From 42584167b765180c83a3d4456882ce8237e27dad Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Mon, 2 May 2022 18:07:08 +0900 Subject: [PATCH] Officially deprecate Schema 1 Schema 1 has been substantially deprecated since circa. 2017 in favor of Schema 2 introduced in Docker 1.10 (Feb 2016) and its successor OCI Image Spec v1, but we have not officially deprecated Schema 1. One of the reasons was that Quay did not support Schema 2 so far, but it is reported that Quay has been supporting Schema 2 since Feb 2020 (moby/buildkit issue 409). This PR deprecates pulling Schema 1 images but the feature will not be removed before containerd 2.0. Pushing Schema 1 images was never implemented in containerd (and its consumers such as BuildKit). Docker/Moby already disabled pushing Schema 1 images in Docker 20.10 (moby/moby PR 41295), but Docker/Moby has not yet disabled pulling Schema 1 as containerd has not yet deprecated Schema 1. (See the comments in moby/moby PR 42300.) Docker/Moby is expected to disable pulling Schema 1 images in future after this deprecation. Signed-off-by: Akihiro Suda --- RELEASES.md | 15 ++++++++------- client.go | 2 ++ client_opts.go | 2 ++ cmd/ctr/commands/content/fetch.go | 2 +- pkg/cri/server/image_pull.go | 2 +- pull.go | 2 +- remotes/docker/resolver.go | 2 +- remotes/docker/schema1/converter.go | 3 +++ 8 files changed, 19 insertions(+), 11 deletions(-) diff --git a/RELEASES.md b/RELEASES.md index 65f873902..89c013b27 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -336,10 +336,11 @@ against total impact. The deprecated features are shown in the following table: -| Component | Deprecation release | Target release for removal | Recommendation | -|----------------------------------------------------------------------|---------------------|----------------------------|-----------------------------------| -| Runtime V1 API and implementation (`io.containerd.runtime.v1.linux`) | containerd v1.4 | containerd v2.0 | Use `io.containerd.runc.v2` | -| Runc V1 implementation of Runtime V2 (`io.containerd.runc.v1`) | containerd v1.4 | containerd v2.0 | Use `io.containerd.runc.v2` | -| config.toml `version = 1` | containerd v1.5 | containerd v2.0 | Use config.toml `version = 2` | -| Built-in `aufs` snapshotter | containerd v1.5 | containerd v2.0 | Use `overlayfs` snapshotter | -| `cri-containerd-*.tar.gz` release bundles | containerd v1.6 | containerd v2.0 | Use `containerd-*.tar.gz` bundles | +| Component | Deprecation release | Target release for removal | Recommendation | +|----------------------------------------------------------------------------------|---------------------|----------------------------|-----------------------------------| +| Runtime V1 API and implementation (`io.containerd.runtime.v1.linux`) | containerd v1.4 | containerd v2.0 | Use `io.containerd.runc.v2` | +| Runc V1 implementation of Runtime V2 (`io.containerd.runc.v1`) | containerd v1.4 | containerd v2.0 | Use `io.containerd.runc.v2` | +| config.toml `version = 1` | containerd v1.5 | containerd v2.0 | Use config.toml `version = 2` | +| Built-in `aufs` snapshotter | containerd v1.5 | containerd v2.0 | Use `overlayfs` snapshotter | +| `cri-containerd-*.tar.gz` release bundles | containerd v1.6 | containerd v2.0 | Use `containerd-*.tar.gz` bundles | +| Pulling Schema 1 images (`application/vnd.docker.distribution.manifest.v1+json`) | containerd v1.7 | containerd v2.0 | Use Schema 2 or OCI images | diff --git a/client.go b/client.go index 866b83db9..d4ef83684 100644 --- a/client.go +++ b/client.go @@ -348,6 +348,8 @@ type RemoteContext struct { // ConvertSchema1 is whether to convert Docker registry schema 1 // manifests. If this option is false then any image which resolves // to schema 1 will return an error since schema 1 is not supported. + // + // Deprecated: use Schema 2 or OCI images. ConvertSchema1 bool // Platforms defines which platforms to handle when doing the image operation. diff --git a/client_opts.go b/client_opts.go index 2ef7575d8..4e0a78a8a 100644 --- a/client_opts.go +++ b/client_opts.go @@ -200,6 +200,8 @@ func WithChildLabelMap(fn func(ocispec.Descriptor) []string) RemoteOpt { // WithSchema1Conversion is used to convert Docker registry schema 1 // manifests to oci manifests on pull. Without this option schema 1 // manifests will return a not supported error. +// +// Deprecated: use Schema 2 or OCI images. func WithSchema1Conversion(client *Client, c *RemoteContext) error { c.ConvertSchema1 = true return nil diff --git a/cmd/ctr/commands/content/fetch.go b/cmd/ctr/commands/content/fetch.go index aef9e8634..c7ec6099f 100644 --- a/cmd/ctr/commands/content/fetch.go +++ b/cmd/ctr/commands/content/fetch.go @@ -190,7 +190,7 @@ func Fetch(ctx context.Context, client *containerd.Client, ref string, config *F containerd.WithPullLabels(labels), containerd.WithResolver(config.Resolver), containerd.WithImageHandler(h), - containerd.WithSchema1Conversion, + containerd.WithSchema1Conversion, //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. } opts = append(opts, config.RemoteOpts...) diff --git a/pkg/cri/server/image_pull.go b/pkg/cri/server/image_pull.go index 199009053..71dc4b628 100644 --- a/pkg/cri/server/image_pull.go +++ b/pkg/cri/server/image_pull.go @@ -127,7 +127,7 @@ func (c *criService) PullImage(ctx context.Context, r *runtime.PullImageRequest) ) pullOpts := []containerd.RemoteOpt{ - containerd.WithSchema1Conversion, + containerd.WithSchema1Conversion, //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. containerd.WithResolver(resolver), containerd.WithPullSnapshotter(c.config.ContainerdConfig.Snapshotter), containerd.WithPullUnpack, diff --git a/pull.go b/pull.go index a7fc83431..ece6d2599 100644 --- a/pull.go +++ b/pull.go @@ -27,7 +27,7 @@ import ( "github.com/containerd/containerd/platforms" "github.com/containerd/containerd/remotes" "github.com/containerd/containerd/remotes/docker" - "github.com/containerd/containerd/remotes/docker/schema1" + "github.com/containerd/containerd/remotes/docker/schema1" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. ocispec "github.com/opencontainers/image-spec/specs-go/v1" "golang.org/x/sync/semaphore" ) diff --git a/remotes/docker/resolver.go b/remotes/docker/resolver.go index 6e543b2c0..ff1cb3336 100644 --- a/remotes/docker/resolver.go +++ b/remotes/docker/resolver.go @@ -31,7 +31,7 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/reference" "github.com/containerd/containerd/remotes" - "github.com/containerd/containerd/remotes/docker/schema1" + "github.com/containerd/containerd/remotes/docker/schema1" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. remoteerrors "github.com/containerd/containerd/remotes/errors" "github.com/containerd/containerd/version" digest "github.com/opencontainers/go-digest" diff --git a/remotes/docker/schema1/converter.go b/remotes/docker/schema1/converter.go index efa4e8d6e..ea222a966 100644 --- a/remotes/docker/schema1/converter.go +++ b/remotes/docker/schema1/converter.go @@ -14,6 +14,9 @@ limitations under the License. */ +// Package schema1 provides a converter to fetch an image formatted in Docker Image Manifest v2, Schema 1. +// +// Deprecated: use images formatted in Docker Image Manifest v2, Schema 2, or OCI Image Spec v1. package schema1 import (