Merge pull request #40461 from AkihiroSuda/cherrypick-40243-1903
[19.03 backport] Use certs.d from XDG_CONFIG_HOME when in rootless mode (fixes #40236)
diff --git a/registry/registry.go b/registry/registry.go
index 6727b7d..3d1e1aa 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -17,6 +17,9 @@
"github.com/docker/go-connections/sockets"
"github.com/docker/go-connections/tlsconfig"
"github.com/sirupsen/logrus"
+
+ "github.com/docker/docker/pkg/homedir"
+ "github.com/docker/docker/rootless"
)
var (
@@ -32,7 +35,19 @@
tlsConfig.InsecureSkipVerify = !isSecure
if isSecure && CertsDir != "" {
- hostDir := filepath.Join(CertsDir, cleanPath(hostname))
+ certsDir := CertsDir
+
+ if rootless.RunningWithRootlessKit() {
+ configHome, err := homedir.GetConfigHome()
+ if err != nil {
+ return nil, err
+ }
+
+ certsDir = filepath.Join(configHome, "docker/certs.d")
+ }
+
+ hostDir := filepath.Join(certsDir, cleanPath(hostname))
+
logrus.Debugf("hostDir: %s", hostDir)
if err := ReadCertsDirectory(tlsConfig, hostDir); err != nil {
return nil, err
