From 4436f07ef42d367a801695c9bfac521e85072033 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 11 Feb 2016 10:28:18 -0800 Subject: [PATCH 1/2] Update vendored docker/distribution The registry/client/auth package now provides ErrNoBasicAuthCredentials. Signed-off-by: Aaron Lehmann --- hack/vendor.sh | 2 +- vendor/src/github.com/docker/distribution/context/doc.go | 2 +- vendor/src/github.com/docker/distribution/context/trace.go | 2 +- vendor/src/github.com/docker/distribution/digest/set.go | 2 +- .../docker/distribution/manifest/schema1/manifest.go | 2 +- .../src/github.com/docker/distribution/reference/regexp.go | 2 +- .../docker/distribution/registry/api/v2/descriptors.go | 6 +++--- .../docker/distribution/registry/api/v2/errors.go | 2 +- .../docker/distribution/registry/client/auth/session.go | 6 +++++- 9 files changed, 15 insertions(+), 11 deletions(-) diff --git a/hack/vendor.sh b/hack/vendor.sh index 92843b7036..21516a86fd 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -48,7 +48,7 @@ clone git github.com/boltdb/bolt v1.1.0 clone git github.com/miekg/dns 75e6e86cc601825c5dbcd4e0c209eab180997cd7 # get graph and distribution packages -clone git github.com/docker/distribution 77534e734063a203981df7024fe8ca9228b86930 +clone git github.com/docker/distribution 7b66c50bb7e0e4b3b83f8fd134a9f6ea4be08b57 clone git github.com/vbatts/tar-split v0.9.11 # get desired notary commit, might also need to be updated in Dockerfile diff --git a/vendor/src/github.com/docker/distribution/context/doc.go b/vendor/src/github.com/docker/distribution/context/doc.go index 6fe1f817d8..3b4ab8882f 100644 --- a/vendor/src/github.com/docker/distribution/context/doc.go +++ b/vendor/src/github.com/docker/distribution/context/doc.go @@ -1,6 +1,6 @@ // Package context provides several utilities for working with // golang.org/x/net/context in http requests. Primarily, the focus is on -// logging relevent request information but this package is not limited to +// logging relevant request information but this package is not limited to // that purpose. // // The easiest way to get started is to get the background context: diff --git a/vendor/src/github.com/docker/distribution/context/trace.go b/vendor/src/github.com/docker/distribution/context/trace.go index af4f1351e9..721964a848 100644 --- a/vendor/src/github.com/docker/distribution/context/trace.go +++ b/vendor/src/github.com/docker/distribution/context/trace.go @@ -10,7 +10,7 @@ import ( // WithTrace allocates a traced timing span in a new context. This allows a // caller to track the time between calling WithTrace and the returned done // function. When the done function is called, a log message is emitted with a -// "trace.duration" field, corresponding to the elapased time and a +// "trace.duration" field, corresponding to the elapsed time and a // "trace.func" field, corresponding to the function that called WithTrace. // // The logging keys "trace.id" and "trace.parent.id" are provided to implement diff --git a/vendor/src/github.com/docker/distribution/digest/set.go b/vendor/src/github.com/docker/distribution/digest/set.go index 3fac41b40f..4b9313c1ae 100644 --- a/vendor/src/github.com/docker/distribution/digest/set.go +++ b/vendor/src/github.com/docker/distribution/digest/set.go @@ -22,7 +22,7 @@ var ( // may be easily referenced by easily referenced by a string // representation of the digest as well as short representation. // The uniqueness of the short representation is based on other -// digests in the set. If digests are ommited from this set, +// digests in the set. If digests are omitted from this set, // collisions in a larger set may not be detected, therefore it // is important to always do short representation lookups on // the complete set of digests. To mitigate collisions, an diff --git a/vendor/src/github.com/docker/distribution/manifest/schema1/manifest.go b/vendor/src/github.com/docker/distribution/manifest/schema1/manifest.go index 160f9cd996..bff47bde05 100644 --- a/vendor/src/github.com/docker/distribution/manifest/schema1/manifest.go +++ b/vendor/src/github.com/docker/distribution/manifest/schema1/manifest.go @@ -102,7 +102,7 @@ type SignedManifest struct { Canonical []byte `json:"-"` // all contains the byte representation of the Manifest including signatures - // and is retuend by Payload() + // and is returned by Payload() all []byte } diff --git a/vendor/src/github.com/docker/distribution/reference/regexp.go b/vendor/src/github.com/docker/distribution/reference/regexp.go index b465abf5d0..9a7d366bc8 100644 --- a/vendor/src/github.com/docker/distribution/reference/regexp.go +++ b/vendor/src/github.com/docker/distribution/reference/regexp.go @@ -49,7 +49,7 @@ var ( // NameRegexp is the format for the name component of references. The // regexp has capturing groups for the hostname and name part omitting - // the seperating forward slash from either. + // the separating forward slash from either. NameRegexp = expression( optional(hostnameRegexp, literal(`/`)), nameComponentRegexp, diff --git a/vendor/src/github.com/docker/distribution/registry/api/v2/descriptors.go b/vendor/src/github.com/docker/distribution/registry/api/v2/descriptors.go index ad3da3efb9..7549ccc322 100644 --- a/vendor/src/github.com/docker/distribution/registry/api/v2/descriptors.go +++ b/vendor/src/github.com/docker/distribution/registry/api/v2/descriptors.go @@ -271,7 +271,7 @@ type MethodDescriptor struct { // RequestDescriptor per API use case. type RequestDescriptor struct { // Name provides a short identifier for the request, usable as a title or - // to provide quick context for the particalar request. + // to provide quick context for the particular request. Name string // Description should cover the requests purpose, covering any details for @@ -303,14 +303,14 @@ type RequestDescriptor struct { // ResponseDescriptor describes the components of an API response. type ResponseDescriptor struct { // Name provides a short identifier for the response, usable as a title or - // to provide quick context for the particalar response. + // to provide quick context for the particular response. Name string // Description should provide a brief overview of the role of the // response. Description string - // StatusCode specifies the status recieved by this particular response. + // StatusCode specifies the status received by this particular response. StatusCode int // Headers covers any headers that may be returned from the response. diff --git a/vendor/src/github.com/docker/distribution/registry/api/v2/errors.go b/vendor/src/github.com/docker/distribution/registry/api/v2/errors.go index ece52a2cd0..97d6923aa0 100644 --- a/vendor/src/github.com/docker/distribution/registry/api/v2/errors.go +++ b/vendor/src/github.com/docker/distribution/registry/api/v2/errors.go @@ -84,7 +84,7 @@ var ( }) // ErrorCodeManifestUnverified is returned when the manifest fails - // signature verfication. + // signature verification. ErrorCodeManifestUnverified = errcode.Register(errGroup, errcode.ErrorDescriptor{ Value: "MANIFEST_UNVERIFIED", Message: "manifest failed signature verification", diff --git a/vendor/src/github.com/docker/distribution/registry/client/auth/session.go b/vendor/src/github.com/docker/distribution/registry/client/auth/session.go index 50a94a3da3..f4c7ade41f 100644 --- a/vendor/src/github.com/docker/distribution/registry/client/auth/session.go +++ b/vendor/src/github.com/docker/distribution/registry/client/auth/session.go @@ -15,6 +15,10 @@ import ( "github.com/docker/distribution/registry/client/transport" ) +// ErrNoBasicAuthCredentials is returned if a request can't be authorized with +// basic auth due to lack of credentials. +var ErrNoBasicAuthCredentials = errors.New("no basic auth credentials") + // AuthenticationHandler is an interface for authorizing a request from // params from a "WWW-Authenicate" header for a single scheme. type AuthenticationHandler interface { @@ -322,5 +326,5 @@ func (bh *basicHandler) AuthorizeRequest(req *http.Request, params map[string]st return nil } } - return errors.New("no basic auth credentials") + return ErrNoBasicAuthCredentials } From 7b81bc147cf75cb32697e8fdf88e05ae879cb879 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 11 Feb 2016 10:30:56 -0800 Subject: [PATCH 2/2] Fall back to V1 when there are no basic auth credentials This makes the behavior consistent with having incorrect credentials. Signed-off-by: Aaron Lehmann --- distribution/pull_v2.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go index 0e04c46c32..00cf7a5f41 100644 --- a/distribution/pull_v2.go +++ b/distribution/pull_v2.go @@ -6,6 +6,7 @@ import ( "fmt" "io" "io/ioutil" + "net/url" "os" "runtime" @@ -17,6 +18,7 @@ import ( "github.com/docker/distribution/manifest/schema2" "github.com/docker/distribution/registry/api/errcode" "github.com/docker/distribution/registry/client" + "github.com/docker/distribution/registry/client/auth" "github.com/docker/distribution/registry/client/transport" "github.com/docker/docker/distribution/metadata" "github.com/docker/docker/distribution/xfer" @@ -710,6 +712,10 @@ func allowV1Fallback(err error) error { if registry.ShouldV2Fallback(v) { return fallbackError{err: err, confirmedV2: false} } + case *url.Error: + if v.Err == auth.ErrNoBasicAuthCredentials { + return fallbackError{err: err, confirmedV2: false} + } } return err