Remove legacy (v1) registry support #35479
Conversation
registry/service.go
Outdated
There was a problem hiding this comment.
Wondering if V1 login should still be a thing (IIRC "authentication" is separate from the registry specs, but I may be wrong here)
daemon/image_pull.go
Outdated
There was a problem hiding this comment.
Instead of removing this; should we produce an error here? Although the codebase in this repository should no longer return v1 endpoints, the code is just one implementation of the interface; other implementations may still return v1 endpoints (or mixed v1/v2 endpoints); https://github.com/moby/moby/blob/master/registry/service.go#L28-L29
There was a problem hiding this comment.
We could remove registry.APIVersion1 so that it could no longer be used by other implementations
|
Pushing this as a WIP. There's a couple of things that I need input on (also see inline comments above); Should we remove support for "Schema 1" images? They seem to be tightly coupled to the V1/V2 registry protocol Lines 94 to 96 in 4a244c3 |
|
hm Windows CI is failing, looks like a edit: think I found the culprit; updated |
008a75f to
46ac931
Compare
|
I don't think it will be possible to remove "schema 1" support for some time. Any image pushed with Docker < 1.10, or pushed to a registry that didn't support schema 2 at the time (including Docker Hub for quite some time after the 1.10 release) uses this format. You would have to deprecate push support long before pull, and check that all registry implementations support the new format. |
|
Ah, right, I also see I was reading it wrong; the correct way to interpret those condition is (I think):
So looks like I can remove the checks in Lines 94 to 96 in 4a244c3 skip if V1-endpoint or error if V1 endpoint (depending on the outcome of #35479 (comment))
|
|
I don't think that's right. "schema 1" means "registry V2, schema 1". While the schema 1 format inherits a lot from the V1 protocol, this manifest format is specific to V2. |
|
Sorry, they must be silly questions; was trying to find the logic where it prevents a "schema1" image to be pushed to a V2 registry; Lines 93 to 140 in 4a244c3 |
To do that we would have to explicitly deprecate some version of the v2 registry, which we should be careful about. Some other implementations of the v2 registry protocol have only recently updated to schema2, so it might be a bit early for preventing push. |
registry/config.go
Outdated
There was a problem hiding this comment.
There is a check now that is enforcing this is not false, what is defaulting it to true?
There was a problem hiding this comment.
The flag is still there, and has true as default; https://github.com/moby/moby/pull/35479/files#diff-fe42cd3c297bb829e5e2d79a7640a52dR94
Although not strictly necessary, I thought keeping the flag around (but producing a proper error) was better than removing the flag (and getting an "unknown flag: --disable-legacy-registry") - same for existing daemon.json files
|
Love the idea! |
|
ping @dmcgowan @aaronlehmann I removed "WIP" from this one, but could use some eyes to check if it all looks good (also re: some of my inline comments) |
46ac931 to
0945340
Compare
4adb5ce to
f5fdc51
Compare
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
f5fdc51 to
4c9380b
Compare
|
What's s current status? |
|
We merged #35751 to address the deprecation itself, so that removing the actual code (this PR) could be reviewed separately. But definitely could use some eyes/reviews here 😅 |
|
ping^^ @thaJeztah https://github.com/moby/moby/pull/35751/files#diff-fe42cd3c297bb829e5e2d79a7640a52dR95 I guess we can now remove v1 codes completely toward Docker v18.03? |
|
ping^^ @thaJeztah |
|
Oh, yes, I need to find time to work on this again, but recall that I could use some help on some things. I'll try to make some time soon 😅 |
|
@thaJeztah Can I help with this? |
|
@thaJeztah this one needs to be rebased |
|
There's a newer PR to remove this #37874, but looks like that one stalled 😕 |
Version 1.8.3 added a flag (--disable-legacy-registry=false) which prevents the docker daemon from pull, push, and login operations against v1 registries. Though enabled by default, this signals the intent to deprecate the v1 protocol.
Support for the v1 protocol to the public registry was removed in 1.13. Any mirror configurations using v1 should be updated to use a v2 registry mirror.
Support for v1 registries is scheduled for removal in the next Docker 17.12 release
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)