Open maxsuelmarinho opened 4 years ago
As I can see it has been removed from container in this commit due to CVE-2020-1927 and CVE-2020-1934.
This is a regression, and is inconsistent with published documentation. It breaks CI processes which rely on the --entrypoint htpasswd
behavior (still) documented in docs.docker.com
. If that is to be deprecated, it would be courteous to (1) indicate so in the documentation, and (2) offer a grace period. Please consider both.
We are affected. We'd like to see a resolution (whatever it is) and correct docs. Also a migration path if htpasswd
is going to be permanent removed.
If the decision is to not support htpasswd in the container, then there needs to be a docs change on the website: https://docs.docker.com/registry/deploying/#native-basic-auth
This broke lot of everyone's automation, and it is a problem fixing it without at least docs being updated since no one is 100% sure what is going to be fix.
can someone say why I can't use apache htpasswd or htdigest from apache-utils.
Is it bcrypt? Is something different? I did a small test but apache2-utils@2.4.25-3+deb9u9 didn't work.
can someone say why I can't use apache htpasswd or htdigest from apache-utils. Is it bcrypt? Is something different? I did a small test but apache2-utils@2.4.25-3+deb9u9 didn't work.
You can use any external htpasswd util or install it inside the registry container.
But registry:2 require to use htpasswd bcrypt. So you should create htpasswd like this:
htpasswd -B [FILE] [USER]
Hi guys
I have been trying to get docker registry with native basic authentication working with the new image tag (2.7.1) without success. Doc -> https://docs.docker.com/registry/deploying/#native-basic-auth
Specifically when I execute this command:
$ docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd
This is the error I get:
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"htpasswd\": executable file not found in $PATH": unknown. ERRO[0001] error waiting for container: context canceled
Investigating a little further, seems that the "htpasswd" was removed in the image tag 2.7.1.
$ docker run -it --rm registry:2.7.1 find / -name "htpasswd"
Although, looking in the previous version (tag 2.6.2) the file is there:
$ docker run -it --rm registry:2.6.2 find / -name "htpasswd" /usr/bin/htpasswd
And the initial command works was expected was well:
$ docker run --entrypoint htpasswd registry:2.6.2 -Bbn testuser testpassword testuser:$2y$05$KiRgtd4w8zO7ucC7LX8zguW58DBlm8E0yZ5gI64NXypIVtsosNvMu