Use certs.d

from XDG_CONFIG_HOME when in rootless mode Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
author: Dmitry Sharshakov <d3dx12.xx@gmail.com> 2019-11-25 13:12:54 +0300
committer: Dmitry Sharshakov <d3dx12.xx@gmail.com> 2019-11-25 13:12:54 +0300
commit: f4fa98f583a64d736eea1bb3a8fab755e159fdf4 (patch)
tree: 678c0b0b16d7707ca0bef89e0e5c04c015a0e241 /registry/registry.go
parent: 2808762b27b9e4e94a705193c8554184f6beb151 (diff)
download: docker-f4fa98f583a64d736eea1bb3a8fab755e159fdf4.tar.gz
1 files changed, 16 insertions, 1 deletions
diff --git a/registry/registry.go b/registry/registry.go
index 52b8759d9c..c661df4694 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -16,6 +16,9 @@ import (
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/sirupsen/logrus"
+
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/docker/docker/rootless"
 )
 
 var (
@@ -31,7 +34,19 @@ func newTLSConfig(hostname string, isSecure bool) (*tls.Config, error) {
 	tlsConfig.InsecureSkipVerify = !isSecure
 
 	if isSecure && CertsDir != "" {
-		hostDir := filepath.Join(CertsDir, cleanPath(hostname))
+		certsDir := CertsDir
+
+		if rootless.RunningWithRootlessKit() {
+			configHome, err := homedir.GetConfigHome()
+			if err != nil {
+				return nil, err
+			}
+
+			certsDir = filepath.Join(configHome, "docker/certs.d")
+		}
+
+		hostDir := filepath.Join(certsDir, cleanPath(hostname))
+
 		logrus.Debugf("hostDir: %s", hostDir)
 		if err := ReadCertsDirectory(tlsConfig, hostDir); err != nil {
 			return nil, err
author	Dmitry Sharshakov <d3dx12.xx@gmail.com>	2019-11-25 13:12:54 +0300
committer	Dmitry Sharshakov <d3dx12.xx@gmail.com>	2019-11-25 13:12:54 +0300
commit	f4fa98f583a64d736eea1bb3a8fab755e159fdf4 (patch)
tree	678c0b0b16d7707ca0bef89e0e5c04c015a0e241 /registry/registry.go
parent	2808762b27b9e4e94a705193c8554184f6beb151 (diff)
download	docker-f4fa98f583a64d736eea1bb3a8fab755e159fdf4.tar.gz