summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2021-06-24 11:41:01 +0200
committerValentin Rothberg <rothberg@redhat.com>2021-07-13 13:52:46 +0200
commiteda8d1f584dec2194c6c4ada2ba32b8dbaeaeb3a (patch)
tree6a3d2c79b8577f50391865c8fc5f785858d758bf
parentdb26e1ef947188bd4d5716ed7712171306ff7f66 (diff)
downloadpodman-eda8d1f584dec2194c6c4ada2ba32b8dbaeaeb3a.tar.gz
podman-eda8d1f584dec2194c6c4ada2ba32b8dbaeaeb3a.tar.bz2
podman-eda8d1f584dec2194c6c4ada2ba32b8dbaeaeb3a.zip
auto update: fix authfile detection
Fix a bug were an authfile label in a container would mistakenly override the authfile path for all subsequent checks. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
-rw-r--r--pkg/autoupdate/autoupdate.go18
1 files changed, 11 insertions, 7 deletions
diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go
index 0a13e7e74..85082dbbb 100644
--- a/pkg/autoupdate/autoupdate.go
+++ b/pkg/autoupdate/autoupdate.go
@@ -165,8 +165,8 @@ func AutoUpdate(runtime *libpod.Runtime, options Options) ([]string, []error) {
if rawImageName == "" {
errs = append(errs, errors.Errorf("error registry auto-updating container %q: raw-image name is empty", cid))
}
- readAuthenticationPath(registryCtr, options)
- needsUpdate, err := newerRemoteImageAvailable(runtime, image, rawImageName, options)
+ authfile := getAuthfilePath(registryCtr, options)
+ needsUpdate, err := newerRemoteImageAvailable(runtime, image, rawImageName, authfile)
if err != nil {
errs = append(errs, errors.Wrapf(err, "error registry auto-updating container %q: image check for %q failed", cid, rawImageName))
continue
@@ -280,18 +280,20 @@ func imageContainersMap(runtime *libpod.Runtime) (map[string]policyMapper, []err
return containerMap, errors
}
-// readAuthenticationPath reads a container's labels and reads authentication path into options
-func readAuthenticationPath(ctr *libpod.Container, options Options) {
+// getAuthfilePath returns an authfile path, if set. The authfile label in the
+// container, if set, as precedence over the one set in the options.
+func getAuthfilePath(ctr *libpod.Container, options Options) string {
labels := ctr.Labels()
authFilePath, exists := labels[AuthfileLabel]
if exists {
- options.Authfile = authFilePath
+ return authFilePath
}
+ return options.Authfile
}
// newerRemoteImageAvailable returns true if there corresponding image on the remote
// registry is newer.
-func newerRemoteImageAvailable(runtime *libpod.Runtime, img *libimage.Image, origName string, options Options) (bool, error) {
+func newerRemoteImageAvailable(runtime *libpod.Runtime, img *libimage.Image, origName string, authfile string) (bool, error) {
remoteRef, err := docker.ParseReference("//" + origName)
if err != nil {
return false, err
@@ -303,7 +305,9 @@ func newerRemoteImageAvailable(runtime *libpod.Runtime, img *libimage.Image, ori
}
sys := runtime.SystemContext()
- sys.AuthFilePath = options.Authfile
+ if authfile != "" {
+ sys.AuthFilePath = authfile
+ }
// We need to account for the arch that the image uses. It seems
// common on ARM to tweak this option to pull the correct image. See