aaa8f96cc9
Previously, Docker Hub was excluded when configuring "allow-nondistributable-artifacts".
With the updated policy announced by Microsoft, we can remove this restriction;
https://techcommunity.microsoft.com/t5/containers/announcing-windows-container-base-image-redistribution-rights/ba-p/3645201
There are plans to deprecated support for foreign layers altogether in the OCI,
and we should consider to make this option the default, but as that requires
deprecating the option (and possibly keeping an "opt-out" option), we can look
at that separately.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 30e5333ce3
)
80 lines
2 KiB
Go
80 lines
2 KiB
Go
package registry // import "github.com/docker/docker/registry"
|
|
|
|
import (
|
|
"net/url"
|
|
"strings"
|
|
|
|
"github.com/docker/go-connections/tlsconfig"
|
|
)
|
|
|
|
func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
|
|
ana := s.config.allowNondistributableArtifacts(hostname)
|
|
|
|
if hostname == DefaultNamespace || hostname == IndexHostname {
|
|
for _, mirror := range s.config.Mirrors {
|
|
if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
|
|
mirror = "https://" + mirror
|
|
}
|
|
mirrorURL, err := url.Parse(mirror)
|
|
if err != nil {
|
|
return nil, invalidParam(err)
|
|
}
|
|
mirrorTLSConfig, err := newTLSConfig(mirrorURL.Host, s.config.isSecureIndex(mirrorURL.Host))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: mirrorURL,
|
|
Version: APIVersion2,
|
|
Mirror: true,
|
|
TrimHostname: true,
|
|
TLSConfig: mirrorTLSConfig,
|
|
})
|
|
}
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: DefaultV2Registry,
|
|
Version: APIVersion2,
|
|
Official: true,
|
|
TrimHostname: true,
|
|
TLSConfig: tlsconfig.ServerDefault(),
|
|
|
|
AllowNondistributableArtifacts: ana,
|
|
})
|
|
|
|
return endpoints, nil
|
|
}
|
|
|
|
tlsConfig, err := newTLSConfig(hostname, s.config.isSecureIndex(hostname))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
endpoints = []APIEndpoint{
|
|
{
|
|
URL: &url.URL{
|
|
Scheme: "https",
|
|
Host: hostname,
|
|
},
|
|
Version: APIVersion2,
|
|
AllowNondistributableArtifacts: ana,
|
|
TrimHostname: true,
|
|
TLSConfig: tlsConfig,
|
|
},
|
|
}
|
|
|
|
if tlsConfig.InsecureSkipVerify {
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: &url.URL{
|
|
Scheme: "http",
|
|
Host: hostname,
|
|
},
|
|
Version: APIVersion2,
|
|
AllowNondistributableArtifacts: ana,
|
|
TrimHostname: true,
|
|
// used to check if supposed to be secure via InsecureSkipVerify
|
|
TLSConfig: tlsConfig,
|
|
})
|
|
}
|
|
|
|
return endpoints, nil
|
|
}
|