Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nerdctl login should warn about passing along an explicit scheme #3052

Open
Tracked by #3072
apostasie opened this issue Jun 4, 2024 · 3 comments · May be fixed by #3249
Open
Tracked by #3072

nerdctl login should warn about passing along an explicit scheme #3052

apostasie opened this issue Jun 4, 2024 · 3 comments · May be fixed by #3249
Labels
area/login authentification/ login bug Something isn't working

Comments

@apostasie
Copy link
Contributor

apostasie commented Jun 4, 2024
edited
Loading

Description

While pull and push do not allow explicit schemes (as image identifiers do not), both docker and nerdctl login DO allow it, albeit ignoring them entirely.

Our suggestion is to:

  • warn the user that this syntax is only supported as a convenience and that the scheme is ignored (which docker should do too)

This will impact #3046 - which I believe still matters as there should be a way to talk TLS even with localhost.

Steps to reproduce the issue

dmp@lima-dock:/Users/dmp/Projects/go/nerdctl$ sudo nerdctl login http:https://192.168.5.15

Describe the results you received and expected

ERRO[0000] failed to call tryLoginWithRegHost            error="failed to call rh.Client.Do: Get \"https://192.168.5.15/v2/\": dial tcp 192.168.5.15:443: connect: connection refused" i=0

What version of nerdctl are you using?

1.7.6

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

No response
@apostasie apostasie added the kind/unconfirmed-bug-claim Unconfirmed bug claim label Jun 4, 2024
@apostasie apostasie changed the title nerdctl login should warn about passing along an explicit scheme and should ignore it entirely nerdctl login should warn about passing along an explicit scheme Jun 4, 2024
@apostasie apostasie mentioned this issue Jun 4, 2024
Open
@AkihiroSuda AkihiroSuda added the area/login authentification/ login label Jun 6, 2024
@apostasie apostasie mentioned this issue Jun 7, 2024
Open
18 tasks
@fahedouch
Copy link
Member

fahedouch commented Jun 17, 2024
edited
Loading

Hi @apostasie,
the scheme is not ignored during nerdctl login, there is a fallback from https to http in specific justified situations where we can add a warning message to notify the user

@apostasie
Copy link
Contributor Author

@fahedouch any user specified scheme in the url is just ignored entirely.

Try for example: nerdctl login http:https://index.docker.io

The fact that we fallback from https to http (typically through --insecure-registry) is orthogonal.

@fahedouch
Copy link
Member

@fahedouch any user specified scheme in the url is just ignored entirely.

Try for example: nerdctl login http:https://index.docker.io

The fact that we fallback from https to http (typically through --insecure-registry) is orthogonal.

It looks like a bug. It is not the intended behavior. Let me check this.

@fahedouch fahedouch added bug Something isn't working and removed kind/unconfirmed-bug-claim Unconfirmed bug claim labels Jun 18, 2024
@apostasie apostasie linked a pull request Jul 30, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/login authentification/ login bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[WIP] Login rework apostasie/nerdctl
3 participants
@AkihiroSuda @fahedouch @apostasie