Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incompatible name restrictions breaking customers. #1062

Closed
mattmoor opened this issue Oct 3, 2015 · 2 comments
Closed

Incompatible name restrictions breaking customers. #1062

mattmoor opened this issue Oct 3, 2015 · 2 comments

Comments

@mattmoor
Copy link
Contributor

mattmoor commented Oct 3, 2015

In v1, image names were allowed to contain: [a-z0-9_-]{4,30}.
In v2, this was restricted to: [a-z0-9]+(?:[._-][a-z0-9]+)* (for all components)

While I understand the sentiment that v1 was overly permissive, we have customers of our v1 API, who are broken by 1.8+ where the v2 naming restrictions have been applied to all image name validation paths.

This breaking change seems to fundamentally conflict with this stated objective of v2:

These name requirements only apply to the registry API and should accept a superset of what is supported by other docker ecosystem components.

The pattern being employed by most (possibly all?) affected customers is to use hostnames for their image names, e.g. foo.bar-baz.com. Therein lies the problem because hostnames are slightly more permissive (in some ways) than the current regular expression:

<hname> ::= <name>*["."<name>]
<name> ::= <letter-or-digit>[*[<letter-or-digit-or-hyphen>]<letter-or-digit>]

(source: StackOverflow quoting spec)

In particular, we have customers with hostnames of the form foo--bar.baz.com.

While it still leaves the possibility that v2 name validation breaks valid v1 images, my proposal is to relax the v2 name restrictions to allow valid hostnames as path components.

I believe that means changing this regular expression to:

// Allows a hostname part (also allowing underscores)
var NameSegmentRegexp = regexp.MustCompile(`[a-z0-9](?:[_-]*[a-z0-9])*`)
// Allows several hostname parts, each separated by a dot.
var RepositoryNameComponentRegexp = regexp.MustCompile(
    NameSegmentRegexp.String() + `(?:\.` + NameSegmentRegexp.String() + `)*`);
@mattmoor
Copy link
Contributor Author

mattmoor commented Oct 3, 2015

@stevvooe @dmcgowan @dmp42 @ncdc @vbatts @jlhawn

Folks care to weigh in on this? Has the ship sailed on potentially allowing this into 1.9? I'm happy to get a PR together ASAP, if that's a possibility.

@mattmoor mattmoor mentioned this issue Oct 3, 2015
Closed
@thaJeztah thaJeztah mentioned this issue Oct 4, 2015
Closed
@mattmoor
Copy link
Contributor Author

mattmoor commented Oct 7, 2015

@dmcgowan I updated the regular expression, thanks for spotting the bug.

This RFC: https://www.ietf.org/rfc/rfc2396.txt includes:

      host          = hostname | IPv4address
      hostname      = *( domainlabel "." ) toplabel [ "." ]
      domainlabel   = alphanum | alphanum *( alphanum | "-" ) alphanum

Technically foo.bar.baz. is a fully-qualified-domain-name, but I'm open to disallowing the trailing ., the main part we need to support is for one or more domainlabel segments separated by .s.

I could go either way on support for adjacent _, but it is specifically called out in the linked issue. It would be easy enough to move this from where it is now to a group with the \..

I will send a PR for this ASAP.

mattmoor added a commit to mattmoor/distribution that referenced this issue Oct 7, 2015
@mattmoor
Allow hostname components in component names.
0efe3dc 
Fixes distribution#1062
Fixes distribution#1056

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.
mattmoor added a commit to mattmoor/distribution that referenced this issue Oct 7, 2015
@mattmoor
Allow hostname components in component names.
47d75a6 
Fixes distribution#1062
Fixes distribution#1056

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.

Signed-off-by: Matt Moore <mattmoor@google.com>
@mattmoor mattmoor mentioned this issue Oct 7, 2015
Merged
mattmoor added a commit to mattmoor/distribution that referenced this issue Oct 8, 2015
@mattmoor
Allow hostname components in component names.
74c32a0 
Fixes distribution#1062

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.

Signed-off-by: Matt Moore <mattmoor@google.com>
dmcgowan pushed a commit that referenced this issue Oct 8, 2015
@mattmoor @dmcgowan
Allow hostname components in component names.
20c4b7a 
Fixes #1062

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.

Signed-off-by: Matt Moore <mattmoor@google.com>
RichardScothern pushed a commit that referenced this issue Nov 6, 2015
@mattmoor @RichardScothern
Allow hostname components in component names.
0be4fd0 
Fixes #1062

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.

Signed-off-by: Matt Moore <mattmoor@google.com>
thaJeztah pushed a commit to thaJeztah/distribution that referenced this issue Apr 22, 2021
@mattmoor
Allow hostname components in component names.
f3ac3d3 
Fixes distribution#1062

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.

Signed-off-by: Matt Moore <mattmoor@google.com>
thaJeztah pushed a commit to thaJeztah/distribution that referenced this issue Jan 19, 2022
@mattmoor
Allow hostname components in component names.
d5ca577 
Fixes distribution#1062

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.

Signed-off-by: Matt Moore <mattmoor@google.com>
dylanrhysscott pushed a commit to digitalocean/docker-distribution that referenced this issue Jan 5, 2023
@mattmoor @dylanrhysscott
Allow hostname components in component names.
815a2ef 
Fixes distribution#1062

This relaxes the naming restrictions places on Docker images to permit
valid hostnames according to [RFC-2396](https://www.ietf.org/rfc/rfc2396.txt).

It deviates from the RFC in the following ways:
 1) Allow underscores where we allow hyphens (hostnames don't allow
 underscores, which we must for backwards compatibility).
 2) Leave "top-level" name segments unrestricted (domains require an
 alpha character to begin a top-level domain, e.g. "com").
 3) DO NOT allow a trailing dot, as permitted by FQDNs.

Signed-off-by: Matt Moore <mattmoor@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mattmoor