From: Felix Abecassis <fabecassis@nvidia.com>
Date: Tue, 21 Nov 2017 21:49:46 +0000 (-0800)
Subject: lxc-oci: add support for registry authentication
X-Git-Tag: lxc-3.0.0.beta1~176^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=797f99c6c9f524fb06d3e752aad7c5f4ec112377;p=thirdparty%2Flxc.git

lxc-oci: add support for registry authentication

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
---

diff --git a/templates/lxc-oci.in b/templates/lxc-oci.in
index 1818567c4..f98c38bcd 100755
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -132,6 +132,10 @@ Special arguments:
 Required arguments:
 [ -u | --url <url> ]: The OCI image URL
 
+Optional arguments:
+[ --username <username> ]: The username for the registry
+[ --password <password> ]: The password for the registry
+
 LXC internal arguments (do not pass manually!):
 [ --name <name> ]: The container name
 [ --path <path> ]: The path to the container
@@ -143,8 +147,8 @@ EOF
     return 0
 }
 
-options=$(getopt -o u:h -l help,url:,name:,path:,\
-rootfs:,mapped-uid:,mapped-gid: -- "$@")
+options=$(getopt -o u:h -l help,url:,username:,password:,\
+name:,path:,rootfs:,mapped-uid:,mapped-gid: -- "$@")
 
 if [ $? -ne 0 ]; then
     usage
@@ -153,6 +157,9 @@ fi
 eval set -- "$options"
 
 OCI_URL=""
+OCI_USERNAME=
+OCI_PASSWORD=
+
 LXC_MAPPED_GID=
 LXC_MAPPED_UID=
 LXC_NAME=
@@ -163,6 +170,8 @@ while :; do
     case "$1" in
         -h|--help)          usage && exit 1;;
         -u|--url)           OCI_URL=$2; shift 2;;
+        --username)         OCI_USERNAME=$2; shift 2;;
+        --password)         OCI_PASSWORD=$2; shift 2;;
         --name)             LXC_NAME=$2; shift 2;;
         --path)             LXC_PATH=$2; shift 2;;
         --rootfs)           LXC_ROOTFS=$2; shift 2;;
@@ -183,6 +192,11 @@ if [ -z "$OCI_URL" ]; then
     exit 1
 fi
 
+if [ -n "$OCI_PASSWORD" ] && [ -z "$OCI_USERNAME" ]; then
+    echo "ERROR: password given but no username specified"
+    exit 1
+fi
+
 USERNS=$(in_userns)
 
 if [ "$USERNS" != "no" ]; then
@@ -210,7 +224,15 @@ else
 fi
 
 # Download the image - TODO - cache
-skopeo copy "${OCI_URL}" "oci:${DOWNLOAD_TEMP}:latest"
+skopeo_args=("")
+if [ -n "$OCI_USERNAME" ]; then
+    CREDENTIALS="${OCI_USERNAME}"
+    if [ -n "$OCI_PASSWORD" ]; then
+        CREDENTIALS="${CREDENTIALS}:${OCI_PASSWORD}"
+    fi
+    skopeo_args+=(--src-creds "${CREDENTIALS}")
+fi
+skopeo copy ${skopeo_args[@]} "${OCI_URL}" "oci:${DOWNLOAD_TEMP}:latest"
 
 # Unpack the rootfs
 echo "Unpacking the rootfs"