Until version v3.2, `podman login` trimmed http{s} prefixes along with
everything else but the host[:port] parts. Starting with v3.3, `login`
supports storing credentials for namespaces and dropped support for
trimming prefixes due to ambiguities in registry URLs.
The aforementioned changes caused a regression (see BZ below) as some
users depend on the prefix trimming. Fix that regression by enabling
the http{s} prefix trimming. If present, everything but the host[:port]
parts will be stripped as well.
* `login quay.io/repo` uses `quay.io/repo`
* `login https://quay.io/repo` uses `quay.io`
Fixes: bugzilla.redhat.com/show_bug.cgi?id=2062072
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
... and instead primarily use the string key. This allows
using a docker.io/vendor namespace.
Also rename parseRegistryArgument to parseCredentialsKey,
the argument is not just a registry.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We can now call GetCredentials with namespaced keys,
so simplify.
The ref value is still computed, we'll remove that momentarily.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This avoids duplication and non-obvious interactions (where "!= 0"
means "== 1"), and is more similar to Login.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Only test opts.All once instead of three times.
Don't even start worrying about key/registry with --all.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We now add a new configuration option to opt-in for path based registry
authentication in containers-auth.json. This affects login and logout,
which means if the option is enabled we can now use
`my-registry.local/path/to/image` to save or remove the credentials from
the auth.json.
If the option is enabled, then we enforce a stricter validation of the
input. For example it is not allowed input `http[s]://` prefixed keys.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
The new `libimage` package is an attempt to consolidate the code for
managing container images and performing operations on them such as
pulling, pushing, saving, searching, local lookups, removing etc.
Over time, Buildah, CRI-O and Podman diverged with respect to managing
container images resulting in a high amount of code duplication
rendering the tools harder to maintain (e.g., bug fixes) and harder to
extend (e.g., adding new features) than necessary.
The desire to share all that code in a common library grew and this is
an attempt to address the it.
The changes as they are now pass Buildah CI [1]. Once merged into
Buildah, I expect follow up changes when migrating Podman over to
`libimage`.
Miscellaneous changes:
* Copy `podman/pkg/signal` to `pkg/signal`.
* Copy `buildah/manifests` to `image/manifests`. Note that the unit
tests require root privileges. Skip()'s are added when running
rootless. Currently excluded from linting.
* Copy `buildah/pkg/manifests` to `pkg/manifests`. Currently excluded
from linting.
* Copy `buildah/pkg/supplemented` to `pkg/supplemented`. Currently
excluded from linting.
[1] github.com/containers/buildah/pull/3148
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
`REGISTRY_AUTH_FILE` expects a complete path to the authentication file,
however `DOCKER_CONFIG` only refers to a configuration directory. The
function would only return the directory itself and cause confusing
errors when passed onwards to `container/image`.
$ DOCKER_CONFIG="/home/fox/.config/docker" podman pull docker.io/alpine
Trying to pull docker.io/library/alpine:latest...
read /home/fox/.config/docker: is a directory
[...]
$ DOCKER_CONFIG="/home/fox/.config/docker/config.json" podman pull docker.io/alpine
Trying to pull docker.io/library/alpine:latest...
open /home/fox/.config/docker/config.json/config.json: not a directory
[...]
Signed-off-by: Morten Linderud <morten@linderud.pw>
golang builtin OS functions, include the path to the object being used,
no reason for us to wrap these errors with an object for a second time.
This just causes stuttering, and looks bad at the CLI level.
Existing tests should catch any errors.
Also stop adding "error" to something that is obviusly an error when it
shows up to the user.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Since the GetDefaultAuthFile() is caused during podman init
it ends up logging the same info line multiple times, with
no way for the user to quiet the output.
Fixes https://github.com/containers/podman/issues/9473
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
DOCKER_CONFIG environment variable is sometimes used to point
to the config.json. The container engines use REGISTRY_AUTH_FILE
for similar functionality. This PR causes programs that use
GetAuthFile to use DOCKER_CONFIG if it set and REGISTRY_AUTH_FILE
is not.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Valentin Rothberg
Jason T. Greene
Miloslav Trmač
dependabot[bot]
Sascha Grunert
flouthoc
Valentin Rothberg
Morten Linderud
Daniel J Walsh
Sascha Grunert
Qi Wang