From f58287a608cb08a1d9e1fee6bd6fd083bc081561 Mon Sep 17 00:00:00 2001 From: Petu Eusebiu Date: Fri, 3 Nov 2023 14:48:49 +0200 Subject: [PATCH] feat(sync): use regclient for sync extension replaced containers/image package with regclient/regclient package Signed-off-by: Petu Eusebiu --- go.mod | 16 +- go.sum | 16 +- output.txt | 564 +++++++++++++++++ pkg/api/controller.go | 1 - pkg/api/routes.go | 4 +- pkg/extensions/extension_sync.go | 13 +- .../constants/{consts.go => constants.go} | 0 ...ntent_internal_test.go => content_test.go} | 2 +- pkg/extensions/sync/destination.go | 161 +++-- pkg/extensions/sync/features/features.go | 53 -- pkg/extensions/sync/httpclient/cache.go | 58 -- pkg/extensions/sync/httpclient/client.go | 485 --------------- .../sync/httpclient/client_internal_test.go | 167 ----- pkg/extensions/sync/oci_layout.go | 42 +- pkg/extensions/sync/on_demand.go | 92 +-- pkg/extensions/sync/references/cosign.go | 219 ------- pkg/extensions/sync/references/oci.go | 237 -------- pkg/extensions/sync/references/references.go | 234 ------- .../references/references_internal_test.go | 306 ---------- .../sync/references/referrers_tag.go | 172 ------ pkg/extensions/sync/referrers.go | 48 ++ pkg/extensions/sync/remote.go | 373 ++++++++---- pkg/extensions/sync/service.go | 571 +++++++++++------- pkg/extensions/sync/sync.go | 44 +- pkg/extensions/sync/sync_internal_test.go | 380 +----------- pkg/extensions/sync/sync_test.go | 553 +++++++---------- pkg/extensions/sync/utils.go | 277 ++------- pkg/test/auth/bearer.go | 26 +- 28 files changed, 1680 insertions(+), 3434 deletions(-) create mode 100644 output.txt rename pkg/extensions/sync/constants/{consts.go => constants.go} (100%) rename pkg/extensions/sync/{content_internal_test.go => content_test.go} (99%) delete mode 100644 pkg/extensions/sync/features/features.go delete mode 100644 pkg/extensions/sync/httpclient/cache.go delete mode 100644 pkg/extensions/sync/httpclient/client.go delete mode 100644 pkg/extensions/sync/httpclient/client_internal_test.go delete mode 100644 pkg/extensions/sync/references/cosign.go delete mode 100644 pkg/extensions/sync/references/oci.go delete mode 100644 pkg/extensions/sync/references/references.go delete mode 100644 pkg/extensions/sync/references/references_internal_test.go delete mode 100644 pkg/extensions/sync/references/referrers_tag.go create mode 100644 pkg/extensions/sync/referrers.go diff --git a/go.mod b/go.mod index 21e84a4a4..d4f1eb4dd 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,6 @@ require ( github.com/bmatcuk/doublestar/v4 v4.7.1 github.com/briandowns/spinner v1.23.1 github.com/chartmuseum/auth v0.5.0 - github.com/containers/common v0.61.0 github.com/containers/image/v5 v5.33.0 github.com/dchest/siphash v1.2.3 github.com/didip/tollbooth/v7 v7.0.2 @@ -48,9 +47,11 @@ require ( github.com/project-zot/mockoidc v0.0.0-20240610203808-d69d9e02020a github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 + github.com/regclient/regclient v0.8.0 github.com/rs/zerolog v1.33.0 github.com/sigstore/cosign/v2 v2.4.1 github.com/sigstore/sigstore v1.8.12 + github.com/sirupsen/logrus v1.9.3 github.com/smartystreets/goconvey v1.8.1 github.com/spf13/cobra v1.8.1 github.com/spf13/viper v1.19.0 @@ -122,7 +123,6 @@ require ( github.com/ProtonMail/go-crypto v1.1.3 // indirect github.com/ThalesIgnite/crypto11 v1.2.5 // indirect github.com/VividCortex/ewma v1.2.0 // indirect - github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/agnivade/levenshtein v1.2.0 // indirect github.com/alecthomas/chroma v0.10.0 // indirect @@ -223,6 +223,7 @@ require ( github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.5.0 // indirect + github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/emicklei/proto v1.12.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect @@ -277,6 +278,7 @@ require ( github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/licenseclassifier/v2 v2.0.0 // indirect + github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/wire v0.6.0 // indirect @@ -310,7 +312,6 @@ require ( github.com/jtolds/gls v4.20.0+incompatible // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.17.11 // indirect - github.com/klauspost/pgzip v1.2.6 // indirect github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f // indirect github.com/knqyf263/go-deb-version v0.0.0-20241115132648-6f4aee6ccd23 // indirect github.com/knqyf263/go-rpm-version v0.0.0-20220614171824-631e686d1075 // indirect @@ -338,7 +339,6 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mattn/go-shellwords v1.0.12 // indirect - github.com/mattn/go-sqlite3 v1.14.24 // indirect github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect @@ -351,7 +351,6 @@ require ( github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/spdystream v0.4.0 // indirect - github.com/moby/sys/capability v0.3.0 // indirect github.com/moby/sys/mountinfo v0.7.2 // indirect github.com/moby/sys/sequential v0.6.0 // indirect github.com/moby/sys/signal v0.7.1 // indirect @@ -372,6 +371,8 @@ require ( github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/oleiade/reflections v1.1.0 // indirect + github.com/onsi/ginkgo/v2 v2.21.0 // indirect + github.com/onsi/gomega v1.35.1 // indirect github.com/open-policy-agent/opa v0.70.0 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/opencontainers/runtime-tools v0.9.1-0.20241001195557-6c9570a1678f // indirect @@ -390,7 +391,6 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/proglottis/gpgme v0.1.3 // indirect github.com/prometheus/common v0.60.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf // indirect @@ -416,7 +416,6 @@ require ( github.com/sigstore/rekor v1.3.6 // indirect github.com/sigstore/sigstore-go v0.6.1 // indirect github.com/sigstore/timestamp-authority v1.2.2 // indirect - github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.3.0 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/smarty/assertions v1.16.0 // indirect @@ -427,7 +426,6 @@ require ( github.com/spf13/cast v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/spiffe/go-spiffe/v2 v2.3.0 // indirect - github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect github.com/stretchr/objx v0.5.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/swaggo/files v1.0.1 // indirect @@ -446,7 +444,6 @@ require ( github.com/ulikunitz/xz v0.5.12 // indirect github.com/urfave/cli/v2 v2.27.5 // indirect github.com/vbatts/tar-split v0.11.6 // indirect - github.com/vbauerster/mpb/v8 v8.8.3 // indirect github.com/veraison/go-cose v1.3.0 // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect @@ -466,7 +463,6 @@ require ( github.com/zitadel/logging v0.6.1 // indirect github.com/zitadel/schema v1.3.0 // indirect go.mongodb.org/mongo-driver v1.16.0 // indirect - go.mozilla.org/pkcs7 v0.9.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 // indirect go.opentelemetry.io/contrib/detectors/gcp v1.29.0 // indirect diff --git a/go.sum b/go.sum index 62aa6f19b..a81163f9f 100644 --- a/go.sum +++ b/go.sum @@ -313,8 +313,6 @@ github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= -github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= -github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY= @@ -582,8 +580,6 @@ github.com/containerd/ttrpc v1.2.6 h1:zG+Kn5EZ6MUYCS1t2Hmt2J4tMVaLSFEJVOraDQwNPC github.com/containerd/ttrpc v1.2.6/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= github.com/containerd/typeurl/v2 v2.2.2 h1:3jN/k2ysKuPCsln5Qv8bzR9cxal8XjkxPogJfSNO31k= github.com/containerd/typeurl/v2 v2.2.2/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= -github.com/containers/common v0.61.0 h1:j/84PTqZIKKYy42OEJsZmjZ4g4Kq2ERuC3tqp2yWdh4= -github.com/containers/common v0.61.0/go.mod h1:NGRISq2vTFPSbhNqj6MLwyes4tWSlCnqbJg7R77B8xc= github.com/containers/image/v5 v5.33.0 h1:6oPEFwTurf7pDTGw7TghqGs8K0+OvPtY/UyzU0B2DfE= github.com/containers/image/v5 v5.33.0/go.mod h1:T7HpASmvnp2H1u4cyckMvCzLuYgpD18dSmabSw0AcHk= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= @@ -1252,6 +1248,8 @@ github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/olareg/olareg v0.1.1 h1:Ui7q93zjcoF+U9U71sgqgZWByDoZOpqHitUXEu2xV+g= +github.com/olareg/olareg v0.1.1/go.mod h1:w8NP4SWrHHtxsFaUiv1lnCnYPm4sN1seCd2h7FK/dc0= github.com/oleiade/reflections v1.1.0 h1:D+I/UsXQB4esMathlt0kkZRJZdUDmhv5zGi/HOwYTWo= github.com/oleiade/reflections v1.1.0/go.mod h1:mCxx0QseeVCHs5Um5HhJeCKVC7AwS8kO67tky4rdisA= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= @@ -1322,8 +1320,6 @@ github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE= github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= -github.com/proglottis/gpgme v0.1.3 h1:Crxx0oz4LKB3QXc5Ea0J19K/3ICfy3ftr5exgUK1AU0= -github.com/proglottis/gpgme v0.1.3/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0= github.com/project-zot/mockoidc v0.0.0-20240610203808-d69d9e02020a h1:525aNEKSyDcqJcawiGtA2NPNApJMta8bUe9SoYuhQ+o= github.com/project-zot/mockoidc v0.0.0-20240610203808-d69d9e02020a/go.mod h1:ltIE6ZO/czh/g4xdNQlFGkl7DAfaLLFYmitB4taA5ys= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -1355,6 +1351,8 @@ github.com/redis/go-redis/extra/redisotel/v9 v9.0.5 h1:EfpWLLCyXw8PSM2/XNJLjI3Pb github.com/redis/go-redis/extra/redisotel/v9 v9.0.5/go.mod h1:WZjPDy7VNzn77AAfnAfVjZNvfJTYfPetfZk5yoSTLaQ= github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= +github.com/regclient/regclient v0.8.0 h1:xNAMDlADcyMvFAlGXoqDOxlSUBG4mqWBFgjQqVTP8Og= +github.com/regclient/regclient v0.8.0/go.mod h1:h9+Y6dBvqBkdlrj6EIhbTOv0xUuIFl7CdI1bZvEB42g= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -1470,8 +1468,6 @@ github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= github.com/spiffe/go-spiffe/v2 v2.3.0 h1:g2jYNb/PDMB8I7mBGL2Zuq/Ur6hUhoroxGQFyD6tTj8= github.com/spiffe/go-spiffe/v2 v2.3.0/go.mod h1:Oxsaio7DBgSNqhAO9i/9tLClaVlfRok7zvJnTV8ZyIY= -github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw= -github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= @@ -1545,8 +1541,6 @@ github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w= github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ= github.com/vbatts/tar-split v0.11.6 h1:4SjTW5+PU11n6fZenf2IPoV8/tz3AaYHMWjf23envGs= github.com/vbatts/tar-split v0.11.6/go.mod h1:dqKNtesIOr2j2Qv3W/cHjnvk9I8+G7oAkFDFN6TCBEI= -github.com/vbauerster/mpb/v8 v8.8.3 h1:dTOByGoqwaTJYPubhVz3lO5O6MK553XVgUo33LdnNsQ= -github.com/vbauerster/mpb/v8 v8.8.3/go.mod h1:JfCCrtcMsJwP6ZwMn9e5LMnNyp3TVNpUWWkN+nd4EWk= github.com/vektah/gqlparser/v2 v2.5.21 h1:Zw1rG2dr1pRR4wqwbVq4d6+xk2f4ut/yo+hwr4QjE08= github.com/vektah/gqlparser/v2 v2.5.21/go.mod h1:xMl+ta8a5M1Yo1A1Iwt/k7gSpscwSnHZdw7tfhEGfTM= github.com/veraison/go-cose v1.3.0 h1:2/H5w8kdSpQJyVtIhx8gmwPJ2uSz1PkyWFx0idbd7rk= @@ -1620,8 +1614,6 @@ go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0= go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I= go.mongodb.org/mongo-driver v1.16.0 h1:tpRsfBJMROVHKpdGyc1BBEzzjDUWjItxbVSZ8Ls4BQ4= go.mongodb.org/mongo-driver v1.16.0/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw= -go.mozilla.org/pkcs7 v0.9.0 h1:yM4/HS9dYv7ri2biPtxt8ikvB37a980dg69/pKmS+eI= -go.mozilla.org/pkcs7 v0.9.0/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= diff --git a/output.txt b/output.txt new file mode 100644 index 000000000..326c04d37 --- /dev/null +++ b/output.txt @@ -0,0 +1,564 @@ +=== RUN TestSignatures + + Verify sync signatures {"level":"info","params":{"distSpecVersion":"1.1.0","GoVersion":"","Commit":"","ReleaseTag":"","BinaryType":"","Storage":{"RootDirectory":"/tmp/TestSignatures3782733330/001","Dedupe":true,"RemoteCache":false,"GC":false,"Commit":false,"GCDelay":3600000000000,"GCInterval":3600000000000,"Retention":{"DryRun":false,"Delay":0,"Policies":null},"StorageDriver":null,"CacheDriver":null,"SubPaths":null},"HTTP":{"Address":"127.0.0.1","ExternalURL":"","Port":"33349","AllowOrigin":"","TLS":null,"Auth":{"FailDelay":0,"HTPasswd":{"Path":""},"LDAP":null,"Bearer":null,"OpenID":null,"APIKey":false,"SessionKeysFile":""},"AccessControl":null,"Realm":"","Ratelimit":null},"Log":{"Level":"debug","Output":"","Audit":""},"Extensions":{"Search":{"Enable":true,"CVE":null},"Sync":null,"Metrics":null,"Scrub":null,"Lint":null,"UI":null,"Mgmt":null,"APIKey":null,"Trust":null},"scheduler":null,"cluster":null},"goroutine":52,"caller":"zotregistry.dev/zot/pkg/api/controller.go:261","time":"2025-01-19T16:59:27.672501168+02:00","message":"configuration settings"} +{"level":"info","cpus":16,"max. open files":1048576,"listen backlog":"4096","max. inotify watches":"524288","goroutine":52,"caller":"zotregistry.dev/zot/pkg/api/controller.go:130","time":"2025-01-19T16:59:27.672739063+02:00","message":"runtime params"} +{"level":"info","component":"metadb","goroutine":52,"caller":"zotregistry.dev/zot/pkg/meta/parse.go:28","time":"2025-01-19T16:59:27.681329927+02:00","message":"parsing storage and initializing"} +{"level":"info","total":2,"progress":0,"current-repo":"zot-cve-test","goroutine":52,"caller":"zotregistry.dev/zot/pkg/meta/parse.go:56","time":"2025-01-19T16:59:27.681554613+02:00","message":"parsing next repo 'zot-cve-test'"} +{"level":"info","total":2,"progress":1,"current-repo":"zot-test","goroutine":52,"caller":"zotregistry.dev/zot/pkg/meta/parse.go:56","time":"2025-01-19T16:59:27.68718027+02:00","message":"parsing next repo 'zot-test'"} +{"level":"info","component":"metadb","goroutine":52,"caller":"zotregistry.dev/zot/pkg/meta/parse.go:82","time":"2025-01-19T16:59:27.690606567+02:00","message":"successfully initialized"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_metrics.go:24","time":"2025-01-19T16:59:27.690789879+02:00","message":"metrics config not provided, skipping metrics config update"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_search.go:55","time":"2025-01-19T16:59:27.690822519+02:00","message":"cve config not provided, skipping cve-db update"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_scrub.go:47","time":"2025-01-19T16:59:27.690839751+02:00","message":"scrub config not provided, skipping scrub"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_sync.go:76","time":"2025-01-19T16:59:27.690856509+02:00","message":"sync config not provided or disabled, so not enabling sync"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/cache.db","digestHash":"cache.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.691667621+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/meta.db","digestHash":"meta.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.691716507+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test","digestHash":"zot-cve-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.691760882+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.691819757+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.691879273+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.691977307+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692005295+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test","digestHash":"zot-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692031557+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692075215+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692111244+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692252001+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692280007+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/cache.db","digestHash":"cache.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692342641+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/meta.db","digestHash":"meta.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692366987+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test","digestHash":"zot-cve-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692393209+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692437367+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692472459+02:00","message":"digest validation failed when walking blob paths"} +{"level":"warn","goroutine":54,"caller":"zotregistry.dev/zot/pkg/debug/swagger/swagger_disabled.go:20","time":"2025-01-19T16:59:27.692476261+02:00","message":"skipping enabling swagger because given zot binary doesn't include this feature, please build a binary that does so"} +{"level":"warn","goroutine":54,"caller":"zotregistry.dev/zot/pkg/debug/gqlplayground/gqlplayground_disabled.go:17","time":"2025-01-19T16:59:27.692501768+02:00","message":"skipping enabling graphql playground extension because given zot binary doesn't include this feature, please build a binary that does so"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_metrics.go:31","time":"2025-01-19T16:59:27.692543376+02:00","message":"setting up metrics routes"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.69255411+02:00","message":"digest validation failed when walking blob paths"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_search.go:84","time":"2025-01-19T16:59:27.692565174+02:00","message":"setting up search routes"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692581704+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test","digestHash":"zot-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692609425+02:00","message":"digest validation failed when walking blob paths"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_search.go:104","time":"2025-01-19T16:59:27.692618137+02:00","message":"finished setting up search routes"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_image_trust.go:30","time":"2025-01-19T16:59:27.692641493+02:00","message":"skip enabling the image trust routes as the config prerequisites are not met"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692650857+02:00","message":"digest validation failed when walking blob paths"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_mgmt.go:94","time":"2025-01-19T16:59:27.692659686+02:00","message":"setting up mgmt routes"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692689939+02:00","message":"digest validation failed when walking blob paths"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_mgmt.go:107","time":"2025-01-19T16:59:27.692697748+02:00","message":"finished setting up mgmt routes"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_userprefs.go:33","time":"2025-01-19T16:59:27.692715963+02:00","message":"skip enabling the user preferences route as the config prerequisites are not met"} +{"level":"info","goroutine":54,"caller":"zotregistry.dev/zot/pkg/extensions/extension_ui.go:64","time":"2025-01-19T16:59:27.692735214+02:00","message":"skip enabling the ui route as the config prerequisites are not met"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692802167+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","component":"scheduler","worker":64,"task":"{Name: DedupeTask, digest: sha256:5abefbe51b6c783c66673043b1973a9a6c3791b7e51c6ad1cf073e446bc6c8dc, dedupe: true}","goroutine":126,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:133","time":"2025-01-19T16:59:27.692819982+02:00","message":"starting task"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.692833682+02:00","message":"digest validation failed when walking blob paths"} +{"level":"info","digest":"sha256:5abefbe51b6c783c66673043b1973a9a6c3791b7e51c6ad1cf073e446bc6c8dc","component":"dedupe","goroutine":126,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1885","time":"2025-01-19T16:59:27.692904476+02:00","message":"deduping blobs for digest"} +{"level":"debug","component":"scheduler","worker":1,"task":"{Name: DedupeTask, digest: sha256:8e045c9a01e79e9c3931685e9481fca9c165be5a6c539d4ca88f99a16ce8b113, dedupe: true}","goroutine":31,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:133","time":"2025-01-19T16:59:27.692908592+02:00","message":"starting task"} +{"level":"info","digest":"sha256:5abefbe51b6c783c66673043b1973a9a6c3791b7e51c6ad1cf073e446bc6c8dc","component":"dedupe","goroutine":126,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1951","time":"2025-01-19T16:59:27.695855638+02:00","message":"deduping blobs for digest finished successfully"} +{"level":"debug","component":"scheduler","worker":64,"task":"{Name: DedupeTask, digest: sha256:5abefbe51b6c783c66673043b1973a9a6c3791b7e51c6ad1cf073e446bc6c8dc, dedupe: true}","goroutine":126,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:157","time":"2025-01-19T16:59:27.6959056+02:00","message":"finished task"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/cache.db","digestHash":"cache.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696026257+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/meta.db","digestHash":"meta.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696070117+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test","digestHash":"zot-cve-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696107677+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696170037+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696221242+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696315221+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696353485+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test","digestHash":"zot-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696387371+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696433367+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696480199+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696612323+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.696649975+02:00","message":"digest validation failed when walking blob paths"} +{"level":"info","digest":"sha256:8e045c9a01e79e9c3931685e9481fca9c165be5a6c539d4ca88f99a16ce8b113","component":"dedupe","goroutine":31,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1885","time":"2025-01-19T16:59:27.696726928+02:00","message":"deduping blobs for digest"} +{"level":"debug","component":"scheduler","worker":2,"task":"{Name: DedupeTask, digest: sha256:f56be85fc22e46face30e2c3de3f7fe7c15f8fd7c4e5add29d7f64b87abdaa09, dedupe: true}","goroutine":32,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:133","time":"2025-01-19T16:59:27.696739135+02:00","message":"starting task"} +{"level":"info","digest":"sha256:8e045c9a01e79e9c3931685e9481fca9c165be5a6c539d4ca88f99a16ce8b113","component":"dedupe","goroutine":31,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1951","time":"2025-01-19T16:59:27.698394383+02:00","message":"deduping blobs for digest finished successfully"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/cache.db","digestHash":"cache.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.698553048+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/meta.db","digestHash":"meta.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.698593763+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","component":"scheduler","worker":1,"task":"{Name: DedupeTask, digest: sha256:8e045c9a01e79e9c3931685e9481fca9c165be5a6c539d4ca88f99a16ce8b113, dedupe: true}","goroutine":31,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:157","time":"2025-01-19T16:59:27.698596377+02:00","message":"finished task"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test","digestHash":"zot-cve-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.698633866+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.698862002+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.698920193+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.699020329+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.699059393+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test","digestHash":"zot-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.699093532+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.69914802+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.699192971+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.699311101+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.699349196+02:00","message":"digest validation failed when walking blob paths"} +{"level":"info","digest":"sha256:f56be85fc22e46face30e2c3de3f7fe7c15f8fd7c4e5add29d7f64b87abdaa09","component":"dedupe","goroutine":32,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1885","time":"2025-01-19T16:59:27.699442306+02:00","message":"deduping blobs for digest"} +{"level":"debug","component":"scheduler","worker":4,"task":"{Name: DedupeTask, digest: sha256:2091df6407df7ff44b5e249fe1d34e997feb56f71648f3a9f36f7a360ddaaea1, dedupe: true}","goroutine":66,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:133","time":"2025-01-19T16:59:27.699538573+02:00","message":"starting task"} +{"level":"info","digest":"sha256:f56be85fc22e46face30e2c3de3f7fe7c15f8fd7c4e5add29d7f64b87abdaa09","component":"dedupe","goroutine":32,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1951","time":"2025-01-19T16:59:27.701222516+02:00","message":"deduping blobs for digest finished successfully"} +{"level":"debug","component":"scheduler","worker":2,"task":"{Name: DedupeTask, digest: sha256:f56be85fc22e46face30e2c3de3f7fe7c15f8fd7c4e5add29d7f64b87abdaa09, dedupe: true}","goroutine":32,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:157","time":"2025-01-19T16:59:27.701265831+02:00","message":"finished task"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/cache.db","digestHash":"cache.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701335176+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/meta.db","digestHash":"meta.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701372171+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test","digestHash":"zot-cve-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701408509+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701466651+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701526038+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701628974+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701683099+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test","digestHash":"zot-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701718015+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701773133+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701821077+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701940822+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.701976107+02:00","message":"digest validation failed when walking blob paths"} +{"level":"info","digest":"sha256:2091df6407df7ff44b5e249fe1d34e997feb56f71648f3a9f36f7a360ddaaea1","component":"dedupe","goroutine":66,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1885","time":"2025-01-19T16:59:27.702038105+02:00","message":"deduping blobs for digest"} +{"level":"debug","component":"scheduler","worker":5,"task":"{Name: DedupeTask, digest: sha256:3608bca1e44ea6c4d268eb6db02260269892c0b42b86bbf1e77a6fa16c3c9282, dedupe: true}","goroutine":67,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:133","time":"2025-01-19T16:59:27.702078521+02:00","message":"starting task"} +{"level":"info","digest":"sha256:2091df6407df7ff44b5e249fe1d34e997feb56f71648f3a9f36f7a360ddaaea1","component":"dedupe","goroutine":66,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1951","time":"2025-01-19T16:59:27.703815043+02:00","message":"deduping blobs for digest finished successfully"} +{"level":"debug","component":"scheduler","worker":4,"task":"{Name: DedupeTask, digest: sha256:2091df6407df7ff44b5e249fe1d34e997feb56f71648f3a9f36f7a360ddaaea1, dedupe: true}","goroutine":66,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:157","time":"2025-01-19T16:59:27.703875844+02:00","message":"finished task"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/cache.db","digestHash":"cache.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.703961871+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/meta.db","digestHash":"meta.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.703991344+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test","digestHash":"zot-cve-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.704018344+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.704072268+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.704112661+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.704197614+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.704224642+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test","digestHash":"zot-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.704247485+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.704297957+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.704330834+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.704455773+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.704494796+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","component":"scheduler","worker":3,"task":"{Name: DedupeTask, digest: sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3, dedupe: true}","goroutine":33,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:133","time":"2025-01-19T16:59:27.704530709+02:00","message":"starting task"} +{"level":"info","digest":"sha256:3608bca1e44ea6c4d268eb6db02260269892c0b42b86bbf1e77a6fa16c3c9282","component":"dedupe","goroutine":67,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1885","time":"2025-01-19T16:59:27.704596528+02:00","message":"deduping blobs for digest"} +{"level":"info","digest":"sha256:3608bca1e44ea6c4d268eb6db02260269892c0b42b86bbf1e77a6fa16c3c9282","component":"dedupe","goroutine":67,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1951","time":"2025-01-19T16:59:27.706846859+02:00","message":"deduping blobs for digest finished successfully"} +{"level":"debug","component":"scheduler","worker":5,"task":"{Name: DedupeTask, digest: sha256:3608bca1e44ea6c4d268eb6db02260269892c0b42b86bbf1e77a6fa16c3c9282, dedupe: true}","goroutine":67,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:157","time":"2025-01-19T16:59:27.706893359+02:00","message":"finished task"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/cache.db","digestHash":"cache.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.706966609+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/meta.db","digestHash":"meta.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.707002549+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test","digestHash":"zot-cve-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.707030395+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.707091169+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.707139453+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.707250864+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.707290711+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test","digestHash":"zot-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.70732618+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.707381285+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.707425908+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.707543093+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.70757993+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","component":"scheduler","worker":7,"task":"{Name: DedupeTask, digest: sha256:ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad, dedupe: true}","goroutine":69,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:133","time":"2025-01-19T16:59:27.707622052+02:00","message":"starting task"} +{"level":"info","digest":"sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3","component":"dedupe","goroutine":33,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1885","time":"2025-01-19T16:59:27.707668195+02:00","message":"deduping blobs for digest"} +{"level":"info","digest":"sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3","component":"dedupe","goroutine":33,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1951","time":"2025-01-19T16:59:27.710672803+02:00","message":"deduping blobs for digest finished successfully"} +{"level":"debug","component":"scheduler","worker":3,"task":"{Name: DedupeTask, digest: sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3, dedupe: true}","goroutine":33,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:157","time":"2025-01-19T16:59:27.710721397+02:00","message":"finished task"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/cache.db","digestHash":"cache.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.710828449+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/meta.db","digestHash":"meta.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.710870838+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test","digestHash":"zot-cve-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.710908543+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.710960338+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.71100812+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.711109589+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.711149079+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test","digestHash":"zot-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.711184168+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.711237545+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.71128687+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.711405073+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.711444297+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","component":"scheduler","worker":6,"task":"{Name: DedupeTask, digest: sha256:db573b0146a853af339bde42256a810b911d89c9252d055e0218de53690e031e, dedupe: true}","goroutine":68,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:133","time":"2025-01-19T16:59:27.711508888+02:00","message":"starting task"} +{"level":"info","digest":"sha256:ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad","component":"dedupe","goroutine":69,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1885","time":"2025-01-19T16:59:27.711512855+02:00","message":"deduping blobs for digest"} +{"level":"info","digest":"sha256:ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad","component":"dedupe","goroutine":69,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1951","time":"2025-01-19T16:59:27.714203827+02:00","message":"deduping blobs for digest finished successfully"} +{"level":"debug","component":"scheduler","worker":7,"task":"{Name: DedupeTask, digest: sha256:ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad, dedupe: true}","goroutine":69,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:157","time":"2025-01-19T16:59:27.714254666+02:00","message":"finished task"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/cache.db","digestHash":"cache.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.714321071+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/meta.db","digestHash":"meta.db","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.714359238+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test","digestHash":"zot-cve-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.714395026+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.714445253+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.714497752+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.71459456+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-cve-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-cve-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.714636583+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test","digestHash":"zot-test","digestAlgorithm":"001","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.714670294+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs","digestHash":"blobs","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.714727313+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/blobs/sha256","digestHash":"sha256","digestAlgorithm":"blobs","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.714778239+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/index.json","digestHash":"index.json","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.71489879+02:00","message":"digest validation failed when walking blob paths"} +{"level":"debug","path":"/tmp/TestSignatures3782733330/001/zot-test/oci-layout","digestHash":"oci-layout","digestAlgorithm":"zot-test","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1806","time":"2025-01-19T16:59:27.714935252+02:00","message":"digest validation failed when walking blob paths"} +{"level":"info","component":"dedupe","goroutine":58,"caller":"zotregistry.dev/zot/pkg/storage/common/common.go:878","time":"2025-01-19T16:59:27.714965628+02:00","message":"no digests left, finished"} +{"level":"debug","component":"scheduler","generator":"DedupeTaskGenerator","goroutine":58,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:481","time":"2025-01-19T16:59:27.714983619+02:00","message":"generator is done"} +{"level":"info","digest":"sha256:db573b0146a853af339bde42256a810b911d89c9252d055e0218de53690e031e","component":"dedupe","goroutine":68,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1885","time":"2025-01-19T16:59:27.715030748+02:00","message":"deduping blobs for digest"} +{"level":"info","digest":"sha256:db573b0146a853af339bde42256a810b911d89c9252d055e0218de53690e031e","component":"dedupe","goroutine":68,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1951","time":"2025-01-19T16:59:27.71850513+02:00","message":"deduping blobs for digest finished successfully"} +{"level":"debug","component":"scheduler","worker":6,"task":"{Name: DedupeTask, digest: sha256:db573b0146a853af339bde42256a810b911d89c9252d055e0218de53690e031e, dedupe: true}","goroutine":68,"caller":"zotregistry.dev/zot/pkg/scheduler/scheduler.go:157","time":"2025-01-19T16:59:27.718544263+02:00","message":"finished task"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.794158253+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"GET","path":"/v2/signed-repo/blobs/uploads/469d67a0-c9f4-4736-9a6c-bf3a88da1d48","statusCode":204,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.795264489+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/469d67a0-c9f4-4736-9a6c-bf3a88da1d48","dstDigest":"sha256:58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:27.796862214+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/469d67a0-c9f4-4736-9a6c-bf3a88da1d48","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","component":"dedupe","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:27.799364655+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"PUT","path":"/v2/signed-repo/blobs/uploads/469d67a0-c9f4-4736-9a6c-bf3a88da1d48?digest=sha256%3A58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["14"],"Content-Type":["application/octet-stream"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.799438089+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.800213366+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/22f39572-f31e-49aa-8942-791fb6e29fcb","dstDigest":"sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:27.801585455+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/22f39572-f31e-49aa-8942-791fb6e29fcb","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","component":"dedupe","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:27.804399008+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"PUT","path":"/v2/signed-repo/blobs/uploads/22f39572-f31e-49aa-8942-791fb6e29fcb?digest=sha256%3A44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["2"],"Content-Type":["application/octet-stream"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.804474528+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.80521281+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/b265f7b2-ff2e-4c6e-b365-ddd11e3f3496","dstDigest":"sha256:f8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/f8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:27.806702646+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/b265f7b2-ff2e-4c6e-b365-ddd11e3f3496","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/f8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","component":"dedupe","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:27.808633866+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"PUT","path":"/v2/signed-repo/blobs/uploads/b265f7b2-ff2e-4c6e-b365-ddd11e3f3496?digest=sha256%3Af8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["144"],"Content-Type":["application/octet-stream"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.808708818+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"PUT","path":"/v2/signed-repo/manifests/0.0.1","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.manifest.v1+json"],"Accept-Encoding":["gzip"],"Content-Length":["395"],"Content-Type":["application/vnd.oci.image.manifest.v1+json"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.813966497+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.814801779+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/97ce03b7-b4db-4299-b8dd-6946ef207cf1","dstDigest":"sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:27.816311645+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/97ce03b7-b4db-4299-b8dd-6946ef207cf1","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","component":"dedupe","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:27.818036457+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"PUT","path":"/v2/signed-repo/blobs/uploads/97ce03b7-b4db-4299-b8dd-6946ef207cf1?digest=sha256%3A6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["19"],"Content-Type":["application/octet-stream"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.818111586+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.818895986+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/c3ebcca2-3863-4dda-8366-a86783166b6a","dstDigest":"sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:27.820385808+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/c3ebcca2-3863-4dda-8366-a86783166b6a","component":"dedupe","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1122","time":"2025-01-19T16:59:27.820581852+02:00","message":"remove"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"PUT","path":"/v2/signed-repo/blobs/uploads/c3ebcca2-3863-4dda-8366-a86783166b6a?digest=sha256%3A44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["2"],"Content-Type":["application/octet-stream"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.820647867+02:00","message":"HTTP API"} +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"PUT","path":"/v2/signed-repo/manifests/sha256:a9080e672cbce1eacbb367a3b2dff8953c3fe3655dafb9511d1f9cec7a6d458e","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.manifest.v1+json"],"Accept-Encoding":["gzip"],"Content-Length":["531"],"Content-Type":["application/vnd.oci.image.manifest.v1+json"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.825236553+02:00","message":"HTTP API"} +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"PUT","path":"/v2/signed-repo/manifests/sha256:d487e355af9f14a682c56f1d75c8134d96a948c016c45957a20f65133a1666ea","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.manifest.v1+json"],"Accept-Encoding":["gzip"],"Content-Length":["582"],"Content-Type":["application/vnd.oci.image.manifest.v1+json"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:27.829837013+02:00","message":"HTTP API"} +✔ sync_test.go:4627: 33349 +✔Private key written to cosign.key +Public key written to cosign.pub +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47816","method":"GET","path":"/v2/","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":149,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.508731395+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47816","method":"GET","path":"/v2/signed-repo/manifests/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":149,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.511348069+02:00","message":"HTTP API"} +Pushing signature to: localhost:33349/signed-repo +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47816","method":"GET","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sig","statusCode":404,"latency":"0s","bodySize":285,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":149,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.513002755+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47830","method":"GET","path":"/v2/","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":170,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.51500942+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47830","method":"HEAD","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sig","statusCode":404,"latency":"0s","bodySize":285,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":170,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.516338964+02:00","message":"HTTP API"} +{"level":"warn","error":"cache miss","digest":"sha256:cbf34bd02600f69bed540ccf4594c209b2ca3bd36556ab0be980055dd8058f77","goroutine":170,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1236","time":"2025-01-19T16:59:29.517292729+02:00","message":"not found in cache"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47830","method":"HEAD","path":"/v2/signed-repo/blobs/sha256:cbf34bd02600f69bed540ccf4594c209b2ca3bd36556ab0be980055dd8058f77","statusCode":404,"latency":"0s","bodySize":405,"headers":{"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":170,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.517394373+02:00","message":"HTTP API"} +{"level":"warn","error":"cache miss","digest":"sha256:930fd823b2305b7144941fa1455da47bbba1313284f9a426c254895621384830","goroutine":156,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1236","time":"2025-01-19T16:59:29.517511801+02:00","message":"not found in cache"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47832","method":"HEAD","path":"/v2/signed-repo/blobs/sha256:930fd823b2305b7144941fa1455da47bbba1313284f9a426c254895621384830","statusCode":404,"latency":"0s","bodySize":405,"headers":{"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":156,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.517599083+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47830","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":170,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.518174138+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47832","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":156,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.518312546+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47830","method":"PATCH","path":"/v2/signed-repo/blobs/uploads/813892c2-9afe-45f9-9c7f-c740ad830bcf","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["243"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":170,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.51947364+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47832","method":"PATCH","path":"/v2/signed-repo/blobs/uploads/f2344d7b-2d80-4395-b10f-6bf41548d8b5","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["233"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":156,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.519602168+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/813892c2-9afe-45f9-9c7f-c740ad830bcf","dstDigest":"sha256:cbf34bd02600f69bed540ccf4594c209b2ca3bd36556ab0be980055dd8058f77","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/cbf34bd02600f69bed540ccf4594c209b2ca3bd36556ab0be980055dd8058f77","goroutine":170,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:29.520894613+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/813892c2-9afe-45f9-9c7f-c740ad830bcf","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/cbf34bd02600f69bed540ccf4594c209b2ca3bd36556ab0be980055dd8058f77","component":"dedupe","goroutine":170,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:29.523341011+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47830","method":"PUT","path":"/v2/signed-repo/blobs/uploads/813892c2-9afe-45f9-9c7f-c740ad830bcf?digest=sha256%3Acbf34bd02600f69bed540ccf4594c209b2ca3bd36556ab0be980055dd8058f77","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":170,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.523426723+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/f2344d7b-2d80-4395-b10f-6bf41548d8b5","dstDigest":"sha256:930fd823b2305b7144941fa1455da47bbba1313284f9a426c254895621384830","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/930fd823b2305b7144941fa1455da47bbba1313284f9a426c254895621384830","goroutine":156,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:29.523450554+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/f2344d7b-2d80-4395-b10f-6bf41548d8b5","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/930fd823b2305b7144941fa1455da47bbba1313284f9a426c254895621384830","component":"dedupe","goroutine":156,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:29.525330417+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47832","method":"PUT","path":"/v2/signed-repo/blobs/uploads/f2344d7b-2d80-4395-b10f-6bf41548d8b5?digest=sha256%3A930fd823b2305b7144941fa1455da47bbba1313284f9a426c254895621384830","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":156,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.525404289+02:00","message":"HTTP API"} +warning: layer sha256:cbf34bd02600f69bed540ccf4594c209b2ca3bd36556ab0be980055dd8058f77 has an unknown media type: application/vnd.dev.cosign.simplesigning.v1+json +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47832","method":"PUT","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sig","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["558"],"Content-Type":["application/vnd.oci.image.manifest.v1+json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":156,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.532606407+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47848","method":"GET","path":"/v2/","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":177,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.534291169+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47848","method":"GET","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sig","statusCode":200,"latency":"0s","bodySize":558,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":177,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.535422034+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47848","method":"GET","path":"/v2/signed-repo/blobs/sha256:cbf34bd02600f69bed540ccf4594c209b2ca3bd36556ab0be980055dd8058f77","statusCode":200,"latency":"0s","bodySize":243,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":177,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.53647312+02:00","message":"HTTP API"} + +Verification for localhost:33349/signed-repo@sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6 -- +The following checks were performed on each of these signatures: + - The cosign claims were validated + - The signatures were verified against the specified public key + +[{"critical":{"identity":{"docker-reference":"localhost:33349/signed-repo"},"image":{"docker-manifest-digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6"},"type":"cosign container image signature"},"optional":null}] +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47860","method":"HEAD","path":"/v2/signed-repo/manifests/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["notation/zot_tests"]},"goroutine":211,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.538162881+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47860","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["notation/zot_tests"]},"goroutine":211,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.54461278+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/aff95d1c-f402-468d-9b79-563bc8be97c7","dstDigest":"sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","goroutine":211,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:29.546110717+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/aff95d1c-f402-468d-9b79-563bc8be97c7","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","component":"dedupe","goroutine":211,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:29.548303571+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47860","method":"PUT","path":"/v2/signed-repo/blobs/uploads/aff95d1c-f402-468d-9b79-563bc8be97c7?digest=sha256%3A44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["2070"],"Content-Type":["application/octet-stream"],"User-Agent":["notation/zot_tests"]},"goroutine":211,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.548384291+02:00","message":"HTTP API"} +{"level":"debug","blob path":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","goroutine":211,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1220","time":"2025-01-19T16:59:29.549317914+02:00","message":"blob path found"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47860","method":"HEAD","path":"/v2/signed-repo/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":200,"latency":"0s","bodySize":0,"headers":{"User-Agent":["notation/zot_tests"]},"goroutine":211,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.549377289+02:00","message":"HTTP API"} +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.notary.signature +warning: layer sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525 has an unknown media type: application/jose+json +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47860","method":"PUT","path":"/v2/signed-repo/manifests/sha256:b0e48f1c0ce676ad9dec86db6f4cdad4e27a9f1fbbc326048127ccf2657a933a","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["728"],"Content-Type":["application/vnd.oci.image.manifest.v1+json"],"User-Agent":["notation/zot_tests"]},"goroutine":211,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.555190594+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47860","method":"GET","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":404,"latency":"0s","bodySize":281,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["notation/zot_tests"]},"goroutine":211,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.556264126+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"PUT","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["485"],"Content-Type":["application/vnd.oci.image.index.v1+json"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.562946024+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"HEAD","path":"/v2/signed-repo/manifests/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.563998869+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"HEAD","path":"/v2/signed-repo/manifests/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.565256011+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","artifactType":["application/vnd.cncf.notary.signature"],"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:29.566564268+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"GET","path":"/v2/signed-repo/referrers/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6?artifactType=application%2Fvnd.cncf.notary.signature","statusCode":200,"latency":"0s","bodySize":485,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.567088916+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"GET","path":"/v2/signed-repo/manifests/sha256:b0e48f1c0ce676ad9dec86db6f4cdad4e27a9f1fbbc326048127ccf2657a933a","statusCode":200,"latency":"0s","bodySize":728,"headers":{"Accept":["application/vnd.oci.image.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.568040905+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":200,"latency":"0s","bodySize":2070,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.568811821+02:00","message":"HTTP API"} +✔Uploading SBOM file for [localhost:33349/signed-repo@sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6] to [localhost:33349/signed-repo:sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sbom] with mediaType [text/spdx]. + +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47880","method":"GET","path":"/v2/","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":261,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.571510396+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47880","method":"HEAD","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sbom","statusCode":404,"latency":"0s","bodySize":286,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":261,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.572684801+02:00","message":"HTTP API"} +{"level":"warn","error":"cache miss","digest":"sha256:07d7b6eb6cb71a96cb7b67eb8af058d5ea7b95678d4522fb4e9b3125ded31f23","goroutine":261,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1236","time":"2025-01-19T16:59:29.573446809+02:00","message":"not found in cache"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47880","method":"HEAD","path":"/v2/signed-repo/blobs/sha256:07d7b6eb6cb71a96cb7b67eb8af058d5ea7b95678d4522fb4e9b3125ded31f23","statusCode":404,"latency":"0s","bodySize":405,"headers":{"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":261,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.573545563+02:00","message":"HTTP API"} +{"level":"warn","error":"cache miss","digest":"sha256:222486d0558b9f0c54cd1968224052a3c93011dcf4980766e1ef28d6034d7cfa","goroutine":264,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1236","time":"2025-01-19T16:59:29.573652077+02:00","message":"not found in cache"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47894","method":"HEAD","path":"/v2/signed-repo/blobs/sha256:222486d0558b9f0c54cd1968224052a3c93011dcf4980766e1ef28d6034d7cfa","statusCode":404,"latency":"0s","bodySize":405,"headers":{"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":264,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.573744441+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47880","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":261,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.57434594+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47894","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":264,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.574485682+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47880","method":"PATCH","path":"/v2/signed-repo/blobs/uploads/37194ce5-ada3-45ef-a799-e9b0dd4e924f","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["12"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":261,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.575764748+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47894","method":"PATCH","path":"/v2/signed-repo/blobs/uploads/c283d8df-05f4-4c53-89de-3bc981c44b75","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["233"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":264,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.575872437+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/c283d8df-05f4-4c53-89de-3bc981c44b75","dstDigest":"sha256:222486d0558b9f0c54cd1968224052a3c93011dcf4980766e1ef28d6034d7cfa","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/222486d0558b9f0c54cd1968224052a3c93011dcf4980766e1ef28d6034d7cfa","goroutine":264,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:29.577227239+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/c283d8df-05f4-4c53-89de-3bc981c44b75","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/222486d0558b9f0c54cd1968224052a3c93011dcf4980766e1ef28d6034d7cfa","component":"dedupe","goroutine":264,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:29.579490686+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47894","method":"PUT","path":"/v2/signed-repo/blobs/uploads/c283d8df-05f4-4c53-89de-3bc981c44b75?digest=sha256%3A222486d0558b9f0c54cd1968224052a3c93011dcf4980766e1ef28d6034d7cfa","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":264,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.579650868+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/37194ce5-ada3-45ef-a799-e9b0dd4e924f","dstDigest":"sha256:07d7b6eb6cb71a96cb7b67eb8af058d5ea7b95678d4522fb4e9b3125ded31f23","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/07d7b6eb6cb71a96cb7b67eb8af058d5ea7b95678d4522fb4e9b3125ded31f23","goroutine":261,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:29.579736787+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/37194ce5-ada3-45ef-a799-e9b0dd4e924f","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/07d7b6eb6cb71a96cb7b67eb8af058d5ea7b95678d4522fb4e9b3125ded31f23","component":"dedupe","goroutine":261,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:29.581739482+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47880","method":"PUT","path":"/v2/signed-repo/blobs/uploads/37194ce5-ada3-45ef-a799-e9b0dd4e924f?digest=sha256%3A07d7b6eb6cb71a96cb7b67eb8af058d5ea7b95678d4522fb4e9b3125ded31f23","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":261,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.581816028+02:00","message":"HTTP API"} +warning: layer sha256:07d7b6eb6cb71a96cb7b67eb8af058d5ea7b95678d4522fb4e9b3125ded31f23 has an unknown media type: text/spdx +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47880","method":"PUT","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sbom","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["366"],"Content-Type":["application/vnd.oci.image.manifest.v1+json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":261,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.588067992+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"GET","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sbom","statusCode":200,"latency":"0s","bodySize":366,"headers":{"Accept":["application/vnd.oci.image.manifest.v1+json"],"Accept-Encoding":["gzip"],"Content-Type":["application/vnd.oci.image.manifest.v1+json"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:29.590788314+02:00","message":"HTTP API"} +✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47920","method":"GET","path":"/v2/","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":249,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.353116482+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47920","method":"GET","path":"/v2/signed-repo/manifests/sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e","statusCode":200,"latency":"0s","bodySize":366,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":249,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.356212907+02:00","message":"HTTP API"} +Pushing signature to: localhost:33349/signed-repo +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47920","method":"GET","path":"/v2/signed-repo/manifests/sha256-50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e.sig","statusCode":404,"latency":"0s","bodySize":285,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":249,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.357502915+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47928","method":"GET","path":"/v2/","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":241,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.358857038+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47928","method":"HEAD","path":"/v2/signed-repo/manifests/sha256-50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e.sig","statusCode":404,"latency":"0s","bodySize":285,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":241,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.359977215+02:00","message":"HTTP API"} +{"level":"warn","error":"cache miss","digest":"sha256:f6962a94af2e0c61e97f8e161beb48ccca4452d3353063e85760ce2e7d08474a","goroutine":241,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1236","time":"2025-01-19T16:59:30.360736146+02:00","message":"not found in cache"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47928","method":"HEAD","path":"/v2/signed-repo/blobs/sha256:f6962a94af2e0c61e97f8e161beb48ccca4452d3353063e85760ce2e7d08474a","statusCode":404,"latency":"0s","bodySize":405,"headers":{"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":241,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.360834297+02:00","message":"HTTP API"} +{"level":"warn","error":"cache miss","digest":"sha256:5c74a88571dc5be6ae2691e68d9fe445172af2b154c35d1311c95ed234ab9242","goroutine":356,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1236","time":"2025-01-19T16:59:30.360882832+02:00","message":"not found in cache"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47934","method":"HEAD","path":"/v2/signed-repo/blobs/sha256:5c74a88571dc5be6ae2691e68d9fe445172af2b154c35d1311c95ed234ab9242","statusCode":404,"latency":"0s","bodySize":405,"headers":{"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":356,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.360960241+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47928","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":241,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.361551952+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47934","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":356,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.361639107+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47928","method":"PATCH","path":"/v2/signed-repo/blobs/uploads/9b2f527d-440f-4ed9-86ff-34488e69b33c","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["243"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":241,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.362713754+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47934","method":"PATCH","path":"/v2/signed-repo/blobs/uploads/d0cc6493-b9a6-49fe-ba51-f24b41c3cefe","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["233"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":356,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.362822273+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/9b2f527d-440f-4ed9-86ff-34488e69b33c","dstDigest":"sha256:f6962a94af2e0c61e97f8e161beb48ccca4452d3353063e85760ce2e7d08474a","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/f6962a94af2e0c61e97f8e161beb48ccca4452d3353063e85760ce2e7d08474a","goroutine":241,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:30.364120374+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/9b2f527d-440f-4ed9-86ff-34488e69b33c","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/f6962a94af2e0c61e97f8e161beb48ccca4452d3353063e85760ce2e7d08474a","component":"dedupe","goroutine":241,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:30.368596223+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47928","method":"PUT","path":"/v2/signed-repo/blobs/uploads/9b2f527d-440f-4ed9-86ff-34488e69b33c?digest=sha256%3Af6962a94af2e0c61e97f8e161beb48ccca4452d3353063e85760ce2e7d08474a","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":241,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.368741022+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/d0cc6493-b9a6-49fe-ba51-f24b41c3cefe","dstDigest":"sha256:5c74a88571dc5be6ae2691e68d9fe445172af2b154c35d1311c95ed234ab9242","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/5c74a88571dc5be6ae2691e68d9fe445172af2b154c35d1311c95ed234ab9242","goroutine":356,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:30.368890933+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/d0cc6493-b9a6-49fe-ba51-f24b41c3cefe","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/5c74a88571dc5be6ae2691e68d9fe445172af2b154c35d1311c95ed234ab9242","component":"dedupe","goroutine":356,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:30.371238818+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47934","method":"PUT","path":"/v2/signed-repo/blobs/uploads/d0cc6493-b9a6-49fe-ba51-f24b41c3cefe?digest=sha256%3A5c74a88571dc5be6ae2691e68d9fe445172af2b154c35d1311c95ed234ab9242","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Content-Type":["application/octet-stream"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":356,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.371327267+02:00","message":"HTTP API"} +warning: layer sha256:f6962a94af2e0c61e97f8e161beb48ccca4452d3353063e85760ce2e7d08474a has an unknown media type: application/vnd.dev.cosign.simplesigning.v1+json +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47934","method":"PUT","path":"/v2/signed-repo/manifests/sha256-50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e.sig","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["558"],"Content-Type":["application/vnd.oci.image.manifest.v1+json"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":356,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.378281376+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47950","method":"GET","path":"/v2/","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":346,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.380833214+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47950","method":"GET","path":"/v2/signed-repo/manifests/sha256-50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e.sig","statusCode":200,"latency":"0s","bodySize":558,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":346,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.3821292+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47950","method":"GET","path":"/v2/signed-repo/blobs/sha256:f6962a94af2e0c61e97f8e161beb48ccca4452d3353063e85760ce2e7d08474a","statusCode":200,"latency":"0s","bodySize":243,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["cosign/devel (linux; amd64) go-containerregistry"]},"goroutine":346,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.383265773+02:00","message":"HTTP API"} + +Verification for localhost:33349/signed-repo@sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e -- +The following checks were performed on each of these signatures: + - The cosign claims were validated + - The signatures were verified against the specified public key + +[{"critical":{"identity":{"docker-reference":"localhost:33349/signed-repo"},"image":{"docker-manifest-digest":"sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e"},"type":"cosign container image signature"},"optional":null}] +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"HEAD","path":"/v2/signed-repo/manifests/sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.385125715+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.391701821+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/411c2c16-f946-4153-8852-1a0f185ca71f","dstDigest":"sha256:c98431810205453cd3f3469699b4ae848d3ab21703b84c04522b36f0f91094ca","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/c98431810205453cd3f3469699b4ae848d3ab21703b84c04522b36f0f91094ca","goroutine":229,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:30.393376572+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/411c2c16-f946-4153-8852-1a0f185ca71f","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/c98431810205453cd3f3469699b4ae848d3ab21703b84c04522b36f0f91094ca","component":"dedupe","goroutine":229,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1056","time":"2025-01-19T16:59:30.395705865+02:00","message":"rename"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"PUT","path":"/v2/signed-repo/blobs/uploads/411c2c16-f946-4153-8852-1a0f185ca71f?digest=sha256%3Ac98431810205453cd3f3469699b4ae848d3ab21703b84c04522b36f0f91094ca","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["2070"],"Content-Type":["application/octet-stream"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.395784709+02:00","message":"HTTP API"} +{"level":"debug","blob path":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","goroutine":229,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1220","time":"2025-01-19T16:59:30.396766491+02:00","message":"blob path found"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"HEAD","path":"/v2/signed-repo/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":200,"latency":"0s","bodySize":0,"headers":{"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.396831619+02:00","message":"HTTP API"} +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.notary.signature +warning: layer sha256:c98431810205453cd3f3469699b4ae848d3ab21703b84c04522b36f0f91094ca has an unknown media type: application/jose+json +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"PUT","path":"/v2/signed-repo/manifests/sha256:1c7930cca0c54e495c4567ad354f143d4196b431b3668138c0d61ec941316a08","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["728"],"Content-Type":["application/vnd.oci.image.manifest.v1+json"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.403004497+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47868","method":"GET","path":"/v2/signed-repo/manifests/sha256-50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e","statusCode":404,"latency":"0s","bodySize":281,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["notation/zot_tests"]},"goroutine":229,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.404303216+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47960","method":"PUT","path":"/v2/signed-repo/manifests/sha256-50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["485"],"Content-Type":["application/vnd.oci.image.index.v1+json"],"User-Agent":["notation/zot_tests"]},"goroutine":330,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.409442848+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47960","method":"HEAD","path":"/v2/signed-repo/manifests/sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["notation/zot_tests"]},"goroutine":330,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.410318541+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47960","method":"HEAD","path":"/v2/signed-repo/manifests/sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["notation/zot_tests"]},"goroutine":330,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.411413881+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e","artifactType":["application/vnd.cncf.notary.signature"],"goroutine":330,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:30.412438313+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47960","method":"GET","path":"/v2/signed-repo/referrers/sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e?artifactType=application%2Fvnd.cncf.notary.signature","statusCode":200,"latency":"0s","bodySize":485,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["notation/zot_tests"]},"goroutine":330,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.413271746+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47960","method":"GET","path":"/v2/signed-repo/manifests/sha256:1c7930cca0c54e495c4567ad354f143d4196b431b3668138c0d61ec941316a08","statusCode":200,"latency":"0s","bodySize":728,"headers":{"Accept":["application/vnd.oci.image.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["notation/zot_tests"]},"goroutine":330,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.414180063+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47960","method":"GET","path":"/v2/signed-repo/blobs/sha256:c98431810205453cd3f3469699b4ae848d3ab21703b84c04522b36f0f91094ca","statusCode":200,"latency":"0s","bodySize":2070,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["notation/zot_tests"]},"goroutine":330,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.414999383+02:00","message":"HTTP API"} +✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"POST","path":"/v2/signed-repo/blobs/uploads/","statusCode":202,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.416984028+02:00","message":"HTTP API"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/d0bd81c5-ceda-4347-bd5c-ac99295c4004","dstDigest":"sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","dst":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1030","time":"2025-01-19T16:59:30.41857413+02:00","message":"dedupe begin"} +{"level":"debug","src":"/tmp/TestSignatures3782733330/001/signed-repo/.uploads/d0bd81c5-ceda-4347-bd5c-ac99295c4004","component":"dedupe","goroutine":131,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1122","time":"2025-01-19T16:59:30.418991903+02:00","message":"remove"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"PUT","path":"/v2/signed-repo/blobs/uploads/d0bd81c5-ceda-4347-bd5c-ac99295c4004?digest=sha256%3A44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Content-Length":["2"],"Content-Type":["application/octet-stream"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.419066714+02:00","message":"HTTP API"} +✔warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"PUT","path":"/v2/signed-repo/manifests/sha256:dc1377539a9db8bf077100bfa3118052feb6b5c67509ca09bdd841e4ac14c4cc","statusCode":201,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.manifest.v1+json"],"Accept-Encoding":["gzip"],"Content-Length":["543"],"Content-Type":["application/vnd.oci.image.manifest.v1+json"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.426221304+02:00","message":"HTTP API"} +✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/_catalog","statusCode":200,"latency":"0s","bodySize":58,"headers":{"Accept":["application/json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.598842152+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/zot-cve-test/tags/list","statusCode":200,"latency":"0s","bodySize":40,"headers":{"Accept":["application/json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.599751338+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47982","method":"GET","path":"/v2/signed-repo/tags/list","statusCode":200,"latency":"0s","bodySize":422,"headers":{"Accept":["application/json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":468,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.599953524+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/zot-test/tags/list","statusCode":200,"latency":"0s","bodySize":36,"headers":{"Accept":["application/json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.600594289+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47966","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":336,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.603018242+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47982","method":"GET","path":"/v2/zot-cve-test/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":405,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":468,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.605114785+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47982","method":"HEAD","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":468,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.606062199+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47982","method":"HEAD","path":"/v2/zot-cve-test/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":468,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.606745514+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.607385196+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","artifactType":null,"goroutine":468,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:30.607751137+02:00","message":"getting manifest"} +{"level":"info","digest":"sha256:8e045c9a01e79e9c3931685e9481fca9c165be5a6c539d4ca88f99a16ce8b113","artifactType":null,"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:30.608638133+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47982","method":"GET","path":"/v2/signed-repo/referrers/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":885,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":468,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.608659426+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/zot-cve-test/referrers/sha256:8e045c9a01e79e9c3931685e9481fca9c165be5a6c539d4ca88f99a16ce8b113","statusCode":200,"latency":"0s","bodySize":88,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.608772834+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"HEAD","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.609531884+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","artifactType":null,"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:30.610599306+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47966","method":"GET","path":"/v2/zot-test/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":703,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":336,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.611117966+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/referrers/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":885,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.611477246+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47966","method":"HEAD","path":"/v2/zot-test/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":336,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.611947629+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47982","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":468,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.612884745+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:db573b0146a853af339bde42256a810b911d89c9252d055e0218de53690e031e","artifactType":null,"goroutine":336,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:30.612921664+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47966","method":"GET","path":"/v2/zot-test/referrers/sha256:db573b0146a853af339bde42256a810b911d89c9252d055e0218de53690e031e","statusCode":200,"latency":"0s","bodySize":88,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":336,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.613055601+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47982","method":"GET","path":"/v2/signed-repo/blobs/sha256:58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","statusCode":200,"latency":"0s","bodySize":14,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":468,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.613986405+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47966","method":"GET","path":"/v2/signed-repo/blobs/sha256:f8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","statusCode":200,"latency":"0s","bodySize":144,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":336,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.614011133+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.614650482+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","statusCode":200,"latency":"0s","bodySize":14,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.615876799+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47966","method":"GET","path":"/v2/signed-repo/blobs/sha256:f8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","statusCode":200,"latency":"0s","bodySize":144,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":336,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.615888494+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256:a9080e672cbce1eacbb367a3b2dff8953c3fe3655dafb9511d1f9cec7a6d458e","statusCode":200,"latency":"0s","bodySize":531,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.618042601+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":200,"latency":"0s","bodySize":2,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.619071765+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","statusCode":200,"latency":"0s","bodySize":19,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.619091796+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47966","method":"GET","path":"/v2/signed-repo/manifests/sha256:a9080e672cbce1eacbb367a3b2dff8953c3fe3655dafb9511d1f9cec7a6d458e","statusCode":200,"latency":"0s","bodySize":531,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":336,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.619823842+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","statusCode":200,"latency":"0s","bodySize":19,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.620847261+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":200,"latency":"0s","bodySize":2,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.6208534+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:48006","method":"GET","path":"/v2/signed-repo/manifests/sha256:d487e355af9f14a682c56f1d75c8134d96a948c016c45957a20f65133a1666ea","statusCode":200,"latency":"0s","bodySize":582,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":541,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.62258999+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/sha256:d487e355af9f14a682c56f1d75c8134d96a948c016c45957a20f65133a1666ea","statusCode":200,"latency":"0s","bodySize":582,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.624464232+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:48006","method":"GET","path":"/v2/signed-repo/manifests/sha256:b0e48f1c0ce676ad9dec86db6f4cdad4e27a9f1fbbc326048127ccf2657a933a","statusCode":200,"latency":"0s","bodySize":728,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":541,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.624864477+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":200,"latency":"0s","bodySize":2070,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.626238695+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256:b0e48f1c0ce676ad9dec86db6f4cdad4e27a9f1fbbc326048127ccf2657a933a","statusCode":200,"latency":"0s","bodySize":728,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.626633788+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":200,"latency":"0s","bodySize":2070,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:30.628175688+02:00","message":"HTTP API"} +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.notary.signature +warning: layer sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525 has an unknown media type: application/jose+json +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.notary.signature +warning: layer sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525 has an unknown media type: application/jose+json +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.notary.signature +warning: layer sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525 has an unknown media type: application/jose+json +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.notary.signature +warning: layer sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525 has an unknown media type: application/jose+json +✔✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sig","statusCode":200,"latency":"0s","bodySize":558,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.695639022+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"HEAD","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sig","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.696734218+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:048015ae579ea59ca44ad5f8846766fe003324a76e4f47b91ddad10911bcc718","artifactType":null,"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:35.697885656+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/referrers/sha256:048015ae579ea59ca44ad5f8846766fe003324a76e4f47b91ddad10911bcc718","statusCode":200,"latency":"0s","bodySize":88,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.698667152+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sig","statusCode":200,"latency":"0s","bodySize":558,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.700109296+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:cbf34bd02600f69bed540ccf4594c209b2ca3bd36556ab0be980055dd8058f77","statusCode":200,"latency":"0s","bodySize":243,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.701104121+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:930fd823b2305b7144941fa1455da47bbba1313284f9a426c254895621384830","statusCode":200,"latency":"0s","bodySize":233,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.701216981+02:00","message":"HTTP API"} +warning: layer sha256:cbf34bd02600f69bed540ccf4594c209b2ca3bd36556ab0be980055dd8058f77 has an unknown media type: application/vnd.dev.cosign.simplesigning.v1+json + +Verification for localhost:44309/signed-repo@sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6 -- +The following checks were performed on each of these signatures: + - The cosign claims were validated + - The signatures were verified against the specified public key + +[{"critical":{"identity":{"docker-reference":"localhost:33349/signed-repo"},"image":{"docker-manifest-digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6"},"type":"cosign container image signature"},"optional":null}] +✔✔✔✔✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sbom","statusCode":200,"latency":"0s","bodySize":366,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.71562638+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"HEAD","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sbom","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.716704502+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e","artifactType":null,"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:35.717722651+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/referrers/sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e","statusCode":200,"latency":"0s","bodySize":689,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.718559652+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sbom","statusCode":200,"latency":"0s","bodySize":366,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.721541634+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:07d7b6eb6cb71a96cb7b67eb8af058d5ea7b95678d4522fb4e9b3125ded31f23","statusCode":200,"latency":"0s","bodySize":12,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.722577165+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:222486d0558b9f0c54cd1968224052a3c93011dcf4980766e1ef28d6034d7cfa","statusCode":200,"latency":"0s","bodySize":233,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.722646301+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256:1c7930cca0c54e495c4567ad354f143d4196b431b3668138c0d61ec941316a08","statusCode":200,"latency":"0s","bodySize":728,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.724564365+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":200,"latency":"0s","bodySize":2,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.72555073+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:c98431810205453cd3f3469699b4ae848d3ab21703b84c04522b36f0f91094ca","statusCode":200,"latency":"0s","bodySize":2070,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.725565739+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/sha256:dc1377539a9db8bf077100bfa3118052feb6b5c67509ca09bdd841e4ac14c4cc","statusCode":200,"latency":"0s","bodySize":543,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.72890535+02:00","message":"HTTP API"} +warning: layer sha256:07d7b6eb6cb71a96cb7b67eb8af058d5ea7b95678d4522fb4e9b3125ded31f23 has an unknown media type: text/spdx +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.notary.signature +warning: layer sha256:c98431810205453cd3f3469699b4ae848d3ab21703b84c04522b36f0f91094ca has an unknown media type: application/jose+json +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.notary.signature +warning: layer sha256:c98431810205453cd3f3469699b4ae848d3ab21703b84c04522b36f0f91094ca has an unknown media type: application/jose+json +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +✔✔✔✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/sha256-50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e.sig","statusCode":200,"latency":"0s","bodySize":558,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.780007101+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"HEAD","path":"/v2/signed-repo/manifests/sha256-50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e.sig","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.781099359+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:78186ebbf49a02cda3e47bb459e05cf4fa4519bc8a78de1a6ee95a65c4c8a899","artifactType":null,"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:35.782101129+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/referrers/sha256:78186ebbf49a02cda3e47bb459e05cf4fa4519bc8a78de1a6ee95a65c4c8a899","statusCode":200,"latency":"0s","bodySize":88,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.782911605+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/sha256-50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e.sig","statusCode":200,"latency":"0s","bodySize":558,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.784460726+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:5c74a88571dc5be6ae2691e68d9fe445172af2b154c35d1311c95ed234ab9242","statusCode":200,"latency":"0s","bodySize":233,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.785327768+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:f6962a94af2e0c61e97f8e161beb48ccca4452d3353063e85760ce2e7d08474a","statusCode":200,"latency":"0s","bodySize":243,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.785336582+02:00","message":"HTTP API"} +warning: layer sha256:f6962a94af2e0c61e97f8e161beb48ccca4452d3353063e85760ce2e7d08474a has an unknown media type: application/vnd.dev.cosign.simplesigning.v1+json + +Verification for localhost:44309/signed-repo@sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e -- +The following checks were performed on each of these signatures: + - The cosign claims were validated + - The signatures were verified against the specified public key + +[{"critical":{"identity":{"docker-reference":"localhost:33349/signed-repo"},"image":{"docker-manifest-digest":"sha256:50f46adb0f66c982c8f1d0ca3e7a2e6aaf8d63d1425694e5282d560df8035a2e"},"type":"cosign container image signature"},"optional":null}] +✔✔✔✔✔✔✔{"level":"info","digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","artifactType":["application/vnd.cncf.notary.signature"],"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:35.797505861+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"GET","path":"/v2/signed-repo/referrers/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6?artifactType=application%2Fvnd.cncf.notary.signature","statusCode":200,"latency":"0s","bodySize":485,"headers":{"Accept":["application/json"],"Accept-Encoding":["gzip"],"Content-Type":["application/json"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.79831092+02:00","message":"HTTP API"} +✔✔✔✔✔✔✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.802218785+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"HEAD","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.803042942+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","artifactType":null,"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:35.804097445+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/referrers/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":885,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.804921334+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.807560449+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:f8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","statusCode":200,"latency":"0s","bodySize":144,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.80840153+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","statusCode":200,"latency":"0s","bodySize":14,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.808906993+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/sha256:a9080e672cbce1eacbb367a3b2dff8953c3fe3655dafb9511d1f9cec7a6d458e","statusCode":200,"latency":"0s","bodySize":531,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.812152315+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","statusCode":200,"latency":"0s","bodySize":19,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.813301972+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":200,"latency":"0s","bodySize":2,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.813440681+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256:d487e355af9f14a682c56f1d75c8134d96a948c016c45957a20f65133a1666ea","statusCode":200,"latency":"0s","bodySize":582,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.817156662+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256:b0e48f1c0ce676ad9dec86db6f4cdad4e27a9f1fbbc326048127ccf2657a933a","statusCode":200,"latency":"0s","bodySize":728,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.819356382+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":200,"latency":"0s","bodySize":2070,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.820323553+02:00","message":"HTTP API"} +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.845409647+02:00","message":"HTTP API"} +✔✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"HEAD","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.846218274+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","artifactType":null,"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:35.847139066+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/referrers/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":885,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.848106756+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.848789819+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"HEAD","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.84983437+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","artifactType":null,"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:35.850935557+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.851178584+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/referrers/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":885,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.851820877+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","statusCode":200,"latency":"0s","bodySize":14,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.852608599+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37048","method":"GET","path":"/v2/signed-repo/blobs/sha256:f8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","statusCode":200,"latency":"0s","bodySize":144,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":488,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.853748072+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.856971453+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","statusCode":200,"latency":"0s","bodySize":14,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.858045813+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:f8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","statusCode":200,"latency":"0s","bodySize":144,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.85808114+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37048","method":"GET","path":"/v2/signed-repo/manifests/sha256:a9080e672cbce1eacbb367a3b2dff8953c3fe3655dafb9511d1f9cec7a6d458e","statusCode":200,"latency":"0s","bodySize":531,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":488,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.85867898+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/blobs/sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","statusCode":200,"latency":"0s","bodySize":19,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.859868782+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":200,"latency":"0s","bodySize":2,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.85986899+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37064","method":"GET","path":"/v2/signed-repo/manifests/sha256:a9080e672cbce1eacbb367a3b2dff8953c3fe3655dafb9511d1f9cec7a6d458e","statusCode":200,"latency":"0s","bodySize":531,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":706,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.862239777+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37064","method":"GET","path":"/v2/signed-repo/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":200,"latency":"0s","bodySize":2,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":706,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.863285357+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","statusCode":200,"latency":"0s","bodySize":19,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.863375274+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47972","method":"GET","path":"/v2/signed-repo/manifests/sha256:d487e355af9f14a682c56f1d75c8134d96a948c016c45957a20f65133a1666ea","statusCode":200,"latency":"0s","bodySize":582,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":335,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.864065773+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37064","method":"GET","path":"/v2/signed-repo/manifests/sha256:b0e48f1c0ce676ad9dec86db6f4cdad4e27a9f1fbbc326048127ccf2657a933a","statusCode":200,"latency":"0s","bodySize":728,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":706,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.867458536+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37064","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":200,"latency":"0s","bodySize":2070,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":706,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.868434456+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256:d487e355af9f14a682c56f1d75c8134d96a948c016c45957a20f65133a1666ea","statusCode":200,"latency":"0s","bodySize":582,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.86867208+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256:b0e48f1c0ce676ad9dec86db6f4cdad4e27a9f1fbbc326048127ccf2657a933a","statusCode":200,"latency":"0s","bodySize":728,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.873927491+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":200,"latency":"0s","bodySize":2070,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.874926104+02:00","message":"HTTP API"} +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.notary.signature +warning: layer sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525 has an unknown media type: application/jose+json +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.notary.signature +warning: layer sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525 has an unknown media type: application/jose+json +✔✔✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.906431135+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37064","method":"HEAD","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":706,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.907243081+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","artifactType":null,"goroutine":706,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:35.908281434+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.908706431+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37064","method":"GET","path":"/v2/signed-repo/referrers/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":885,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":706,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.909194708+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"HEAD","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.909849504+02:00","message":"HTTP API"} +{"level":"info","digest":"sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","artifactType":null,"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/routes.go:620","time":"2025-01-19T16:59:35.910870492+02:00","message":"getting manifest"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37064","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":706,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.911645978+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/referrers/sha256:a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6","statusCode":200,"latency":"0s","bodySize":885,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.911703783+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","statusCode":200,"latency":"0s","bodySize":14,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.912567009+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37064","method":"GET","path":"/v2/signed-repo/blobs/sha256:f8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","statusCode":200,"latency":"0s","bodySize":144,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":706,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.912582081+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/manifests/0.0.1","statusCode":200,"latency":"0s","bodySize":395,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.915293275+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37064","method":"GET","path":"/v2/signed-repo/blobs/sha256:f8dd1b8bfe7b444b49530ad5f70eb5356b20feadaebd0d834d473648255627c1","statusCode":200,"latency":"0s","bodySize":144,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":706,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.916302415+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/blobs/sha256:58f98639eaa1dfe0e16628375bbbd42593585800d93a79b96a970d7bd909caf9","statusCode":200,"latency":"0s","bodySize":14,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.916307494+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256:a9080e672cbce1eacbb367a3b2dff8953c3fe3655dafb9511d1f9cec7a6d458e","statusCode":200,"latency":"0s","bodySize":531,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.916746544+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":200,"latency":"0s","bodySize":2,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.917641712+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/blobs/sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","statusCode":200,"latency":"0s","bodySize":19,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.917715764+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37090","method":"GET","path":"/v2/signed-repo/manifests/sha256:a9080e672cbce1eacbb367a3b2dff8953c3fe3655dafb9511d1f9cec7a6d458e","statusCode":200,"latency":"0s","bodySize":531,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":459,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.919779773+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37090","method":"GET","path":"/v2/signed-repo/blobs/sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982","statusCode":200,"latency":"0s","bodySize":19,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":459,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.92072505+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/blobs/sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","statusCode":200,"latency":"0s","bodySize":2,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.920780326+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47990","method":"GET","path":"/v2/signed-repo/manifests/sha256:d487e355af9f14a682c56f1d75c8134d96a948c016c45957a20f65133a1666ea","statusCode":200,"latency":"0s","bodySize":582,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":522,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.921196691+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37090","method":"GET","path":"/v2/signed-repo/manifests/sha256:b0e48f1c0ce676ad9dec86db6f4cdad4e27a9f1fbbc326048127ccf2657a933a","statusCode":200,"latency":"0s","bodySize":728,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":459,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.923592331+02:00","message":"HTTP API"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","blob":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","goroutine":459,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1430","time":"2025-01-19T16:59:35.924896738+02:00","message":"failed to open blob"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","goroutine":459,"caller":"zotregistry.dev/zot/pkg/api/routes.go:1132","time":"2025-01-19T16:59:35.925131705+02:00","message":"unexpected error"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37090","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":500,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":459,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.925576195+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/manifests/sha256:d487e355af9f14a682c56f1d75c8134d96a948c016c45957a20f65133a1666ea","statusCode":200,"latency":"0s","bodySize":582,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:35.926323869+02:00","message":"HTTP API"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","blob":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","goroutine":744,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1430","time":"2025-01-19T16:59:37.927464342+02:00","message":"failed to open blob"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/routes.go:1132","time":"2025-01-19T16:59:37.927522634+02:00","message":"unexpected error"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":500,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:37.927575748+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/manifests/sha256:b0e48f1c0ce676ad9dec86db6f4cdad4e27a9f1fbbc326048127ccf2657a933a","statusCode":200,"latency":"0s","bodySize":728,"headers":{"Accept":["application/vnd.oci.image.index.v1+json","application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.oci.artifact.manifest.v1+json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:39.92783615+02:00","message":"HTTP API"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","blob":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","goroutine":744,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1430","time":"2025-01-19T16:59:43.926611196+02:00","message":"failed to open blob"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/routes.go:1132","time":"2025-01-19T16:59:43.926671067+02:00","message":"unexpected error"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":500,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:43.926722287+02:00","message":"HTTP API"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","blob":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","goroutine":744,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1430","time":"2025-01-19T16:59:47.926689876+02:00","message":"failed to open blob"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/routes.go:1132","time":"2025-01-19T16:59:47.926747961+02:00","message":"unexpected error"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":500,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:47.926802883+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/_catalog","statusCode":200,"latency":"0s","bodySize":58,"headers":{"Accept":["application/json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T16:59:54.299031196+02:00","message":"HTTP API"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","blob":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","goroutine":744,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1430","time":"2025-01-19T17:00:02.298949646+02:00","message":"failed to open blob"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/routes.go:1132","time":"2025-01-19T17:00:02.299008908+02:00","message":"unexpected error"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":500,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T17:00:02.299061097+02:00","message":"HTTP API"} +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","blob":"/tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","goroutine":744,"caller":"zotregistry.dev/zot/pkg/storage/imagestore/imagestore.go:1430","time":"2025-01-19T17:00:18.299027138+02:00","message":"failed to open blob"} +{"level":"error","error":"local: open /tmp/TestSignatures3782733330/001/signed-repo/blobs/sha256/44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525: permission denied","goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/routes.go:1132","time":"2025-01-19T17:00:18.299092948+02:00","message":"unexpected error"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/blobs/sha256:44d1dbbba42021b2391fa67b192067c78fa2627ea6cf8a92f842eb5e25d4f525","statusCode":500,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T17:00:18.299156725+02:00","message":"HTTP API"} +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.cncf.icecream +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +warning: config sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a has an unknown media type: application/vnd.oci.empty.v1+json +warning: layer sha256:6cddfc02f6bbe4608725969152ecf134cd27eeaaafb5e17363393ae802e62982 has an unknown media type: application/octet-stream +✔✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:47798","method":"GET","path":"/v2/signed-repo/manifests/sha256-a3482d8f76c5736e980a09b3ad9f3758ba7051d155073571fa913e94879b68d6.sig","statusCode":200,"latency":"0s","bodySize":558,"headers":{"Accept-Encoding":["gzip"],"User-Agent":["go-resty/1.12.0 (https://github.com/go-resty/resty)"]},"goroutine":131,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T17:00:18.338618582+02:00","message":"HTTP API"} +✔✔✔✔✔{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/zot-test/tags/list","statusCode":200,"latency":"0s","bodySize":36,"headers":{"Accept":["application/json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T17:00:36.674525029+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/signed-repo/tags/list","statusCode":200,"latency":"0s","bodySize":422,"headers":{"Accept":["application/json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T17:01:09.04656127+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/zot-cve-test/tags/list","statusCode":200,"latency":"0s","bodySize":40,"headers":{"Accept":["application/json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T17:01:41.421607687+02:00","message":"HTTP API"} +{"level":"info","module":"http","component":"session","clientIP":"127.0.0.1:37080","method":"GET","path":"/v2/_catalog","statusCode":200,"latency":"0s","bodySize":58,"headers":{"Accept":["application/json"],"Accept-Encoding":["gzip"],"User-Agent":["regclient/regclient (unknown)"]},"goroutine":744,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-19T17:02:13.798036541+02:00","message":"HTTP API"} +signal: interrupt +FAIL zotregistry.dev/zot/pkg/extensions/sync 176.285s diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 056a9bab7..c35d08b56 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -520,5 +520,4 @@ func (c *Controller) StartBackgroundTasks() { type SyncOnDemand interface { SyncImage(ctx context.Context, repo, reference string) error - SyncReference(ctx context.Context, repo string, subjectDigestStr string, referenceType string) error } diff --git a/pkg/api/routes.go b/pkg/api/routes.go index b92c42d56..4e8bc7ed2 100644 --- a/pkg/api/routes.go +++ b/pkg/api/routes.go @@ -41,7 +41,6 @@ import ( "zotregistry.dev/zot/pkg/debug/pprof" debug "zotregistry.dev/zot/pkg/debug/swagger" ext "zotregistry.dev/zot/pkg/extensions" - syncConstants "zotregistry.dev/zot/pkg/extensions/sync/constants" "zotregistry.dev/zot/pkg/log" "zotregistry.dev/zot/pkg/meta" mTypes "zotregistry.dev/zot/pkg/meta/types" @@ -569,8 +568,7 @@ func getReferrers(ctx context.Context, routeHandler *RouteHandler, routeHandler.c.Log.Info().Str("repository", name).Str("reference", digest.String()). Msg("referrers not found, trying to get reference by syncing on demand") - if errSync := routeHandler.c.SyncOnDemand.SyncReference(ctx, name, digest.String(), - syncConstants.OCI); errSync != nil { + if errSync := routeHandler.c.SyncOnDemand.SyncImage(ctx, name, digest.String()); errSync != nil { routeHandler.c.Log.Err(errSync).Str("repository", name).Str("reference", digest.String()). Msg("failed to sync OCI reference for image") } diff --git a/pkg/extensions/extension_sync.go b/pkg/extensions/extension_sync.go index 3e96902d3..b3b17da97 100644 --- a/pkg/extensions/extension_sync.go +++ b/pkg/extensions/extension_sync.go @@ -102,17 +102,15 @@ func getLocalIPs() ([]string, error) { return localIPs, nil } -func getIPFromHostName(host string) ([]string, error) { +func getIPFromHostName(host string) ([]net.IP, error) { addrs, err := net.LookupIP(host) if err != nil { - return []string{}, err + return []net.IP{}, err } - ips := make([]string, 0, len(addrs)) + ips := make([]net.IP, 0, len(addrs)) - for _, ip := range addrs { - ips = append(ips, ip.String()) - } + ips = append(ips, addrs...) return ips, nil } @@ -163,7 +161,8 @@ func removeSelfURLs(config *config.Config, registryConfig *syncconf.RegistryConf for _, localIP := range localIPs { // if ip resolved from hostname/dns is equal with any local ip for _, ip := range ips { - if net.JoinHostPort(ip, url.Port()) == net.JoinHostPort(localIP, port) { + if (ip.IsLoopback() && (url.Port() == port)) || + (net.JoinHostPort(ip.String(), url.Port()) == net.JoinHostPort(localIP, port)) { registryConfig.URLs = append(registryConfig.URLs[:idx], registryConfig.URLs[idx+1:]...) removed = true diff --git a/pkg/extensions/sync/constants/consts.go b/pkg/extensions/sync/constants/constants.go similarity index 100% rename from pkg/extensions/sync/constants/consts.go rename to pkg/extensions/sync/constants/constants.go diff --git a/pkg/extensions/sync/content_internal_test.go b/pkg/extensions/sync/content_test.go similarity index 99% rename from pkg/extensions/sync/content_internal_test.go rename to pkg/extensions/sync/content_test.go index 78b03b6c6..864c3f5dc 100644 --- a/pkg/extensions/sync/content_internal_test.go +++ b/pkg/extensions/sync/content_test.go @@ -1,7 +1,7 @@ //go:build sync // +build sync -package sync +package sync //nolint: testpackage import ( "testing" diff --git a/pkg/extensions/sync/destination.go b/pkg/extensions/sync/destination.go index b93eec625..4c7814f79 100644 --- a/pkg/extensions/sync/destination.go +++ b/pkg/extensions/sync/destination.go @@ -13,9 +13,9 @@ import ( "strings" "time" - "github.com/containers/image/v5/types" - "github.com/opencontainers/go-digest" + godigest "github.com/opencontainers/go-digest" ispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/regclient/regclient/types/ref" zerr "zotregistry.dev/zot/errors" "zotregistry.dev/zot/pkg/common" @@ -52,7 +52,8 @@ func NewDestinationRegistry( } } -func (registry *DestinationRegistry) CanSkipImage(repo, tag string, imageDigest digest.Digest) (bool, error) { +// Check if image is already synced. +func (registry *DestinationRegistry) CanSkipImage(repo, tag string, digest godigest.Digest) (bool, error) { // check image already synced imageStore := registry.storeController.GetImageStore(repo) @@ -68,10 +69,10 @@ func (registry *DestinationRegistry) CanSkipImage(repo, tag string, imageDigest return false, err } - if localImageManifestDigest != imageDigest { + if localImageManifestDigest != digest { registry.log.Info().Str("repo", repo).Str("reference", tag). Str("localDigest", localImageManifestDigest.String()). - Str("remoteDigest", imageDigest.String()). + Str("remoteDigest", digest.String()). Msg("remote image digest changed, syncing again") return false, nil @@ -80,116 +81,121 @@ func (registry *DestinationRegistry) CanSkipImage(repo, tag string, imageDigest return true, nil } -func (registry *DestinationRegistry) GetContext() *types.SystemContext { - return registry.tempStorage.GetContext() -} - -func (registry *DestinationRegistry) GetImageReference(repo, reference string) (types.ImageReference, error) { +func (registry *DestinationRegistry) GetImageReference(repo, reference string) (ref.Ref, error) { return registry.tempStorage.GetImageReference(repo, reference) } // finalize a syncing image. -func (registry *DestinationRegistry) CommitImage(imageReference types.ImageReference, repo, reference string) error { +func (registry *DestinationRegistry) CommitAll(repo string, imageReference ref.Ref) error { imageStore := registry.storeController.GetImageStore(repo) - tempImageStore := getImageStoreFromImageReference(imageReference, repo, reference, registry.log) + tempImageStore := getImageStoreFromImageReference(repo, imageReference, registry.log) defer os.RemoveAll(tempImageStore.RootDir()) - registry.log.Info().Str("syncTempDir", path.Join(tempImageStore.RootDir(), repo)).Str("reference", reference). + registry.log.Info().Str("syncTempDir", path.Join(tempImageStore.RootDir(), repo)).Str("repository", repo). Msg("pushing synced local image to local registry") var lockLatency time.Time - manifestBlob, manifestDigest, mediaType, err := tempImageStore.GetImageManifest(repo, reference) + index, err := storageCommon.GetIndex(tempImageStore, repo, registry.log) if err != nil { registry.log.Error().Str("errorType", common.TypeOf(err)). - Err(err).Str("dir", path.Join(tempImageStore.RootDir(), repo)).Str("repo", repo).Str("reference", reference). - Msg("couldn't find synced manifest in temporary sync dir") + Err(err).Str("dir", path.Join(tempImageStore.RootDir(), repo)).Str("repo", repo). + Msg("failed to get repo index from temp sync dir") return err } - // is image manifest - switch mediaType { - case ispec.MediaTypeImageManifest: - if err := registry.copyManifest(repo, manifestBlob, reference, tempImageStore); err != nil { - if errors.Is(err, zerr.ErrImageLintAnnotations) { - registry.log.Error().Str("errorType", common.TypeOf(err)). - Err(err).Msg("couldn't upload manifest because of missing annotations") + for _, desc := range index.Manifests { + reference := GetDescriptorReference(desc) - return nil - } + manifestBlob, manifestDigest, mediaType, err := tempImageStore.GetImageManifest(repo, reference) + if err != nil { + registry.log.Error().Str("errorType", common.TypeOf(err)). + Err(err).Str("dir", path.Join(tempImageStore.RootDir(), repo)).Str("repo", repo).Str("reference", reference). + Msg("failed to get manifest from temporary sync dir") return err } - case ispec.MediaTypeImageIndex: - // is image index - var indexManifest ispec.Index - if err := json.Unmarshal(manifestBlob, &indexManifest); err != nil { - registry.log.Error().Str("errorType", common.TypeOf(err)). - Err(err).Str("dir", path.Join(tempImageStore.RootDir(), repo)). - Msg("invalid JSON") + // is image manifest + switch mediaType { + case ispec.MediaTypeImageManifest: + if err := registry.copyManifest(repo, manifestBlob, reference, tempImageStore); err != nil { + if errors.Is(err, zerr.ErrImageLintAnnotations) { + registry.log.Error().Str("errorType", common.TypeOf(err)). + Err(err).Msg("failed to upload manifest because of missing annotations") - return err - } + return nil + } - for _, manifest := range indexManifest.Manifests { - tempImageStore.RLock(&lockLatency) - manifestBuf, err := tempImageStore.GetBlobContent(repo, manifest.Digest) - tempImageStore.RUnlock(&lockLatency) + return err + } + case ispec.MediaTypeImageIndex: + // is image index + var indexManifest ispec.Index - if err != nil { + if err := json.Unmarshal(manifestBlob, &indexManifest); err != nil { registry.log.Error().Str("errorType", common.TypeOf(err)). - Err(err).Str("dir", path.Join(tempImageStore.RootDir(), repo)).Str("digest", manifest.Digest.String()). - Msg("couldn't find manifest which is part of an image index") + Err(err).Str("dir", path.Join(tempImageStore.RootDir(), repo)). + Msg("invalid JSON") return err } - if err := registry.copyManifest(repo, manifestBuf, manifest.Digest.String(), - tempImageStore); err != nil { - if errors.Is(err, zerr.ErrImageLintAnnotations) { + for _, manifest := range indexManifest.Manifests { + tempImageStore.RLock(&lockLatency) + manifestBuf, err := tempImageStore.GetBlobContent(repo, manifest.Digest) + tempImageStore.RUnlock(&lockLatency) + + if err != nil { registry.log.Error().Str("errorType", common.TypeOf(err)). - Err(err).Msg("couldn't upload manifest because of missing annotations") + Err(err).Str("dir", path.Join(tempImageStore.RootDir(), repo)).Str("digest", manifest.Digest.String()). + Msg("failed find manifest which is part of an image index") - return nil + return err } - return err - } - } + if err := registry.copyManifest(repo, manifestBuf, manifest.Digest.String(), + tempImageStore); err != nil { + if errors.Is(err, zerr.ErrImageLintAnnotations) { + registry.log.Error().Str("errorType", common.TypeOf(err)). + Err(err).Msg("failed to upload manifest because of missing annotations") - _, _, err = imageStore.PutImageManifest(repo, reference, mediaType, manifestBlob) - if err != nil { - registry.log.Error().Str("errorType", common.TypeOf(err)).Str("repo", repo).Str("reference", reference). - Err(err).Msg("couldn't upload manifest") + return nil + } - return err - } + return err + } + } - if registry.metaDB != nil { - err = meta.SetImageMetaFromInput(context.Background(), repo, reference, mediaType, - manifestDigest, manifestBlob, imageStore, registry.metaDB, registry.log) + _, _, err = imageStore.PutImageManifest(repo, reference, mediaType, manifestBlob) if err != nil { - return fmt.Errorf("failed to set metadata for image '%s %s': %w", repo, reference, err) + registry.log.Error().Str("errorType", common.TypeOf(err)).Str("repo", repo).Str("reference", reference). + Err(err).Msg("failed to upload manifest") + + return err } - registry.log.Debug().Str("repo", repo).Str("reference", reference).Str("component", "metadb"). - Msg("successfully set metadata for image") + if registry.metaDB != nil { + err = meta.SetImageMetaFromInput(context.Background(), repo, reference, mediaType, + manifestDigest, manifestBlob, imageStore, registry.metaDB, registry.log) + if err != nil { + return fmt.Errorf("metaDB: failed to set metadata for image '%s %s': %w", repo, reference, err) + } + + registry.log.Debug().Str("repo", repo).Str("reference", reference). + Msg("metaDB: successfully set metadata for image") + } } } - registry.log.Info().Str("image", fmt.Sprintf("%s:%s", repo, reference)).Msg("successfully synced image") - return nil } -func (registry *DestinationRegistry) CleanupImage(imageReference types.ImageReference, repo, reference string) error { - tmpDir := getTempRootDirFromImageReference(imageReference, repo, reference) - - return os.RemoveAll(tmpDir) +func (registry *DestinationRegistry) CleanupImage(imageReference ref.Ref, repo string) error { + return os.RemoveAll(strings.TrimSuffix(imageReference.Path, repo)) } func (registry *DestinationRegistry) copyManifest(repo string, manifestContent []byte, reference string, @@ -251,7 +257,7 @@ func (registry *DestinationRegistry) copyManifest(repo string, manifestContent [ } // Copy a blob from one image store to another image store. -func (registry *DestinationRegistry) copyBlob(repo string, blobDigest digest.Digest, blobMediaType string, +func (registry *DestinationRegistry) copyBlob(repo string, blobDigest godigest.Digest, blobMediaType string, tempImageStore storageTypes.ImageStore, ) error { imageStore := registry.storeController.GetImageStore(repo) @@ -282,23 +288,10 @@ func (registry *DestinationRegistry) copyBlob(repo string, blobDigest digest.Dig } // use only with local imageReferences. -func getImageStoreFromImageReference(imageReference types.ImageReference, repo, reference string, log log.Logger, -) storageTypes.ImageStore { - tmpRootDir := getTempRootDirFromImageReference(imageReference, repo, reference) - - return getImageStore(tmpRootDir, log) -} - -func getTempRootDirFromImageReference(imageReference types.ImageReference, repo, reference string) string { - var tmpRootDir string - - if strings.HasSuffix(imageReference.StringWithinTransport(), reference) { - tmpRootDir = strings.ReplaceAll(imageReference.StringWithinTransport(), fmt.Sprintf("%s:%s", repo, reference), "") - } else { - tmpRootDir = strings.ReplaceAll(imageReference.StringWithinTransport(), repo+":", "") - } +func getImageStoreFromImageReference(repo string, imageReference ref.Ref, log log.Logger) storageTypes.ImageStore { + sessionRootDir := strings.TrimSuffix(imageReference.Path, repo) - return tmpRootDir + return getImageStore(sessionRootDir, log) } func getImageStore(rootDir string, log log.Logger) storageTypes.ImageStore { diff --git a/pkg/extensions/sync/features/features.go b/pkg/extensions/sync/features/features.go deleted file mode 100644 index 0dd88a479..000000000 --- a/pkg/extensions/sync/features/features.go +++ /dev/null @@ -1,53 +0,0 @@ -package features - -import ( - "sync" - "time" -) - -const defaultExpireMinutes = 10 - -type featureKey struct { - kind string - repo string -} - -type featureVal struct { - enabled bool - expire time.Time -} - -type Map struct { - store map[featureKey]*featureVal - expireAfter time.Duration - mu *sync.Mutex -} - -func New() *Map { - return &Map{ - store: make(map[featureKey]*featureVal), - expireAfter: defaultExpireMinutes * time.Minute, - mu: new(sync.Mutex), - } -} - -// returns if registry supports this feature and if ok. -func (f *Map) Get(kind, repo string) (bool, bool) { - f.mu.Lock() - defer f.mu.Unlock() - - if feature, ok := f.store[featureKey{kind, repo}]; ok { - if time.Now().Before(feature.expire) { - return feature.enabled, true - } - } - - // feature expired or not found - return false, false -} - -func (f *Map) Set(kind, repo string, enabled bool) { - f.mu.Lock() - f.store[featureKey{kind: kind, repo: repo}] = &featureVal{enabled: enabled, expire: time.Now().Add(f.expireAfter)} - f.mu.Unlock() -} diff --git a/pkg/extensions/sync/httpclient/cache.go b/pkg/extensions/sync/httpclient/cache.go deleted file mode 100644 index e0aa56dee..000000000 --- a/pkg/extensions/sync/httpclient/cache.go +++ /dev/null @@ -1,58 +0,0 @@ -package client - -import ( - "sync" -) - -// Key:Value store for bearer tokens, key is namespace, value is token. -// We are storing only pull scoped tokens, the http client is for pulling only. -type TokenCache struct { - entries sync.Map -} - -func NewTokenCache() *TokenCache { - return &TokenCache{ - entries: sync.Map{}, - } -} - -func (c *TokenCache) Set(namespace string, token *bearerToken) { - if c == nil || token == nil { - return - } - - defer c.prune() - - c.entries.Store(namespace, token) -} - -func (c *TokenCache) Get(namespace string) *bearerToken { - if c == nil { - return nil - } - - val, ok := c.entries.Load(namespace) - if !ok { - return nil - } - - bearerToken, ok := val.(*bearerToken) - if !ok { - return nil - } - - return bearerToken -} - -func (c *TokenCache) prune() { - c.entries.Range(func(key, val any) bool { - bearerToken, ok := val.(*bearerToken) - if ok { - if bearerToken.isExpired() { - c.entries.Delete(key) - } - } - - return true - }) -} diff --git a/pkg/extensions/sync/httpclient/client.go b/pkg/extensions/sync/httpclient/client.go deleted file mode 100644 index 4517a3621..000000000 --- a/pkg/extensions/sync/httpclient/client.go +++ /dev/null @@ -1,485 +0,0 @@ -package client - -import ( - "context" - "encoding/json" - "errors" - "io" - "net/http" - "net/url" - "path/filepath" - "strings" - "sync" - "time" - - zerr "zotregistry.dev/zot/errors" - "zotregistry.dev/zot/pkg/common" - "zotregistry.dev/zot/pkg/log" -) - -const ( - minimumTokenLifetimeSeconds = 60 // in seconds - pingTimeout = 5 * time.Second - // tokenBuffer is used to renew a token before it actually expires - // to account for the time to process requests on the server. - tokenBuffer = 5 * time.Second -) - -type authType int - -const ( - noneAuth authType = iota - basicAuth - tokenAuth -) - -type challengeParams struct { - realm string - service string - scope string - err string -} - -type bearerToken struct { - Token string `json:"token"` //nolint: tagliatelle - AccessToken string `json:"access_token"` //nolint: tagliatelle - ExpiresIn int `json:"expires_in"` //nolint: tagliatelle - IssuedAt time.Time `json:"issued_at"` //nolint: tagliatelle - expirationTime time.Time -} - -func (token *bearerToken) isExpired() bool { - // use tokenBuffer to expire it a bit earlier - return time.Now().After(token.expirationTime.Add(-1 * tokenBuffer)) -} - -type Config struct { - URL string - Username string - Password string - CertDir string - TLSVerify bool -} - -type Client struct { - config *Config - client *http.Client - url *url.URL - authType authType - cache *TokenCache - lock *sync.RWMutex - log log.Logger -} - -func New(config Config, log log.Logger) (*Client, error) { - client := &Client{log: log, lock: new(sync.RWMutex)} - - client.cache = NewTokenCache() - - if err := client.SetConfig(config); err != nil { - return nil, err - } - - return client, nil -} - -func (httpClient *Client) GetConfig() *Config { - httpClient.lock.RLock() - defer httpClient.lock.RUnlock() - - return httpClient.config -} - -func (httpClient *Client) GetHostname() string { - httpClient.lock.RLock() - defer httpClient.lock.RUnlock() - - return httpClient.url.Host -} - -func (httpClient *Client) GetBaseURL() string { - httpClient.lock.RLock() - defer httpClient.lock.RUnlock() - - return httpClient.url.String() -} - -func (httpClient *Client) SetConfig(config Config) error { - httpClient.lock.Lock() - defer httpClient.lock.Unlock() - - clientURL, err := url.Parse(config.URL) - if err != nil { - return err - } - - httpClient.url = clientURL - - // we want TLS enabled if the upstream registry URL is an HTTPS URL - tlsEnabled := clientURL.Scheme == "https" - - clientOpts := common.HTTPClientOptions{ - TLSEnabled: tlsEnabled, - VerifyTLS: config.TLSVerify, - Host: clientURL.Host, - } - - if config.CertDir != "" { - // only configure the default cert file names if the CertDir was specified. - clientOpts.CertOptions = common.HTTPClientCertOptions{ - // filepath is the recommended library to use for joining paths - // taking into account the underlying OS. - // ref: https://stackoverflow.com/a/39182128 - ClientCertFile: filepath.Join(config.CertDir, common.ClientCertFilename), - ClientKeyFile: filepath.Join(config.CertDir, common.ClientKeyFilename), - RootCaCertFile: filepath.Join(config.CertDir, common.CaCertFilename), - } - } - - client, err := common.CreateHTTPClient(&clientOpts) - if err != nil { - return err - } - - httpClient.client = client - httpClient.config = &config - - return nil -} - -func (httpClient *Client) Ping() bool { - httpClient.lock.Lock() - defer httpClient.lock.Unlock() - - pingURL := *httpClient.url - - pingURL = *pingURL.JoinPath("/v2/") - - // for the ping function we want to timeout fast - ctx, cancel := context.WithTimeout(context.Background(), pingTimeout) - defer cancel() - - //nolint: bodyclose - resp, _, err := httpClient.get(ctx, pingURL.String(), false) - if err != nil { - return false - } - - httpClient.getAuthType(resp) - - if resp.StatusCode >= http.StatusOK && resp.StatusCode <= http.StatusForbidden { - return true - } - - httpClient.log.Error().Str("url", pingURL.String()).Int("statusCode", resp.StatusCode). - Str("component", "sync").Msg("failed to ping registry") - - return false -} - -func (httpClient *Client) MakeGetRequest(ctx context.Context, resultPtr interface{}, mediaType string, rawQuery string, - route ...string, -) ([]byte, http.Header, int, error) { - httpClient.lock.RLock() - defer httpClient.lock.RUnlock() - - var namespace string - - url := *httpClient.url - for idx, path := range route { - url = *url.JoinPath(path) - - // we know that the second route argument is always the repo name. - // need it for caching tokens, it's not used in requests made to authz server. - if idx == 1 { - namespace = strings.Trim(path, "/") - } - } - - url.RawQuery = rawQuery - - //nolint: bodyclose,contextcheck - resp, body, err := httpClient.makeAndDoRequest(http.MethodGet, mediaType, namespace, url.String()) - if err != nil { - httpClient.log.Error().Err(err).Str("url", url.String()).Str("component", "sync"). - Str("errorType", common.TypeOf(err)). - Msg("failed to make request") - - return nil, nil, -1, err - } - - if resp.StatusCode != http.StatusOK { - return nil, nil, resp.StatusCode, errors.New(string(body)) //nolint:goerr113 - } - - // read blob - if len(body) > 0 { - err = json.Unmarshal(body, &resultPtr) - } - - return body, resp.Header, resp.StatusCode, err -} - -func (httpClient *Client) getAuthType(resp *http.Response) { - authHeader := resp.Header.Get("www-authenticate") - - authHeaderLower := strings.ToLower(authHeader) - - //nolint: gocritic - if strings.Contains(authHeaderLower, "bearer") { - httpClient.authType = tokenAuth - } else if strings.Contains(authHeaderLower, "basic") { - httpClient.authType = basicAuth - } else { - httpClient.authType = noneAuth - } -} - -func (httpClient *Client) setupAuth(req *http.Request, namespace string) error { - if httpClient.authType == tokenAuth { - token, err := httpClient.getToken(req.URL.String(), namespace) - if err != nil { - httpClient.log.Error().Err(err).Str("url", req.URL.String()).Str("component", "sync"). - Str("errorType", common.TypeOf(err)). - Msg("failed to get token from authorization realm") - - return err - } - - req.Header.Set("Authorization", "Bearer "+token.Token) - } else if httpClient.authType == basicAuth { - req.SetBasicAuth(httpClient.config.Username, httpClient.config.Password) - } - - return nil -} - -func (httpClient *Client) get(ctx context.Context, url string, setAuth bool) (*http.Response, []byte, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) //nolint - if err != nil { - return nil, nil, err - } - - if setAuth && httpClient.config.Username != "" && httpClient.config.Password != "" { - req.SetBasicAuth(httpClient.config.Username, httpClient.config.Password) - } - - return httpClient.doRequest(req) -} - -func (httpClient *Client) doRequest(req *http.Request) (*http.Response, []byte, error) { - resp, err := httpClient.client.Do(req) - if err != nil { - httpClient.log.Error().Err(err).Str("url", req.URL.String()).Str("component", "sync"). - Str("errorType", common.TypeOf(err)). - Msg("failed to make request") - - return nil, nil, err - } - - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - httpClient.log.Error().Err(err).Str("url", req.URL.String()). - Str("errorType", common.TypeOf(err)). - Msg("failed to read body") - - return nil, nil, err - } - - return resp, body, nil -} - -func (httpClient *Client) makeAndDoRequest(method, mediaType, namespace, urlStr string, -) (*http.Response, []byte, error) { - req, err := http.NewRequest(method, urlStr, nil) //nolint - if err != nil { - return nil, nil, err - } - - if err := httpClient.setupAuth(req, namespace); err != nil { - return nil, nil, err - } - - if mediaType != "" { - req.Header.Set("Accept", mediaType) - } - - resp, body, err := httpClient.doRequest(req) - if err != nil { - return nil, nil, err - } - - // let's retry one time if we get an insufficient_scope error - if ok, challengeParams := needsRetryWithUpdatedScope(err, resp); ok { - var tokenURL *url.URL - - var token *bearerToken - - tokenURL, err = getTokenURLFromChallengeParams(challengeParams, httpClient.config.Username) - if err != nil { - return nil, nil, err - } - - token, err = httpClient.getTokenFromURL(tokenURL.String(), namespace) - if err != nil { - return nil, nil, err - } - - req.Header.Set("Authorization", "Bearer "+token.Token) - - resp, body, err = httpClient.doRequest(req) - } - - return resp, body, err -} - -func (httpClient *Client) getTokenFromURL(urlStr, namespace string) (*bearerToken, error) { - //nolint: bodyclose - resp, body, err := httpClient.get(context.Background(), urlStr, true) - if err != nil { - return nil, err - } - - if resp.StatusCode != http.StatusOK { - return nil, zerr.ErrUnauthorizedAccess - } - - token, err := newBearerToken(body) - if err != nil { - return nil, err - } - - // cache it - httpClient.cache.Set(namespace, token) - - return token, nil -} - -// Gets bearer token from Authorization realm. -func (httpClient *Client) getToken(urlStr, namespace string) (*bearerToken, error) { - // first check cache - token := httpClient.cache.Get(namespace) - if token != nil && !token.isExpired() { - return token, nil - } - - //nolint: bodyclose - resp, _, err := httpClient.get(context.Background(), urlStr, false) - if err != nil { - return nil, err - } - - challengeParams, err := parseAuthHeader(resp) - if err != nil { - return nil, err - } - - tokenURL, err := getTokenURLFromChallengeParams(challengeParams, httpClient.config.Username) - if err != nil { - return nil, err - } - - return httpClient.getTokenFromURL(tokenURL.String(), namespace) -} - -func newBearerToken(blob []byte) (*bearerToken, error) { - token := new(bearerToken) - if err := json.Unmarshal(blob, &token); err != nil { - return nil, err - } - - if token.Token == "" { - token.Token = token.AccessToken - } - - if token.ExpiresIn < minimumTokenLifetimeSeconds { - token.ExpiresIn = minimumTokenLifetimeSeconds - } - - if token.IssuedAt.IsZero() { - token.IssuedAt = time.Now().UTC() - } - - token.expirationTime = token.IssuedAt.Add(time.Duration(token.ExpiresIn) * time.Second) - - return token, nil -} - -func getTokenURLFromChallengeParams(params challengeParams, account string) (*url.URL, error) { - parsedRealm, err := url.Parse(params.realm) - if err != nil { - return nil, err - } - - query := parsedRealm.Query() - query.Set("service", params.service) - query.Set("scope", params.scope) - - if account != "" { - query.Set("account", account) - } - - parsedRealm.RawQuery = query.Encode() - - return parsedRealm, nil -} - -func parseAuthHeader(resp *http.Response) (challengeParams, error) { - authHeader := resp.Header.Get("www-authenticate") - - authHeaderSlice := strings.Split(authHeader, ",") - - params := challengeParams{} - - for _, elem := range authHeaderSlice { - if strings.Contains(strings.ToLower(elem), "bearer") { - elem = strings.Split(elem, " ")[1] - } - - elem := strings.ReplaceAll(elem, "\"", "") - - elemSplit := strings.Split(elem, "=") - if len(elemSplit) != 2 { //nolint:mnd - return params, zerr.ErrParsingAuthHeader - } - - authKey := elemSplit[0] - - authValue := elemSplit[1] - - switch authKey { - case "realm": - params.realm = authValue - case "service": - params.service = authValue - case "scope": - params.scope = authValue - case "error": - params.err = authValue - } - } - - return params, nil -} - -// Checks if the auth headers in the response contain an indication of a failed -// authorization because of an "insufficient_scope" error. -func needsRetryWithUpdatedScope(err error, resp *http.Response) (bool, challengeParams) { - params := challengeParams{} - if err == nil && resp.StatusCode == http.StatusUnauthorized { - params, err = parseAuthHeader(resp) - if err != nil { - return false, params - } - - if params.err == "insufficient_scope" { - if params.scope != "" { - return true, params - } - } - } - - return false, params -} diff --git a/pkg/extensions/sync/httpclient/client_internal_test.go b/pkg/extensions/sync/httpclient/client_internal_test.go deleted file mode 100644 index 48ec04da5..000000000 --- a/pkg/extensions/sync/httpclient/client_internal_test.go +++ /dev/null @@ -1,167 +0,0 @@ -package client - -import ( - "net/http" - "net/http/httptest" - "testing" - "time" - - . "github.com/smartystreets/goconvey/convey" - - "zotregistry.dev/zot/pkg/log" -) - -func TestTokenCache(t *testing.T) { - Convey("Get/Set tokens", t, func() { - tokenCache := NewTokenCache() - token := &bearerToken{ - Token: "tokenA", - ExpiresIn: 3, - IssuedAt: time.Now(), - } - - token.expirationTime = token.IssuedAt.Add(time.Duration(token.ExpiresIn) * time.Second).Add(tokenBuffer) - - tokenCache.Set("repo", token) - cachedToken := tokenCache.Get("repo") - So(cachedToken.Token, ShouldEqual, token.Token) - - // add token which expires soon - token2 := &bearerToken{ - Token: "tokenB", - ExpiresIn: 1, - IssuedAt: time.Now(), - } - - token2.expirationTime = token2.IssuedAt.Add(time.Duration(token2.ExpiresIn) * time.Second).Add(tokenBuffer) - - tokenCache.Set("repo2", token2) - cachedToken = tokenCache.Get("repo2") - So(cachedToken.Token, ShouldEqual, token2.Token) - - time.Sleep(1 * time.Second) - - // token3 should be expired when adding a new one - token3 := &bearerToken{ - Token: "tokenC", - ExpiresIn: 3, - IssuedAt: time.Now(), - } - - token3.expirationTime = token3.IssuedAt.Add(time.Duration(token3.ExpiresIn) * time.Second).Add(tokenBuffer) - - tokenCache.Set("repo3", token3) - cachedToken = tokenCache.Get("repo3") - So(cachedToken.Token, ShouldEqual, token3.Token) - - // token2 should be expired - token = tokenCache.Get("repo2") - So(token, ShouldBeNil) - - time.Sleep(2 * time.Second) - - // the rest of them should also be expired - tokenCache.Set("repo4", &bearerToken{ - Token: "tokenD", - }) - - // token1 should be expired - token = tokenCache.Get("repo1") - So(token, ShouldBeNil) - }) - - Convey("Error paths", t, func() { - tokenCache := NewTokenCache() - token := tokenCache.Get("repo") - So(token, ShouldBeNil) - - tokenCache = nil - token = tokenCache.Get("repo") - So(token, ShouldBeNil) - - tokenCache = NewTokenCache() - tokenCache.Set("repo", nil) - token = tokenCache.Get("repo") - So(token, ShouldBeNil) - }) -} - -func TestNeedsRetryOnInsuficientScope(t *testing.T) { - resp := http.Response{ - Status: "401 Unauthorized", - StatusCode: http.StatusUnauthorized, - Proto: "HTTP/1.1", - ProtoMajor: 1, - ProtoMinor: 1, - Header: map[string][]string{ - "Content-Length": {"145"}, - "Content-Type": {"application/json"}, - "Date": {"Fri, 26 Aug 2022 08:03:13 GMT"}, - "X-Content-Type-Options": {"nosniff"}, - }, - Request: nil, - } - - Convey("Test client retries on insufficient scope", t, func() { - resp.Header["Www-Authenticate"] = []string{ - `Bearer realm="https://registry.suse.com/auth",service="SUSE Linux Docker Registry"` + - `,scope="registry:catalog:*",error="insufficient_scope"`, - } - - expectedScope := "registry:catalog:*" - expectedRealm := "https://registry.suse.com/auth" - expectedService := "SUSE Linux Docker Registry" - - needsRetry, params := needsRetryWithUpdatedScope(nil, &resp) - - So(needsRetry, ShouldBeTrue) - So(params.scope, ShouldEqual, expectedScope) - So(params.realm, ShouldEqual, expectedRealm) - So(params.service, ShouldEqual, expectedService) - }) - - Convey("Test client fails on insufficient scope", t, func() { - resp.Header["Www-Authenticate"] = []string{ - `Bearer realm="https://registry.suse.com/auth=error"`, - } - - needsRetry, _ := needsRetryWithUpdatedScope(nil, &resp) - So(needsRetry, ShouldBeFalse) - }) -} - -func TestClient(t *testing.T) { - Convey("Test client", t, func() { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusInternalServerError) - })) - defer server.Close() - - client, err := New(Config{ - URL: server.URL, - TLSVerify: false, - }, log.NewLogger("", "")) - So(err, ShouldBeNil) - - Convey("Test Ping() fails", func() { - ok := client.Ping() - So(ok, ShouldBeFalse) - }) - - Convey("Test makeAndDoRequest() fails", func() { - client.authType = tokenAuth - //nolint: bodyclose - _, _, err := client.makeAndDoRequest(http.MethodGet, "application/json", "catalog", server.URL) - So(err, ShouldNotBeNil) - }) - - Convey("Test setupAuth() fails", func() { - request, err := http.NewRequest(http.MethodGet, server.URL, nil) //nolint: noctx - So(err, ShouldBeNil) - - client.authType = tokenAuth - err = client.setupAuth(request, "catalog") - So(err, ShouldNotBeNil) - }) - }) -} diff --git a/pkg/extensions/sync/oci_layout.go b/pkg/extensions/sync/oci_layout.go index c44a955c5..0e4850b36 100644 --- a/pkg/extensions/sync/oci_layout.go +++ b/pkg/extensions/sync/oci_layout.go @@ -5,71 +5,59 @@ package sync import ( "fmt" - "os" "path" - "github.com/containers/image/v5/oci/layout" - "github.com/containers/image/v5/types" "github.com/gofrs/uuid" + "github.com/regclient/regclient/types/ref" zerr "zotregistry.dev/zot/errors" "zotregistry.dev/zot/pkg/extensions/sync/constants" "zotregistry.dev/zot/pkg/storage" - storageConstants "zotregistry.dev/zot/pkg/storage/constants" "zotregistry.dev/zot/pkg/test/inject" ) type OciLayoutStorageImpl struct { storeController storage.StoreController - context *types.SystemContext } func NewOciLayoutStorage(storeController storage.StoreController) OciLayoutStorage { - context := &types.SystemContext{} - // preserve compression - context.OCIAcceptUncompressedLayers = true - return OciLayoutStorageImpl{ storeController: storeController, - context: context, } } -func (oci OciLayoutStorageImpl) GetContext() *types.SystemContext { - return oci.context -} - -func (oci OciLayoutStorageImpl) GetImageReference(repo string, reference string) (types.ImageReference, error) { +func (oci OciLayoutStorageImpl) GetImageReference(repo string, reference string) (ref.Ref, error) { localImageStore := oci.storeController.GetImageStore(repo) if localImageStore == nil { - return nil, zerr.ErrLocalImgStoreNotFound + return ref.Ref{}, zerr.ErrLocalImgStoreNotFound } + tempSyncPath := path.Join(localImageStore.RootDir(), repo, constants.SyncBlobUploadDir) // create session folder uuid, err := uuid.NewV4() // hard to reach test case, injected error, see pkg/test/dev.go if err := inject.Error(err); err != nil { - return nil, err + return ref.Ref{}, err } sessionRepoPath := path.Join(tempSyncPath, uuid.String()) - localRepo := path.Join(sessionRepoPath, repo) - if err := os.MkdirAll(localRepo, storageConstants.DefaultDirPerms); err != nil { - return nil, err - } + sessionRepo := path.Join(sessionRepoPath, repo) - _, refIsDigest := parseReference(reference) + var imageRefPath string - if !refIsDigest { - localRepo = fmt.Sprintf("%s:%s", localRepo, reference) + digest, ok := parseReference(reference) + if ok { + imageRefPath = fmt.Sprintf("ocidir://%s@%s", sessionRepo, digest.String()) + } else { + imageRefPath = fmt.Sprintf("ocidir://%s:%s", sessionRepo, reference) //nolint: nosprintfhostport } - localImageRef, err := layout.ParseReference(localRepo) + imageReference, err := ref.New(imageRefPath) if err != nil { - return nil, err + return ref.Ref{}, err } - return localImageRef, nil + return imageReference, nil } diff --git a/pkg/extensions/sync/on_demand.go b/pkg/extensions/sync/on_demand.go index 02ef21be4..da9241954 100644 --- a/pkg/extensions/sync/on_demand.go +++ b/pkg/extensions/sync/on_demand.go @@ -7,9 +7,6 @@ import ( "context" "errors" "sync" - "time" - - "github.com/containers/common/pkg/retry" zerr "zotregistry.dev/zot/errors" "zotregistry.dev/zot/pkg/common" @@ -83,49 +80,16 @@ func (onDemand *BaseOnDemand) SyncImage(ctx context.Context, repo, reference str return err } -func (onDemand *BaseOnDemand) SyncReference(ctx context.Context, repo string, - subjectDigestStr string, referenceType string, -) error { - var err error - - for _, service := range onDemand.services { - err = service.SetNextAvailableURL() - if err != nil { - return err - } - - err = service.SyncReference(ctx, repo, subjectDigestStr, referenceType) - if err != nil { - continue - } else { - return nil - } - } - - return err -} - func (onDemand *BaseOnDemand) syncImage(ctx context.Context, repo, reference string, syncResult chan error) { var err error for serviceID, service := range onDemand.services { - err = service.SetNextAvailableURL() - - isPingErr := errors.Is(err, zerr.ErrSyncPingRegistry) - if err != nil && !isPingErr { - syncResult <- err - - return - } - - // no need to try to sync inline if there is a ping error, we want to retry in background - if !isPingErr { - err = service.SyncImage(ctx, repo, reference) - } - - if err != nil || isPingErr { + err = service.SyncImage(ctx, repo, reference) + if err != nil { if errors.Is(err, zerr.ErrManifestNotFound) || errors.Is(err, zerr.ErrSyncImageFilteredOut) || - errors.Is(err, zerr.ErrSyncImageNotSigned) { + errors.Is(err, zerr.ErrSyncImageNotSigned) || + // some public registries may return 401 for not found. + errors.Is(err, zerr.ErrUnauthorizedAccess) { continue } @@ -141,34 +105,24 @@ func (onDemand *BaseOnDemand) syncImage(ctx context.Context, repo, reference str continue } - retryOptions := service.GetRetryOptions() - - if retryOptions.MaxRetry > 0 { - // retry in background - go func(service Service) { - // remove image after syncing - defer func() { - onDemand.requestStore.Delete(req) - onDemand.log.Info().Str("repo", repo).Str("reference", reference). - Msg("sync routine for image exited") - }() - - onDemand.log.Info().Str("repo", repo).Str(reference, "reference").Str("err", err.Error()). - Str("component", "sync").Msg("starting routine to copy image, because of error") - - time.Sleep(retryOptions.Delay) - - // retrying in background, can't use the same context which should be cancelled by now. - if err = retry.RetryIfNecessary(context.Background(), func() error { - err := service.SyncImage(context.Background(), repo, reference) - - return err - }, retryOptions); err != nil { - onDemand.log.Error().Str("errorType", common.TypeOf(err)).Str("repo", repo).Str("reference", reference). - Err(err).Str("component", "sync").Msg("failed to copy image") - } - }(service) - } + // retry in background + go func(service Service) { + // remove image after syncing + defer func() { + onDemand.requestStore.Delete(req) + onDemand.log.Info().Str("repo", repo).Str("reference", reference). + Msg("sync routine for image exited") + }() + + onDemand.log.Info().Str("repo", repo).Str(reference, "reference").Str("err", err.Error()). + Msg("sync routine: starting routine to copy image, because of error") + + err := service.SyncImage(context.Background(), repo, reference) + if err != nil { + onDemand.log.Error().Str("errorType", common.TypeOf(err)).Str("repo", repo).Str("reference", reference). + Err(err).Msg("sync routine: error while copying image") + } + }(service) } else { break } diff --git a/pkg/extensions/sync/references/cosign.go b/pkg/extensions/sync/references/cosign.go deleted file mode 100644 index 160b8247c..000000000 --- a/pkg/extensions/sync/references/cosign.go +++ /dev/null @@ -1,219 +0,0 @@ -//go:build sync -// +build sync - -package references - -import ( - "context" - "errors" - "fmt" - "net/http" - "strings" - - godigest "github.com/opencontainers/go-digest" - ispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/sigstore/cosign/v2/pkg/oci/remote" - - zerr "zotregistry.dev/zot/errors" - "zotregistry.dev/zot/pkg/common" - "zotregistry.dev/zot/pkg/extensions/sync/constants" - client "zotregistry.dev/zot/pkg/extensions/sync/httpclient" - "zotregistry.dev/zot/pkg/log" - "zotregistry.dev/zot/pkg/meta" - mTypes "zotregistry.dev/zot/pkg/meta/types" - "zotregistry.dev/zot/pkg/storage" -) - -type CosignReference struct { - client *client.Client - storeController storage.StoreController - metaDB mTypes.MetaDB - log log.Logger -} - -func NewCosignReference(httpClient *client.Client, storeController storage.StoreController, - metaDB mTypes.MetaDB, log log.Logger, -) CosignReference { - return CosignReference{ - client: httpClient, - storeController: storeController, - metaDB: metaDB, - log: log, - } -} - -func (ref CosignReference) Name() string { - return constants.Cosign -} - -func (ref CosignReference) IsSigned(ctx context.Context, upstreamRepo, subjectDigestStr string) bool { - cosignSignatureTag := getCosignSignatureTagFromSubjectDigest(subjectDigestStr) - _, _, err := ref.getManifest(ctx, upstreamRepo, cosignSignatureTag) - - return err == nil -} - -func (ref CosignReference) canSkipReferences(localRepo, digest string, manifest *ispec.Manifest) ( - bool, error, -) { - if manifest == nil { - return true, nil - } - - imageStore := ref.storeController.GetImageStore(localRepo) - - // check cosign signature already synced - _, localDigest, _, err := imageStore.GetImageManifest(localRepo, digest) - if err != nil { - if errors.Is(err, zerr.ErrManifestNotFound) { - return false, nil - } - - ref.log.Error().Str("errorType", common.TypeOf(err)).Err(err). - Str("repository", localRepo).Str("reference", digest). - Msg("couldn't get local cosign manifest") - - return false, err - } - - if localDigest.String() != digest { - return false, nil - } - - ref.log.Info().Str("repository", localRepo).Str("reference", digest). - Msg("skipping syncing cosign reference, already synced") - - return true, nil -} - -func (ref CosignReference) SyncReferences(ctx context.Context, localRepo, remoteRepo, subjectDigestStr string) ( - []godigest.Digest, error, -) { - cosignTags := getCosignTagsFromSubjectDigest(subjectDigestStr) - - refsDigests := make([]godigest.Digest, 0, len(cosignTags)) - - for _, cosignTag := range cosignTags { - manifest, manifestBuf, err := ref.getManifest(ctx, remoteRepo, cosignTag) - if err != nil { - if errors.Is(err, zerr.ErrSyncReferrerNotFound) { - continue - } - - return refsDigests, err - } - - digest := godigest.FromBytes(manifestBuf) - - skip, err := ref.canSkipReferences(localRepo, digest.String(), manifest) - if err != nil { - ref.log.Error().Err(err).Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("couldn't check if the remote image cosign reference can be skipped") - } - - if skip { - refsDigests = append(refsDigests, digest) - - continue - } - - imageStore := ref.storeController.GetImageStore(localRepo) - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("syncing cosign reference for image") - - for _, blob := range manifest.Layers { - if err := syncBlob(ctx, ref.client, imageStore, localRepo, remoteRepo, blob.Digest, ref.log); err != nil { - return refsDigests, err - } - } - - // sync config blob - if err := syncBlob(ctx, ref.client, imageStore, localRepo, remoteRepo, manifest.Config.Digest, ref.log); err != nil { - return refsDigests, err - } - - // push manifest - referenceDigest, _, err := imageStore.PutImageManifest(localRepo, cosignTag, - ispec.MediaTypeImageManifest, manifestBuf) - if err != nil { - ref.log.Error().Str("errorType", common.TypeOf(err)). - Str("repository", localRepo).Str("subject", subjectDigestStr). - Err(err).Msg("couldn't upload cosign reference manifest for image") - - return refsDigests, err - } - - refsDigests = append(refsDigests, digest) - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("successfully synced cosign reference for image") - - if ref.metaDB != nil { - ref.log.Debug().Str("repository", localRepo).Str("subject", subjectDigestStr).Str("component", "metadb"). - Msg("trying to sync cosign reference for image") - - err = meta.SetImageMetaFromInput(ctx, localRepo, cosignTag, ispec.MediaTypeImageManifest, - referenceDigest, manifestBuf, ref.storeController.GetImageStore(localRepo), - ref.metaDB, ref.log) - if err != nil { - return refsDigests, fmt.Errorf("failed to set metadata for cosign reference in '%s@%s': %w", - localRepo, subjectDigestStr, err) - } - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr).Str("component", "metadb"). - Msg("successfully added cosign reference for image") - } - } - - return refsDigests, nil -} - -func (ref CosignReference) getManifest(ctx context.Context, repo, cosignTag string) (*ispec.Manifest, []byte, error) { - var cosignManifest ispec.Manifest - - body, _, statusCode, err := ref.client.MakeGetRequest(ctx, &cosignManifest, ispec.MediaTypeImageManifest, "", - "v2", repo, "manifests", cosignTag) - if err != nil { - if statusCode == http.StatusNotFound { - ref.log.Debug().Str("errorType", common.TypeOf(err)). - Str("repository", repo).Str("tag", cosignTag). - Err(err).Msg("couldn't find any cosign manifest for image") - - return nil, nil, zerr.ErrSyncReferrerNotFound - } - - return nil, nil, err - } - - return &cosignManifest, body, nil -} - -func getCosignSignatureTagFromSubjectDigest(digestStr string) string { - return strings.Replace(digestStr, ":", "-", 1) + "." + remote.SignatureTagSuffix -} - -func getCosignSBOMTagFromSubjectDigest(digestStr string) string { - return strings.Replace(digestStr, ":", "-", 1) + "." + remote.SBOMTagSuffix -} - -func getCosignTagsFromSubjectDigest(digestStr string) []string { - var cosignTags []string - - // signature tag - cosignTags = append(cosignTags, getCosignSignatureTagFromSubjectDigest(digestStr)) - // sbom tag - cosignTags = append(cosignTags, getCosignSBOMTagFromSubjectDigest(digestStr)) - - return cosignTags -} - -// this function will check if tag is a cosign tag (signature or sbom). -func IsCosignTag(tag string) bool { - if strings.HasPrefix(tag, "sha256-") && - (strings.HasSuffix(tag, remote.SignatureTagSuffix) || strings.HasSuffix(tag, remote.SBOMTagSuffix)) { - return true - } - - return false -} diff --git a/pkg/extensions/sync/references/oci.go b/pkg/extensions/sync/references/oci.go deleted file mode 100644 index fc391abd7..000000000 --- a/pkg/extensions/sync/references/oci.go +++ /dev/null @@ -1,237 +0,0 @@ -//go:build sync -// +build sync - -package references - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "net/http" - - godigest "github.com/opencontainers/go-digest" - ispec "github.com/opencontainers/image-spec/specs-go/v1" - - zerr "zotregistry.dev/zot/errors" - "zotregistry.dev/zot/pkg/common" - "zotregistry.dev/zot/pkg/extensions/sync/constants" - client "zotregistry.dev/zot/pkg/extensions/sync/httpclient" - "zotregistry.dev/zot/pkg/log" - "zotregistry.dev/zot/pkg/meta" - mTypes "zotregistry.dev/zot/pkg/meta/types" - "zotregistry.dev/zot/pkg/storage" - storageTypes "zotregistry.dev/zot/pkg/storage/types" -) - -type OciReferences struct { - client *client.Client - storeController storage.StoreController - metaDB mTypes.MetaDB - log log.Logger -} - -func NewOciReferences(httpClient *client.Client, storeController storage.StoreController, - metaDB mTypes.MetaDB, log log.Logger, -) OciReferences { - return OciReferences{ - client: httpClient, - storeController: storeController, - metaDB: metaDB, - log: log, - } -} - -func (ref OciReferences) Name() string { - return constants.OCI -} - -func (ref OciReferences) IsSigned(ctx context.Context, remoteRepo, subjectDigestStr string) bool { - // use artifactTypeFilter - index, err := ref.getIndex(ctx, remoteRepo, subjectDigestStr) - if err != nil { - return false - } - - if len(getNotationManifestsFromOCIRefs(index)) > 0 || len(getCosignManifestsFromOCIRefs(index)) > 0 { - return true - } - - return false -} - -func (ref OciReferences) canSkipReferences(localRepo, subjectDigestStr string, index ispec.Index) (bool, error) { - imageStore := ref.storeController.GetImageStore(localRepo) - digest := godigest.Digest(subjectDigestStr) - - // check oci references already synced - if len(index.Manifests) > 0 { - localRefs, err := imageStore.GetReferrers(localRepo, digest, nil) - if err != nil { - if errors.Is(err, zerr.ErrManifestNotFound) { - return false, nil - } - - ref.log.Error().Str("errorType", common.TypeOf(err)). - Str("repository", localRepo).Str("subject", subjectDigestStr). - Err(err).Msg("couldn't get local oci references for image") - - return false, err - } - - if !descriptorsEqual(localRefs.Manifests, index.Manifests) { - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("remote oci references for image changed, syncing again") - - return false, nil - } - } - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("skipping oci references for image, already synced") - - return true, nil -} - -func (ref OciReferences) SyncReferences(ctx context.Context, localRepo, remoteRepo, subjectDigestStr string) ( - []godigest.Digest, error, -) { - refsDigests := make([]godigest.Digest, 0, 10) - - index, err := ref.getIndex(ctx, remoteRepo, subjectDigestStr) - if err != nil { - return refsDigests, err - } - - skipOCIRefs, err := ref.canSkipReferences(localRepo, subjectDigestStr, index) - if err != nil { - ref.log.Error().Err(err).Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("couldn't check if the upstream oci references for image can be skipped") - } - - if skipOCIRefs { - /* even if it's skip we need to return the digests, - because maybe in the meantime a reference pointing to this one was pushed */ - for _, man := range index.Manifests { - refsDigests = append(refsDigests, man.Digest) - } - - return refsDigests, nil - } - - imageStore := ref.storeController.GetImageStore(localRepo) - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("syncing oci references for image") - - for _, referrer := range index.Manifests { - referenceBuf, referenceDigest, err := syncManifest(ctx, ref.client, imageStore, localRepo, remoteRepo, - referrer, subjectDigestStr, ref.log) - if err != nil { - return refsDigests, err - } - - refsDigests = append(refsDigests, referenceDigest) - - if ref.metaDB != nil { - ref.log.Debug().Str("repository", localRepo).Str("subject", subjectDigestStr).Str("component", "metadb"). - Msg("trying to add oci references for image") - - err = meta.SetImageMetaFromInput(ctx, localRepo, referenceDigest.String(), referrer.MediaType, - referenceDigest, referenceBuf, ref.storeController.GetImageStore(localRepo), - ref.metaDB, ref.log) - if err != nil { - return refsDigests, fmt.Errorf("failed to set metadata for oci reference in '%s@%s': %w", - localRepo, subjectDigestStr, err) - } - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr).Str("component", "metadb"). - Msg("successfully added oci references to MetaDB for image") - } - } - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("successfully synced oci references for image") - - return refsDigests, nil -} - -func (ref OciReferences) getIndex(ctx context.Context, repo, subjectDigestStr string) (ispec.Index, error) { - var index ispec.Index - - _, _, statusCode, err := ref.client.MakeGetRequest(ctx, &index, ispec.MediaTypeImageIndex, "", - "v2", repo, "referrers", subjectDigestStr) - if err != nil { - if statusCode == http.StatusNotFound { - ref.log.Debug().Str("repository", repo).Str("subject", subjectDigestStr). - Msg("couldn't find any oci reference for image, skipping") - - return index, zerr.ErrSyncReferrerNotFound - } - - return index, err - } - - return index, nil -} - -func syncManifest(ctx context.Context, client *client.Client, imageStore storageTypes.ImageStore, localRepo, - remoteRepo string, desc ispec.Descriptor, subjectDigestStr string, log log.Logger, -) ([]byte, godigest.Digest, error) { - var manifest ispec.Manifest - - var refDigest godigest.Digest - - OCIRefBuf, _, statusCode, err := client.MakeGetRequest(ctx, &manifest, ispec.MediaTypeImageManifest, "", - "v2", remoteRepo, "manifests", desc.Digest.String()) - if err != nil { - if statusCode == http.StatusNotFound { - return []byte{}, refDigest, zerr.ErrSyncReferrerNotFound - } - - log.Error().Str("errorType", common.TypeOf(err)). - Str("repository", localRepo).Str("subject", subjectDigestStr). - Err(err).Msg("couldn't get oci reference manifest for image") - - return []byte{}, refDigest, err - } - - if desc.MediaType == ispec.MediaTypeImageManifest { - // read manifest - var manifest ispec.Manifest - - err = json.Unmarshal(OCIRefBuf, &manifest) - if err != nil { - log.Error().Str("errorType", common.TypeOf(err)). - Str("repository", localRepo).Str("subject", subjectDigestStr). - Err(err).Msg("couldn't unmarshal oci reference manifest for image") - - return []byte{}, refDigest, err - } - - for _, layer := range manifest.Layers { - if err := syncBlob(ctx, client, imageStore, localRepo, remoteRepo, layer.Digest, log); err != nil { - return []byte{}, refDigest, err - } - } - - // sync config blob - if err := syncBlob(ctx, client, imageStore, localRepo, remoteRepo, manifest.Config.Digest, log); err != nil { - return []byte{}, refDigest, err - } - } else { - return []byte{}, refDigest, nil - } - - refDigest, _, err = imageStore.PutImageManifest(localRepo, desc.Digest.String(), - desc.MediaType, OCIRefBuf) - if err != nil { - log.Error().Str("errorType", common.TypeOf(err)). - Str("repository", localRepo).Str("subject", subjectDigestStr). - Err(err).Msg("couldn't upload oci reference for image") - - return []byte{}, refDigest, err - } - - return OCIRefBuf, refDigest, nil -} diff --git a/pkg/extensions/sync/references/references.go b/pkg/extensions/sync/references/references.go deleted file mode 100644 index 17efc21af..000000000 --- a/pkg/extensions/sync/references/references.go +++ /dev/null @@ -1,234 +0,0 @@ -//go:build sync -// +build sync - -package references - -import ( - "bytes" - "context" - "errors" - "fmt" - "net/http" - - godigest "github.com/opencontainers/go-digest" - ispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/sigstore/cosign/v2/pkg/oci/static" - - zerr "zotregistry.dev/zot/errors" - "zotregistry.dev/zot/pkg/common" - "zotregistry.dev/zot/pkg/extensions/sync/constants" - "zotregistry.dev/zot/pkg/extensions/sync/features" - client "zotregistry.dev/zot/pkg/extensions/sync/httpclient" - "zotregistry.dev/zot/pkg/log" - mTypes "zotregistry.dev/zot/pkg/meta/types" - "zotregistry.dev/zot/pkg/storage" - storageTypes "zotregistry.dev/zot/pkg/storage/types" -) - -type Reference interface { - // Returns name of reference (OCIReference/CosignReference) - Name() string - // Returns whether or not image is signed - IsSigned(ctx context.Context, upstreamRepo, subjectDigestStr string) bool - // Sync recursively all references for a subject digest (can be image/artifacts/signatures) - SyncReferences(ctx context.Context, localRepo, upstreamRepo, subjectDigestStr string) ([]godigest.Digest, error) -} - -type References struct { - referenceList []Reference - features *features.Map - log log.Logger -} - -func NewReferences(httpClient *client.Client, storeController storage.StoreController, - metaDB mTypes.MetaDB, log log.Logger, -) References { - refs := References{features: features.New(), log: log} - - refs.referenceList = append(refs.referenceList, NewCosignReference(httpClient, storeController, metaDB, log)) - refs.referenceList = append(refs.referenceList, NewTagReferences(httpClient, storeController, metaDB, log)) - refs.referenceList = append(refs.referenceList, NewOciReferences(httpClient, storeController, metaDB, log)) - - return refs -} - -func (refs References) IsSigned(ctx context.Context, upstreamRepo, subjectDigestStr string) bool { - for _, ref := range refs.referenceList { - ok := ref.IsSigned(ctx, upstreamRepo, subjectDigestStr) - if ok { - return true - } - } - - return false -} - -func (refs References) SyncAll(ctx context.Context, localRepo, upstreamRepo, subjectDigestStr string) error { - seen := &[]godigest.Digest{} - - return refs.syncAll(ctx, localRepo, upstreamRepo, subjectDigestStr, seen) -} - -func (refs References) syncAll(ctx context.Context, localRepo, upstreamRepo, - subjectDigestStr string, seen *[]godigest.Digest, -) error { - var err error - - var syncedRefsDigests []godigest.Digest - - // mark subject digest as seen as soon as it comes in - *seen = append(*seen, godigest.Digest(subjectDigestStr)) - - // for each reference type(cosign/oci reference) - for _, ref := range refs.referenceList { - supported, ok := refs.features.Get(ref.Name(), upstreamRepo) - if !supported && ok { - continue - } - - syncedRefsDigests, err = ref.SyncReferences(ctx, localRepo, upstreamRepo, subjectDigestStr) - if err != nil { - // for all referrers we can stop querying same repo (for ten minutes) if the errors are different than 404 - if !errors.Is(err, zerr.ErrSyncReferrerNotFound) { - refs.features.Set(ref.Name(), upstreamRepo, false) - } - - // in the case of oci referrers, it will return 404 only if the repo is not found or refferers API is not supported - // no need to continue to make requests to the same repo - if ref.Name() == constants.OCI && errors.Is(err, zerr.ErrSyncReferrerNotFound) { - refs.features.Set(ref.Name(), upstreamRepo, false) - } - - refs.log.Debug().Err(err). - Str("reference type", ref.Name()). - Str("image", fmt.Sprintf("%s:%s", upstreamRepo, subjectDigestStr)). - Msg("couldn't sync image referrer") - } else { - refs.features.Set(ref.Name(), upstreamRepo, true) - } - - // for each synced references - for _, refDigest := range syncedRefsDigests { - if !common.Contains(*seen, refDigest) { - // sync all references pointing to this one - err = refs.syncAll(ctx, localRepo, upstreamRepo, refDigest.String(), seen) - } - } - } - - return err -} - -func (refs References) SyncReference(ctx context.Context, localRepo, upstreamRepo, - subjectDigestStr, referenceType string, -) error { - var err error - - var syncedRefsDigests []godigest.Digest - - for _, ref := range refs.referenceList { - if ref.Name() == referenceType { - syncedRefsDigests, err = ref.SyncReferences(ctx, localRepo, upstreamRepo, subjectDigestStr) - if err != nil { - refs.log.Debug().Err(err). - Str("reference type", ref.Name()). - Str("image", fmt.Sprintf("%s:%s", upstreamRepo, subjectDigestStr)). - Msg("couldn't sync image referrer") - - return err - } - - for _, refDigest := range syncedRefsDigests { - err = refs.SyncAll(ctx, localRepo, upstreamRepo, refDigest.String()) - } - } - } - - return err -} - -func syncBlob(ctx context.Context, client *client.Client, imageStore storageTypes.ImageStore, - localRepo, remoteRepo string, digest godigest.Digest, log log.Logger, -) error { - var resultPtr interface{} - - body, _, statusCode, err := client.MakeGetRequest(ctx, resultPtr, "", "", "v2", remoteRepo, "blobs", digest.String()) - if err != nil { - if statusCode != http.StatusOK { - log.Info().Str("repo", remoteRepo).Str("digest", digest.String()).Msg("couldn't get remote blob") - - return err - } - } - - _, _, err = imageStore.FullBlobUpload(localRepo, bytes.NewBuffer(body), digest) - if err != nil { - log.Error().Str("errorType", common.TypeOf(err)).Str("digest", digest.String()).Str("repo", localRepo). - Err(err).Msg("couldn't upload blob") - - return err - } - - return nil -} - -func manifestsEqual(manifest1, manifest2 ispec.Manifest) bool { - if manifest1.Config.Digest == manifest2.Config.Digest && - manifest1.Config.MediaType == manifest2.Config.MediaType && - manifest1.Config.Size == manifest2.Config.Size { - if descriptorsEqual(manifest1.Layers, manifest2.Layers) { - return true - } - } - - return false -} - -func descriptorsEqual(desc1, desc2 []ispec.Descriptor) bool { - if len(desc1) != len(desc2) { - return false - } - - for id, desc := range desc1 { - if !descriptorEqual(desc, desc2[id]) { - return false - } - } - - return true -} - -func descriptorEqual(desc1, desc2 ispec.Descriptor) bool { - if desc1.Size == desc2.Size && - desc1.Digest == desc2.Digest && - desc1.MediaType == desc2.MediaType && - desc1.Annotations[static.SignatureAnnotationKey] == desc2.Annotations[static.SignatureAnnotationKey] { - return true - } - - return false -} - -func getNotationManifestsFromOCIRefs(ociRefs ispec.Index) []ispec.Descriptor { - notaryManifests := []ispec.Descriptor{} - - for _, ref := range ociRefs.Manifests { - if ref.ArtifactType == common.ArtifactTypeNotation { - notaryManifests = append(notaryManifests, ref) - } - } - - return notaryManifests -} - -func getCosignManifestsFromOCIRefs(ociRefs ispec.Index) []ispec.Descriptor { - cosignManifests := []ispec.Descriptor{} - - for _, ref := range ociRefs.Manifests { - if ref.ArtifactType == common.ArtifactTypeCosign { - cosignManifests = append(cosignManifests, ref) - } - } - - return cosignManifests -} diff --git a/pkg/extensions/sync/references/references_internal_test.go b/pkg/extensions/sync/references/references_internal_test.go deleted file mode 100644 index a17020ce3..000000000 --- a/pkg/extensions/sync/references/references_internal_test.go +++ /dev/null @@ -1,306 +0,0 @@ -//go:build sync -// +build sync - -package references - -import ( - "context" - "errors" - "testing" - - godigest "github.com/opencontainers/go-digest" - ispec "github.com/opencontainers/image-spec/specs-go/v1" - . "github.com/smartystreets/goconvey/convey" - - zerr "zotregistry.dev/zot/errors" - client "zotregistry.dev/zot/pkg/extensions/sync/httpclient" - "zotregistry.dev/zot/pkg/log" - "zotregistry.dev/zot/pkg/storage" - "zotregistry.dev/zot/pkg/test/mocks" -) - -var errRef = errors.New("err") - -func TestCosign(t *testing.T) { - Convey("trigger errors", t, func() { - cfg := client.Config{ - URL: "url", - TLSVerify: false, - } - - client, err := client.New(cfg, log.NewLogger("debug", "")) - So(err, ShouldBeNil) - - cosign := NewCosignReference(client, storage.StoreController{DefaultStore: mocks.MockedImageStore{ - GetImageManifestFn: func(repo, reference string) ([]byte, godigest.Digest, string, error) { - return []byte{}, "", "", errRef - }, - }}, nil, log.NewLogger("debug", "")) - - ok, err := cosign.canSkipReferences("repo", "tag", nil) - So(err, ShouldBeNil) - So(ok, ShouldBeTrue) - - // trigger GetImageManifest err - ok, err = cosign.canSkipReferences("repo", "tag", &ispec.Manifest{MediaType: ispec.MediaTypeImageManifest}) - So(err, ShouldNotBeNil) - So(ok, ShouldBeFalse) - - cosign = NewCosignReference(client, storage.StoreController{DefaultStore: mocks.MockedImageStore{ - GetImageManifestFn: func(repo, reference string) ([]byte, godigest.Digest, string, error) { - return []byte{}, "digest", "", nil - }, - }}, nil, log.NewLogger("debug", "")) - - // different digest - ok, err = cosign.canSkipReferences("repo", "tag", &ispec.Manifest{MediaType: ispec.MediaTypeImageManifest}) - So(err, ShouldBeNil) - So(ok, ShouldBeFalse) - }) -} - -func TestOci(t *testing.T) { - Convey("trigger errors", t, func() { - cfg := client.Config{ - URL: "url", - TLSVerify: false, - } - - client, err := client.New(cfg, log.NewLogger("debug", "")) - So(err, ShouldBeNil) - - oci := NewOciReferences(client, storage.StoreController{DefaultStore: mocks.MockedImageStore{ - GetReferrersFn: func(repo string, digest godigest.Digest, artifactTypes []string) (ispec.Index, error) { - return ispec.Index{}, zerr.ErrManifestNotFound - }, - }}, nil, log.NewLogger("debug", "")) - - ok := oci.IsSigned(context.Background(), "repo", "") - So(ok, ShouldBeFalse) - - // trigger GetReferrers err - ok, err = oci.canSkipReferences("repo", "tag", ispec.Index{Manifests: []ispec.Descriptor{{Digest: "digest1"}}}) - So(err, ShouldBeNil) - So(ok, ShouldBeFalse) - }) -} - -func TestReferrersTag(t *testing.T) { - Convey("trigger errors", t, func() { - cfg := client.Config{ - URL: "url", - TLSVerify: false, - } - - client, err := client.New(cfg, log.NewLogger("debug", "")) - So(err, ShouldBeNil) - - referrersTag := NewTagReferences(client, storage.StoreController{DefaultStore: mocks.MockedImageStore{ - GetImageManifestFn: func(repo, reference string) ([]byte, godigest.Digest, string, error) { - return []byte{}, "", "", errRef - }, - }}, nil, log.NewLogger("debug", "")) - - ok := referrersTag.IsSigned(context.Background(), "repo", "") - So(ok, ShouldBeFalse) - - // trigger GetImageManifest err - ok, err = referrersTag.canSkipReferences("repo", "subjectdigest", "digest") - So(err, ShouldNotBeNil) - So(ok, ShouldBeFalse) - - referrersTag = NewTagReferences(client, storage.StoreController{DefaultStore: mocks.MockedImageStore{ - GetImageManifestFn: func(repo, reference string) ([]byte, godigest.Digest, string, error) { - return []byte{}, "", "", zerr.ErrManifestNotFound - }, - }}, nil, log.NewLogger("debug", "")) - - // trigger GetImageManifest err - ok, err = referrersTag.canSkipReferences("repo", "subjectdigest", "digest") - So(err, ShouldBeNil) - So(ok, ShouldBeFalse) - - referrersTag = NewTagReferences(client, storage.StoreController{DefaultStore: mocks.MockedImageStore{ - GetImageManifestFn: func(repo, reference string) ([]byte, godigest.Digest, string, error) { - return []byte{}, "digest", "", nil - }, - }}, nil, log.NewLogger("debug", "")) - - // different digest - ok, err = referrersTag.canSkipReferences("repo", "subjectdigest", "newdigest") - So(err, ShouldBeNil) - So(ok, ShouldBeFalse) - }) -} - -func TestSyncManifest(t *testing.T) { - Convey("sync manifest not found err", t, func() { - cfg := client.Config{ - URL: "url", - TLSVerify: false, - } - - client, err := client.New(cfg, log.NewLogger("debug", "")) - So(err, ShouldBeNil) - - digest := godigest.FromString("test") - - buf, refDigest, err := syncManifest(context.Background(), client, mocks.MockedImageStore{}, - "repo", "repo", ispec.Descriptor{ - Digest: digest, - Size: 10, - MediaType: ispec.MediaTypeImageManifest, - }, digest.String(), log.Logger{}) - - So(buf, ShouldBeEmpty) - So(refDigest, ShouldBeEmpty) - So(err, ShouldNotBeNil) - }) -} - -func TestCompareManifest(t *testing.T) { - testCases := []struct { - manifest1 ispec.Manifest - manifest2 ispec.Manifest - expected bool - }{ - { - manifest1: ispec.Manifest{ - Config: ispec.Descriptor{ - Digest: "digest1", - }, - }, - manifest2: ispec.Manifest{ - Config: ispec.Descriptor{ - Digest: "digest2", - }, - }, - expected: false, - }, - { - manifest1: ispec.Manifest{ - Config: ispec.Descriptor{ - Digest: "digest", - }, - }, - manifest2: ispec.Manifest{ - Config: ispec.Descriptor{ - Digest: "digest", - }, - }, - expected: true, - }, - { - manifest1: ispec.Manifest{ - Layers: []ispec.Descriptor{{ - Digest: "digest", - Size: 1, - }}, - }, - manifest2: ispec.Manifest{ - Layers: []ispec.Descriptor{{ - Digest: "digest", - Size: 1, - }}, - }, - expected: true, - }, - { - manifest1: ispec.Manifest{ - Layers: []ispec.Descriptor{{ - Digest: "digest1", - Size: 1, - }}, - }, - manifest2: ispec.Manifest{ - Layers: []ispec.Descriptor{{ - Digest: "digest2", - Size: 2, - }}, - }, - expected: false, - }, - { - manifest1: ispec.Manifest{ - Layers: []ispec.Descriptor{ - { - Digest: "digest", - Size: 1, - }, - { - Digest: "digest1", - Size: 1, - }, - }, - }, - manifest2: ispec.Manifest{ - Layers: []ispec.Descriptor{{ - Digest: "digest", - Size: 1, - }}, - }, - expected: false, - }, - { - manifest1: ispec.Manifest{ - Layers: []ispec.Descriptor{ - { - Digest: "digest1", - Size: 1, - }, - { - Digest: "digest2", - Size: 2, - }, - }, - }, - manifest2: ispec.Manifest{ - Layers: []ispec.Descriptor{ - { - Digest: "digest1", - Size: 1, - }, - { - Digest: "digest2", - Size: 2, - }, - }, - }, - expected: true, - }, - { - manifest1: ispec.Manifest{ - Layers: []ispec.Descriptor{ - { - Digest: "digest", - Size: 1, - }, - { - Digest: "digest1", - Size: 1, - }, - }, - }, - manifest2: ispec.Manifest{ - Layers: []ispec.Descriptor{ - { - Digest: "digest", - Size: 1, - }, - { - Digest: "digest2", - Size: 2, - }, - }, - }, - expected: false, - }, - } - - Convey("Test manifestsEqual()", t, func() { - for _, test := range testCases { - actualResult := manifestsEqual(test.manifest1, test.manifest2) - So(actualResult, ShouldEqual, test.expected) - } - }) -} diff --git a/pkg/extensions/sync/references/referrers_tag.go b/pkg/extensions/sync/references/referrers_tag.go deleted file mode 100644 index ffed36928..000000000 --- a/pkg/extensions/sync/references/referrers_tag.go +++ /dev/null @@ -1,172 +0,0 @@ -//go:build sync -// +build sync - -package references - -import ( - "context" - "errors" - "fmt" - "net/http" - "strings" - - godigest "github.com/opencontainers/go-digest" - ispec "github.com/opencontainers/image-spec/specs-go/v1" - - zerr "zotregistry.dev/zot/errors" - "zotregistry.dev/zot/pkg/common" - "zotregistry.dev/zot/pkg/extensions/sync/constants" - client "zotregistry.dev/zot/pkg/extensions/sync/httpclient" - "zotregistry.dev/zot/pkg/log" - "zotregistry.dev/zot/pkg/meta" - mTypes "zotregistry.dev/zot/pkg/meta/types" - "zotregistry.dev/zot/pkg/storage" -) - -type TagReferences struct { - client *client.Client - storeController storage.StoreController - metaDB mTypes.MetaDB - log log.Logger -} - -func NewTagReferences(httpClient *client.Client, storeController storage.StoreController, - metaDB mTypes.MetaDB, log log.Logger, -) TagReferences { - return TagReferences{ - client: httpClient, - storeController: storeController, - metaDB: metaDB, - log: log, - } -} - -func (ref TagReferences) Name() string { - return constants.Tag -} - -func (ref TagReferences) IsSigned(ctx context.Context, remoteRepo, subjectDigestStr string) bool { - return false -} - -func (ref TagReferences) canSkipReferences(localRepo, subjectDigestStr, digest string) (bool, error) { - imageStore := ref.storeController.GetImageStore(localRepo) - - _, localDigest, _, err := imageStore.GetImageManifest(localRepo, getReferrersTagFromSubjectDigest(subjectDigestStr)) - if err != nil { - if errors.Is(err, zerr.ErrManifestNotFound) { - return false, nil - } - - ref.log.Error().Str("errorType", common.TypeOf(err)). - Str("repository", localRepo).Str("subject", subjectDigestStr). - Err(err).Msg("couldn't get local index with referrers tag for image") - - return false, err - } - - if localDigest.String() != digest { - return false, nil - } - - ref.log.Info().Str("repository", localRepo).Str("reference", subjectDigestStr). - Msg("skipping index with referrers tag for image, already synced") - - return true, nil -} - -func (ref TagReferences) SyncReferences(ctx context.Context, localRepo, remoteRepo, subjectDigestStr string) ( - []godigest.Digest, error, -) { - refsDigests := make([]godigest.Digest, 0, 10) - - index, indexContent, err := ref.getIndex(ctx, remoteRepo, subjectDigestStr) - if err != nil { - return refsDigests, err - } - - skipTagRefs, err := ref.canSkipReferences(localRepo, subjectDigestStr, string(godigest.FromBytes(indexContent))) - if err != nil { - ref.log.Error().Err(err).Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("couldn't check if the upstream index with referrers tag for image can be skipped") - } - - if skipTagRefs { - return refsDigests, nil - } - - imageStore := ref.storeController.GetImageStore(localRepo) - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("syncing oci references for image") - - for _, referrer := range index.Manifests { - referenceBuf, referenceDigest, err := syncManifest(ctx, ref.client, imageStore, localRepo, remoteRepo, - referrer, subjectDigestStr, ref.log) - if err != nil { - return refsDigests, err - } - - refsDigests = append(refsDigests, referenceDigest) - - if ref.metaDB != nil { - ref.log.Debug().Str("repository", localRepo).Str("subject", subjectDigestStr).Str("component", "metadb"). - Msg("trying to add oci references for image") - - err = meta.SetImageMetaFromInput(ctx, localRepo, referenceDigest.String(), referrer.MediaType, - referenceDigest, referenceBuf, ref.storeController.GetImageStore(localRepo), - ref.metaDB, ref.log) - if err != nil { - return refsDigests, fmt.Errorf("failed to set metadata for oci reference in '%s@%s': %w", - localRepo, subjectDigestStr, err) - } - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr).Str("component", "metadb"). - Msg("successfully added oci references to MetaDB for image") - } - } - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("syncing index with referrers tag for image") - - referrersTag := getReferrersTagFromSubjectDigest(subjectDigestStr) - - _, _, err = imageStore.PutImageManifest(localRepo, referrersTag, index.MediaType, indexContent) - if err != nil { - ref.log.Error().Str("errorType", common.TypeOf(err)). - Str("repository", localRepo).Str("subject", subjectDigestStr). - Err(err).Msg("couldn't upload index with referrers tag for image") - - return refsDigests, err - } - - ref.log.Info().Str("repository", localRepo).Str("subject", subjectDigestStr). - Msg("successfully synced index with referrers tag for image") - - return refsDigests, nil -} - -func (ref TagReferences) getIndex( - ctx context.Context, repo, subjectDigestStr string, -) (ispec.Index, []byte, error) { - var index ispec.Index - - content, _, statusCode, err := ref.client.MakeGetRequest(ctx, &index, ispec.MediaTypeImageIndex, "", - "v2", repo, "manifests", getReferrersTagFromSubjectDigest(subjectDigestStr)) - if err != nil { - if statusCode == http.StatusNotFound { - ref.log.Debug().Str("repository", repo).Str("subject", subjectDigestStr). - Msg("couldn't find any index with referrers tag for image, skipping") - - return index, []byte{}, zerr.ErrSyncReferrerNotFound - } - - return index, []byte{}, err - } - - return index, content, nil -} - -func getReferrersTagFromSubjectDigest(digestStr string) string { - return strings.Replace(digestStr, ":", "-", 1) -} diff --git a/pkg/extensions/sync/referrers.go b/pkg/extensions/sync/referrers.go new file mode 100644 index 000000000..40e196c15 --- /dev/null +++ b/pkg/extensions/sync/referrers.go @@ -0,0 +1,48 @@ +//go:build sync +// +build sync + +package sync + +import ( + "strings" + + ispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/regclient/regclient/types/referrer" + + "zotregistry.dev/zot/pkg/common" +) + +const ( + cosignSignatureTagSuffix = "sig" + SBOMTagSuffix = "sbom" +) + +func hasSignatureReferrers(refs referrer.ReferrerList) bool { + for _, desc := range refs.Descriptors { + tag := desc.Annotations[ispec.AnnotationRefName] + + if isCosignTag(tag) { + return true + } + + if desc.ArtifactType == common.ArtifactTypeNotation { + return true + } + + if desc.ArtifactType == common.ArtifactTypeCosign { + return true + } + } + + return false +} + +// this function will check if tag is a cosign tag (signature or sbom). +func isCosignTag(tag string) bool { + if strings.HasPrefix(tag, "sha256-") && + (strings.HasSuffix(tag, cosignSignatureTagSuffix) || strings.HasSuffix(tag, SBOMTagSuffix)) { + return true + } + + return false +} diff --git a/pkg/extensions/sync/remote.go b/pkg/extensions/sync/remote.go index bf85f62f3..18aacab1b 100644 --- a/pkg/extensions/sync/remote.go +++ b/pkg/extensions/sync/remote.go @@ -5,185 +5,348 @@ package sync import ( "context" + "encoding/json" + "errors" "fmt" - "net/url" - "strings" - - "github.com/containers/image/v5/docker" - dockerReference "github.com/containers/image/v5/docker/reference" - "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/types" - "github.com/opencontainers/go-digest" - ispec "github.com/opencontainers/image-spec/specs-go/v1" - "zotregistry.dev/zot/pkg/api/constants" + godigest "github.com/opencontainers/go-digest" + ispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/regclient/regclient" + "github.com/regclient/regclient/types/descriptor" + "github.com/regclient/regclient/types/errs" + "github.com/regclient/regclient/types/manifest" + "github.com/regclient/regclient/types/mediatype" + "github.com/regclient/regclient/types/ref" + "github.com/regclient/regclient/types/repo" + + zerr "zotregistry.dev/zot/errors" "zotregistry.dev/zot/pkg/common" - client "zotregistry.dev/zot/pkg/extensions/sync/httpclient" "zotregistry.dev/zot/pkg/log" ) -type catalog struct { - Repositories []string `json:"repositories"` -} - type RemoteRegistry struct { - client *client.Client - context *types.SystemContext - log log.Logger + client *regclient.RegClient + hosts []string + host string + log log.Logger } -func NewRemoteRegistry(client *client.Client, logger log.Logger) Remote { +func NewRemoteRegistry(client *regclient.RegClient, hosts []string, logger log.Logger) Remote { registry := &RemoteRegistry{} registry.log = logger + registry.hosts = hosts registry.client = client - clientConfig := client.GetConfig() - registry.context = getUpstreamContext(clientConfig.CertDir, clientConfig.Username, - clientConfig.Password, clientConfig.TLSVerify) + registry.host = hosts[0] return registry } -func (registry *RemoteRegistry) GetContext() *types.SystemContext { - return registry.context +func (registry *RemoteRegistry) GetHostName() string { + return registry.host } func (registry *RemoteRegistry) GetRepositories(ctx context.Context) ([]string, error) { - var catalog catalog + var err error + + var repoList *repo.RepoList + + for _, host := range registry.hosts { + repoList, err = registry.client.RepoList(ctx, host) + if err != nil { + registry.log.Error().Err(err).Str("remote", host).Msg("failed to list repositories in remote registry") + + continue + } + + return repoList.Repositories, nil + } - _, header, _, err := registry.client.MakeGetRequest(ctx, &catalog, "application/json", "", //nolint: dogsled - constants.RoutePrefix, constants.ExtCatalogPrefix) + return []string{}, err +} + +func (registry *RemoteRegistry) GetImageReference(repo, reference string) (ref.Ref, error) { + digest, ok := parseReference(reference) + + var imageRefPath string + if ok { + imageRefPath = fmt.Sprintf("%s/%s@%s", registry.host, repo, digest.String()) + } else { + // is tag + imageRefPath = fmt.Sprintf("%s/%s:%s", registry.host, repo, reference) + } + + imageRef, err := ref.New(imageRefPath) if err != nil { - return []string{}, err + return ref.Ref{}, err } - var repos []string + return imageRef, nil +} + +func (registry *RemoteRegistry) GetOCIManifest(ctx context.Context, repo, reference string, +) ([]byte, ispec.Descriptor, bool, error) { + var isConverted bool - repos = append(repos, catalog.Repositories...) + var buf []byte - link := header.Get("Link") - for link != "" { - linkURLPart, _, _ := strings.Cut(link, ";") + var desc ispec.Descriptor - linkURL, err := url.Parse(strings.Trim(linkURLPart, "<>")) - if err != nil { - return catalog.Repositories, err - } + imageReference, err := registry.GetImageReference(repo, reference) + if err != nil { + return nil, ispec.Descriptor{}, false, err + } - _, header, _, err := registry.client.MakeGetRequest(ctx, &catalog, "application/json", - linkURL.RawQuery, constants.RoutePrefix, constants.ExtCatalogPrefix) //nolint: dogsled - if err != nil { - return repos, err + /// check what error it gives when not found + man, err := registry.client.ManifestGet(ctx, imageReference) + if err != nil { + /* public registries may return 401 for image not found + they will try to check private registries as a fallback => 401 */ + if errors.Is(err, errs.ErrHTTPUnauthorized) { + registry.log.Info().Str("errorType", common.TypeOf(err)). + Str("repository", repo).Str("reference", reference). + Err(err).Msg("failed to get manifest: unauthorized") + + return nil, ispec.Descriptor{}, false, zerr.ErrUnauthorizedAccess + } else if errors.Is(err, errs.ErrNotFound) { + registry.log.Info().Str("errorType", common.TypeOf(err)). + Str("repository", repo).Str("reference", reference). + Err(err).Msg("failed to find manifest") + + return nil, ispec.Descriptor{}, false, zerr.ErrManifestNotFound } - repos = append(repos, catalog.Repositories...) + return nil, ispec.Descriptor{}, false, err + } - link = header.Get("Link") + switch man.GetDescriptor().MediaType { + case mediatype.Docker2Manifest: + buf, desc, err = convertDockerManifestToOCI(ctx, man, imageReference, registry.client) + isConverted = true + case mediatype.Docker2ManifestList: + buf, desc, err = convertDockerListToOCI(ctx, man, imageReference, registry.client) + isConverted = true + case mediatype.OCI1Manifest, mediatype.OCI1ManifestList: + buf, err = man.MarshalJSON() + desc = toOCIDescriptor(man.GetDescriptor()) + default: + return nil, desc, false, zerr.ErrMediaTypeNotSupported } - return repos, nil + return buf, desc, isConverted, err } -func (registry *RemoteRegistry) GetDockerRemoteRepo(repo string) string { - dockerNamespace := "library" - dockerRegistry := "docker.io" - - remoteHost := registry.client.GetHostname() +func (registry *RemoteRegistry) GetTags(ctx context.Context, repo string) ([]string, error) { + repoRefPath := fmt.Sprintf("%s/%s", registry.host, repo) - repoRef, err := parseRepositoryReference(fmt.Sprintf("%s/%s", remoteHost, repo)) + repoReference, err := ref.New(repoRefPath) if err != nil { - return repo + return []string{}, err } - if !strings.Contains(repo, dockerNamespace) && - strings.Contains(repoRef.String(), dockerNamespace) && - strings.Contains(repoRef.String(), dockerRegistry) { - return fmt.Sprintf("%s/%s", dockerNamespace, repo) + tl, err := registry.client.TagList(ctx, repoReference) + if err != nil { + return []string{}, err } - return repo + return tl.GetTags() } -func (registry *RemoteRegistry) GetImageReference(repo, reference string) (types.ImageReference, error) { - remoteHost := registry.client.GetHostname() +func convertDockerListToOCI(ctx context.Context, man manifest.Manifest, imageReference ref.Ref, + regclient *regclient.RegClient, +) ( + []byte, ispec.Descriptor, error, +) { + var index ispec.Index + + index.SchemaVersion = 2 + index.Manifests = []ispec.Descriptor{} + index.MediaType = ispec.MediaTypeImageIndex - repoRef, err := parseRepositoryReference(fmt.Sprintf("%s/%s", remoteHost, repo)) + indexer, ok := man.(manifest.Indexer) + if !ok { + return nil, ispec.Descriptor{}, zerr.ErrMediaTypeNotSupported + } + + ociIndex, err := manifest.OCIIndexFromAny(man.GetOrig()) if err != nil { - registry.log.Error().Str("errorType", common.TypeOf(err)).Str("repo", repo). - Str("reference", reference).Str("remote", remoteHost). - Err(err).Msg("couldn't parse repository reference") + return nil, ispec.Descriptor{}, zerr.ErrMediaTypeNotSupported + } - return nil, err + manifests, err := indexer.GetManifestList() + if err != nil { + return nil, ispec.Descriptor{}, zerr.ErrMediaTypeNotSupported } - var namedRepoRef dockerReference.Named + for _, manDesc := range manifests { + ref := imageReference + ref.Digest = manDesc.Digest.String() - digest, ok := parseReference(reference) - if ok { - namedRepoRef, err = dockerReference.WithDigest(repoRef, digest) + manEntry, err := regclient.ManifestGet(ctx, ref) if err != nil { - return nil, err + return nil, ispec.Descriptor{}, err } - } else { - namedRepoRef, err = dockerReference.WithTag(repoRef, reference) + + regclient.Close(ctx, manEntry.GetRef()) + + _, desc, err := convertDockerManifestToOCI(ctx, manEntry, ref, regclient) if err != nil { - return nil, err + return nil, ispec.Descriptor{}, err + } + + // copy desc platform from docker desc + if manDesc.Platform != nil { + desc.Platform = &ispec.Platform{ + Architecture: manDesc.Platform.Architecture, + OS: manDesc.Platform.OS, + OSVersion: manDesc.Platform.OSVersion, + OSFeatures: manDesc.Platform.OSFeatures, + Variant: manDesc.Platform.Variant, + } } + + index.Manifests = append(index.Manifests, desc) } - imageRef, err := docker.NewReference(namedRepoRef) - if err != nil { - registry.log.Err(err).Str("transport", docker.Transport.Name()).Str("reference", namedRepoRef.String()). - Msg("cannot obtain a valid image reference for given transport and reference") + index.Annotations = ociIndex.Annotations + index.ArtifactType = ociIndex.ArtifactType - return nil, err + if ociIndex.Subject != nil { + subject := toOCIDescriptor(*ociIndex.Subject) + index.Subject = &subject } - return imageRef, nil + indexBuf, err := json.Marshal(index) + if err != nil { + return nil, ispec.Descriptor{}, err + } + + indexDesc := toOCIDescriptor(man.GetDescriptor()) + + indexDesc.MediaType = ispec.MediaTypeImageIndex + indexDesc.Digest = godigest.FromBytes(indexBuf) + indexDesc.Size = int64(len(indexBuf)) + + return indexBuf, indexDesc, nil } -func (registry *RemoteRegistry) GetManifestContent(imageReference types.ImageReference) ( - []byte, string, digest.Digest, error, +func convertDockerManifestToOCI(ctx context.Context, man manifest.Manifest, imageReference ref.Ref, + regclient *regclient.RegClient, +) ( + []byte, ispec.Descriptor, error, ) { - imageSource, err := imageReference.NewImageSource(context.Background(), registry.GetContext()) + imager, ok := man.(manifest.Imager) + if !ok { + return nil, ispec.Descriptor{}, zerr.ErrMediaTypeNotSupported + } + + var ociManifest ispec.Manifest + + manifest, err := man.RawBody() if err != nil { - return []byte{}, "", "", err + return nil, ispec.Descriptor{}, zerr.ErrMediaTypeNotSupported } - defer imageSource.Close() + if err := json.Unmarshal(manifest, &ociManifest); err != nil { + return nil, ispec.Descriptor{}, err + } - manifestBuf, mediaType, err := imageSource.GetManifest(context.Background(), nil) + configDesc, err := imager.GetConfig() if err != nil { - return []byte{}, "", "", err + return nil, ispec.Descriptor{}, err } - // if mediatype is docker then convert to OCI - switch mediaType { - case manifest.DockerV2Schema2MediaType: - manifestBuf, err = convertDockerManifestToOCI(imageSource, manifestBuf) - if err != nil { - return []byte{}, "", "", err - } - case manifest.DockerV2ListMediaType: - manifestBuf, err = convertDockerIndexToOCI(imageSource, manifestBuf) - if err != nil { - return []byte{}, "", "", err - } + // get config blob + config, err := regclient.BlobGetOCIConfig(ctx, imageReference, configDesc) + if err != nil { + return nil, ispec.Descriptor{}, err } - return manifestBuf, ispec.MediaTypeImageManifest, digest.FromBytes(manifestBuf), nil -} + configBuf, err := config.RawBody() + if err != nil { + return nil, ispec.Descriptor{}, err + } + + // var ociConfig ispec.Image + + // if err := json.Unmarshal(configBuf, &ociConfig); err != nil { + // return nil, ispec.Descriptor{}, err + // } -func (registry *RemoteRegistry) GetRepoTags(repo string) ([]string, error) { - remoteHost := registry.client.GetHostname() + // ociConfigContent, err := json.Marshal(ociConfig) + // if err != nil { + // return nil, ispec.Descriptor{}, err + // } - tags, err := getRepoTags(context.Background(), registry.GetContext(), remoteHost, repo) + // convert config and manifest mediatype + ociManifest.Config.Size = int64(len(configBuf)) + ociManifest.Config.Digest = godigest.FromBytes(configBuf) + ociManifest.Config.MediaType = ispec.MediaTypeImageConfig + ociManifest.MediaType = ispec.MediaTypeImageManifest + + layersDesc, err := imager.GetLayers() if err != nil { - registry.log.Error().Str("errorType", common.TypeOf(err)).Str("repo", repo). - Str("remote", remoteHost).Err(err).Msg("couldn't fetch tags for repo") + return nil, ispec.Descriptor{}, err + } - return []string{}, err + ociManifest.Layers = []ispec.Descriptor{} + + for _, layerDesc := range layersDesc { + ociManifest.Layers = append(ociManifest.Layers, toOCIDescriptor(layerDesc)) } - return tags, nil + manifestBuf, err := json.Marshal(ociManifest) + if err != nil { + return nil, ispec.Descriptor{}, err + } + + manifestDesc := toOCIDescriptor(man.GetDescriptor()) + + manifestDesc.MediaType = ispec.MediaTypeImageManifest + manifestDesc.Digest = godigest.FromBytes(manifestBuf) + manifestDesc.Size = int64(len(manifestBuf)) + + return manifestBuf, manifestDesc, nil +} + +func toOCIDescriptor(desc descriptor.Descriptor) ispec.Descriptor { + ispecPlatform := &ispec.Platform{} + + platform := desc.Platform + if platform != nil { + ispecPlatform.Architecture = platform.Architecture + ispecPlatform.OS = platform.OS + ispecPlatform.OSFeatures = platform.OSFeatures + ispecPlatform.OSVersion = platform.OSVersion + ispecPlatform.Variant = platform.Variant + } else { + ispecPlatform = nil + } + + var mediaType string + + switch desc.MediaType { + case mediatype.Docker2Manifest: + mediaType = ispec.MediaTypeImageManifest + case mediatype.Docker2ManifestList: + mediaType = ispec.MediaTypeImageIndex + case mediatype.Docker2ImageConfig: + mediaType = ispec.MediaTypeImageConfig + case mediatype.Docker2ForeignLayer: + mediaType = ispec.MediaTypeImageLayerNonDistributable //nolint: staticcheck + case mediatype.Docker2LayerGzip: + mediaType = ispec.MediaTypeImageLayerGzip + default: + mediaType = desc.MediaType + } + + return ispec.Descriptor{ + MediaType: mediaType, + Digest: desc.Digest, + Size: desc.Size, + URLs: desc.URLs, + Annotations: desc.Annotations, + Platform: ispecPlatform, + ArtifactType: desc.ArtifactType, + } } diff --git a/pkg/extensions/sync/service.go b/pkg/extensions/sync/service.go index 4f1fca23d..5a984cd0a 100644 --- a/pkg/extensions/sync/service.go +++ b/pkg/extensions/sync/service.go @@ -8,19 +8,22 @@ import ( "errors" "fmt" "strconv" + "strings" - "github.com/containers/common/pkg/retry" - "github.com/containers/image/v5/copy" - "github.com/opencontainers/go-digest" + godigest "github.com/opencontainers/go-digest" + "github.com/regclient/regclient" + "github.com/regclient/regclient/config" + "github.com/regclient/regclient/mod" + "github.com/regclient/regclient/scheme/reg" + "github.com/regclient/regclient/types/ref" + "github.com/sirupsen/logrus" zerr "zotregistry.dev/zot/errors" - "zotregistry.dev/zot/pkg/api/config" + zconfig "zotregistry.dev/zot/pkg/api/config" "zotregistry.dev/zot/pkg/api/constants" "zotregistry.dev/zot/pkg/cluster" "zotregistry.dev/zot/pkg/common" syncconf "zotregistry.dev/zot/pkg/extensions/config/sync" - client "zotregistry.dev/zot/pkg/extensions/sync/httpclient" - "zotregistry.dev/zot/pkg/extensions/sync/references" "zotregistry.dev/zot/pkg/log" mTypes "zotregistry.dev/zot/pkg/meta/types" "zotregistry.dev/zot/pkg/storage" @@ -29,23 +32,22 @@ import ( type BaseService struct { config syncconf.RegistryConfig credentials syncconf.CredentialsFile - clusterConfig *config.ClusterConfig remote Remote destination Destination - retryOptions *retry.RetryOptions + clusterConfig *zconfig.ClusterConfig + copyOptions []regclient.ImageOpts contentManager ContentManager storeController storage.StoreController metaDB mTypes.MetaDB repositories []string - references references.References - client *client.Client + rc *regclient.RegClient log log.Logger } func New( opts syncconf.RegistryConfig, credentialsFilepath string, - clusterConfig *config.ClusterConfig, + clusterConfig *zconfig.ClusterConfig, tmpDir string, storeController storage.StoreController, metadb mTypes.MetaDB, @@ -56,6 +58,8 @@ func New( service.config = opts service.log = log service.metaDB = metadb + service.contentManager = NewContentManager(opts.Content, log) + service.storeController = storeController var err error @@ -91,100 +95,107 @@ func New( ) } - retryOptions := &retry.RetryOptions{} - - if opts.MaxRetries != nil { - retryOptions.MaxRetry = *opts.MaxRetries - if opts.RetryDelay != nil { - retryOptions.Delay = *opts.RetryDelay - } - } - - service.retryOptions = retryOptions service.storeController = storeController - // try to set next client. - if err := service.SetNextAvailableClient(); err != nil { - // if it's a ping issue, it will be retried - if !errors.Is(err, zerr.ErrSyncPingRegistry) { - return service, err - } + urls, err := parseRegistryURLs(opts.URLs) + if err != nil { + return nil, err } - service.references = references.NewReferences( - service.client, - service.storeController, - service.metaDB, - service.log, - ) + tls := config.TLSEnabled // default - service.remote = NewRemoteRegistry( - service.client, - service.log, - ) + mainHost := urls[0].Host - return service, nil -} + if urls[0].Scheme == "http" { + tls = config.TLSDisabled + } -func (service *BaseService) SetNextAvailableClient() error { - if service.client != nil && service.client.Ping() { - return nil + mirrorsHosts := make([]string, 0) + for _, url := range urls[1:] { + mirrorsHosts = append(mirrorsHosts, url.Host) } - found := false + hostConfig := config.Host{} + hostConfig.Name = mainHost + hostConfig.Mirrors = mirrorsHosts + hostConfig.TLS = tls - for _, url := range service.config.URLs { - // skip current client - if service.client != nil && service.client.GetBaseURL() == url { - continue + if opts.CertDir != "" { + clientCert, clientKey, regCert, err := getCertificates(opts.CertDir) + if err != nil { + return nil, err } - remoteAddress := StripRegistryTransport(url) - credentials := service.credentials[remoteAddress] - - tlsVerify := true - if service.config.TLSVerify != nil { - tlsVerify = *service.config.TLSVerify - } + hostConfig.ClientCert = clientCert + hostConfig.ClientKey = clientKey + hostConfig.RegCert = regCert + } - options := client.Config{ - URL: url, - Username: credentials.Username, - Password: credentials.Password, - TLSVerify: tlsVerify, - CertDir: service.config.CertDir, - } + if mainHost == regclient.DockerRegistryAuth || + mainHost == regclient.DockerRegistryDNS || + mainHost == regclient.DockerRegistry || + mainHost == "index.docker.io" { + hostConfig.Name = regclient.DockerRegistry + hostConfig.Hostname = regclient.DockerRegistryDNS + hostConfig.CredHost = regclient.DockerRegistryAuth + } - var err error + credentials, ok := credentialsFile[mainHost] + if ok { + hostConfig.User = credentials.Username + hostConfig.Pass = credentials.Password + } - if service.client != nil { - err = service.client.SetConfig(options) - } else { - service.client, err = client.New(options, service.log) - } + hostConfigOpts := []config.Host{} + hostConfigOpts = append(hostConfigOpts, hostConfig) - if err != nil { - service.log.Error().Err(err).Str("url", url).Msg("failed to initialize http client") + for _, mirror := range mirrorsHosts { + mirroHostConfig := hostConfig + mirroHostConfig.Name = mirror + hostConfigOpts = append(hostConfigOpts, mirroHostConfig) + } - return err - } + regOpts := []reg.Opts{} - if service.client.Ping() { - found = true + if opts.CertDir != "" { + regOpts = append(regOpts, reg.WithCertDirs([]string{opts.CertDir})) + } - break - } + if opts.MaxRetries != nil { + regOpts = append(regOpts, reg.WithRetryLimit(*opts.MaxRetries)) + } else { + regOpts = append(regOpts, reg.WithRetryLimit(1)) } - if service.client == nil || !found { - return zerr.ErrSyncPingRegistry + if opts.RetryDelay != nil { + regOpts = append(regOpts, reg.WithDelay(*opts.RetryDelay, *opts.RetryDelay)) } - return nil -} + service.rc = regclient.New( + regclient.WithLog(logrus.StandardLogger()), + regclient.WithDockerCerts(), + regclient.WithDockerCreds(), + regclient.WithRegOpts(regOpts...), + regclient.WithConfigHost(hostConfigOpts...), + ) + + hosts := []string{} + hosts = append(hosts, mainHost) + hosts = append(hosts, mirrorsHosts...) + + service.remote = NewRemoteRegistry( + service.rc, + hosts, + service.log, + ) -func (service *BaseService) GetRetryOptions() *retry.Options { - return service.retryOptions + // we want referrers using sha-.*" tags + service.copyOptions = append(service.copyOptions, regclient.ImageWithDigestTags()) + // we want oci referrers + service.copyOptions = append(service.copyOptions, regclient.ImageWithReferrers()) + // service.copyOptions = append(service.copyOptions, rc.ImageWithForceRecursive()) + + return service, nil } func (service *BaseService) getNextRepoFromCatalog(lastRepo string) string { @@ -219,13 +230,10 @@ func (service *BaseService) GetNextRepo(lastRepo string) (string, error) { var err error if len(service.repositories) == 0 { - if err = retry.RetryIfNecessary(context.Background(), func() error { - service.repositories, err = service.remote.GetRepositories(context.Background()) - - return err - }, service.retryOptions); err != nil { - service.log.Error().Str("errorType", common.TypeOf(err)).Str("remote registry", service.client.GetConfig().URL). - Err(err).Msg("failed to get repository list from remote registry") + service.repositories, err = service.remote.GetRepositories(context.Background()) + if err != nil { + service.log.Error().Str("errorType", common.TypeOf(err)).Str("remote registry", service.remote.GetHostName()). + Err(err).Msg("error while getting repositories from remote registry") return "", err } @@ -262,82 +270,41 @@ func (service *BaseService) GetNextRepo(lastRepo string) (string, error) { return lastRepo, nil } -// SyncReference on demand. -func (service *BaseService) SyncReference(ctx context.Context, repo string, - subjectDigestStr string, referenceType string, -) error { - remoteRepo := repo - - remoteURL := service.client.GetConfig().URL - - if len(service.config.Content) > 0 { - remoteRepo = service.contentManager.GetRepoSource(repo) - if remoteRepo == "" { - service.log.Info().Str("remote", remoteURL).Str("repository", repo).Str("subject", subjectDigestStr). - Str("reference type", referenceType).Msg("will not sync reference for image, filtered out by content") - - return zerr.ErrSyncImageFilteredOut - } - } - - remoteRepo = service.remote.GetDockerRemoteRepo(remoteRepo) - - service.log.Info().Str("remote", remoteURL).Str("repository", repo).Str("subject", subjectDigestStr). - Str("reference type", referenceType).Msg("syncing reference for image") - - return service.references.SyncReference(ctx, repo, remoteRepo, subjectDigestStr, referenceType) -} - // SyncImage on demand. func (service *BaseService) SyncImage(ctx context.Context, repo, reference string) error { remoteRepo := repo - remoteURL := service.client.GetConfig().URL + remoteURL := service.remote.GetHostName() if len(service.config.Content) > 0 { remoteRepo = service.contentManager.GetRepoSource(repo) if remoteRepo == "" { - service.log.Info().Str("remote", remoteURL).Str("repository", repo).Str("reference", reference). + service.log.Info().Str("remote", remoteURL).Str("repo", repo).Str("reference", reference). Msg("will not sync image, filtered out by content") return zerr.ErrSyncImageFilteredOut } } - remoteRepo = service.remote.GetDockerRemoteRepo(remoteRepo) - - service.log.Info().Str("remote", remoteURL).Str("repository", repo).Str("reference", reference). - Msg("syncing image") + service.log.Info().Str("remote", remoteURL).Str("repo", repo).Str("reference", reference). + Msg("sync: syncing image") - manifestDigest, err := service.syncTag(ctx, repo, remoteRepo, reference) - if err != nil { - return err - } - - err = service.references.SyncAll(ctx, repo, remoteRepo, manifestDigest.String()) - if err != nil && !errors.Is(err, zerr.ErrSyncReferrerNotFound) { - return err - } - - return nil + return service.syncTagAndReferrers(ctx, repo, remoteRepo, reference) } // sync repo periodically. func (service *BaseService) SyncRepo(ctx context.Context, repo string) error { - service.log.Info().Str("repository", repo).Str("registry", service.client.GetConfig().URL). - Msg("syncing repo") + service.log.Info().Str("repo", repo).Str("registry", service.remote.GetHostName()). + Msg("sync: syncing repo") var err error var tags []string - if err = retry.RetryIfNecessary(ctx, func() error { - tags, err = service.remote.GetRepoTags(repo) - - return err - }, service.retryOptions); err != nil { - service.log.Error().Str("errorType", common.TypeOf(err)).Str("repository", repo). - Err(err).Msg("failed to get tags for repository") + tags, err = service.remote.GetTags(ctx, repo) + if err != nil { + service.log.Error().Str("errorType", common.TypeOf(err)).Str("repo", repo). + Err(err).Msg("error while getting tags for repo") return err } @@ -348,154 +315,322 @@ func (service *BaseService) SyncRepo(ctx context.Context, repo string) error { return err } - service.log.Info().Str("repository", repo).Msgf("syncing tags %v", tags) + service.log.Info().Str("repo", repo).Msgf("sync: syncing tags %v", tags) // apply content.destination rule - destinationRepo := service.contentManager.GetRepoDestination(repo) + localRepo := service.contentManager.GetRepoDestination(repo) for _, tag := range tags { if common.IsContextDone(ctx) { return ctx.Err() } - if references.IsCosignTag(tag) || common.IsReferrersTag(tag) { + if isCosignTag(tag) || common.IsReferrersTag(tag) { continue } - var manifestDigest digest.Digest - - if err = retry.RetryIfNecessary(ctx, func() error { - manifestDigest, err = service.syncTag(ctx, destinationRepo, repo, tag) - - return err - }, service.retryOptions); err != nil { - if errors.Is(err, zerr.ErrSyncImageNotSigned) || errors.Is(err, zerr.ErrMediaTypeNotSupported) { + err = service.syncTagAndReferrers(ctx, localRepo, repo, tag) + if err != nil { + if errors.Is(err, zerr.ErrSyncImageNotSigned) || + errors.Is(err, zerr.ErrUnauthorizedAccess) || + errors.Is(err, zerr.ErrMediaTypeNotSupported) || + errors.Is(err, zerr.ErrManifestNotFound) { // skip unsigned images or unsupported image mediatype continue } - service.log.Error().Str("errorType", common.TypeOf(err)).Str("repository", repo). - Err(err).Msg("failed to sync tags for repository") + service.log.Error().Str("errorType", common.TypeOf(err)).Str("repo", repo). + Err(err).Msg("error while syncing tags for repo") return err } - - if manifestDigest != "" { - if err = retry.RetryIfNecessary(ctx, func() error { - err = service.references.SyncAll(ctx, destinationRepo, repo, manifestDigest.String()) - if errors.Is(err, zerr.ErrSyncReferrerNotFound) { - return nil - } - - return err - }, service.retryOptions); err != nil { - service.log.Error().Str("errorType", common.TypeOf(err)).Str("repository", repo). - Err(err).Msg("failed to sync tags for repository") - } - } } - service.log.Info().Str("component", "sync").Str("repository", repo).Msg("finished syncing repository") + service.log.Info().Str("repo", repo).Msg("sync: finished syncing repo") return nil } -func (service *BaseService) syncTag(ctx context.Context, destinationRepo, remoteRepo, tag string, -) (digest.Digest, error) { - copyOptions := getCopyOptions(service.remote.GetContext(), service.destination.GetContext()) +func (service *BaseService) syncReference(ctx context.Context, localRepo string, remoteImageRef, localImageRef ref.Ref, + remoteManifestDigest godigest.Digest, recursive bool, +) (bool, error) { + var reference string + + if remoteImageRef.Tag != "" { + reference = remoteImageRef.Tag + } else { + reference = remoteImageRef.Digest + } + + copyOpts := []regclient.ImageOpts{} + if recursive { + copyOpts = append(copyOpts, service.copyOptions...) + } - policyContext, err := getPolicyContext(service.log) + // check if image digest + its referrers digests are already synced, otherwise sync everything again + skipImage, err := service.destination.CanSkipImage(localRepo, reference, remoteManifestDigest) if err != nil { - return "", err + service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). + Str("repo", localRepo).Str("reference", remoteImageRef.Tag). + Msg("couldn't check if the local image can be skipped") } - defer func() { - _ = policyContext.Destroy() - }() + if !skipImage { + service.log.Info().Str("remote image", remoteImageRef.CommonName()). + Str("local image", fmt.Sprintf("%s:%s", localRepo, remoteImageRef.Tag)).Msg("syncing image") + + err = service.rc.ImageCopy(ctx, remoteImageRef, localImageRef, copyOpts...) + if err != nil { + service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). + Str("remote image", remoteImageRef.CommonName()). + Str("local image", fmt.Sprintf("%s:%s", localRepo, remoteImageRef.Tag)).Msg("failed to sync image") + + return false, err + } + } else { + service.log.Info().Str("image", remoteImageRef.CommonName()). + Msg("skipping image because it's already synced") + + return true, nil + } + + return false, nil +} + +func (service *BaseService) syncTagAndReferrers(ctx context.Context, localRepo, remoteRepo, tag string) error { + var shouldCommit bool remoteImageRef, err := service.remote.GetImageReference(remoteRepo, tag) if err != nil { service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). Str("repository", remoteRepo).Str("reference", tag).Msg("couldn't get a remote image reference") - return "", err + return err } - _, mediaType, manifestDigest, err := service.remote.GetManifestContent(remoteImageRef) + defer service.rc.Close(ctx, remoteImageRef) + + _, remoteManifestDesc, isConverted, err := service.remote.GetOCIManifest(ctx, remoteRepo, tag) if err != nil { service.log.Error().Err(err).Str("repository", remoteRepo).Str("reference", tag). - Msg("couldn't get upstream image manifest details") + Msg("failed to get upstream image manifest details") - return "", err + return err } - if !isSupportedMediaType(mediaType) { - return "", zerr.ErrMediaTypeNotSupported + referrers, err := service.rc.ReferrerList(ctx, remoteImageRef) + if err != nil { + return err } if service.config.OnlySigned != nil && *service.config.OnlySigned && - !references.IsCosignTag(tag) && !common.IsReferrersTag(tag) { - signed := service.references.IsSigned(ctx, remoteRepo, manifestDigest.String()) + !isCosignTag(tag) && !common.IsReferrersTag(tag) { + signed := hasSignatureReferrers(referrers) if !signed { // skip unsigned images - service.log.Info().Str("image", remoteImageRef.DockerReference().String()). + service.log.Info().Str("image", remoteImageRef.CommonName()). Msg("skipping image without mandatory signature") - return "", zerr.ErrSyncImageNotSigned + return zerr.ErrSyncImageNotSigned } } - skipImage, err := service.destination.CanSkipImage(destinationRepo, tag, manifestDigest) + localImageRef, err := service.destination.GetImageReference(localRepo, tag) if err != nil { service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). - Str("repository", destinationRepo).Str("reference", tag). - Msg("couldn't check if the local image can be skipped") + Str("repo", localRepo).Str("reference", localImageRef.Tag).Msg("failed to get a local image reference") + + return err } - if !skipImage { - localImageRef, err := service.destination.GetImageReference(destinationRepo, tag) + defer service.rc.Close(ctx, localImageRef) + + // first sync image + skipped, err := service.syncReference(ctx, localRepo, remoteImageRef, localImageRef, remoteManifestDesc.Digest, false) + if err != nil { + return err + } + + shouldCommit = !skipped + + // // if image was skipped, then copy it's referrers if needed (they may have changed in the meantime) + // for _, desc := range referrers.Descriptors { + // remoteImageRef = remoteImageRef.SetDigest(desc.Digest.String()) + + // localImageRef = localImageRef.SetDigest(desc.Digest.String()) + + // skipped, err := service.syncReference(ctx, localRepo, remoteImageRef, localImageRef, desc.Digest, true) + // if err != nil { + // service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). + // Str("repo", localRepo).Str("local reference", localImageRef.Tag). + // Str("remote reference", remoteImageRef.Tag).Msg("failed to sync referrer") + // } + + // if skipped { + // service.log.Info().Str("repo", localRepo).Str("local reference", localImageRef.Tag). + // Str("remote reference", remoteImageRef.Tag).Msg("skipping syncing referrer because it's already synced") + // } else { + // shouldCommit = true + // } + // } + + tags, err := service.remote.GetTags(ctx, remoteRepo) + if err != nil { + service.log.Error().Str("errorType", common.TypeOf(err)).Str("repo", remoteRepo). + Err(err).Msg("error while getting tags for repo") + + return err + } + + ok, _ := service.syncAllRefs(ctx, tags, localRepo, remoteRepo, localImageRef, remoteImageRef) + if ok { + shouldCommit = true + } + + // remoteImageRef.Digest = "" + // localImageRef.Digest = "" + // for _, tag := range tags { + // if isCosignTag(tag) { + // remoteImageRef = remoteImageRef.SetTag(tag) + + // localImageRef = localImageRef.SetTag(tag) + + // skipped, err := service.syncReference(ctx, localRepo, remoteImageRef, localImageRef, "", true) + // if err != nil { + // service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). + // Str("repo", localRepo).Str("local reference", localImageRef.Tag). + // Str("remote reference", remoteImageRef.Tag).Msg("failed to sync referrer") + // } + + // if skipped { + // service.log.Info().Str("repo", localRepo).Str("local reference", localImageRef.Tag). + // Str("remote reference", remoteImageRef.Tag).Msg("skipping syncing referrer because it's already synced") + // } else { + // shouldCommit = true + // } + // } + // } + + // convert image to oci if needed + if isConverted { + localImageRef, err = mod.Apply(ctx, service.rc, localImageRef, + mod.WithRefTgt(localImageRef), + mod.WithManifestToOCI(), + mod.WithManifestToOCIReferrers(), + ) + if err != nil { + return err + } + + defer service.rc.Close(ctx, localImageRef) + } + + if shouldCommit { + err = service.destination.CommitAll(localRepo, localImageRef) if err != nil { service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). - Str("repository", destinationRepo).Str("reference", tag).Msg("couldn't get a local image reference") + Str("repo", localRepo).Str("reference", tag).Msg("failed to commit image to local image store") - return "", err + return err } + } - service.log.Info().Str("remote image", remoteImageRef.DockerReference().String()). - Str("local image", fmt.Sprintf("%s:%s", destinationRepo, tag)).Msg("syncing image") + service.log.Info().Str("repo", localRepo).Str("reference", tag).Msg("successfully synced image") - _, err = copy.Image(ctx, policyContext, localImageRef, remoteImageRef, ©Options) - if err != nil { - // cleanup in cases of copy.Image errors while copying. - if cErr := service.destination.CleanupImage(localImageRef, destinationRepo, tag); cErr != nil { - service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). - Str("local image", fmt.Sprintf("%s:%s", destinationRepo, tag)). - Msg("couldn't cleanup temp local image") - } + return nil +} + +func (service *BaseService) syncAllRefs(ctx context.Context, tags []string, localRepo, remoteRepo string, + localImageRef ref.Ref, remoteImageRef ref.Ref, +) (bool, error) { + seen := []string{} + return service.syncAll(ctx, tags, localRepo, remoteRepo, localImageRef, remoteImageRef, seen) +} + +func (service *BaseService) syncAll(ctx context.Context, tags []string, localRepo, remoteRepo string, + localImageRef ref.Ref, remoteImageRef ref.Ref, seen []string, +) (bool, error) { + if common.Contains(seen, remoteImageRef.Digest) { + return true, nil + } + + shouldCommit := false + + remoteDigest := godigest.Digest(remoteImageRef.Digest) + + if remoteImageRef.Tag != "" { + manifest, err := service.rc.ManifestHead(ctx, remoteImageRef, regclient.WithManifestRequireDigest()) + if err != nil { service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). - Str("remote image", remoteImageRef.DockerReference().String()). - Str("local image", fmt.Sprintf("%s:%s", destinationRepo, tag)).Msg("coulnd't sync image") + Str("repo", remoteRepo).Str("remote reference", remoteImageRef.Tag).Msg("failed to get manifest") - return "", err + return false, err } - err = service.destination.CommitImage(localImageRef, destinationRepo, tag) + remoteDigest = manifest.GetDescriptor().Digest + } + + seen = append(seen, remoteDigest.String()) + + referrers, err := service.rc.ReferrerList(ctx, remoteImageRef) + if err != nil { + return false, err + } + + for _, desc := range referrers.Descriptors { + remoteImageRef = remoteImageRef.SetDigest(desc.Digest.String()) + + localImageRef = localImageRef.SetDigest(desc.Digest.String()) + + skipped, err := service.syncReference(ctx, localRepo, remoteImageRef, localImageRef, desc.Digest, false) if err != nil { service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). - Str("repository", destinationRepo).Str("reference", tag).Msg("couldn't commit image to local image store") + Str("repo", localRepo).Str("local reference", localImageRef.Tag). + Str("remote reference", remoteImageRef.Tag).Msg("failed to sync referrer") + } - return "", err + if skipped { + service.log.Info().Str("repo", localRepo).Str("local reference", localImageRef.Tag). + Str("remote reference", remoteImageRef.Tag).Msg("skipping syncing referrer because it's already synced") + } else { + ok, _ := service.syncAll(ctx, tags, localRepo, remoteRepo, localImageRef, remoteImageRef, seen) + if ok { + shouldCommit = true + } } - } else { - service.log.Info().Str("image", remoteImageRef.DockerReference().String()). - Msg("skipping image because it's already synced") } - service.log.Info().Str("component", "sync"). - Str("image", remoteImageRef.DockerReference().String()).Msg("finished syncing image") + if remoteDigest != "" { + // try cosign + prefix := fmt.Sprintf("%s-%s.", remoteDigest.Algorithm(), remoteDigest.Encoded()) + for _, tag := range tags { + if strings.Contains(tag, prefix) { + remoteImageRef = remoteImageRef.SetTag(tag) - return manifestDigest, nil + localImageRef = localImageRef.SetTag(tag) + + skipped, err := service.syncReference(ctx, localRepo, remoteImageRef, localImageRef, remoteDigest, true) + if err != nil { + service.log.Error().Err(err).Str("errortype", common.TypeOf(err)). + Str("repo", localRepo).Str("local reference", localImageRef.Tag). + Str("remote reference", remoteImageRef.Tag).Msg("failed to sync referrer") + } + + if skipped { + service.log.Info().Str("repo", localRepo).Str("local reference", localImageRef.Tag). + Str("remote reference", remoteImageRef.Tag).Msg("skipping syncing referrer because it's already synced") + } else { + ok, _ := service.syncAll(ctx, tags, localRepo, remoteRepo, localImageRef, remoteImageRef, seen) + if ok { + shouldCommit = true + } + } + } + } + } + + return shouldCommit, err } func (service *BaseService) ResetCatalog() { @@ -503,9 +638,3 @@ func (service *BaseService) ResetCatalog() { service.repositories = []string{} } - -func (service *BaseService) SetNextAvailableURL() error { - service.log.Info().Msg("getting available client") - - return service.SetNextAvailableClient() -} diff --git a/pkg/extensions/sync/sync.go b/pkg/extensions/sync/sync.go index 1afd11172..125eb2d62 100644 --- a/pkg/extensions/sync/sync.go +++ b/pkg/extensions/sync/sync.go @@ -9,9 +9,9 @@ import ( "sync" "time" - "github.com/containers/common/pkg/retry" - "github.com/containers/image/v5/types" - "github.com/opencontainers/go-digest" + godigest "github.com/opencontainers/go-digest" + ispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/regclient/regclient/types/ref" "zotregistry.dev/zot/pkg/log" "zotregistry.dev/zot/pkg/scheduler" @@ -29,23 +29,14 @@ type Service interface { SyncRepo(ctx context.Context, repo string) error // used by periodically sync // Sync an image (repo:tag || repo:digest) into ImageStore. SyncImage(ctx context.Context, repo, reference string) error // used by sync on demand - // Sync a single reference for an image. - SyncReference(ctx context.Context, repo string, subjectDigestStr string, - referenceType string) error // used by sync on demand // Remove all internal catalog entries. ResetCatalog() // used by scheduler to empty out the catalog after a sync periodically roundtrip finishes - // Sync supports multiple urls per registry, before a sync repo/image/ref 'ping' each url. - SetNextAvailableURL() error // used by all sync methods - // Returns retry options from registry config. - GetRetryOptions() *retry.Options // used by sync on demand to retry in background } // Local and remote registries must implement this interface. type Registry interface { // Get temporary ImageReference, is used by functions in containers/image package - GetImageReference(repo string, tag string) (types.ImageReference, error) - // Get local oci layout context, is used by functions in containers/image package - GetContext() *types.SystemContext + GetImageReference(repo string, tag string) (ref.Ref, error) } /* @@ -59,26 +50,25 @@ type OciLayoutStorage interface { // Remote registry. type Remote interface { Registry + // Get host name + GetHostName() string // Get a list of repos (catalog) GetRepositories(ctx context.Context) ([]string, error) // Get a list of tags given a repo - GetRepoTags(repo string) ([]string, error) - // Get manifest content, mediaType, digest given an ImageReference - GetManifestContent(imageReference types.ImageReference) ([]byte, string, digest.Digest, error) - // In the case of public dockerhub images 'library' namespace is added to the repo names of images - // eg: alpine -> library/alpine - GetDockerRemoteRepo(repo string) string + GetTags(ctx context.Context, repo string) ([]string, error) + // Get manifest content, mediaType, descriptor given an image(if remote image is docker type then convert it to OCI) + GetOCIManifest(ctx context.Context, repo, reference string) ([]byte, ispec.Descriptor, bool, error) } // Local registry. type Destination interface { Registry - // Check if an image is already synced - CanSkipImage(repo, tag string, imageDigest digest.Digest) (bool, error) - // CommitImage moves a synced repo/ref from temporary oci layout to ImageStore - CommitImage(imageReference types.ImageReference, repo, tag string) error + // Check if descriptors are already synced + CanSkipImage(repo string, tag string, digest godigest.Digest) (bool, error) + // CommitAll moves a synced repo and all its manifests from temporary oci layout to ImageStore + CommitAll(repo string, imageReference ref.Ref) error // Removes image reference, used when copy.Image() errors out - CleanupImage(imageReference types.ImageReference, repo, reference string) error + CleanupImage(imageReference ref.Ref, repo string) error } type TaskGenerator struct { @@ -117,12 +107,6 @@ func (gen *TaskGenerator) Next() (scheduler.Task, error) { return nil, nil //nolint:nilnil } - if err := gen.Service.SetNextAvailableURL(); err != nil { - gen.increaseWaitTime() - - return nil, err - } - repo, err := gen.Service.GetNextRepo(gen.lastRepo) if err != nil { gen.increaseWaitTime() diff --git a/pkg/extensions/sync/sync_internal_test.go b/pkg/extensions/sync/sync_internal_test.go index 3609cb4a1..e1204691d 100644 --- a/pkg/extensions/sync/sync_internal_test.go +++ b/pkg/extensions/sync/sync_internal_test.go @@ -7,18 +7,11 @@ import ( "bytes" "context" "encoding/json" - "errors" - "fmt" "os" - "path" "testing" - dockerManifest "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/oci/layout" - "github.com/containers/image/v5/types" godigest "github.com/opencontainers/go-digest" ispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/rs/zerolog" . "github.com/smartystreets/goconvey/convey" zerr "zotregistry.dev/zot/errors" @@ -26,7 +19,6 @@ import ( syncconf "zotregistry.dev/zot/pkg/extensions/config/sync" "zotregistry.dev/zot/pkg/extensions/lint" "zotregistry.dev/zot/pkg/extensions/monitoring" - client "zotregistry.dev/zot/pkg/extensions/sync/httpclient" "zotregistry.dev/zot/pkg/log" mTypes "zotregistry.dev/zot/pkg/meta/types" "zotregistry.dev/zot/pkg/storage" @@ -34,139 +26,9 @@ import ( storageConstants "zotregistry.dev/zot/pkg/storage/constants" "zotregistry.dev/zot/pkg/storage/local" . "zotregistry.dev/zot/pkg/test/image-utils" - "zotregistry.dev/zot/pkg/test/inject" "zotregistry.dev/zot/pkg/test/mocks" - ociutils "zotregistry.dev/zot/pkg/test/oci-utils" ) -const ( - testImage = "zot-test" - testImageTag = "0.0.1" - - host = "127.0.0.1:45117" -) - -var ErrTestError = errors.New("testError") - -func TestInjectSyncUtils(t *testing.T) { - Convey("Inject errors in utils functions", t, func() { - repositoryReference := fmt.Sprintf("%s/%s", host, testImage) - ref, err := parseRepositoryReference(repositoryReference) - So(err, ShouldBeNil) - So(ref.Name(), ShouldEqual, repositoryReference) - - injected := inject.InjectFailure(0) - if injected { - _, err = getRepoTags(context.Background(), &types.SystemContext{}, host, testImage) - So(err, ShouldNotBeNil) - } - - injected = inject.InjectFailure(0) - _, err = getPolicyContext(log.NewLogger("debug", "")) - - if injected { - So(err, ShouldNotBeNil) - } else { - So(err, ShouldBeNil) - } - - log := log.Logger{Logger: zerolog.New(os.Stdout)} - metrics := monitoring.NewMetricsServer(false, log) - imageStore := local.NewImageStore(t.TempDir(), false, false, log, metrics, nil, nil, nil) - injected = inject.InjectFailure(0) - - ols := NewOciLayoutStorage(storage.StoreController{DefaultStore: imageStore}) - _, err = ols.GetImageReference(testImage, testImageTag) - - if injected { - So(err, ShouldNotBeNil) - } else { - So(err, ShouldBeNil) - } - }) -} - -func TestNilDefaultStore(t *testing.T) { - Convey("Nil default store", t, func() { - ols := NewOciLayoutStorage(storage.StoreController{}) - _, err := ols.GetImageReference(testImage, testImageTag) - So(err, ShouldEqual, zerr.ErrLocalImgStoreNotFound) - }) -} - -func TestSyncInternal(t *testing.T) { - Convey("Verify parseRepositoryReference func", t, func() { - repositoryReference := fmt.Sprintf("%s/%s", host, testImage) - ref, err := parseRepositoryReference(repositoryReference) - So(err, ShouldBeNil) - So(ref.Name(), ShouldEqual, repositoryReference) - - repositoryReference = fmt.Sprintf("%s/%s:tagged", host, testImage) - _, err = parseRepositoryReference(repositoryReference) - So(err, ShouldEqual, zerr.ErrInvalidRepositoryName) - - repositoryReference = fmt.Sprintf("http://%s/%s", host, testImage) - _, err = parseRepositoryReference(repositoryReference) - So(err, ShouldNotBeNil) - - repositoryReference = fmt.Sprintf("docker://%s/%s", host, testImage) - _, err = parseRepositoryReference(repositoryReference) - So(err, ShouldNotBeNil) - - _, err = getFileCredentials("/path/to/inexistent/file") - So(err, ShouldNotBeNil) - - tempFile, err := os.CreateTemp("", "sync-credentials-") - if err != nil { - panic(err) - } - - content := []byte(`{`) - if err := os.WriteFile(tempFile.Name(), content, 0o600); err != nil { - panic(err) - } - - _, err = getFileCredentials(tempFile.Name()) - So(err, ShouldNotBeNil) - - srcCtx := &types.SystemContext{} - _, err = getRepoTags(context.Background(), srcCtx, host, testImage) - So(err, ShouldNotBeNil) - - _, err = getRepoTags(context.Background(), srcCtx, host, testImage) - So(err, ShouldNotBeNil) - - _, err = getFileCredentials("/invalid/path/to/file") - So(err, ShouldNotBeNil) - - ok := isSupportedMediaType("unknown") - So(ok, ShouldBeFalse) - }) -} - -func TestRemoteRegistry(t *testing.T) { - Convey("test remote registry", t, func() { - logger := log.NewLogger("debug", "") - cfg := client.Config{ - URL: "url", - TLSVerify: false, - } - - client, err := client.New(cfg, logger) - So(err, ShouldBeNil) - - remote := NewRemoteRegistry(client, logger) - imageRef, err := layout.NewReference("dir", "image") - So(err, ShouldBeNil) - _, _, _, err = remote.GetManifestContent(imageRef) - So(err, ShouldNotBeNil) - - tags, err := remote.GetRepoTags("repo") - So(tags, ShouldBeEmpty) - So(err, ShouldNotBeNil) - }) -} - func TestService(t *testing.T) { Convey("trigger fetch tags error", t, func() { conf := syncconf.RegistryConfig{ @@ -181,29 +43,6 @@ func TestService(t *testing.T) { }) } -func TestSyncRepo(t *testing.T) { - Convey("trigger context error", t, func() { - conf := syncconf.RegistryConfig{ - URLs: []string{"http://localhost"}, - } - - service, err := New(conf, "", nil, os.TempDir(), storage.StoreController{}, mocks.MetaDBMock{}, log.Logger{}) - So(err, ShouldBeNil) - - service.remote = mocks.SyncRemote{ - GetRepoTagsFn: func(repo string) ([]string, error) { - return []string{"repo1", "repo2"}, nil - }, - } - - ctx, cancel := context.WithCancel(context.Background()) - cancel() - - err = service.SyncRepo(ctx, "repo") - So(err, ShouldEqual, ctx.Err()) - }) -} - func TestDestinationRegistry(t *testing.T) { Convey("make StoreController", t, func() { dir := t.TempDir() @@ -225,7 +64,7 @@ func TestDestinationRegistry(t *testing.T) { So(err, ShouldBeNil) So(imageReference, ShouldNotBeNil) - imgStore := getImageStoreFromImageReference(imageReference, repoName, "1.0", log) + imgStore := getImageStoreFromImageReference(repoName, imageReference, log) // create a blob/layer upload, err := imgStore.NewBlobUpload(repoName) @@ -313,7 +152,7 @@ func TestDestinationRegistry(t *testing.T) { So(ok, ShouldBeFalse) So(err, ShouldBeNil) - err = registry.CommitImage(imageReference, repoName, "1.0") + err = registry.CommitAll(repoName, imageReference) So(err, ShouldBeNil) }) @@ -321,7 +160,7 @@ func TestDestinationRegistry(t *testing.T) { err = os.Chmod(imgStore.BlobPath(repoName, indexDigest), 0o000) So(err, ShouldBeNil) - err = registry.CommitImage(imageReference, repoName, "1.0") + err = registry.CommitAll(repoName, imageReference) So(err, ShouldNotBeNil) }) @@ -340,7 +179,7 @@ func TestDestinationRegistry(t *testing.T) { storeController := storage.StoreController{DefaultStore: syncImgStore} registry := NewDestinationRegistry(storeController, storeController, nil, log) - err = registry.CommitImage(imageReference, repoName, "1.0") + err = registry.CommitAll(repoName, imageReference) So(err, ShouldBeNil) }) @@ -348,7 +187,7 @@ func TestDestinationRegistry(t *testing.T) { err = os.Chmod(imgStore.BlobPath(repoName, digest), 0o000) So(err, ShouldBeNil) - err = registry.CommitImage(imageReference, repoName, "1.0") + err = registry.CommitAll(repoName, imageReference) So(err, ShouldNotBeNil) }) @@ -356,7 +195,7 @@ func TestDestinationRegistry(t *testing.T) { err = os.Chmod(imgStore.BlobPath(repoName, bdgst1), 0o000) So(err, ShouldBeNil) - err = registry.CommitImage(imageReference, repoName, "1.0") + err = registry.CommitAll(repoName, imageReference) So(err, ShouldNotBeNil) }) @@ -367,7 +206,7 @@ func TestDestinationRegistry(t *testing.T) { err = os.Chmod(syncImgStore.BlobPath(repoName, indexDigest), 0o000) So(err, ShouldBeNil) - err = registry.CommitImage(imageReference, repoName, "1.0") + err = registry.CommitAll(repoName, imageReference) So(err, ShouldNotBeNil) }) @@ -383,7 +222,7 @@ func TestDestinationRegistry(t *testing.T) { }, }, log) - err = registry.CommitImage(imageReference, repoName, "1.0") + err = registry.CommitAll(repoName, imageReference) So(err, ShouldNotBeNil) }) @@ -395,7 +234,7 @@ func TestDestinationRegistry(t *testing.T) { }, }, log) - err = registry.CommitImage(imageReference, repoName, "1.0") + err = registry.CommitAll(repoName, imageReference) So(err, ShouldNotBeNil) }) @@ -404,7 +243,7 @@ func TestDestinationRegistry(t *testing.T) { So(err, ShouldBeNil) So(imageReference, ShouldNotBeNil) - imgStore := getImageStoreFromImageReference(imageReference, repoName, "2.0", log) + imgStore := getImageStoreFromImageReference(repoName, imageReference, log) // upload image @@ -473,206 +312,9 @@ func TestDestinationRegistry(t *testing.T) { So(ok, ShouldBeFalse) So(err, ShouldBeNil) - err = registry.CommitImage(imageReference, repoName, "2.0") + err = registry.CommitAll(repoName, imageReference) So(err, ShouldBeNil) }) }) }) } - -func TestConvertDockerToOCI(t *testing.T) { - Convey("test converting docker to oci functions", t, func() { - dir := t.TempDir() - - srcStorageCtlr := ociutils.GetDefaultStoreController(dir, log.NewLogger("debug", "")) - - err := WriteImageToFileSystem(CreateDefaultImage(), "zot-test", "0.0.1", srcStorageCtlr) - So(err, ShouldBeNil) - - imageRef, err := layout.NewReference(path.Join(dir, "zot-test"), "0.0.1") - So(err, ShouldBeNil) - - imageSource, err := imageRef.NewImageSource(context.Background(), &types.SystemContext{}) - So(err, ShouldBeNil) - - defer imageSource.Close() - - Convey("trigger Unmarshal manifest error", func() { - _, err = convertDockerManifestToOCI(imageSource, []byte{}) - So(err, ShouldNotBeNil) - }) - - Convey("trigger getImageConfigContent() error", func() { - manifestBuf, _, err := imageSource.GetManifest(context.Background(), nil) - So(err, ShouldBeNil) - - var manifest ispec.Manifest - - err = json.Unmarshal(manifestBuf, &manifest) - So(err, ShouldBeNil) - - err = os.Chmod(path.Join(dir, "zot-test", "blobs/sha256", manifest.Config.Digest.Encoded()), 0o000) - So(err, ShouldBeNil) - - _, err = convertDockerManifestToOCI(imageSource, manifestBuf) - So(err, ShouldNotBeNil) - }) - - Convey("trigger Unmarshal config error", func() { - manifestBuf, _, err := imageSource.GetManifest(context.Background(), nil) - So(err, ShouldBeNil) - - var manifest ispec.Manifest - - err = json.Unmarshal(manifestBuf, &manifest) - So(err, ShouldBeNil) - - err = os.WriteFile(path.Join(dir, "zot-test", "blobs/sha256", manifest.Config.Digest.Encoded()), - []byte{}, storageConstants.DefaultFilePerms) - So(err, ShouldBeNil) - - _, err = convertDockerManifestToOCI(imageSource, manifestBuf) - So(err, ShouldNotBeNil) - }) - - Convey("trigger convertDockerLayersToOCI error", func() { - manifestBuf, _, err := imageSource.GetManifest(context.Background(), nil) - So(err, ShouldBeNil) - - var manifest ispec.Manifest - - err = json.Unmarshal(manifestBuf, &manifest) - So(err, ShouldBeNil) - - manifestDigest := godigest.FromBytes(manifestBuf) - - manifest.Layers[0].MediaType = "unknown" - - newManifest, err := json.Marshal(manifest) - So(err, ShouldBeNil) - - err = os.WriteFile(path.Join(dir, "zot-test", "blobs/sha256", manifestDigest.Encoded()), - newManifest, storageConstants.DefaultFilePerms) - So(err, ShouldBeNil) - - _, err = convertDockerManifestToOCI(imageSource, manifestBuf) - So(err, ShouldNotBeNil) - }) - - Convey("trigger convertDockerIndexToOCI error", func() { - manifestBuf, _, err := imageSource.GetManifest(context.Background(), nil) - So(err, ShouldBeNil) - - _, err = convertDockerIndexToOCI(imageSource, manifestBuf) - So(err, ShouldNotBeNil) - - // make zot-test image an index image - - var manifest ispec.Manifest - - err = json.Unmarshal(manifestBuf, &manifest) - So(err, ShouldBeNil) - - dockerNewManifest := ispec.Manifest{ - MediaType: dockerManifest.DockerV2Schema2MediaType, - Config: manifest.Config, - Layers: manifest.Layers, - } - - dockerNewManifestBuf, err := json.Marshal(dockerNewManifest) - So(err, ShouldBeNil) - - dockerManifestDigest := godigest.FromBytes(manifestBuf) - - err = os.WriteFile(path.Join(dir, "zot-test", "blobs/sha256", dockerManifestDigest.Encoded()), - dockerNewManifestBuf, storageConstants.DefaultFilePerms) - So(err, ShouldBeNil) - - var index ispec.Index - - index.Manifests = append(index.Manifests, ispec.Descriptor{ - Digest: dockerManifestDigest, - Size: int64(len(dockerNewManifestBuf)), - MediaType: dockerManifest.DockerV2Schema2MediaType, - }) - - index.MediaType = dockerManifest.DockerV2ListMediaType - - dockerIndexBuf, err := json.Marshal(index) - So(err, ShouldBeNil) - - dockerIndexDigest := godigest.FromBytes(dockerIndexBuf) - - err = os.WriteFile(path.Join(dir, "zot-test", "blobs/sha256", dockerIndexDigest.Encoded()), - dockerIndexBuf, storageConstants.DefaultFilePerms) - So(err, ShouldBeNil) - - // write index.json - - var indexJSON ispec.Index - - indexJSONBuf, err := os.ReadFile(path.Join(dir, "zot-test", "index.json")) - So(err, ShouldBeNil) - - err = json.Unmarshal(indexJSONBuf, &indexJSON) - So(err, ShouldBeNil) - - indexJSON.Manifests = append(indexJSON.Manifests, ispec.Descriptor{ - Digest: dockerIndexDigest, - Size: int64(len(dockerIndexBuf)), - MediaType: ispec.MediaTypeImageIndex, - Annotations: map[string]string{ - ispec.AnnotationRefName: "0.0.2", - }, - }) - - indexJSONBuf, err = json.Marshal(indexJSON) - So(err, ShouldBeNil) - - err = os.WriteFile(path.Join(dir, "zot-test", "index.json"), indexJSONBuf, storageConstants.DefaultFilePerms) - So(err, ShouldBeNil) - - imageRef, err := layout.NewReference(path.Join(dir, "zot-test"), "0.0.2") - So(err, ShouldBeNil) - - imageSource, err := imageRef.NewImageSource(context.Background(), &types.SystemContext{}) - So(err, ShouldBeNil) - - _, err = convertDockerIndexToOCI(imageSource, dockerIndexBuf) - So(err, ShouldNotBeNil) - - err = os.Chmod(path.Join(dir, "zot-test", "blobs/sha256", dockerManifestDigest.Encoded()), 0o000) - So(err, ShouldBeNil) - - _, err = convertDockerIndexToOCI(imageSource, dockerIndexBuf) - So(err, ShouldNotBeNil) - }) - }) -} - -func TestConvertDockerLayersToOCI(t *testing.T) { - Convey("test converting docker to oci functions", t, func() { - dockerLayers := []ispec.Descriptor{ - { - MediaType: dockerManifest.DockerV2Schema2ForeignLayerMediaType, - }, - { - MediaType: dockerManifest.DockerV2Schema2ForeignLayerMediaTypeGzip, - }, - { - MediaType: dockerManifest.DockerV2SchemaLayerMediaTypeUncompressed, - }, - { - MediaType: dockerManifest.DockerV2Schema2LayerMediaType, - }, - } - - err := convertDockerLayersToOCI(dockerLayers) - So(err, ShouldBeNil) - - So(dockerLayers[0].MediaType, ShouldEqual, ispec.MediaTypeImageLayerNonDistributable) //nolint: staticcheck - So(dockerLayers[1].MediaType, ShouldEqual, ispec.MediaTypeImageLayerNonDistributableGzip) //nolint: staticcheck - So(dockerLayers[2].MediaType, ShouldEqual, ispec.MediaTypeImageLayer) - So(dockerLayers[3].MediaType, ShouldEqual, ispec.MediaTypeImageLayerGzip) - }) -} diff --git a/pkg/extensions/sync/sync_test.go b/pkg/extensions/sync/sync_test.go index 85c81c4bb..cf07cb41d 100644 --- a/pkg/extensions/sync/sync_test.go +++ b/pkg/extensions/sync/sync_test.go @@ -70,10 +70,12 @@ const ( ) var ( + maxRetries = 1 //nolint: gochecknoglobals username = "test" //nolint: gochecknoglobals password = "test" //nolint: gochecknoglobals errSync = errors.New("sync error, src oci repo differs from dest one") errBadStatus = errors.New("bad http status") + ErrTestError = errors.New("testError") ) type TagsList struct { @@ -286,10 +288,11 @@ func TestOnDemand(t *testing.T) { }, }, }, - URLs: []string{srcBaseURL}, - TLSVerify: &tlsVerify, - CertDir: "", - OnDemand: true, + URLs: []string{srcBaseURL}, + TLSVerify: &tlsVerify, + CertDir: "", + OnDemand: true, + MaxRetries: &maxRetries, } Convey("Verify sync on demand feature with one registryConfig", func() { @@ -555,6 +558,7 @@ func TestOnDemand(t *testing.T) { hostname, err := os.Hostname() So(err, ShouldBeNil) + So(hostname, ShouldNotBeEmpty) syncRegistryConfig := syncconf.RegistryConfig{ Content: []syncconf.Content{ @@ -568,8 +572,10 @@ func TestOnDemand(t *testing.T) { }, // include self url, should be ignored URLs: []string{ - "http://" + hostname, destBaseURL, - srcBaseURL, "http://localhost:" + destPort, + fmt.Sprintf("http://%s:%s", hostname, destPort), //nolint:nosprintfhostport + destBaseURL, + srcBaseURL, + "http://localhost:" + destPort, }, TLSVerify: &tlsVerify, CertDir: "", @@ -602,7 +608,7 @@ func TestOnDemand(t *testing.T) { sm mTypes.SignatureMetadata, ) error { if sm.SignatureType == zcommon.CosignSignature || sm.SignatureType == zcommon.NotationSignature { - return sync.ErrTestError + return ErrTestError } return nil @@ -612,7 +618,7 @@ func TestOnDemand(t *testing.T) { (strings.HasSuffix(reference, remote.SignatureTagSuffix) || strings.HasSuffix(reference, remote.SBOMTagSuffix)) || strings.HasPrefix(reference, "sha256:") { - return sync.ErrTestError + return ErrTestError } // don't return err for normal image with tag @@ -717,7 +723,7 @@ func TestOnDemand(t *testing.T) { }, // include self url, should be ignored URLs: []string{ - "http://" + hostname, destBaseURL, + fmt.Sprintf("http://%s:%s", hostname, destPort), destBaseURL, //nolint:nosprintfhostport srcBaseURL, "http://localhost:" + destPort, }, TLSVerify: &tlsVerify, @@ -749,7 +755,7 @@ func TestOnDemand(t *testing.T) { dctlr.MetaDB = mocks.MetaDBMock{ SetRepoReferenceFn: func(ctx context.Context, repo, reference string, imageMeta mTypes.ImageMeta) error { if imageMeta.Digest.String() == ociRefImage.ManifestDescriptor.Digest.String() { - return sync.ErrTestError + return ErrTestError } return nil @@ -1968,7 +1974,7 @@ func TestPermsDenied(t *testing.T) { dcm.StartAndWait(destPort) found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "couldn't get a local image reference", 50*time.Second) + "failed to sync image", 50*time.Second) if err != nil { panic(err) } @@ -2343,7 +2349,7 @@ func TestMandatoryAnnotations(t *testing.T) { defer dcm.StopServer() found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "couldn't upload manifest because of missing annotations", 15*time.Second) + "failed to upload manifest because of missing annotations", 15*time.Second) if err != nil { panic(err) } @@ -2412,7 +2418,7 @@ func TestBadTLS(t *testing.T) { defer dcm.StopServer() found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "x509: certificate signed by unknown authority", 15*time.Second) + "tls: failed to verify certificate: x509: certificate signed by unknown authority", 40*time.Second) if err != nil { panic(err) } @@ -2517,7 +2523,7 @@ func TestTLS(t *testing.T) { Registries: []syncconf.RegistryConfig{syncRegistryConfig}, } - dctlr, _, destDir, _ := makeDownstreamServer(t, true, syncConfig) + dctlr, destBaseURL, destDir, destClient := makeDownstreamServer(t, true, syncConfig) dcm := test.NewControllerManager(dctlr) dcm.StartAndWait(dctlr.Config.HTTP.Port) @@ -2549,6 +2555,10 @@ func TestTLS(t *testing.T) { } waitSyncFinish(dctlr.Config.Log.Output) + + resp, err := destClient.R().Get(destBaseURL + "/v2/" + testImage + "/manifests/" + testImageTag) + So(err, ShouldBeNil) + So(resp.StatusCode(), ShouldEqual, http.StatusOK) }) } @@ -2996,7 +3006,7 @@ func TestBasicAuth(t *testing.T) { defer dcm.StopServer() found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "authentication required", 15*time.Second) + "unauthorized", 15*time.Second) if err != nil { panic(err) } @@ -4114,7 +4124,7 @@ func TestMultipleURLs(t *testing.T) { }, }, }, - URLs: []string{"badURL", "@!#!$#@%", "http://invalid.invalid/invalid/", srcBaseURL}, + URLs: []string{"http://badURL", srcBaseURL}, PollInterval: updateDuration, TLSVerify: &tlsVerify, CertDir: "", @@ -4292,105 +4302,179 @@ func TestPeriodicallySignaturesErr(t *testing.T) { imageManifestDigest := srcIndex.Manifests[0].Digest - Convey("Trigger error on image manifest", func() { - // trigger permission denied on image manifest - manifestPath := path.Join(srcDir, repoName, "blobs", - string(imageManifestDigest.Algorithm()), imageManifestDigest.Encoded()) - err = os.Chmod(manifestPath, 0o000) - So(err, ShouldBeNil) + // Convey("Trigger error on image manifest", func() { + // // trigger permission denied on image manifest + // manifestPath := path.Join(srcDir, repoName, "blobs", + // string(imageManifestDigest.Algorithm()), imageManifestDigest.Encoded()) + // err = os.Chmod(manifestPath, 0o000) + // So(err, ShouldBeNil) - dctlr, destBaseURL, _, _ := makeDownstreamServer(t, false, syncConfig) + // dctlr, destBaseURL, _, _ := makeDownstreamServer(t, false, syncConfig) - dcm := test.NewControllerManager(dctlr) - dcm.StartAndWait(dctlr.Config.HTTP.Port) + // dcm := test.NewControllerManager(dctlr) + // dcm.StartAndWait(dctlr.Config.HTTP.Port) - defer dcm.StopServer() + // defer dcm.StopServer() - found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "finished syncing all repos", 15*time.Second) - if err != nil { - panic(err) - } + // found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, + // "failed to get upstream image manifest details", 60*time.Second) + // if err != nil { + // panic(err) + // } - if !found { - data, err := os.ReadFile(dctlr.Config.Log.Output) - So(err, ShouldBeNil) + // if !found { + // data, err := os.ReadFile(dctlr.Config.Log.Output) + // So(err, ShouldBeNil) - t.Logf("downstream log: %s", string(data)) - } + // t.Logf("downstream log: %s", string(data)) + // } - So(found, ShouldBeTrue) + // So(found, ShouldBeTrue) - // should not be synced nor sync on demand - resp, err := resty.R().Get(destBaseURL + "/v2/" + repoName + "/manifests/" + testImageTag) - So(err, ShouldBeNil) - So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) - }) + // // should not be synced nor sync on demand + // resp, err := resty.R().Get(destBaseURL + "/v2/" + repoName + "/manifests/" + testImageTag) + // So(err, ShouldBeNil) + // So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) + // }) - Convey("Trigger error on cosign signature", func() { - // trigger permission error on cosign signature on upstream - cosignTag := string(imageManifestDigest.Algorithm()) + "-" + imageManifestDigest.Encoded() + - "." + remote.SignatureTagSuffix + // Convey("Trigger error on cosign signature", func() { + // // trigger permission error on cosign signature on upstream + // cosignTag := string(imageManifestDigest.Algorithm()) + "-" + imageManifestDigest.Encoded() + + // "." + remote.SignatureTagSuffix - getCosignManifestURL := srcBaseURL + path.Join(constants.RoutePrefix, repoName, "manifests", cosignTag) - mResp, err := resty.R().Get(getCosignManifestURL) - So(err, ShouldBeNil) + // getCosignManifestURL := srcBaseURL + path.Join(constants.RoutePrefix, repoName, "manifests", cosignTag) + // mResp, err := resty.R().Get(getCosignManifestURL) + // So(err, ShouldBeNil) - var cm ispec.Manifest + // var cm ispec.Manifest - err = json.Unmarshal(mResp.Body(), &cm) - So(err, ShouldBeNil) + // err = json.Unmarshal(mResp.Body(), &cm) + // So(err, ShouldBeNil) - for _, blob := range cm.Layers { - blobPath := path.Join(srcDir, repoName, "blobs", string(blob.Digest.Algorithm()), blob.Digest.Encoded()) - err := os.Chmod(blobPath, 0o000) - So(err, ShouldBeNil) - } + // for _, blob := range cm.Layers { + // blobPath := path.Join(srcDir, repoName, "blobs", string(blob.Digest.Algorithm()), blob.Digest.Encoded()) + // err := os.Chmod(blobPath, 0o000) + // So(err, ShouldBeNil) + // } - // start downstream server - dctlr, destBaseURL, _, _ := makeDownstreamServer(t, false, syncConfig) + // // start downstream server + // dctlr, destBaseURL, _, _ := makeDownstreamServer(t, false, syncConfig) - dcm := test.NewControllerManager(dctlr) - dcm.StartAndWait(dctlr.Config.HTTP.Port) - defer dcm.StopServer() + // dcm := test.NewControllerManager(dctlr) + // dcm.StartAndWait(dctlr.Config.HTTP.Port) + // defer dcm.StopServer() - found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "finished syncing all repos", 15*time.Second) - if err != nil { - panic(err) - } + // found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, + // "failed to sync image", 60*time.Second) + // if err != nil { + // panic(err) + // } - if !found { - data, err := os.ReadFile(dctlr.Config.Log.Output) - So(err, ShouldBeNil) + // if !found { + // data, err := os.ReadFile(dctlr.Config.Log.Output) + // So(err, ShouldBeNil) - t.Logf("downstream log: %s", string(data)) - } + // t.Logf("downstream log: %s", string(data)) + // } - So(found, ShouldBeTrue) + // So(found, ShouldBeTrue) - // should not be synced nor sync on demand - resp, err := resty.R().Get(destBaseURL + "/v2/" + repoName + "/manifests/" + cosignTag) - So(err, ShouldBeNil) - So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) + // // should not be synced nor sync on demand + // resp, err := resty.R().Get(destBaseURL + "/v2/" + repoName + "/manifests/" + cosignTag) + // So(err, ShouldBeNil) + // So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) - data, err := os.ReadFile(dctlr.Config.Log.Output) - So(err, ShouldBeNil) + // data, err := os.ReadFile(dctlr.Config.Log.Output) + // So(err, ShouldBeNil) - t.Logf("downstream log: %s", string(data)) - }) + // t.Logf("downstream log: %s", string(data)) + // }) + + // Convey("Trigger error on notary signature", func() { + // // trigger permission error on notary signature on upstream + // notaryURLPath := path.Join("/v2/", repoName, "referrers", imageManifestDigest.String()) + + // // based on image manifest digest get referrers + // resp, err := resty.R(). + // SetHeader("Content-Type", "application/json"). + // SetQueryParam("artifactType", "application/vnd.cncf.notary.signature"). + // Get(srcBaseURL + notaryURLPath) + + // So(err, ShouldBeNil) + // So(resp, ShouldNotBeEmpty) + + // var referrers ispec.Index + + // err = json.Unmarshal(resp.Body(), &referrers) + // So(err, ShouldBeNil) + + // // read manifest + // var artifactManifest ispec.Manifest + + // for _, ref := range referrers.Manifests { + // refPath := path.Join(srcDir, repoName, "blobs", string(ref.Digest.Algorithm()), ref.Digest.Encoded()) + // body, err := os.ReadFile(refPath) + // So(err, ShouldBeNil) - Convey("Trigger error on notary signature", func() { - // trigger permission error on notary signature on upstream - notaryURLPath := path.Join("/v2/", repoName, "referrers", imageManifestDigest.String()) + // err = json.Unmarshal(body, &artifactManifest) + // So(err, ShouldBeNil) + + // // triggers perm denied on sig blobs + // for _, blob := range artifactManifest.Layers { + // blobPath := path.Join(srcDir, repoName, "blobs", string(blob.Digest.Algorithm()), blob.Digest.Encoded()) + // err := os.Chmod(blobPath, 0o000) + // So(err, ShouldBeNil) + // } + // } + + // // start downstream server + // dctlr, destBaseURL, _, _ := makeDownstreamServer(t, false, syncConfig) + + // dcm := test.NewControllerManager(dctlr) + // dcm.StartAndWait(dctlr.Config.HTTP.Port) + // defer dcm.StopServer() + + // found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, + // "failed to sync image", 30*time.Second) + // if err != nil { + // panic(err) + // } + + // if !found { + // data, err := os.ReadFile(dctlr.Config.Log.Output) + // So(err, ShouldBeNil) + + // t.Logf("downstream log: %s", string(data)) + // } + + // So(found, ShouldBeTrue) + + // // should not be synced nor sync on demand + // resp, err = resty.R().SetHeader("Content-Type", "application/json"). + // SetQueryParam("artifactType", "application/vnd.cncf.notary.signature"). + // Get(destBaseURL + notaryURLPath) + // So(err, ShouldBeNil) + // So(resp.StatusCode(), ShouldEqual, http.StatusOK) + + // var index ispec.Index + + // err = json.Unmarshal(resp.Body(), &index) + // So(err, ShouldBeNil) + + // So(len(index.Manifests), ShouldEqual, 0) + // }) + + Convey("Trigger error on oci ref", func() { + artifactURLPath := path.Join("/v2", repoName, "referrers", imageManifestDigest.String()) // based on image manifest digest get referrers resp, err := resty.R(). SetHeader("Content-Type", "application/json"). - SetQueryParam("artifactType", "application/vnd.cncf.notary.signature"). - Get(srcBaseURL + notaryURLPath) + SetQueryParam("artifactType", "application/vnd.cncf.icecream"). + Get(srcBaseURL + artifactURLPath) So(err, ShouldBeNil) + So(resp.StatusCode(), ShouldEqual, http.StatusOK) So(resp, ShouldNotBeEmpty) var referrers ispec.Index @@ -4409,14 +4493,24 @@ func TestPeriodicallySignaturesErr(t *testing.T) { err = json.Unmarshal(body, &artifactManifest) So(err, ShouldBeNil) - // triggers perm denied on sig blobs + // triggers perm denied on artifact blobs for _, blob := range artifactManifest.Layers { blobPath := path.Join(srcDir, repoName, "blobs", string(blob.Digest.Algorithm()), blob.Digest.Encoded()) err := os.Chmod(blobPath, 0o000) So(err, ShouldBeNil) + + break } } + // start downstream server + updateDuration, err = time.ParseDuration("10m") + So(err, ShouldBeNil) + retries := 1 + syncConfig.Registries[0].PollInterval = updateDuration + syncConfig.Registries[0].MaxRetries = &retries + // syncConfig.Registries[0].OnDemand = false + // start downstream server dctlr, destBaseURL, _, _ := makeDownstreamServer(t, false, syncConfig) @@ -4425,7 +4519,7 @@ func TestPeriodicallySignaturesErr(t *testing.T) { defer dcm.StopServer() found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "finished syncing all repos", 15*time.Second) + "failed to sync image", 30*time.Second) if err != nil { panic(err) } @@ -4440,9 +4534,10 @@ func TestPeriodicallySignaturesErr(t *testing.T) { So(found, ShouldBeTrue) // should not be synced nor sync on demand - resp, err = resty.R().SetHeader("Content-Type", "application/json"). - SetQueryParam("artifactType", "application/vnd.cncf.notary.signature"). - Get(destBaseURL + notaryURLPath) + resp, err = resty.R(). + SetHeader("Content-Type", "application/json"). + SetQueryParam("artifactType", "application/vnd.cncf.icecream"). + Get(destBaseURL + artifactURLPath) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -4450,213 +4545,19 @@ func TestPeriodicallySignaturesErr(t *testing.T) { err = json.Unmarshal(resp.Body(), &index) So(err, ShouldBeNil) - So(len(index.Manifests), ShouldEqual, 0) }) - - Convey("Trigger error on oci refs of both mediatypes", func() { - artifactURLPath := path.Join("/v2", repoName, "referrers", imageManifestDigest.String()) - - // based on image manifest digest get referrers - resp, err := resty.R(). - SetHeader("Content-Type", "application/json"). - SetQueryParam("artifactType", "application/vnd.cncf.icecream"). - Get(srcBaseURL + artifactURLPath) - - So(err, ShouldBeNil) - So(resp.StatusCode(), ShouldEqual, http.StatusOK) - So(resp, ShouldNotBeEmpty) - - var referrers ispec.Index - - err = json.Unmarshal(resp.Body(), &referrers) - So(err, ShouldBeNil) - - Convey("of type OCI image", func() { //nolint: dupl - // read manifest - var artifactManifest ispec.Manifest - - for _, ref := range referrers.Manifests { - refPath := path.Join(srcDir, repoName, "blobs", string(ref.Digest.Algorithm()), ref.Digest.Encoded()) - body, err := os.ReadFile(refPath) - So(err, ShouldBeNil) - - err = json.Unmarshal(body, &artifactManifest) - So(err, ShouldBeNil) - - // triggers perm denied on artifact blobs - for _, blob := range artifactManifest.Layers { - blobPath := path.Join(srcDir, repoName, "blobs", string(blob.Digest.Algorithm()), blob.Digest.Encoded()) - err := os.Chmod(blobPath, 0o000) - So(err, ShouldBeNil) - } - } - - // start downstream server - updateDuration, err = time.ParseDuration("1s") - So(err, ShouldBeNil) - - syncConfig.Registries[0].PollInterval = updateDuration - - // start downstream server - dctlr, destBaseURL, _, _ := makeDownstreamServer(t, false, syncConfig) - - dcm := test.NewControllerManager(dctlr) - dcm.StartAndWait(dctlr.Config.HTTP.Port) - defer dcm.StopServer() - - found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "couldn't sync image referrer", 15*time.Second) - if err != nil { - panic(err) - } - - if !found { - data, err := os.ReadFile(dctlr.Config.Log.Output) - So(err, ShouldBeNil) - - t.Logf("downstream log: %s", string(data)) - } - - So(found, ShouldBeTrue) - - // should not be synced nor sync on demand - resp, err = resty.R(). - SetHeader("Content-Type", "application/json"). - SetQueryParam("artifactType", "application/vnd.cncf.icecream"). - Get(destBaseURL + artifactURLPath) - So(err, ShouldBeNil) - So(resp.StatusCode(), ShouldEqual, http.StatusOK) - - var index ispec.Index - - err = json.Unmarshal(resp.Body(), &index) - So(err, ShouldBeNil) - So(len(index.Manifests), ShouldEqual, 0) - }) - - Convey("of type OCI artifact", func() { //nolint: dupl - // read manifest - var artifactManifest ispec.Manifest - - for _, ref := range referrers.Manifests { - refPath := path.Join(srcDir, repoName, "blobs", string(ref.Digest.Algorithm()), ref.Digest.Encoded()) - body, err := os.ReadFile(refPath) - So(err, ShouldBeNil) - - err = json.Unmarshal(body, &artifactManifest) - So(err, ShouldBeNil) - - // triggers perm denied on artifact blobs - for _, blob := range artifactManifest.Layers { - blobPath := path.Join(srcDir, repoName, "blobs", string(blob.Digest.Algorithm()), blob.Digest.Encoded()) - err := os.Chmod(blobPath, 0o000) - So(err, ShouldBeNil) - } - } - - // start downstream server - dctlr, destBaseURL, _, _ := makeDownstreamServer(t, false, syncConfig) - - dcm := test.NewControllerManager(dctlr) - dcm.StartAndWait(dctlr.Config.HTTP.Port) - defer dcm.StopServer() - - found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "couldn't sync image referrer", 15*time.Second) - if err != nil { - panic(err) - } - - if !found { - data, err := os.ReadFile(dctlr.Config.Log.Output) - So(err, ShouldBeNil) - - t.Logf("downstream log: %s", string(data)) - } - - So(found, ShouldBeTrue) - - // should not be synced nor sync on demand - resp, err = resty.R(). - SetHeader("Content-Type", "application/json"). - SetQueryParam("artifactType", "application/vnd.cncf.icecream"). - Get(destBaseURL + artifactURLPath) - So(err, ShouldBeNil) - So(resp.StatusCode(), ShouldEqual, http.StatusOK) - - var index ispec.Index - - err = json.Unmarshal(resp.Body(), &index) - So(err, ShouldBeNil) - So(len(index.Manifests), ShouldEqual, 0) - }) - - Convey("of type OCI image, error on downstream in canSkipReference()", func() { //nolint: dupl - // start downstream server - updateDuration, err = time.ParseDuration("1s") - So(err, ShouldBeNil) - - syncConfig.Registries[0].PollInterval = updateDuration - dctlr, _, destDir, _ := makeDownstreamServer(t, false, syncConfig) - - dcm := test.NewControllerManager(dctlr) - dcm.StartAndWait(dctlr.Config.HTTP.Port) - defer dcm.StopServer() - - found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "finished syncing all repos", 15*time.Second) - if err != nil { - panic(err) - } - - if !found { - data, err := os.ReadFile(dctlr.Config.Log.Output) - So(err, ShouldBeNil) - - t.Logf("downstream log: %s", string(data)) - } - - So(found, ShouldBeTrue) - - time.Sleep(time.Second) - - blob := referrers.Manifests[0] - blobsDir := path.Join(destDir, repoName, "blobs", string(blob.Digest.Algorithm())) - blobPath := path.Join(blobsDir, blob.Digest.Encoded()) - err = os.MkdirAll(blobsDir, storageConstants.DefaultDirPerms) - So(err, ShouldBeNil) - err = os.WriteFile(blobPath, []byte("blob"), storageConstants.DefaultFilePerms) - So(err, ShouldBeNil) - err = os.Chmod(blobPath, 0o000) - So(err, ShouldBeNil) - - found, err = test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "couldn't check if the upstream oci references for image can be skipped", 30*time.Second) - if err != nil { - panic(err) - } - - if !found { - data, err := os.ReadFile(dctlr.Config.Log.Output) - So(err, ShouldBeNil) - - t.Logf("downstream log: %s", string(data)) - } - - So(found, ShouldBeTrue) - }) - }) }) } func TestSignatures(t *testing.T) { Convey("Verify sync signatures", t, func() { - updateDuration, _ := time.ParseDuration("30m") + updateDuration, _ := time.ParseDuration("1m") sctlr, srcBaseURL, srcDir, _, _ := makeUpstreamServer(t, false, false) scm := test.NewControllerManager(sctlr) + scm.StartAndWait(sctlr.Config.HTTP.Port) defer scm.StopServer() @@ -4753,7 +4654,7 @@ func TestSignatures(t *testing.T) { syncRegistryConfig := syncconf.RegistryConfig{ Content: []syncconf.Content{ { - Prefix: "**", + Prefix: repoName, Tags: &syncconf.Tags{ Regex: ®ex, Semver: &semver, @@ -4766,6 +4667,7 @@ func TestSignatures(t *testing.T) { CertDir: "", OnlySigned: &onlySigned, OnDemand: true, + MaxRetries: &maxRetries, } defaultVal := true @@ -4781,31 +4683,15 @@ func TestSignatures(t *testing.T) { defer dcm.StopServer() - // wait for sync - var destTagsList TagsList - - for { - resp, err := destClient.R().Get(destBaseURL + "/v2/" + repoName + "/tags/list") - if err != nil { - panic(err) - } - - err = json.Unmarshal(resp.Body(), &destTagsList) - if err != nil { - panic(err) - } - - if len(destTagsList.Tags) > 0 { - break - } - - time.Sleep(500 * time.Millisecond) - } + // sync image with all its refs + resp, err = destClient.R().Get(destBaseURL + "/v2/" + repoName + "/manifests/" + testImageTag) + So(err, ShouldBeNil) + So(resp.StatusCode(), ShouldEqual, http.StatusOK) splittedURL = strings.SplitAfter(destBaseURL, ":") destPort := splittedURL[len(splittedURL)-1] - time.Sleep(1 * time.Second) + time.Sleep(5 * time.Second) // notation verify the image image := fmt.Sprintf("localhost:%s/%s@%s", destPort, repoName, digest) @@ -4834,7 +4720,6 @@ func TestSignatures(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusOK) var index ispec.Index - err = json.Unmarshal(resp.Body(), &index) So(err, ShouldBeNil) @@ -5295,7 +5180,6 @@ func TestSyncedSignaturesMetaDB(t *testing.T) { Convey("Verify that metadb update correctly when syncing a signature", t, func() { repoName := "signed-repo" tag := "random-signed-image" - updateDuration := 30 * time.Minute // Create source registry @@ -5341,11 +5225,10 @@ func TestSyncedSignaturesMetaDB(t *testing.T) { Tags: &syncconf.Tags{Regex: ®ex, Semver: &semver}, }, }, - URLs: []string{srcBaseURL}, - PollInterval: updateDuration, - TLSVerify: &tlsVerify, - CertDir: "", - OnDemand: true, + URLs: []string{srcBaseURL}, + TLSVerify: &tlsVerify, + CertDir: "", + OnDemand: true, }, }, } @@ -5363,10 +5246,12 @@ func TestSyncedSignaturesMetaDB(t *testing.T) { So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) + // regclient will put all referrers under ref tag "alg-subjectDigest" repoMeta, err := dctlr.MetaDB.GetRepoMeta(context.Background(), repoName) So(err, ShouldBeNil) So(repoMeta.Tags, ShouldContainKey, tag) - So(len(repoMeta.Tags), ShouldEqual, 1) + // one tag for refs and the tag we pushed earlier + So(len(repoMeta.Tags), ShouldEqual, 2) So(repoMeta.Signatures, ShouldContainKey, signedImage.DigestStr()) imageSignatures := repoMeta.Signatures[signedImage.DigestStr()] @@ -5450,7 +5335,7 @@ func TestOnDemandRetryGoroutine(t *testing.T) { // in the meantime ondemand should retry syncing found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "successfully synced image", 15*time.Second) + "successfully synced image", 60*time.Second) if err != nil { panic(err) } @@ -5578,7 +5463,7 @@ func TestOnDemandRetryGoroutineErr(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "failed to copy image", 15*time.Second) + "failed to sync image", 15*time.Second) if err != nil { panic(err) } @@ -5701,7 +5586,7 @@ func TestOnDemandMultipleImage(t *testing.T) { time.Sleep(500 * time.Millisecond) } - waitSync(destDir, testImage) + // waitSync(destDir, testImage) So(len(populatedDirs), ShouldEqual, 1) @@ -5847,10 +5732,11 @@ func TestSignaturesOnDemand(t *testing.T) { var tlsVerify bool syncRegistryConfig := syncconf.RegistryConfig{ - URLs: []string{srcBaseURL}, - TLSVerify: &tlsVerify, - CertDir: "", - OnDemand: true, + URLs: []string{srcBaseURL}, + TLSVerify: &tlsVerify, + CertDir: "", + OnDemand: true, + MaxRetries: &maxRetries, } defaultVal := true @@ -6036,7 +5922,7 @@ func TestSignaturesOnDemand(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusOK) found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "couldn't find any oci reference", 15*time.Second) + "failed to sync referrer", 15*time.Second) if err != nil { panic(err) } @@ -6081,10 +5967,11 @@ func TestOnlySignaturesOnDemand(t *testing.T) { var tlsVerify bool syncRegistryConfig := syncconf.RegistryConfig{ - URLs: []string{srcBaseURL}, - TLSVerify: &tlsVerify, - CertDir: "", - OnDemand: true, + URLs: []string{srcBaseURL}, + TLSVerify: &tlsVerify, + CertDir: "", + OnDemand: true, + MaxRetries: &maxRetries, } syncBadRegistryConfig := syncconf.RegistryConfig{ @@ -6491,7 +6378,7 @@ func TestSyncSignaturesDiff(t *testing.T) { time.Sleep(500 * time.Millisecond) } - time.Sleep(3 * time.Second) + time.Sleep(15 * time.Second) splittedURL = strings.SplitAfter(destBaseURL, ":") destPort := splittedURL[len(splittedURL)-1] @@ -6522,7 +6409,7 @@ func TestSyncSignaturesDiff(t *testing.T) { So(func() { signImage(tdir, srcPort, repoName, digest) }, ShouldNotPanic) // wait for signatures - time.Sleep(12 * time.Second) + time.Sleep(15 * time.Second) // notation verify the image image = fmt.Sprintf("localhost:%s/%s:%s", destPort, repoName, testImageTag) @@ -6614,7 +6501,7 @@ func TestSyncSignaturesDiff(t *testing.T) { So(reflect.DeepEqual(cosignManifest, syncedCosignManifest), ShouldEqual, true) found, err := test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "skipping syncing cosign reference", 15*time.Second) + "skipping syncing referrer because it's already synced", 30*time.Second) if err != nil { panic(err) } @@ -6629,7 +6516,7 @@ func TestSyncSignaturesDiff(t *testing.T) { So(found, ShouldBeTrue) found, err = test.ReadLogFileAndSearchString(dctlr.Config.Log.Output, - "skipping oci references", 15*time.Second) + "skipping syncing referrer because it's already synced", 30*time.Second) if err != nil { panic(err) } diff --git a/pkg/extensions/sync/utils.go b/pkg/extensions/sync/utils.go index 16aab5e69..95281344b 100644 --- a/pkg/extensions/sync/utils.go +++ b/pkg/extensions/sync/utils.go @@ -4,29 +4,16 @@ package sync import ( - "bytes" - "context" "encoding/json" - "fmt" - "io" + "net/url" "os" + "path" "strings" - "github.com/containers/image/v5/copy" - "github.com/containers/image/v5/docker" - "github.com/containers/image/v5/docker/reference" - "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/pkg/blobinfocache/none" - "github.com/containers/image/v5/signature" - "github.com/containers/image/v5/types" "github.com/opencontainers/go-digest" ispec "github.com/opencontainers/image-spec/specs-go/v1" - zerr "zotregistry.dev/zot/errors" - "zotregistry.dev/zot/pkg/common" syncconf "zotregistry.dev/zot/pkg/extensions/config/sync" - "zotregistry.dev/zot/pkg/log" - "zotregistry.dev/zot/pkg/test/inject" ) // Get sync.FileCredentials from file. @@ -46,71 +33,6 @@ func getFileCredentials(filepath string) (syncconf.CredentialsFile, error) { return creds, nil } -func getUpstreamContext(certDir, username, password string, tlsVerify bool) *types.SystemContext { - upstreamCtx := &types.SystemContext{} - upstreamCtx.DockerCertPath = certDir - upstreamCtx.DockerDaemonCertPath = certDir - - if tlsVerify { - upstreamCtx.DockerDaemonInsecureSkipTLSVerify = false - upstreamCtx.DockerInsecureSkipTLSVerify = types.NewOptionalBool(false) - } else { - upstreamCtx.DockerDaemonInsecureSkipTLSVerify = true - upstreamCtx.DockerInsecureSkipTLSVerify = types.NewOptionalBool(true) - } - - if username != "" && password != "" { - upstreamCtx.DockerAuthConfig = &types.DockerAuthConfig{ - Username: username, - Password: password, - } - } - - return upstreamCtx -} - -// sync needs transport to be stripped to not be wrongly interpreted as an image reference -// at a non-fully qualified registry (hostname as image and port as tag). -func StripRegistryTransport(url string) string { - return strings.Replace(strings.Replace(url, "http://", "", 1), "https://", "", 1) -} - -// getRepoTags lists all tags in a repository. -// It returns a string slice of tags and any error encountered. -func getRepoTags(ctx context.Context, sysCtx *types.SystemContext, host, repo string) ([]string, error) { - repoRef, err := parseRepositoryReference(fmt.Sprintf("%s/%s", host, repo)) - if err != nil { - return []string{}, err - } - - dockerRef, err := docker.NewReference(reference.TagNameOnly(repoRef)) - // hard to reach test case, injected error, see pkg/test/dev.go - if err = inject.Error(err); err != nil { - return nil, err // Should never happen for a reference with tag and no digest - } - - tags, err := docker.GetRepositoryTags(ctx, sysCtx, dockerRef) - if err != nil { - return nil, err - } - - return tags, nil -} - -// parseRepositoryReference parses input into a reference.Named, and verifies that it names a repository, not an image. -func parseRepositoryReference(input string) (reference.Named, error) { - ref, err := reference.ParseNormalizedNamed(input) - if err != nil { - return nil, err - } - - if !reference.IsNameOnly(ref) { - return nil, zerr.ErrInvalidRepositoryName - } - - return ref, nil -} - // parse a reference, return its digest and if it's valid. func parseReference(reference string) (digest.Digest, bool) { var ok bool @@ -123,176 +45,89 @@ func parseReference(reference string) (digest.Digest, bool) { return d, ok } -func getCopyOptions(upstreamCtx, localCtx *types.SystemContext) copy.Options { - options := copy.Options{ - DestinationCtx: localCtx, - SourceCtx: upstreamCtx, - ReportWriter: io.Discard, - ForceManifestMIMEType: ispec.MediaTypeImageManifest, // force only oci manifest MIME type - ImageListSelection: copy.CopyAllImages, - } - - return options -} +// Given a list of registry string URLs parse them and return *url.URLs slice. +func parseRegistryURLs(rawURLs []string) ([]*url.URL, error) { + urls := make([]*url.URL, 0) -func getPolicyContext(log log.Logger) (*signature.PolicyContext, error) { - policy := &signature.Policy{Default: []signature.PolicyRequirement{signature.NewPRInsecureAcceptAnything()}} - - policyContext, err := signature.NewPolicyContext(policy) - if err := inject.Error(err); err != nil { - log.Error().Str("errorType", common.TypeOf(err)). - Err(err).Msg("couldn't create policy context") + for _, rawURL := range rawURLs { + u, err := url.Parse(rawURL) + if err != nil { + return nil, err + } - return nil, err + urls = append(urls, u) } - return policyContext, nil -} - -func getSupportedMediaType() []string { - return []string{ - ispec.MediaTypeImageIndex, - ispec.MediaTypeImageManifest, - manifest.DockerV2ListMediaType, - manifest.DockerV2Schema2MediaType, - } + return urls, nil } -func isSupportedMediaType(mediaType string) bool { - mediaTypes := getSupportedMediaType() - for _, m := range mediaTypes { - if m == mediaType { - return true - } +func GetDescriptorReference(desc ispec.Descriptor) string { + v, ok := desc.Annotations[ispec.AnnotationRefName] + if ok { + return v } - return false + return desc.Digest.String() } -// given an imageSource and a docker manifest, convert it to OCI. -func convertDockerManifestToOCI(imageSource types.ImageSource, dockerManifestBuf []byte) ([]byte, error) { - var ociManifest ispec.Manifest - - // unmarshal docker manifest into OCI manifest - err := json.Unmarshal(dockerManifestBuf, &ociManifest) - if err != nil { - return []byte{}, err - } - - configContent, err := getImageConfigContent(imageSource, ociManifest.Config.Digest) - if err != nil { - return []byte{}, err - } +func StripRegistryTransport(url string) string { + return strings.Replace(strings.Replace(url, "http://", "", 1), "https://", "", 1) +} - // marshal config blob into OCI config, will remove keys specific to docker - var ociConfig ispec.Image +func getCertificates(certDir string) (string, string, string, error) { + var clientCert string - err = json.Unmarshal(configContent, &ociConfig) - if err != nil { - return []byte{}, err - } + var clientKey string - ociConfigContent, err := json.Marshal(ociConfig) - if err != nil { - return []byte{}, err - } + var regCert string - // convert layers - err = convertDockerLayersToOCI(ociManifest.Layers) + files, err := os.ReadDir(certDir) if err != nil { - return []byte{}, err - } - - // convert config and manifest mediatype - ociManifest.Config.Size = int64(len(ociConfigContent)) - ociManifest.Config.Digest = digest.FromBytes(ociConfigContent) - ociManifest.Config.MediaType = ispec.MediaTypeImageConfig - ociManifest.MediaType = ispec.MediaTypeImageManifest - - return json.Marshal(ociManifest) -} - -// convert docker layers mediatypes to OCI mediatypes. -func convertDockerLayersToOCI(dockerLayers []ispec.Descriptor) error { - for idx, layer := range dockerLayers { - switch layer.MediaType { - case manifest.DockerV2Schema2ForeignLayerMediaType: - dockerLayers[idx].MediaType = ispec.MediaTypeImageLayerNonDistributable //nolint: staticcheck - case manifest.DockerV2Schema2ForeignLayerMediaTypeGzip: - dockerLayers[idx].MediaType = ispec.MediaTypeImageLayerNonDistributableGzip //nolint: staticcheck - case manifest.DockerV2SchemaLayerMediaTypeUncompressed: - dockerLayers[idx].MediaType = ispec.MediaTypeImageLayer - case manifest.DockerV2Schema2LayerMediaType: - dockerLayers[idx].MediaType = ispec.MediaTypeImageLayerGzip - default: - return zerr.ErrMediaTypeNotSupported + if os.IsNotExist(err) { + return "", "", "", nil } - } - - return nil -} -// given an imageSource and a docker index manifest, convert it to OCI. -func convertDockerIndexToOCI(imageSource types.ImageSource, dockerManifestBuf []byte) ([]byte, error) { - // get docker index - originalIndex, err := manifest.ListFromBlob(dockerManifestBuf, manifest.DockerV2ListMediaType) - if err != nil { - return []byte{}, err + return "", "", "", err } - // get manifests digests - manifestsDigests := originalIndex.Instances() + for _, file := range files { + if file.IsDir() { + continue + } - manifestsUpdates := make([]manifest.ListUpdate, 0, len(manifestsDigests)) + if strings.HasSuffix(file.Name(), ".cert") { + certPath := path.Join(certDir, file.Name()) - // convert each manifests in index from docker to OCI - for _, manifestDigest := range manifestsDigests { - digestCopy := manifestDigest + buf, err := os.ReadFile(certPath) + if err != nil { + return "", "", "", err + } - indexManifestBuf, _, err := imageSource.GetManifest(context.Background(), &digestCopy) - if err != nil { - return []byte{}, err + clientCert = string(buf) } - convertedIndexManifest, err := convertDockerManifestToOCI(imageSource, indexManifestBuf) - if err != nil { - return []byte{}, err - } + if strings.HasSuffix(file.Name(), ".key") { + certPath := path.Join(certDir, file.Name()) - manifestsUpdates = append(manifestsUpdates, manifest.ListUpdate{ - Digest: digest.FromBytes(convertedIndexManifest), - Size: int64(len(convertedIndexManifest)), - MediaType: ispec.MediaTypeImageManifest, - }) - } + buf, err := os.ReadFile(certPath) + if err != nil { + return "", "", "", err + } - // update all manifests in index - if err := originalIndex.UpdateInstances(manifestsUpdates); err != nil { - return []byte{}, err - } + clientKey = string(buf) + } - // convert index to OCI - convertedList, err := originalIndex.ConvertToMIMEType(ispec.MediaTypeImageIndex) - if err != nil { - return []byte{}, err - } + if strings.HasSuffix(file.Name(), ".crt") { + certPath := path.Join(certDir, file.Name()) - return convertedList.Serialize() -} + buf, err := os.ReadFile(certPath) + if err != nil { + return "", "", "", err + } -// given an image source and a config blob digest, get blob config content. -func getImageConfigContent(imageSource types.ImageSource, configDigest digest.Digest, -) ([]byte, error) { - configBlob, _, err := imageSource.GetBlob(context.Background(), types.BlobInfo{ - Digest: configDigest, - }, none.NoCache) - if err != nil { - return nil, err + regCert = string(buf) + } } - configBuf := new(bytes.Buffer) - - _, err = configBuf.ReadFrom(configBlob) - - return configBuf.Bytes(), err + return clientCert, clientKey, regCert, nil } diff --git a/pkg/test/auth/bearer.go b/pkg/test/auth/bearer.go index f305d5b02..87da7a922 100644 --- a/pkg/test/auth/bearer.go +++ b/pkg/test/auth/bearer.go @@ -36,10 +36,19 @@ func MakeAuthTestServer(serverKey string, unauthorizedNamespace string) *httptes } authTestServer := httptest.NewServer(http.HandlerFunc(func(response http.ResponseWriter, request *http.Request) { + if request.Method != http.MethodGet { + response.WriteHeader(http.StatusMethodNotAllowed) + + return + } + var access []auth.AccessEntry + scopes := request.URL.Query()["scope"] + for _, scope := range scopes { + if scope == "" { + continue + } - scope := request.URL.Query().Get("scope") - if scope != "" { parts := strings.Split(scope, ":") name := parts[1] actions := strings.Split(parts[2], ",") @@ -47,14 +56,11 @@ func MakeAuthTestServer(serverKey string, unauthorizedNamespace string) *httptes if name == unauthorizedNamespace { actions = []string{} } - - access = []auth.AccessEntry{ - { - Name: name, - Type: "repository", - Actions: actions, - }, - } + access = append(access, auth.AccessEntry{ + Name: name, + Type: "repository", + Actions: actions, + }) } token, err := cmTokenGenerator.GenerateToken(access, time.Minute*1)