diff --git a/build.gradle b/build.gradle index 4ad75102db..a2908af8bc 100644 --- a/build.gradle +++ b/build.gradle @@ -76,6 +76,7 @@ subprojects { MOCKITO_CORE: '3.2.4', SLF4J_API: '1.7.25', SYSTEM_RULES: '1.19.0', + JBCRYPT: '0.4', ] // Use this to ensure we correctly override transitive dependencies diff --git a/jib-core/build.gradle b/jib-core/build.gradle index 261823e601..96259ee1e4 100644 --- a/jib-core/build.gradle +++ b/jib-core/build.gradle @@ -19,6 +19,7 @@ dependencies { testImplementation "org.mockito:mockito-core:${dependencyVersions.MOCKITO_CORE}" testImplementation "org.slf4j:slf4j-api:${dependencyVersions.SLF4J_API}" testImplementation "com.github.stefanbirkner:system-rules:${dependencyVersions.SYSTEM_RULES}" + testImplementation "org.mindrot:jbcrypt:${dependencyVersions.JBCRYPT}" } jar { diff --git a/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java b/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java index d84be897fb..14288b8c7b 100644 --- a/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java +++ b/jib-core/src/integration-test/java/com/google/cloud/tools/jib/registry/LocalRegistry.java @@ -30,6 +30,7 @@ import java.util.UUID; import javax.annotation.Nullable; import org.junit.rules.ExternalResource; +import org.mindrot.jbcrypt.BCrypt; /** Runs a local registry. */ public class LocalRegistry extends ExternalResource { @@ -68,19 +69,11 @@ public void start() throws IOException, InterruptedException { Arrays.asList( "docker", "run", "--rm", "-d", "-p", port + ":5000", "--name", containerName)); if (username != null && password != null) { - // Generate the htpasswd file to store credentials - String credentialString = - new Command( - "docker", - "run", - "--rm", - "--entrypoint", - "htpasswd", - "registry:2.7.0", // TODO: correctly fix this when using latest - "-Bbn", - username, - password) - .run(); + // Equivalent of "$ htpasswd -nbB username password". + // https://httpd.apache.org/docs/2.4/misc/password_encryptions.html + // BCrypt generates hashes using $2a$ algorithm (instead of $2y$ from docs), but this seems + // to work okay + String credentialString = username + ":" + BCrypt.hashpw(password, BCrypt.gensalt()); // Creates the temporary directory in /tmp since that is one of the default directories // mounted into Docker. // See: https://docs.docker.com/docker-for-mac/osxfs