remotes/docker/config: Skipping TLS verification for localhost

Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
2022-09-13 17:16:08 +08:00
parent 99ee82d0b6
commit 3cfde732e1
3 changed files with 28 additions and 16 deletions
--- a/remotes/docker/config/hosts.go
+++ b/remotes/docker/config/hosts.go
@@ -99,6 +99,17 @@ func ConfigureHosts(ctx context.Context, options HostOptions) docker.RegistryHos
 			if host == "docker.io" {
 				hosts[len(hosts)-1].scheme = "https"
 				hosts[len(hosts)-1].host = "registry-1.docker.io"
+			} else if docker.IsLocalhost(host) {
+				hosts[len(hosts)-1].host = host
+				if options.DefaultScheme == "" || options.DefaultScheme == "http" {
+					hosts[len(hosts)-1].scheme = "http"
+
+					// Skipping TLS verification for localhost
+					var skipVerify = true
+					hosts[len(hosts)-1].skipVerify = &skipVerify
+				} else {
+					hosts[len(hosts)-1].scheme = options.DefaultScheme
+				}
 			} else {
 				hosts[len(hosts)-1].host = host
 				if options.DefaultScheme != "" {
--- a/remotes/docker/resolver.go
+++ b/remotes/docker/resolver.go
@@ -21,6 +21,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
 	"net/url"
 	"path"
@@ -667,3 +668,17 @@ func responseFields(resp *http.Response) logrus.Fields {

 	return logrus.Fields(fields)
 }
+
+// IsLocalhost checks if the registry host is local.
+func IsLocalhost(host string) bool {
+	if h, _, err := net.SplitHostPort(host); err == nil {
+		host = h
+	}
+
+	if host == "localhost" {
+		return true
+	}
+
+	ip := net.ParseIP(host)
+	return ip.IsLoopback()
+}