diff --git a/Dockerfile b/Dockerfile index 3d8faf5..7d86934 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,6 +16,8 @@ ARG PLUGIN=no ARG PYTHON3=no ARG EXTRA_BINDEP="" ARG EXTRA_PYDEP="" +ARG REGISTRY_PROTOCOL="detect" +ARG REGISTRY_INSECURE="False" ARG UID=42424 ARG GID=42424 diff --git a/README.md b/README.md index dac9810..be7dac1 100644 --- a/README.md +++ b/README.md @@ -100,6 +100,12 @@ For more advanced building you can use docker build arguments to define: be considered next to the default bindep.txt. * `EXTRA_PYDEP` Specify a pydep-* file to add in the container. It would be considered next to the default pydep.txt. + * `REGISTRY_PROTOCOL` Set this to `https` if you are running your own + registry on https, `http` if you are running on http, or leave it as + `detect` if you want to re-use existing protocol detection. + * `REGISTRY_INSECURE` Set this to `True` if your image registry is + running on HTTPS with self-signed certificates to ignore SSL verification. + (defaults to False) This makes it really easy to integrate LOCI images into your development or CI/CD workflow, for example, if you wanted to build an image from [this diff --git a/scripts/fetch_wheels.py b/scripts/fetch_wheels.py index dadc645..1fe9af6 100755 --- a/scripts/fetch_wheels.py +++ b/scripts/fetch_wheels.py @@ -3,6 +3,8 @@ import json import os import re +import ssl +from distutils.util import strtobool try: import urllib2 @@ -24,7 +26,10 @@ def get_token(protocol, registry, repo): print(url) try: r = urllib2.Request(url=url) - resp = urllib2.urlopen(r) + if strtobool(os.environ.get('REGISTRY_INSECURE', "False")): + resp = urllib2.urlopen(r, context=ssl._create_unverified_context()) + else: + resp = urllib2.urlopen(r) resp_text = resp.read().decode('utf-8').strip() return json.loads(resp_text)['token'] except urllib2.HTTPError as err: @@ -37,7 +42,10 @@ def get_sha(repo, tag, registry, protocol, token): r = urllib2.Request(url=url) if token: r.add_header('Authorization', 'Bearer {}'.format(token)) - resp = urllib2.urlopen(r) + if strtobool(os.environ.get('REGISTRY_INSECURE', "False")): + resp = urllib2.urlopen(r, context=ssl._create_unverified_context()) + else: + resp = urllib2.urlopen(r) resp_text = resp.read().decode('utf-8').strip() return json.loads(resp_text)['fsLayers'][0]['blobSum'] @@ -49,7 +57,10 @@ def get_blob(repo, tag, protocol, registry=DOCKER_REGISTRY, token=None): r = urllib2.Request(url=url) if token: r.add_header('Authorization', 'Bearer {}'.format(token)) - resp = urllib2.urlopen(r) + if strtobool(os.environ.get('REGISTRY_INSECURE', "False")): + resp = urllib2.urlopen(r, context=ssl._create_unverified_context()) + else: + resp = urllib2.urlopen(r) return resp.read() def protocol_detection(registry, protocol='http'): @@ -73,7 +84,10 @@ def protocol_detection(registry, protocol='http'): def get_wheels(url): r = urllib2.Request(url=url) - resp = urllib2.urlopen(r) + if strtobool(os.environ.get('REGISTRY_INSECURE', "False")): + resp = urllib2.urlopen(r, context=ssl._create_unverified_context()) + else: + resp = urllib2.urlopen(r) return resp.read() def parse_image(full_image): @@ -106,7 +120,12 @@ def main(): data = get_wheels(wheels) else: registry, image, tag = parse_image(wheels) - protocol = protocol_detection(registry) + if os.environ.get('REGISTRY_PROTOCOL') in ['http','https']: + protocol = os.environ.get('REGISTRY_PROTOCOL') + elif os.environ.get('REGISTRY_PROTOCOL') == 'detect': + protocol = protocol_detection(registry) + else: + raise ValueError("Unknown protocol given in argument") kwargs = dict() if registry: kwargs.update({'registry': registry})