mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Merge pull request #43428 from thaJeztah/prevent_rootlesskit_dependency_in_cli
registry: remove dependency on rootlesskit, add `SetCertsDir()`
This commit is contained in:
Sebastiaan van Stijn
GitHub
commit
8941dcfcc5
6 changed files with 50 additions and 23 deletions
|
|
@ -5,10 +5,13 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/containerd/cgroups"
|
"github.com/containerd/cgroups"
|
||||||
"github.com/docker/docker/daemon/config"
|
"github.com/docker/docker/daemon/config"
|
||||||
"github.com/docker/docker/opts"
|
"github.com/docker/docker/opts"
|
||||||
|
"github.com/docker/docker/pkg/homedir"
|
||||||
|
"github.com/docker/docker/registry"
|
||||||
"github.com/docker/docker/rootless"
|
"github.com/docker/docker/rootless"
|
||||||
units "github.com/docker/go-units"
|
units "github.com/docker/go-units"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
|
@ -49,6 +52,11 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrapf(err, "running with RootlessKit, but %s not installed", rootless.RootlessKitDockerProxyBinary)
|
return errors.Wrapf(err, "running with RootlessKit, but %s not installed", rootless.RootlessKitDockerProxyBinary)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
configHome, err := homedir.GetConfigHome()
|
||||||
|
if err == nil {
|
||||||
|
registry.SetCertsDir(filepath.Join(configHome, "docker/certs.d"))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
flags.StringVar(&conf.BridgeConfig.UserlandProxyPath, "userland-proxy-path", defaultUserlandProxyPath, "Path to the userland proxy binary")
|
flags.StringVar(&conf.BridgeConfig.UserlandProxyPath, "userland-proxy-path", defaultUserlandProxyPath, "Path to the userland proxy binary")
|
||||||
flags.StringVar(&conf.CgroupParent, "cgroup-parent", "", "Set parent cgroup for all containers")
|
flags.StringVar(&conf.CgroupParent, "cgroup-parent", "", "Set parent cgroup for all containers")
|
||||||
|
|
@ -74,3 +82,14 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
|
||||||
flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", string(defaultCgroupNamespaceMode), `Default mode for containers cgroup namespace ("host" | "private")`)
|
flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", string(defaultCgroupNamespaceMode), `Default mode for containers cgroup namespace ("host" | "private")`)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// configureCertsDir configures registry.CertsDir() depending on if the daemon
|
||||||
|
// is running in rootless mode or not.
|
||||||
|
func configureCertsDir() {
|
||||||
|
if rootless.RunningWithRootlessKit() {
|
||||||
|
configHome, err := homedir.GetConfigHome()
|
||||||
|
if err == nil {
|
||||||
|
registry.SetCertsDir(filepath.Join(configHome, "docker/certs.d"))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -33,3 +33,7 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error {
|
||||||
flags.StringVarP(&conf.SocketGroup, "group", "G", "", "Users or groups that can access the named pipe")
|
flags.StringVarP(&conf.SocketGroup, "group", "G", "", "Users or groups that can access the named pipe")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// configureCertsDir configures registry.CertsDir() depending on if the daemon
|
||||||
|
// is running in rootless mode or not. On Windows, it is a no-op.
|
||||||
|
func configureCertsDir() {}
|
||||||
|
|
|
||||||
|
|
@ -45,6 +45,7 @@ func newDaemonCommand() (*cobra.Command, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
flags.StringVar(&opts.configFile, "config-file", defaultDaemonConfigFile, "Daemon configuration file")
|
flags.StringVar(&opts.configFile, "config-file", defaultDaemonConfigFile, "Daemon configuration file")
|
||||||
|
configureCertsDir()
|
||||||
opts.InstallFlags(flags)
|
opts.InstallFlags(flags)
|
||||||
if err := installConfigFlags(opts.daemonConfig, flags); err != nil {
|
if err := installConfigFlags(opts.daemonConfig, flags); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
|
|
@ -59,8 +59,26 @@ var (
|
||||||
|
|
||||||
// for mocking in unit tests
|
// for mocking in unit tests
|
||||||
lookupIP = net.LookupIP
|
lookupIP = net.LookupIP
|
||||||
|
|
||||||
|
// certsDir is used to override defaultCertsDir.
|
||||||
|
certsDir string
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// SetCertsDir allows the default certs directory to be changed. This function
|
||||||
|
// is used at daemon startup to set the correct location when running in
|
||||||
|
// rootless mode.
|
||||||
|
func SetCertsDir(path string) {
|
||||||
|
certsDir = path
|
||||||
|
}
|
||||||
|
|
||||||
|
// CertsDir is the directory where certificates are stored.
|
||||||
|
func CertsDir() string {
|
||||||
|
if certsDir != "" {
|
||||||
|
return certsDir
|
||||||
|
}
|
||||||
|
return defaultCertsDir
|
||||||
|
}
|
||||||
|
|
||||||
// newServiceConfig returns a new instance of ServiceConfig
|
// newServiceConfig returns a new instance of ServiceConfig
|
||||||
func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
|
func newServiceConfig(options ServiceOptions) (*serviceConfig, error) {
|
||||||
config := &serviceConfig{}
|
config := &serviceConfig{}
|
||||||
|
|
|
||||||
|
|
@ -3,25 +3,10 @@
|
||||||
|
|
||||||
package registry // import "github.com/docker/docker/registry"
|
package registry // import "github.com/docker/docker/registry"
|
||||||
|
|
||||||
import (
|
// defaultCertsDir is the platform-specific default directory where certificates
|
||||||
"path/filepath"
|
// are stored. On Linux, it may be overridden through certsDir, for example, when
|
||||||
|
// running in rootless mode.
|
||||||
"github.com/docker/docker/pkg/homedir"
|
const defaultCertsDir = "/etc/docker/certs.d"
|
||||||
"github.com/docker/docker/rootless"
|
|
||||||
)
|
|
||||||
|
|
||||||
// CertsDir is the directory where certificates are stored
|
|
||||||
func CertsDir() string {
|
|
||||||
d := "/etc/docker/certs.d"
|
|
||||||
|
|
||||||
if rootless.RunningWithRootlessKit() {
|
|
||||||
configHome, err := homedir.GetConfigHome()
|
|
||||||
if err == nil {
|
|
||||||
d = filepath.Join(configHome, "docker/certs.d")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return d
|
|
||||||
}
|
|
||||||
|
|
||||||
// cleanPath is used to ensure that a directory name is valid on the target
|
// cleanPath is used to ensure that a directory name is valid on the target
|
||||||
// platform. It will be passed in something *similar* to a URL such as
|
// platform. It will be passed in something *similar* to a URL such as
|
||||||
|
|
|
||||||
|
|
@ -6,10 +6,10 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
// CertsDir is the directory where certificates are stored
|
// defaultCertsDir is the platform-specific default directory where certificates
|
||||||
func CertsDir() string {
|
// are stored. On Linux, it may be overridden through certsDir, for example, when
|
||||||
return os.Getenv("programdata") + `\docker\certs.d`
|
// running in rootless mode.
|
||||||
}
|
var defaultCertsDir = os.Getenv("programdata") + `\docker\certs.d`
|
||||||
|
|
||||||
// cleanPath is used to ensure that a directory name is valid on the target
|
// cleanPath is used to ensure that a directory name is valid on the target
|
||||||
// platform. It will be passed in something *similar* to a URL such as
|
// platform. It will be passed in something *similar* to a URL such as
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue