mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Update downloader script, to ensure that Authorization header is not passed when downloading blobs.
Signed-off-by: Alexander Midlash <amidlash@docker.com>
This commit is contained in:
Alexander Midlash
parent
050c1bb17b
commit
5c38e4c16a
1 changed files with 15 additions and 9 deletions
|
|
@ -44,6 +44,17 @@ if [ "$(go env GOHOSTOS)" = 'windows' ]; then
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
fetch_blob() {
|
||||||
|
url=$1
|
||||||
|
token=$2
|
||||||
|
dest=$3
|
||||||
|
echo "Attempting to download blob $url"
|
||||||
|
target=$(curl -sS -v -H "Authorization: Bearer $token" "$url" 2>&1 | grep "Location:" | sed 's/< Location: \(.*\)\r/\1/')
|
||||||
|
# curl blob (exclude auth token)
|
||||||
|
curl -fsS --progress "${target}" -o "$dest"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
while [ $# -gt 0 ]; do
|
while [ $# -gt 0 ]; do
|
||||||
imageTag="$1"
|
imageTag="$1"
|
||||||
shift
|
shift
|
||||||
|
|
@ -87,10 +98,7 @@ while [ $# -gt 0 ]; do
|
||||||
imageId="${configDigest#*:}" # strip off "sha256:"
|
imageId="${configDigest#*:}" # strip off "sha256:"
|
||||||
|
|
||||||
configFile="$imageId.json"
|
configFile="$imageId.json"
|
||||||
curl -fsSL \
|
fetch_blob "https://registry-1.docker.io/v2/$image/blobs/$configDigest" $token "$dir/$configFile"
|
||||||
-H "Authorization: Bearer $token" \
|
|
||||||
"https://registry-1.docker.io/v2/$image/blobs/$configDigest" \
|
|
||||||
-o "$dir/$configFile"
|
|
||||||
|
|
||||||
layersFs="$(echo "$manifestJson" | jq --raw-output --compact-output '.layers[]')"
|
layersFs="$(echo "$manifestJson" | jq --raw-output --compact-output '.layers[]')"
|
||||||
IFS="$newlineIFS"
|
IFS="$newlineIFS"
|
||||||
|
|
@ -158,10 +166,7 @@ while [ $# -gt 0 ]; do
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output '.token')"
|
token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output '.token')"
|
||||||
curl -fSL --progress \
|
fetch_blob "https://registry-1.docker.io/v2/$image/blobs/$layerDigest" $token "$dir/$layerTar"
|
||||||
-H "Authorization: Bearer $token" \
|
|
||||||
"https://registry-1.docker.io/v2/$image/blobs/$layerDigest" \
|
|
||||||
-o "$dir/$layerTar"
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
*)
|
*)
|
||||||
|
|
@ -231,7 +236,8 @@ while [ $# -gt 0 ]; do
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output '.token')"
|
token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output '.token')"
|
||||||
curl -fSL --progress -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/blobs/$imageLayer" -o "$dir/$layerId/layer.tar" # -C -
|
# find redirect using token:
|
||||||
|
fetch_blob "https://registry-1.docker.io/v2/$image/blobs/$imageLayer" $token "$dir/$layerId/layer.tar"
|
||||||
done
|
done
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue