containerd
hosts.toml file resolution does not seem to account for default port being ommitted
Description
nerdctl login https://foo:443
vs.
nerdctl login https://foo
If the hosts.toml path contains the port, the second one will fail.
On the other hand, if it does not, the first one will fail.
Responsibility for walking the host dir is in dockerconfigresolver.go (NewHostOptions > HostDir()).
This does not try to be smart wrt what the host contains (port or no port).
We should patch this so:
- if scheme is https, passing :443 or not passing it should work
- ~~all of this should work with hosts.toml files path containing the port or not~~
Steps to reproduce the issue
See description
Describe the results you received and expected
Fail / not fail.
What version of nerdctl are you using?
1.7.6
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
None
Host information
No response
Seems we need rework the whole login and auth part = =
Yes, that is what I am thinking. I am on it. Will start with revamping testing.
nerdctl login https://foo:443 vs. nerdctl login https://foo
What's the behavior in docker? e.g., if you docker login https://foo:443, can you docker pull an image from https://foo (and vice versa)?
nerdctl login https://foo:443 vs. nerdctl login https://foo
What's the behavior in docker? e.g., if you
docker login https://foo:443, can youdocker pullan image fromhttps://foo(and vice versa)?
Docker does not support hosts.toml, so, it does not seem like the above would matter here?
Anyhow, here is a tentative proposal to clarify behavior wrt --insecure-registry, hosts.toml, and credentials: https://github.com/containerd/nerdctl/pull/3417