Do not enable connection pooling for rekorClient

We typically only use it for a single operation, so we would leak connections + goroutines. Matches Rekor 1.1.0. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-06-27 15:33:33 +02:00 · 2025-06-27 15:33:33 +02:00 · 0fc7028e76
parent 84bfe041db
commit 0fc7028e76
2 changed files with 3 additions and 1 deletions
--- a/go.mod
+++ b/go.mod
@ -18,6 +18,7 @@ require (
 	github.com/docker/docker v28.3.0+incompatible
 	github.com/docker/docker-credential-helpers v0.9.3
 	github.com/docker/go-connections v0.5.0
+	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-retryablehttp v0.7.8
 	github.com/klauspost/compress v1.18.0
 	github.com/klauspost/pgzip v1.2.6
@ -74,7 +75,6 @@ require (
 	github.com/google/go-intervals v0.0.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
--- a/signature/sigstore/rekor/rekor.go
+++ b/signature/sigstore/rekor/rekor.go
@ -14,6 +14,7 @@ import (

 	"github.com/containers/image/v5/signature/internal"
 	signerInternal "github.com/containers/image/v5/signature/sigstore/internal"
+	"github.com/hashicorp/go-cleanhttp"
 	"github.com/hashicorp/go-retryablehttp"
 	"github.com/sirupsen/logrus"
 )
@ -44,6 +45,7 @@ type rekorClient struct {
 // newRekorClient creates a rekorClient for rekorURL.
 func newRekorClient(rekorURL *url.URL) *rekorClient {
 	retryableClient := retryablehttp.NewClient()
+	retryableClient.HTTPClient = cleanhttp.DefaultClient()
 	retryableClient.RetryMax = defaultRetryCount
 	retryableClient.Logger = leveledLoggerForLogrus(logrus.StandardLogger())
 	basePath := rekorURL.Path