Browse code
registry: fix mtls config dir passing
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Tonis Tiigi authored on 2020/05/14 05:55:43Showing 4 changed files
| ... | ... |
@@ -190,6 +190,17 @@ func (daemon *Daemon) RegistryHosts() docker.RegistryHosts {
|
| 190 | 190 |
} |
| 191 | 191 |
} |
| 192 | 192 |
|
| 193 |
+ certsDir := registry.CertsDir() |
|
| 194 |
+ if fis, err := ioutil.ReadDir(certsDir); err == nil {
|
|
| 195 |
+ for _, fi := range fis {
|
|
| 196 |
+ if _, ok := m[fi.Name()]; !ok {
|
|
| 197 |
+ m[fi.Name()] = bkconfig.RegistryConfig{
|
|
| 198 |
+ TLSConfigDir: []string{filepath.Join(certsDir, fi.Name())},
|
|
| 199 |
+ } |
|
| 200 |
+ } |
|
| 201 |
+ } |
|
| 202 |
+ } |
|
| 203 |
+ |
|
| 193 | 204 |
return resolver.NewRegistryConfig(m) |
| 194 | 205 |
} |
| 195 | 206 |
|
| ... | ... |
@@ -2,11 +2,26 @@ |
| 2 | 2 |
|
| 3 | 3 |
package registry // import "github.com/docker/docker/registry" |
| 4 | 4 |
|
| 5 |
-var ( |
|
| 6 |
- // CertsDir is the directory where certificates are stored |
|
| 7 |
- CertsDir = "/etc/docker/certs.d" |
|
| 5 |
+import ( |
|
| 6 |
+ "path/filepath" |
|
| 7 |
+ |
|
| 8 |
+ "github.com/docker/docker/pkg/homedir" |
|
| 9 |
+ "github.com/docker/docker/rootless" |
|
| 8 | 10 |
) |
| 9 | 11 |
|
| 12 |
+// CertsDir is the directory where certificates are stored |
|
| 13 |
+func CertsDir() string {
|
|
| 14 |
+ d := "/etc/docker/certs.d" |
|
| 15 |
+ |
|
| 16 |
+ if rootless.RunningWithRootlessKit() {
|
|
| 17 |
+ configHome, err := homedir.GetConfigHome() |
|
| 18 |
+ if err == nil {
|
|
| 19 |
+ d = filepath.Join(configHome, "docker/certs.d") |
|
| 20 |
+ } |
|
| 21 |
+ } |
|
| 22 |
+ return d |
|
| 23 |
+} |
|
| 24 |
+ |
|
| 10 | 25 |
// cleanPath is used to ensure that a directory name is valid on the target |
| 11 | 26 |
// platform. It will be passed in something *similar* to a URL such as |
| 12 | 27 |
// https:/index.docker.io/v1. Not all platforms support directory names |
| ... | ... |
@@ -7,7 +7,9 @@ import ( |
| 7 | 7 |
) |
| 8 | 8 |
|
| 9 | 9 |
// CertsDir is the directory where certificates are stored |
| 10 |
-var CertsDir = os.Getenv("programdata") + `\docker\certs.d`
|
|
| 10 |
+func CertsDir() string {
|
|
| 11 |
+ return os.Getenv("programdata") + `\docker\certs.d`
|
|
| 12 |
+} |
|
| 11 | 13 |
|
| 12 | 14 |
// cleanPath is used to ensure that a directory name is valid on the target |
| 13 | 15 |
// platform. It will be passed in something *similar* to a URL such as |
| ... | ... |
@@ -14,8 +14,6 @@ import ( |
| 14 | 14 |
"time" |
| 15 | 15 |
|
| 16 | 16 |
"github.com/docker/distribution/registry/client/transport" |
| 17 |
- "github.com/docker/docker/pkg/homedir" |
|
| 18 |
- "github.com/docker/docker/rootless" |
|
| 19 | 17 |
"github.com/docker/go-connections/tlsconfig" |
| 20 | 18 |
"github.com/sirupsen/logrus" |
| 21 | 19 |
) |
| ... | ... |
@@ -28,16 +26,7 @@ var ( |
| 28 | 28 |
|
| 29 | 29 |
// HostCertsDir returns the config directory for a specific host |
| 30 | 30 |
func HostCertsDir(hostname string) (string, error) {
|
| 31 |
- certsDir := CertsDir |
|
| 32 |
- |
|
| 33 |
- if rootless.RunningWithRootlessKit() {
|
|
| 34 |
- configHome, err := homedir.GetConfigHome() |
|
| 35 |
- if err != nil {
|
|
| 36 |
- return "", err |
|
| 37 |
- } |
|
| 38 |
- |
|
| 39 |
- certsDir = filepath.Join(configHome, "docker/certs.d") |
|
| 40 |
- } |
|
| 31 |
+ certsDir := CertsDir() |
|
| 41 | 32 |
|
| 42 | 33 |
hostDir := filepath.Join(certsDir, cleanPath(hostname)) |
| 43 | 34 |
|
| ... | ... |
@@ -50,7 +39,7 @@ func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
|
| 50 | 50 |
|
| 51 | 51 |
tlsConfig.InsecureSkipVerify = !isSecure |
| 52 | 52 |
|
| 53 |
- if isSecure && CertsDir != "" {
|
|
| 53 |
+ if isSecure && CertsDir() != "" {
|
|
| 54 | 54 |
hostDir, err := HostCertsDir(hostname) |
| 55 | 55 |
if err != nil {
|
| 56 | 56 |
return nil, err |