github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-21 10:09:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3878 from giggsoff/manifest-issues

Browse Source 
Do not pass credentials into PushManifest
This commit is contained in:
Avi Deitcher 2022-11-17 15:56:02 +02:00 committed by GitHub
commit dee4c37648
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 9 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/cmd/linuxkit/cache/push.go vendored
View File

@ -118,13 +118,8 @@ func (p *Provider) Push(name string, withManifest bool) error {
} }
// Even though we may have pushed the index, we want to be sure that we have an index that includes every architecture on the registry, // Even though we may have pushed the index, we want to be sure that we have an index that includes every architecture on the registry,
// not just those that were in our local cache. So we use manifest-tool library to build a broad index // not just those that were in our local cache. So we use manifest-tool library to build a broad index
auth, err := registry.GetDockerAuth()
if err != nil {
return fmt.Errorf("failed to get auth: %v", err)
}
fmt.Printf("Pushing index based on all arch-specific images in registry %s\n", name) fmt.Printf("Pushing index based on all arch-specific images in registry %s\n", name)
_, _, err = registry.PushManifest(name, auth) _, _, err = registry.PushManifest(name)
if err != nil { if err != nil {
return err return err
} }

7
src/cmd/linuxkit/pkglib/docker.go
View File

@ -382,14 +382,9 @@ func (dr *dockerRunnerImpl) pushWithManifest(img, suffix string, pushImage, push
fmt.Print("Image push disabled, skipping...\n") fmt.Print("Image push disabled, skipping...\n")
} }
auth, err := registry.GetDockerAuth()
if err != nil {
return fmt.Errorf("failed to get auth: %v", err)
}
if pushManifest { if pushManifest {
fmt.Printf("Pushing %s to manifest %s\n", img+suffix, img) fmt.Printf("Pushing %s to manifest %s\n", img+suffix, img)
_, _, err = registry.PushManifest(img, auth) _, _, err = registry.PushManifest(img)
if err != nil { if err != nil {
return err return err
} }

8
src/cmd/linuxkit/pkglib/index.go
View File

@ -19,14 +19,10 @@ func (p Pkg) Index(bos ...BuildOpt) error {
// Even though we may have pushed the index, we want to be sure that we have an index that includes every architecture on the registry, // Even though we may have pushed the index, we want to be sure that we have an index that includes every architecture on the registry,
// not just those that were in our local cache. So we use manifest-tool library to build a broad index // not just those that were in our local cache. So we use manifest-tool library to build a broad index
auth, err := registry.GetDockerAuth()
if err != nil {
return fmt.Errorf("failed to get auth: %v", err)
}
// push based on tag // push based on tag
fmt.Printf("Pushing index based on all arch-specific images in registry %s\n", name) fmt.Printf("Pushing index based on all arch-specific images in registry %s\n", name)
_, _, err = registry.PushManifest(name, auth) _, _, err := registry.PushManifest(name)
if err != nil { if err != nil {
return err return err
} }
@ -40,7 +36,7 @@ func (p Pkg) Index(bos ...BuildOpt) error {
fullRelTag := util.ReferenceExpand(relTag) fullRelTag := util.ReferenceExpand(relTag)
fmt.Printf("Pushing index based on all arch-specific images in registry %s\n", fullRelTag) fmt.Printf("Pushing index based on all arch-specific images in registry %s\n", fullRelTag)
_, _, err = registry.PushManifest(fullRelTag, auth) _, _, err = registry.PushManifest(fullRelTag)
if err != nil { if err != nil {
return err return err
} }

19
src/cmd/linuxkit/registry/auth.go
View File

@ -1,19 +0,0 @@
package registry
import (
"os"
"github.com/docker/cli/cli/config"
dockertypes "github.com/docker/docker/api/types"
)
const (
registryServer = "https://index.docker.io/v1/"
)
// GetDockerAuth get an AuthConfig for the default registry server.
func GetDockerAuth() (dockertypes.AuthConfig, error) {
cfgFile := config.LoadDefaultConfigFile(os.Stderr)
authconfig, err := cfgFile.GetAuthConfig(registryServer)
return dockertypes.AuthConfig(authconfig), err
}

9
src/cmd/linuxkit/registry/manifest.go
View File

@ -4,7 +4,6 @@ import (
"fmt" "fmt"
"strings" "strings"
dockertypes "github.com/docker/docker/api/types"
"github.com/estesp/manifest-tool/v2/pkg/registry" "github.com/estesp/manifest-tool/v2/pkg/registry"
"github.com/estesp/manifest-tool/v2/pkg/types" "github.com/estesp/manifest-tool/v2/pkg/types"
ocispec "github.com/opencontainers/image-spec/specs-go/v1" ocispec "github.com/opencontainers/image-spec/specs-go/v1"
@ -24,7 +23,7 @@ var platformsToSearchForIndex = []string{
} }
// PushManifest create a manifest that supports each of the provided platforms and push it out. // PushManifest create a manifest that supports each of the provided platforms and push it out.
func PushManifest(img string, auth dockertypes.AuthConfig) (hash string, length int, err error) { func PushManifest(img string) (hash string, length int, err error) {
var srcImages []types.ManifestEntry var srcImages []types.ManifestEntry
for i, platform := range platformsToSearchForIndex { for i, platform := range platformsToSearchForIndex {
@ -54,6 +53,8 @@ func PushManifest(img string, auth dockertypes.AuthConfig) (hash string, length
log.Debugf("pushing manifest list for %s -> %#v", img, yamlInput) log.Debugf("pushing manifest list for %s -> %#v", img, yamlInput)
// push the manifest list with the auth as given, ignore missing, do not allow insecure // push the manifest list, ignore missing, do not allow insecure
return registry.PushManifestList(auth.Username, auth.Password, yamlInput, true, false, false, types.OCI, "") // we do not provide auth credentials to force resolve them internally
// according to the hostname of image to push
return registry.PushManifestList("", "", yamlInput, true, false, false, types.OCI, "")
} }