Browse code
Merge pull request #40243 from sh7dm/40236-cert-permission
Use certs.d from XDG_CONFIG_HOME when in rootless mode (fixes #40236)
Sebastiaan van Stijn authored on 2019/11/27 21:56:52Showing 1 changed files
| ... | ... |
@@ -16,6 +16,9 @@ import ( |
| 16 | 16 |
"github.com/docker/distribution/registry/client/transport" |
| 17 | 17 |
"github.com/docker/go-connections/tlsconfig" |
| 18 | 18 |
"github.com/sirupsen/logrus" |
| 19 |
+ |
|
| 20 |
+ "github.com/docker/docker/pkg/homedir" |
|
| 21 |
+ "github.com/docker/docker/rootless" |
|
| 19 | 22 |
) |
| 20 | 23 |
|
| 21 | 24 |
var ( |
| ... | ... |
@@ -31,7 +34,19 @@ func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
|
| 31 | 31 |
tlsConfig.InsecureSkipVerify = !isSecure |
| 32 | 32 |
|
| 33 | 33 |
if isSecure && CertsDir != "" {
|
| 34 |
- hostDir := filepath.Join(CertsDir, cleanPath(hostname)) |
|
| 34 |
+ certsDir := CertsDir |
|
| 35 |
+ |
|
| 36 |
+ if rootless.RunningWithRootlessKit() {
|
|
| 37 |
+ configHome, err := homedir.GetConfigHome() |
|
| 38 |
+ if err != nil {
|
|
| 39 |
+ return nil, err |
|
| 40 |
+ } |
|
| 41 |
+ |
|
| 42 |
+ certsDir = filepath.Join(configHome, "docker/certs.d") |
|
| 43 |
+ } |
|
| 44 |
+ |
|
| 45 |
+ hostDir := filepath.Join(certsDir, cleanPath(hostname)) |
|
| 46 |
+ |
|
| 35 | 47 |
logrus.Debugf("hostDir: %s", hostDir)
|
| 36 | 48 |
if err := ReadCertsDirectory(tlsConfig, hostDir); err != nil {
|
| 37 | 49 |
return nil, err |
| ... | ... |
@@ -55,7 +70,7 @@ func hasFile(files []os.FileInfo, name string) bool {
|
| 55 | 55 |
// provided TLS configuration. |
| 56 | 56 |
func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error {
|
| 57 | 57 |
fs, err := ioutil.ReadDir(directory) |
| 58 |
- if err != nil && !os.IsNotExist(err) {
|
|
| 58 |
+ if err != nil && !os.IsNotExist(err) && !os.IsPermission(err) {
|
|
| 59 | 59 |
return err |
| 60 | 60 |
} |
| 61 | 61 |
|