From d17e3dd1bae5f79171b26a7f36204282aa1b160c Mon Sep 17 00:00:00 2001 From: zhongjiawei Date: Wed, 15 Mar 2023 17:24:08 +0800 Subject: [PATCH] docker: try http for docker manifest insecure (cherry picked from commit ff3bcc697b172784a8dacd637576cd932801399a) --- VERSION-vendor | 2 +- docker.spec | 8 ++- git-commit | 2 +- ...ry-http-for-docker-manifest-insecure.patch | 49 +++++++++++++++++++ series.conf | 1 + 5 files changed, 59 insertions(+), 3 deletions(-) create mode 100644 patch/0239-docker-try-http-for-docker-manifest-insecure.patch diff --git a/VERSION-vendor b/VERSION-vendor index 80be9de..e2a3f98 100644 --- a/VERSION-vendor +++ b/VERSION-vendor @@ -1 +1 @@ -18.09.0.319 +18.09.0.320 diff --git a/docker.spec b/docker.spec index d83e9ba..0b7d0d1 100644 --- a/docker.spec +++ b/docker.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 319 +Release: 320 Epoch: 2 Summary: The open-source application container engine Group: Tools/Docker @@ -213,6 +213,12 @@ fi %endif %changelog +* Wed Mar 15 2023 zhongjiawei - 18.09.0-320 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:try http for docker manifest insecure + * Tue Mar 14 2023 JackChan8 - 18.09.0-319 - Type:bugfix - CVE:NA diff --git a/git-commit b/git-commit index 2532a5c..8595ac8 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -125a5369ebd1d5b7c96d8902bd1c9d195d90d5b7 +dc32e88375199186065f6206a9be6a7417d64620 diff --git a/patch/0239-docker-try-http-for-docker-manifest-insecure.patch b/patch/0239-docker-try-http-for-docker-manifest-insecure.patch new file mode 100644 index 0000000..f347593 --- /dev/null +++ b/patch/0239-docker-try-http-for-docker-manifest-insecure.patch @@ -0,0 +1,49 @@ +From a4a2d8fb4cf083fd1357f9b271b368f1c2d7744c Mon Sep 17 00:00:00 2001 +From: Tengfei Wang +Date: Tue, 24 Mar 2020 23:42:33 +0800 +Subject: [PATCH] try http for docker manifest --insecure + +Signed-off-by: Tengfei Wang +--- + components/cli/cli/registry/client/client.go | 21 +++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +diff --git a/components/cli/cli/registry/client/client.go b/components/cli/cli/registry/client/client.go +index 6fd18a897..3ed139840 100644 +--- a/components/cli/cli/registry/client/client.go ++++ b/components/cli/cli/registry/client/client.go +@@ -138,15 +138,26 @@ func (c *client) GetTags(ctx context.Context, ref reference.Named) ([]string, er + } + + func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Named, repoEndpoint repositoryEndpoint) (distribution.Repository, error) { ++ repoName, err := reference.WithName(repoEndpoint.Name()) ++ if err != nil { ++ return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref) ++ } + httpTransport, err := c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint) + if err != nil { +- if strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") { ++ if !strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") { ++ return nil, err ++ } ++ if !repoEndpoint.endpoint.TLSConfig.InsecureSkipVerify { + return nil, ErrHTTPProto{OrigErr: err.Error()} + } +- } +- repoName, err := reference.WithName(repoEndpoint.Name()) +- if err != nil { +- return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref) ++ // --insecure was set; fall back to plain HTTP ++ if url := repoEndpoint.endpoint.URL; url != nil && url.Scheme == "https" { ++ url.Scheme = "http" ++ httpTransport, err = c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint) ++ if err != nil { ++ return nil, err ++ } ++ } + } + return distributionclient.NewRepository(repoName, repoEndpoint.BaseURL(), httpTransport) + } +-- +2.33.0 + diff --git a/series.conf b/series.conf index e4eba83..ccd4c94 100644 --- a/series.conf +++ b/series.conf @@ -236,4 +236,5 @@ patch/0235-docker-do-not-stop-health-check-before-sending-signa.patch patch/0236-docker-set-freezer.state-to-Thawed-to-increase-freez.patch patch/0237-docker-stats-fix-panic.patch patch/0238-docker-fix-container-missing-after-restarting-docker.patch +patch/0239-docker-try-http-for-docker-manifest-insecure.patch #end -- Gitee