Vendor after merging containers/image#436

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.c

@@ -0,0 +1,228 @@
+#include "osxkeychain_darwin.h"
+#include <CoreFoundation/CoreFoundation.h>
+#include <Foundation/NSValue.h>
+#include <stdio.h>
+#include <string.h>
+
+char *get_error(OSStatus status) {
+  char *buf = malloc(128);
+  CFStringRef str = SecCopyErrorMessageString(status, NULL);
+  int success = CFStringGetCString(str, buf, 128, kCFStringEncodingUTF8);
+  if (!success) {
+    strncpy(buf, "Unknown error", 128);
+  }
+  return buf;
+}
+
+char *keychain_add(struct Server *server, char *label, char *username, char *secret) {
+  SecKeychainItemRef item;
+
+  OSStatus status = SecKeychainAddInternetPassword(
+    NULL,
+    strlen(server->host), server->host,
+    0, NULL,
+    strlen(username), username,
+    strlen(server->path), server->path,
+    server->port,
+    server->proto,
+    kSecAuthenticationTypeDefault,
+    strlen(secret), secret,
+    &item
+  );
+
+  if (status) {
+    return get_error(status);
+  }
+
+  SecKeychainAttribute attribute;
+  SecKeychainAttributeList attrs;
+  attribute.tag = kSecLabelItemAttr;
+  attribute.data = label;
+  attribute.length = strlen(label);
+  attrs.count = 1;
+  attrs.attr = &attribute;
+
+  status = SecKeychainItemModifyContent(item, &attrs, 0, NULL);
+
+  if (status) {
+    return get_error(status);
+  }
+
+  return NULL;
+}
+
+char *keychain_get(struct Server *server, unsigned int *username_l, char **username, unsigned int *secret_l, char **secret) {
+  char *tmp;
+  SecKeychainItemRef item;
+
+  OSStatus status = SecKeychainFindInternetPassword(
+    NULL,
+    strlen(server->host), server->host,
+    0, NULL,
+    0, NULL,
+    strlen(server->path), server->path,
+    server->port,
+    server->proto,
+    kSecAuthenticationTypeDefault,
+    secret_l, (void **)&tmp,
+    &item);
+
+  if (status) {
+    return get_error(status);
+  }
+
+  *secret = strdup(tmp);
+  SecKeychainItemFreeContent(NULL, tmp);
+
+  SecKeychainAttributeList list;
+  SecKeychainAttribute attr;
+
+  list.count = 1;
+  list.attr = &attr;
+  attr.tag = kSecAccountItemAttr;
+
+  status = SecKeychainItemCopyContent(item, NULL, &list, NULL, NULL);
+  if (status) {
+    return get_error(status);
+  }
+
+  *username = strdup(attr.data);
+  *username_l = attr.length;
+  SecKeychainItemFreeContent(&list, NULL);
+
+  return NULL;
+}
+
+char *keychain_delete(struct Server *server) {
+  SecKeychainItemRef item;
+
+  OSStatus status = SecKeychainFindInternetPassword(
+    NULL,
+    strlen(server->host), server->host,
+    0, NULL,
+    0, NULL,
+    strlen(server->path), server->path,
+    server->port,
+    server->proto,
+    kSecAuthenticationTypeDefault,
+    0, NULL,
+    &item);
+
+  if (status) {
+    return get_error(status);
+  }
+
+  status = SecKeychainItemDelete(item);
+  if (status) {
+    return get_error(status);
+  }
+  return NULL;
+}
+
+char * CFStringToCharArr(CFStringRef aString) {
+  if (aString == NULL) {
+    return NULL;
+  }
+  CFIndex length = CFStringGetLength(aString);
+  CFIndex maxSize =
+  CFStringGetMaximumSizeForEncoding(length, kCFStringEncodingUTF8) + 1;
+  char *buffer = (char *)malloc(maxSize);
+  if (CFStringGetCString(aString, buffer, maxSize,
+                         kCFStringEncodingUTF8)) {
+    return buffer;
+  }
+  return NULL;
+}
+
+char *keychain_list(char *credsLabel, char *** paths, char *** accts, unsigned int *list_l) {
+    CFStringRef credsLabelCF = CFStringCreateWithCString(NULL, credsLabel, kCFStringEncodingUTF8);
+    CFMutableDictionaryRef query = CFDictionaryCreateMutable (NULL, 1, NULL, NULL);
+    CFDictionaryAddValue(query, kSecClass, kSecClassInternetPassword);
+    CFDictionaryAddValue(query, kSecReturnAttributes, kCFBooleanTrue);
+    CFDictionaryAddValue(query, kSecMatchLimit, kSecMatchLimitAll);
+    CFDictionaryAddValue(query, kSecAttrLabel, credsLabelCF);
+    //Use this query dictionary
+    CFTypeRef result= NULL;
+    OSStatus status = SecItemCopyMatching(
+                                          query,
+                                          &result);
+
+    CFRelease(credsLabelCF);
+
+    //Ran a search and store the results in result
+    if (status) {
+        return get_error(status);
+    }
+    CFIndex numKeys = CFArrayGetCount(result);
+    *paths = (char **) malloc((int)sizeof(char *)*numKeys);
+    *accts = (char **) malloc((int)sizeof(char *)*numKeys);
+    //result is of type CFArray
+    for(CFIndex i=0; i<numKeys; i++) {
+        CFDictionaryRef currKey = CFArrayGetValueAtIndex(result,i);
+
+        CFStringRef protocolTmp = CFDictionaryGetValue(currKey, CFSTR("ptcl"));
+        if (protocolTmp != NULL) {
+            CFStringRef protocolStr = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@"), protocolTmp);
+            if (CFStringCompare(protocolStr, CFSTR("htps"), 0) == kCFCompareEqualTo) {
+                protocolTmp = CFSTR("https://");
+            }
+            else {
+                protocolTmp = CFSTR("http://");
+            }
+            CFRelease(protocolStr);
+        }
+        else {
+            char * path = "0";
+            char * acct = "0";
+            (*paths)[i] = (char *) malloc(sizeof(char)*(strlen(path)));
+            memcpy((*paths)[i], path, sizeof(char)*(strlen(path)));
+            (*accts)[i] = (char *) malloc(sizeof(char)*(strlen(acct)));
+            memcpy((*accts)[i], acct, sizeof(char)*(strlen(acct)));
+            continue;
+        }
+        
+        CFMutableStringRef str = CFStringCreateMutableCopy(NULL, 0, protocolTmp);
+        CFStringRef serverTmp = CFDictionaryGetValue(currKey, CFSTR("srvr"));
+        if (serverTmp != NULL) {
+            CFStringAppend(str, serverTmp);
+        }
+        
+        CFStringRef pathTmp = CFDictionaryGetValue(currKey, CFSTR("path"));
+        if (pathTmp != NULL) {
+            CFStringAppend(str, pathTmp);
+        }
+        
+        const NSNumber * portTmp = CFDictionaryGetValue(currKey, CFSTR("port"));
+        if (portTmp != NULL && portTmp.integerValue != 0) {
+            CFStringRef portStr = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@"), portTmp);
+            CFStringAppend(str, CFSTR(":"));
+            CFStringAppend(str, portStr);
+            CFRelease(portStr);
+        }
+        
+        CFStringRef acctTmp = CFDictionaryGetValue(currKey, CFSTR("acct"));
+        if (acctTmp == NULL) {
+            acctTmp = CFSTR("account not defined");
+        }
+
+        char * path = CFStringToCharArr(str);
+        char * acct = CFStringToCharArr(acctTmp);
+
+        //We now have all we need, username and servername. Now export this to .go
+        (*paths)[i] = (char *) malloc(sizeof(char)*(strlen(path)+1));
+        memcpy((*paths)[i], path, sizeof(char)*(strlen(path)+1));
+        (*accts)[i] = (char *) malloc(sizeof(char)*(strlen(acct)+1));
+        memcpy((*accts)[i], acct, sizeof(char)*(strlen(acct)+1));
+
+        CFRelease(str);
+    }
+    *list_l = (int)numKeys;
+    return NULL;
+}
+
+void freeListData(char *** data, unsigned int length) {
+     for(int i=0; i<length; i++) {
+        free((*data)[i]);
+     }
+     free(*data);
+}

vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.go

@@ -0,0 +1,196 @@
+package osxkeychain
+
+/*
+#cgo CFLAGS: -x objective-c -mmacosx-version-min=10.10
+#cgo LDFLAGS: -framework Security -framework Foundation -mmacosx-version-min=10.10
+
+#include "osxkeychain_darwin.h"
+#include <stdlib.h>
+*/
+import "C"
+import (
+	"errors"
+	"net/url"
+	"strconv"
+	"strings"
+	"unsafe"
+
+	"github.com/docker/docker-credential-helpers/credentials"
+)
+
+// errCredentialsNotFound is the specific error message returned by OS X
+// when the credentials are not in the keychain.
+const errCredentialsNotFound = "The specified item could not be found in the keychain."
+
+// Osxkeychain handles secrets using the OS X Keychain as store.
+type Osxkeychain struct{}
+
+// Add adds new credentials to the keychain.
+func (h Osxkeychain) Add(creds *credentials.Credentials) error {
+	h.Delete(creds.ServerURL)
+
+	s, err := splitServer(creds.ServerURL)
+	if err != nil {
+		return err
+	}
+	defer freeServer(s)
+
+	label := C.CString(credentials.CredsLabel)
+	defer C.free(unsafe.Pointer(label))
+	username := C.CString(creds.Username)
+	defer C.free(unsafe.Pointer(username))
+	secret := C.CString(creds.Secret)
+	defer C.free(unsafe.Pointer(secret))
+
+	errMsg := C.keychain_add(s, label, username, secret)
+	if errMsg != nil {
+		defer C.free(unsafe.Pointer(errMsg))
+		return errors.New(C.GoString(errMsg))
+	}
+
+	return nil
+}
+
+// Delete removes credentials from the keychain.
+func (h Osxkeychain) Delete(serverURL string) error {
+	s, err := splitServer(serverURL)
+	if err != nil {
+		return err
+	}
+	defer freeServer(s)
+
+	errMsg := C.keychain_delete(s)
+	if errMsg != nil {
+		defer C.free(unsafe.Pointer(errMsg))
+		return errors.New(C.GoString(errMsg))
+	}
+
+	return nil
+}
+
+// Get returns the username and secret to use for a given registry server URL.
+func (h Osxkeychain) Get(serverURL string) (string, string, error) {
+	s, err := splitServer(serverURL)
+	if err != nil {
+		return "", "", err
+	}
+	defer freeServer(s)
+
+	var usernameLen C.uint
+	var username *C.char
+	var secretLen C.uint
+	var secret *C.char
+	defer C.free(unsafe.Pointer(username))
+	defer C.free(unsafe.Pointer(secret))
+
+	errMsg := C.keychain_get(s, &usernameLen, &username, &secretLen, &secret)
+	if errMsg != nil {
+		defer C.free(unsafe.Pointer(errMsg))
+		goMsg := C.GoString(errMsg)
+		if goMsg == errCredentialsNotFound {
+			return "", "", credentials.NewErrCredentialsNotFound()
+		}
+
+		return "", "", errors.New(goMsg)
+	}
+
+	user := C.GoStringN(username, C.int(usernameLen))
+	pass := C.GoStringN(secret, C.int(secretLen))
+	return user, pass, nil
+}
+
+// List returns the stored URLs and corresponding usernames.
+func (h Osxkeychain) List() (map[string]string, error) {
+	credsLabelC := C.CString(credentials.CredsLabel)
+	defer C.free(unsafe.Pointer(credsLabelC))
+
+	var pathsC **C.char
+	defer C.free(unsafe.Pointer(pathsC))
+	var acctsC **C.char
+	defer C.free(unsafe.Pointer(acctsC))
+	var listLenC C.uint
+	errMsg := C.keychain_list(credsLabelC, &pathsC, &acctsC, &listLenC)
+	if errMsg != nil {
+		defer C.free(unsafe.Pointer(errMsg))
+		goMsg := C.GoString(errMsg)
+		return nil, errors.New(goMsg)
+	}
+
+	defer C.freeListData(&pathsC, listLenC)
+	defer C.freeListData(&acctsC, listLenC)
+
+	var listLen int
+	listLen = int(listLenC)
+	pathTmp := (*[1 << 30]*C.char)(unsafe.Pointer(pathsC))[:listLen:listLen]
+	acctTmp := (*[1 << 30]*C.char)(unsafe.Pointer(acctsC))[:listLen:listLen]
+	//taking the array of c strings into go while ignoring all the stuff irrelevant to credentials-helper
+	resp := make(map[string]string)
+	for i := 0; i < listLen; i++ {
+		if C.GoString(pathTmp[i]) == "0" {
+			continue
+		}
+		resp[C.GoString(pathTmp[i])] = C.GoString(acctTmp[i])
+	}
+	return resp, nil
+}
+
+func splitServer(serverURL string) (*C.struct_Server, error) {
+	u, err := parseURL(serverURL)
+	if err != nil {
+		return nil, err
+	}
+
+	proto := C.kSecProtocolTypeHTTPS
+	if u.Scheme == "http" {
+		proto = C.kSecProtocolTypeHTTP
+	}
+	var port int
+	p := getPort(u)
+	if p != "" {
+		port, err = strconv.Atoi(p)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &C.struct_Server{
+		proto: C.SecProtocolType(proto),
+		host:  C.CString(getHostname(u)),
+		port:  C.uint(port),
+		path:  C.CString(u.Path),
+	}, nil
+}
+
+func freeServer(s *C.struct_Server) {
+	C.free(unsafe.Pointer(s.host))
+	C.free(unsafe.Pointer(s.path))
+}
+
+// parseURL parses and validates a given serverURL to an url.URL, and
+// returns an error if validation failed. Querystring parameters are
+// omitted in the resulting URL, because they are not used in the helper.
+//
+// If serverURL does not have a valid scheme, `//` is used as scheme
+// before parsing. This prevents the hostname being used as path,
+// and the credentials being stored without host.
+func parseURL(serverURL string) (*url.URL, error) {
+	// Check if serverURL has a scheme, otherwise add `//` as scheme.
+	if !strings.Contains(serverURL, "://") && !strings.HasPrefix(serverURL, "//") {
+		serverURL = "//" + serverURL
+	}
+
+	u, err := url.Parse(serverURL)
+	if err != nil {
+		return nil, err
+	}
+
+	if u.Scheme != "" && u.Scheme != "https" && u.Scheme != "http" {
+		return nil, errors.New("unsupported scheme: " + u.Scheme)
+	}
+	if getHostname(u) == "" {
+		return nil, errors.New("no hostname in URL")
+	}
+
+	u.RawQuery = ""
+	return u, nil
+}

vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.h

@@ -0,0 +1,14 @@
+#include <Security/Security.h>
+
+struct Server {
+  SecProtocolType proto;
+  char *host;
+  char *path;
+  unsigned int port;
+};
+
+char *keychain_add(struct Server *server, char *label, char *username, char *secret);
+char *keychain_get(struct Server *server, unsigned int *username_l, char **username, unsigned int *secret_l, char **secret);
+char *keychain_delete(struct Server *server);
+char *keychain_list(char *credsLabel, char *** data, char *** accts, unsigned int *list_l);
+void freeListData(char *** data, unsigned int length);

vendor/github.com/docker/docker-credential-helpers/osxkeychain/url_go18.go

@@ -0,0 +1,13 @@
+//+build go1.8
+
+package osxkeychain
+
+import "net/url"
+
+func getHostname(u *url.URL) string {
+	return u.Hostname()
+}
+
+func getPort(u *url.URL) string {
+	return u.Port()
+}

vendor/github.com/docker/docker-credential-helpers/osxkeychain/url_non_go18.go

@@ -0,0 +1,41 @@
+//+build !go1.8
+
+package osxkeychain
+
+import (
+	"net/url"
+	"strings"
+)
+
+func getHostname(u *url.URL) string {
+	return stripPort(u.Host)
+}
+
+func getPort(u *url.URL) string {
+	return portOnly(u.Host)
+}
+
+func stripPort(hostport string) string {
+	colon := strings.IndexByte(hostport, ':')
+	if colon == -1 {
+		return hostport
+	}
+	if i := strings.IndexByte(hostport, ']'); i != -1 {
+		return strings.TrimPrefix(hostport[:i], "[")
+	}
+	return hostport[:colon]
+}
+
+func portOnly(hostport string) string {
+	colon := strings.IndexByte(hostport, ':')
+	if colon == -1 {
+		return ""
+	}
+	if i := strings.Index(hostport, "]:"); i != -1 {
+		return hostport[i+len("]:"):]
+	}
+	if strings.Contains(hostport, "]") {
+		return ""
+	}
+	return hostport[colon+len(":"):]
+}

vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.c

@@ -0,0 +1,162 @@
+#include <string.h>
+#include <stdlib.h>
+#include "secretservice_linux.h"
+
+const SecretSchema *docker_get_schema(void)
+{
+	static const SecretSchema docker_schema = {
+		"io.docker.Credentials", SECRET_SCHEMA_NONE,
+		{
+		    { "label", SECRET_SCHEMA_ATTRIBUTE_STRING },
+			{ "server", SECRET_SCHEMA_ATTRIBUTE_STRING },
+			{ "username", SECRET_SCHEMA_ATTRIBUTE_STRING },
+			{ "docker_cli", SECRET_SCHEMA_ATTRIBUTE_STRING },
+			{ "NULL", 0 },
+		}
+	};
+	return &docker_schema;
+}
+
+GError *add(char *label, char *server, char *username, char *secret) {
+	GError *err = NULL;
+
+	secret_password_store_sync (DOCKER_SCHEMA, SECRET_COLLECTION_DEFAULT,
+			server, secret, NULL, &err,
+			"label", label,
+			"server", server,
+			"username", username,
+			"docker_cli", "1",
+			NULL);
+	return err;
+}
+
+GError *delete(char *server) {
+	GError *err = NULL;
+
+	secret_password_clear_sync(DOCKER_SCHEMA, NULL, &err,
+			"server", server,
+			"docker_cli", "1",
+			NULL);
+	if (err != NULL)
+		return err;
+	return NULL;
+}
+
+char *get_attribute(const char *attribute, SecretItem *item) {
+	GHashTable *attributes;
+	GHashTableIter iter;
+	gchar *value, *key;
+
+	attributes = secret_item_get_attributes(item);
+	g_hash_table_iter_init(&iter, attributes);
+	while (g_hash_table_iter_next(&iter, (void **)&key, (void **)&value)) {
+		if (strncmp(key, attribute, strlen(key)) == 0)
+			return (char *)value;
+	}
+	g_hash_table_unref(attributes);
+	return NULL;
+}
+
+GError *get(char *server, char **username, char **secret) {
+	GError *err = NULL;
+	GHashTable *attributes;
+	SecretService *service;
+	GList *items, *l;
+	SecretSearchFlags flags = SECRET_SEARCH_LOAD_SECRETS | SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK;
+	SecretValue *secretValue;
+	gsize length;
+	gchar *value;
+
+	attributes = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free);
+	g_hash_table_insert(attributes, g_strdup("server"), g_strdup(server));
+	g_hash_table_insert(attributes, g_strdup("docker_cli"), g_strdup("1"));
+
+	service = secret_service_get_sync(SECRET_SERVICE_NONE, NULL, &err);
+	if (err == NULL) {
+		items = secret_service_search_sync(service, DOCKER_SCHEMA, attributes, flags, NULL, &err);
+		if (err == NULL) {
+			for (l = items; l != NULL; l = g_list_next(l)) {
+				value = secret_item_get_schema_name(l->data);
+				if (strncmp(value, "io.docker.Credentials", strlen(value)) != 0) {
+					g_free(value);
+					continue;
+				}
+				g_free(value);
+				secretValue = secret_item_get_secret(l->data);
+				if (secret != NULL) {
+					*secret = strdup(secret_value_get(secretValue, &length));
+					secret_value_unref(secretValue);
+				}
+				*username = get_attribute("username", l->data);
+			}
+			g_list_free_full(items, g_object_unref);
+		}
+		g_object_unref(service);
+	}
+	g_hash_table_unref(attributes);
+	if (err != NULL) {
+		return err;
+	}
+	return NULL;
+}
+
+GError *list(char *ref_label, char *** paths, char *** accts, unsigned int *list_l) {
+	GList *items;
+	GError *err = NULL;
+	SecretService *service;
+	SecretSearchFlags flags = SECRET_SEARCH_LOAD_SECRETS | SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK;
+	GHashTable *attributes = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free);
+
+	// List credentials with the right label only
+	g_hash_table_insert(attributes, g_strdup("label"), g_strdup(ref_label));
+
+	service = secret_service_get_sync(SECRET_SERVICE_NONE, NULL, &err);
+	if (err != NULL) {
+		return err;
+	}
+
+	items = secret_service_search_sync(service, NULL, attributes, flags, NULL, &err);
+	int numKeys = g_list_length(items);
+	if (err != NULL) {
+		return err;
+	}
+
+	char **tmp_paths = (char **) calloc(1,(int)sizeof(char *)*numKeys);
+	char **tmp_accts = (char **) calloc(1,(int)sizeof(char *)*numKeys);
+
+	// items now contains our keys from the gnome keyring
+	// we will now put it in our two lists to return it to go
+	GList *current;
+	int listNumber = 0;
+	for(current = items; current!=NULL; current = current->next) {
+		char *pathTmp = secret_item_get_label(current->data);
+		// you cannot have a key without a label in the gnome keyring
+		char *acctTmp = get_attribute("username",current->data);
+		if (acctTmp==NULL) {
+			acctTmp = "account not defined";
+		}
+
+		tmp_paths[listNumber] = (char *) calloc(1, sizeof(char)*(strlen(pathTmp)+1));
+		tmp_accts[listNumber] = (char *) calloc(1, sizeof(char)*(strlen(acctTmp)+1));
+
+		memcpy(tmp_paths[listNumber], pathTmp, sizeof(char)*(strlen(pathTmp)+1));
+		memcpy(tmp_accts[listNumber], acctTmp, sizeof(char)*(strlen(acctTmp)+1));
+
+		listNumber = listNumber + 1;
+	}
+
+	*paths = (char **) realloc(tmp_paths, (int)sizeof(char *)*listNumber);
+	*accts = (char **) realloc(tmp_accts, (int)sizeof(char *)*listNumber);
+
+	*list_l = listNumber;
+
+	return NULL;
+}
+
+void freeListData(char *** data, unsigned int length) {
+	int i;
+	for(i=0; i<length; i++) {
+		free((*data)[i]);
+	}
+	free(*data);
+}

vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.go

@@ -0,0 +1,118 @@
+package secretservice
+
+/*
+#cgo pkg-config: libsecret-1
+
+#include "secretservice_linux.h"
+#include <stdlib.h>
+*/
+import "C"
+import (
+	"errors"
+	"unsafe"
+
+	"github.com/docker/docker-credential-helpers/credentials"
+)
+
+// Secretservice handles secrets using Linux secret-service as a store.
+type Secretservice struct{}
+
+// Add adds new credentials to the keychain.
+func (h Secretservice) Add(creds *credentials.Credentials) error {
+	if creds == nil {
+		return errors.New("missing credentials")
+	}
+	credsLabel := C.CString(credentials.CredsLabel)
+	defer C.free(unsafe.Pointer(credsLabel))
+	server := C.CString(creds.ServerURL)
+	defer C.free(unsafe.Pointer(server))
+	username := C.CString(creds.Username)
+	defer C.free(unsafe.Pointer(username))
+	secret := C.CString(creds.Secret)
+	defer C.free(unsafe.Pointer(secret))
+
+	if err := C.add(credsLabel, server, username, secret); err != nil {
+		defer C.g_error_free(err)
+		errMsg := (*C.char)(unsafe.Pointer(err.message))
+		return errors.New(C.GoString(errMsg))
+	}
+	return nil
+}
+
+// Delete removes credentials from the store.
+func (h Secretservice) Delete(serverURL string) error {
+	if serverURL == "" {
+		return errors.New("missing server url")
+	}
+	server := C.CString(serverURL)
+	defer C.free(unsafe.Pointer(server))
+
+	if err := C.delete(server); err != nil {
+		defer C.g_error_free(err)
+		errMsg := (*C.char)(unsafe.Pointer(err.message))
+		return errors.New(C.GoString(errMsg))
+	}
+	return nil
+}
+
+// Get returns the username and secret to use for a given registry server URL.
+func (h Secretservice) Get(serverURL string) (string, string, error) {
+	if serverURL == "" {
+		return "", "", errors.New("missing server url")
+	}
+	var username *C.char
+	defer C.free(unsafe.Pointer(username))
+	var secret *C.char
+	defer C.free(unsafe.Pointer(secret))
+	server := C.CString(serverURL)
+	defer C.free(unsafe.Pointer(server))
+
+	err := C.get(server, &username, &secret)
+	if err != nil {
+		defer C.g_error_free(err)
+		errMsg := (*C.char)(unsafe.Pointer(err.message))
+		return "", "", errors.New(C.GoString(errMsg))
+	}
+	user := C.GoString(username)
+	pass := C.GoString(secret)
+	if pass == "" {
+		return "", "", credentials.NewErrCredentialsNotFound()
+	}
+	return user, pass, nil
+}
+
+// List returns the stored URLs and corresponding usernames for a given credentials label
+func (h Secretservice) List() (map[string]string, error) {
+	credsLabelC := C.CString(credentials.CredsLabel)
+	defer C.free(unsafe.Pointer(credsLabelC))
+
+	var pathsC **C.char
+	defer C.free(unsafe.Pointer(pathsC))
+	var acctsC **C.char
+	defer C.free(unsafe.Pointer(acctsC))
+	var listLenC C.uint
+	err := C.list(credsLabelC, &pathsC, &acctsC, &listLenC)
+	if err != nil {
+		defer C.free(unsafe.Pointer(err))
+		return nil, errors.New("Error from list function in secretservice_linux.c likely due to error in secretservice library")
+	}
+	defer C.freeListData(&pathsC, listLenC)
+	defer C.freeListData(&acctsC, listLenC)
+
+	resp := make(map[string]string)
+
+	listLen := int(listLenC)
+	if listLen == 0 {
+		return resp, nil
+	}
+	// The maximum capacity of the following two slices is limited to (2^29)-1 to remain compatible
+	// with 32-bit platforms. The size of a `*C.char` (a pointer) is 4 Byte on a 32-bit system
+	// and (2^29)*4 == math.MaxInt32 + 1. -- See issue golang/go#13656
+	pathTmp := (*[(1 << 29) - 1]*C.char)(unsafe.Pointer(pathsC))[:listLen:listLen]
+	acctTmp := (*[(1 << 29) - 1]*C.char)(unsafe.Pointer(acctsC))[:listLen:listLen]
+	for i := 0; i < listLen; i++ {
+		resp[C.GoString(pathTmp[i])] = C.GoString(acctTmp[i])
+	}
+
+	return resp, nil
+}

vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.h

@@ -0,0 +1,13 @@
+#define SECRET_WITH_UNSTABLE 1
+#define SECRET_API_SUBJECT_TO_CHANGE 1
+#include <libsecret/secret.h>
+
+const SecretSchema *docker_get_schema(void) G_GNUC_CONST;
+
+#define DOCKER_SCHEMA docker_get_schema()
+
+GError *add(char *label, char *server, char *username, char *secret);
+GError *delete(char *server);
+GError *get(char *server, char **username, char **secret);
+GError *list(char *label, char *** paths, char *** accts, unsigned int *list_l);
+void freeListData(char *** data, unsigned int length);