Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker-manifest cannot access /etc/docker/certs.d when using custom registries #41386

Open
oliv3r opened this issue Aug 25, 2020 · 0 comments
Open

docker-manifest cannot access /etc/docker/certs.d when using custom registries #41386

oliv3r opened this issue Aug 25, 2020 · 0 comments
Projects
20.10 planning

Comments

@oliv3r
Copy link

oliv3r commented Aug 25, 2020

Description

When running docker manifest with a custom registry, docker will try to find a certificate for the registry using "/etc/docker/certs.d" If the file, or directory does not exist, that is not a problem. Even not having "/etc/docker" is not a problem. If however, /etc/docker does exits,t but is not accessible by the user (e.g. 0700), docker manifest exists with an error:

open /etc/docker/certs.d/custom.registry.example.com: permission denied

As the directory is not created by the packager (downstream) but by docker itself during first startup, this appears to be a docker engine problem, where we should at least use 0711 on /etc/docker.

Steps to reproduce the issue:

  1. DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect --verbose registry.gitlab.com/neroburner/manifest-test/amd64/ubuntu:bionic
    (not my repo)

Describe the results you received:

open /etc/docker/certs.d/custom.registry.example.com: permission denied

Describe the results you expected:

{
        "Ref": "registry.gitlab.com/neroburner/manifest-test/amd64/ubuntu:bionic",
..
}

Additional information you deem important (e.g. issue happens only occasionally):
Checked on 3 distro's, all the same result (using docker from download.docker.org or distro package)

Output of docker version:

Docker version 19.03.5, build 633a0ea
Docker version 19.03.12, build 48a66213fe

Output of docker info:

Client:
 Debug Mode: false

Server:
 Containers: 60
  Running: 1
  Paused: 0
  Stopped: 59
 Images: 595
 Server Version: 19.03.12
 Storage Driver: btrfs
  Build Version: Btrfs v4.20.1 
  Library Version: 102
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.6.0-2-amd64
 Operating System: Debian GNU/Linux bullseye/sid
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.55GiB
 Name: <snip>
 ID: CTI3:UWR2:BXE2:HI3M:5RDN:GNVD:MRS2:GH3A:VRY2:CBL2:ICNN:OXRH
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: <nope>
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No swap limit support

Additional environment details (AWS, VirtualBox, physical, etc.):
physical
@tianon tianon added this to To do in 20.10 planning via automation Sep 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
No open projects
20.10 planning
  
To do
Milestone
No milestone
Development

No branches or pull requests
1 participant
@oliv3r