https://bugzilla.redhat.com/show_bug.cgi?id=1037830
--- Comment #1 from John Eckersberg <jeckersb(a)redhat.com> ---
Ok, some more detail at least on the "Authentication is required" bit.
GetRemoteHistory contains the following line:
req.Header.Set("Authorization", "Token "+strings.Join(token, ",
"))
However, token is a slice with only a single element, and this single string
appears to be a previously joined list of tokens. Most importantly is that it
appears to have been joined with "," instead of ", " and that makes a
difference.
Here's two curl calls to illustrate the difference.
The first doesn't contain the extra space after the comma, and this is the way
the code as written is sending the request. You can see it returns a 401
status code (Unauthorized).
$ curl -i
https://cdn-registry-1.docker.io/v1/images/a567e6f3d26a5736d00a5e9be9a609...
--header 'Authorization: Token
signature=545980deb5d0238c5c1fdbe4bc20867932fa8aee,repository="mattdm/fedora",access=read'
HTTP/1.1 401 Unauthorized
Server: cloudflare-nginx
Date: Wed, 04 Dec 2013 00:28:12 GMT
Content-Type: application/json
Content-Length: 41
Connection: keep-alive
Set-Cookie: __cfduid=de296b6a53b52e2ff5883a0e6b303fc811386116891989;
expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.docker.io; HttpOnly
expires: -1
www-authenticate: Token
pragma: no-cache
cache-control: no-cache
x-docker-registry-version: 0.6.2
x-docker-registry-config: prod
CF-RAY: d74600eeb9c03f4
{
"error": "Requires authorization"
}
The second call adds that extra space, and completes successfully.
$ curl -i
https://cdn-registry-1.docker.io/v1/images/a567e6f3d26a5736d00a5e9be9a609...
--header 'Authorization: Token
ignature=545980deb5d0238c5c1fdbe4bc20867932fa8aee, repository="mattdm/fedora",
access=read'
HTTP/1.1 200 OK
Server: cloudflare-nginx
Date: Wed, 04 Dec 2013 00:28:26 GMT
Content-Type: application/json
Content-Length: 74
Connection: keep-alive
Set-Cookie: __cfduid=d493453bb50165de54a9a9cc1021b890d1386116906549;
expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.docker.io; HttpOnly
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
cache-control: public, max-age=31536000
expires: Thu, 04 Dec 2014 00:28:26 GMT
x-docker-registry-version: 0.6.2
x-docker-registry-config: prod
CF-RAY: d746069e53c03fa
[
"a567e6f3d26a5736d00a5e9be9a609b44ab13f0e43fc466f45beaa7ea9054766"
]
I'm assuming that part of the bug is that the token string slice shouldn't ever
be passed in like this. I still need to trace it back and figure out where
it's getting joined ahead of time. That's probably the right place to fix it.
I see nine places in registry.go where it sets the Authorization header in this
manner.
--
You are receiving this mail because:
You are on the CC list for the bug.