thesayyn
commented
3 weeks ago Thanks for the PR. This sounds like non-spec behavior I have never seen a docker credential helper returning empty username and password.
Open fahhem opened 3 weeks ago
thesayyn
commented
3 weeks ago Thanks for the PR. This sounds like non-spec behavior I have never seen a docker credential helper returning empty username and password.
fahhem
commented
3 weeks ago Usually they're used for private repositories, but for devpod it's used for all repositories, including public docker hub ones.
thesayyn
commented
2 weeks ago I'd know for sure if there was reference implementations doing the same thing, othewise this sounds like a something non-spec compliant cred helper would do.
fahhem
commented
2 weeks ago Is there a spec for this? If so, I can take it to the devpod repo and ask them to fix it instead. I don't care where I fix this, I just don't want to maintain a patched rules_oci nor a patched devpod.
If there's no spec, and it's just based on implementations, then rules_oci should be resilient to more implementations.
thesayyn
commented
1 week ago only one that i am aware of is; https://github.com/docker/cli/blob/master/docs/reference/commandline/login.md#credential-helper-protocol
fahhem
commented
1 week ago Unfortunately, that doesn't specify what to output when no username is needed/available. Both an empty string vs json with empty values seem like valid guesses based on that page.
Tested with a docker config that only has a
credsStorebut without an account forindex.docker.io. Previously, this would result in a 401 when requesting the realm URL, but now it succeeds.