Fix configurations with no server provided

When a server is specified at the top level, there is a bug that prevents the keys from being checked properly. When no server is provided, the server attempts to parse with an empty host, leaving partial values and a defaulted skip verify configuration. Signed-off-by: Derek McGowan <derek@mcg.dev>
2020-05-19 18:31:07 -07:00 · 2020-05-19 18:31:07 -07:00 · 84619ee998
commit 84619ee998
parent 06b0cd45ba
2 changed files with 27 additions and 30 deletions
--- a/remotes/docker/config/hosts.go
+++ b/remotes/docker/config/hosts.go
@ -272,7 +272,7 @@ type hostFileConfig struct {
 	// TODO: Make this an array (two key types, one for pairs (multiple files), one for single file?)
 	Client toml.Primitive `toml:"client"`
-	SkipVerify bool `toml:"skip_verify"`
+	SkipVerify *bool `toml:"skip_verify"`
 	// API (default: "docker")
 	// API Version (default: "v2")
@ -322,6 +322,7 @@ func parseHostsFile(ctx context.Context, baseDir string, b []byte) ([]hostConfig
 	for i, server := range orderedHosts {
 		hostConfig := c.HostConfigs[server]
 		if server != "" {
 			if !strings.HasPrefix(server, "http") {
 				server = "https://" + server
 			}
@ -345,10 +346,8 @@ func parseHostsFile(ctx context.Context, baseDir string, b []byte) ([]hostConfig
 				u.Path = "/v2"
 			}
 			hosts[i].path = u.Path
 		if hosts[i].scheme == "https" {
 			hosts[i].skipVerify = &hostConfig.SkipVerify
 		}
 		hosts[i].skipVerify = hostConfig.SkipVerify
 		if len(hostConfig.Capabilities) > 0 {
 			for _, c := range hostConfig.Capabilities {
@ -368,7 +367,7 @@ func parseHostsFile(ctx context.Context, baseDir string, b []byte) ([]hostConfig
 		}
 		baseKey := []string{}
-		if server != "" {
+		if server != "" && server != c.Server {
 			baseKey = append(baseKey, "host", server)
 		}
 		caKey := append(baseKey, "ca")
--- a/remotes/docker/config/hosts_test.go
+++ b/remotes/docker/config/hosts_test.go
@ -80,6 +80,7 @@ ca = "/etc/path/default"
 [host."https://mirror.registry"]
  capabilities = ["pull"]
  ca = "/etc/certs/mirror.pem"
  skip_verify = false
 [host."https://mirror-bak.registry/us"]
  capabilities = ["pull"]
@ -132,7 +133,6 @@ ca = "/etc/path/default"
 				{filepath.FromSlash("/etc/certs/client.cert"), filepath.FromSlash("/etc/certs/client.key")},
 				{filepath.FromSlash("/etc/certs/client.pem"), ""},
 			},
 			skipVerify: &fb,
 		},
 		{
 			scheme:       "https",
@ -142,7 +142,6 @@ ca = "/etc/path/default"
 			clientPairs: [][2]string{
 				{filepath.FromSlash("/etc/certs/client.pem")},
 			},
 			skipVerify: &fb,
 		},
 		{
 			scheme:       "https",
@ -153,14 +152,13 @@ ca = "/etc/path/default"
 				{filepath.FromSlash("/etc/certs/client-1.pem")},
 				{filepath.FromSlash("/etc/certs/client-2.pem")},
 			},
 			skipVerify: &fb,
 		},
 		{
 			scheme:       "https",
 			host:         "test-default.registry",
 			path:         "/v2",
 			capabilities: allCaps,
-			skipVerify:   &fb,
+			caCerts:      []string{filepath.FromSlash("/etc/path/default")},
 		},
 	}
 	hosts, err := parseHostsFile(ctx, "", []byte(testtoml))