Deprecate configuration for pushing non-distributable artifacts #5724
+40
−49
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #5724 +/- ##
=======================================
Coverage 59.52% 59.52%
=======================================
Files 346 346
Lines 29381 29381
=======================================
Hits 17488 17488
Misses 10923 10923
Partials 970 970 |
dmcgowan
approved these changes
Jan 3, 2025
Non-distributable artifacts (also called foreign layers) were introduced in docker v1.12 to accommodate Windows images for which the EULA did not allow layers to be distributed through registries other than those hosted by Microsoft. The concept of foreign / non-distributable layers was adopted by the OCI distribution spec in [oci#233]. These restrictions were relaxed later to allow distributing these images through non-public registries, for which a configuration was added in Docker v17.0.6.0. In 2022, Microsoft updated the EULA and [removed these restrictions][msft-3645201], followed by the OCI distribution specification deprecating foreign layers in [oci#965]. In 2023, Microsoft [removed the use of foreign data layers][msft-3846833] for their images, making this functionality obsolete. Docker v28.0 deprecates the `--allow-nondistributable-artifacts` daemon flag and corresponding `allow-nondistributable-artifacts` field in `daemon.json`. Setting either option no longer takes an effect, but a deprecation warning log is added to raise awareness about the deprecation. This warning is planned to become an error in the Docker v29.0. Users currently using these options are therefore recommended to remove this option from their configuration to prevent the daemon from starting when upgrading to Docker v29.0. The `AllowNondistributableArtifactsCIDRs` and `AllowNondistributableArtifactsHostnames` fields in the `RegistryConfig` of the `GET /info` API response are also deprecated. For API version v1.48 and lower, the fields are still included in the response but always `null`. In API version v1.49 and higher, the field will be omitted entirely. [oci#233]: opencontainers/image-spec#233 [oci#965]: opencontainers/image-spec#965 [msft-3645201]: https://techcommunity.microsoft.com/blog/containers/announcing-windows-container-base-image-redistribution-rights-change/3645201 [msft-3846833]: https://techcommunity.microsoft.com/blog/containers/announcing-removal-of-foreign-layers-from-windows-container-images/3846833 Signed-off-by: Sebastiaan van Stijn <[email protected]>
This flag is deprecated and no longer functional. Signed-off-by: Sebastiaan van Stijn <[email protected]>
This flag is deprecated and no longer functional. Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
force-pushed
the
deprecate_nondistributable_artifacts
branch
from
49854bb to
7e8f949
Compare
|
Thanks! (rebase was because #5725 was merged, which changed an adjacent line) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Deprecate configuration for pushing non-distributable artifacts
Non-distributable artifacts (also called foreign layers) were introduced in docker v1.12 to accommodate Windows images for which the EULA did not allow layers to be distributed through registries other than those hosted by Microsoft. The concept of foreign / non-distributable layers was adopted by the OCI distribution spec in oci#233. These restrictions were relaxed later to allow distributing these images through non-public registries, for which a configuration was added in Docker v17.0.6.0.
In 2022, Microsoft updated the EULA and removed these restrictions, followed by the OCI distribution specification deprecating foreign layers in oci#965. In 2023, Microsoft removed the use of foreign data layers for their images, making this functionality obsolete.
Docker v28.0 deprecates the
--allow-nondistributable-artifactsdaemon flag and correspondingallow-nondistributable-artifactsfield indaemon.json. Setting either option no longer takes an effect, but a deprecation warning log is added to raise awareness about the deprecation. This warning is planned to become an error in the Docker v29.0.Users currently using these options are therefore recommended to remove this option from their configuration to prevent the daemon from starting when upgrading to Docker v29.0.
The
AllowNondistributableArtifactsCIDRsandAllowNondistributableArtifactsHostnamesfields in theRegistryConfigof theGET /infoAPI response are also deprecated. For API version v1.48 and lower, the fields are still included in the response but alwaysnull. In API version v1.49 and higher, the field will be omitted entirely.- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)