Commit Graph

12 Commits

Author SHA1 Message Date
Matthew Leeds
84c68ad501 oci-authenticator: Don't shadow a global variable 2020-03-16 09:29:31 +01:00
Owen W. Taylor
fe3f17a89a flatpak-oci-authenticator: try getting a token without credentials
Some registries require getting a token even to download an image
anonymously. So, if no auth has been configured, before prompting
the user for username/password, try without a BasicAuth header.

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
2020-03-16 09:13:41 +01:00
Alexander Larsson
aabadfdc8e authenticator: Fix sandboxed authenticators
We rely on broadcast signals for authenticator replies rather than unicast
as these are not filtered by the sandbox (due to them being opt-in by the
receiver).

Actually this already worked fine in the flatpak side as the generated
code already subscribes to the signals, this just switches the internal
authenticators (test and oci) to using the new way to emit signals.
2019-12-19 10:33:21 +01:00
Alexander Larsson
65f2bdf840 oci-authenticator: Remove leftover TODO comment
We *do* handle dying peers now, so remove TODO about this.
2019-12-17 15:00:23 +01:00
Alexander Larsson
24145b0845 oci-authenticator: Reply to the close message
The client will be waiting for the response, so make sure we send it!
2019-12-17 15:00:23 +01:00
Alexander Larsson
7ecc9fa12c oci-authenticator: Skip interaction of no-interaction is set 2019-12-17 14:59:43 +01:00
Alexander Larsson
38c86bdf0f Authenticator: Add extra a{sv} args for future use
These are not used atm, but make the APIs future proof.
2019-12-12 14:27:59 +01:00
Alexander Larsson
328b793c5a oci authenticator: Lookup up auth tokens in predefined files
We look in these, in this order:
 ~/.config/flatpak/oci-auth.json
 /etc/flatpak/oci-auth.json
 /run/user/$uid/containers/auth.json
 /run/containers/$uid/auth.json
 ~/.docker/config.json

The first two are flatpak specific, and the others are what
skopeo and docker use.
2019-12-12 12:16:53 +01:00
Alexander Larsson
39ee9bc594 oci authenticator: Pass registry url as realm 2019-12-12 12:16:53 +01:00
Alexander Larsson
c56e1c4646 oci-authenticator: Use basic authentication to log in if no other auth 2019-12-12 12:16:53 +01:00
Alexander Larsson
8818f08fd1 oci-authenticator: Add helpers for sending responses 2019-12-12 12:16:53 +01:00
Alexander Larsson
d25f65e968 OCI: Add an authenticator for OCI remotes
Given a configuration like:

[remote "oci-remote"]
url=oci+http://some.server.com/api/v1/organization/foo?index=labels
xa.authenticator-name=org.flatpak.Authenticator.Oci
xa.default-token-type=1
xa.authenticator-options={"auth": <"a-token-here">}

I was able to install an app from an OCI remote that required a login
2019-12-12 12:16:53 +01:00