1510 Commits

Author SHA1 Message Date
Milos Gajdos
d1dbbb196c fix(s3): tags/list drops tags that are a lexical prefix of another tag
The S3 driver's Walk used a bare strings.HasPrefix to decide whether a
walkInfo was under the last ErrSkipDir directory. Without a trailing
"/" on the parent, a sibling whose name starts with the skipped
directory's name (e.g. "0.1.20" after "0.1.2") falsely matched and was
skipped, so its tag dir was never emitted to handleTag and the tag was
omitted from /v2/<name>/tags/list.

Replace the prefix check with isSubpath, which appends "/" to the
parent so only true descendants match. Add a unit test pinning the
sibling-with-lexical-prefix case.

The bug is S3-only because the filesystem and inmemory drivers list
directories recursively via WalkFallback and don't use this skip
mechanism. It surfaced in 3.1.0 when the tags handler switched from
tagService.All() (driver List with delimiter) to tagService.List()
(driver Walk) for pagination support.

Fixes #4891

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-06-14 17:22:48 -07:00
Baptiste Girard-Carrabin
927250bcaf azure: fix race condition in PutContent causing duplicate append writes
Write PutContent objects as block blobs so Azure retries overwrite small objects instead of appending duplicate link contents. Delete legacy append-blob objects before uploading because Azure cannot replace an AppendBlob with a BlockBlob in place. Preserve zero-byte append compatibility and add Azure regression coverage for link-style content, legacy migration, and concurrent same-path writes.

Signed-off-by: Baptiste Girard-Carrabin <baptiste.girardcarrabin@datadoghq.com>
2026-06-05 18:12:03 +02:00
Milos Gajdos
915084f4bc feat(s3): parse and strictly validate redirectendpoint on driver initialization (#4870) 2026-05-31 12:31:37 -07:00
darsh
2af40858be fix(s3): add redirectendpoint validation and fix doc formatting
Signed-off-by: darsh <darshanravichandran07@gmail.com>
2026-05-31 12:08:57 +05:30
Milos Gajdos
22c97cc513 fix: report error in DeleteManifest when Delete returns ErrDigestUnsupported (#4802) 2026-05-28 07:29:39 -07:00
Milos Gajdos
25b2d1dc7f fix(storage): Fix blob type migration in the azure driver (#4871) 2026-05-28 07:29:34 -07:00
Milos Gajdos
0d5789588f chore: smol go fix changes
This PR changes the code based on the `go fix` suggestions
to modernize the codebase and keep up with the latest Go features.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-05-24 15:56:02 -07:00
David Marby
5c4717ced7 Fix blob type migration in the azure driver
Currently, the Azure driver always creates blobs as an AppendBlob, but in previous versions, it used to create them as BlockBlobs.
There is migration logic to handle this, but it's currently inversed, so if the blob exists as a BlockBlob, we don't delete it, and get an error back from Azure:
```
RESPONSE 409: 409 The blob type is invalid for this operation.
ERROR CODE: InvalidBlobType
```

Since the check is inversed, this also means that any operation against AppendBlobs does an extra delete -> create for no reason.

Signed-off-by: David Marby <david@dmarby.se>
2026-05-20 23:48:23 +02:00
Milos Gajdos
e09ff10155 Merge commit from fork
fix: prevent tag deletion when `storage.delete.enabled` is false
2026-05-01 07:27:34 -07:00
Joonas Bergius
8baf3e0826 fix: prevent tag deletion when storage.delete.enabled is false
Signed-off-by: Joonas Bergius <joonas@defenseunicorns.com>
2026-04-25 17:42:36 -05:00
SAY-5
72c88bc960 fix(storage): bounds-check the file basename in PurgeUploads Walk callback
PurgeUploads' Walk callback split the visited path with path.Split and
indexed file[0] immediately. path.Split returns an empty basename for
paths that end in a trailing slash - in practice this happens when an
S3 driver surfaces a bare directory (common prefix) with an empty
Key. Indexing a zero-length string then panics with
'index out of range [0] with length 0' and takes down the whole
PurgeUploads goroutine (#4713).

Guard the length before touching file[0] so a trailing-slash /
empty-basename entry is simply skipped as 'not a reserved directory',
which matches what the branch was trying to do anyway. Runtime
behaviour for every non-empty entry is unchanged.

Closes #4713

Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com>
2026-04-21 10:56:45 -07:00
Milos Gajdos
1b5e226b6f feat(s3): add express zone one support to S3 driver (#4858) 2026-04-20 07:47:28 -07:00
Milos Gajdos
835c1c581f feat(s3): add express zone one support to S3 driver
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-18 17:36:52 -07:00
Milos Gajdos
c6f552e5db fix(proxy): clamp oversized n query param instead of returning 400
PR #4353 made MaxTags (default 1000) a hard ceiling on the `n` query
parameter — anything larger and the handler returns 400
PAGINATION_NUMBER_INVALID before the request ever reaches storage or
the proxy tag service. That broke clients like Renovate which use
n=10000 against pull-through caches. #4846 fixed a related 500 in
proxy mode but not this 400, so users reported the regression still
persisted.

The OCI distribution-spec describes pagination differently: a server
MAY return fewer than `n` results "when the total number of tags
attached to the repository is less than <int> or a Link header is
provided" — otherwise it MUST include `<int>` results. In other
words, the right answer for "client asked for more than we'll serve"
is `maxtags` results plus a Link header, not a rejection.
PAGINATION_NUMBER_INVALID isn't among the 14 error codes the spec
defines, either.

Drop the oversized-n rejection and clamp to MaxTags instead; the
existing Link-header path already handles continuation correctly.
Malformed (non-integer) and negative `n` values keep returning 400,
since the spec defines `n` as a non-negative integer and those
requests are genuinely invalid.

Verified end-to-end against registry-1.docker.io in proxy mode:
n=10000 now returns the tag list (or a clamped page with Link)
instead of 400. Also restores pre-3.1.0 behavior for Renovate-style
clients without needing proxy-specific logic.

Spec reference:
https://github.com/opencontainers/distribution-spec/blob/main/spec.md#listing-tags

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-18 16:53:53 -07:00
Milos Gajdos
ca7d4de0ee fix(proxy): fix tag list endpoint in proxy mode (#4846) 2026-04-16 14:17:56 -07:00
chuanshanjida
0679fc13c5 refactor: use slices.Backward to simplify the code
Signed-off-by: chuanshanjida <chuanshanjida@outlook.com>
2026-04-12 16:01:45 +08:00
njucjc
60de6e3443 fix(proxy): fix tag list endpoint in proxy mode
Signed-off-by: njucjc <njucjc@alibaba-inc.com>
Signed-off-by: chenjinci.cjc <chenjinci.cjc@alibaba-inc.com>
2026-04-09 23:30:51 +08:00
Milos Gajdos
078b0783f2 Merge commit from fork
fix redis repo-scoped blob descriptor revocation
2026-04-05 17:08:50 -07:00
Milos Gajdos
cc5d5fa4ba Merge commit from fork
proxy: bind bearer realms to upstream trust boundary
2026-04-05 13:30:20 -07:00
Milos Gajdos
2f2ce9fb6c Opt: refactor tag list pagination support (#4353) 2026-04-04 13:49:23 -07:00
njucjc
6a02a0e81d Opt: refactor tag list pagination support
Signed-off-by: njucjc <njucjc@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-04-04 22:04:37 +02:00
HexMix
7ed654e0a7 feat(registry): enhance authentication checks in htpasswd implementation
- Added a dummy hash for nonexistent users to prevent timing attacks.
- Updated test cases to include a nonexistent user scenario for better coverage.
- Introduced a global dummy hash variable to streamline authentication for nonexistent users.
- Updated the authentication logic to utilize the new dummy hash for improved consistency.
- Added support for overriding the dummy hash in the access controller for testing purposes.
- Updated the authentication logic to utilize the provided dummy hash during user authentication.
- Updated test cases to use `t.TempDir()` for creating temporary htpasswd files, enhancing test isolation and cleanup.
- Simplified file reading and error handling in the `TestCreateHtpasswdFile` function.

Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: HexMix <32300164+mnixry@users.noreply.github.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-04-04 21:19:33 +02:00
Milos Gajdos
000567267f chore(app): warn when partial TLS config is used in Redis
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2026-04-03 12:04:53 -07:00
1seal
5cda72868f fix redis repo-scoped blob descriptor revocation 2026-04-01 18:38:38 +03:00
1seal
f215e513de proxy: bind bearer realms to upstream trust boundary
bind proxy-mode bearer realms to the upstream trust boundary before sending credentials, move challenge filtering behind the auth manager, and use golang.org/x/net/publicsuffix for registrable-domain handling.
2026-03-30 18:27:47 +03:00
ChandonPierre
e0bac48375 fix(registry/proxy): do not re-use http request context for background writes
Signed-off-by: Chandon Pierre <cpierre@coreweave.com>
2026-03-27 18:19:47 -04:00
Milos Gajdos
3e4f4a8bde Enable Redis TLS without client certificates (#4770) 2026-03-27 09:35:39 -07:00
Milos Gajdos
7a7c44d3f9 Opt: refector tag list pagination support (stage 1) (#4360) 2026-03-25 09:55:09 -07:00
Milos Gajdos
ee3ba929f6 Update vacuum.go (#4610) 2026-03-23 06:45:30 -07:00
Milos Gajdos
764d131502 fix: correct Ed25519 JWK thumbprint kty from "OTP" to "OKP" (#4801) 2026-03-23 06:45:15 -07:00
Milos Gajdos
83dd82021c fix: set MD5 on GCS writer before first Write call in putContent (#4803) 2026-03-17 11:04:56 -07:00
Joonas Bergius
332405077a chore: fix typo in comment
Co-authored-by: Kyle Squizzato <kyle@replicated.com>
Signed-off-by: Joonas Bergius <joonas@users.noreply.github.com>
2026-03-17 12:52:12 -05:00
Joonas Bergius
021b69d5a6 fix: nil-check scheduler in proxyingRegistry.Close()
When proxy TTL is set to 0, `NewRegistryPullThroughCache`
skips creating a `TTLExpirationScheduler`. When `Close()`
calls `pr.scheduler.Stop()`, it causes causing a nil pointer
dereference panic.

Signed-off-by: Joonas Bergius <joonas@defenseunicorns.com>
2026-03-01 19:59:20 -06:00
Joonas Bergius
2957c891d4 fix: set MD5 on GCS writer before first Write call in putContent
Signed-off-by: Joonas Bergius <joonas@defenseunicorns.com>
2026-03-01 17:49:25 -06:00
Joonas Bergius
0fb0a8d384 fix: report error in DeleteManifest when Delete returns ErrDigestUnsupported
Signed-off-by: Joonas Bergius <joonas@defenseunicorns.com>
2026-03-01 17:33:05 -06:00
Joonas Bergius
830758b5b2 fix: correct Ed25519 JWK thumbprint kty from "OTP" to "OKP"
Signed-off-by: Joonas Bergius <joonas@defenseunicorns.com>
2026-03-01 12:27:45 -06:00
Milos Gajdos
3cf5a08615 modernize code (#4784) 2026-02-12 10:06:32 -08:00
Sebastiaan van Stijn
f18b8d707e fix "prealloc" linting
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-02-12 18:28:58 +01:00
Sebastiaan van Stijn
775d3734eb modernize code
Automated fixing, using Go's "modernize" tool;

    go install golang.org/x/tools/go/analysis/passes/modernize/cmd/modernize@latest
    modernize -fix ./...

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-02-12 18:28:58 +01:00
ningmingxiao
b4f2af3f60 fix: sync parent dir to ensure data is reliably stored
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: ningmingxiao <ning.mingxiao@zte.com.cn>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-02-12 18:15:45 +01:00
ningmingxiao
5ddf7898fa use filepath instead of path
Signed-off-by: ningmingxiao <ning.mingxiao@zte.com.cn>
2026-02-12 18:14:53 +01:00
Sebastiaan van Stijn
f5e1a8931a update golangci-lint to v2.9 and fix linting issues
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-02-11 10:10:07 +01:00
njucjc
b1ae1b211e Opt: refector tag list pagination support
Signed-off-by: njucjc <njucjc@gmail.com>
2026-01-28 11:39:06 +08:00
Omar Trigui
6780dbbba4 Enable Redis TLS without client certificates
Signed-off-by: Omar Trigui <omar.trigui.tn@gmail.com>
2026-01-24 00:16:52 +01:00
Raghav Mahajan
33dab3939e Expose useFIPSEndpoint for S3
Signed-off-by: Raghav Mahajan <rmahajan@palantir.com>
2026-01-07 21:01:26 +05:30
Milos Gajdos
f61aa941b3 Add boolean parsing util (#4763) 2026-01-07 07:23:28 -08:00
Raghav Mahajan
75a14d4d31 Add boolean parsing util
Signed-off-by: Raghav Mahajan <rmahajan@palantir.com>
2026-01-07 17:04:02 +05:30
Milos Gajdos
47c426cf2e fix: Logging regression for manifest HEAD requests (#4756) 2026-01-06 09:03:21 -08:00
Thomas Cuthbert
1ad03da687 fix: Logging regression for manifest HEAD requests
Since version 3.0.0, the response completed log line is no longer
present for HEAD requests to manifests that return 200.

The regression is caused by the implicit handling of manifest HEAD
responses that bypass the logging middleware when returning from
`GetManifest`.

This change ensures that the logging middleware handles responses for
manifest HEAD requests by explicitly writing `StatusOK` into the
response header before returning from `GetManifest`.

Closes: https://github.com/distribution/distribution/issues/4733
Signed-off-by: Thomas Cuthbert <tom.cuthbert@elastic.co>
2026-01-07 00:09:07 +08:00
tranthang2404
f1e4ae3de7 add return error when list object
Signed-off-by: tranthang2404 <tranthang.mda@gmail.com>
2025-12-19 08:24:50 +07:00