Package: docker-registry / 2.8.3+ds1-2

0004-replace-rsc.io-letsencrypt-in-favour-of-golang.org-x.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
From: Tariq Ibrahim <tariq181290@gmail.com>
Date: Tue, 8 Feb 2022 00:48:18 +0800
Subject: replace rsc.io/letsencrypt in favour of golang.org/x/crypto

Origin: backport, https://github.com/distribution/distribution/pull/2926
---
 registry/registry.go | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/registry/registry.go b/registry/registry.go
index 9486d8b..b958b1a 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -13,7 +13,8 @@ import (
 	"syscall"
 	"time"
 
-	"rsc.io/letsencrypt"
+	"golang.org/x/crypto/acme"
+	"golang.org/x/crypto/acme/autocert"
 
 	logrus_bugsnag "github.com/Shopify/logrus-bugsnag"
 
@@ -79,6 +80,7 @@ var defaultCipherSuites = []uint16{
 
 // maps tls version strings to constants
 var defaultTLSVersionStr = "tls1.2"
+
 var tlsVersions = map[string]uint16{
 	// user specified values
 	"tls1.0": tls.VersionTLS10,
@@ -96,7 +98,6 @@ var ServeCmd = &cobra.Command{
 	Short: "`serve` stores and distributes Docker images",
 	Long:  "`serve` stores and distributes Docker images.",
 	Run: func(cmd *cobra.Command, args []string) {
-
 		// setup context
 		ctx := dcontext.WithVersion(dcontext.Background(), version.Version)
 
@@ -246,19 +247,14 @@ func (registry *Registry) ListenAndServe() error {
 			if config.HTTP.TLS.Certificate != "" {
 				return fmt.Errorf("cannot specify both certificate and Let's Encrypt")
 			}
-			var m letsencrypt.Manager
-			if err := m.CacheFile(config.HTTP.TLS.LetsEncrypt.CacheFile); err != nil {
-				return err
-			}
-			if !m.Registered() {
-				if err := m.Register(config.HTTP.TLS.LetsEncrypt.Email, nil); err != nil {
-					return err
-				}
-			}
-			if len(config.HTTP.TLS.LetsEncrypt.Hosts) > 0 {
-				m.SetHosts(config.HTTP.TLS.LetsEncrypt.Hosts)
+			m := &autocert.Manager{
+				HostPolicy: autocert.HostWhitelist(config.HTTP.TLS.LetsEncrypt.Hosts...),
+				Cache:      autocert.DirCache(config.HTTP.TLS.LetsEncrypt.CacheFile),
+				Email:      config.HTTP.TLS.LetsEncrypt.Email,
+				Prompt:     autocert.AcceptTOS,
 			}
 			tlsConf.GetCertificate = m.GetCertificate
+			tlsConf.NextProtos = append(tlsConf.NextProtos, acme.ALPNProto)
 		} else {
 			tlsConf.Certificates = make([]tls.Certificate, 1)
 			tlsConf.Certificates[0], err = tls.LoadX509KeyPair(config.HTTP.TLS.Certificate, config.HTTP.TLS.Key)