docker:try http for docker manifest insecure

(cherry picked from commit 32b9a9fdb012d226da909b3249f7b8b4df7278b5)
2023-03-15 17:41:51 +08:00 · 2023-03-15 17:41:51 +08:00 · 52284b74eb
commit 52284b74eb
parent e6a2b554de
4 changed files with 58 additions and 2 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-18.09.0.250
+18.09.0.251
--- a/docker-engine-openeuler.spec
+++ b/docker-engine-openeuler.spec
@ -1,6 +1,6 @@
 Name: docker-engine
 Version: 18.09.0
-Release: 250
+Release: 251
 Epoch: 1
 Summary: The open-source application container engine
 Group: Tools/Docker
@ -199,6 +199,12 @@ fi
 %endif

 %changelog
+* Wed Mar 15 2023 zhongjiawei<zhongjiawei1@huawei.com>- 18.09.0-251
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:try http for docker manifest insecure
+
 * Wed Mar 14 2023 chenjiankun<chenjiankun1@huawei.com>- 18.09.0-250
 - Type:bugfix
 - CVE:NA
--- a/patch/0237-docker-try-http-for-docker-manifest-insecure.patch
+++ b/patch/0237-docker-try-http-for-docker-manifest-insecure.patch
@ -0,0 +1,49 @@
+From a4a2d8fb4cf083fd1357f9b271b368f1c2d7744c Mon Sep 17 00:00:00 2001
+From: Tengfei Wang <tfwang@alauda.io>
+Date: Tue, 24 Mar 2020 23:42:33 +0800
+Subject: [PATCH] try http for docker manifest --insecure
+
+Signed-off-by: Tengfei Wang <tfwang@alauda.io>
+---
+ components/cli/cli/registry/client/client.go | 21 +++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/components/cli/cli/registry/client/client.go b/components/cli/cli/registry/client/client.go
+index 6fd18a897..3ed139840 100644
+--- a/components/cli/cli/registry/client/client.go
+++ b/components/cli/cli/registry/client/client.go
+@@ -138,15 +138,26 @@ func (c *client) GetTags(ctx context.Context, ref reference.Named) ([]string, er
+ }
+ 
+ func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Named, repoEndpoint repositoryEndpoint) (distribution.Repository, error) {
+	repoName, err := reference.WithName(repoEndpoint.Name())
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref)
+	}
+ 	httpTransport, err := c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
+ 	if err != nil {
+-		if strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
+		if !strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") {
+			return nil, err
+		}
+		if !repoEndpoint.endpoint.TLSConfig.InsecureSkipVerify {
+ 			return nil, ErrHTTPProto{OrigErr: err.Error()}
+ 		}
+-	}
+-	repoName, err := reference.WithName(repoEndpoint.Name())
+-	if err != nil {
+-		return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref)
+		// --insecure was set; fall back to plain HTTP
+		if url := repoEndpoint.endpoint.URL; url != nil && url.Scheme == "https" {
+			url.Scheme = "http"
+			httpTransport, err = c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint)
+			if err != nil {
+				return nil, err
+			}
+		}
+ 	}
+ 	return distributionclient.NewRepository(repoName, repoEndpoint.BaseURL(), httpTransport)
+ }
+-- 
+2.33.0
+
--- a/series.conf
+++ b/series.conf
@ -230,4 +230,5 @@ patch/0233-docker-Read-connection-marking-information-from-CT-f.patch
 patch/0234-docker-do-not-stop-health-check-before-sending-signa.patch
 patch/0235-docker-set-freezer.state-to-Thawed-to-increase-freez.patch
 patch/0236-docker-fix-container-missing-after-restarting-docker.patch
+patch/0237-docker-try-http-for-docker-manifest-insecure.patch
 #end