resolver: set buildkit own user-agent #2593
Conversation
| version = matchs[0][1] + "-dev" | ||
| } | ||
|
|
||
| return "buildkit/" + version |
There was a problem hiding this comment.
Could we add the runtime? That could be useful:
return fmt.Sprintf("buildkit/%s go/%s %s/%s", version, runtime.Version()[2:], runtime.GOOS, runtime.GOARCH)There was a problem hiding this comment.
I'm not sure. Go version can be implied from the main version. OS/Arch can be useful but we need to draw the line somewhere. The previous containerd string used the same formatting with only version.
|
Generally I'd prefer not to leak so much info in the User-Agent, which can be used for tracking anonymous users. |
|
@AkihiroSuda You mean you prefer adding platform value or what do you mean by "so much info"? |
I felt leaking the version number might decrease anonymity, and potentially helpful for malicious registry operators to find hosts running vulnerable versions of BuildKit. (relevant: containerd/containerd#6474 containerd/nerdctl#704 (review)) But maybe acceptable, if the patch version (Z of vX.Y.Z) and the commit hash are omitted. |
|
I already took out the commit hash. For the regular version, I'm not sure if there is any risk. We only support secured connections by default anyway. |
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
tonistiigi
force-pushed
the
user-agent
branch
from
13055bb
to
dd99241
Compare
|
I've updated so it is only a major version on releases and the default |
Instead of using containerd defaults set our own user-agent on registry requests.
For dev versions I added some pattern matching to avoid putting sha in the requests as it would be useless for any kind of statistics.
(The double value comes from some tracing artifact, there is no actual double header).
Signed-off-by: Tonis Tiigi tonistiigi@gmail.com