remotes: support cross-repo-push

[fuweid]

With distribution source label in content store, select the longest
common prefix components as condidate mount blob source and try to push
with mount blob.

Fix #2964

Signed-off-by: Wei Fu fuweid89@gmail.com

[thaJeztah]

should probably be a const

[fuweid]

done

[codecov-io]

Codecov Report

Merging #3218 into master will decrease coverage by 0.09%.
The diff coverage is 47.96%.

@@            Coverage Diff            @@
##           master    #3218     +/-   ##
=========================================
- Coverage   44.85%   44.75%   -0.1%     
=========================================
  Files         113      113             
  Lines       12361    12513    +152     
=========================================
+ Hits         5544     5600     +56     
- Misses       5964     6057     +93     
- Partials      853      856      +3

Flag	Coverage Δ
#linux	48.65% <49.71%> (-0.13%)	⬇️
#windows	40.2% <47.96%> (-0.05%)	⬇️

Impacted Files	Coverage Δ
remotes/docker/handler.go	22.47% <0%> (-10.87%)	⬇️
remotes/docker/pusher.go	0% <0%> (ø)	⬆️
remotes/docker/scope.go	65.85% <61.9%> (-5.12%)	⬇️
remotes/docker/authorizer.go	70.52% <79.48%> (+2.54%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 545e79a...dd7c0aa. Read the comment docs.

[thaJeztah]

Ah, oops, I missed the mis-spell; note that I didn't do a real review, I just noticed this PR and spotted the var/const, and now the typo; I'm not super-familiar with this area of the code, so you might want to wait for "real" reviewers to do their review 😅

Suggested change

	const defaultExpiredIn = 60
	const defaultExpiresIn = 60

[estesp]

this is an alternative to #3053, right?

[fuweid]

this is an alternative to #3053, right?

@estesp yeah. kind of alternative. But this pr supports to do auth per request, instead of host name. The change is to support mount from feature provided by registry. It can save ton of time during pushing.

[fuweid]

because of the wall, I failed to vendor the package. will update it soon....

[fuweid]

ping @dmcgowan PTAL. Thanks

[fuweid]

ping @dmcgowan I have updated it and use lock and waitgroup to handle auth fetch job: authHandler will support to lock by the resource scope and limit one fetch job per resource scope. PTAL. Thanks

[dmcgowan]

if l != idx? A check seems cheaper than assignment considering the common case is l == idx

[fuweid]

check the objdump and the if uses less instruction 😂

if there has one duplicate item, there always goes with if and assignment. So, I think it is ok here.

[dmcgowan]

How does a new scope get added in? For example if I first requested for read the token options only has a pull scope, but now I add a response which push scope, do the token options get updated?

[fuweid]

Basically, for one registry host, both the realm and service are the same. The common option will maintain the original resource scope, for instance, repository:foo/bar:pull. If the following request wants to use different scope, like repository:foo/bar:push, the request handler should put the scope into the context and the auth handler will retrieve it and combine with original scope. I think we don't need to update the common options here.

[theopenlab-ci]

Build succeeded.

• containerd-build-arm64 : SUCCESS in 8m 03s (non-voting)

[theopenlab-ci]

Build succeeded.

• containerd-build-arm64 : SUCCESS in 8m 33s (non-voting)

[dmcgowan]

LGTM

[estesp]

LGTM