diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-30 12:10:43 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-30 12:10:43 -0600 |
| commit | ebb003ef2beaeee61104d6b88a342c5c9fa73b51 (patch) | |
| tree | 7b72d99a6257b636a9a844602f469975853e3b0e /vendor/github.com/docker | |
| parent | a9a093fcc7a4e0c65f363eb2e2439631062de645 (diff) | |
| parent | d4f4f72b5ff586f2ff440f19f61d2fe48be89a37 (diff) | |
Merge branch 'secure-repository' into 'main'
Authorize reading/writing Sparkles using SpiceDB
See merge request gitlab-org/software-supply-chain-security/authorization/sparkled!20
Diffstat (limited to 'vendor/github.com/docker')
| -rw-r--r-- | vendor/github.com/docker/docker/api/types/registry/authconfig.go | 2 | ||||
| -rw-r--r-- | vendor/github.com/docker/docker/client/image_push.go | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/vendor/github.com/docker/docker/api/types/registry/authconfig.go b/vendor/github.com/docker/docker/api/types/registry/authconfig.go index 70f7320..fa9037b 100644 --- a/vendor/github.com/docker/docker/api/types/registry/authconfig.go +++ b/vendor/github.com/docker/docker/api/types/registry/authconfig.go @@ -83,6 +83,8 @@ func DecodeAuthConfig(authEncoded string) (*AuthConfig, error) { // Like [DecodeAuthConfig], this function always returns an [AuthConfig], even if an // error occurs. It is up to the caller to decide if authentication is required, // and if the error can be ignored. +// +// Deprecated: this function is no longer used and will be removed in the next release. func DecodeAuthConfigBody(rdr io.ReadCloser) (*AuthConfig, error) { return decodeAuthConfigFromReader(rdr) } diff --git a/vendor/github.com/docker/docker/client/image_push.go b/vendor/github.com/docker/docker/client/image_push.go index cbbe9a2..8dbe0b1 100644 --- a/vendor/github.com/docker/docker/client/image_push.go +++ b/vendor/github.com/docker/docker/client/image_push.go @@ -66,7 +66,16 @@ func (cli *Client) ImagePush(ctx context.Context, image string, options image.Pu } func (cli *Client) tryImagePush(ctx context.Context, imageID string, query url.Values, registryAuth string) (*http.Response, error) { - return cli.post(ctx, "/images/"+imageID+"/push", query, nil, http.Header{ + // Always send a body (which may be an empty JSON document ("{}")) to prevent + // EOF errors on older daemons which had faulty fallback code for handling + // authentication in the body when no auth-header was set, resulting in; + // + // Error response from daemon: bad parameters and missing X-Registry-Auth: invalid X-Registry-Auth header: EOF + // + // We use [http.NoBody], which gets marshaled to an empty JSON document. + // + // see: https://github.com/moby/moby/commit/ea29dffaa541289591aa44fa85d2a596ce860e16 + return cli.post(ctx, "/images/"+imageID+"/push", query, http.NoBody, http.Header{ registry.AuthHeader: {registryAuth}, }) } |