Updates docker pull to pull related attestation manifest and
any signatures for that manifest in cosign referrer objects.
These objects are transferred with the image when running
docker save and docker load and can be used to identify
the image in future updates.
Push is not updated atm as the currect push semantics
in containerd mode do not have correct immutability
guaranteed and don't work with image indexes.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
These comments were added to enforce using the correct import path for
our packages ("github.com/docker/docker", not "github.com/moby/moby").
However, when working in go module mode (not GOPATH / vendor), they have
no effect, so their impact is limited.
Remove these imports in preparation of migrating our code to become an
actual go module.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Daemon.Config() option was added to expose the Config outside of the
daemon package. Limit the use of that function to that purpose and use
the internal, non-exported functions within the daemon itself; this makes
it easier to see if there's still external consumers of the Config()
method.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Note that while it is not safe to use http fallback on non-localhost
registries, this can be avoided using the new host directories. The
previous legacy insecure configuration is ambiguous and less secure.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Use the daemon's configuration to check whether the legacy registry
configuration is used. Only attempt to merge with the legacy
configuration if it has been provided. This avoids merging in based on
a defaulted legacy config.
Signed-off-by: Derek McGowan <derek@mcg.dev>
This logic is going to be updated to use the new containerd resolver and
needs all the logic handling resolution in the package where it is used.
Signed-off-by: Derek McGowan <derek@mcg.dev>
