diff --git a/vendor.mod b/vendor.mod index 3bdaa2cbb4be..3bb0a47102e3 100644 --- a/vendor.mod +++ b/vendor.mod @@ -6,6 +6,9 @@ module github.com/docker/cli go 1.22.0 +// FIXME(thaJeztah): testing https://github.com/moby/moby/pull/49005 +replace github.com/docker/docker => github.com/thaJeztah/docker v24.0.0-rc.1.0.20241207110217-3014d6d7a324+incompatible + require ( dario.cat/mergo v1.0.1 github.com/containerd/platforms v0.2.1 diff --git a/vendor.sum b/vendor.sum index d10d4faecf9a..b0af5c58d911 100644 --- a/vendor.sum +++ b/vendor.sum @@ -51,8 +51,6 @@ github.com/docker/cli-docs-tool v0.8.0/go.mod h1:8TQQ3E7mOXoYUs811LiPdUnAhXrcVsB github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v27.0.2-0.20241202115249-87fbd9cd3b37+incompatible h1:Ct0/s+pkUCDPBsQmLVHnBEas8OlTRxNvDXdSa6Y2PfE= -github.com/docker/docker v27.0.2-0.20241202115249-87fbd9cd3b37+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= @@ -264,6 +262,8 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/thaJeztah/docker v24.0.0-rc.1.0.20241207110217-3014d6d7a324+incompatible h1:LIDKGQw7TmLP3HG3tyE+GYgwoO9cV9qw9lgNFikpj0E= +github.com/thaJeztah/docker v24.0.0-rc.1.0.20241207110217-3014d6d7a324+incompatible/go.mod h1:eZ6Ef2GDr/8h8se23uenzFTrBHwc9jBEEnfrxqOb0Ss= github.com/theupdateframework/notary v0.7.1-0.20210315103452-bf96a202a09a h1:tlJ7tGUHvcvL1v3yR6NcCc9nOqh2L+CG6HWrYQtwzQ0= github.com/theupdateframework/notary v0.7.1-0.20210315103452-bf96a202a09a/go.mod h1:Y94A6rPp2OwNfP/7vmf8O2xx2IykP8pPXQ1DLouGnEw= github.com/tonistiigi/go-rosetta v0.0.0-20220804170347-3f4430f2d346 h1:TvtdmeYsYEij78hS4oxnwikoiLdIrgav3BA+CbhaDAI= diff --git a/vendor/github.com/docker/docker/registry/config.go b/vendor/github.com/docker/docker/registry/config.go index 3ec6ec715d91..f351d21a92c4 100644 --- a/vendor/github.com/docker/docker/registry/config.go +++ b/vendor/github.com/docker/docker/registry/config.go @@ -58,9 +58,6 @@ var ( emptyServiceConfig, _ = newServiceConfig(ServiceOptions{}) validHostPortRegex = regexp.MustCompile(`^` + reference.DomainRegexp.String() + `$`) - // for mocking in unit tests - lookupIP = net.LookupIP - // certsDir is used to override defaultCertsDir. certsDir string ) @@ -285,30 +282,37 @@ func (config *serviceConfig) isSecureIndex(indexName string) bool { return !isCIDRMatch(config.InsecureRegistryCIDRs, indexName) } +// for mocking in unit tests. +var lookupIP = net.LookupIP + // isCIDRMatch returns true if URLHost matches an element of cidrs. URLHost is a URL.Host (`host:port` or `host`) // where the `host` part can be either a domain name or an IP address. If it is a domain name, then it will be // resolved to IP addresses for matching. If resolution fails, false is returned. func isCIDRMatch(cidrs []*registry.NetIPNet, URLHost string) bool { + if len(cidrs) == 0 { + return false + } + host, _, err := net.SplitHostPort(URLHost) if err != nil { - // Assume URLHost is of the form `host` without the port and go on. + // Assume URLHost is a host without port and go on. host = URLHost } - addrs, err := lookupIP(host) - if err != nil { - ip := net.ParseIP(host) - if ip != nil { - addrs = []net.IP{ip} + var addresses []net.IP + if ip := net.ParseIP(host); ip != nil { + // Host is an IP-address. + addresses = append(addresses, ip) + } else { + // Try to resolve the host's IP-address. + addresses, err = lookupIP(host) + if err != nil { + // We failed to resolve the host; assume there's no match. + return false } - - // if ip == nil, then `host` is neither an IP nor it could be looked up, - // either because the index is unreachable, or because the index is behind an HTTP proxy. - // So, len(addrs) == 0 and we're not aborting. } - // Try CIDR notation only if addrs has any elements, i.e. if `host`'s IP could be determined. - for _, addr := range addrs { + for _, addr := range addresses { for _, ipnet := range cidrs { // check if the addr falls in the subnet if (*net.IPNet)(ipnet).Contains(addr) { diff --git a/vendor/github.com/docker/docker/registry/service.go b/vendor/github.com/docker/docker/registry/service.go index 73f422150dc0..672a721ff6d3 100644 --- a/vendor/github.com/docker/docker/registry/service.go +++ b/vendor/github.com/docker/docker/registry/service.go @@ -105,7 +105,7 @@ type APIEndpoint struct { URL *url.URL AllowNondistributableArtifacts bool Official bool - TrimHostname bool + TrimHostname bool // Deprecated: hostname is now trimmed unconditionally for remote names. This field will be removed in the next release. TLSConfig *tls.Config } diff --git a/vendor/github.com/docker/docker/registry/service_v2.go b/vendor/github.com/docker/docker/registry/service_v2.go index 42b1730a257f..cf95ce51d107 100644 --- a/vendor/github.com/docker/docker/registry/service_v2.go +++ b/vendor/github.com/docker/docker/registry/service_v2.go @@ -24,17 +24,15 @@ func (s *Service) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, e return nil, err } endpoints = append(endpoints, APIEndpoint{ - URL: mirrorURL, - Mirror: true, - TrimHostname: true, - TLSConfig: mirrorTLSConfig, + URL: mirrorURL, + Mirror: true, + TLSConfig: mirrorTLSConfig, }) } endpoints = append(endpoints, APIEndpoint{ - URL: DefaultV2Registry, - Official: true, - TrimHostname: true, - TLSConfig: tlsconfig.ServerDefault(), + URL: DefaultV2Registry, + Official: true, + TLSConfig: tlsconfig.ServerDefault(), AllowNondistributableArtifacts: ana, }) @@ -53,9 +51,9 @@ func (s *Service) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, e Scheme: "https", Host: hostname, }, + TLSConfig: tlsConfig, + AllowNondistributableArtifacts: ana, - TrimHostname: true, - TLSConfig: tlsConfig, }, } @@ -65,10 +63,10 @@ func (s *Service) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, e Scheme: "http", Host: hostname, }, - AllowNondistributableArtifacts: ana, - TrimHostname: true, // used to check if supposed to be secure via InsecureSkipVerify TLSConfig: tlsConfig, + + AllowNondistributableArtifacts: ana, }) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 11654fe8816f..8669798641b4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -55,7 +55,7 @@ github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory github.com/docker/distribution/uuid -# github.com/docker/docker v27.0.2-0.20241202115249-87fbd9cd3b37+incompatible +# github.com/docker/docker v27.0.2-0.20241202115249-87fbd9cd3b37+incompatible => github.com/thaJeztah/docker v24.0.0-rc.1.0.20241207110217-3014d6d7a324+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types @@ -546,3 +546,4 @@ gotest.tools/v3/skip # tags.cncf.io/container-device-interface v0.8.0 ## explicit; go 1.20 tags.cncf.io/container-device-interface/pkg/parser +# github.com/docker/docker => github.com/thaJeztah/docker v24.0.0-rc.1.0.20241207110217-3014d6d7a324+incompatible