- .devcontainer
- .github
- api
- builder
- cli
-
client
-
buildkit
-
testdata
- README.md
- build_cancel.go
- build_prune.go
- checkpoint_create.go
- checkpoint_create_test.go
- checkpoint_delete.go
- checkpoint_delete_test.go
- checkpoint_list.go
- checkpoint_list_test.go
- client.go
- client_deprecated.go
- client_mock_test.go
- client_test.go
- client_unix.go
- client_windows.go
- config_create.go
- config_create_test.go
- config_inspect.go
- config_inspect_test.go
- config_list.go
- config_list_test.go
- config_remove.go
- config_remove_test.go
- config_update.go
- config_update_test.go
- container_attach.go
- container_commit.go
- container_commit_test.go
- container_copy.go
- container_copy_test.go
- container_create.go
- container_create_test.go
- container_diff.go
- container_diff_test.go
- container_exec.go
- container_exec_test.go
- container_export.go
- container_export_test.go
- container_inspect.go
- container_inspect_test.go
- container_kill.go
- container_kill_test.go
- container_list.go
- container_list_test.go
- container_logs.go
- container_logs_test.go
- container_pause.go
- container_pause_test.go
- container_prune.go
- container_prune_test.go
- container_remove.go
- container_remove_test.go
- container_rename.go
- container_rename_test.go
- container_resize.go
- container_resize_test.go
- container_restart.go
- container_restart_test.go
- container_start.go
- container_start_test.go
- container_stats.go
- container_stats_test.go
- container_stop.go
- container_stop_test.go
- container_top.go
- container_top_test.go
- container_unpause.go
- container_unpause_test.go
- container_update.go
- container_update_test.go
- container_wait.go
- container_wait_test.go
- disk_usage.go
- disk_usage_test.go
- distribution_inspect.go
- distribution_inspect_test.go
- envvars.go
- errors.go
- events.go
- events_test.go
- hijack.go
- hijack_test.go
- image_build.go
- image_build_test.go
- image_create.go
- image_create_test.go
- image_history.go
- image_history_test.go
- image_import.go
- image_import_test.go
- image_inspect.go
- image_inspect_test.go
- image_list.go
- image_list_test.go
- image_load.go
- image_load_test.go
- image_prune.go
- image_prune_test.go
- image_pull.go
- image_pull_test.go
- image_push.go
- image_push_test.go
- image_remove.go
- image_remove_test.go
- image_save.go
- image_save_test.go
- image_search.go
- image_search_test.go
- image_tag.go
- image_tag_test.go
- info.go
- info_test.go
- interface.go
- interface_experimental.go
- interface_stable.go
- login.go
- network_connect.go
- network_connect_test.go
- network_create.go
- network_create_test.go
- network_disconnect.go
- network_disconnect_test.go
- network_inspect.go
- network_inspect_test.go
- network_list.go
- network_list_test.go
- network_prune.go
- network_prune_test.go
- network_remove.go
- network_remove_test.go
- node_inspect.go
- node_inspect_test.go
- node_list.go
- node_list_test.go
- node_remove.go
- node_remove_test.go
- node_update.go
- node_update_test.go
- options.go
- options_test.go
- ping.go
- ping_test.go
- plugin_create.go
- plugin_disable.go
- plugin_disable_test.go
- plugin_enable.go
- plugin_enable_test.go
- plugin_inspect.go
- plugin_inspect_test.go
- plugin_install.go
- plugin_list.go
- plugin_list_test.go
- plugin_push.go
- plugin_push_test.go
- plugin_remove.go
- plugin_remove_test.go
- plugin_set.go
- plugin_set_test.go
- plugin_upgrade.go
- request.go
- request_test.go
- secret_create.go
- secret_create_test.go
- secret_inspect.go
- secret_inspect_test.go
- secret_list.go
- secret_list_test.go
- secret_remove.go
- secret_remove_test.go
- secret_update.go
- secret_update_test.go
- service_create.go
- service_create_test.go
- service_inspect.go
- service_inspect_test.go
- service_list.go
- service_list_test.go
- service_logs.go
- service_logs_test.go
- service_remove.go
- service_remove_test.go
- service_update.go
- service_update_test.go
- swarm_get_unlock_key.go
- swarm_get_unlock_key_test.go
- swarm_init.go
- swarm_init_test.go
- swarm_inspect.go
- swarm_inspect_test.go
- swarm_join.go
- swarm_join_test.go
- swarm_leave.go
- swarm_leave_test.go
- swarm_unlock.go
- swarm_unlock_test.go
- swarm_update.go
- swarm_update_test.go
- task_inspect.go
- task_inspect_test.go
- task_list.go
- task_list_test.go
- task_logs.go
- utils.go
- version.go
- volume_create.go
- volume_create_test.go
- volume_inspect.go
- volume_inspect_test.go
- volume_list.go
- volume_list_test.go
- volume_prune.go
- volume_remove.go
- volume_remove_test.go
- volume_update.go
- volume_update_test.go
-
buildkit
- cmd
-
container
-
stream
- archive_windows.go
- attach_context.go
- container.go
- container_unit_test.go
- container_unix.go
- container_windows.go
- env.go
- env_test.go
- exec.go
- health.go
- history.go
- memory_store.go
- memory_store_test.go
- monitor.go
- mounts_unix.go
- mounts_windows.go
- state.go
- state_test.go
- store.go
- view.go
- view_test.go
-
stream
-
contrib
-
apparmor
-
busybox
-
gitdm
-
httpserver
-
init
-
nnp-test
-
syntax
-
syscall-test
-
udev
- README.md
- check-config.sh
- dockerd-rootless-setuptool.sh
- dockerd-rootless.sh
- dockerize-disk.sh
- download-frozen-image-v2.sh
- editorconfig
- mac-install-bundle.sh
- mkimage-alpine.sh
- mkimage-arch-pacman.conf
- mkimage-arch.sh
- mkimage-archarm-pacman.conf
- mkimage-crux.sh
- mkimage-pld.sh
- mkimage-yum.sh
- nuke-graph-directory.sh
-
apparmor
-
daemon
-
cluster
-
config
-
containerd
-
events
-
graphdriver
-
images
-
initlayer
-
links
-
listeners
-
logger
-
names
-
network
-
snapshotter
-
stats
-
testdata
- apparmor_default.go
- apparmor_default_unsupported.go
- archive.go
- archive_tarcopyoptions.go
- archive_tarcopyoptions_unix.go
- archive_tarcopyoptions_windows.go
- archive_unix.go
- archive_windows.go
- attach.go
- auth.go
- cdi.go
- changes.go
- checkpoint.go
- cluster.go
- commit.go
- configs.go
- configs_linux.go
- configs_unsupported.go
- configs_windows.go
- container.go
- container_linux.go
- container_operations.go
- container_operations_test.go
- container_operations_unix.go
- container_operations_windows.go
- container_unix_test.go
- container_windows.go
- containerfs_linux.go
- content.go
- create.go
- create_unix.go
- create_windows.go
- daemon.go
- daemon_linux.go
- daemon_linux_test.go
- daemon_test.go
- daemon_unix.go
- daemon_unix_test.go
- daemon_unsupported.go
- daemon_windows.go
- daemon_windows_test.go
- debugtrap_unix.go
- debugtrap_unsupported.go
- debugtrap_windows.go
- delete.go
- delete_test.go
- dependency.go
- devices.go
- disk_usage.go
- errors.go
- errors_test.go
- events.go
- events_test.go
- exec.go
- exec_linux.go
- exec_linux_test.go
- exec_windows.go
- export.go
- health.go
- health_test.go
- id.go
- image_service.go
- info.go
- info_unix.go
- info_unix_test.go
- info_windows.go
- inspect.go
- inspect_linux.go
- inspect_test.go
- inspect_windows.go
- keys.go
- keys_unsupported.go
- kill.go
- licensing.go
- licensing_test.go
- links.go
- list.go
- list_test.go
- list_unix.go
- list_windows.go
- logdrivers_linux.go
- logdrivers_windows.go
- logs.go
- logs_test.go
- metrics.go
- metrics_unix.go
- metrics_unsupported.go
- monitor.go
- mounts.go
- names.go
- network.go
- network_windows.go
- nvidia_linux.go
- oci_linux.go
- oci_linux_test.go
- oci_opts.go
- oci_utils.go
- oci_windows.go
- oci_windows_test.go
- pause.go
- prune.go
- reload.go
- reload_test.go
- reload_unix.go
- reload_windows.go
- rename.go
- resize.go
- resize_test.go
- restart.go
- runtime_unix.go
- runtime_unix_test.go
- runtime_windows.go
- seccomp_linux.go
- seccomp_linux_test.go
- seccomp_unsupported.go
- secrets.go
- secrets_linux.go
- secrets_unsupported.go
- secrets_windows.go
- start.go
- start_linux.go
- start_notlinux.go
- start_unix.go
- start_windows.go
- stats.go
- stats_collector.go
- stats_unix.go
- stats_windows.go
- stop.go
- top_unix.go
- top_unix_test.go
- top_windows.go
- unpause.go
- update.go
- update_linux.go
- update_linux_test.go
- update_windows.go
- volumes.go
- volumes_linux.go
- volumes_linux_test.go
- volumes_unit_test.go
- volumes_unix.go
- volumes_windows.go
- wait.go
- workdir.go
-
cluster
- distribution
- dockerversion
- docs
- errdefs
- hack
- image
- integration
-
integration-cli
-
checker
-
cli
-
daemon
-
environment
-
fixtures
-
requirement
-
testdata
- benchmark_test.go
- check_test.go
- daemon_swarm_hack_test.go
- docker_api_attach_test.go
- docker_api_build_test.go
- docker_api_build_windows_test.go
- docker_api_containers_test.go
- docker_api_containers_unix_test.go
- docker_api_containers_windows_test.go
- docker_api_exec_resize_test.go
- docker_api_exec_test.go
- docker_api_images_test.go
- docker_api_inspect_test.go
- docker_api_logs_test.go
- docker_api_network_test.go
- docker_api_stats_test.go
- docker_api_swarm_node_test.go
- docker_api_swarm_service_test.go
- docker_api_swarm_test.go
- docker_api_test.go
- docker_cli_attach_test.go
- docker_cli_attach_unix_test.go
- docker_cli_build_test.go
- docker_cli_build_unix_test.go
- docker_cli_by_digest_test.go
- docker_cli_commit_test.go
- docker_cli_cp_from_container_test.go
- docker_cli_cp_test.go
- docker_cli_cp_to_container_test.go
- docker_cli_cp_to_container_unix_test.go
- docker_cli_cp_utils_test.go
- docker_cli_create_test.go
- docker_cli_daemon_plugins_test.go
- docker_cli_daemon_test.go
- docker_cli_events_test.go
- docker_cli_events_unix_test.go
- docker_cli_exec_test.go
- docker_cli_exec_unix_test.go
- docker_cli_external_volume_driver_test.go
- docker_cli_health_test.go
- docker_cli_history_test.go
- docker_cli_images_test.go
- docker_cli_import_test.go
- docker_cli_info_test.go
- docker_cli_info_unix_test.go
- docker_cli_inspect_test.go
- docker_cli_links_test.go
- docker_cli_login_test.go
- docker_cli_logout_test.go
- docker_cli_logs_test.go
- docker_cli_netmode_test.go
- docker_cli_network_test.go
- docker_cli_network_unix_test.go
- docker_cli_plugins_logdriver_test.go
- docker_cli_plugins_test.go
- docker_cli_port_test.go
- docker_cli_proxy_test.go
- docker_cli_prune_test.go
- docker_cli_prune_unix_test.go
- docker_cli_ps_test.go
- docker_cli_pull_local_test.go
- docker_cli_pull_test.go
- docker_cli_push_test.go
- docker_cli_registry_user_agent_test.go
- docker_cli_restart_test.go
- docker_cli_rmi_test.go
- docker_cli_run_test.go
- docker_cli_run_unix_test.go
- docker_cli_save_load_test.go
- docker_cli_save_load_unix_test.go
- docker_cli_search_test.go
- docker_cli_service_create_test.go
- docker_cli_service_health_test.go
- docker_cli_service_logs_test.go
- docker_cli_service_scale_test.go
- docker_cli_sni_test.go
- docker_cli_start_test.go
- docker_cli_stats_test.go
- docker_cli_swarm_test.go
- docker_cli_swarm_unix_test.go
- docker_cli_top_test.go
- docker_cli_update_test.go
- docker_cli_update_unix_test.go
- docker_cli_userns_test.go
- docker_cli_v2_only_test.go
- docker_cli_volume_test.go
- docker_hub_pull_suite_test.go
- docker_utils_test.go
- events_utils_test.go
- fixtures_linux_daemon_test.go
- requirements_test.go
- requirements_unix_test.go
- requirements_windows_test.go
- test_vars_test.go
- test_vars_unix_test.go
- test_vars_windows_test.go
- utils_test.go
- utils_unix_test.go
- utils_windows_test.go
-
checker
- internal
- layer
- libcontainerd
-
libnetwork
-
bitmap
-
cluster
-
cmd
-
config
-
datastore
-
diagnostic
-
discoverapi
-
docs
-
driverapi
-
drivers
-
drvregistry
-
etchosts
-
internal
-
ipam
-
ipamapi
-
ipams
-
ipamutils
-
ipbits
-
iptables
-
netlabel
-
netutils
-
networkdb
-
ns
-
options
-
osl
-
portallocator
-
portmapper
-
resolvconf
-
scope
-
support
-
types
- .dockerignore
- .gitignore
- README.md
- agent.go
- agent.pb.go
- agent.proto
- controller.go
- controller_linux.go
- controller_others.go
- default_gateway.go
- default_gateway_freebsd.go
- default_gateway_linux.go
- default_gateway_windows.go
- drivers_freebsd.go
- drivers_ipam.go
- drivers_linux.go
- drivers_unsupported.go
- drivers_windows.go
- endpoint.go
- endpoint_cnt.go
- endpoint_info.go
- endpoint_info_unix.go
- endpoint_info_windows.go
- endpoint_test.go
- endpoint_unix_test.go
- error.go
- errors_test.go
- firewall_linux.go
- firewall_linux_test.go
- firewall_others.go
- libnetwork_internal_test.go
- libnetwork_linux_test.go
- libnetwork_unix_test.go
- libnetwork_windows_test.go
- network.go
- network_unix.go
- network_windows.go
- resolver.go
- resolver_test.go
- resolver_unix.go
- resolver_unix_test.go
- resolver_windows.go
- sandbox.go
- sandbox_dns_unix.go
- sandbox_dns_unix_test.go
- sandbox_dns_windows.go
- sandbox_externalkey_unix.go
- sandbox_externalkey_unsupported.go
- sandbox_linux.go
- sandbox_options.go
- sandbox_store.go
- sandbox_unix_test.go
- sandbox_unsupported.go
- service.go
- service_common.go
- service_common_unix_test.go
- service_linux.go
- service_unsupported.go
- service_windows.go
- store.go
- store_linux_test.go
- store_test.go
-
bitmap
- oci
- opts
-
pkg
-
archive
-
authorization
-
broadcaster
-
capabilities
-
chrootarchive
-
containerfs
-
directory
-
dmesg
-
fileutils
-
homedir
-
idtools
-
ioutils
-
jsonmessage
-
longpath
-
meminfo
-
namesgenerator
-
parsers
-
pidfile
-
platform
-
plugingetter
-
plugins
-
pools
-
process
-
progress
-
reexec
-
rootless
-
stack
-
stdcopy
-
streamformatter
-
stringid
-
sysinfo
-
system
-
tailfile
-
tarsum
-
useragent
- README.md
-
archive
- plugin
- profiles
- project
- quota
- reference
- registry
- reports
- restartmanager
- runconfig
- testutil
- vendor
- volume
- .dockerignore
- .gitattributes
- .gitignore
- .golangci.yml
- .mailmap
- AUTHORS
- CONTRIBUTING.md
- Dockerfile
- Dockerfile.simple
- Dockerfile.windows
- Jenkinsfile
- LICENSE
- MAINTAINERS
- Makefile
- NOTICE
- README.md
- ROADMAP.md
- SECURITY.md
- TESTING.md
- VENDORING.md
- codecov.yml
- docker-bake.hcl
- vendor.mod
- vendor.sum
Explanation
The code you provided is a function called newRepository
from the distribution
package in the moby
repository. This function is responsible for creating a new distribution.Repository
object, which represents a Docker registry repository.
Here’s a breakdown of the code:
1. Function Signature:
func newRepository(
ctx context.Context, repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint,
metaHeaders http.Header, authConfig *registrytypes.AuthConfig, actions ...string,
) (distribution.Repository, error)
The function takes several arguments:
ctx
: Acontext.Context
for cancellation and request-scoped values.repoInfo
: Aregistry.RepositoryInfo
struct containing information about the repository.endpoint
: Aregistry.APIEndpoint
struct containing the URL and TLS configuration for the registry.metaHeaders
: Anhttp.Header
containing any custom headers to send with the request.authConfig
: Aregistrytypes.AuthConfig
struct containing the authentication credentials for the registry.actions
: A variadic list of strings specifying the actions allowed on the repository (e.g.,pull
,push
).
The function returns a distribution.Repository
interface and an error.
2. Setting up the Repository Name:
repoName := repoInfo.Name.Name()
// If endpoint does not support CanonicalName, use the RemoteName instead
if endpoint.TrimHostname {
repoName = reference.Path(repoInfo.Name)
}
This code extracts the repository name from the repoInfo
struct. If the endpoint specifies that it doesn’t support canonical names, it uses the remote name instead.
3. Creating the HTTP Transport:
direct := &net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}
// TODO(dmcgowan): Call close idle connections when complete, use keep alive
base := &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: direct.DialContext,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: endpoint.TLSConfig,
// TODO(dmcgowan): Call close idle connections when complete and use keep alive
DisableKeepAlives: true,
}
This code creates a new http.Transport
with the following settings:
DialContext
: Uses a custom dialer (direct
) with timeouts and keep-alive settings.TLSHandshakeTimeout
: Sets a timeout for the TLS handshake.TLSClientConfig
: Uses the TLS configuration from theendpoint
struct.DisableKeepAlives
: Disables keep-alive connections (this is marked as a TODO and should be fixed).
4. Adding Request Modifiers:
modifiers := registry.Headers(dockerversion.DockerUserAgent(ctx), metaHeaders)
authTransport := transport.NewTransport(base, modifiers...)
This code creates a list of request modifiers (modifiers
) that will be applied to all requests made through the transport. These modifiers include:
dockerversion.DockerUserAgent(ctx)
: Adds a user-agent header indicating the Docker version.metaHeaders
: Adds any custom headers provided in themetaHeaders
argument.
The authTransport
is then created using the transport.NewTransport
function, which takes the base transport and the list of modifiers.
5. Verifying the Registry API Version:
challengeManager, err := registry.PingV2Registry(endpoint.URL, authTransport)
if err != nil {
transportOK := false
if responseErr, ok := err.(registry.PingResponseError); ok {
transportOK = true
err = responseErr.Err
}
return nil, fallbackError{
err: err,
transportOK: transportOK,
}
}
This code pings the registry to verify that it supports the v2 API. It uses the registry.PingV2Registry
function, which sends a request to the registry and checks for a specific response indicating support for the v2 API.
If there’s an error, it checks if the error is a registry.PingResponseError
. If it is, it extracts the underlying error and wraps it in a fallbackError
struct.
6. Adding Authentication:
if authConfig.RegistryToken != "" {
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, &passThruTokenHandler{token: authConfig.RegistryToken}))
} else {
creds := registry.NewStaticCredentialStore(authConfig)
tokenHandler := auth.NewTokenHandlerWithOptions(auth.TokenHandlerOptions{
Transport: authTransport,
Credentials: creds,
Scopes: []auth.Scope{auth.RepositoryScope{
Repository: repoName,
Actions: actions,
Class: repoInfo.Class,
}},
ClientID: registry.AuthClientID,
})
basicHandler := auth.NewBasicHandler(creds)
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
}
tr := transport.NewTransport(base, modifiers...)
This code adds authentication to the transport. If a registry token is provided, it creates a passThruTokenHandler
and adds an auth.Authorizer
to the modifiers.
Otherwise, it creates a registry.StaticCredentialStore
from the authConfig
and uses it to create a auth.TokenHandler
. The TokenHandler
is then used to create a new auth.Authorizer
that handles both token-based and basic authentication.
The tr
variable is then created using the modified transport.
7. Creating the Repository Object:
repoNameRef, err := reference.WithName(repoName)
if err != nil {
return nil, fallbackError{
err: err,
transportOK: true,
}
}
repo, err := client.NewRepository(repoNameRef, endpoint.URL.String(), tr)
if err != nil {
return nil, fallbackError{
err: err,
transportOK: true,
}
}
return repo, nil
This code creates a new distribution.Repository
object using the client.NewRepository
function. It takes the repository name, the registry URL, and the authenticated transport as arguments.
If there’s an error, it’s wrapped in a fallbackError
struct.
8. passThruTokenHandler
Struct:
The passThruTokenHandler
struct implements the auth.TokenHandler
interface. It’s used to handle authentication using a registry token.
9. Summary:
In summary, the newRepository
function creates a new distribution.Repository
object for a given Docker registry repository. It handles:
- Setting up the repository name.
- Creating an HTTP transport with timeouts, TLS, and request modifiers.
- Verifying the registry API version.
- Adding authentication (token-based or basic).
- Creating the actual repository object.
This function is a key component of the distribution
package and is used by other parts of the moby
codebase to interact with Docker registries.
Graph
The graph shows the usage of functions within the codebase.
Select a code symbol to view it's graph