Credential library support for legacy auth config keys #1
Comments
|
Hi @AaronFriel, thanks for the information! Does this issue occur on both native store (desktop, pass, etc.) and config file store? |
|
I think so @Wwwsylvia, but this is primarily an advisory issue that we'll need to handle entries with and without |
I tested on my mac today, it still prefixes |
|
I have tested with
|
Thanks @wangxiaoxuan273 for the testing! |
|
Closing this issue as it is handled by the osxkeychain helper as mentioned by @wangxiaoxuan273 and @Wwwsylvia. |
|
The issue still exists. See notaryproject/notation#801. |
Backporting [`e8e4f84`](oras-project/oras-go@e8e4f84) from `oras-go`. Fix: #1 Signed-off-by: Sylvia Lei <lixlei@microsoft.com>
|
Closing as #100 has been merged. |
Regarding the initiative to create a general authentication library for registries (thanks to @shizhMSFT in #413), I encountered some legacy behavior in the Docker credential helper libraries and thought it should be documented to ensure ORAS supports it in this new library.
Credential helpers may return keys either of the form, e.g.,
https://ghcr.ioorghcr.io, or the original Docker index server URLhttps://index.docker.io/v1/. See, Docker issue: docker/docker-credential-helpers#256To handle this, libraries implementing auth and intending to choose an auth configuration must:
Use a
ToHostnameroutine to homogenize the input server name, removing the scheme and then path parts after the hostname. This function would take a name likehttps://ghcr.io/aaronfrieland returnghcr.io.First attempt a direct lookup in the map (
authConfigs["ghcr.io"]), and early return on success. Otherwise, iterate over the map and perform theToHostnameconversion on each of the keys, returning the first key that equals the input ("ghcr.io" == ToHostname(key)).Example: https://github.com/docker/cli/blob/v20.10.23/cli/config/credentials/file_store.go#L33-L47
The text was updated successfully, but these errors were encountered: