trust: print deprecation warning when using hub Notary server
Docker Hub's Notary service is being retired, and now produces
failures in most cases. Add a warning when attempting to use
it, pending full removal of trust;
https://www.docker.com/blog/retiring-docker-content-trust/
With this PR:
DOCKER_CONTENT_TRUST=1 docker pull -q hello-world
WARNING: Docker is retiring DCT for Docker Official Images (DOI).
For details, refer to https://docs.docker.com/go/dct-deprecation/
could not validate the path to a trusted root: unable to retrieve valid leaf certificates
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 43b03ef2c5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
@@ -3,6 +3,7 @@ package trust
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
@@ -107,6 +108,11 @@ func (scs simpleCredentialStore) RefreshToken(*url.URL, string) string {
|
||||
|
||||
func (simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {}
|
||||
|
||||
const dctDeprecation = `WARNING: Docker is retiring DCT for Docker Official Images (DOI).
|
||||
For details, refer to https://docs.docker.com/go/dct-deprecation/
|
||||
|
||||
`
|
||||
|
||||
// GetNotaryRepository returns a NotaryRepository which stores all the
|
||||
// information needed to operate on a notary repository.
|
||||
// It creates an HTTP transport providing authentication support.
|
||||
@@ -115,6 +121,9 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if server == NotaryServer {
|
||||
_, _ = fmt.Fprint(os.Stderr, dctDeprecation)
|
||||
}
|
||||
|
||||
cfg := tlsconfig.ClientDefault()
|
||||
cfg.InsecureSkipVerify = !repoInfo.Index.Secure
|
||||
|
||||
Reference in New Issue
Block a user