diff --git a/api/server/server.go b/api/server/server.go index 5e337dfcbef2b..a2120cd3b4a36 100644 --- a/api/server/server.go +++ b/api/server/server.go @@ -565,6 +565,7 @@ func postImagesCreate(eng *engine.Engine, version version.Version, w http.Respon job.SetenvBool("parallel", version.GreaterThan("1.3")) job.SetenvJson("metaHeaders", metaHeaders) job.SetenvJson("authConfig", authConfig) + job.SetenvBool("protectOfficialRegistry", false) } else { //import if tag == "" { repo, tag = parsers.ParseRepositoryTag(repo) diff --git a/builder/internals.go b/builder/internals.go index 7523d121913f3..10ab0c5a916bf 100644 --- a/builder/internals.go +++ b/builder/internals.go @@ -438,6 +438,7 @@ func (b *Builder) pullImage(name string) (*imagepkg.Image, error) { job.SetenvBool("json", b.StreamFormatter.Json()) job.SetenvBool("parallel", true) job.SetenvJson("authConfig", pullRegistryAuth) + job.SetenvBool("protectOfficialRegistry", true) job.Stdout.Add(b.OutOld) if err := job.Run(); err != nil { return nil, err diff --git a/graph/export.go b/graph/export.go index 3f7ecd3c4e9e9..fcd96a6a01410 100644 --- a/graph/export.go +++ b/graph/export.go @@ -40,7 +40,9 @@ func (s *TagStore) CmdImageExport(job *engine.Job) engine.Status { } } for _, name := range job.Args { - name = registry.NormalizeLocalName(name) + if _, exists := s.Repositories[name]; !exists { + name = registry.NormalizeLocalName(name) + } log.Debugf("Serializing %s", name) rootRepo := s.Repositories[name] if rootRepo != nil { diff --git a/graph/pull.go b/graph/pull.go index 1f29e9afe30bb..0c9a5fc123289 100644 --- a/graph/pull.go +++ b/graph/pull.go @@ -30,6 +30,11 @@ func (s *TagStore) CmdRegistryPull(job *engine.Job) engine.Status { registries = []string{""} } else if len(registries) == 0 { return job.Errorf("No configured registry to pull from.") + } else if job.GetenvBool("protectOfficialRegistry") && registries[0] != registry.INDEXNAME { + // We must ensure that registry missing hostname will be pulled from + // official one, if the `protectOfficialRegistry` tells us so. + registries = []string{""} + tmp = fmt.Sprintf("%s/%s", registry.INDEXNAME, tmp) } for i, r := range registries { if i > 0 { diff --git a/graph/tags.go b/graph/tags.go index 6bdb296cd1814..346a42ce24b08 100644 --- a/graph/tags.go +++ b/graph/tags.go @@ -178,7 +178,9 @@ func (store *TagStore) Delete(repoName, tag string) (bool, error) { if err := store.reload(); err != nil { return false, err } - repoName = registry.NormalizeLocalName(repoName) + if _, exists := store.Repositories[repoName]; !exists { + repoName = registry.NormalizeLocalName(repoName) + } if r, exists := store.Repositories[repoName]; exists { if tag != "" { if _, exists2 := r[tag]; exists2 { @@ -240,10 +242,12 @@ func (store *TagStore) Get(repoName string) (Repository, error) { if err := store.reload(); err != nil { return nil, err } - repoName = registry.NormalizeLocalName(repoName) if r, exists := store.Repositories[repoName]; exists { return r, nil } + if r, exists := store.Repositories[registry.NormalizeLocalName(repoName)]; exists { + return r, nil + } return nil, nil } diff --git a/registry/session.go b/registry/session.go index 9905626a60297..cd50cc5399aca 100644 --- a/registry/session.go +++ b/registry/session.go @@ -200,6 +200,15 @@ func (r *Session) GetRemoteImageLayer(imgID, registry string, token []string, im return res.Body, nil } +func isEndpointBlocked(endpoint string) bool { + if parsedURL, err := url.Parse(endpoint); err == nil { + if _, ok := BlockedRegistries[parsedURL.Host]; !ok { + return false + } + } + return true +} + func (r *Session) GetRemoteTags(registries []string, repository string, token []string) (map[string]string, error) { if strings.Count(repository, "/") == 0 { // This will be removed once the Registry supports auto-resolution on @@ -207,6 +216,10 @@ func (r *Session) GetRemoteTags(registries []string, repository string, token [] repository = "library/" + repository } for _, host := range registries { + if isEndpointBlocked(host) { + log.Errorf("Cannot query blocked registry at %s for remote tags.", host) + continue + } endpoint := fmt.Sprintf("%srepositories/%s/tags", host, repository) req, err := r.reqFactory.NewRequest("GET", endpoint, nil)