This repository has been archived by the owner on Jun 4, 2021. It is now read-only.
Add support for custom cacert #88
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Export from mono-repo.
Export from mono-repo
Export from the mono-repo
Includes: google#43
Export from mono-repo
Signed-off-by: Jake Sanders <[email protected]>
Export from mono-repo
Signed-off-by: Jake Sanders <[email protected]>
Export from mono-repo
Signed-off-by: Jake Sanders <[email protected]>
Export from mono-repo
* Add support for uncompressed image layers. Update fast_flatten to use it. * Remove unnecessary `--output_base` bazel flag. * Raise a more descriptive error when a /v2/ registry ping fails. * Log errors on exceptions in the push/pull tools, rather than crash with a stack trace. Signed-off-by: Jake Sanders <[email protected]>
Export from mono-repo
* Improve error message when cred helper not found This makes problems like bazelbuild/rules_docker#196 easier to debug. For me it happened because `puller` was run by Bazel with a restricted PATH that didn't include `docker-credentials-gcr`. The new error in this case is: ``` Traceback (most recent call last): File "/usr/local/google/home/rodrigoq/.cache/bazel/_bazel_rodrigoq/a2995359558cbf75786e44ea10657e9b/execroot/containerregistry/bazel-out/k8-fastbuild/bin/puller.runfiles/containerregistry/tools/fast_puller_.py", line 97, in <module> main() File "/usr/local/google/home/rodrigoq/.cache/bazel/_bazel_rodrigoq/a2995359558cbf75786e44ea10657e9b/execroot/containerregistry/bazel-out/k8-fastbuild/bin/puller.runfiles/containerregistry/tools/fast_puller_.py", line 83, in main with v2_2_image.FromRegistry(name, creds, transport, accept) as v2_2_img: File "/usr/local/google/home/rodrigoq/.cache/bazel/_bazel_rodrigoq/a2995359558cbf75786e44ea10657e9b/execroot/containerregistry/bazel-out/k8-fastbuild/bin/puller.runfiles/containerregistry/client/v2_2/docker_image_.py", line 364, in __enter__ self._name, self._creds, self._original_transport, docker_http.PULL) File "/usr/local/google/home/rodrigoq/.cache/bazel/_bazel_rodrigoq/a2995359558cbf75786e44ea10657e9b/execroot/containerregistry/bazel-out/k8-fastbuild/bin/puller.runfiles/containerregistry/client/v2_2/docker_http_.py", line 198, in __init__ self._Refresh() File "/usr/local/google/home/rodrigoq/.cache/bazel/_bazel_rodrigoq/a2995359558cbf75786e44ea10657e9b/execroot/containerregistry/bazel-out/k8-fastbuild/bin/puller.runfiles/containerregistry/client/v2_2/docker_http_.py", line 285, in _Refresh 'Authorization': self._basic_creds.Get() File "/usr/local/google/home/rodrigoq/.cache/bazel/_bazel_rodrigoq/a2995359558cbf75786e44ea10657e9b/execroot/containerregistry/bazel-out/k8-fastbuild/bin/puller.runfiles/containerregistry/client/docker_creds_.py", line 160, in Get raise Exception("executable not found: %s" % bin_name) Exception: executable not found: docker-credential-gcr ```
Support zipped tarballs in docker_image.FromTarball.
Sync change from mono-repo:
Resolve manifest lists to amd64/linux when pulling.
Export from upstream
Export from mono-repo
Create README.md
Remove static images, add Travis badge.
Update README.md
Attempt to mount layers from src repo in tools/docker_appender. Fix bad error messages involving `docker_name`s with __repr__.
Export from mono-repo
|
So there's good news and bad news. 👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there. 😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request. Note to project maintainer: This is a terminal state, meaning the |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello everybody,
this PR allows us to override cacerts that are used for all http communications, that is really useful to communicate with a private registry for example. There are already PRs about that (#39, #52) but they seem to be incomplete.
Here we basically define a new
transport.Factory()class that will be able to add custom parameters (such as ca_certs, ...), and then pass it to the underlying httplib2.Http transport.The CA can be override by using
--cacertflag. If no flag is passed, we will use the default one CA embedded with the httplib2.Example for pusher :