Bug 1400372
Summary: | System CA pool excluded when registry CA is used from /etc/docker | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Takayoshi Kimura <tkimura> |
Component: | docker | Assignee: | Antonio Murdaca <amurdaca> |
Status: | CLOSED ERRATA | QA Contact: | atomic-bugs <atomic-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | amurdaca, bbreard, dwalsh, jeder, lsm5, lsu |
Target Milestone: | rc | Keywords: | Extras |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: System CA pool excluded when registry CA is used from /etc/docker/certs.d/
Consequence: images pulling fails with "Failed to push image: x509: certificate signed by unknown authority".
Fix: make docker read system CA pool using a new feature in go1.7 plus a fix in the docker daemon.
Result: image pulling works again reading system CA pool when needed
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-01-17 20:44:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Takayoshi Kimura
2016-12-01 02:28:18 UTC
We could backport https://github.com/docker/docker/pull/27918 to at least 1.12.3 - Dan, should I also try and backport that PR to 1.10.3? We should be able to build using golang-1.7 for RHEL7.3.2. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2017-0116.html |