forked from TrueCloudLab/distribution
5717c8243d
If we detect a Docker-Distribution-Api-Version header indicating that the registry speaks the V2 protocol, no fallback to V1 should take place. The same applies if a V2 registry operation succeeds while attempting a push or pull. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
74 lines
1.7 KiB
Go
74 lines
1.7 KiB
Go
package registry
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/docker/docker/pkg/tlsconfig"
|
|
"github.com/docker/docker/reference"
|
|
)
|
|
|
|
func (s *Service) lookupV2Endpoints(repoName reference.Named) (endpoints []APIEndpoint, err error) {
|
|
var cfg = tlsconfig.ServerDefault
|
|
tlsConfig := &cfg
|
|
nameString := repoName.FullName()
|
|
if strings.HasPrefix(nameString, DefaultNamespace+"/") {
|
|
// v2 mirrors
|
|
for _, mirror := range s.Config.Mirrors {
|
|
mirrorTLSConfig, err := s.tlsConfigForMirror(mirror)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: mirror,
|
|
// guess mirrors are v2
|
|
Version: APIVersion2,
|
|
Mirror: true,
|
|
TrimHostname: true,
|
|
TLSConfig: mirrorTLSConfig,
|
|
})
|
|
}
|
|
// v2 registry
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: DefaultV2Registry,
|
|
Version: APIVersion2,
|
|
Official: true,
|
|
TrimHostname: true,
|
|
TLSConfig: tlsConfig,
|
|
})
|
|
|
|
return endpoints, nil
|
|
}
|
|
|
|
slashIndex := strings.IndexRune(nameString, '/')
|
|
if slashIndex <= 0 {
|
|
return nil, fmt.Errorf("invalid repo name: missing '/': %s", nameString)
|
|
}
|
|
hostname := nameString[:slashIndex]
|
|
|
|
tlsConfig, err = s.TLSConfig(hostname)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
endpoints = []APIEndpoint{
|
|
{
|
|
URL: "https://" + hostname,
|
|
Version: APIVersion2,
|
|
TrimHostname: true,
|
|
TLSConfig: tlsConfig,
|
|
},
|
|
}
|
|
|
|
if tlsConfig.InsecureSkipVerify {
|
|
endpoints = append(endpoints, APIEndpoint{
|
|
URL: "http://" + hostname,
|
|
Version: APIVersion2,
|
|
TrimHostname: true,
|
|
// used to check if supposed to be secure via InsecureSkipVerify
|
|
TLSConfig: tlsConfig,
|
|
})
|
|
}
|
|
|
|
return endpoints, nil
|
|
}
|