Merge pull request #1601 from tonistiigi/insecure-fix

push: reenable setting insecure exporter opt
v0.8
Akihiro Suda 2020-07-29 13:55:36 +09:00 committed by GitHub
commit 594ebbfac0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 17 deletions

View File

@ -13,6 +13,7 @@ import (
"github.com/containerd/containerd/remotes"
"github.com/containerd/containerd/remotes/docker"
"github.com/docker/distribution/reference"
"github.com/moby/buildkit/cmd/buildkitd/config"
"github.com/moby/buildkit/session"
"github.com/moby/buildkit/util/flightcontrol"
"github.com/moby/buildkit/util/imageutil"
@ -42,6 +43,17 @@ func Push(ctx context.Context, sm *session.Manager, sid string, cs content.Store
ref = reference.TagNameOnly(parsed).String()
}
if insecure {
insecureTrue := true
httpTrue := true
hosts = resolver.NewRegistryConfig(map[string]config.RegistryConfig{
reference.Domain(parsed): {
Insecure: &insecureTrue,
PlainHTTP: &httpTrue,
},
})
}
resolver := resolver.New(hosts, resolver.NewSessionAuthenticator(sm, session.NewGroup(sid)))
pusher, err := resolver.Pusher(ctx, ref)

View File

@ -22,29 +22,51 @@ import (
"github.com/pkg/errors"
)
func fillInsecureOpts(host string, c config.RegistryConfig, h *docker.RegistryHost) error {
func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHost) ([]docker.RegistryHost, error) {
var hosts []docker.RegistryHost
tc, err := loadTLSConfig(c)
if err != nil {
return err
return nil, err
}
var isHTTP bool
if c.PlainHTTP != nil && *c.PlainHTTP {
h.Scheme = "http"
} else if c.Insecure != nil && *c.Insecure {
tc.InsecureSkipVerify = true
} else if c.PlainHTTP == nil {
isHTTP = true
}
if c.PlainHTTP == nil {
if ok, _ := docker.MatchLocalhost(host); ok {
h.Scheme = "http"
isHTTP = true
}
}
if isHTTP {
h2 := h
h2.Scheme = "http"
hosts = append(hosts, h2)
}
if c.Insecure != nil && *c.Insecure {
h2 := h
transport := newDefaultTransport()
transport.TLSClientConfig = tc
h2.Client = &http.Client{
Transport: tracing.NewTransport(transport),
}
tc.InsecureSkipVerify = true
hosts = append(hosts, h2)
}
if len(hosts) == 0 {
transport := newDefaultTransport()
transport.TLSClientConfig = tc
h.Client = &http.Client{
Transport: tracing.NewTransport(transport),
}
return nil
hosts = append(hosts, h)
}
return hosts, nil
}
func loadTLSConfig(c config.RegistryConfig) (*tls.Config, error) {
@ -116,11 +138,12 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
Capabilities: docker.HostCapabilityPull | docker.HostCapabilityResolve,
}
if err := fillInsecureOpts(mirror, m[mirror], &h); err != nil {
hosts, err := fillInsecureOpts(mirror, m[mirror], h)
if err != nil {
return nil, err
}
out = append(out, h)
out = append(out, hosts...)
}
if host == "docker.io" {
@ -135,11 +158,12 @@ func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts
Capabilities: docker.HostCapabilityPush | docker.HostCapabilityPull | docker.HostCapabilityResolve,
}
if err := fillInsecureOpts(host, c, &h); err != nil {
hosts, err := fillInsecureOpts(host, c, h)
if err != nil {
return nil, err
}
out = append(out, h)
out = append(out, hosts...)
return out, nil
},
docker.ConfigureDefaultRegistries(