about summary refs log tree commit diff
path: root/tools/nixery/main.go
AgeCommit message (Collapse)AuthorFilesLines
2021-04-27 feat(storage): Add generic support for content-typesJerome Petazzoni1-0/+10
When serving a manifest, it is important to set the content-type correctly (otherwise pulling an image is likely to give a cryptic error message, "Error response from daemon: missing signature key"). This makes sure that we set the content-type properly for both manifests and layers.
2020-10-29 feat(storage): Add support for content-types (GCS only)Vincent Ambo1-1/+2
Extends storage.Persist to accept a Content-Type argument, which in the GCS backend is persisted with the object to ensure that the object is served back with this content-type. This is not yet implemented for the filesystem backend, where the parameter is simply ignored. This should help in the case of clients which expect the returned objects to have content-types set when, for example, fetching layers by digest.
2020-10-27 feat(main): Implement caching of manifests in CASVincent Ambo1-0/+35
To ensure that registry clients which attempt to pull manifests by their content hash can interact with Nixery, this change implements persisting image manifests in the CAS in the same way as image layers. In combination with the previous refactorings this means that Nixery's serving flow is now compatible with containerd. I have verified this locally, but CI currently only runs against Docker and not containerd, which is something I plan to address in a subsequent PR. This fixes #102
2020-10-27 feat(main): Implement serving of manifests by digestVincent Ambo1-11/+12
Modifies the layer serving endpoint to be a generic blob-serving endpoint that can handle both manifest and layer object "types". Note that this commit does not yet populate the CAS with any manifests.
2020-10-27 refactor(storage): Rename ServeLayer -> ServeVincent Ambo1-2/+2
This is going to be used for general content-addressed objects, and is not layer specific anymore.
2020-10-27 refactor(main): Split HTTP handlers into separate functionsVincent Ambo1-56/+61
There is a new handler coming up to fix #102 and I want to avoid falling into the classic Go trap of creating thousand-line functions.
2019-11-27 refactor: Reshuffle file structure for better code layoutVincent Ambo1-0/+249
This gets rid of the package called "server" and instead moves everything into the project root, such that Go actually builds us a binary called `nixery`. This is the first step towards factoring out CLI-based functionality for Nixery.
2019-08-14 refactor: Move registry server to a subfolderVincent Ambo1-492/+0
2019-08-08 fix(go): Fix breakage in unsigned URLsVincent Ambo1-1/+1
This affected the public instance which is still running without URL signing. Should add some monitoring!
2019-08-03 feat(go): Support signed GCS URLs with static keysVincent Ambo1-20/+57
Google Cloud Storage supports granting access to protected objects via time-restricted URLs that are cryptographically signed. This makes it possible to store private data in buckets and to distribute it to eligible clients without having to make those clients aware of GCS authentication methods. Nixery now uses this feature to sign URLs for GCS buckets when returning layer URLs to clients on image pulls. This means that a private Nixery instance can run a bucket with restricted access just fine. Under the hood Nixery uses a key provided via environment variables to sign the URL with a 5 minute expiration time. This can be set up by adding the following two environment variables: * GCS_SIGNING_KEY: Path to the PEM file containing the signing key. * GCS_SIGNING_ACCOUNT: Account ("e-mail" address) to use for signing. If the variables are not set, the previous behaviour is not modified.
2019-08-03 fix(go): Registry API acknowledgement URI has a trailing slashVincent Ambo1-6/+6
Previously the acknowledgement calls from Docker were receiving a 404 (which apparently doesn't bother it?!). This corrects the URL, which meant that acknowledgement had to move inside of the registryHandler.
2019-08-03 chore(go): Remove 'builder' metapackageVincent Ambo1-5/+2
This metapackage isn't actually particularly useful (stdenv is rarely what users want).
2019-08-02 feat(go): Return error responses in registry formatVincent Ambo1-9/+35
The registry specifies a format for how errors should be returned and this commit implements it: https://docs.docker.com/registry/spec/api/#errors
2019-08-02 feat(go): Return errors with correct status codes to clientsVincent Ambo1-3/+17
Uses the structured errors feature introduced in the Nix code to return more sensible errors to clients. For now this is quite limited, but already a lot better than before: * packages that could not be found result in 404s * all other errors result in 500s This way the registry clients will not attempt to interpret the returned garbage data/empty response as something useful.
2019-08-02 fix(go): Return response code 500 if Nix builds failVincent Ambo1-0/+1
2019-07-31 feat(go): Add environment configuration for package set sourcesVincent Ambo1-11/+74
Adds environment variables with which users can configure the package set source to use. Not setting a source lets Nix default to a recent NixOS channel (currently nixos-19.03).
2019-07-30 refactor(main): Introduce more flexible request routingVincent Ambo1-57/+62
Instead of just dispatching on URL regexes, use handlers to split the routes into registry-related handlers and otherwise(tm). For now the otherwise(tm) consists of a file server serving the static directory, rather than just a plain match on the index route.
2019-07-23 chore: Add license scaffolding & contribution guidelinesVincent Ambo1-0/+14
2019-07-23 style(main): Reflow comments to 80 characters maximumVincent Ambo1-42/+51
2019-07-23 feat(main): Add additional envvars to configure NixeryVincent Ambo1-32/+49
Previously the code had hardcoded paths to runtime data (the Nix builder & web files), which have now been moved into configuration options. Additionally configuration for the application is now centralised in a single config struct, an instance of which is passed around the application. This makes it possible to implement a wrapper in Nix that will configure the runtime data locations automatically.
2019-07-23 chore: Import Nixery from experimentalVincent Ambo1-0/+309
Moves the existing Nixery code base to a git repository and switches to public equivalents of libraries used.