-
Notifications
You must be signed in to change notification settings - Fork 618
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hosts.toml file resolution does not seem to account for default port being ommitted #3047
Comments
Seems we need rework the whole login and auth part = = |
Yes, that is what I am thinking. |
As described in containerd#3047, hosts.toml file lookup will treat https://foo:443 and https://foo differently, possibly leading to divergent behaviors *for the same registry*. This PR makes it so that a registry URL using the default https port (443) will ALSO lookup files stored in a "portless" directory. Finally, as dockerconfigresolver.go will soon go under significant changes, the hosts.toml resolution functions have been also isolated in their separate, own file. Signed-off-by: apostasie <[email protected]>
As described in containerd#3047, hosts.toml file lookup will treat https://foo:443 and https://foo differently, possibly leading to divergent behaviors *for the same registry*. This PR makes it so that a registry URL using the default https port (443) will ALSO lookup files stored in a "portless" directory. Finally, as dockerconfigresolver.go will soon go under significant changes, the hosts.toml resolution functions have been also isolated in their separate, own file. Signed-off-by: apostasie <[email protected]>
As described in containerd#3047, hosts.toml file lookup will treat https://foo:443 and https://foo differently, possibly leading to divergent behaviors *for the same registry*. This PR makes it so that a registry URL using the default https port (443) will ALSO lookup files stored in a "portless" directory. Finally, as dockerconfigresolver.go will soon go under significant changes, the hosts.toml resolution functions have been also isolated in their separate, own file. Signed-off-by: apostasie <[email protected]>
What's the behavior in docker? e.g., if you |
Docker does not support hosts.toml, so, it does not seem like the above would matter here? Anyhow, here is a tentative proposal to clarify behavior wrt --insecure-registry, hosts.toml, and credentials: |
Description
nerdctl login https://foo:443
vs.
nerdctl login https://foo
If the
hosts.toml
path contains the port, the second one will fail.On the other hand, if it does not, the first one will fail.
Responsibility for walking the host dir is in
dockerconfigresolver.go
(NewHostOptions > HostDir()).This does not try to be smart wrt what the host contains (port or no port).
We should patch this so:
all of this should work with hosts.toml files path containing the port or notSteps to reproduce the issue
See description
Describe the results you received and expected
Fail / not fail.
What version of nerdctl are you using?
1.7.6
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
None
Host information
No response
The text was updated successfully, but these errors were encountered: