Docker registry with native basic auth not working #106
Comments
|
As I can see it has been removed from container in this commit due to CVE-2020-1927 and CVE-2020-1934. |
|
This is a regression, and is inconsistent with published documentation. It breaks CI processes which rely on the |
|
We are affected. We'd like to see a resolution (whatever it is) and correct docs. Also a migration path if |
|
If the decision is to not support htpasswd in the container, then there needs to be a docs change on the website: https://docs.docker.com/registry/deploying/#native-basic-auth |
|
This broke lot of everyone's automation, and it is a problem fixing it without at least docs being updated since no one is 100% sure what is going to be fix. |
htpasswd is removed in latest registry image[1] and it's breaking molecule job for tripleo_podman role, let's use working registry image. [1] distribution/distribution-library-image#106 Change-Id: I644210a2dcc4cb3810d0999e8c69f8d54f602793
* Update tripleo-ansible from branch 'master'
- Use registry:2.7.0 instead of registry:2
htpasswd is removed in latest registry image[1]
and it's breaking molecule job for tripleo_podman
role, let's use working registry image.
[1] distribution/distribution-library-image#106
Change-Id: I644210a2dcc4cb3810d0999e8c69f8d54f602793
htpasswd is removed in latest registry image[1] and it's breaking molecule job for tripleo_podman role, let's use working registry image. [1] distribution/distribution-library-image#106 Change-Id: I644210a2dcc4cb3810d0999e8c69f8d54f602793 (cherry picked from commit 439671e) Conflicts: tripleo_ansible/roles/tripleo-podman/molecule/login/prepare.yml
htpasswd is removed in latest registry image[1] and it's breaking molecule job for tripleo_podman role, let's use working registry image. [1] distribution/distribution-library-image#106 Change-Id: I644210a2dcc4cb3810d0999e8c69f8d54f602793 (cherry picked from commit 439671e)
The docker.io/registry:2 image broke suddenly and with no warning: distribution/distribution-library-image#106 Symptom: running 'htpasswd' from that container no longer works, even though it's been documented for years (at docker.com) and as of this writing still remains documented. One solution is to run htpasswd locally (requires installing the httpd-tools package) or using any crypt library to hash. Not hard, but tedious, and it doesn't address the issue of the docker registry:2 image being a moving target. I choose to force the use of the :2.6 tag, in hopes that that image will remain unmodified. Refactored to use FQIN instead of shortname, and to define it in only one place. Signed-off-by: Ed Santiago <[email protected]>
|
can someone say why I can't use apache htpasswd or htdigest from apache-utils. Is it bcrypt? Is something different? I did a small test but [email protected]+deb9u9 |
You can use any external htpasswd util or install it inside the registry container. |
Hi guys
I have been trying to get docker registry with native basic authentication working with the new image tag (2.7.1) without success.
Doc -> https://docs.docker.com/registry/deploying/#native-basic-auth
Specifically when I execute this command:
$ docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswdThis is the error I get:
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"htpasswd\": executable file not found in $PATH": unknown. ERRO[0001] error waiting for container: context canceledInvestigating a little further, seems that the "htpasswd" was removed in the image tag 2.7.1.
$ docker run -it --rm registry:2.7.1 find / -name "htpasswd"Although, looking in the previous version (tag 2.6.2) the file is there:
$ docker run -it --rm registry:2.6.2 find / -name "htpasswd" /usr/bin/htpasswdAnd the initial command works was expected was well:
$ docker run --entrypoint htpasswd registry:2.6.2 -Bbn testuser testpassword testuser:$2y$05$KiRgtd4w8zO7ucC7LX8zguW58DBlm8E0yZ5gI64NXypIVtsosNvMuThe text was updated successfully, but these errors were encountered: