docker: try http for docker manifest insecure

2023-03-15 17:24:08 +08:00 · 2023-03-15 17:24:08 +08:00 · ff3bcc697b
commit ff3bcc697b
parent b67fad397a
5 changed files with 59 additions and 3 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-18.09.0.319
+18.09.0.320
--- a/docker.spec
+++ b/docker.spec
@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 319
+Release: 320
 Epoch: 2
 Summary: The open-source application container engine
 Group: Tools/Docker
@ -213,6 +213,12 @@ fi
 %endif

 %changelog
+* Wed Mar 15 2023 zhongjiawei<zhongjiawei1@huawei.com> - 18.09.0-320
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:try http for docker manifest insecure
+
 * Tue Mar 14 2023 JackChan8<chenjiankun1@huawei.com> - 18.09.0-319
 - Type:bugfix
 - CVE:NA
--- a/2
+++ b/2
@ -1 +1 @@
-125a5369ebd1d5b7c96d8902bd1c9d195d90d5b7
+dc32e88375199186065f6206a9be6a7417d64620
--- a/patch/0239-docker-try-http-for-docker-manifest-insecure.patch
+++ b/patch/0239-docker-try-http-for-docker-manifest-insecure.patch
@ -0,0 +1,49 @@
+From a4a2d8fb4cf083fd1357f9b271b368f1c2d7744c Mon Sep 17 00:00:00 2001
+From: Tengfei Wang <tfwang@alauda.io>
+Date: Tue, 24 Mar 2020 23:42:33 +0800
+Subject: [PATCH] try http for docker manifest --insecure
+
+Signed-off-by: Tengfei Wang <tfwang@alauda.io>
+---
+ components/cli/cli/registry/client/client.go | 21 +++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/components/cli/cli/registry/client/client.go b/components/cli/cli/registry/client/client.go
+index 6fd18a897..3ed139840 100644
+--- a/components/cli/cli/registry/client/client.go
+++ b/components/cli/cli/registry/client/client.go
+@@ -138,15 +138,26 @@ func (c *client) GetTags(ctx context.Context, ref reference.Named) ([]string, er
+ }
+ 
+ func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Named, repoEndpoint repositoryEndpoint) (distribution.Repository, error) {
+	repoName, err := reference.WithName(repoEndpoint.Name())
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref)
+	}
+ 	httpTransport, err := c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
+ 	if err != nil {
+-		if strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
+		if !strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
+			return nil, err
+		}
+		if !repoEndpoint.endpoint.TLSConfig.InsecureSkipVerify {
+ 			return nil, ErrHTTPProto{OrigErr: err.Error()}
+ 		}
+-	}
+-	repoName, err := reference.WithName(repoEndpoint.Name())
+-	if err != nil {
+-		return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref)
+		// --insecure was set; fall back to plain HTTP
+		if url := repoEndpoint.endpoint.URL; url != nil && url.Scheme == "https" {
+			url.Scheme = "http"
+			httpTransport, err = c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
+			if err != nil {
+				return nil, err
+			}
+		}
+ 	}
+ 	return distributionclient.NewRepository(repoName, repoEndpoint.BaseURL(), httpTransport)
+ }
+-- 
+2.33.0
+
--- a/series.conf
+++ b/series.conf
@ -236,4 +236,5 @@ patch/0235-docker-do-not-stop-health-check-before-sending-signa.patch
 patch/0236-docker-set-freezer.state-to-Thawed-to-increase-freez.patch
 patch/0237-docker-stats-fix-panic.patch
 patch/0238-docker-fix-container-missing-after-restarting-docker.patch
+patch/0239-docker-try-http-for-docker-manifest-insecure.patch
 #end