From 1ec992abd1be36a00065b8fd1268ca7d252f1590 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sun, 8 Jan 2017 13:10:07 +0100 Subject: [PATCH] bump c/image Signed-off-by: Antonio Murdaca --- .../containers/image/docker/docker_client.go | 19 ++++++++++++++++++- .../containers/image/image/memory.go | 6 +----- .../containers/image/signature/mechanism.go | 4 ---- .../storage/storageversion/version_lib.go | 2 +- vendor/github.com/mtrmac/gpgme/gpgme.go | 10 +++++++++- 5 files changed, 29 insertions(+), 12 deletions(-) diff --git a/vendor/github.com/containers/image/docker/docker_client.go b/vendor/github.com/containers/image/docker/docker_client.go index ae69b906..9fca4100 100644 --- a/vendor/github.com/containers/image/docker/docker_client.go +++ b/vendor/github.com/containers/image/docker/docker_client.go @@ -264,8 +264,25 @@ func (c *dockerClient) setupRequestAuth(req *http.Request) error { return err } chs := parseAuthHeader(res.Header) + // We could end up in this "if" statement if the /v2/ call (during ping) + // returned 401 with a valid WWW-Authenticate=Bearer header. + // That doesn't **always** mean, however, that the specific API request + // (different from /v2/) actually needs to be authorized. + // One example of this _weird_ scenario happens with GCR.io docker + // registries. if res.StatusCode != http.StatusUnauthorized || chs == nil || len(chs) == 0 { - // try again one last time with Basic Auth (gcr.io for instance) + // With gcr.io, the /v2/ call returns a 401 with a valid WWW-Authenticate=Bearer + // header but the repository could be _public_ (no authorization is needed). + // Hence, the registry response contains no challenges and the status + // code is not 401. + // We just skip this case as it's not standard on docker/distribution + // registries (https://github.com/docker/distribution/blob/master/docs/spec/api.md#api-version-check) + if res.StatusCode != http.StatusUnauthorized { + return nil + } + // gcr.io private repositories pull instead requires us to send user:pass pair in + // order to retrieve a token and setup the correct Bearer token. + // try again one last time with Basic Auth testReq2 := *req // Do not use the body stream, or we couldn't reuse it for the "real" call later. testReq2.Body = nil diff --git a/vendor/github.com/containers/image/image/memory.go b/vendor/github.com/containers/image/image/memory.go index b240446c..1a3faa02 100644 --- a/vendor/github.com/containers/image/image/memory.go +++ b/vendor/github.com/containers/image/image/memory.go @@ -37,11 +37,7 @@ func (i *memoryImage) Close() { // Size returns the size of the image as stored, if known, or -1 if not. func (i *memoryImage) Size() (int64, error) { - s, err := i.serialize() - if err != nil { - return -1, err - } - return int64(len(s)), nil + return -1, nil } // Manifest is like ImageSource.GetManifest, but the result is cached; it is OK to call this however often you need. diff --git a/vendor/github.com/containers/image/signature/mechanism.go b/vendor/github.com/containers/image/signature/mechanism.go index 93c354b7..196ad927 100644 --- a/vendor/github.com/containers/image/signature/mechanism.go +++ b/vendor/github.com/containers/image/signature/mechanism.go @@ -7,7 +7,6 @@ import ( "fmt" "github.com/mtrmac/gpgme" - "github.com/pkg/errors" ) // SigningMechanism abstracts a way to sign binary blobs and verify their signatures. @@ -77,9 +76,6 @@ func (m gpgSigningMechanism) ImportKeysFromBytes(blob []byte) ([]string, error) func (m gpgSigningMechanism) Sign(input []byte, keyIdentity string) ([]byte, error) { key, err := m.ctx.GetKey(keyIdentity, true) if err != nil { - if e, ok := err.(gpgme.Error); ok && e.Code() == gpgme.ErrorEOF { - return nil, errors.Errorf("key %q not found", keyIdentity) - } return nil, err } inputData, err := gpgme.NewDataBytes(input) diff --git a/vendor/github.com/containers/storage/storageversion/version_lib.go b/vendor/github.com/containers/storage/storageversion/version_lib.go index 761868e3..34a531a9 100644 --- a/vendor/github.com/containers/storage/storageversion/version_lib.go +++ b/vendor/github.com/containers/storage/storageversion/version_lib.go @@ -1,4 +1,4 @@ -// +build !autogen +// +build !containersstorageautogen // Package storageversion is auto-generated at build-time package storageversion diff --git a/vendor/github.com/mtrmac/gpgme/gpgme.go b/vendor/github.com/mtrmac/gpgme/gpgme.go index 5f1793ea..20aad737 100644 --- a/vendor/github.com/mtrmac/gpgme/gpgme.go +++ b/vendor/github.com/mtrmac/gpgme/gpgme.go @@ -9,6 +9,7 @@ package gpgme import "C" import ( + "fmt" "io" "os" "runtime" @@ -389,7 +390,14 @@ func (c *Context) GetKey(fingerprint string, secret bool) (*Key, error) { key := newKey() cfpr := C.CString(fingerprint) defer C.free(unsafe.Pointer(cfpr)) - return key, handleError(C.gpgme_get_key(c.ctx, cfpr, &key.k, cbool(secret))) + err := handleError(C.gpgme_get_key(c.ctx, cfpr, &key.k, cbool(secret))) + if e, ok := err.(Error); key.k == nil && ok && e.Code() == ErrorEOF { + return nil, fmt.Errorf("key %q not found", fingerprint) + } + if err != nil { + return nil, err + } + return key, nil } func (c *Context) Decrypt(ciphertext, plaintext *Data) error {