[28.x] add internal fork of docker/docker/registry

cli/command/image/push.go

@@ -16,11 +16,11 @@ import (
 	"github.com/docker/cli/cli/command/completion"
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/internal/jsonstream"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/cli/internal/tui"
 	"github.com/docker/docker/api/types/auxprogress"
 	"github.com/docker/docker/api/types/image"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/registry"
 	"github.com/morikuni/aec"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -105,10 +105,10 @@ To push the complete multi-platform image, remove the --platform flag.
 	}
 
 	// Resolve the Repository name from fqn to RepositoryInfo
-	repoInfo, _ := registry.ParseRepositoryInfo(ref)
+	indexInfo := registry.NewIndexInfo(ref)
 
 	// Resolve the Auth config relevant for this server
-	authConfig := command.ResolveAuthConfig(dockerCli.ConfigFile(), repoInfo.Index)
+	authConfig := command.ResolveAuthConfig(dockerCli.ConfigFile(), indexInfo)
 	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
 	if err != nil {
 		return err
@@ -134,7 +134,7 @@ To push the complete multi-platform image, remove the --platform flag.
 	defer responseBody.Close()
 	if !opts.untrusted {
 		// TODO pushTrustedReference currently doesn't respect `--quiet`
-		return pushTrustedReference(ctx, dockerCli, repoInfo, ref, authConfig, responseBody)
+		return pushTrustedReference(ctx, dockerCli, indexInfo, ref, authConfig, responseBody)
 	}
 
 	if opts.quiet {

cli/command/image/trust.go

@@ -13,7 +13,6 @@ import (
 	"github.com/docker/cli/internal/jsonstream"
 	"github.com/docker/docker/api/types/image"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/registry"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -42,7 +41,11 @@ func newNotaryClient(cli command.Streams, imgRefAndAuth trust.ImageRefAndAuth) (
 }
 
 // pushTrustedReference pushes a canonical reference to the trust server.
-func pushTrustedReference(ctx context.Context, ioStreams command.Streams, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig registrytypes.AuthConfig, in io.Reader) error {
+func pushTrustedReference(ctx context.Context, ioStreams command.Streams, indexInfo *registrytypes.IndexInfo, ref reference.Named, authConfig registrytypes.AuthConfig, in io.Reader) error {
+	repoInfo := &trust.RepositoryInfo{
+		Name:  reference.TrimNamed(ref),
+		Index: indexInfo,
+	}
 	return trust.PushTrustedReference(ctx, ioStreams, repoInfo, ref, authConfig, in, command.UserAgent())
 }
 

cli/command/plugin/install.go

@@ -11,9 +11,9 @@ import (
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/internal/jsonstream"
 	"github.com/docker/cli/internal/prompt"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/docker/api/types"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -65,8 +65,7 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti
 		return types.PluginInstallOptions{}, err
 	}
 
-	repoInfo, _ := registry.ParseRepositoryInfo(ref)
-
+	indexInfo := registry.NewIndexInfo(ref)
 	remote := ref.String()
 
 	_, isCanonical := ref.(reference.Canonical)
@@ -84,7 +83,7 @@ func buildPullConfig(ctx context.Context, dockerCli command.Cli, opts pluginOpti
 		remote = reference.FamiliarString(trusted)
 	}
 
-	authConfig := command.ResolveAuthConfig(dockerCli.ConfigFile(), repoInfo.Index)
+	authConfig := command.ResolveAuthConfig(dockerCli.ConfigFile(), indexInfo)
 	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
 	if err != nil {
 		return types.PluginInstallOptions{}, err

cli/command/plugin/push.go

@@ -8,8 +8,8 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/internal/jsonstream"
+	"github.com/docker/cli/internal/registry"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
@@ -49,8 +49,8 @@ func runPush(ctx context.Context, dockerCli command.Cli, opts pushOptions) error
 
 	named = reference.TagNameOnly(named)
 
-	repoInfo, _ := registry.ParseRepositoryInfo(named)
-	authConfig := command.ResolveAuthConfig(dockerCli.ConfigFile(), repoInfo.Index)
+	indexInfo := registry.NewIndexInfo(named)
+	authConfig := command.ResolveAuthConfig(dockerCli.ConfigFile(), indexInfo)
 	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
 	if err != nil {
 		return err
@@ -63,6 +63,10 @@ func runPush(ctx context.Context, dockerCli command.Cli, opts pushOptions) error
 	defer responseBody.Close()
 
 	if !opts.untrusted {
+		repoInfo := &trust.RepositoryInfo{
+			Name:  reference.TrimNamed(named),
+			Index: indexInfo,
+		}
 		return trust.PushTrustedReference(ctx, dockerCli, repoInfo, named, authConfig, responseBody, command.UserAgent())
 	}
 

cli/command/registry/login.go

@@ -15,10 +15,10 @@ import (
 	"github.com/docker/cli/cli/config/configfile"
 	configtypes "github.com/docker/cli/cli/config/types"
 	"github.com/docker/cli/internal/oauth/manager"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/cli/internal/tui"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -288,7 +288,7 @@ func loginClientSide(ctx context.Context, auth registrytypes.AuthConfig) (*regis
 		return nil, err
 	}
 
-	_, token, err := svc.Auth(ctx, &auth, command.UserAgent())
+	token, err := svc.Auth(ctx, &auth, command.UserAgent())
 	if err != nil {
 		return nil, err
 	}

cli/command/registry/login_test.go

@@ -13,11 +13,11 @@ import (
 	configtypes "github.com/docker/cli/cli/config/types"
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/cli/internal/prompt"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/cli/internal/test"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/system"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/registry"
 	"gotest.tools/v3/assert"
 	is "gotest.tools/v3/assert/cmp"
 	"gotest.tools/v3/fs"

cli/command/registry/logout.go

@@ -8,7 +8,7 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/config/credentials"
 	"github.com/docker/cli/internal/oauth/manager"
-	"github.com/docker/docker/registry"
+	"github.com/docker/cli/internal/registry"
 	"github.com/spf13/cobra"
 )
 

cli/command/registry/search.go

@@ -3,13 +3,13 @@ package registry
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/cli/opts"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/registry"
 	"github.com/spf13/cobra"
 )
 
@@ -52,13 +52,7 @@ func runSearch(ctx context.Context, dockerCli command.Cli, options searchOptions
 	if options.filter.Value().Contains("is-automated") {
 		_, _ = fmt.Fprintln(dockerCli.Err(), `WARNING: the "is-automated" filter is deprecated, and searching for "is-automated=true" will not yield any results in future.`)
 	}
-	indexInfo, err := registry.ParseSearchIndexInfo(options.term)
-	if err != nil {
-		return err
-	}
-
-	authConfig := command.ResolveAuthConfig(dockerCli.ConfigFile(), indexInfo)
-	encodedAuth, err := registrytypes.EncodeAuthConfig(authConfig)
+	encodedAuth, err := getAuth(dockerCli, options.term)
 	if err != nil {
 		return err
 	}
@@ -80,3 +74,37 @@ func runSearch(ctx context.Context, dockerCli command.Cli, options searchOptions
 	}
 	return SearchWrite(searchCtx, results)
 }
+
+// authConfigKey is the key used to store credentials for Docker Hub. It is
+// a copy of [registry.IndexServer].
+//
+// [registry.IndexServer]: https://pkg.go.dev/github.com/docker/docker/registry#IndexServer
+const authConfigKey = "https://index.docker.io/v1/"
+
+// getAuth will use fetch auth based on the given search-term. If the search
+// does not contain a hostname for the registry, it assumes Docker Hub is used,
+// and resolves authentication for Docker Hub, otherwise it resolves authentication
+// for the given registry.
+func getAuth(dockerCLI command.Cli, reposName string) (encodedAuth string, err error) {
+	authCfgKey := splitReposSearchTerm(reposName)
+	if authCfgKey == "docker.io" || authCfgKey == "index.docker.io" {
+		authCfgKey = authConfigKey
+	}
+
+	// Ignoring errors here, which was the existing behavior (likely
+	// "no credentials found"). We'll get an error when search failed,
+	// so fine to ignore in most situations.
+	authConfig, _ := dockerCLI.ConfigFile().GetAuthConfig(authCfgKey)
+	return registrytypes.EncodeAuthConfig(registrytypes.AuthConfig(authConfig))
+}
+
+// splitReposSearchTerm breaks a search term into an index name and remote name
+func splitReposSearchTerm(reposName string) string {
+	nameParts := strings.SplitN(reposName, "/", 2)
+	if len(nameParts) == 1 || (!strings.Contains(nameParts[0], ".") && !strings.Contains(nameParts[0], ":") && nameParts[0] != "localhost") {
+		// This is a Docker Hub repository (ex: samalba/hipache or ubuntu),
+		// use the default Docker Hub registry (docker.io)
+		return "docker.io"
+	}
+	return nameParts[0]
+}

cli/command/service/trust.go

@@ -6,8 +6,8 @@ import (
 	"github.com/distribution/reference"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/trust"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/docker/api/types/swarm"
-	"github.com/docker/docker/registry"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -51,9 +51,12 @@ func resolveServiceImageDigestContentTrust(dockerCli command.Cli, service *swarm
 }
 
 func trustedResolveDigest(cli command.Cli, ref reference.NamedTagged) (reference.Canonical, error) {
-	repoInfo, _ := registry.ParseRepositoryInfo(ref)
-	authConfig := command.ResolveAuthConfig(cli.ConfigFile(), repoInfo.Index)
-
+	indexInfo := registry.NewIndexInfo(ref)
+	authConfig := command.ResolveAuthConfig(cli.ConfigFile(), indexInfo)
+	repoInfo := &trust.RepositoryInfo{
+		Name:  reference.TrimNamed(ref),
+		Index: indexInfo,
+	}
 	notaryRepo, err := trust.GetNotaryRepository(cli.In(), cli.Out(), command.UserAgent(), repoInfo, &authConfig, "pull")
 	if err != nil {
 		return nil, errors.Wrap(err, "error establishing connection to trust repository")

cli/command/system/info.go

@@ -19,11 +19,11 @@ import (
 	"github.com/docker/cli/cli/debug"
 	flagsHelper "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/internal/lazyregexp"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/cli/templates"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/api/types/system"
 	"github.com/docker/docker/client"
-	"github.com/docker/docker/registry"
 	"github.com/docker/go-units"
 	"github.com/spf13/cobra"
 )

cli/command/system/info_test.go

@@ -78,7 +78,6 @@ var sampleInfoNoSwarm = system.Info{
 		IndexConfigs: map[string]*registrytypes.IndexInfo{
 			"docker.io": {
 				Name:     "docker.io",
-				Mirrors:  nil,
 				Secure:   true,
 				Official: true,
 			},

cli/registry/client/endpoint.go

@@ -1,15 +1,17 @@
 package client
 
 import (
+	"context"
 	"net"
 	"net/http"
+	"net/url"
 	"time"
 
 	"github.com/distribution/reference"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
 )
 
@@ -32,8 +34,7 @@ func (r repositoryEndpoint) BaseURL() string {
 
 func newDefaultRepositoryEndpoint(ref reference.Named, insecure bool) (repositoryEndpoint, error) {
 	repoName := reference.TrimNamed(ref)
-	repoInfo, _ := registry.ParseRepositoryInfo(ref)
-	indexInfo := repoInfo.Index
+	indexInfo := registry.NewIndexInfo(ref)
 
 	endpoint, err := getDefaultEndpoint(ref, !indexInfo.Secure)
 	if err != nil {
@@ -54,7 +55,7 @@ func getDefaultEndpoint(repoName reference.Named, insecure bool) (registry.APIEn
 	if err != nil {
 		return registry.APIEndpoint{}, err
 	}
-	endpoints, err := registryService.LookupPushEndpoints(reference.Domain(repoName))
+	endpoints, err := registryService.Endpoints(context.TODO(), reference.Domain(repoName))
 	if err != nil {
 		return registry.APIEndpoint{}, err
 	}
@@ -97,7 +98,7 @@ func getHTTPTransport(authConfig registrytypes.AuthConfig, endpoint registry.API
 		if len(actions) == 0 {
 			actions = []string{"pull"}
 		}
-		creds := registry.NewStaticCredentialStore(&authConfig)
+		creds := &staticCredentialStore{authConfig: &authConfig}
 		tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...)
 		basicHandler := auth.NewBasicHandler(creds)
 		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
@@ -117,3 +118,23 @@ func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, _ map[string
 func (*existingTokenHandler) Scheme() string {
 	return "bearer"
 }
+
+type staticCredentialStore struct {
+	authConfig *registrytypes.AuthConfig
+}
+
+func (scs staticCredentialStore) Basic(*url.URL) (string, string) {
+	if scs.authConfig == nil {
+		return "", ""
+	}
+	return scs.authConfig.Username, scs.authConfig.Password
+}
+
+func (scs staticCredentialStore) RefreshToken(*url.URL, string) string {
+	if scs.authConfig == nil {
+		return ""
+	}
+	return scs.authConfig.IdentityToken
+}
+
+func (staticCredentialStore) SetRefreshToken(*url.URL, string, string) {}

cli/registry/client/fetcher.go

@@ -6,14 +6,14 @@ import (
 
 	"github.com/distribution/reference"
 	"github.com/docker/cli/cli/manifest/types"
+	"github.com/docker/cli/internal/registry"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/manifest/manifestlist"
 	"github.com/docker/distribution/manifest/ocischema"
 	"github.com/docker/distribution/manifest/schema2"
 	"github.com/docker/distribution/registry/api/errcode"
 	v2 "github.com/docker/distribution/registry/api/v2"
 	distclient "github.com/docker/distribution/registry/client"
-	"github.com/docker/docker/registry"
 	"github.com/opencontainers/go-digest"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -221,8 +221,7 @@ func (c *client) iterateEndpoints(ctx context.Context, namedRef reference.Named,
 	}
 
 	repoName := reference.TrimNamed(namedRef)
-	repoInfo, _ := registry.ParseRepositoryInfo(namedRef)
-	indexInfo := repoInfo.Index
+	indexInfo := registry.NewIndexInfo(namedRef)
 
 	confirmedTLSRegistries := make(map[string]bool)
 	for _, endpoint := range endpoints {
@@ -283,10 +282,9 @@ func allEndpoints(namedRef reference.Named, insecure bool) ([]registry.APIEndpoi
 	}
 	registryService, err := registry.NewService(serviceOpts)
 	if err != nil {
-		return []registry.APIEndpoint{}, err
+		return nil, err
 	}
-	repoInfo, _ := registry.ParseRepositoryInfo(namedRef)
-	endpoints, err := registryService.LookupPullEndpoints(reference.Domain(repoInfo.Name))
+	endpoints, err := registryService.Endpoints(context.TODO(), reference.Domain(namedRef))
 	logrus.Debugf("endpoints for %s: %v", namedRef, endpoints)
 	return endpoints, err
 }