Just a micro-optimization: avoid maintaining state for
a read/write buffer, and the allocation inherent in a
string -> []byte conversion.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Mostly just name changes that should not change behavior,
apart from ioutil.ReadDir -> os.ReadDir avoiding per-item
lstat(2) in some cases.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... to be at least a bit protected against credentials in logs.
I did try to find all uses, but it's possible I have missed some.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is, sadly, wasteful, because NewRequestWithContext() only accepts
a string and parses it again, but it gives us more type safety, and simplifies
at least some callers.
Most importantly, this will also allow us to call url.Redacted() for logging.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... just for the general principle of avoiding hard-coded
copy&pasted data.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We cannot use `GetCredentialsForRef` if we want to retrieve the
credentials for a single registry. This use case is still valid which
makes the deprecation of the API obsolete.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
When searching via v2/catalog make sure that a full match is returned as
the first item. The change is motivated by a conversation in a BZ [1]
on the rather undefined nature/semantics of searching images.
While this change does not fix the BZ, it may be a small improvement
when using the v2/catalog endpoint.
[1] bugzilla.redhat.com/show_bug.cgi?id=1976283
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Podman and other tools already add Error: to the front of returned error
message, and this ends up as a stutter.
podman pull fedora.io/fred
Trying to pull fedora.io/fred:latest...
Error: Error initializing image from source docker://fedora.io/fred:latest: invalid character '<' looking for beginning of value
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This patch adds support for `host[:port]/ns/…repo` to auth.json while
keeping the backwards compatible behavior.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Currently, the User-Agent defaults to a golang default of either:
Go-http-client/1.1
Go-http-client/2.0
This makes it rather difficult to distinguish this client from any other
random golang program in registry logs.
Instead, set the default User-Agent to:
containers/$VERSION (github.com/containers/image)
Signed-off-by: Jon Johnson <jonjohnson@google.com>
Set default rootless sigstore to ~/.local/share/containers/sigstore if the caller is non-root.
Export the func ConfiguredSignatureStorageBase() for Podman image sign implementation.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Enable search registry uses the pagination until the search result reaches the limit, instead of returning default 100 limit from registry API.
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1827794
Signed-off-by: Qi Wang <qiwan@redhat.com>
Adding the support for using identitytoken in the .docker/config.json
files. Azure Container Registry is one of the case that uses this.
Signed-off-by: yihuaf <fang.yihua.eric@gmail.com>
- Only load `.conf` suffixed files
- Enforce v2 format of registries.conf
- Don't recurse into sub-directories
- Rootless support
- Cache key consists of conf and dir path
- Merge `[[registry]]` tables
- Several code clean ups and minor fixes
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We want to allow users to store certs in their homedir when running in rootless mode.
We want rootless podman and rootless buildah to add $HOME/.config/containers/certs.d
to the search path for certificates by default.
Currently there is no way for a non privileged user to get certs without being root on
the system or specify the certs dir on ever call.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Restrict the sizes of blobs which are copied into memory such as the
manifest, the config, signatures, etc. This will protect consumers of
c/image from rogue or hijacked registries that return too big blobs in
hope to cause an OOM DOS attack.
Note that error message should be improved in a future change to make
sure that it's clear in which code path we hit a limit.
Fixes: CVE-2020-1702
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1792796
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
E.g.
- Capitalize log messages
- Add a bit more context to the log messages
- Don't commit to specific fallback behavior in the API, only say that it may automatically retry.
- Fix some typos
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
It does not need to be nested (anymore), and as a top-level
function it's at least possible to write tests for it
(but this PR does not add any).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is more explicit about the units, actually a tiny bit simpler (no floats
involved), and does not enforce whole-second generality in the loop that
does not care.
Remove debugging log entries about falling back to %d seconds instead of
converting them, the caller logs the value immediately afterwards anyway.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
No need to declare them all the way at the start.
This also shows that parseRetryAfter has been accessing the function-global
variable instead of its parameter, so fix that.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Check for the "should we retry at all" condition first, and comment
the conditions (primarily to explain the "stream != nil" part).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Do
> if !x { break }
> loop body
instead of
> if x { loop body; continue }
> break
(except for the numIterations-1 case, but in that case there is no difference
between break and continue for our purposes.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
It has to be enforced on all return paths; it's simpler
to do it in the caller, that way we will never forget, and
we don't need a comment calling attention to the fact that maxDelay
is used.
Then rename nextDelay to, afterwards, more accureate parseRetryAfter.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Consolidate checking the http-status codes to allow for a more uniform
error handling. Also treat code 429 (too many requests) as a known
error instead of an invalid status code.
When hitting 429, perform an exponential back off starting a 2 seconds
for at most 5 iterations. If the http.Response set the `Retry-Header`
then use the provided value or date to compute the delay until the
next attempt. Note that the maximum delay is 60 seconds.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
... so that major-version-aware Go module import
(as opposed to vX.Y.Z+incompatible, which does not allow different
packages to use different versions) works right.
Also requires adding some more GO111MODULE=on options to Makefile.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Miloslav Trmač