github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-19 09:16:29 +00:00
Code Issues Projects Releases Wiki Activity

scripts: support credentials helpers on Linux

Browse Source 
On Linux a key in `~/.docker/config.json` indicates if a credentials helper is
in use (and which), if one is then the method is identical to the Darwin case
so refactor to support that.

Signed-off-by: Ian Campbell <ijc@docker.com>
This commit is contained in:
Ian Campbell 2018-10-29 11:20:33 +00:00
parent eac17cc85f
commit e78b25062c
3 changed files with 55 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
scripts/push-manifest.sh
View File

@ -26,26 +26,34 @@ case $(uname -s) in
Darwin) Darwin)
# Prior to 2018-03-27 D4M used a .bin suffix on the keychain utility binary name. Support the old name for a while # Prior to 2018-03-27 D4M used a .bin suffix on the keychain utility binary name. Support the old name for a while
if [ -f /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin ]; then if [ -f /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin ]; then
CRED=$(echo "https://index.docker.io/v1/" | /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin get) CREDHELPER="/Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin"
else else
CRED=$(echo "https://index.docker.io/v1/" | /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain get) CREDHELPER="/Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain"
fi fi
USER=$(echo "$CRED" | jq -r '.Username')
PASS=$(echo "$CRED" | jq -r '.Secret')
MT_ARGS="--username $USER --password $PASS"
;; ;;
Linux) Linux)
CRED=$(cat ~/.docker/config.json | jq -r '.auths."https://index.docker.io/v1/".auth' | base64 -d -) CREDSTORE=$(cat ~/.docker/config.json | jq -r '.credsStore // empty')
USER=$(echo $CRED | cut -d ':' -f 1) if [ -n "$CREDSTORE" ] ; then
PASS=$(echo $CRED | cut -d ':' -f 2-) CREDHELPER="docker-credential-$CREDSTORE"
# manifest-tool can use docker credentials directly else
MT_ARGS= CRED=$(cat ~/.docker/config.json | jq -r '.auths."https://index.docker.io/v1/".auth' | base64 -d -)
USER=$(echo $CRED | cut -d ':' -f 1)
PASS=$(echo $CRED | cut -d ':' -f 2-)
# manifest-tool can use docker credentials directly
MT_ARGS=
fi
;; ;;
*) *)
echo "Unsupported platform" echo "Unsupported platform"
exit 1 exit 1
;; ;;
esac esac
if [ -n "$CREDHELPER" ] ; then
CRED=$(echo "https://index.docker.io/v1/" | "$CREDHELPER" get)
USER=$(echo "$CRED" | jq -r '.Username')
PASS=$(echo "$CRED" | jq -r '.Secret')
MT_ARGS="--username $USER --password $PASS"
fi
# Push manifest list # Push manifest list
OUT=$(manifest-tool $MT_ARGS push from-args \ OUT=$(manifest-tool $MT_ARGS push from-args \

28
src/cmd/linuxkit/pkglib/manifest_push_script.go
View File

@ -29,26 +29,34 @@ case $(uname -s) in
Darwin) Darwin)
# Prior to 2018-03-27 D4M used a .bin suffix on the keychain utility binary name. Support the old name for a while # Prior to 2018-03-27 D4M used a .bin suffix on the keychain utility binary name. Support the old name for a while
if [ -f /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin ]; then if [ -f /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin ]; then
CRED=$(echo "https://index.docker.io/v1/" | /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin get) CREDHELPER="/Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin"
else else
CRED=$(echo "https://index.docker.io/v1/" | /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain get) CREDHELPER="/Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain"
fi fi
USER=$(echo "$CRED" | jq -r '.Username')
PASS=$(echo "$CRED" | jq -r '.Secret')
MT_ARGS="--username $USER --password $PASS"
;; ;;
Linux) Linux)
CRED=$(cat ~/.docker/config.json | jq -r '.auths."https://index.docker.io/v1/".auth' | base64 -d -) CREDSTORE=$(cat ~/.docker/config.json | jq -r '.credsStore // empty')
USER=$(echo $CRED | cut -d ':' -f 1) if [ -n "$CREDSTORE" ] ; then
PASS=$(echo $CRED | cut -d ':' -f 2-) CREDHELPER="docker-credential-$CREDSTORE"
# manifest-tool can use docker credentials directly else
MT_ARGS= CRED=$(cat ~/.docker/config.json | jq -r '.auths."https://index.docker.io/v1/".auth' | base64 -d -)
USER=$(echo $CRED | cut -d ':' -f 1)
PASS=$(echo $CRED | cut -d ':' -f 2-)
# manifest-tool can use docker credentials directly
MT_ARGS=
fi
;; ;;
*) *)
echo "Unsupported platform" echo "Unsupported platform"
exit 1 exit 1
;; ;;
esac esac
if [ -n "$CREDHELPER" ] ; then
CRED=$(echo "https://index.docker.io/v1/" | "$CREDHELPER" get)
USER=$(echo "$CRED" | jq -r '.Username')
PASS=$(echo "$CRED" | jq -r '.Secret')
MT_ARGS="--username $USER --password $PASS"
fi
# Push manifest list # Push manifest list
OUT=$(manifest-tool $MT_ARGS push from-args \ OUT=$(manifest-tool $MT_ARGS push from-args \

28
tools/alpine/push-manifest.sh
View File

@ -48,26 +48,34 @@ case $(uname -s) in
Darwin) Darwin)
# Prior to 2018-03-27 D4M used a .bin suffix on the keychain utility binary name. Support the old name for a while # Prior to 2018-03-27 D4M used a .bin suffix on the keychain utility binary name. Support the old name for a while
if [ -f /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin ]; then if [ -f /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin ]; then
CRED=$(echo "https://index.docker.io/v1/" | /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin get) CREDHELPER="/Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain.bin"
else else
CRED=$(echo "https://index.docker.io/v1/" | /Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain get) CREDHELPER="/Applications/Docker.app/Contents/Resources/bin/docker-credential-osxkeychain"
fi fi
USER=$(echo "$CRED" | jq -r '.Username')
PASS=$(echo "$CRED" | jq -r '.Secret')
MT_ARGS="--username $USER --password $PASS"
;; ;;
Linux) Linux)
CRED=$(cat ~/.docker/config.json | jq -r '.auths."https://index.docker.io/v1/".auth' | base64 -d -) CREDSTORE=$(cat ~/.docker/config.json | jq -r '.credsStore // empty')
USER=$(echo $CRED | cut -d ':' -f 1) if [ -n "$CREDSTORE" ] ; then
PASS=$(echo $CRED | cut -d ':' -f 2-) CREDHELPER="docker-credential-$CREDSTORE"
# manifest-tool can use docker credentials directly else
MT_ARGS= CRED=$(cat ~/.docker/config.json | jq -r '.auths."https://index.docker.io/v1/".auth' | base64 -d -)
USER=$(echo $CRED | cut -d ':' -f 1)
PASS=$(echo $CRED | cut -d ':' -f 2-)
# manifest-tool can use docker credentials directly
MT_ARGS=
fi
;; ;;
*) *)
echo "Unsupported platform" echo "Unsupported platform"
exit 1 exit 1
;; ;;
esac esac
if [ -n "$CREDHELPER" ] ; then
CRED=$(echo "https://index.docker.io/v1/" | "$CREDHELPER" get)
USER=$(echo "$CRED" | jq -r '.Username')
PASS=$(echo "$CRED" | jq -r '.Secret')
MT_ARGS="--username $USER --password $PASS"
fi
# Push manifest list # Push manifest list
OUT=$(manifest-tool $MT_ARGS push from-spec --ignore-missing "$YAML") OUT=$(manifest-tool $MT_ARGS push from-spec --ignore-missing "$YAML")