Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker send credentials to docker.io when registry URL doesn't contain a host but has a scheme and a path #47795

Open
Ingvin opened this issue May 3, 2024 · 0 comments · May be fixed by docker/cli#5055
Open

Docker send credentials to docker.io when registry URL doesn't contain a host but has a scheme and a path #47795

Ingvin opened this issue May 3, 2024 · 0 comments · May be fixed by docker/cli#5055
Labels
kind/bug Bugs are bugs. The cause may or may not be known at triage time so debugging may be needed. status/0-triage

Comments

@Ingvin
Copy link

Ingvin commented May 3, 2024

Description

Found in Gitlab CI that if registry URL doesn't contain host but has scheme and path docker will try to login to registry-1.docker.io. This is happening when hostname is in env variable and this variable is empty.

I have this problem with Docker on Ubuntu 20.04 but I think OS isn't relevant to this issue.
Tested versions:

  • Docker version 24.0.5, build 24.0.5-0ubuntu1~20.04.1
  • Docker version 26.1.1, build 4cf5afa
    Also tested with podman as daemon and run docker:latest image with hash sha256:8bd6302a909f6f2ed9a17058cce2d83442bddb9e65c974352c2ba485a1e6d7ba and with podman there is no problem.

Reproduce

Docker daemon + docker image:

  1. sudo docker run -it --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock docker:latest ash
  2. export REGISTRY_LOGIN="test" REGISTRY_PASS="test"
  3. docker login "https:///repository/docker/" -u "$REGISTRY_LOGIN" -p "$REGISTRY_PASS"
Error response from daemon: Get "https://registry-1.docker.io/v2/": unauthorized: incorrect username or password

Podman daemon + docker image:

  1. systemctl start --user podman.socket Run podman socket as user (rootless)
  2. podman run -it --rm --privileged -v $XDG_RUNTIME_DIR/podman/podman.sock:/var/run/docker.sock:Z docker:latest ash
  3. export REGISTRY_LOGIN="test" REGISTRY_PASS="test"
  4. docker login "https:///repository/docker/" -u "$REGISTRY_LOGIN" -p "$REGISTRY_PASS"
Error response from daemon: login attempt to  failed with status: authenticating creds for "": pinging container registry : Get "https:///v2/": http: no Host in request URL

Expected behavior

Docker has to check URL for empty hostname and show error about invalid address instead of fallback to registry-1.docker.io

docker version

Client: Docker Engine - Community
 Version:           26.1.1
 API version:       1.45
 Go version:        go1.21.9
 Git commit:        4cf5afa
 Built:             Tue Apr 30 11:48:20 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          26.1.1
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.21.9
  Git commit:       ac2de55
  Built:            Tue Apr 30 11:48:20 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.31
  GitCommit:        e377cd56a71523140ca6ae87e30244719194a521
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    26.1.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.14.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.27.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 3
 Server Version: 26.1.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e377cd56a71523140ca6ae87e30244719194a521
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
 Kernel Version: 5.4.0-167-generic
 Operating System: Ubuntu 20.04.6 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 3.741GiB
 Name: test-ubuntu
 ID: 3a3c7d87-cb84-40bd-a2a9-7aa2986e2754
 Docker Root Dir: /var/lib/docker
 Debug Mode: true
  File Descriptors: 25
  Goroutines: 41
  System Time: 2024-05-03T19:19:47.644464025Z
  EventsListeners: 0
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No swap limit support

Additional Info

No response
@Ingvin Ingvin added kind/bug Bugs are bugs. The cause may or may not be known at triage time so debugging may be needed. status/0-triage labels May 3, 2024
@kttyt kttyt linked a pull request May 3, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Bugs are bugs. The cause may or may not be known at triage time so debugging may be needed. status/0-triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix/Add hostname check in registry URL on login kttyt/cli
1 participant
@Ingvin