This expects a GPG key fingerprint as a value of the argument (though
other key identification methods, like mitr@volny.cz, happen to work).
Do we need to namespace this (gpg:…)?
Note that this is unusable at the moment because only the dir: backend
implements storing signatures, and this backend does can not determine
the canonical Docker reference to use as a signed image identity.
This copies an image from ImageSource to ImageDestination, e.g.
skopeo copy atomic:mitr/busybox:latest dir:t-down # pull
skopeo copy dir:t-up atomic:mitr/busybox:latest # push
This finally uses all of the ImageSource and ImageDestination
implementations, though these utilities are in turn not used yet.
Adds unresolved FIXME (FIXME!!) notes for the tlsVerify default value;
for now, the code follows the existing parseImage semantics.
Also note the naming inconsistency: dir:…, atomic:…, but
docker://… . I think the non-// names are cleaner, but if we are
committed to docker://…, just being consistent might be better.
Note that this assumes that both (docker login) and (oc login) has
happened, the credentials can be read from the usual config files,
and that the default OpenShift instance should be used.
This includes copy&pasted/modified/simplified code from OpenShift
and Kubernetes, primarily for config file parsing and setting up
TLS and HTTP authentication.
This is much smaller than linking to the upstream OpenShift client
libraries, which via various abstractions and registration drag in much
(dozens of megabytes) more code.
The primary loss from this simplification is automatic conversions
between various versions of the API objects, both for the REST API and
for local configuration storage.
This does not contain downloading/uploading signatures, which depends on
server-side support.
Note that this does not allow uploading under new tags; Docker Registry
requires the tag to be present within the manifest, i.e. we might need
to modify the (possibly signed) manifest.
For now, uploading manifests only identified by a digest is sufficient
for the Atomic Registry; tagging happens in OpenShift imagestreams.
The dockerClient encapsulates makeRequest and authentication setup, and
will be shared between the pull and push code.
This is only a restructuring, does not change behavior.
The dockerImage->dockerImageSource->dockerClient inclusion chain is
somewhat ugly, hopefully eventually we will move the remaining
dockerImage functionality either to dockerutils or to the top level, and
then eliminate it.
The Docker Registry manifest upload should supply a Content-Type, and
guessing from the contents is the easiest we can do right now.
Also eliminate dockerutils.manifestMIMEType, it is making it too
difficult to use the returned value to be worth the extra safety.
Call dockerImageSource.ping() in .makeRequest() if needed, instead of
expecting a caller to do it (which only happened in GetManifest).
This required splitting the URLs into the baseURL (dependent on .ping()
result) and the suffix (independent of it), which was a simplification
anyway.
Also rename WWWAuthenticate to wwwAuthenticate, it is a private cache
field.
This will hopefully allow better reuse of the "copy images" code from
docker.go in the future.
No behavior change, the dirImageDestination code was based on the code
this commit is replacing.
This is consistent with the (skopeo layers) storage layout; otherwise it
is expected to be used primarily as an a debugging aid when working on
more complex image transfers (e.g. directly from OpenShift to a running
Docker daemon), allowing them to be split to two simpler problems
between one complex storage mechanism and a simple directory.
Not used yet, users will be added in future commits.
The ImageSource type does not provide all of the functionality of
docker.go, but we will be able to reuse the ImageSource parts in an
OpenShift client.
This is only a restructuring, does not change behavior.
Right now, only a declaration.
This will allow writing generalized push/pull between various storage
mechanisms, and reuse of the Docker Registry client code for the Docker
Registry embedded in OpenShift.
Move the manifest computation (with v2s1 signature stripping) out of
skopeo/signature into a separate package; it is necessary in the
OpenShift client as well, unrelated to signatures.
Other Docker-specific utilities, like getting a list of layer blobsums
from a manifest, may be also moved here in the future.
Resolves https://github.com/projectatomic/skopeo/issues/12
* Convert man page from markdown to nroff
* Fill out man page
* Remove TODO's from go code regarding man page
* Additional information on building instructions
* Update Makfile
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Set GOPATH to start with ./vendor so that we use the dependencies in our
vendored versions instead of dependencies in whatever other version is
elsewhere in GOPATH.
And then undo it when trying to list the non-vendor subpackages in the
current directory.
github.com/coreos/etcd as of v2.2.5 uses a Godeps subdirectory, and
imports packages by including the Godeps path fragments directly in the
package name; so we can't just remove the subdirectory and vendor the
included package directly. So, add a flag to clone() to surpress
removing the vendor subdirectories.
