From 3206ea9ad02b0ed924d14fee774f7e603b3c6089 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Tue, 10 Feb 2015 16:08:57 -0800 Subject: [PATCH] Update the trust graph only when pulling an official image The trust graph currently pulls the keys needed to verify official images. For non-official images this graph check is useless. To avoid hitting the key statement url when pulling from private v2 registries, restrict the check to official image pulls. Signed-off-by: Derek McGowan (github: dmcgowan) Upstream-commit: 8d1a0086c1a9297c2dc44a997134de7d30d0498f Component: engine --- components/engine/graph/pull.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/components/engine/graph/pull.go b/components/engine/graph/pull.go index e80f116f1d..61c7865701 100644 --- a/components/engine/graph/pull.go +++ b/components/engine/graph/pull.go @@ -73,9 +73,11 @@ func (s *TagStore) CmdPull(job *engine.Job) engine.Status { } if len(repoInfo.Index.Mirrors) == 0 && ((repoInfo.Official && repoInfo.Index.Official) || endpoint.Version == registry.APIVersion2) { - j := job.Eng.Job("trust_update_base") - if err = j.Run(); err != nil { - log.Errorf("error updating trust base graph: %s", err) + if repoInfo.Official { + j := job.Eng.Job("trust_update_base") + if err = j.Run(); err != nil { + log.Errorf("error updating trust base graph: %s", err) + } } log.Debugf("pulling v2 repository with local name %q", repoInfo.LocalName)