Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

conformance: make blob mount and upload checks more strict #399

Merged
merged 1 commit into from
Apr 4, 2023
Merged

conformance: make blob mount and upload checks more strict #399

merged 1 commit into from
Apr 4, 2023

Conversation

imjasonh
Copy link
Member

@imjasonh imjasonh commented Apr 4, 2023

  1. when mounting is successful, require the Location response header to be exactly /v2/<repo>/blobs/<digest>, and not just contain the string <repo>
  2. when mounting is unsuccessful and Location points to an upload session URL, require the Location response header to start with /v2/<repo>/blobs/uploads/, and not just contain /blobs/uploads/.

In the case of (2), this corresponds to common behavior, but based on my reading of the spec it might not actually be exactly specified as such:

Alternatively, if a registry does not support cross-repository mounting or is unable to mount the requested blob, it SHOULD return a 202. This indicates that the upload session has begun and that the client MAY proceed with the upload.

(source)

We may want to clarify this failed-mounting behavior more to specify that the Location response header MUST be /v2/<repo>/blobs/uploads/, as it normally is.

@imjasonh
conformance: make blob mount and upload checks more strict
27ae6c2 
Signed-off-by: Jason Hall <jason@chainguard.dev>
@imjasonh
Copy link
Member Author

imjasonh commented Apr 4, 2023

Also, I'm not sure what automated checks we have on conformance test changes to check that this doesn't regress on any currently-passing registries.

jdolitsky
jdolitsky approved these changes Apr 4, 2023
View reviewed changes
Copy link
Member

@jdolitsky jdolitsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, I'm not sure what automated checks we have on conformance test changes to check that this doesn't regress on any currently-passing registries.

There isnt any currently, just individual projects running off main in CI

@sudo-bmitch sudo-bmitch merged commit b3168ea into opencontainers:main Apr 4, 2023
@mikebrow
Copy link
Member

mikebrow commented Apr 4, 2023

  1. when mounting is successful, require the Location response header to be exactly /v2/<repo>/blobs/<digest>, and not just contain the string <repo>
  2. when mounting is unsuccessful and Location points to an upload session URL, require the Location response header to start with /v2/<repo>/blobs/uploads/, and not just contain /blobs/uploads/.

In the case of (2), this corresponds to common behavior, but based on my reading of the spec it might not actually be exactly specified as such:

Alternatively, if a registry does not support cross-repository mounting or is unable to mount the requested blob, it SHOULD return a 202. This indicates that the upload session has begun and that the client MAY proceed with the upload.

(source)

We may want to clarify this failed-mounting behavior more to specify that the Location response header MUST be /v2/<repo>/blobs/uploads/, as it normally is.

we used the term name instead of repo to avoid namespace and repository format requirements

1hr approve and merge? That must be a record :-O

If memory serves at one point v1 docker api was considered acceptable for certain scenarios.. probably why this wasn't necessarily restricted?

@jdolitsky
Copy link
Member

RE:

Also, I'm not sure what automated checks we have on conformance test changes to check that this doesn't regress on any currently-passing registries.

See #401

cc @imjasonh

@jdolitsky jdolitsky mentioned this pull request Apr 19, 2023
Closed
@sudo-bmitch sudo-bmitch mentioned this pull request Feb 1, 2024
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdolitsky jdolitsky jdolitsky approved these changes

@sudo-bmitch sudo-bmitch sudo-bmitch approved these changes

@dmcgowan dmcgowan Awaiting requested review from dmcgowan dmcgowan is a code owner

@jzelinskie jzelinskie Awaiting requested review from jzelinskie jzelinskie is a code owner

@jonjohnsonjr jonjohnsonjr Awaiting requested review from jonjohnsonjr jonjohnsonjr is a code owner

@mikebrow mikebrow Awaiting requested review from mikebrow mikebrow is a code owner

@stevvooe stevvooe Awaiting requested review from stevvooe stevvooe is a code owner

@vbatts vbatts Awaiting requested review from vbatts

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@imjasonh @mikebrow @jdolitsky @sudo-bmitch