diff --git a/v2/controller/internal/commit/commit.go b/v2/controller/internal/commit/commit.go index 8895b55..3d96e6c 100644 --- a/v2/controller/internal/commit/commit.go +++ b/v2/controller/internal/commit/commit.go @@ -21,7 +21,6 @@ import ( "github.com/containerd/nerdctl/v2/pkg/api/types" "github.com/containerd/nerdctl/v2/pkg/cmd/container" "github.com/containerd/nerdctl/v2/pkg/cmd/image" - "github.com/containerd/nerdctl/v2/pkg/cmd/login" "github.com/containerd/nerdctl/v2/pkg/containerutil" ncdefaults "github.com/containerd/nerdctl/v2/pkg/defaults" nerderrutil "github.com/containerd/nerdctl/v2/pkg/errutil" @@ -104,15 +103,8 @@ func NewCommitter( var conn *grpc.ClientConn var err error - // login to registry - err = login.Login(context.Background(), types.LoginCommandOptions{ - GOptions: *newGlobalOptionConfigWithSnapshotter(snapshotter), - ServerAddress: registryAddr, - Username: registryUsername, - Password: registryPassword, - }, io.Discard) - if err != nil { - return nil, err + if err := registerRegistryCredentials(registryAddr, registryUsername, registryPassword); err != nil { + return nil, fmt.Errorf("register registry credentials: %w", err) } // retry to connect diff --git a/v2/controller/internal/commit/registry_auth.go b/v2/controller/internal/commit/registry_auth.go new file mode 100644 index 0000000..b175773 --- /dev/null +++ b/v2/controller/internal/commit/registry_auth.go @@ -0,0 +1,40 @@ +package commit + +import ( + "fmt" + + "github.com/containerd/nerdctl/v2/pkg/imgutil/dockerconfigresolver" +) + +// registerRegistryCredentials writes registry credentials to the nerdctl/docker config store. +// nerdctl login fails for HTTPS registries on port 443 when the registry omits the port in +// WWW-Authenticate (acArg host vs host:443 mismatch); storing credentials directly avoids that. +func registerRegistryCredentials(registryAddr, username, password string) error { + registryURL, err := dockerconfigresolver.Parse(registryAddr) + if err != nil { + return err + } + + credStore, err := dockerconfigresolver.NewCredentialsStore("") + if err != nil { + return err + } + + credentials := &dockerconfigresolver.Credentials{ + Username: username, + Password: password, + } + if err := credStore.Store(registryURL, credentials); err != nil { + return fmt.Errorf("save registry credentials: %w", err) + } + + // Match nerdctl login: also store without explicit :443 for default HTTPS port. + if registryURL.Port() == dockerconfigresolver.StandardHTTPSPort { + registryURL.Host = registryURL.Hostname() + if err := credStore.Store(registryURL, credentials); err != nil { + return fmt.Errorf("save registry credentials (host without port): %w", err) + } + } + + return nil +}