From 6699afa5495a1234d3647e3f19fe516e00a923c4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 16 Oct 2022 01:08:49 +0200 Subject: [PATCH] registry: allow "allow-nondistributable-artifacts" for Docker Hub Previously, Docker Hub was excluded when configuring "allow-nondistributable-artifacts". With the updated policy announced by Microsoft, we can remove this restriction; https://techcommunity.microsoft.com/t5/containers/announcing-windows-container-base-image-redistribution-rights/ba-p/3645201 There are plans to deprecated support for foreign layers altogether in the OCI, and we should consider to make this option the default, but as that requires deprecating the option (and possibly keeping an "opt-out" option), we can look at that separately. (cherry picked from commit 30e5333ce3e11654fe343b8765bb719aa7b1ca0c) Signed-off-by: Sebastiaan van Stijn Signed-off-by: Tianon Gravi --- registry/service_v2.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/registry/service_v2.go b/registry/service_v2.go index 3e3a5b41ffbdc..154ac7c93e802 100644 --- a/registry/service_v2.go +++ b/registry/service_v2.go @@ -9,6 +9,9 @@ import ( func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) { tlsConfig := tlsconfig.ServerDefault() + + ana := allowNondistributableArtifacts(s.config, hostname) + if hostname == DefaultNamespace || hostname == IndexHostname { for _, mirror := range s.config.Mirrors { if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") { @@ -36,13 +39,13 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp Official: true, TrimHostname: true, TLSConfig: tlsConfig, + + AllowNondistributableArtifacts: ana, }) return endpoints, nil } - ana := allowNondistributableArtifacts(s.config, hostname) - tlsConfig, err = s.tlsConfig(hostname) if err != nil { return nil, err