Skip to content

ContainerRegistry: Remove Authorization header when redirecting on Linux #167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 21, 2025
Merged

ContainerRegistry: Remove Authorization header when redirecting on Linux #167

merged 2 commits into from
Nov 21, 2025
+86 −2

Conversation

@euanh
Copy link
Collaborator

@euanh euanh commented Nov 18, 2025
edited
Loading

Motivation

In #164, @herzi reported a problem building container images based on swift:slim on Linux. The root cause of the problem is that Docker Hub now redirects pulls for swift:slim to an S3 bucked behind CloudFlare. URLSession on macOS follows the redirect correctly, but URLSession on Linux incorrectly includes an Authorization header which S3 rejects.

Modifications

Add a URLSession delegate which removes the Authorization header when following a redirect.

Result

Pulling swift:slim from Docker Hub works again.

Fixes: #166

Test Plan

@euanh euanh force-pushed the linux-redirect-handling branch 2 times, most recently from bab6f37 to 8fb1232 Compare November 18, 2025 17:21
@euanh euanh added kind/bug Something isn't working semver/patch No public API change. area/interoperability Improvements to compatibility with other systems. labels Nov 18, 2025
@herzi @euanh
ci: Run End-to-End Tests for Debug and Release Configurations
79027c5 
Motivation
----------

It looks like building images with containertool on Linux fails downloading the
base image `swift:slim` from dockerhub.

Modifications
-------------

Update end to end and integration workflows to test both `scratch` and `swift:slim`
base images.

Result
------

End-to-End Tests will now fail in release configuration.

Test Plan
---------

Other tests are not affected by this.
@euanh euanh force-pushed the linux-redirect-handling branch 3 times, most recently from 8e0633c to dd93dd7 Compare November 19, 2025 12:28
@euanh
ContainerRegistry: Remove Authorization header when redirecting on Linux
c06f14b 
Docker Hub now redirects pulls for swift:slim to an S3 bucked behind
CloudFlare. URLSession on macOS follows the redirect correctly, but
URLSession on Linux incorrectly includes an Authorization header
which S3 rejects.

This commit adds a URLSession delegate which removes the Authorization
header when following a redirect.
@euanh euanh force-pushed the linux-redirect-handling branch from dd93dd7 to c06f14b Compare November 19, 2025 12:52
@euanh euanh merged commit 1ea1608 into apple:main Nov 21, 2025
27 checks passed
@euanh euanh deleted the linux-redirect-handling branch November 21, 2025 13:06
@euanh euanh mentioned this pull request Nov 21, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/interoperability Improvements to compatibility with other systems. kind/bug Something isn't working semver/patch No public API change.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

containertool cannot download a base image from Docker Hub when running on Linux

2 participants

@euanh @herzi