Skip to content

image/docker: use unified configfile search for cert directories#746

Open
jankaluza wants to merge 1 commit intocontainers:mainfrom
jankaluza:certs.d
Open

image/docker: use unified configfile search for cert directories#746
jankaluza wants to merge 1 commit intocontainers:mainfrom
jankaluza:certs.d

Conversation

@jankaluza
Copy link
Copy Markdown
Member

@jankaluza jankaluza commented Apr 7, 2026

Switch dockerCertDir to use the new
configfile.ContainersResourceDirs for resolving certificate directories.

@jankaluza
image/docker: use unified configfile search for cert directories
0df042b 
Switch `dockerCertDir` to use the new
`configfile.ContainersResourceDirs` for resolving certificate
directories.

Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
@github-actions github-actions bot added storage Related to "storage" package image Related to "image" package labels Apr 7, 2026
@jankaluza jankaluza mentioned this pull request Apr 8, 2026
Open
Luap99
Luap99 reviewed Apr 8, 2026
View reviewed changes
storage/pkg/configfile/parse.go
for _, dir := range candidates {
info, err := os.Stat(dir)
if err != nil {
if errors.Is(err, fs.ErrNotExist) || errors.Is(err, fs.ErrPermission) {
Copy link
Copy Markdown
Member

@Luap99 Luap99 Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we skip permission errors?

storage/pkg/configfile/parse.go
Comment on lines +35 to +36
// userConfigPathForResourceDirs is a test hook for ContainersResourceDirs.
userConfigPathForResourceDirs = UserConfigPath
Copy link
Copy Markdown
Member

@Luap99 Luap99 Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is not clear to me why do you need this? The other test does not need it? you can just sentenv the XDG_CONFIG_HOME dir?

storage/pkg/configfile/parse.go
//
// The search covers, where configured (listed here from lowest to highest precedence.
// It can be extended with additional absolute directories via extraDirs (lowest precedence).
func ContainersResourceDirs(conf *Directory) ([]string, error) {
Copy link
Copy Markdown
Member

@Luap99 Luap99 Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

API wise I am not to sure we just want to return the list here?

certs.d just needs the first match starting with home, etc, /usr... so would it not be more logical to pass in the name we search as argument and the return a signle full path and exit early?

storage/pkg/configfile/parse.go
func ContainersResourceDirs(conf *Directory) ([]string, error) {
candidates := make([]string, 0, 7+len(conf.ExtraDirs))

userConfig, _ := userConfigPathForResourceDirs()
Copy link
Copy Markdown
Member

@Luap99 Luap99 Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

error should not be silently ignored

image/docker/docker_client.go
path string
absolute bool
var perHostCertDirs = []string{
etcDir + "/docker/certs.d",
Copy link
Copy Markdown
Member

@Luap99 Luap99 Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mtrmac Do we still want this path? API wise it seems rather ugly to define that search order with that additional path.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Luap99 Luap99 Luap99 left review comments

Assignees

No one assigned

Labels

image Related to "image" package storage Related to "storage" package

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jankaluza @Luap99