diff options
| author | Sebastiaan van Stijn <github@gone.nl> | 2022-03-25 16:21:45 +0100 |
|---|---|---|
| committer | Sebastiaan van Stijn <github@gone.nl> | 2022-03-25 16:21:45 +0100 |
| commit | 85572cac14168f9dc3fc3d9daa5eae1ba00eddf4 (patch) | |
| tree | dbb4126569afd0dcaa5c43f806aaee3ff002b3eb /cmd/dockerd/config_unix.go | |
| parent | 0a3336fd7d19f7114fce2ff849a8989ed33e2059 (diff) | |
| download | docker-85572cac14168f9dc3fc3d9daa5eae1ba00eddf4.tar.gz | |
registry: remove dependency on rootlesskit, add `SetCertsDir()`
The registry package contained code to automatically set the CertsDir() path,
based on wether or not the daemon was running in rootlessmode. In doing so,
it made use of the `pkg/rootless.RunningWithRootlessKit()` utility.
A recent change in de6732a403af49a18c754bb9de0abf18ad48e3c8 added additional
functionality in the `pkg/rootless` package, introducing a dependency on
`github.com/rootless-containers/rootlesskit`. Unfortunately, the extra
dependency also made its way into the docker cli, which also uses the
registry package.
This patch introduces a new `SetCertsDir()` function, which allows
the default certs-directory to be overridden, and updates the daemon
to configure this location during startup.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Diffstat (limited to 'cmd/dockerd/config_unix.go')
| -rw-r--r-- | cmd/dockerd/config_unix.go | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/cmd/dockerd/config_unix.go b/cmd/dockerd/config_unix.go index 1fcc6f5aa7..d95977b68e 100644 --- a/cmd/dockerd/config_unix.go +++ b/cmd/dockerd/config_unix.go @@ -5,10 +5,13 @@ package main import ( "os/exec" + "path/filepath" "github.com/containerd/cgroups" "github.com/docker/docker/daemon/config" "github.com/docker/docker/opts" + "github.com/docker/docker/pkg/homedir" + "github.com/docker/docker/registry" "github.com/docker/docker/rootless" units "github.com/docker/go-units" "github.com/pkg/errors" @@ -49,6 +52,11 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error { if err != nil { return errors.Wrapf(err, "running with RootlessKit, but %s not installed", rootless.RootlessKitDockerProxyBinary) } + + configHome, err := homedir.GetConfigHome() + if err == nil { + registry.SetCertsDir(filepath.Join(configHome, "docker/certs.d")) + } } flags.StringVar(&conf.BridgeConfig.UserlandProxyPath, "userland-proxy-path", defaultUserlandProxyPath, "Path to the userland proxy binary") flags.StringVar(&conf.CgroupParent, "cgroup-parent", "", "Set parent cgroup for all containers") @@ -74,3 +82,14 @@ func installConfigFlags(conf *config.Config, flags *pflag.FlagSet) error { flags.StringVar(&conf.CgroupNamespaceMode, "default-cgroupns-mode", string(defaultCgroupNamespaceMode), `Default mode for containers cgroup namespace ("host" | "private")`) return nil } + +// configureCertsDir configures registry.CertsDir() depending on if the daemon +// is running in rootless mode or not. +func configureCertsDir() { + if rootless.RunningWithRootlessKit() { + configHome, err := homedir.GetConfigHome() + if err == nil { + registry.SetCertsDir(filepath.Join(configHome, "docker/certs.d")) + } + } +} |