Skip to content

fix(v2): store registry credentials without nerdctl login #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lingdie merged 1 commit into from
May 21, 2026
+42 −10
Merged

fix(v2): store registry credentials without nerdctl login #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 2 additions & 10 deletions v2/controller/internal/commit/commit.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ import (
"github.com/containerd/nerdctl/v2/pkg/api/types"
"github.com/containerd/nerdctl/v2/pkg/cmd/container"
"github.com/containerd/nerdctl/v2/pkg/cmd/image"
"github.com/containerd/nerdctl/v2/pkg/cmd/login"
"github.com/containerd/nerdctl/v2/pkg/containerutil"
ncdefaults "github.com/containerd/nerdctl/v2/pkg/defaults"
nerderrutil "github.com/containerd/nerdctl/v2/pkg/errutil"
Expand Down Expand Up @@ -104,15 +103,8 @@ func NewCommitter(
var conn *grpc.ClientConn
var err error

// login to registry
err = login.Login(context.Background(), types.LoginCommandOptions{
GOptions: *newGlobalOptionConfigWithSnapshotter(snapshotter),
ServerAddress: registryAddr,
Username: registryUsername,
Password: registryPassword,
}, io.Discard)
if err != nil {
return nil, err
if err := registerRegistryCredentials(registryAddr, registryUsername, registryPassword); err != nil {
return nil, fmt.Errorf("register registry credentials: %w", err)
}

// retry to connect
Expand Down
40 changes: 40 additions & 0 deletions v2/controller/internal/commit/registry_auth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package commit

import (
"fmt"

"github.com/containerd/nerdctl/v2/pkg/imgutil/dockerconfigresolver"
)

// registerRegistryCredentials writes registry credentials to the nerdctl/docker config store.
// nerdctl login fails for HTTPS registries on port 443 when the registry omits the port in
// WWW-Authenticate (acArg host vs host:443 mismatch); storing credentials directly avoids that.
func registerRegistryCredentials(registryAddr, username, password string) error {
registryURL, err := dockerconfigresolver.Parse(registryAddr)
if err != nil {
return err
}

credStore, err := dockerconfigresolver.NewCredentialsStore("")
if err != nil {
return err
}

credentials := &dockerconfigresolver.Credentials{
Username: username,
Password: password,
}
if err := credStore.Store(registryURL, credentials); err != nil {
return fmt.Errorf("save registry credentials: %w", err)
}

// Match nerdctl login: also store without explicit :443 for default HTTPS port.
if registryURL.Port() == dockerconfigresolver.StandardHTTPSPort {
registryURL.Host = registryURL.Hostname()
if err := credStore.Store(registryURL, credentials); err != nil {
return fmt.Errorf("save registry credentials (host without port): %w", err)
}
}

return nil
}
Loading