diff options
author | Valentin Rothberg <rothberg@redhat.com> | 2021-06-24 11:41:01 +0200 |
---|---|---|
committer | Valentin Rothberg <rothberg@redhat.com> | 2021-07-13 13:52:46 +0200 |
commit | eda8d1f584dec2194c6c4ada2ba32b8dbaeaeb3a (patch) | |
tree | 6a3d2c79b8577f50391865c8fc5f785858d758bf | |
parent | db26e1ef947188bd4d5716ed7712171306ff7f66 (diff) | |
download | podman-eda8d1f584dec2194c6c4ada2ba32b8dbaeaeb3a.tar.gz podman-eda8d1f584dec2194c6c4ada2ba32b8dbaeaeb3a.tar.bz2 podman-eda8d1f584dec2194c6c4ada2ba32b8dbaeaeb3a.zip |
auto update: fix authfile detection
Fix a bug were an authfile label in a container would mistakenly
override the authfile path for all subsequent checks.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
-rw-r--r-- | pkg/autoupdate/autoupdate.go | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go index 0a13e7e74..85082dbbb 100644 --- a/pkg/autoupdate/autoupdate.go +++ b/pkg/autoupdate/autoupdate.go @@ -165,8 +165,8 @@ func AutoUpdate(runtime *libpod.Runtime, options Options) ([]string, []error) { if rawImageName == "" { errs = append(errs, errors.Errorf("error registry auto-updating container %q: raw-image name is empty", cid)) } - readAuthenticationPath(registryCtr, options) - needsUpdate, err := newerRemoteImageAvailable(runtime, image, rawImageName, options) + authfile := getAuthfilePath(registryCtr, options) + needsUpdate, err := newerRemoteImageAvailable(runtime, image, rawImageName, authfile) if err != nil { errs = append(errs, errors.Wrapf(err, "error registry auto-updating container %q: image check for %q failed", cid, rawImageName)) continue @@ -280,18 +280,20 @@ func imageContainersMap(runtime *libpod.Runtime) (map[string]policyMapper, []err return containerMap, errors } -// readAuthenticationPath reads a container's labels and reads authentication path into options -func readAuthenticationPath(ctr *libpod.Container, options Options) { +// getAuthfilePath returns an authfile path, if set. The authfile label in the +// container, if set, as precedence over the one set in the options. +func getAuthfilePath(ctr *libpod.Container, options Options) string { labels := ctr.Labels() authFilePath, exists := labels[AuthfileLabel] if exists { - options.Authfile = authFilePath + return authFilePath } + return options.Authfile } // newerRemoteImageAvailable returns true if there corresponding image on the remote // registry is newer. -func newerRemoteImageAvailable(runtime *libpod.Runtime, img *libimage.Image, origName string, options Options) (bool, error) { +func newerRemoteImageAvailable(runtime *libpod.Runtime, img *libimage.Image, origName string, authfile string) (bool, error) { remoteRef, err := docker.ParseReference("//" + origName) if err != nil { return false, err @@ -303,7 +305,9 @@ func newerRemoteImageAvailable(runtime *libpod.Runtime, img *libimage.Image, ori } sys := runtime.SystemContext() - sys.AuthFilePath = options.Authfile + if authfile != "" { + sys.AuthFilePath = authfile + } // We need to account for the arch that the image uses. It seems // common on ARM to tweak this option to pull the correct image. See |