Skip to content

registry: deprecate SetCertsDir, HostCertsDir#49612

Merged
thaJeztah merged 4 commits intomoby:masterfrom
thaJeztah:registry_deprecate_SetCertsDir
Mar 10, 2025
Merged

registry: deprecate SetCertsDir, HostCertsDir#49612
thaJeztah merged 4 commits intomoby:masterfrom
thaJeztah:registry_deprecate_SetCertsDir

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Mar 9, 2025
edited by vvoland
Loading

registry: deprecate SetCertsDir

This function had to be called both in the daemon startup, as well as
the CLI startup. Which, in case of the cli, meant that the registry
package became a required dependency for all CLI-plugins.

Make the package itself aware of situations where it's running with
rootlessKit enabled. Altogether we should get rid of this package-level
variable, and instead store this in our configuration, and pass through
where it's used.

registry: always set a non-empty CertDir

homedir.GetConfigHome only returns an error if the value is empty,
so we can check for a non-empty value instead of an error, which also
means that this value would never be empty.

registry: remove uses of exported HostCertsDir

This function was only used internally, but it still has at least one
external consumer.

registry: ReadCertsDirectory: don't process same file multiple times

This function needs more cleaning up, because hitting either a ".cert" or
a ".key" file means that we're doing an extra loop over all files to see
if the corresponding file is also present, but let's start with only
processing each file once by using a switch;

moby/registry/registry.go

Line 81 in b4bdf12

if !hasFile(fs, keyName) {

moby/registry/registry.go

Line 94 in b4bdf12

if !hasFile(fs, certName) {

moby/registry/registry.go

Lines 43 to 50 in b4bdf12

func hasFile(files []os.DirEntry, name string) bool {
for _, f := range files {
if f.Name() == name {
return true
}
}
return false
}

- Human readable description for the release notes

Go SDK: `registry`: deprecate `SetCertsDir`: the cert-directory is now automatically selected when running with RootlessKit, and should no longer be set manually.
Go SDK: `registry`: deprecate `HostCertsDir`: this function was only used internally and will be removed in the next release.

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah thaJeztah added area/distribution Image Distribution status/2-code-review impact/deprecation kind/refactor PR's that refactor, or clean-up code labels Mar 9, 2025
@thaJeztah thaJeztah added this to the 28.0.2 milestone Mar 9, 2025
@thaJeztah thaJeztah changed the title registry: deprecate SetCertsDir, and internalise HostCertsDir registry: deprecate SetCertsDir, and internalize HostCertsDir Mar 9, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 9, 2025
View reviewed changes
@thaJeztah thaJeztah force-pushed the registry_deprecate_SetCertsDir branch from ed3c952 to 5483826 Compare March 9, 2025 19:28
@thaJeztah
registry: deprecate SetCertsDir
b633c4c 
This function had to be called both in the daemon startup, as well as
the CLI startup. Which, in case of the cli, meant that the registry
package became a required dependency for all CLI-plugins.

Make the package itself aware of situations where it's running with
rootlessKit enabled. Altogether we should get rid of this package-level
variable, and instead store this in our configuration, and pass through
where it's used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
registry: always set a non-empty CertDir
3cc9881 
[homedir.GetConfigHome] only returns an error if the value is empty,
so we can check for a non-empty value instead of an error, which also
means that this value would never be empty.

[homedir.GetConfigHome]: https://github.com/moby/moby/blob/b4bdf12daec84caaf809a639f923f7370d4926ad/pkg/homedir/homedir_linux.go#L86-L95

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
registry: deprecate HostCertsDir
dd7ab0e 
This function was only used internally, but it still has at least one
external consumer, so adding a "deprecated" comment.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
registry: ReadCertsDirectory: don't process same file multiple times
0f11ee1 
This function needs more cleaning up, because hitting either a ".cert" or
a ".key" file means that we're doing an extra loop over all files to see
if the corresponding file is also present, but let's start with only
processing each file once by using a switch;

https://github.com/moby/moby/blob/b4bdf12daec84caaf809a639f923f7370d4926ad/registry/registry.go#L81
https://github.com/moby/moby/blob/b4bdf12daec84caaf809a639f923f7370d4926ad/registry/registry.go#L94
https://github.com/moby/moby/blob/b4bdf12daec84caaf809a639f923f7370d4926ad/registry/registry.go#L43-L50

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah force-pushed the registry_deprecate_SetCertsDir branch from 5483826 to 0f11ee1 Compare March 10, 2025 18:13
@thaJeztah thaJeztah changed the title registry: deprecate SetCertsDir, and internalize HostCertsDir registry: deprecate SetCertsDir, HostCertsDir Mar 10, 2025
@thaJeztah thaJeztah merged commit 5f0d673 into moby:master Mar 10, 2025
155 checks passed
@thaJeztah thaJeztah deleted the registry_deprecate_SetCertsDir branch March 10, 2025 19:56
@robmry robmry mentioned this pull request May 28, 2025
Closed
@thaJeztah thaJeztah mentioned this pull request Jul 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcgowan dmcgowan dmcgowan approved these changes

Assignees

No one assigned

Labels

area/distribution Image Distribution impact/deprecation kind/refactor PR's that refactor, or clean-up code status/2-code-review

Projects

None yet

Milestone

28.0.2

Development

Successfully merging this pull request may close these issues.

3 participants

@thaJeztah @dmcgowan @vvoland