packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!186 docker:try http for docker manifest insecure

Browse Source 
From: @zhong-jiawei-1 
Reviewed-by: @duguhaotian, @jackchan8, @zhangsong234 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2023-03-16 06:27:18 +00:00 committed by Gitee
commit 5da7375d6f
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 59 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION-vendor
View File

@ -1 +1 @@
18.09.0.319 18.09.0.320

8
docker.spec
View File

@ -1,6 +1,6 @@
Name: docker-engine Name: docker-engine
Version: 18.09.0 Version: 18.09.0
Release: 319 Release: 320
Epoch: 2 Epoch: 2
Summary: The open-source application container engine Summary: The open-source application container engine
Group: Tools/Docker Group: Tools/Docker
@ -213,6 +213,12 @@ fi
%endif %endif
%changelog %changelog
* Wed Mar 15 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-320
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:try http for docker manifest insecure
* Tue Mar 14 2023 JackChan8<chenjiankun1@huawei.com> - 18.09.0-319 * Tue Mar 14 2023 JackChan8<chenjiankun1@huawei.com> - 18.09.0-319
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA

2
git-commit
View File

@ -1 +1 @@
125a5369ebd1d5b7c96d8902bd1c9d195d90d5b7 dc32e88375199186065f6206a9be6a7417d64620

49
patch/0239-docker-try-http-for-docker-manifest-insecure.patch Normal file
View File

@ -0,0 +1,49 @@
From a4a2d8fb4cf083fd1357f9b271b368f1c2d7744c Mon Sep 17 00:00:00 2001
From: Tengfei Wang <tfwang@alauda.io>
Date: Tue, 24 Mar 2020 23:42:33 +0800
Subject: [PATCH] try http for docker manifest --insecure
Signed-off-by: Tengfei Wang <tfwang@alauda.io>
---
components/cli/cli/registry/client/client.go | 21 +++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/components/cli/cli/registry/client/client.go b/components/cli/cli/registry/client/client.go
index 6fd18a897..3ed139840 100644
--- a/components/cli/cli/registry/client/client.go
+++ b/components/cli/cli/registry/client/client.go
@@ -138,15 +138,26 @@ func (c *client) GetTags(ctx context.Context, ref reference.Named) ([]string, er
}
func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Named, repoEndpoint repositoryEndpoint) (distribution.Repository, error) {
+ repoName, err := reference.WithName(repoEndpoint.Name())
+ if err != nil {
+ return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref)
+ }
httpTransport, err := c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
if err != nil {
- if strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
+ if !strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
+ return nil, err
+ }
+ if !repoEndpoint.endpoint.TLSConfig.InsecureSkipVerify {
return nil, ErrHTTPProto{OrigErr: err.Error()}
}
- }
- repoName, err := reference.WithName(repoEndpoint.Name())
- if err != nil {
- return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref)
+ // --insecure was set; fall back to plain HTTP
+ if url := repoEndpoint.endpoint.URL; url != nil && url.Scheme == "https" {
+ url.Scheme = "http"
+ httpTransport, err = c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
+ if err != nil {
+ return nil, err
+ }
+ }
}
return distributionclient.NewRepository(repoName, repoEndpoint.BaseURL(), httpTransport)
}
--
2.33.0

1
series.conf
View File

@ -236,4 +236,5 @@ patch/0235-docker-do-not-stop-health-check-before-sending-signa.patch
patch/0236-docker-set-freezer.state-to-Thawed-to-increase-freez.patch patch/0236-docker-set-freezer.state-to-Thawed-to-increase-freez.patch
patch/0237-docker-stats-fix-panic.patch patch/0237-docker-stats-fix-panic.patch
patch/0238-docker-fix-container-missing-after-restarting-docker.patch patch/0238-docker-fix-container-missing-after-restarting-docker.patch
patch/0239-docker-try-http-for-docker-manifest-insecure.patch
#end #end