containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

auto update: fix authfile detection 

Fix a bug were an authfile label in a container would mistakenly
override the authfile path for all subsequent checks.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This commit is contained in:
Valentin Rothberg 2021-06-24 11:41:01 +02:00
parent db26e1ef94
commit eda8d1f584
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/autoupdate/autoupdate.go
View File

@ -165,8 +165,8 @@ func AutoUpdate(runtime *libpod.Runtime, options Options) ([]string, []error) {
if rawImageName == "" {
errs = append(errs, errors.Errorf("error registry auto-updating container %q: raw-image name is empty", cid))
}
readAuthenticationPath(registryCtr, options)
needsUpdate, err := newerRemoteImageAvailable(runtime, image, rawImageName, options)
authfile := getAuthfilePath(registryCtr, options)
needsUpdate, err := newerRemoteImageAvailable(runtime, image, rawImageName, authfile)
if err != nil {
errs = append(errs, errors.Wrapf(err, "error registry auto-updating container %q: image check for %q failed", cid, rawImageName))
continue
@ -280,18 +280,20 @@ func imageContainersMap(runtime *libpod.Runtime) (map[string]policyMapper, []err
return containerMap, errors
}
// readAuthenticationPath reads a container's labels and reads authentication path into options
func readAuthenticationPath(ctr *libpod.Container, options Options) {
// getAuthfilePath returns an authfile path, if set. The authfile label in the
// container, if set, as precedence over the one set in the options.
func getAuthfilePath(ctr *libpod.Container, options Options) string {
labels := ctr.Labels()
authFilePath, exists := labels[AuthfileLabel]
if exists {
options.Authfile = authFilePath
return authFilePath
}
return options.Authfile
}
// newerRemoteImageAvailable returns true if there corresponding image on the remote
// registry is newer.
func newerRemoteImageAvailable(runtime *libpod.Runtime, img *libimage.Image, origName string, options Options) (bool, error) {
func newerRemoteImageAvailable(runtime *libpod.Runtime, img *libimage.Image, origName string, authfile string) (bool, error) {
remoteRef, err := docker.ParseReference("//" + origName)
if err != nil {
return false, err
@ -303,7 +305,9 @@ func newerRemoteImageAvailable(runtime *libpod.Runtime, img *libimage.Image, ori
}
sys := runtime.SystemContext()
sys.AuthFilePath = options.Authfile
if authfile != "" {
sys.AuthFilePath = authfile
}
// We need to account for the arch that the image uses. It seems
// common on ARM to tweak this option to pull the correct image. See