aboutsummaryrefslogtreecommitdiff
path: root/libpod/image/docker_registry_options.go
Commit message (Collapse)AuthorAge
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* remove blank lineLes Aker2020-04-23
| | | | Signed-off-by: Les Aker <me@lesaker.org>
* set bigfilestemporarydir for pullLes Aker2020-04-23
| | | | Signed-off-by: Les Aker <me@lesaker.org>
* pull/create: add --override-arch/--override-os flagsNalin Dahyabhai2019-10-29
| | | | | | | | Add --override-arch and --override-os as hidden flags, in line with the global flag names that skopeo uses, so that we can test behavior around manifest lists without having to conditionalize more of it by arch. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* bump containers/image to v5.0.0, buildah to v1.11.4Nalin Dahyabhai2019-10-29
| | | | | | | | | Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Update c/image to v4.0.1 and buildah to 1.11.3Miloslav Trmač2019-10-04
| | | | | | | | | | | | | | This requires updating all import paths throughout, and a matching buildah update to interoperate. I can't figure out the reason for go.mod tracking github.com/containers/image v3.0.2+incompatible // indirect ((go mod graph) lists it as a direct dependency of libpod, but (go list -json -m all) lists it as an indirect dependency), but at least looking at the vendor subdirectory, it doesn't seem to be actually used in the built binaries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* image: add user agent to Docker registry optionsStefan Becker2019-08-12
| | | | | | | | | Set the string to "libpod/VERSION" so that we don't use the unspecific default of "Go-http-client/xxx". Fixes #3788 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* Minimally update for the DockerInsecureSkipTLSVerify type changeMiloslav Trmač2018-12-06
| | | | | | | | | | | | | | | | | Following SystemContext.DockerInsecureSkipTLSVerify, make the DockerRegistryOne also an OptionalBool, and update callers. Explicitly document that --tls-verify=true and --tls-verify unset have different behavior in those commands where the behavior changed (or where it hasn't changed but the documentation needed updating). Also make the --tls-verify man page sections a tiny bit more consistent throughout. This is a minimal fix, without changing the existing "--tls-verify=true" paths nor existing manual insecure registry lookups. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove the forceCompress parameter from getCopyOptions and DRO.GetSystemContextMiloslav Trmač2018-08-01
| | | | | | | | | | | Use the parent types.SystemContext data instead. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Remove the authFile parameter from getCopyOptions and DRO.GetSystemContextMiloslav Trmač2018-08-01
| | | | | | | | | | | Use the parent types.SystemContext data instead. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Remove the signaturePolicyPath parameter from getCopyOptions and ↵Miloslav Trmač2018-08-01
| | | | | | | | | | | | | DRO.GetSystemContext Use the parent types.SystemContext data instead. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* Add a *types.SystemContext parameter to getCopyOptions and DRO.GetSystemContextMiloslav Trmač2018-08-01
| | | | | | | | | | | | | | | All callers of getCopyOptions also call GetSystemContext with the same three parameters; we will want to simplify this by passing the first SystemContext to getCopyOptions, which can then inherit this data instead of so many parameters everywhere. For now, just add a *types.SystemContext parameter without using it. Should not change behavior (but does not add unit tests). Signed-off-by: Miloslav Trmač <mitr@redhat.com> Closes: #1176 Approved by: rhatdan
* save and load should support multi-tag for docker-archiveumohnani82018-05-25
| | | | | | | | | | | | The docker-archive tar files can have multiple tags for the same image stored in it. Load pulls all the tags found in the archive when loading a tar file. Save can oush multiple tags of the same image to a tar archive. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #819 Approved by: rhatdan
* Stage3 Image Librarybaude2018-03-14
This represents the stage3 implementation for the image library. At this point, we are moving the image-centric functions to pkg/image including migration of args and object-oriented references. This is a not a one-for-one migration of funcs and some funcs will need to continue to reside in runtime_img as they are overly specific to libpod and probably not useful to others. Signed-off-by: baude <bbaude@redhat.com> Closes: #484 Approved by: baude