search

chainguard-dev / apko

Build OCI images from APK packages directly without Dockerfile
https://apko.dev
Apache License 2.0
1.17k stars 115 forks source link

Support for HTTP Basic Auth on apk repos #794

Closed joemiller closed 1 year ago

joemiller commented 1 year ago

alpine's apk (and associated c libs) offer few methods for dealing with private repos, in fact it appears http-basic-auth is the only available option. However apko does not support http basic auth. It would be nice for some scenarios to have this available as it seems to work with alpine's apk tool.

I am not sure if this issue/request should be on the chainguard-dev/go-apk repo or here, as I assume there will be changes needed in both repos.

I have confirmed alpine itself works with my private test repo:

$ docker run --rm -it alpine:latest sh

sh # echo 'https://foo:bar@dxxxxxxxxx.cloudfront.net/os/' >>/etc/apk/repositories

sh # apk add --allow-untrusted example
fetch https://foo:bar@dxxxxxxxxx.cloudfront.net/os/x86_64/APKINDEX.tar.gz
(1/1) Installing example (0.0.1-r0)

apko publish fails, however:

# apko.yaml
contents:
  keyring:
    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
    - https://foo:bar@dxxxxxxxxx.cloudfront.net/os/melange.rsa.pub
  repositories:
    - https://packages.wolfi.dev/os
    - https://foo:bar@dxxxxxxxxx.cloudfront.net/os/
  packages:
    - ca-certificates-bundle
    - wolfi-base
    - wolfi-baselayout
    - tzdata
    - example

cmd: /bin/sh -l

archs:
  - x86_64
  - aarch64
$ apko publish apko.yaml registry/example:latest

2023/07/08 14:22:18 [DEBUG] GET https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
2023/07/08 14:22:18 [DEBUG] GET https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
2023/07/08 14:22:18 [DEBUG] GET https://d2fm6dmgrzdb3m.cloudfront.net/os/melange.rsa.pub
2023/07/08 14:22:18 [DEBUG] GET https://d2fm6dmgrzdb3m.cloudfront.net/os/melange.rsa.pub
Error: failed to build image components: failed to build layer image for "arm64": initializing apk: failed to initialize apk keyring: failed to fetch apk key: http response indicated error
2023/07/08 14:22:19 error during command execution: failed to build image components: failed to build layer image for "arm64": initializing apk: failed to initialize apk keyring: failed to fetch apk key: http response indicated error
kaniini commented 1 year ago

This should be working, but admittedly, I've never tested it. We will get this working ASAP.

joemiller commented 1 year ago

@kaniini I just pushed a branch at https://github.com/chainguard-dev/go-apk/pull/79 you may want to test out 🤞 the only changes needed are in the go-apko lib

deitch commented 1 year ago

Thanks for the PR @joemiller! I just have some small requested changes; will comment there.

joemiller commented 1 year ago

closing this now, it should be fixed by https://github.com/chainguard-dev/go-apk/pull/79 and https://github.com/chainguard-dev/apko/pull/798 and available in the next apko release after 0.9.0