Vladimir Ermakov comments

Results 389 comments of


                                            Vladimir Ermakov

[Feat]: Domain name alias

@rchincha Zot works as a cache to docker.io, but serving it on the subpath `/docker.io`. It also works as a cache for other registries, so i cannot just run it...

[feature]: Support 6-day certs and IP

Most likely yes, should be implemented in lib first to support selection of the profile: https://letsencrypt.org/2025/01/09/acme-profiles/ Then in redirect just to add a config option. But at this point of...

ROS1 Mavros global_position plugin not publishing fused global position topics unless number of satellites >= 15

Check your FC config. If the autopilot not sending global position - how can mavros do?

[Bug]: Docker pull fails to pull from restricted path if anonymous access allowed on the other path

Oh, okay, will check tomorrow.

[Bug]: Docker pull fails to pull from restricted path if anonymous access allowed on the other path

@andaaron does not work. The same issue as reported: ``` $ docker logout zot.dev.tld $ docker pull zot.dev.tld/base/almalinux9-base:latest latest: Pulling from base/almalinux9-base 493137e25e96: Pull complete 6dcd0140aae1: Pull complete Digest: sha256:07925748790cce7014172cf66dedd49676c0f00791cd7c35605677684b4aeceb...

[Bug]: Docker pull fails to pull from restricted path if anonymous access allowed on the other path

And podman works as expected, even without `defaultPolicy` on `base/**`: ``` $ podman logout zot.dev.tld $ podman pull zot.dev.tld/base/almalinux9-base:latest Trying to pull zot.dev.tld/base/almalinux9-base:latest... Getting image source signatures Copying blob 6dcd0140aae1...

[Bug]: Docker pull fails to pull from restricted path if anonymous access allowed on the other path

@andaaron and, as i reported, if i delete all anonymousPolicy, then docker works: ``` $ docker pull zot.dev.tld/dev/almalinux9-base:latest latest: Pulling from dev/almalinux9-base Digest: sha256:07925748790cce7014172cf66dedd49676c0f00791cd7c35605677684b4aeceb Status: Downloaded newer image for zot.dev.tld/dev/almalinux9-base:latest...

[Bug]: Docker pull fails to pull from restricted path if anonymous access allowed on the other path

Well, that bug is a complete show stopper to replace Harbor.

[Bug]: Docker pull fails to pull from restricted path if anonymous access allowed on the other path

@andaaron the main difference what happens after `GET /v2/`. ### Podman (when /v2/ - 200) - successful: ``` {"level":"info","module":"http","component":"session","clientIP":"146.19.213.176:40864","method":"GET","path":"/v2/","statusCode":200,"latency":"0s","bodySize":0,"headers":{"Accept-Encoding":["gzip"],"Docker-Distribution-Api-Version":["registry/2.0"],"User-Agent":["containers/5.33.0 (github.com/containers/image)"]},"goroutine":26901,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-31T10:00:22.237349578Z","message":"HTTP API"} {"level":"info","module":"http","username":"vermakov","component":"session","clientIP":"146.19.213.176:40864","method":"GET","path":"/v2/dev/almalinux9-base/manifests/latest","statusCode":200,"latency":"1s","bodySize":634,"headers":{"Accept":["application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.oci.image.index.v1+json"],"Accept-Encoding":["gzip"],"Authorization":["******"],"Docker-Distribution-Api-Version":["registry/2.0"],"User-Agent":["containers/5.33.0 (github.com/containers/image)"]},"goroutine":26901,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-31T10:00:24.104744709Z","message":"HTTP API"} {"level":"info","module":"http","username":"vermakov","component":"session","clientIP":"146.19.213.176:40864","method":"GET","path":"/v2/dev/almalinux9-base/manifests/sha256:35f7d9f7e78eacdfef848259cd01b0a70bd89a7286769615dd9db9437c9cd3e1","statusCode":200,"latency":"2s","bodySize":1235,"headers":{"Accept":["application/vnd.oci.image.manifest.v1+json","application/vnd.docker.distribution.manifest.v2+json","application/vnd.docker.distribution.manifest.v1+prettyjws","application/vnd.docker.distribution.manifest.v1+json","application/vnd.docker.distribution.manifest.list.v2+json","application/vnd.oci.image.index.v1+json"],"Accept-Encoding":["gzip"],"Authorization":["******"],"Docker-Distribution-Api-Version":["registry/2.0"],"User-Agent":["containers/5.33.0 (github.com/containers/image)"]},"goroutine":26901,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-31T10:00:26.844312477Z","message":"HTTP API"} {"level":"info","module":"http","username":"vermakov","component":"session","clientIP":"146.19.213.176:40864","method":"GET","path":"/v2/dev/almalinux9-base/blobs/sha256:36116342e8204687b6a24161e183bed3932ec3aece147ca46396bbc673d058ea","statusCode":200,"latency":"0s","bodySize":4878,"headers":{"Accept-Encoding":["gzip"],"Authorization":["******"],"Docker-Distribution-Api-Version":["registry/2.0"],"User-Agent":["containers/5.33.0 (github.com/containers/image)"]},"goroutine":26901,"caller":"zotregistry.dev/zot/pkg/api/session.go:137","time":"2025-01-31T10:00:27.578403646Z","message":"HTTP API"}...

[Bug]: Docker pull fails to pull from restricted path if anonymous access allowed on the other path

So podman simply always send credentials after call to `/v2/`, docker - only if this call returns 401. Not sure what Harbor's distribution sends back, but probably some extra header,...