92b6a023ae
While investigating 29936 I noticed one potential issue in `LoadInsecureRegistries`. The implementation of the func assumes that the format of insecure registry should be `host:port` if not CIDR. However, it is very common that user may incorrectly provide a registry with a scheme (e.g, `http://myregistry.com:5000`) Such a registry format with a scheme will cause docker pull to always try https endpoint. The reason is that the func of `isSecureIndex()` actually will check for the map of the index server for `myregistry.com:5000` while the insecure registry only has a record of `http://myregistry.com:5000`. As a consequence, docker assumes that `myregistry.com:5000` is not a insecure registry and will go ahead with https endpoint. This fix addresses the issue by error out insecure registries with scheme. A unit test has been added. This fix is related to 29936. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> Upstream-commit: 8dadeaf8ea4d3a3f06ab3283e353887039675ff2 Component: engine