Comments (3)
@mtrmac WDYT?
I think the proxy misbehaves.
from image.
@mtrmac WDYT?
I think the proxy misbehaves.
I don't think the proxy necessarily misbehaves here. From its perspective, it never receives any HTTP traffic. Since it only implements HTTP, I don't think it's under any obligation to immediately terminate the connection upon receiving (what it sees as) malformed HTTP traffic.
I imagine we could see similar behavior by firewalls that will silently ignore non-HTTP traffic. Therefore, I think there is still a value in having a flag that forces HTTP.
I am far from a Go expert, but I've written a bit and would be willing to assist with this implementation if someone can point me in the right direction.
from image.
As you noted, the option works as designed. I could see an argument that that design is unfortunate, but it’s no longer practical to change the semantics of the option.
Adding a new option to registries.conf
to never try HTTPS would be possible; every new option adds complexity for all other users, but, shrug on balance I guess I wouldn’t mind that being added. I think the blocked
flag in registries.conf
is a reasonably close template to follow, showing which subpackages need modifying, and how the option handling works.
OTOH, I also agree that fixing the proxy to recognize TLS frames when HTTP verbs are expected (like Go, in the quoted example, recognizes HTTP responses when TLS responses are expected) would probably be more generally useful than enhancing c/image — there are far fewer HTTP proxy implementations than HTTP servers and clients, so fixing the proxy would fix more of the universe.
So if you are looking for a place to contribute an improvement for this end-to-end situation, I think the proxy is a place with more impact.
from image.
Related Issues (20)
- Blob reuse decisions do not take into account manifest support HOT 1
- Support for structured logging (using `log/slog`) HOT 5
- proposal: Support append images into docker archive HOT 1
- Make a new release HOT 2
- Docker client code can no longer talk to the latest verson of the docker daemon 25.0.0 HOT 5
- Allow empty OCI configs for artifacts HOT 9
- policy.json overwrite not honouring $XDG_CONFIG_HOME HOT 3
- Podman cannot pull image from local registry HOT 4
- copy.Options.EnsureCompressionVariantsExist doesn’t detect existing variants with zstd:chunked
- support multiple sigstore keys HOT 6
- How can I copy from a tar file stream HOT 7
- "slices" module only in go 1.21 HOT 1
- platform.WantedPlatforms is noisy on macOS HOT 7
- Cannot pull sigstore signed image with podman HOT 4
- Error inspecting local manifest-lists HOT 6
- Incorrect syntax highlighting in containers-transports.5
- Why do we get the whole image when inspect with docker daemon? HOT 2
- Support sigstore BYO PKI verification HOT 1
- Support more arbitrary credential helper executable names? HOT 4
- OCI image index loose the artifactType property on copy HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from image.