Skip to content

Commit 98fc091

Browse files
justincormackcpuguy83
justincormack
authored and
cpuguy83
committed
Remove the rest of v1 manifest support
As people are using the UUID in `docker info` that was based on the v1 manifest signing key, replace with a UUID instead. Remove deprecated `--disable-legacy-registry` option that was scheduled to be removed in 18.03. Signed-off-by: Justin Cormack <[email protected]>
1 parent 8aca18d commit 98fc091

17 files changed

Lines changed: 47 additions & 247 deletions

File tree

cmd/dockerd/config.go

Lines changed: 0 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,6 @@ import (
1212
const (
1313
// defaultShutdownTimeout is the default shutdown timeout for the daemon
1414
defaultShutdownTimeout = 15
15-
// defaultTrustKeyFile is the default filename for the trust key
16-
defaultTrustKeyFile = "key.json"
1715
)
1816

1917
// installCommonConfigFlags adds flags to the pflag.FlagSet to configure the daemon
@@ -83,13 +81,6 @@ func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
8381

8482
flags.IntVar(&conf.NetworkControlPlaneMTU, "network-control-plane-mtu", config.DefaultNetworkMtu, "Network Control plane MTU")
8583

86-
// "--deprecated-key-path" is to allow configuration of the key used
87-
// for the daemon ID and the deprecated image signing. It was never
88-
// exposed as a command line option but is added here to allow
89-
// overriding the default path in configuration.
90-
flags.Var(opts.NewQuotedString(&conf.TrustKeyPath), "deprecated-key-path", "Path to key file for ID and image signing")
91-
flags.MarkHidden("deprecated-key-path")
92-
9384
conf.MaxConcurrentDownloads = &maxConcurrentDownloads
9485
conf.MaxConcurrentUploads = &maxConcurrentUploads
9586
return nil
@@ -103,10 +94,4 @@ func installRegistryServiceFlags(options *registry.ServiceOptions, flags *pflag.
10394
flags.Var(ana, "allow-nondistributable-artifacts", "Allow push of nondistributable artifacts to registry")
10495
flags.Var(mirrors, "registry-mirror", "Preferred Docker registry mirror")
10596
flags.Var(insecureRegistries, "insecure-registry", "Enable insecure registry communication")
106-
107-
if runtime.GOOS != "windows" {
108-
// TODO: Remove this flag after 3 release cycles (18.03)
109-
flags.BoolVar(&options.V2Only, "disable-legacy-registry", true, "Disable contacting legacy registries")
110-
flags.MarkHidden("disable-legacy-registry")
111-
}
11297
}

cmd/dockerd/daemon.go

Lines changed: 0 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -432,14 +432,6 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
432432
conf.CommonTLSOptions.KeyFile = opts.TLSOptions.KeyFile
433433
}
434434

435-
if conf.TrustKeyPath == "" {
436-
daemonConfDir, err := getDaemonConfDir(conf.Root)
437-
if err != nil {
438-
return nil, err
439-
}
440-
conf.TrustKeyPath = filepath.Join(daemonConfDir, defaultTrustKeyFile)
441-
}
442-
443435
if flags.Changed("graph") && flags.Changed("data-root") {
444436
return nil, errors.New(`cannot specify both "--graph" and "--data-root" option`)
445437
}
@@ -462,17 +454,6 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
462454
return nil, err
463455
}
464456

465-
if runtime.GOOS != "windows" {
466-
if flags.Changed("disable-legacy-registry") {
467-
// TODO: Remove this error after 3 release cycles (18.03)
468-
return nil, errors.New("ERROR: The '--disable-legacy-registry' flag has been removed. Interacting with legacy (v1) registries is no longer supported")
469-
}
470-
if !conf.V2Only {
471-
// TODO: Remove this error after 3 release cycles (18.03)
472-
return nil, errors.New("ERROR: The 'disable-legacy-registry' configuration option has been removed. Interacting with legacy (v1) registries is no longer supported")
473-
}
474-
}
475-
476457
if flags.Changed("graph") {
477458
logrus.Warnf(`The "-g / --graph" flag is deprecated. Please use "--data-root" instead`)
478459
}

cmd/dockerd/daemon_unix.go

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -55,10 +55,6 @@ func setDefaultUmask() error {
5555
return nil
5656
}
5757

58-
func getDaemonConfDir(_ string) (string, error) {
59-
return getDefaultDaemonConfigDir()
60-
}
61-
6258
func (cli *DaemonCli) getPlatformContainerdDaemonOpts() ([]supervisor.DaemonOpt, error) {
6359
opts := []supervisor.DaemonOpt{
6460
supervisor.WithOOMScore(cli.Config.OOMScoreAdjust),

cmd/dockerd/daemon_windows.go

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ import (
44
"fmt"
55
"net"
66
"os"
7-
"path/filepath"
87

98
"github.com/docker/docker/daemon/config"
109
"github.com/docker/docker/libcontainerd/supervisor"
@@ -21,10 +20,6 @@ func setDefaultUmask() error {
2120
return nil
2221
}
2322

24-
func getDaemonConfDir(root string) (string, error) {
25-
return filepath.Join(root, `\config`), nil
26-
}
27-
2823
// preNotifySystem sends a message to the host when the API is active, but before the daemon is
2924
func preNotifySystem() {
3025
// start the service now to prevent timeouts waiting for daemon to start

daemon/config/config.go

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ import (
88
"io/ioutil"
99
"os"
1010
"reflect"
11-
"runtime"
1211
"strings"
1312
"sync"
1413

@@ -135,12 +134,6 @@ type CommonConfig struct {
135134
SocketGroup string `json:"group,omitempty"`
136135
CorsHeaders string `json:"api-cors-header,omitempty"`
137136

138-
// TrustKeyPath is used to generate the daemon ID and for signing schema 1 manifests
139-
// when pushing to a registry which does not support schema 2. This field is marked as
140-
// deprecated because schema 1 manifests are deprecated in favor of schema 2 and the
141-
// daemon ID will use a dedicated identifier not shared with exported signatures.
142-
TrustKeyPath string `json:"deprecated-key-path,omitempty"`
143-
144137
// LiveRestoreEnabled determines whether we should keep containers
145138
// alive upon daemon shutdown/start
146139
LiveRestoreEnabled bool `json:"live-restore,omitempty"`
@@ -247,9 +240,6 @@ func New() *Config {
247240
config.LogConfig.Config = make(map[string]string)
248241
config.ClusterOpts = make(map[string]string)
249242

250-
if runtime.GOOS != "linux" {
251-
config.V2Only = true
252-
}
253243
return &config
254244
}
255245

daemon/daemon.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -953,7 +953,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
953953
return nil, err
954954
}
955955

956-
trustKey, err := loadOrCreateTrustKey(config.TrustKeyPath)
956+
uuid, err := loadOrCreateUUID(filepath.Join(config.Root, "engine_uuid"))
957957
if err != nil {
958958
return nil, err
959959
}
@@ -998,7 +998,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
998998
return nil, errors.New("Devices cgroup isn't mounted")
999999
}
10001000

1001-
d.ID = trustKey.PublicKey().KeyID()
1001+
d.ID = uuid
10021002
d.repository = daemonRepo
10031003
d.containers = container.NewMemoryStore()
10041004
if d.containersReplica, err = container.NewViewDB(); err != nil {
@@ -1029,7 +1029,6 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
10291029
MaxConcurrentUploads: *config.MaxConcurrentUploads,
10301030
ReferenceStore: rs,
10311031
RegistryService: registryService,
1032-
TrustKey: trustKey,
10331032
})
10341033

10351034
go d.execCommandGC()

daemon/images/image_push.go

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,6 @@ func (i *ImageService) PushImage(ctx context.Context, image, tag string, metaHea
5454
},
5555
ConfigMediaType: schema2.MediaTypeImageConfig,
5656
LayerStores: distribution.NewLayerProvidersFromStores(i.layerStores),
57-
TrustKey: i.trustKey,
5857
UploadManager: i.uploadManager,
5958
}
6059

daemon/images/service.go

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@ import (
1414
"github.com/docker/docker/layer"
1515
dockerreference "github.com/docker/docker/reference"
1616
"github.com/docker/docker/registry"
17-
"github.com/docker/libtrust"
1817
"github.com/opencontainers/go-digest"
1918
"github.com/pkg/errors"
2019
"github.com/sirupsen/logrus"
@@ -40,7 +39,6 @@ type ImageServiceConfig struct {
4039
MaxConcurrentUploads int
4140
ReferenceStore dockerreference.Store
4241
RegistryService registry.Service
43-
TrustKey libtrust.PrivateKey
4442
}
4543

4644
// NewImageService returns a new ImageService from a configuration
@@ -56,7 +54,6 @@ func NewImageService(config ImageServiceConfig) *ImageService {
5654
layerStores: config.LayerStores,
5755
referenceStore: config.ReferenceStore,
5856
registryService: config.RegistryService,
59-
trustKey: config.TrustKey,
6057
uploadManager: xfer.NewLayerUploadManager(config.MaxConcurrentUploads),
6158
}
6259
}
@@ -72,7 +69,6 @@ type ImageService struct {
7269
pruneRunning int32
7370
referenceStore dockerreference.Store
7471
registryService registry.Service
75-
trustKey libtrust.PrivateKey
7672
uploadManager *xfer.LayerUploadManager
7773
}
7874

daemon/trustkey.go

Lines changed: 0 additions & 57 deletions
This file was deleted.

daemon/trustkey_test.go

Lines changed: 0 additions & 71 deletions
This file was deleted.

0 commit comments

Comments
 (0)