bump c/image

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca 2017-01-08 13:10:07 +01:00
parent b8ae5c6054
commit 1ec992abd1
No known key found for this signature in database
GPG Key ID: B2BEAD150DE936B9
5 changed files with 29 additions and 12 deletions

View File

@ -264,8 +264,25 @@ func (c *dockerClient) setupRequestAuth(req *http.Request) error {
return err
}
chs := parseAuthHeader(res.Header)
// We could end up in this "if" statement if the /v2/ call (during ping)
// returned 401 with a valid WWW-Authenticate=Bearer header.
// That doesn't **always** mean, however, that the specific API request
// (different from /v2/) actually needs to be authorized.
// One example of this _weird_ scenario happens with GCR.io docker
// registries.
if res.StatusCode != http.StatusUnauthorized || chs == nil || len(chs) == 0 {
// try again one last time with Basic Auth (gcr.io for instance)
// With gcr.io, the /v2/ call returns a 401 with a valid WWW-Authenticate=Bearer
// header but the repository could be _public_ (no authorization is needed).
// Hence, the registry response contains no challenges and the status
// code is not 401.
// We just skip this case as it's not standard on docker/distribution
// registries (https://github.com/docker/distribution/blob/master/docs/spec/api.md#api-version-check)
if res.StatusCode != http.StatusUnauthorized {
return nil
}
// gcr.io private repositories pull instead requires us to send user:pass pair in
// order to retrieve a token and setup the correct Bearer token.
// try again one last time with Basic Auth
testReq2 := *req
// Do not use the body stream, or we couldn't reuse it for the "real" call later.
testReq2.Body = nil

View File

@ -37,11 +37,7 @@ func (i *memoryImage) Close() {
// Size returns the size of the image as stored, if known, or -1 if not.
func (i *memoryImage) Size() (int64, error) {
s, err := i.serialize()
if err != nil {
return -1, err
}
return int64(len(s)), nil
return -1, nil
}
// Manifest is like ImageSource.GetManifest, but the result is cached; it is OK to call this however often you need.

View File

@ -7,7 +7,6 @@ import (
"fmt"
"github.com/mtrmac/gpgme"
"github.com/pkg/errors"
)
// SigningMechanism abstracts a way to sign binary blobs and verify their signatures.
@ -77,9 +76,6 @@ func (m gpgSigningMechanism) ImportKeysFromBytes(blob []byte) ([]string, error)
func (m gpgSigningMechanism) Sign(input []byte, keyIdentity string) ([]byte, error) {
key, err := m.ctx.GetKey(keyIdentity, true)
if err != nil {
if e, ok := err.(gpgme.Error); ok && e.Code() == gpgme.ErrorEOF {
return nil, errors.Errorf("key %q not found", keyIdentity)
}
return nil, err
}
inputData, err := gpgme.NewDataBytes(input)

View File

@ -1,4 +1,4 @@
// +build !autogen
// +build !containersstorageautogen
// Package storageversion is auto-generated at build-time
package storageversion

View File

@ -9,6 +9,7 @@ package gpgme
import "C"
import (
"fmt"
"io"
"os"
"runtime"
@ -389,7 +390,14 @@ func (c *Context) GetKey(fingerprint string, secret bool) (*Key, error) {
key := newKey()
cfpr := C.CString(fingerprint)
defer C.free(unsafe.Pointer(cfpr))
return key, handleError(C.gpgme_get_key(c.ctx, cfpr, &key.k, cbool(secret)))
err := handleError(C.gpgme_get_key(c.ctx, cfpr, &key.k, cbool(secret)))
if e, ok := err.(Error); key.k == nil && ok && e.Code() == ErrorEOF {
return nil, fmt.Errorf("key %q not found", fingerprint)
}
if err != nil {
return nil, err
}
return key, nil
}
func (c *Context) Decrypt(ciphertext, plaintext *Data) error {