diff --git a/go.mod b/go.mod index 7123ddace78..9a1daf4affb 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/cenkalti/backoff/v4 v4.2.1 github.com/containerd/containerd v1.7.12 github.com/distribution/distribution v2.8.1+incompatible - github.com/google/go-containerregistry v0.19.0 + github.com/google/go-containerregistry v0.19.2 github.com/hashicorp/go-multierror v1.1.1 github.com/jaypipes/ghw v0.9.1-0.20220511134554-dac2f19e1c76 github.com/joho/godotenv v1.5.1 diff --git a/go.sum b/go.sum index 32dc81fe454..920639d2588 100644 --- a/go.sum +++ b/go.sum @@ -175,8 +175,8 @@ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.19.0 h1:uIsMRBV7m/HDkDxE/nXMnv1q+lOOSPlQ/ywc5JbB8Ic= -github.com/google/go-containerregistry v0.19.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= +github.com/google/go-containerregistry v0.19.2 h1:TannFKE1QSajsP6hPWb5oJNgKe1IKjHukIKDUmvsV6w= +github.com/google/go-containerregistry v0.19.2/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/pprof v0.0.0-20230502171905-255e3b9b56de h1:6bMcLOeKoNo0+mTOb1ee3McF6CCKGixjLR3EDQY1Jik= github.com/google/pprof v0.0.0-20230502171905-255e3b9b56de/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/authn.go b/vendor/github.com/google/go-containerregistry/pkg/authn/authn.go index 172d218e4fc..1555efae04f 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/authn/authn.go +++ b/vendor/github.com/google/go-containerregistry/pkg/authn/authn.go @@ -15,6 +15,7 @@ package authn import ( + "context" "encoding/base64" "encoding/json" "fmt" @@ -27,6 +28,22 @@ type Authenticator interface { Authorization() (*AuthConfig, error) } +// ContextAuthenticator is like Authenticator, but allows for context to be passed in. +type ContextAuthenticator interface { + // Authorization returns the value to use in an http transport's Authorization header. + AuthorizationContext(context.Context) (*AuthConfig, error) +} + +// Authorization calls AuthorizationContext with ctx if the given [Authenticator] implements [ContextAuthenticator], +// otherwise it calls Resolve with the given [Resource]. +func Authorization(ctx context.Context, authn Authenticator) (*AuthConfig, error) { + if actx, ok := authn.(ContextAuthenticator); ok { + return actx.AuthorizationContext(ctx) + } + + return authn.Authorization() +} + // AuthConfig contains authorization information for connecting to a Registry // Inlined what we use from github.com/docker/cli/cli/config/types type AuthConfig struct { diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go b/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go index 99e0b81c8d1..f4c452bdc3a 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go +++ b/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go @@ -15,6 +15,7 @@ package authn import ( + "context" "os" "path/filepath" "sync" @@ -45,6 +46,11 @@ type Keychain interface { Resolve(Resource) (Authenticator, error) } +// ContextKeychain is like Keychain, but allows for context to be passed in. +type ContextKeychain interface { + ResolveContext(context.Context, Resource) (Authenticator, error) +} + // defaultKeychain implements Keychain with the semantics of the standard Docker // credential keychain. type defaultKeychain struct { @@ -62,8 +68,23 @@ const ( DefaultAuthKey = "https://" + name.DefaultRegistry + "/v1/" ) -// Resolve implements Keychain. +// Resolve calls ResolveContext with ctx if the given [Keychain] implements [ContextKeychain], +// otherwise it calls Resolve with the given [Resource]. +func Resolve(ctx context.Context, keychain Keychain, target Resource) (Authenticator, error) { + if rctx, ok := keychain.(ContextKeychain); ok { + return rctx.ResolveContext(ctx, target) + } + + return keychain.Resolve(target) +} + +// ResolveContext implements ContextKeychain. func (dk *defaultKeychain) Resolve(target Resource) (Authenticator, error) { + return dk.ResolveContext(context.Background(), target) +} + +// Resolve implements Keychain. +func (dk *defaultKeychain) ResolveContext(ctx context.Context, target Resource) (Authenticator, error) { dk.mu.Lock() defer dk.mu.Unlock() @@ -86,8 +107,8 @@ func (dk *defaultKeychain) Resolve(target Resource) (Authenticator, error) { // config.Load, which may fail if the config can't be parsed. // // If neither was found, look for Podman's auth at - // $XDG_RUNTIME_DIR/containers/auth.json and attempt to load it as a - // Docker config. + // $REGISTRY_AUTH_FILE or $XDG_RUNTIME_DIR/containers/auth.json + // and attempt to load it as a Docker config. // // If neither are found, fallback to Anonymous. var cf *configfile.ConfigFile @@ -96,16 +117,28 @@ func (dk *defaultKeychain) Resolve(target Resource) (Authenticator, error) { if err != nil { return nil, err } - } else { + } else if fileExists(os.Getenv("REGISTRY_AUTH_FILE")) { + f, err := os.Open(os.Getenv("REGISTRY_AUTH_FILE")) + if err != nil { + return nil, err + } + defer f.Close() + cf, err = config.LoadFromReader(f) + if err != nil { + return nil, err + } + } else if fileExists(filepath.Join(os.Getenv("XDG_RUNTIME_DIR"), "containers/auth.json")) { f, err := os.Open(filepath.Join(os.Getenv("XDG_RUNTIME_DIR"), "containers/auth.json")) if err != nil { - return Anonymous, nil + return nil, err } defer f.Close() cf, err = config.LoadFromReader(f) if err != nil { return nil, err } + } else { + return Anonymous, nil } // See: @@ -168,6 +201,10 @@ func NewKeychainFromHelper(h Helper) Keychain { return wrapper{h} } type wrapper struct{ h Helper } func (w wrapper) Resolve(r Resource) (Authenticator, error) { + return w.ResolveContext(context.Background(), r) +} + +func (w wrapper) ResolveContext(ctx context.Context, r Resource) (Authenticator, error) { u, p, err := w.h.Get(r.RegistryStr()) if err != nil { return Anonymous, nil @@ -194,8 +231,12 @@ type refreshingKeychain struct { } func (r *refreshingKeychain) Resolve(target Resource) (Authenticator, error) { + return r.ResolveContext(context.Background(), target) +} + +func (r *refreshingKeychain) ResolveContext(ctx context.Context, target Resource) (Authenticator, error) { last := time.Now() - auth, err := r.keychain.Resolve(target) + auth, err := Resolve(ctx, r.keychain, target) if err != nil || auth == Anonymous { return auth, err } @@ -224,17 +265,21 @@ type refreshing struct { } func (r *refreshing) Authorization() (*AuthConfig, error) { + return r.AuthorizationContext(context.Background()) +} + +func (r *refreshing) AuthorizationContext(ctx context.Context) (*AuthConfig, error) { r.Lock() defer r.Unlock() if r.cached == nil || r.expired() { r.last = r.now() - auth, err := r.keychain.Resolve(r.target) + auth, err := Resolve(ctx, r.keychain, r.target) if err != nil { return nil, err } r.cached = auth } - return r.cached.Authorization() + return Authorization(ctx, r.cached) } func (r *refreshing) now() time.Time { diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go b/vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go index 3b1804f5d05..fe241a0fd9f 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go +++ b/vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go @@ -14,6 +14,8 @@ package authn +import "context" + type multiKeychain struct { keychains []Keychain } @@ -28,8 +30,12 @@ func NewMultiKeychain(kcs ...Keychain) Keychain { // Resolve implements Keychain. func (mk *multiKeychain) Resolve(target Resource) (Authenticator, error) { + return mk.ResolveContext(context.Background(), target) +} + +func (mk *multiKeychain) ResolveContext(ctx context.Context, target Resource) (Authenticator, error) { for _, kc := range mk.keychains { - auth, err := kc.Resolve(target) + auth, err := Resolve(ctx, kc, target) if err != nil { return nil, err } diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/digest.go b/vendor/github.com/google/go-containerregistry/pkg/name/digest.go index c049c1ef48a..28f6967ba70 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/name/digest.go +++ b/vendor/github.com/google/go-containerregistry/pkg/name/digest.go @@ -17,6 +17,7 @@ package name import ( // nolint: depguard _ "crypto/sha256" // Recommended by go-digest. + "encoding/json" "strings" "github.com/opencontainers/go-digest" @@ -59,6 +60,25 @@ func (d Digest) String() string { return d.original } +// MarshalJSON formats the digest into a string for JSON serialization. +func (d Digest) MarshalJSON() ([]byte, error) { + return json.Marshal(d.String()) +} + +// UnmarshalJSON parses a JSON string into a Digest. +func (d *Digest) UnmarshalJSON(data []byte) error { + var s string + if err := json.Unmarshal(data, &s); err != nil { + return err + } + n, err := NewDigest(s) + if err != nil { + return err + } + *d = n + return nil +} + // NewDigest returns a new Digest representing the given name. func NewDigest(name string, opts ...Option) (Digest, error) { // Split on "@" diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go index 4e61002bea4..d77b37c0c2e 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/fetcher.go @@ -47,7 +47,7 @@ type fetcher struct { func makeFetcher(ctx context.Context, target resource, o *options) (*fetcher, error) { auth := o.auth if o.keychain != nil { - kauth, err := o.keychain.Resolve(target) + kauth, err := authn.Resolve(ctx, o.keychain, target) if err != nil { return nil, err } diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go index fdb362b7620..f2452469d2b 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go @@ -33,7 +33,7 @@ var _ http.RoundTripper = (*basicTransport)(nil) // RoundTrip implements http.RoundTripper func (bt *basicTransport) RoundTrip(in *http.Request) (*http.Response, error) { if bt.auth != authn.Anonymous { - auth, err := bt.auth.Authorization() + auth, err := authn.Authorization(in.Context(), bt.auth) if err != nil { return nil, err } diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go index cb156749691..be3bec9c377 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go @@ -49,7 +49,7 @@ func Exchange(ctx context.Context, reg name.Registry, auth authn.Authenticator, if err != nil { return nil, err } - authcfg, err := auth.Authorization() + authcfg, err := authn.Authorization(ctx, auth) if err != nil { return nil, err } @@ -190,7 +190,7 @@ func (bt *bearerTransport) RoundTrip(in *http.Request) (*http.Response, error) { // The basic token exchange is attempted first, falling back to the oauth flow. // If the IdentityToken is set, this indicates that we should start with the oauth flow. func (bt *bearerTransport) refresh(ctx context.Context) error { - auth, err := bt.basic.Authorization() + auth, err := authn.Authorization(ctx, bt.basic) if err != nil { return err } @@ -295,7 +295,7 @@ func canonicalAddress(host, scheme string) (address string) { // https://docs.docker.com/registry/spec/auth/oauth/ func (bt *bearerTransport) refreshOauth(ctx context.Context) ([]byte, error) { - auth, err := bt.basic.Authorization() + auth, err := authn.Authorization(ctx, bt.basic) if err != nil { return nil, err } diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go index 04a3989a6ee..b730dbb054f 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go @@ -76,7 +76,7 @@ type writer struct { func makeWriter(ctx context.Context, repo name.Repository, ls []v1.Layer, o *options) (*writer, error) { auth := o.auth if o.keychain != nil { - kauth, err := o.keychain.Resolve(repo) + kauth, err := authn.Resolve(ctx, o.keychain, repo) if err != nil { return nil, err } diff --git a/vendor/modules.txt b/vendor/modules.txt index 01992ba2715..55419367f3b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -292,7 +292,7 @@ github.com/google/go-cmp/cmp/internal/diff github.com/google/go-cmp/cmp/internal/flags github.com/google/go-cmp/cmp/internal/function github.com/google/go-cmp/cmp/internal/value -# github.com/google/go-containerregistry v0.19.0 +# github.com/google/go-containerregistry v0.19.2 ## explicit; go 1.18 github.com/google/go-containerregistry/internal/and github.com/google/go-containerregistry/internal/compression