docker: fix registry not try hostname issue

reason: when mirror is matched, only matched mirror endpoint is added to endpoint list, but the hostname itself is not in the list, which is not compatible with the case of docker.io, docker.io will be appended to the last of the endpoint list.
2020-12-17 10:15:26 +08:00 · 2020-12-17 10:15:26 +08:00 · 27493a1bf2
commit 27493a1bf2
parent 63ea1458e1
3 changed files with 148 additions and 1 deletions
--- a/docker.spec
+++ b/docker.spec
@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 109
+Release: 110
 Summary: The open-source application container engine
 Group: Tools/Docker

@ -223,3 +223,10 @@ fi
 5.do not sync if BYPAAS_SYNC is false
 6.fix panic on single-character volumes
 7.mask /proc/pin_memory
+
+* Mon Dec 21 2020 fengshaobao<shaobao.feng@huawei.com> - 18.09.110
+- Type:bugfix
+- ID:NA
+- CVE:NA
+- SUG:restart
+- DESC: append the image hostname itself as an endpoint even the registry mirror matched.
--- a/patch/0174-docker-do-not-return-when-matched-registry-mirror.patch
+++ b/patch/0174-docker-do-not-return-when-matched-registry-mirror.patch
@ -0,0 +1,139 @@
+From 56c1d6c149b18214a8d01ab3f1738cae4792109a Mon Sep 17 00:00:00 2001
+From: f00231050 <shaobao.feng@huawei.com>
+Date: Mon, 7 Dec 2020 15:30:11 +0800
+Subject: [PATCH] docker: do not return when matched registry mirror
+
+reason: append hostname itself to make sure the hostname itself will be tried.
+---
+ components/engine/registry/service_v2.go | 86 +++++++++++++++-----------------
+ 1 file changed, 41 insertions(+), 45 deletions(-)
+ mode change 100644 => 100755 components/engine/registry/service_v2.go
+
+diff --git a/components/engine/registry/service_v2.go b/components/engine/registry/service_v2.go
+old mode 100644
+new mode 100755
+index adeb10c..df66cd7
+--- a/components/engine/registry/service_v2.go
+++ b/components/engine/registry/service_v2.go
+@@ -19,8 +19,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
+ 		if reg != nil {
+ 			var regEndpoints []registrytypes.Endpoint = reg.Mirrors
+ 
+-			lastIndex := len(regEndpoints) - 1
+-			for i, regEP := range regEndpoints {
+			for _, regEP := range regEndpoints {
+ 				official := regEP.Address == registrytypes.DefaultEndpoint.Address
+ 				regURL := regEP.GetURL()
+ 
+@@ -41,49 +40,48 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
+ 					TLSConfig:    tlsConfig,
+ 					Prefix:       hostname,
+ 					// the last endpoint is not considered a mirror
+-					Mirror: i != lastIndex,
+					Mirror: true,
+ 				})
+ 			}
+-			return endpoints, nil
+			// don't return here, otherwise the hostname itself will not be appended to the endpoints,
+			// and the hostname itself will not be tried, which is not a desired action.
+ 		}
+-	} else {
+	}
+	if hostname == DefaultNamespace || hostname == IndexHostname {
+ 		tlsConfig = tlsconfig.ServerDefault()
+-		if hostname == DefaultNamespace || hostname == IndexHostname {
+-			// v2 mirrors
+-			for _, mirror := range s.config.Mirrors {
+-				if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
+-					mirror = "https://" + mirror
+-				}
+-				mirrorURL, err := url.Parse(mirror)
+-				if err != nil {
+-					return nil, err
+-				}
+-				mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
+-				if err != nil {
+-					return nil, err
+-				}
+-				endpoints = append(endpoints, APIEndpoint{
+-					URL: mirrorURL,
+-					// guess mirrors are v2
+-					Version:      APIVersion2,
+-					Mirror:       true,
+-					TrimHostname: true,
+-					TLSConfig:    mirrorTLSConfig,
+-				})
+		// v2 mirrors
+		for _, mirror := range s.config.Mirrors {
+			if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
+				mirror = "https://" + mirror
+			}
+			mirrorURL, err := url.Parse(mirror)
+			if err != nil {
+				return nil, err
+			}
+			mirrorTLSConfig, err := s.tlsConfigForMirror(mirrorURL)
+			if err != nil {
+				return nil, err
+ 			}
+-			// v2 registry
+ 			endpoints = append(endpoints, APIEndpoint{
+-				URL:          DefaultV2Registry,
+				URL: mirrorURL,
+				// guess mirrors are v2
+ 				Version:      APIVersion2,
+-				Official:     true,
+				Mirror:       true,
+ 				TrimHostname: true,
+-				TLSConfig:    tlsConfig,
+				TLSConfig:    mirrorTLSConfig,
+ 			})
+-
+-			return endpoints, nil
+ 		}
+-	}
+		// v2 registry
+		endpoints = append(endpoints, APIEndpoint{
+			URL:          DefaultV2Registry,
+			Version:      APIVersion2,
+			Official:     true,
+			TrimHostname: true,
+			TLSConfig:    tlsConfig,
+		})
+ 
+		return endpoints, nil
+	}
+ 	ana := allowNondistributableArtifacts(s.config, hostname)
+ 
+ 	tlsConfig, err = s.tlsConfig(hostname)
+@@ -91,18 +89,16 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
+ 		return nil, err
+ 	}
+ 
+-	endpoints = []APIEndpoint{
+-		{
+-			URL: &url.URL{
+-				Scheme: "https",
+-				Host:   hostname,
+-			},
+-			Version:                        APIVersion2,
+-			AllowNondistributableArtifacts: ana,
+-			TrimHostname:                   true,
+-			TLSConfig:                      tlsConfig,
+	endpoints = append(endpoints, APIEndpoint{
+		URL: &url.URL{
+			Scheme: "https",
+			Host:   hostname,
+ 		},
+-	}
+		Version:                        APIVersion2,
+		AllowNondistributableArtifacts: ana,
+		TrimHostname:                   true,
+		TLSConfig:                      tlsConfig,
+	})
+ 
+ 	if tlsConfig.InsecureSkipVerify {
+ 		endpoints = append(endpoints, APIEndpoint{
+-- 
+1.8.3.1
+
--- a/series.conf
+++ b/series.conf
@ -168,4 +168,5 @@ patch/0170-docker-fix-docker-load-files-leak.patch
 patch/0171-docker-do-not-sync-if-BYPAAS_SYNC-is-false.patch
 patch/0172-docker-fix-panic-on-single-character-volumes.patch
 patch/0173-docker-mask-proc-pin_memory.patch
+patch/0174-docker-do-not-return-when-matched-registry-mirror.patch
 #end