From 52284b74eb8b91ac09d617edcf35417a2b123f2e Mon Sep 17 00:00:00 2001 From: zhongjiawei Date: Wed, 15 Mar 2023 17:41:51 +0800 Subject: [PATCH] docker:try http for docker manifest insecure (cherry picked from commit 32b9a9fdb012d226da909b3249f7b8b4df7278b5) --- VERSION-vendor | 2 +- docker-engine-openeuler.spec | 8 ++- ...ry-http-for-docker-manifest-insecure.patch | 49 +++++++++++++++++++ series.conf | 1 + 4 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 patch/0237-docker-try-http-for-docker-manifest-insecure.patch diff --git a/VERSION-vendor b/VERSION-vendor index 3a4f66f..5c86d82 100644 --- a/VERSION-vendor +++ b/VERSION-vendor @@ -1 +1 @@ -18.09.0.250 +18.09.0.251 diff --git a/docker-engine-openeuler.spec b/docker-engine-openeuler.spec index 5e204ab..0fe698d 100644 --- a/docker-engine-openeuler.spec +++ b/docker-engine-openeuler.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 250 +Release: 251 Epoch: 1 Summary: The open-source application container engine Group: Tools/Docker @@ -199,6 +199,12 @@ fi %endif %changelog +* Wed Mar 15 2023 zhongjiawei- 18.09.0-251 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:try http for docker manifest insecure + * Wed Mar 14 2023 chenjiankun- 18.09.0-250 - Type:bugfix - CVE:NA diff --git a/patch/0237-docker-try-http-for-docker-manifest-insecure.patch b/patch/0237-docker-try-http-for-docker-manifest-insecure.patch new file mode 100644 index 0000000..f347593 --- /dev/null +++ b/patch/0237-docker-try-http-for-docker-manifest-insecure.patch @@ -0,0 +1,49 @@ +From a4a2d8fb4cf083fd1357f9b271b368f1c2d7744c Mon Sep 17 00:00:00 2001 +From: Tengfei Wang +Date: Tue, 24 Mar 2020 23:42:33 +0800 +Subject: [PATCH] try http for docker manifest --insecure + +Signed-off-by: Tengfei Wang +--- + components/cli/cli/registry/client/client.go | 21 +++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +diff --git a/components/cli/cli/registry/client/client.go b/components/cli/cli/registry/client/client.go +index 6fd18a897..3ed139840 100644 +--- a/components/cli/cli/registry/client/client.go ++++ b/components/cli/cli/registry/client/client.go +@@ -138,15 +138,26 @@ func (c *client) GetTags(ctx context.Context, ref reference.Named) ([]string, er + } + + func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Named, repoEndpoint repositoryEndpoint) (distribution.Repository, error) { ++ repoName, err := reference.WithName(repoEndpoint.Name()) ++ if err != nil { ++ return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref) ++ } + httpTransport, err := c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint) + if err != nil { +- if strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") { ++ if !strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") { ++ return nil, err ++ } ++ if !repoEndpoint.endpoint.TLSConfig.InsecureSkipVerify { + return nil, ErrHTTPProto{OrigErr: err.Error()} + } +- } +- repoName, err := reference.WithName(repoEndpoint.Name()) +- if err != nil { +- return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref) ++ // --insecure was set; fall back to plain HTTP ++ if url := repoEndpoint.endpoint.URL; url != nil && url.Scheme == "https" { ++ url.Scheme = "http" ++ httpTransport, err = c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint) ++ if err != nil { ++ return nil, err ++ } ++ } + } + return distributionclient.NewRepository(repoName, repoEndpoint.BaseURL(), httpTransport) + } +-- +2.33.0 + diff --git a/series.conf b/series.conf index e888763..30197c6 100644 --- a/series.conf +++ b/series.conf @@ -230,4 +230,5 @@ patch/0233-docker-Read-connection-marking-information-from-CT-f.patch patch/0234-docker-do-not-stop-health-check-before-sending-signa.patch patch/0235-docker-set-freezer.state-to-Thawed-to-increase-freez.patch patch/0236-docker-fix-container-missing-after-restarting-docker.patch +patch/0237-docker-try-http-for-docker-manifest-insecure.patch #end