From aaa8f96cc9f8a98c3105090cbe5eea73be347740 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 16 Oct 2022 01:08:49 +0200 Subject: [PATCH] registry: allow "allow-nondistributable-artifacts" for Docker Hub Previously, Docker Hub was excluded when configuring "allow-nondistributable-artifacts". With the updated policy announced by Microsoft, we can remove this restriction; https://techcommunity.microsoft.com/t5/containers/announcing-windows-container-base-image-redistribution-rights/ba-p/3645201 There are plans to deprecated support for foreign layers altogether in the OCI, and we should consider to make this option the default, but as that requires deprecating the option (and possibly keeping an "opt-out" option), we can look at that separately. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 30e5333ce3e11654fe343b8765bb719aa7b1ca0c) --- registry/service_v2.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/registry/service_v2.go b/registry/service_v2.go index f147af0faa..d4352583fa 100644 --- a/registry/service_v2.go +++ b/registry/service_v2.go @@ -8,6 +8,8 @@ import ( ) func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) { + ana := s.config.allowNondistributableArtifacts(hostname) + if hostname == DefaultNamespace || hostname == IndexHostname { for _, mirror := range s.config.Mirrors { if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") { @@ -35,6 +37,8 @@ func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp Official: true, TrimHostname: true, TLSConfig: tlsconfig.ServerDefault(), + + AllowNondistributableArtifacts: ana, }) return endpoints, nil @@ -45,7 +49,6 @@ func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp return nil, err } - ana := s.config.allowNondistributableArtifacts(hostname) endpoints = []APIEndpoint{ { URL: &url.URL{