.Output) (distribution.Descriptor, error) { 271 // Skip foreign layers unless this registry allows nondistributable artifacts. 272 if !pd.endpoint.AllowNondistributableArtifacts { 273 if fs, ok := pd.layer.(distribution.Describable); ok { 274 if d := fs.Descriptor(); len(d.URLs) > 0 { 275 progress.Update(progressOutput, pd.ID(), "Skipped foreign layer") 276 return d, nil 277 } 278 } 279 } 280 281 diffID := pd.DiffID() 282 283 pd.pushState.Lock() 284 if descriptor, ok := pd.pushState.remoteLayers[diffID]; ok { 285 // it is already known that the push is not needed and 286 // therefore doing a stat is unnecessary 287 pd.pushState.Unlock() 288 progress.Update(progressOutput, pd.ID(), "Layer already exists") 289 return descriptor, nil 290 } 291 pd.pushState.Unlock() 292 293 maxMountAttempts, maxExistenceChecks, checkOtherRepositories := getMaxMountAndExistenceCheckAttempts(pd.layer) 294 295 // Do we have any metadata associated with this layer's DiffID? 296 v2Metadata, err := pd.v2MetadataService.GetMetadata(diffID) 297 if err == nil { 298 // check for blob existence in the target repository 299 descriptor, exists, err := pd.layerAlreadyExists(ctx, progressOutput, diffID, true, 1, v2Metadata) 300 if exists || err != nil { 301 return descriptor, err 302 } 303 } 304 305 // if digest was empty or not saved, or if blob does not exist on the remote repository, 306 // then push the blob. 307 bs := pd.repo.Blobs(ctx) 308 309 var layerUpload distribution.BlobWriter 310 311 // Attempt to find another repository in the same registry to mount the layer from to avoid an unnecessary upload 312 candidates := getRepositoryMountCandidates(pd.repoInfo, pd.hmacKey, maxMountAttempts, v2Metadata) 313 isUnauthorizedError := false 314 for _, mountCandidate := range candidates { 315 logrus.Debugf("attempting to mount layer %s (%s) from %s", diffID, mountCandidate.Digest, mountCandidate.SourceRepository) 316 createOpts := []distribution.BlobCreateOption{} 317 318 if len(mountCandidate.SourceRepository) > 0 { 319 namedRef, err := reference.ParseNormalizedNamed(mountCandidate.SourceRepository) 320 if err != nil { 321 logrus.Errorf("failed to parse source repository reference %v: %v", reference.FamiliarString(namedRef), err) 322 pd.v2MetadataService.Remove(mountCandidate) 323 continue 324 } 325 326 // Candidates are always under same domain, create remote reference 327 // with only path to set mount from with 328 remoteRef, err := reference.WithName(reference.Path(namedRef)) 329 if err != nil { 330 logrus.Errorf("failed to make remote reference out of %q: %v", reference.Path(namedRef), err) 331 continue 332 } 333 334 canonicalRef, err := reference.WithDigest(reference.TrimNamed(remoteRef), mountCandidate.Digest) 335 if err != nil { 336 logrus.Errorf("failed to make canonical reference: %v", err) 337 continue 338 } 339 340 createOpts = append(createOpts, client.WithMountFrom(canonicalRef)) 341 } 342 343 // send the layer 344 lu, err := bs.Create(ctx, createOpts...) 345 switch err := err.(type) { 346 case nil: 347 // noop 348 case distribution.ErrBlobMounted: 349 progress.Updatef(progressOutput, pd.ID(), "Mounted from %s", err.From.Name()) 350 351 err.Descriptor.MediaType = schema2.MediaTypeLayer 352 353 pd.pushState.Lock() 354 pd.pushState.confirmedV2 = true 355 pd.pushState.remoteLayers[diffID] = err.Descriptor 356 pd.pushState.Unlock() 357 358 // Cache mapping from this layer's DiffID to the blobsum 359 if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{ 360 Digest: err.Descriptor.Digest, 361 SourceRepository: pd.repoInfo.Name(), 362 }); err != nil { 363 return distribution.Descriptor{}, xfer.DoNotRetry{Err: err} 364 } 365 return err.Descriptor, nil 366 case errcode.Errors: 367 for _, e := range err { 368 switch e := e.(type) { 369 case errcode.Error: 370 if e.Code == errcode.ErrorCodeUnauthorized { 371 // when unauthorized error that indicate user don't has right to push layer to register 372 logrus.Debugln("failed to push layer to registry because unauthorized error") 373 isUnauthorizedError = true 374 } 375 default: 376 } 377 } 378 default: 379 logrus.Infof("failed to mount layer %s (%s) from %s: %v", diffID, mountCandidate.Digest, mountCandidate.SourceRepository, err) 380 } 381 382 // when error is unauthorizedError and user don't hasAuthInfo that's the case user don't has right to push layer to register 383 // and he hasn't login either, in this case candidate cache should be removed 384 if len(mountCandidate.SourceRepository) > 0 && 385 !(isUnauthorizedError && !pd.pushState.hasAuthInfo) && 386 (metadata.CheckV2MetadataHMAC(&mountCandidate, pd.hmacKey) || 387 len(mountCandidate.HMAC) == 0) { 388 cause := "blob mount failure" 389 if err != nil { 390 cause = fmt.Sprintf("an error: %v", err.Error()) 391 } 392 logrus.Debugf("removing association between layer %s and %s due to %s", mountCandidate.Digest, mountCandidate.SourceRepository, cause) 393 pd.v2MetadataService.Remove(mountCandidate) 394 } 395 396 if lu != nil { 397 // cancel previous upload 398 cancelLayerUpload(ctx, mountCandidate.Digest, layerUpload) 399 layerUpload = lu 400 } 401 } 402 403 if maxExistenceChecks-len(pd.checkedDigests) > 0 { 404 // do additional layer existence checks with other known digests if any 405 descriptor, exists, err := pd.layerAlreadyExists(ctx, progressOutput, diffID, checkOtherRepositories, maxExistenceChecks-len(pd.checkedDigests), v2Metadata) 406 if exists || err != nil { 407 return descriptor, err 408 } 409 } 410 411 logrus.Debugf("Pushing layer: %s", diffID) 412 if layerUpload == nil { 413 layerUpload, err = bs.Create(ctx) 414 if err != nil { 415 return distribution.Descriptor{}, retryOnError(err) 416 } 417 } 418 defer layerUpload.Close() 419 // upload the blob 420 return pd.uploadUsingSession(ctx, progressOutput, diffID, layerUpload) 421 } 422 423 func (pd *v2PushDescriptor) SetRemoteDescriptor(descriptor distribution.Descriptor) { 424 pd.remoteDescriptor = descriptor 425 } 426 427 func (pd *v2PushDescriptor) Descriptor() distribution.Descriptor { 428 return pd.remoteDescriptor 429 } 430 431 func (pd *v2PushDescriptor) uploadUsingSession( 432 ctx context.Context, 433 progressOutput progress.Output, 434 diffID layer.DiffID, 435 layerUpload distribution.BlobWriter, 436 ) (distribution.Descriptor, error) { 437 var reader io.ReadCloser 438 439 contentReader, err := pd.layer.Open() 440 if err != nil { 441 return distribution.Descriptor{}, retryOnError(err) 442 } 443 444 size, _ := pd.layer.Size() 445 446 reader = progress.NewProgressReader(ioutils.NewCancelReadCloser(ctx, contentReader), progressOutput, size, pd.ID(), "Pushing") 447 448 switch m := pd.layer.MediaType(); m { 449 case schema2.MediaTypeUncompressedLayer: 450 compressedReader, compressionDone := compress(reader) 451 defer func(closer io.Closer) { 452 closer.Close() 453 <-compressionDone 454 }(reader) 455 reader = compressedReader 456 case schema2.MediaTypeLayer: 457 default: 458 reader.Close() 459 return distribution.Descriptor{}, fmt.Errorf("unsupported layer media type %s", m) 460 } 461 462 digester := digest.Canonical.Digester() 463 tee := io.TeeReader(reader, digester.Hash()) 464 465 nn, err := layerUpload.ReadFrom(tee) 466 reader.Close() 467 if err != nil { 468 return distribution.Descriptor{}, retryOnError(err) 469 } 470 471 pushDigest := digester.Digest() 472 if _, err := layerUpload.Commit(ctx, distribution.Descriptor{Digest: pushDigest}); err != nil { 473 return distribution.Descriptor{}, retryOnError(err) 474 } 475 476 logrus.Debugf("uploaded layer %s (%s), %d bytes", diffID, pushDigest, nn) 477 progress.Update(progressOutput, pd.ID(), "Pushed") 478 479 // Cache mapping from this layer's DiffID to the blobsum 480 if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{ 481 Digest: pushDigest, 482 SourceRepository: pd.repoInfo.Name(), 483 }); err != nil { 484 return distribution.Descriptor{}, xfer.DoNotRetry{Err: err} 485 } 486 487 desc := distribution.Descriptor{ 488 Digest: pushDigest, 489 MediaType: schema2.MediaTypeLayer, 490 Size: nn, 491 } 492 493 pd.pushState.Lock() 494 // If Commit succeeded, that's an indication that the remote registry speaks the v2 protocol. 495 pd.pushState.confirmedV2 = true 496 pd.pushState.remoteLayers[diffID] = desc 497 pd.pushState.Unlock() 498 499 return desc, nil 500 } 501 502 // layerAlreadyExists checks if the registry already knows about any of the metadata passed in the "metadata" 503 // slice. If it finds one that the registry knows about, it returns the known digest and "true". If 504 // "checkOtherRepositories" is true, stat will be performed also with digests mapped to any other repository 505 // (not just the target one). 506 func (pd *v2PushDescriptor) layerAlreadyExists( 507 ctx context.Context, 508 progressOutput progress.Output, 509 diffID layer.DiffID, 510 checkOtherRepositories bool, 511 maxExistenceCheckAttempts int, 512 v2Metadata []metadata.V2Metadata, 513 ) (desc distribution.Descriptor, exists bool, err error) { 514 // filter the metadata 515 candidates := []metadata.V2Metadata{} 516 for _, meta := range v2Metadata { 517 if len(meta.SourceRepository) > 0 && !checkOtherRepositories && meta.SourceRepository != pd.repoInfo.Name() { 518 continue 519 } 520 candidates = append(candidates, meta) 521 } 522 // sort the candidates by similarity 523 sortV2MetadataByLikenessAndAge(pd.repoInfo, pd.hmacKey, candidates) 524 525 digestToMetadata := make(map[digest.Digest]*metadata.V2Metadata) 526 // an array of unique blob digests ordered from the best mount candidates to worst 527 layerDigests := []digest.Digest{} 528 for i := 0; i < len(candidates); i++ { 529 if len(layerDigests) >= maxExistenceCheckAttempts { 530 break 531 } 532 meta := &candidates[i] 533 if _, exists := digestToMetadata[meta.Digest]; exists { 534 // keep reference just to the first mapping (the best mount candidate) 535 continue 536 } 537 if _, exists := pd.checkedDigests[meta.Digest]; exists { 538 // existence of this digest has already been tested 539 continue 540 } 541 digestToMetadata[meta.Digest] = meta 542 layerDigests = append(layerDigests, meta.Digest) 543 } 544 545 attempts: 546 for _, dgst := range layerDigests { 547 meta := digestToMetadata[dgst] 548 logrus.Debugf("Checking for presence of layer %s (%s) in %s", diffID, dgst, pd.repoInfo.Name()) 549 desc, err = pd.repo.Blobs(ctx).Stat(ctx, dgst) 550 pd.checkedDigests[meta.Digest] = struct{}{} 551 switch err { 552 case nil: 553 if m, ok := digestToMetadata[desc.Digest]; !ok || m.SourceRepository != pd.repoInfo.Name() || !metadata.CheckV2MetadataHMAC(m, pd.hmacKey) { 554 // cache mapping from this layer's DiffID to the blobsum 555 if err := pd.v2MetadataService.TagAndAdd(diffID, pd.hmacKey, metadata.V2Metadata{ 556 Digest: desc.Digest, 557 SourceRepository: pd.repoInfo.Name(), 558 }); err != nil { 559 return distribution.Descriptor{}, false, xfer.DoNotRetry{Err: err} 560 } 561 } 562 desc.MediaType = schema2.MediaTypeLayer 563 exists = true 564 break attempts 565 case distribution.ErrBlobUnknown: 566 if meta.SourceRepository == pd.repoInfo.Name() { 567 // remove the mapping to the target repository 568 pd.v2MetadataService.Remove(*meta) 569 } 570 default: 571 logrus.WithError(err).Debugf("Failed to check for presence of layer %s (%s) in %s", diffID, dgst, pd.repoInfo.Name()) 572 } 573 } 574 575 if exists { 576 progress.Update(progressOutput, pd.ID(), "Layer already exists") 577 pd.pushState.Lock() 578 pd.pushState.remoteLayers[diffID] = desc 579 pd.pushState.Unlock() 580 } 581 582 return desc, exists, nil 583 } 584 585 // getMaxMountAndExistenceCheckAttempts returns a maximum number of cross repository mount attempts from 586 // source repositories of target registry, maximum number of layer existence checks performed on the target 587 // repository and whether the check shall be done also with digests mapped to different repositories. The 588 // decision is based on layer size. The smaller the layer, the fewer attempts shall be made because the cost 589 // of upload does not outweigh a latency. 590 func getMaxMountAndExistenceCheckAttempts(layer PushLayer) (maxMountAttempts, maxExistenceCheckAttempts int, checkOtherRepositories bool) { 591 size, err := layer.Size() 592 switch { 593 // big blob 594 case size > middleLayerMaximumSize: 595 // 1st attempt to mount the blob few times 596 // 2nd few existence checks with digests associated to any repository 597 // then fallback to upload 598 return 4, 3, true 599 600 // middle sized blobs; if we could not get the size, assume we deal with middle sized blob 601 case size > smallLayerMaximumSize, err != nil: 602 // 1st attempt to mount blobs of average size few times 603 // 2nd try at most 1 existence check if there's an existing mapping to the target repository 604 // then fallback to upload 605 return 3, 1, false 606 607 // small blobs, do a minimum number of checks 608 default: 609 return 1, 1, false 610 } 611 } 612 613 // getRepositoryMountCandidates returns an array of v2 metadata items belonging to the given registry. The 614 // array is sorted from youngest to oldest. If requireRegistryMatch is true, the resulting array will contain 615 // only metadata entries having registry part of SourceRepository matching the part of repoInfo. 616 func getRepositoryMountCandidates( 617 repoInfo reference.Named, 618 hmacKey []byte, 619 max int, 620 v2Metadata []metadata.V2Metadata, 621 ) []metadata.V2Metadata { 622 candidates := []metadata.V2Metadata{} 623 for _, meta := range v2Metadata { 624 sourceRepo, err := reference.ParseNamed(meta.SourceRepository) 625 if err != nil || reference.Domain(repoInfo) != reference.Domain(sourceRepo) { 626 continue 627 } 628 // target repository is not a viable candidate 629 if meta.SourceRepository == repoInfo.Name() { 630 continue 631 } 632 candidates = append(candidates, meta) 633 } 634 635 sortV2MetadataByLikenessAndAge(repoInfo, hmacKey, candidates) 636 if max >= 0 && len(candidates) > max { 637 // select the youngest metadata 638 candidates = candidates[:max] 639 } 640 641 return candidates 642 } 643 644 // byLikeness is a sorting container for v2 metadata candidates for cross repository mount. The 645 // candidate "a" is preferred over "b": 646 // 647 // 1. if it was hashed using the same AuthConfig as the one used to authenticate to target repository and the 648 // "b" was not 649 // 2. if a number of its repository path components exactly matching path components of target repository is higher 650 type byLikeness struct { 651 arr []metadata.V2Metadata 652 hmacKey []byte 653 pathComponents []string 654 } 655 656 func (bla byLikeness) Less(i, j int) bool { 657 aMacMatch := metadata.CheckV2MetadataHMAC(&bla.arr[i], bla.hmacKey) 658 bMacMatch := metadata.CheckV2MetadataHMAC(&bla.arr[j], bla.hmacKey) 659 if aMacMatch != bMacMatch { 660 return aMacMatch 661 } 662 aMatch := numOfMatchingPathComponents(bla.arr[i].SourceRepository, bla.pathComponents) 663 bMatch := numOfMatchingPathComponents(bla.arr[j].SourceRepository, bla.pathComponents) 664 return aMatch > bMatch 665 } 666 func (bla byLikeness) Swap(i, j int) { 667 bla.arr[i], bla.arr[j] = bla.arr[j], bla.arr[i] 668 } 669 func (bla byLikeness) Len() int { return len(bla.arr) } 670 671 // nolint: interfacer 672 func sortV2MetadataByLikenessAndAge(repoInfo reference.Named, hmacKey []byte, marr []metadata.V2Metadata) { 673 // reverse the metadata array to shift the newest entries to the beginning 674 for i := 0; i < len(marr)/2; i++ { 675 marr[i], marr[len(marr)-i-1] = marr[len(marr)-i-1], marr[i] 676 } 677 // keep equal entries ordered from the youngest to the oldest 678 sort.Stable(byLikeness{ 679 arr: marr, 680 hmacKey: hmacKey, 681 pathComponents: getPathComponents(repoInfo.Name()), 682 }) 683 } 684 685 // numOfMatchingPathComponents returns a number of path components in "pth" that exactly match "matchComponents". 686 func numOfMatchingPathComponents(pth string, matchComponents []string) int { 687 pthComponents := getPathComponents(pth) 688 i := 0 689 for ; i < len(pthComponents) && i < len(matchComponents); i++ { 690 if matchComponents[i] != pthComponents[i] { 691 return i 692 } 693 } 694 return i 695 } 696 697 func getPathComponents(path string) []string { 698 return strings.Split(path, "/") 699 } 700 701 func cancelLayerUpload(ctx context.Context, dgst digest.Digest, layerUpload distribution.BlobWriter) { 702 if layerUpload != nil { 703 logrus.Debugf("cancelling upload of blob %s", dgst) 704 err := layerUpload.Cancel(ctx) 705 if err != nil { 706 logrus.Warnf("failed to cancel upload: %v", err) 707 } 708 } 709 }