30e5333ce3
Previously, Docker Hub was excluded when configuring "allow-nondistributable-artifacts". With the updated policy announced by Microsoft, we can remove this restriction; https://techcommunity.microsoft.com/t5/containers/announcing-windows-container-base-image-redistribution-rights/ba-p/3645201 There are plans to deprecated support for foreign layers altogether in the OCI, and we should consider to make this option the default, but as that requires deprecating the option (and possibly keeping an "opt-out" option), we can look at that separately. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
80 lines
2 KiB
Go
80 lines
2 KiB
Go
package registry // import "github.com/docker/docker/registry"
|
|
|
|
import (
|
|
"net/url"
|
|
"strings"
|
|
|
|
"github.com/docker/go-connections/tlsconfig"
|
|
)
|
|
|
|
func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
|
ana := s.config.allowNondistributableArtifacts(hostname)
|
|
|
|
if hostname == DefaultNamespace || hostname == IndexHostname {
|
|
for _, mirror := range s.config.Mirrors {
|
|
if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
|
|
mirror = "https://" + mirror
|
|
}
|
|
mirrorURL, err := url.Parse(mirror)
|
|
if err != nil {
|
|
return nil, invalidParam(err)
|
|
}
|
|
mirrorTLSConfig, err := newTLSConfig(mirrorURL.Host, s.config.isSecureIndex(mirrorURL.Host))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: mirrorURL,
|
|
Version: APIVersion2,
|
|
Mirror: true,
|
|
TrimHostname: true,
|
|
TLSConfig: mirrorTLSConfig,
|
|
})
|
|
}
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: DefaultV2Registry,
|
|
Version: APIVersion2,
|
|
Official: true,
|
|
TrimHostname: true,
|
|
TLSConfig: tlsconfig.ServerDefault(),
|
|
|
|
AllowNondistributableArtifacts: ana,
|
|
})
|
|
|
|
return endpoints, nil
|
|
}
|
|
|
|
tlsConfig, err := newTLSConfig(hostname, s.config.isSecureIndex(hostname))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
endpoints = []APIEndpoint{
|
|
{
|
|
URL: &url.URL{
|
|
Scheme: "https",
|
|
Host: hostname,
|
|
},
|
|
Version: APIVersion2,
|
|
AllowNondistributableArtifacts: ana,
|
|
TrimHostname: true,
|
|
TLSConfig: tlsConfig,
|
|
},
|
|
}
|
|
|
|
if tlsConfig.InsecureSkipVerify {
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: &url.URL{
|
|
Scheme: "http",
|
|
Host: hostname,
|
|
},
|
|
Version: APIVersion2,
|
|
AllowNondistributableArtifacts: ana,
|
|
TrimHostname: true,
|
|
// used to check if supposed to be secure via InsecureSkipVerify
|
|
TLSConfig: tlsConfig,
|
|
})
|
|
}
|
|
|
|
return endpoints, nil
|
|
}
|