Skip to content

Commit 6b006dc

Browse files
authored
Merge pull request #1937 from mtrmac/docker-client-update
Update the docker-daemon: client, and docker/docker dependency
2 parents b82bd92 + 2aed0f2 commit 6b006dc

File tree

3 files changed

+37
-21
lines changed

3 files changed

+37
-21
lines changed

docker/daemon/client.go

Lines changed: 34 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -21,33 +21,49 @@ func newDockerClient(sys *types.SystemContext) (*dockerclient.Client, error) {
2121
host = sys.DockerDaemonHost
2222
}
2323

24-
// Sadly, unix:// sockets don't work transparently with dockerclient.NewClient.
25-
// They work fine with a nil httpClient; with a non-nil httpClient, the transport’s
26-
// TLSClientConfig must be nil (or the client will try using HTTPS over the PF_UNIX socket
27-
// regardless of the values in the *tls.Config), and we would have to call sockets.ConfigureTransport.
24+
opts := []dockerclient.Opt{
25+
dockerclient.WithHost(host),
26+
dockerclient.WithVersion(defaultAPIVersion),
27+
}
28+
29+
// We conditionalize building the TLS configuration only to TLS sockets:
30+
//
31+
// The dockerclient.Client implementation differentiates between
32+
// - Client.proto, which is ~how the connection is establishe (IP / AF_UNIX/Windows)
33+
// - Client.scheme, which is what is sent over the connection (HTTP with/without TLS).
34+
//
35+
// Only Client.proto is set from the URL in dockerclient.WithHost(),
36+
// Client.scheme is detected based on a http.Client.TLSClientConfig presence;
37+
// dockerclient.WithHTTPClient with a client that has TLSClientConfig set
38+
// will, by default, trigger an attempt to use TLS.
39+
//
40+
// So, don’t use WithHTTPClient for unix:// sockets at all.
2841
//
29-
// We don't really want to configure anything for unix:// sockets, so just pass a nil *http.Client.
42+
// Similarly, if we want to communicate over plain HTTP on a TCP socket (http://),
43+
// we also should not set TLSClientConfig. We continue to use WithHTTPClient
44+
// with our slightly non-default settings to avoid a behavior change on updates of c/image.
3045
//
31-
// Similarly, if we want to communicate over plain HTTP on a TCP socket, we also need to set
32-
// TLSClientConfig to nil. This can be achieved by using the form `http://`
46+
// Alternatively we could use dockerclient.WithScheme to drive the TLS/non-TLS logic
47+
// explicitly, but we would still want to set WithHTTPClient (differently) for https:// and http:// ;
48+
// so that would not be any simpler.
3349
serverURL, err := dockerclient.ParseHostURL(host)
3450
if err != nil {
3551
return nil, err
3652
}
37-
var httpClient *http.Client
38-
if serverURL.Scheme != "unix" {
39-
if serverURL.Scheme == "http" {
40-
httpClient = httpConfig()
41-
} else {
42-
hc, err := tlsConfig(sys)
43-
if err != nil {
44-
return nil, err
45-
}
46-
httpClient = hc
53+
switch serverURL.Scheme {
54+
case "unix": // Nothing
55+
case "http":
56+
hc := httpConfig()
57+
opts = append(opts, dockerclient.WithHTTPClient(hc))
58+
default:
59+
hc, err := tlsConfig(sys)
60+
if err != nil {
61+
return nil, err
4762
}
63+
opts = append(opts, dockerclient.WithHTTPClient(hc))
4864
}
4965

50-
return dockerclient.NewClient(host, defaultAPIVersion, httpClient, nil)
66+
return dockerclient.NewClientWithOpts(opts...)
5167
}
5268

5369
func tlsConfig(sys *types.SystemContext) (*http.Client, error) {

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ require (
99
github.com/containers/storage v1.46.1
1010
github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7
1111
github.com/docker/distribution v2.8.1+incompatible
12-
github.com/docker/docker v23.0.4+incompatible
12+
github.com/docker/docker v23.0.5+incompatible
1313
github.com/docker/docker-credential-helpers v0.7.0
1414
github.com/docker/go-connections v0.4.0
1515
github.com/go-openapi/strfmt v0.21.7

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -274,8 +274,8 @@ github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc
274274
github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
275275
github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
276276
github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
277-
github.com/docker/docker v23.0.4+incompatible h1:Kd3Bh9V/rO+XpTP/BLqM+gx8z7+Yb0AA2Ibj+nNo4ek=
278-
github.com/docker/docker v23.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
277+
github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k=
278+
github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
279279
github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
280280
github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
281281
github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=

0 commit comments

Comments
 (0)