registry: allow "allow-nondistributable-artifacts" for Docker Hub

Previously, Docker Hub was excluded when configuring "allow-nondistributable-artifacts". With the updated policy announced by Microsoft, we can remove this restriction; https://techcommunity.microsoft.com/t5/containers/announcing-windows-container-base-image-redistribution-rights/ba-p/3645201 There are plans to deprecated support for foreign layers altogether in the OCI, and we should consider to make this option the default, but as that requires deprecating the option (and possibly keeping an "opt-out" option), we can look at that separately. (cherry picked from commit 30e5333) Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
moby · Oct 17, 2022 · 47e6bf8 · 47e6bf8
1 parent c964641
commit 47e6bf8
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/registry/service_v2.go b/registry/service_v2.go
@@ -9,6 +9,9 @@ import (
 
 func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
 	tlsConfig := tlsconfig.ServerDefault()
+
+	ana := s.config.allowNondistributableArtifacts(hostname)
+
 	if hostname == DefaultNamespace || hostname == IndexHostname {
 		for _, mirror := range s.config.Mirrors {
 			if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
@@ -36,13 +39,13 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
 			Official:     true,
 			TrimHostname: true,
 			TLSConfig:    tlsConfig,
+
+			AllowNondistributableArtifacts: ana,
 		})
 
 		return endpoints, nil
 	}
 
-	ana := allowNondistributableArtifacts(s.config, hostname)
-
 	tlsConfig, err = s.tlsConfig(hostname)
 	if err != nil {
 		return nil, err