Open source? about for-win HOT 9 CLOSED

I have the same problem with TLS verification and root certs. I would like to know how to disable the TLS verification. The text below shows the output when creating a container using a hello-world image.

docker run hello-world
Unable to find image 'hello-world:latest' locally
Pulling repository docker.io/library/hello-world
C:\Program Files\Docker\Docker\Resources\bin\docker.exe: Error while pulling image: Get https://index.docker.io/v1/repositories/library/hello-world/images: x509: certificate signed by unknown authority.
See 'C:\Program Files\Docker\Docker\Resources\bin\docker.exe run --help'.

from for-win.

@DeltaWhy thanks for opening this issue!

We decide what components to open source as the components mature and make sense as stand-alone projects. This blog post has more details on that thinking: https://blog.docker.com/2016/05/docker-unikernels-open-source/

Instead of having you build your own boot2docker, we'd much rather make Docker for Windows work for you. Can you provide more details on why the current proxy functionality is not working for you, either in this issue or in a separete one?

from for-win.

The proxy support is a huge improvement over Toolbox, and I can actually use it with the insecure-registries option, but I dislike the idea of completely disabling TLS verification rather than adding the root certs.

I actually took it a step farther though and modified dockerd so that it sets the proxy environment variables and adds the CA certs for every container that it creates. This lets me use the official images (and other images) from Docker Hub, or build other people's Dockerfiles rather than having to build a local version of every single image and keep up with security updates myself. It also helps with CI and other tools where Docker is used from code and there's not an obvious way to add the settings manually. I'd really like to be able to build a MobyLinux with these engine patches.

I assume those patches wouldn't be suitable for upstream but if I'm wrong about that I could open an issue on Engine.

from for-win.

We have a roadmap item to let end-users add certs to the certstore in Moby - would that cover your needs?

from for-win.

Well, I guess. Is there some workaround in the meanwhile?

from for-win.

@mcesar you could add an insecure registry setting as per #36

from for-win.

@rneugeba I added both index.docker.io and index.docker.io:5000 to insecure registry setting, but the problem remains the same.

from for-win.

@mcesar @DeltaWhy FYI, I'm going to close this issue because open sourcing the whole project is not something we plan to do in the short/medium term. Also the root issue you are describing is a duplicate of #48 which FYI should be fixed in next Beta (beta26)

from for-win.

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked

from for-win.