feat: replace docker client code with oras - take 2

api/oci/extensions/repositories/ocireg/blobs.go

@@ -10,7 +10,7 @@ import (
 
 	"ocm.software/ocm/api/oci/cpi"
 	"ocm.software/ocm/api/oci/extensions/attrs/cacheattr"
-	"ocm.software/ocm/api/tech/docker/resolve"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 )
@@ -23,20 +23,20 @@ type BlobContainer interface {
 
 type blobContainer struct {
 	accessio.StaticAllocatable
-	fetcher resolve.Fetcher
-	pusher  resolve.Pusher
+	fetcher oras.Fetcher
+	pusher  oras.Pusher
 	mime    string
 }
 
 type BlobContainers struct {
 	lock    sync.Mutex
 	cache   accessio.BlobCache
-	fetcher resolve.Fetcher
-	pusher  resolve.Pusher
+	fetcher oras.Fetcher
+	pusher  oras.Pusher
 	mimes   map[string]BlobContainer
 }
 
-func NewBlobContainers(ctx cpi.Context, fetcher remotes.Fetcher, pusher resolve.Pusher) *BlobContainers {
+func NewBlobContainers(ctx cpi.Context, fetcher remotes.Fetcher, pusher oras.Pusher) *BlobContainers {
 	return &BlobContainers{
 		cache:   cacheattr.Get(ctx),
 		fetcher: fetcher,
@@ -73,15 +73,15 @@ func (c *BlobContainers) Release() error {
 	return list.Result()
 }
 
-func newBlobContainer(mime string, fetcher resolve.Fetcher, pusher resolve.Pusher) *blobContainer {
+func newBlobContainer(mime string, fetcher oras.Fetcher, pusher oras.Pusher) *blobContainer {
 	return &blobContainer{
 		mime:    mime,
 		fetcher: fetcher,
 		pusher:  pusher,
 	}
 }
 
-func NewBlobContainer(cache accessio.BlobCache, mime string, fetcher resolve.Fetcher, pusher resolve.Pusher) (BlobContainer, error) {
+func NewBlobContainer(cache accessio.BlobCache, mime string, fetcher oras.Fetcher, pusher oras.Pusher) (BlobContainer, error) {
 	c := newBlobContainer(mime, fetcher, pusher)
 
 	if cache == nil {

api/oci/extensions/repositories/ocireg/namespace.go

@@ -12,7 +12,7 @@ import (
 	"ocm.software/ocm/api/oci/cpi"
 	"ocm.software/ocm/api/oci/cpi/support"
 	"ocm.software/ocm/api/oci/extensions/actions/oci-repository-prepare"
-	"ocm.software/ocm/api/tech/docker/resolve"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 	"ocm.software/ocm/api/utils/logging"
@@ -22,10 +22,10 @@ import (
 type NamespaceContainer struct {
 	impl     support.NamespaceAccessImpl
 	repo     *RepositoryImpl
-	resolver resolve.Resolver
-	lister   resolve.Lister
-	fetcher  resolve.Fetcher
-	pusher   resolve.Pusher
+	resolver oras.Resolver
+	lister   oras.Lister
+	fetcher  oras.Fetcher
+	pusher   oras.Pusher
 	blobs    *BlobContainers
 	checked  bool
 }
@@ -69,7 +69,7 @@ func (n *NamespaceContainer) SetImplementation(impl support.NamespaceAccessImpl)
 	n.impl = impl
 }
 
-func (n *NamespaceContainer) getPusher(vers string) (resolve.Pusher, error) {
+func (n *NamespaceContainer) getPusher(vers string) (oras.Pusher, error) {
 	err := n.assureCreated()
 	if err != nil {
 		return nil, err

api/oci/extensions/repositories/ocireg/repository.go

@@ -8,18 +8,18 @@ import (
 	"path"
 	"strings"
 
-	"github.com/containerd/containerd/remotes/docker/config"
 	"github.com/containerd/errdefs"
 	"github.com/mandelsoft/goutils/errors"
 	"github.com/mandelsoft/logging"
+	"oras.land/oras-go/v2/registry/remote/auth"
+	"oras.land/oras-go/v2/registry/remote/retry"
 
 	"ocm.software/ocm/api/credentials"
 	"ocm.software/ocm/api/datacontext/attrs/rootcertsattr"
 	"ocm.software/ocm/api/oci/artdesc"
 	"ocm.software/ocm/api/oci/cpi"
-	"ocm.software/ocm/api/tech/docker"
-	"ocm.software/ocm/api/tech/docker/resolve"
 	"ocm.software/ocm/api/tech/oci/identity"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils"
 	ocmlog "ocm.software/ocm/api/utils/logging"
 	"ocm.software/ocm/api/utils/refmgmt"
@@ -114,7 +114,7 @@ func (r *RepositoryImpl) getCreds(comp string) (credentials.Credentials, error)
 	return identity.GetCredentials(r.GetContext(), r.info.Locator, comp)
 }
 
-func (r *RepositoryImpl) getResolver(comp string) (resolve.Resolver, error) {
+func (r *RepositoryImpl) getResolver(comp string) (oras.Resolver, error) {
 	creds, err := r.getCreds(comp)
 	if err != nil {
 		if !errors.IsErrUnknownKind(err, credentials.KIND_CONSUMER) {
@@ -126,57 +126,54 @@ func (r *RepositoryImpl) getResolver(comp string) (resolve.Resolver, error) {
 		logger.Trace("no credentials")
 	}
 
-	opts := docker.ResolverOptions{
-		Hosts: docker.ConvertHosts(config.ConfigureHosts(context.Background(), config.HostOptions{
-			UpdateClient: func(client *http.Client) error {
-				// copy from http.DefaultTransport with a roundtripper injection
-				client.Transport = ocmlog.NewRoundTripper(client.Transport, logger)
-				return nil
-			},
-			Credentials: func(host string) (string, string, error) {
+	authCreds := auth.Credential{}
+	if creds != nil {
+		pass := creds.GetProperty(credentials.ATTR_IDENTITY_TOKEN)
+		if pass == "" {
+			pass = creds.GetProperty(credentials.ATTR_PASSWORD)
+		}
+		authCreds.Username = creds.GetProperty(credentials.ATTR_USERNAME)
+		authCreds.Password = pass
+	}
+
+	client := retry.DefaultClient
+	if r.info.Scheme == "https" {
+		// set up TLS
+		//nolint:gosec // used like the default, there are OCI servers (quay.io) not working with min version.
+		conf := &tls.Config{
+			// MinVersion: tls.VersionTLS13,
+			RootCAs: func() *x509.CertPool {
+				var rootCAs *x509.CertPool
 				if creds != nil {
-					p := creds.GetProperty(credentials.ATTR_IDENTITY_TOKEN)
-					if p == "" {
-						p = creds.GetProperty(credentials.ATTR_PASSWORD)
+					c := creds.GetProperty(credentials.ATTR_CERTIFICATE_AUTHORITY)
+					if c != "" {
+						rootCAs = x509.NewCertPool()
+						rootCAs.AppendCertsFromPEM([]byte(c))
 					}
-					pw := ""
-					if p != "" {
-						pw = "***"
-					}
-					logger.Trace("query credentials", ocmlog.ATTR_USER, creds.GetProperty(credentials.ATTR_USERNAME), "pass", pw)
-					return creds.GetProperty(credentials.ATTR_USERNAME), p, nil
-				}
-				logger.Trace("no credentials")
-				return "", "", nil
-			},
-			DefaultScheme: r.info.Scheme,
-			//nolint:gosec // used like the default, there are OCI servers (quay.io) not working with min version.
-			DefaultTLS: func() *tls.Config {
-				if r.info.Scheme == "http" {
-					return nil
 				}
-				return &tls.Config{
-					// MinVersion: tls.VersionTLS13,
-					RootCAs: func() *x509.CertPool {
-						var rootCAs *x509.CertPool
-						if creds != nil {
-							c := creds.GetProperty(credentials.ATTR_CERTIFICATE_AUTHORITY)
-							if c != "" {
-								rootCAs = x509.NewCertPool()
-								rootCAs.AppendCertsFromPEM([]byte(c))
-							}
-						}
-						if rootCAs == nil {
-							rootCAs = rootcertsattr.Get(r.GetContext()).GetRootCertPool(true)
-						}
-						return rootCAs
-					}(),
+				if rootCAs == nil {
+					rootCAs = rootcertsattr.Get(r.GetContext()).GetRootCertPool(true)
 				}
+				return rootCAs
 			}(),
-		})),
+		}
+		client = &http.Client{
+			Transport: retry.NewTransport(&http.Transport{
+				TLSClientConfig: conf,
+			}),
+		}
+	}
+
+	authClient := &auth.Client{
+		Client:     client,
+		Cache:      auth.NewCache(),
+		Credential: auth.StaticCredential(r.info.HostPort(), authCreds),
 	}
 
-	return docker.NewResolver(opts), nil
+	return oras.New(oras.ClientOptions{
+		Client:    authClient,
+		PlainHTTP: r.info.Scheme == "http",
+	}), nil
 }
 
 func (r *RepositoryImpl) GetRef(comp, vers string) string {

api/oci/extensions/repositories/ocireg/utils.go

@@ -14,7 +14,7 @@ import (
 
 	"ocm.software/ocm/api/oci/artdesc"
 	"ocm.software/ocm/api/oci/cpi"
-	"ocm.software/ocm/api/tech/docker/resolve"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 	"ocm.software/ocm/api/utils/logging"
@@ -81,28 +81,29 @@ func readAll(reader io.ReadCloser, err error) ([]byte, error) {
 	return data, nil
 }
 
-func push(ctx context.Context, p resolve.Pusher, blob blobaccess.BlobAccess) error {
+func push(ctx context.Context, p oras.Pusher, blob blobaccess.BlobAccess) error {
 	desc := *artdesc.DefaultBlobDescriptor(blob)
 	return pushData(ctx, p, desc, blob)
 }
 
-func pushData(ctx context.Context, p resolve.Pusher, desc artdesc.Descriptor, data blobaccess.DataAccess) error {
+func pushData(ctx context.Context, p oras.Pusher, desc artdesc.Descriptor, data blobaccess.DataAccess) error {
 	key := remotes.MakeRefKey(ctx, desc)
 	if desc.Size == 0 {
 		desc.Size = -1
 	}
 
 	logging.Logger().Debug("*** push blob", "mediatype", desc.MediaType, "digest", desc.Digest, "key", key)
-	req, err := p.Push(ctx, desc, data)
-	if err != nil {
+	if err := p.Push(ctx, desc, data); err != nil {
 		if errdefs.IsAlreadyExists(err) {
 			logging.Logger().Debug("blob already exists", "mediatype", desc.MediaType, "digest", desc.Digest)
 
 			return nil
 		}
+
 		return fmt.Errorf("failed to push: %w", err)
 	}
-	return req.Commit(ctx, desc.Size, desc.Digest)
+
+	return nil
 }
 
 var dummyContext = nologger()

api/tech/docker/README.md

@@ -2,3 +2,5 @@
 
 Taken from github.com/containerd/containerd remotes/docker to add list endpoints
 Fix retry of requests with ResendBuffer
+
+This code is deprecated in favour of `regclient` package.

api/tech/docker/errors/errors.go

@@ -1,3 +1,5 @@
+//go:build deprecated
+
 /*
    Copyright The containerd Authors.
 

api/tech/docker/fetcher.go

@@ -1,3 +1,5 @@
+//go:build deprecated
+
 package docker
 
 import (
@@ -39,7 +41,6 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R
 		// firstly try fetch via external urls
 		for _, us := range desc.URLs {
 			ctx = log.WithLogger(ctx, log.G(ctx).WithField("url", us))
-
 			u, err := url.Parse(us)
 			if err != nil {
 				log.G(ctx).WithError(err).Debug("failed to parse")

api/tech/docker/handler.go

@@ -1,3 +1,5 @@
+//go:build deprecated
+
 package docker
 
 import (

api/tech/docker/httpreadseeker.go

@@ -1,3 +1,5 @@
+//go:build deprecated
+
 package docker
 
 import (

api/tech/docker/lister.go

@@ -1,3 +1,5 @@
+//go:build deprecated
+
 package docker
 
 import (
@@ -9,8 +11,7 @@ import (
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/log"
 	"github.com/pkg/errors"
-
-	"ocm.software/ocm/api/tech/docker/resolve"
+	"ocm.software/ocm/api/tech/oras"
 )
 
 var ErrObjectNotRequired = errors.New("object not required")
@@ -24,7 +25,7 @@ type dockerLister struct {
 	dockerBase *dockerBase
 }
 
-func (r *dockerResolver) Lister(ctx context.Context, ref string) (resolve.Lister, error) {
+func (r *dockerResolver) Lister(ctx context.Context, ref string) (oras.Lister, error) {
 	base, err := r.resolveDockerBase(ref)
 	if err != nil {
 		return nil, err

api/tech/docker/orig.go

@@ -1,3 +1,5 @@
+//go:build deprecated
+
 package docker
 
 import (

api/tech/docker/pusher.go

@@ -1,3 +1,5 @@
+//go:build deprecated
+
 package docker
 
 import (
@@ -17,9 +19,8 @@ import (
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-
 	remoteserrors "ocm.software/ocm/api/tech/docker/errors"
-	"ocm.software/ocm/api/tech/docker/resolve"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 )
 
@@ -37,11 +38,11 @@ type dockerPusher struct {
 	tracker StatusTracker
 }
 
-func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor, src resolve.Source) (resolve.PushRequest, error) {
+func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor, src oras.Source) (oras.PushRequest, error) {
 	return p.push(ctx, desc, src, remotes.MakeRefKey(ctx, desc), false)
 }
 
-func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, src resolve.Source, ref string, unavailableOnFail bool) (resolve.PushRequest, error) {
+func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, src oras.Source, ref string, unavailableOnFail bool) (oras.PushRequest, error) {
 	if l, ok := p.tracker.(StatusTrackLocker); ok {
 		l.Lock(ref)
 		defer l.Unlock(ref)
@@ -322,7 +323,7 @@ type pushRequest struct {
 	ref  string
 
 	responseC  <-chan response
-	source     resolve.Source
+	source     oras.Source
 	isManifest bool
 
 	expected digest.Digest

api/tech/docker/registry.go

@@ -1,3 +1,5 @@
+//go:build deprecated
+
 package docker
 
 import (