packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!192 [sync] PR-187: docker:try http for docker manifest insecure

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @zhangsong234, @duguhaotian 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2023-03-16 07:12:49 +00:00 committed by Gitee
commit 8cf1227540
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 58 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION-vendor
View File

@ -1 +1 @@
18.09.0.250
18.09.0.251

8
docker-engine-openeuler.spec
View File

@ -1,6 +1,6 @@
Name: docker-engine
Version: 18.09.0
Release: 250
Release: 251
Epoch: 1
Summary: The open-source application container engine
Group: Tools/Docker
@ -199,6 +199,12 @@ fi
%endif
%changelog
* Wed Mar 15 2023 zhongjiawei<zhongjiawei1@huawei.com>- 18.09.0-251
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:try http for docker manifest insecure
* Wed Mar 14 2023 chenjiankun<chenjiankun1@huawei.com>- 18.09.0-250
- Type:bugfix
- CVE:NA

49
patch/0237-docker-try-http-for-docker-manifest-insecure.patch Normal file
View File

@ -0,0 +1,49 @@
From a4a2d8fb4cf083fd1357f9b271b368f1c2d7744c Mon Sep 17 00:00:00 2001
From: Tengfei Wang <tfwang@alauda.io>
Date: Tue, 24 Mar 2020 23:42:33 +0800
Subject: [PATCH] try http for docker manifest --insecure
Signed-off-by: Tengfei Wang <tfwang@alauda.io>
---
components/cli/cli/registry/client/client.go | 21 +++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/components/cli/cli/registry/client/client.go b/components/cli/cli/registry/client/client.go
index 6fd18a897..3ed139840 100644
--- a/components/cli/cli/registry/client/client.go
+++ b/components/cli/cli/registry/client/client.go
@@ -138,15 +138,26 @@ func (c *client) GetTags(ctx context.Context, ref reference.Named) ([]string, er
}
func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Named, repoEndpoint repositoryEndpoint) (distribution.Repository, error) {
+ repoName, err := reference.WithName(repoEndpoint.Name())
+ if err != nil {
+ return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref)
+ }
httpTransport, err := c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
if err != nil {
- if strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
+ if !strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
+ return nil, err
+ }
+ if !repoEndpoint.endpoint.TLSConfig.InsecureSkipVerify {
return nil, ErrHTTPProto{OrigErr: err.Error()}
}
- }
- repoName, err := reference.WithName(repoEndpoint.Name())
- if err != nil {
- return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref)
+ // --insecure was set; fall back to plain HTTP
+ if url := repoEndpoint.endpoint.URL; url != nil && url.Scheme == "https" {
+ url.Scheme = "http"
+ httpTransport, err = c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
+ if err != nil {
+ return nil, err
+ }
+ }
}
return distributionclient.NewRepository(repoName, repoEndpoint.BaseURL(), httpTransport)
}
--
2.33.0

1
series.conf
View File

@ -230,4 +230,5 @@ patch/0233-docker-Read-connection-marking-information-from-CT-f.patch
patch/0234-docker-do-not-stop-health-check-before-sending-signa.patch
patch/0235-docker-set-freezer.state-to-Thawed-to-increase-freez.patch
patch/0236-docker-fix-container-missing-after-restarting-docker.patch
patch/0237-docker-try-http-for-docker-manifest-insecure.patch
#end