remove regctl and create the right oras client

Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com>

api/oci/extensions/repositories/ocireg/blobs.go

@@ -10,7 +10,7 @@ import (
 
 	"ocm.software/ocm/api/oci/cpi"
 	"ocm.software/ocm/api/oci/extensions/attrs/cacheattr"
-	"ocm.software/ocm/api/tech/regclient"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 )
@@ -23,20 +23,20 @@ type BlobContainer interface {
 
 type blobContainer struct {
 	accessio.StaticAllocatable
-	fetcher regclient.Fetcher
-	pusher  regclient.Pusher
+	fetcher oras.Fetcher
+	pusher  oras.Pusher
 	mime    string
 }
 
 type BlobContainers struct {
 	lock    sync.Mutex
 	cache   accessio.BlobCache
-	fetcher regclient.Fetcher
-	pusher  regclient.Pusher
+	fetcher oras.Fetcher
+	pusher  oras.Pusher
 	mimes   map[string]BlobContainer
 }
 
-func NewBlobContainers(ctx cpi.Context, fetcher remotes.Fetcher, pusher regclient.Pusher) *BlobContainers {
+func NewBlobContainers(ctx cpi.Context, fetcher remotes.Fetcher, pusher oras.Pusher) *BlobContainers {
 	return &BlobContainers{
 		cache:   cacheattr.Get(ctx),
 		fetcher: fetcher,
@@ -73,15 +73,15 @@ func (c *BlobContainers) Release() error {
 	return list.Result()
 }
 
-func newBlobContainer(mime string, fetcher regclient.Fetcher, pusher regclient.Pusher) *blobContainer {
+func newBlobContainer(mime string, fetcher oras.Fetcher, pusher oras.Pusher) *blobContainer {
 	return &blobContainer{
 		mime:    mime,
 		fetcher: fetcher,
 		pusher:  pusher,
 	}
 }
 
-func NewBlobContainer(cache accessio.BlobCache, mime string, fetcher regclient.Fetcher, pusher regclient.Pusher) (BlobContainer, error) {
+func NewBlobContainer(cache accessio.BlobCache, mime string, fetcher oras.Fetcher, pusher oras.Pusher) (BlobContainer, error) {
 	c := newBlobContainer(mime, fetcher, pusher)
 
 	if cache == nil {

api/oci/extensions/repositories/ocireg/namespace.go

@@ -12,7 +12,7 @@ import (
 	"ocm.software/ocm/api/oci/cpi"
 	"ocm.software/ocm/api/oci/cpi/support"
 	"ocm.software/ocm/api/oci/extensions/actions/oci-repository-prepare"
-	"ocm.software/ocm/api/tech/regclient"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 	"ocm.software/ocm/api/utils/logging"
@@ -22,10 +22,10 @@ import (
 type NamespaceContainer struct {
 	impl     support.NamespaceAccessImpl
 	repo     *RepositoryImpl
-	resolver regclient.Resolver
-	lister   regclient.Lister
-	fetcher  regclient.Fetcher
-	pusher   regclient.Pusher
+	resolver oras.Resolver
+	lister   oras.Lister
+	fetcher  oras.Fetcher
+	pusher   oras.Pusher
 	blobs    *BlobContainers
 	checked  bool
 }
@@ -69,7 +69,7 @@ func (n *NamespaceContainer) SetImplementation(impl support.NamespaceAccessImpl)
 	n.impl = impl
 }
 
-func (n *NamespaceContainer) getPusher(vers string) (regclient.Pusher, error) {
+func (n *NamespaceContainer) getPusher(vers string) (oras.Pusher, error) {
 	err := n.assureCreated()
 	if err != nil {
 		return nil, err

api/oci/extensions/repositories/ocireg/repository.go

@@ -2,6 +2,9 @@ package ocireg
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"net/http"
 	"path"
 	"strings"
 
@@ -12,11 +15,11 @@ import (
 	"oras.land/oras-go/v2/registry/remote/retry"
 
 	"ocm.software/ocm/api/credentials"
+	"ocm.software/ocm/api/datacontext/attrs/rootcertsattr"
 	"ocm.software/ocm/api/oci/artdesc"
 	"ocm.software/ocm/api/oci/cpi"
 	"ocm.software/ocm/api/tech/oci/identity"
 	"ocm.software/ocm/api/tech/oras"
-	"ocm.software/ocm/api/tech/regclient"
 	"ocm.software/ocm/api/utils"
 	ocmlog "ocm.software/ocm/api/utils/logging"
 	"ocm.software/ocm/api/utils/refmgmt"
@@ -111,7 +114,7 @@ func (r *RepositoryImpl) getCreds(comp string) (credentials.Credentials, error)
 	return identity.GetCredentials(r.GetContext(), r.info.Locator, comp)
 }
 
-func (r *RepositoryImpl) getResolver(comp string) (regclient.Resolver, error) {
+func (r *RepositoryImpl) getResolver(comp string) (oras.Resolver, error) {
 	creds, err := r.getCreds(comp)
 	if err != nil {
 		if !errors.IsErrUnknownKind(err, credentials.KIND_CONSUMER) {
@@ -133,13 +136,44 @@ func (r *RepositoryImpl) getResolver(comp string) (regclient.Resolver, error) {
 		authCreds.Password = pass
 	}
 
-	client := &auth.Client{
-		Client:     retry.DefaultClient,
+	client := retry.DefaultClient
+	if r.info.Scheme == "https" {
+		// set up TLS
+		//nolint:gosec // used like the default, there are OCI servers (quay.io) not working with min version.
+		conf := &tls.Config{
+			// MinVersion: tls.VersionTLS13,
+			RootCAs: func() *x509.CertPool {
+				var rootCAs *x509.CertPool
+				if creds != nil {
+					c := creds.GetProperty(credentials.ATTR_CERTIFICATE_AUTHORITY)
+					if c != "" {
+						rootCAs = x509.NewCertPool()
+						rootCAs.AppendCertsFromPEM([]byte(c))
+					}
+				}
+				if rootCAs == nil {
+					rootCAs = rootcertsattr.Get(r.GetContext()).GetRootCertPool(true)
+				}
+				return rootCAs
+			}(),
+		}
+		client = &http.Client{
+			Transport: retry.NewTransport(&http.Transport{
+				TLSClientConfig: conf,
+			}),
+		}
+	}
+
+	authClient := &auth.Client{
+		Client:     client,
 		Cache:      auth.NewCache(),
 		Credential: auth.StaticCredential(r.info.HostPort(), authCreds),
 	}
 
-	return oras.New(oras.ClientOptions{Client: client}), nil
+	return oras.New(oras.ClientOptions{
+		Client:    authClient,
+		PlainHTTP: r.info.Scheme == "http",
+	}), nil
 }
 
 func (r *RepositoryImpl) GetRef(comp, vers string) string {

api/oci/extensions/repositories/ocireg/utils.go

@@ -14,7 +14,7 @@ import (
 
 	"ocm.software/ocm/api/oci/artdesc"
 	"ocm.software/ocm/api/oci/cpi"
-	"ocm.software/ocm/api/tech/regclient"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 	"ocm.software/ocm/api/utils/blobaccess/blobaccess"
 	"ocm.software/ocm/api/utils/logging"
@@ -81,12 +81,12 @@ func readAll(reader io.ReadCloser, err error) ([]byte, error) {
 	return data, nil
 }
 
-func push(ctx context.Context, p regclient.Pusher, blob blobaccess.BlobAccess) error {
+func push(ctx context.Context, p oras.Pusher, blob blobaccess.BlobAccess) error {
 	desc := *artdesc.DefaultBlobDescriptor(blob)
 	return pushData(ctx, p, desc, blob)
 }
 
-func pushData(ctx context.Context, p regclient.Pusher, desc artdesc.Descriptor, data blobaccess.DataAccess) error {
+func pushData(ctx context.Context, p oras.Pusher, desc artdesc.Descriptor, data blobaccess.DataAccess) error {
 	key := remotes.MakeRefKey(ctx, desc)
 	if desc.Size == 0 {
 		desc.Size = -1

api/tech/docker/lister.go

@@ -11,7 +11,7 @@ import (
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/log"
 	"github.com/pkg/errors"
-	"ocm.software/ocm/api/tech/regclient"
+	"ocm.software/ocm/api/tech/oras"
 )
 
 var ErrObjectNotRequired = errors.New("object not required")
@@ -25,7 +25,7 @@ type dockerLister struct {
 	dockerBase *dockerBase
 }
 
-func (r *dockerResolver) Lister(ctx context.Context, ref string) (regclient.Lister, error) {
+func (r *dockerResolver) Lister(ctx context.Context, ref string) (oras.Lister, error) {
 	base, err := r.resolveDockerBase(ref)
 	if err != nil {
 		return nil, err

api/tech/docker/pusher.go

@@ -19,9 +19,8 @@ import (
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"ocm.software/ocm/api/tech/regclient"
-
 	remoteserrors "ocm.software/ocm/api/tech/docker/errors"
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 )
 
@@ -39,11 +38,11 @@ type dockerPusher struct {
 	tracker StatusTracker
 }
 
-func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor, src regclient.Source) (regclient.PushRequest, error) {
+func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor, src oras.Source) (oras.PushRequest, error) {
 	return p.push(ctx, desc, src, remotes.MakeRefKey(ctx, desc), false)
 }
 
-func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, src regclient.Source, ref string, unavailableOnFail bool) (regclient.PushRequest, error) {
+func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, src oras.Source, ref string, unavailableOnFail bool) (oras.PushRequest, error) {
 	if l, ok := p.tracker.(StatusTrackLocker); ok {
 		l.Lock(ref)
 		defer l.Unlock(ref)
@@ -324,7 +323,7 @@ type pushRequest struct {
 	ref  string
 
 	responseC  <-chan response
-	source     regclient.Source
+	source     oras.Source
 	isManifest bool
 
 	expected digest.Digest

api/tech/docker/resolver.go

@@ -22,8 +22,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/net/context/ctxhttp"
-	"ocm.software/ocm/api/tech/regclient"
-
+	"ocm.software/ocm/api/tech/oras"
 	"ocm.software/ocm/api/utils/accessio"
 )
 
@@ -120,7 +119,7 @@ type dockerResolver struct {
 }
 
 // NewResolver returns a new resolver to a Docker registry.
-func NewResolver(options ResolverOptions) regclient.Resolver {
+func NewResolver(options ResolverOptions) oras.Resolver {
 	if options.Tracker == nil {
 		options.Tracker = NewInMemoryTracker()
 	}
@@ -204,7 +203,7 @@ func (r *countingReader) Read(p []byte) (int, error) {
 	return n, err
 }
 
-var _ regclient.Resolver = &dockerResolver{}
+var _ oras.Resolver = &dockerResolver{}
 
 func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocispec.Descriptor, error) {
 	base, err := r.resolveDockerBase(ref)
@@ -384,7 +383,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
 	return "", ocispec.Descriptor{}, firstErr
 }
 
-func (r *dockerResolver) Fetcher(ctx context.Context, ref string) (regclient.Fetcher, error) {
+func (r *dockerResolver) Fetcher(ctx context.Context, ref string) (oras.Fetcher, error) {
 	base, err := r.resolveDockerBase(ref)
 	if err != nil {
 		return nil, err
@@ -395,7 +394,7 @@ func (r *dockerResolver) Fetcher(ctx context.Context, ref string) (regclient.Fet
 	}, nil
 }
 
-func (r *dockerResolver) Pusher(ctx context.Context, ref string) (regclient.Pusher, error) {
+func (r *dockerResolver) Pusher(ctx context.Context, ref string) (oras.Pusher, error) {
 	base, err := r.resolveDockerBase(ref)
 	if err != nil {
 		return nil, err

api/tech/oras/client.go

@@ -12,8 +12,6 @@ import (
 	ociv1 "github.com/opencontainers/image-spec/specs-go/v1"
 	"oras.land/oras-go/v2/registry/remote"
 	"oras.land/oras-go/v2/registry/remote/auth"
-
-	"ocm.software/ocm/api/tech/regclient"
 )
 
 type ClientOptions struct {
@@ -37,13 +35,13 @@ func (p *pushRequest) Status() (content.Status, error) {
 	return content.Status{}, nil
 }
 
-var _ regclient.PushRequest = &pushRequest{}
+var _ PushRequest = &pushRequest{}
 
 var (
-	_ regclient.Resolver = &Client{}
-	_ regclient.Fetcher  = &Client{}
-	_ regclient.Pusher   = &Client{}
-	_ regclient.Lister   = &Client{}
+	_ Resolver = &Client{}
+	_ Fetcher  = &Client{}
+	_ Pusher   = &Client{}
+	_ Lister   = &Client{}
 )
 
 func New(opts ClientOptions) *Client {
@@ -73,22 +71,22 @@ func (c *Client) Resolve(ctx context.Context, ref string) (string, ociv1.Descrip
 	return "", desc, nil
 }
 
-func (c *Client) Fetcher(ctx context.Context, ref string) (regclient.Fetcher, error) {
+func (c *Client) Fetcher(ctx context.Context, ref string) (Fetcher, error) {
 	c.Ref = ref
 	return c, nil
 }
 
-func (c *Client) Pusher(ctx context.Context, ref string) (regclient.Pusher, error) {
+func (c *Client) Pusher(ctx context.Context, ref string) (Pusher, error) {
 	c.Ref = ref
 	return c, nil
 }
 
-func (c *Client) Lister(ctx context.Context, ref string) (regclient.Lister, error) {
+func (c *Client) Lister(ctx context.Context, ref string) (Lister, error) {
 	c.Ref = ref
 	return c, nil
 }
 
-func (c *Client) Push(ctx context.Context, d ociv1.Descriptor, src regclient.Source) (regclient.PushRequest, error) {
+func (c *Client) Push(ctx context.Context, d ociv1.Descriptor, src Source) (PushRequest, error) {
 	reader, err := src.Reader()
 	if err != nil {
 		return nil, err

api/tech/regclient/interface.go → api/tech/oras/interface.go

@@ -1,4 +1,4 @@
-package regclient
+package oras
 
 import (
 	"context"