Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker-credential-pass does not work with username containing forward-slash #162

Open
plakdawa opened this issue Jul 25, 2019 · 2 comments · May be fixed by #288
Open

docker-credential-pass does not work with username containing forward-slash #162

plakdawa opened this issue Jul 25, 2019 · 2 comments · May be fixed by #288

Comments

@plakdawa
Copy link

plakdawa commented Jul 25, 2019
edited

On some docker registries the username is to be supplied as a chain of names each separated by forward-slash. For example oracle cloud registry uses the format <tenancy>/<identityservice>/<username>.

Instead of encrypting this string as base64 and storing it as a single key in the password store, docker-credential-pass stores it as chain of sub-keys. Even though docker login is successful, all subsequent interactions like docker pull fail.
@sebageek
Copy link

I ran into the same problem - docker-credential-pass breaks when a / is in the username. I see these solutions:

  • base64-encode the username, as it is already done with the server url
  • replace / with a placeholder, e.g. -SLASH-
  • do proper escaping (e.g. replace / with -, but also escape the escape character, - with --)

I have implemented base64-encoding of the username for me to get it working, but this breaks backwards compability. We could ignore backwards compability. We could also reencode everything that is non-base64 into base64. Still, it might not be the way to go.

The proper-escaping solution is less likely to break backwards compability, but still might, depending upon the escape character.

Just replacing with / with something like -SLASH- would work as long as the replacement never appears in a docker username. -SLASH- is an unlikely candidate, but still not impossible.

Thoughts?

sebageek added a commit to sebageek/docker-credential-helpers that referenced this issue Sep 23, 2020
@sebageek
base64-encode username to allow / in username
56487ff 
This commit breaks backwards compability, as it will fail on all
non-base64 encoded usernames.
Fixes docker#162
@nasr18
Copy link

nasr18 commented Jan 2, 2023

@plakdawa @sebageek any update on this? I'm facing this issue. Login success. But push/pull failing.

@davcosentino davcosentino mentioned this issue May 10, 2023
Open
@crazy-max crazy-max linked a pull request May 28, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

pass: base64 encoded username with backward compatility crazy-max/docker-credential-helpers
3 participants
@sebageek @nasr18 @plakdawa