GitList

Browse code

Disable legacy (v1) registries by default

Deprecation of interacting with v1 registries was
started in docker 1.8.3, which added a `--disable-legacy-registry`
flag.

This option was anounced to be the default starting
with docker 17.06, and v1 registries completely
removed in docker 17.12.

This patch updates the default, and disables
interaction with v1 registres by default.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Sebastiaan van Stijn authored on 2017/06/11 21:39:28
Showing 7 changed files

cmd/dockerd/daemon.go index 428a877..ec2f477 100644
cmd/dockerd/daemon_unix_test.go index 1876149..ebe7336 100644
integration-cli/docker_cli_logout_test.go index 49ee1f7..5076ceb 100644
integration-cli/docker_cli_pull_test.go index 0b1be6c..cfd9933 100644
integration-cli/docker_cli_registry_user_agent_test.go index 5e1c00a..24aa308 100644
integration-cli/docker_cli_v2_only_test.go index 77974c4..16ec6d4 100644
registry/config_unix.go index d692e8e..fdc39a1 100644

cmd/dockerd/daemon.go

History View file @ 1282800

@@ -406,8 +406,12 @@ func loadDaemonCliConfig(opts *daemonOptions) (*config.Config, error) {
                      		return nil, err
+                     	}
                     +	if conf.V2Only == false {
                     +		logrus.Warnf(`The "disable-legacy-registry" option is deprecated and wil be removed in Docker v17.12. Interacting with legacy (v1) registries will no longer be supported in Docker v17.12"`)
                     +	}
+                    +
                      	if flags.Changed("graph") {
                     -		logrus.Warnf(`the "-g / --graph" flag is deprecated. Please use "--data-root" instead`)
                     +		logrus.Warnf(`The "-g / --graph" flag is deprecated. Please use "--data-root" instead`)
+                     	}
                      	// Labels of the docker engine used to allow multiple values associated with the same key.

cmd/dockerd/daemon_unix_test.go

History View file @ 1282800

@@ -102,7 +102,7 @@ func TestLoadDaemonConfigWithTrueDefaultValuesLeaveDefaults(t *testing.T) {
+                     }
                      func TestLoadDaemonConfigWithLegacyRegistryOptions(t *testing.T) {
                     -	content := `{"disable-legacy-registry": true}`
                     +	content := `{"disable-legacy-registry": false}`
                      	tempFile := tempfile.NewTempFile(t, "config", content)
                      	defer tempFile.Remove()
@@ -110,5 +110,5 @@ func TestLoadDaemonConfigWithLegacyRegistryOptions(t *testing.T) {
                      	loadedConfig, err := loadDaemonCliConfig(opts)
                      	require.NoError(t, err)
                      	require.NotNil(t, loadedConfig)
                     -	assert.True(t, loadedConfig.V2Only)
                     +	assert.False(t, loadedConfig.V2Only)
+                     }

integration-cli/docker_cli_logout_test.go

History View file @ 1282800

@@ -13,6 +13,10 @@ import (
+                     )
                      func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C) {
+                    +
                     +	// @TODO TestLogoutWithExternalAuth expects docker to fall back to a v1 registry, so has to be updated for v17.12, when v1 registries are no longer supported
                     +	s.d.StartWithBusybox(c, "--disable-legacy-registry=false")
+                    +
                      	osPath := os.Getenv("PATH")
                      	defer os.Setenv("PATH", osPath)
@@ -28,6 +32,7 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C)
                      	tmp, err := ioutil.TempDir("", "integration-cli-")
                      	c.Assert(err, checker.IsNil)
                     +	defer os.RemoveAll(tmp)
                      	externalAuthConfig := `{ "credsStore": "shell-test" }`
@@ -35,24 +40,27 @@ func (s *DockerRegistryAuthHtpasswdSuite) TestLogoutWithExternalAuth(c *check.C)
                      	err = ioutil.WriteFile(configPath, []byte(externalAuthConfig), 0644)
                      	c.Assert(err, checker.IsNil)
                     -	dockerCmd(c, "--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
                     +	_, err = s.d.Cmd("--config", tmp, "login", "-u", s.reg.Username(), "-p", s.reg.Password(), privateRegistryURL)
                     +	c.Assert(err, checker.IsNil)
                      	b, err := ioutil.ReadFile(configPath)
                      	c.Assert(err, checker.IsNil)
                      	c.Assert(string(b), checker.Not(checker.Contains), "\"auth\":")
                      	c.Assert(string(b), checker.Contains, privateRegistryURL)
                     -	dockerCmd(c, "--config", tmp, "tag", "busybox", repoName)
                     -	dockerCmd(c, "--config", tmp, "push", repoName)
+                    -
                     -	dockerCmd(c, "--config", tmp, "logout", privateRegistryURL)
                     +	_, err = s.d.Cmd("--config", tmp, "tag", "busybox", repoName)
                     +	c.Assert(err, checker.IsNil)
                     +	_, err = s.d.Cmd("--config", tmp, "push", repoName)
                     +	c.Assert(err, checker.IsNil)
                     +	_, err = s.d.Cmd("--config", tmp, "logout", privateRegistryURL)
                     +	c.Assert(err, checker.IsNil)
                      	b, err = ioutil.ReadFile(configPath)
                      	c.Assert(err, checker.IsNil)
                      	c.Assert(string(b), checker.Not(checker.Contains), privateRegistryURL)
                      	// check I cannot pull anymore
                     -	out, _, err := dockerCmdWithError("--config", tmp, "pull", repoName)
                     +	out, err := s.d.Cmd("--config", tmp, "pull", repoName)
                      	c.Assert(err, check.NotNil, check.Commentf(out))
                      	c.Assert(out, checker.Contains, "Error: image dockercli/busybox:authtest not found")
+                     }

integration-cli/docker_cli_pull_test.go

History View file @ 1282800

@@ -258,10 +258,13 @@ func (s *DockerHubPullSuite) TestPullClientDisconnect(c *check.C) {
+                     }
                      func (s *DockerRegistryAuthHtpasswdSuite) TestPullNoCredentialsNotFound(c *check.C) {
                     +	// @TODO TestPullNoCredentialsNotFound expects docker to fall back to a v1 registry, so has to be updated for v17.12, when v1 registries are no longer supported
                     +	s.d.StartWithBusybox(c, "--disable-legacy-registry=false")
+                    +
                      	// we don't care about the actual image, we just want to see image not found
                      	// because that means v2 call returned 401 and we fell back to v1 which usually
                      	// gives a 404 (in this case the test registry doesn't handle v1 at all)
                     -	out, _, err := dockerCmdWithError("pull", privateRegistryURL+"/busybox")
                     +	out, err := s.d.Cmd("pull", privateRegistryURL+"/busybox")
                      	c.Assert(err, check.NotNil, check.Commentf(out))
                      	c.Assert(out, checker.Contains, "Error: image busybox:latest not found")
+                     }

integration-cli/docker_cli_registry_user_agent_test.go

History View file @ 1282800

@@ -98,8 +98,7 @@ func (s *DockerRegistrySuite) TestUserAgentPassThrough(c *check.C) {
                      		"--insecure-registry", buildReg.URL(),
                      		"--insecure-registry", pullReg.URL(),
                      		"--insecure-registry", pushReg.URL(),
                     -		"--insecure-registry", loginReg.URL(),
                     -		"--disable-legacy-registry=true")
                     +		"--insecure-registry", loginReg.URL())
                      	dockerfileName, cleanup1, err := makefile(fmt.Sprintf("FROM %s", buildRepoName))
                      	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))

integration-cli/docker_cli_v2_only_test.go

History View file @ 1282800

@@ -34,7 +34,7 @@ func makefile(contents string) (string, func(), error) {
+                     }
                     -// TestV2Only ensures that a daemon in v2-only mode does not
                     +// TestV2Only ensures that a daemon by default does not
                      // attempt to contact any v1 registry endpoints.
                      func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
                      	reg, err := registry.NewMock(c)
@@ -51,7 +51,7 @@ func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
                      	repoName := fmt.Sprintf("%s/busybox", reg.URL())
                     -	s.d.Start(c, "--insecure-registry", reg.URL(), "--disable-legacy-registry=true")
                     +	s.d.Start(c, "--insecure-registry", reg.URL())
                      	dockerfileName, cleanup, err := makefile(fmt.Sprintf("FROM %s/busybox", reg.URL()))
                      	c.Assert(err, check.IsNil, check.Commentf("Unable to create test dockerfile"))
@@ -66,7 +66,7 @@ func (s *DockerRegistrySuite) TestV2Only(c *check.C) {
                      	s.d.Cmd("pull", repoName)
+                     }
                     -// TestV1 starts a daemon in 'normal' mode
                     +// TestV1 starts a daemon with legacy registries enabled
                      // and ensure v1 endpoints are hit for the following operations:
                      // login, push, pull, build & run
                      func (s *DockerRegistrySuite) TestV1(c *check.C) {

registry/config_unix.go

History View file @ 1282800

@@ -21,5 +21,5 @@ func cleanPath(s string) string {
                      // installCliPlatformFlags handles any platform specific flags for the service.
                      func (options *ServiceOptions) installCliPlatformFlags(flags *pflag.FlagSet) {
                     -	flags.BoolVar(&options.V2Only, "disable-legacy-registry", false, "Disable contacting legacy registries")
                     +	flags.BoolVar(&options.V2Only, "disable-legacy-registry", true, "Disable contacting legacy registries")
+                     }