diff --git a/remotes/docker/config/hosts.go b/remotes/docker/config/hosts.go index ce59428ad..100f6be1f 100644 --- a/remotes/docker/config/hosts.go +++ b/remotes/docker/config/hosts.go @@ -272,7 +272,7 @@ type hostFileConfig struct { // TODO: Make this an array (two key types, one for pairs (multiple files), one for single file?) Client toml.Primitive `toml:"client"` - SkipVerify bool `toml:"skip_verify"` + SkipVerify *bool `toml:"skip_verify"` // API (default: "docker") // API Version (default: "v2") @@ -322,33 +322,32 @@ func parseHostsFile(ctx context.Context, baseDir string, b []byte) ([]hostConfig for i, server := range orderedHosts { hostConfig := c.HostConfigs[server] - if !strings.HasPrefix(server, "http") { - server = "https://" + server - } - u, err := url.Parse(server) - if err != nil { - return nil, errors.Errorf("unable to parse server %v", server) - } - hosts[i].scheme = u.Scheme - hosts[i].host = u.Host - - // TODO: Handle path based on registry protocol - // Define a registry protocol type - // OCI v1 - Always use given path as is - // Docker v2 - Always ensure ends with /v2/ - if len(u.Path) > 0 { - u.Path = path.Clean(u.Path) - if !strings.HasSuffix(u.Path, "/v2") { - u.Path = u.Path + "/v2" + if server != "" { + if !strings.HasPrefix(server, "http") { + server = "https://" + server } - } else { - u.Path = "/v2" - } - hosts[i].path = u.Path + u, err := url.Parse(server) + if err != nil { + return nil, errors.Errorf("unable to parse server %v", server) + } + hosts[i].scheme = u.Scheme + hosts[i].host = u.Host - if hosts[i].scheme == "https" { - hosts[i].skipVerify = &hostConfig.SkipVerify + // TODO: Handle path based on registry protocol + // Define a registry protocol type + // OCI v1 - Always use given path as is + // Docker v2 - Always ensure ends with /v2/ + if len(u.Path) > 0 { + u.Path = path.Clean(u.Path) + if !strings.HasSuffix(u.Path, "/v2") { + u.Path = u.Path + "/v2" + } + } else { + u.Path = "/v2" + } + hosts[i].path = u.Path } + hosts[i].skipVerify = hostConfig.SkipVerify if len(hostConfig.Capabilities) > 0 { for _, c := range hostConfig.Capabilities { @@ -368,7 +367,7 @@ func parseHostsFile(ctx context.Context, baseDir string, b []byte) ([]hostConfig } baseKey := []string{} - if server != "" { + if server != "" && server != c.Server { baseKey = append(baseKey, "host", server) } caKey := append(baseKey, "ca") diff --git a/remotes/docker/config/hosts_test.go b/remotes/docker/config/hosts_test.go index 35cab475a..18857a000 100644 --- a/remotes/docker/config/hosts_test.go +++ b/remotes/docker/config/hosts_test.go @@ -80,6 +80,7 @@ ca = "/etc/path/default" [host."https://mirror.registry"] capabilities = ["pull"] ca = "/etc/certs/mirror.pem" + skip_verify = false [host."https://mirror-bak.registry/us"] capabilities = ["pull"] @@ -132,7 +133,6 @@ ca = "/etc/path/default" {filepath.FromSlash("/etc/certs/client.cert"), filepath.FromSlash("/etc/certs/client.key")}, {filepath.FromSlash("/etc/certs/client.pem"), ""}, }, - skipVerify: &fb, }, { scheme: "https", @@ -142,7 +142,6 @@ ca = "/etc/path/default" clientPairs: [][2]string{ {filepath.FromSlash("/etc/certs/client.pem")}, }, - skipVerify: &fb, }, { scheme: "https", @@ -153,14 +152,13 @@ ca = "/etc/path/default" {filepath.FromSlash("/etc/certs/client-1.pem")}, {filepath.FromSlash("/etc/certs/client-2.pem")}, }, - skipVerify: &fb, }, { scheme: "https", host: "test-default.registry", path: "/v2", capabilities: allCaps, - skipVerify: &fb, + caCerts: []string{filepath.FromSlash("/etc/path/default")}, }, } hosts, err := parseHostsFile(ctx, "", []byte(testtoml))