Implement flatpak index view #1301
Conversation
(The Pulp folks asked for that clarification in response to my work-in-progress implementation of this protocol for Pulp at <pulp/pulp_container#1301> "Implement flatpak index view".)
There was a problem hiding this comment.
Would you mind further squashing all the commits into a single one and fixing the lint errors: https://github.com/pulp/pulp_container/actions/runs/5201618714/jobs/9384837157?pr=1301?
For caching, you will need to override the make_key method.
@ipanova requested that "you can keep the commits with all the extra info you've put there since that will help". Please let me know what's preferred.
done, stbergmann@2ce9aeb "Manually reformat according to black 23.3.0" |
There was a problem hiding this comment.
As discussed on slack with @stbergmann there is some undocumented/outdated information on the specs that will need to be fixed.
Another question i have, is about specs themselves, they do not really seem to be official or finalized. They are not accepted by registry specs either. Last mention I found about them is that they are in DRAFT https://opencontainers.org/posts/blog/2018-11-07-bringing-oci-images-to-the-desktop-with-flatpak/
With this reasoning we need to introduce a so called feature flag, probably a pulp setting that will enabling or disabling the flatpack index support in the pulp-container registry. By default it should be disabled.
@stbergmann can you provide multiple various examples of how client request would look like?
We also will need to add docs as part of this PR.
pulp_container/app/cache.py
Outdated
| def make_key(self, request): | ||
| """Make a key composed of the request's query.""" | ||
| all_keys = { | ||
| USER_KEY: request.user.get_username(), |
There was a problem hiding this comment.
don't you need to also have CacheKeys.host as key?
There was a problem hiding this comment.
reading specs Requests to this endpoint are expected to be repeated with exactly the same parameters, possibly by many different clients. It mean different clients expect to repeat same query .Does it mean that it makes sense to cache the query params but not the user==client? :)
There was a problem hiding this comment.
from the recent info we got, since index is unauthenticated then probably it does not make sense to register the user key?
There was a problem hiding this comment.
-
don't you need to also have CacheKeys.host as key?
I have really no idea. And I don't even know what the semantics of CacheKeys.host are supposed to be. My naive assumption is that it would be related to some form of multi-tenancy support, and I already tried to tangentially ask about this in an earlier comment at #1301 (comment).
-
Does it mean that it makes sense to cache the query params but not the user==client? :)
I'm not sure I understand what you mean with the above. Is this perhaps already covered by the next item now?
-
from the recent info we got, since index is unauthenticated then probably it does not make sense to register the user key?
done, 2818e70 "Only index public repositories"
|
Another question, do flatpack clients account for the registry auth? In that case you need to make it work with token auth, the view needs to have |
I had created owtaylor/flagstate#6 "protocol.md: Fix note formatting and add a note about annotations and image lists". I'm not aware there's further "undocumented/outdated information" apart from that "note that annotations and image lists are currently unused" (and thus not implemented by this pulp_container PR). Let me know if you think more is missing.
Can you be more specific what exactly you mean with "registry specs"? On a RH-internal slack channel, @owtaylor mentioned that the "docs [...] at https://github.com/owtaylor/flagstate/blob/master/docs/protocol.md are as official as it gets. I perhaps should move that protocol doc to a separate repository under github.com/flatpak, or into the flatpak project, since the "flagstate" project is dead, but you can certainly count it as official"
OK, I will look into implementing that.
Clients here are the pointing at the https://... base URL relative to which the retrieves information from that endpoint via some https://.../index/static?label:org.flatpak.ref:exists=1&architecture=...&os=linux&tag=latest. Then, given the identifier of some flatpak app advertised through the above, pulls the relevant https://.../base-path/blobs/.... |
|
I filed story to track this #1315 |
I don't really know. Maybe @owtaylor can give some information here? From how I implemented things in this PR and tried them out in a local oci-env instance, I naively assumed that per the design of Pulp the So, first question presumably is whether, per the design of Pulp and Satellite, these |
Per pulp-container design, as long as this endpoint is considered a registry endpoint it should be backed up by token auth. |
The design of the Flatpak client is that the index is unauthenticated and authentication is only needed to access the actually container data. This design is meant to handle things like registry.redhat.io having subscription-only content, and also (in other contexts) the idea that a Flatpak remote might have paid content, but is not meant to provide privacy for registry data. It's not terribly easy to change this because of the split between the user and system sessions for system-wide Flatpak installs.
So the ideal thing would be if we could just make the index unauthenticated - if that doesn't violate pulp principles too badly. If we are doing this, then requiring The alternative, I guess, would be to add standard registry authentication (with what scope?) and then until we can add appropriate support in the Flatpak client, just document that Flatpak access only works for non-authenticated (but likely VPN protected) repositories. |
@ipanova Would that be possible, to "make the index unauthenticated"? @owtaylor I assume you meant |
|
@owtaylor if it is expected to have index unauthenticated then the assumption that the index is going to expose only public repos. Public repos can be are accessible by everyone( aka unauthenticated, anonymous pull). It does not make sense to go through all the content repos( perf. overhead) , expose them( information leak) and then leave it to the user session to provide it's credentials which might or might not give a 200 on content pull. |
|
Here's my interpretation and summary of the outstanding work:
|
It was easy to address that properly (i.e., by not raising 400 but rather implementing the intended semantics) with 719a9f5 "Fix logic for repeated query parameters", so I at least would be fine with leaving the code that way. |
I am fine either way as long as we all agree what to follow. Updated my previous comment, check it out |
I agree that public index, private content is probably not needed for the expected use of Flatpak in pulp_container - an organization publishing content to a deployment of workstations and desktops. And defaulting to that would definitely violate the principle of least surprise. I think we can start off with only indexing public repos, and then that doesn't work for some users, then we have an actual use case, and can decide whether we need:
|
That doesn't need to block this PR, bu tyes, I'll try to move the protocol to some repository under the flatpak organization. Other than that and @stbergmann's comment, the list looks about right to me. Responded to the questions about private content and annotations separately. |
|
[...]
i.e., [...]
I assume I'd add a line |
done now with 097f8cd "Make support for FLATPAK_INDEX conditional", and enabling it in oci_env by adding |
stbergmann
force-pushed
the
flatpak-wip
branch
5 times, most recently
from
593c538
to
46db69e
Compare
stbergmann
force-pushed
the
flatpak-wip
branch
12 times, most recently
from
dc92a8d
to
d8ad7a6
Compare
stbergmann
force-pushed
the
flatpak-wip
branch
3 times, most recently
from
2e790f5
to
f08a44f
Compare
There was a problem hiding this comment.
Thanks for working on this! Please, consider this comment once again: #1301 (comment).
|
@owtaylor do you want to give another look before this gets merged? |
Which I had addressed with "But anyway, if it's better to be explicit here, done that now in d8ad7a6" at #1301 (comment), no? |
This implements the protocol documented at https://github.com/owtaylor/flagstate/blob/master/docs/protocol.md, with the following notes:
Both of those simplifications are in line with how upstream flatpak indexers (e.g., https://github.com/owtaylor/flatpak-indexer serving https://registry.fedoraproject.org/) behave and with what clients actually expect and make use of.
(This fixes https://issues.redhat.com/browse/SAT-4416 "Create a JSON index to allow installing via Flatpak client".)
closes #1315