project-zot / project-zot.github.io Goto Github PK
View Code? Open in Web Editor NEWzotregistry.dev website
Home Page: https://zotregistry.dev
License: Apache License 2.0
zotregistry.dev website
Home Page: https://zotregistry.dev
License: Apache License 2.0
View the following link to download the report.
RunnerID:5128068659
It would be awesome to be able to select the latest docs from the select
I want to try the latest release (2.0.0-rc7) but checking the new config or docs is a bit hard...
Add next
/ develop
as a select option, like many other projecs do
No response
No response
#160 adds new article, and looks like it is mentioned in changelogs or discoverable in search box, but not available in the list of the articles on the left menu.
List of th articles on the left shows link to imutable tags article.
No response
No response
The main commands of our ZLI have changed quite drastically and the documentation needs updates.
A major change that affects all commands/subcommands is that now the config is not specified as an argument to the command but as the --config
flag.
The --output
, -o
flag has been changed to --format
, -f
The old commands that used to be specified using flags have been moved into subcommands:
zli images --base-images
→ zli image base
zli cve --cve-id --fixed
→ zli cve fixed
etc.
I'll open a PR when I'll note how the new commands should look like for the zli.md file.
I'll list the mapping from old to new here just in case. I've notated the arguments with square brakets: [repo]
images
→ image
Old | New |
---|---|
images --name, -n | image name |
images --base-images, -b | image base |
images --derived-images, -D | image derived |
images --digest, -d | image digest |
images | image list |
cve
→ cve
Old | New |
---|---|
cve --cve-id | cve affected [cve-id] |
cve --image | cve list [repo:tag] |
cve --image --cve-id --fixed | cve fixed [repo] [cve-id] |
cve --image --cve-id | cve list [repo:tag] --cve-id |
cve --image --search | cve list [repo:tag] --cve-id |
search
→ search
Old | New |
---|---|
search --subject | search subject [repo:tag] |
search --query | search query [repo] |
repos
→ repo
Old | New |
---|---|
repos | repo list |
No response
No response
No response
View the following link to download the report.
RunnerID:6582361822
Describe the bug
A clear and concise description of what the bug is.
Document what GraphQl is and how to use it
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
v1.4.3
The command is wrong and must be replaced:
midgard@yggdrasil:~/work/github.com/project-zot/project-zot.github.io$ podman run -p 5000:5000 ghcr.io/project-zot/zot-linux-amd64-minimal:latest Trying to pull ghcr.io/project-zot/zot-linux-amd64-minimal:latest... Error: initializing source docker://ghcr.io/project-zot/zot-linux-amd64-minimal:latest: Requesting bear token: invalid status code from registry 403 (Forbidden)
Image name should be replaced from ghcr.io/project-zot/zot-linux-amd64-minimal:latest to ghcr.io/project-zot/zot-minimal-linux-amd64:latest
In this section https://zotregistry.io/v1.4.3/developer-guide/extensions-dev/#guidelines-for-developing-new-extensions we have a link to extension-lint-disable.go which point wrongly here:https://github.com/project-zot/zot/blob/main/pkg/extensions/lint/lint-disabled.go.
Correct link should be this one https://github.com/project-zot/zot/blob/main/pkg/extensions/lint/lint_disabled.go
Folowin the guidence from this page https://zotregistry.io/v1.4.3/developer-guide/onboarding/#supported-developer-platforms and running zot as sugested by the command here https://zotregistry.io/v1.4.3/developer-guide/onboarding/#running-zot I get a panic as below.
I suggest changing the configuration file to minimal:
bin/zot-linux-amd64 serve examples/config-minimal.json
The current panic message:
midgard@joro:~/work/github.com/adodon2go/zot$ bin/zot-linux-amd64 serve examples/config-example.json
panic: open test/data/htpasswd: no such file or directory
goroutine 1 [running]:
zotregistry.io/zot/pkg/api.(*AuthnMiddleware).TryAuthnHandlers(0xc0012ce920, 0xc000fb7600)
zotregistry.io/zot/pkg/api/authn.go:318 +0xcd6
zotregistry.io/zot/pkg/api.AuthHandler(0xc000fb7600)
zotregistry.io/zot/pkg/api/authn.go:63 +0x65
zotregistry.io/zot/pkg/api.(*RouteHandler).SetupRoutes(0xc000135dd8)
zotregistry.io/zot/pkg/api/routes.go:67 +0x30
zotregistry.io/zot/pkg/api.NewRouteHandler(...)
zotregistry.io/zot/pkg/api/routes.go:60
zotregistry.io/zot/pkg/api.(*Controller).Run(0xc000fb7600, {0x562507d4ca68?, 0xc0025d29b0?})
zotregistry.io/zot/pkg/api/controller.go:129 +0x51b
zotregistry.io/zot/pkg/cli.NewServerRootCmd.newServeCmd.func2(0xc000fb6b00?, {0xc000abc920, 0x1, 0x562505032d26?})
zotregistry.io/zot/pkg/cli/root.go:69 +0xc8
github.com/spf13/cobra.(*Command).execute(0xc000f8c600, {0xc000abc8e0, 0x1, 0x1})
github.com/spf13/[email protected]/command.go:944 +0x863
github.com/spf13/cobra.(*Command).ExecuteC(0xc000f8c300)
github.com/spf13/[email protected]/command.go:1068 +0x3a5
github.com/spf13/cobra.(*Command).Execute(0xc0000061a0?)
github.com/spf13/[email protected]/command.go:992 +0x13
main.main()
zotregistry.io/zot/cmd/zot/main.go:10 +0x18
No response
No response
No response
Add a separate article for profiling in zot.
The starting point is: https://github.com/project-zot/zot/blob/main/pkg/debug/pprof/pprof.md
This article should be linked to from:
No response
No response
No response
Right now it is not trivial to identify all http endpoints currently exposed by zot.
Let's add the list to the zot developer guide.
/ (ui) - enabled by using the ui
build label and having the ui
extension configuration enabled
/auth/login - available when OpenID authentication is enabled
/auth/logout - available when authentication is available in general (not just for OpenID, but all session-based authentication)
/auth/apikey - available when API key authentication is enabled
/auth/callback - available when OpenID authentication is enabled
/oras/artifacts/v1/ (oras) - always enabled
/metrics (metrics with extensions) - when the metrics
build label is used and the metrics
extension is enabled
/swagger/v2/ (swagger) - enabled by using the the debug
build label
/v2/ (oci spec specific endpoints) - always available
/v2/_oci/ext/discover (discover extensions per oci spec) - always available
/v2/metrics (metrics without extensions) - when metrics
extension is disabled, regardless if the metrics
build label was used or not
/v2/_zot/ext/mgmt (mgmt extension) - enabled by using the mgmt
build label and having both the search
and the ui
extensions configurations enabled.
/v2/_zot/ext/cosign (imagetrust extension) - enabled by using the imagetrust
build label and having the trust
extension configuration enabled with the cosign
option enabled
/v2/_zot/ext/notation (imagetrust extension, will have query parameters for uploading certificates for signature verification) - enabled by using the imagetrust
build label and having the trust
extension configuration enabled with the notation
option enabled
/v2/_zot/ext/search (search extension) - enabled by using the search
build label and having the search
extension configuration enabled
/v2/_zot/ext/userprefs (user preferences extension) - enabled by using the userprefs
build label and having both the search
and the ui
extensions configurations enabled.
/v2/_zot/debug/graphql-playground (graphql playground) - enabled by using the the debug
build label
We should have an article about these endpoints and how to build/enable them.
We could potentially have separate articles per feature - I don't think they are all covered at the moment.
No response
NA
The documentation at Attach a reference using ORAS seems outdated.
oras push
command as described in ZOT documentation hereThe artifact should be available as a reference to the given subject.
The ORAS push command given in the user documentation for ZOT is as follows:
oras push localhost:5000/hello-artifact \
--artifact-type 'signature/example' \
--subject localhost:5000/hello-artifact:v2 \
./signature.json:application/json
The oras push
command no longer has the option --subject
, as evident in the ORAS documentation here.
From what I understand, the oras attach
command achieves exactly what the outdated documentation above needed.
The new command should be as follows:
oras attach \
--artifact-type signature/example \
localhost:5000/hello-artifact:v2 \
signature.json
None
The Linux Foundation trademark disclaimer contains a bug in the url. It links to ihttps://www.linuxfoundation.org/trademark-usage/
instead of https://www.linuxfoundation.org/trademark-usage/
.Foundation
Trademark should link to https://www.linuxfoundation.org/trademark-usage/
No response
To fix, edit the trademark disclaimer, and remove the i prefixed before the trademark URL: https://www.linuxfoundation.org/trademark-usage/
We will need a new section in the landing page which will contain simple commands to get started with Zot
not relevant
The website under zotregistry.io is down.
Website loads and documentation can be viewed
No response
No response
View the following link to download the report.
RunnerID:3153515364
View the following link to download the report.
RunnerID:4299309497
There have been discussions on removing the z
from the zot logo, as the icon is already a stylized z
.
We're not going to go that route, but we should look into an appropriate font for the zot
test to be shown next to the logo
Original issue: project-zot/zot#1634
The PR in which the feature is implemented: project-zot/zot#1866
More specifically this readme in the PR: https://github.com/project-zot/zot/pull/1866/files#diff-49aaa2819e35a856818ecec8c9fa7e1c79ad028d3f44bd749736353cfb51bac9
No response
No response
No response
current
Go to the current home page - https://zotregistry.dev/v2.0.2/ - and click on the "ecosystem tools" link. That URL references the zotregistry.io
domain - https://zotregistry.io/latest/user-guides/user-guide-datapath/
The domain should be zotregistry.dev
No response
No response
No response
No response
Update admin guide documentation to include the scheduler settings added in: project-zot/zot@d4f200c
No response
Just to be on the safe side @rchincha do we advertise this configuration to the users?
No response
Examples of search queries which can be used with the search (graphql) endpoint:
https://github.com/project-zot/zot/blob/main/pkg/extensions/search/search.md
The queries can be made from shell (see examples above) or from a UI, such as the graphql playground, or postman.
The graphql playground is available in zot built with the 'debug' build label, and reachable at: /v2/_zot/debug/graphql-playground#
Add an article on how to use the graphql playground (should this be for developers?).
No response
No response
Currently, docs are hosted on a website. Also publish a PDF doc just in case the website is inaccessible.
https://pypi.org/project/mkdocs-with-pdf/
No response
No response
One of the users reported:
If the base64 encoded user:password is provided, in determining the validity of the Basic Auth credentials, the basicAuthHandler function in authn.go, compares the bycrypt hash of the retrieved password with of password hash of the looked up username. However, while use of bycrypt by users, when encrypting passwords is sensible security, making such an assumption, without making it a documented requirement, isn't user friendly.
Maybe the user did not find the authentication document, but I think we should at least make the use of bycrypt
explicit in the text at https://zotregistry.io/v1.4.3/articles/authn-authz/#htpasswd
Right now it only mentions the B
option in the command htpasswd -bBn
, which may be too easy for the user to miss.
No response
No response
See: project-zot/zot#1381
More specifically:
Note we'd need
AllowOrigin
zot config setting needs to be specific (cannot be wildcard), and must include the UI (zui) origin.No response
No response
No response
v1.4.3
looking for details about how to config and use the cve scanning feature, I only see references to the zli command and the search extension at https://zotregistry.io/v1.4.3/admin-guide/admin-configuration/?h=cve#enhanced-searching-and-querying-images
We should have a separate section for this, and clearly explain what it scans and when, how to enable it, and what tools it uses under the hood.
also, does it require the search extension?
I assume it scans each tag by extracting it then scanning the resulting rootfs, probably on push, but I think we should be explicit in the docs.
n/a
No response
No response
No response
zot's authz model is powerful enough to express and capture various use cases.
But specifically call out "immutable tags" - read and create but not update capabilities in that policy.
No response
No response
No response
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.