1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

registry: fix mtls config dir passing

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit is contained in:
Tonis Tiigi 2020-05-13 13:55:43 -07:00
parent 4e102ab1f0
commit fdb71e410c
4 changed files with 34 additions and 17 deletions

View file

@ -190,6 +190,17 @@ func (daemon *Daemon) RegistryHosts() docker.RegistryHosts {
} }
} }
certsDir := registry.CertsDir()
if fis, err := ioutil.ReadDir(certsDir); err == nil {
for _, fi := range fis {
if _, ok := m[fi.Name()]; !ok {
m[fi.Name()] = bkconfig.RegistryConfig{
TLSConfigDir: []string{filepath.Join(certsDir, fi.Name())},
}
}
}
}
return resolver.NewRegistryConfig(m) return resolver.NewRegistryConfig(m)
} }

View file

@ -2,11 +2,26 @@
package registry // import "github.com/docker/docker/registry" package registry // import "github.com/docker/docker/registry"
var ( import (
// CertsDir is the directory where certificates are stored "path/filepath"
CertsDir = "/etc/docker/certs.d"
"github.com/docker/docker/pkg/homedir"
"github.com/docker/docker/rootless"
) )
// CertsDir is the directory where certificates are stored
func CertsDir() string {
d := "/etc/docker/certs.d"
if rootless.RunningWithRootlessKit() {
configHome, err := homedir.GetConfigHome()
if err == nil {
d = filepath.Join(configHome, "docker/certs.d")
}
}
return d
}
// cleanPath is used to ensure that a directory name is valid on the target // cleanPath is used to ensure that a directory name is valid on the target
// platform. It will be passed in something *similar* to a URL such as // platform. It will be passed in something *similar* to a URL such as
// https:/index.docker.io/v1. Not all platforms support directory names // https:/index.docker.io/v1. Not all platforms support directory names

View file

@ -7,7 +7,9 @@ import (
) )
// CertsDir is the directory where certificates are stored // CertsDir is the directory where certificates are stored
var CertsDir = os.Getenv("programdata") + `\docker\certs.d` func CertsDir() string {
return os.Getenv("programdata") + `\docker\certs.d`
}
// cleanPath is used to ensure that a directory name is valid on the target // cleanPath is used to ensure that a directory name is valid on the target
// platform. It will be passed in something *similar* to a URL such as // platform. It will be passed in something *similar* to a URL such as

View file

@ -14,8 +14,6 @@ import (
"time" "time"
"github.com/docker/distribution/registry/client/transport" "github.com/docker/distribution/registry/client/transport"
"github.com/docker/docker/pkg/homedir"
"github.com/docker/docker/rootless"
"github.com/docker/go-connections/tlsconfig" "github.com/docker/go-connections/tlsconfig"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
@ -28,16 +26,7 @@ var (
// HostCertsDir returns the config directory for a specific host // HostCertsDir returns the config directory for a specific host
func HostCertsDir(hostname string) (string, error) { func HostCertsDir(hostname string) (string, error) {
certsDir := CertsDir certsDir := CertsDir()
if rootless.RunningWithRootlessKit() {
configHome, err := homedir.GetConfigHome()
if err != nil {
return "", err
}
certsDir = filepath.Join(configHome, "docker/certs.d")
}
hostDir := filepath.Join(certsDir, cleanPath(hostname)) hostDir := filepath.Join(certsDir, cleanPath(hostname))
@ -50,7 +39,7 @@ func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
tlsConfig.InsecureSkipVerify = !isSecure tlsConfig.InsecureSkipVerify = !isSecure
if isSecure && CertsDir != "" { if isSecure && CertsDir() != "" {
hostDir, err := HostCertsDir(hostname) hostDir, err := HostCertsDir(hostname)
if err != nil { if err != nil {
return nil, err return nil, err