Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix segfault in host-ctr #20

Merged
merged 1 commit into from
Feb 5, 2025
+23 −7
Merged

Fix segfault in host-ctr #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions sources/host-ctr/cmd/host-ctr/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1105,6 +1105,8 @@ func pullImage(ctx context.Context, source string, client *containerd.Client, re
Error("failed to read registry config")
return nil, err
}
} else {
registryConfig = NewBlankRegistryConfig()
}

// Pull the image
Expand Down Expand Up @@ -1225,9 +1227,12 @@ func withDynamicResolver(ctx context.Context, ref string, registryConfig *Regist
}
// For Amazon ECR Public registries, we should try and fetch credentials before resolving the image reference
case strings.HasPrefix(ref, "public.ecr.aws/"):
// ... not if the user has specified their own registry credentials for 'public.ecr.aws'; In that case we use the default resolver.
if _, found := registryConfig.Credentials["public.ecr.aws"]; found {
return defaultResolver
// if we have registryConfig, and the user specified credentials for
// 'public.ecr.aws', then use defaultResolver.
if registryConfig != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't the right behavior here to just return the defaultResolver if registryConfig is nil?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This case branch is "this is the public ECR," and (if possible) the code here is trying to get an auth token for the public ECR. So this if statement at the head of the case branch says "but hey, if registryConfig has something to say about the public ECR, well, never mind, we will go with what registryConfig says." Thus if registryConfig is nil, I am treating it as registryConfig does not have anything to say, and we should attempt to get the token.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps a comment is in order. Assuming that my version of "what this thing does" is correct.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah that makes sense. The diff didn't help here because the top of the function is what creates this defaultResolver. After reading more of the context I see how this is the right way to solve this.

if _, found := registryConfig.Credentials["public.ecr.aws"]; found {
return defaultResolver
}
}

// Try to get credentials for authenticated pulls from ECR Public
Expand Down
19 changes: 15 additions & 4 deletions sources/host-ctr/cmd/host-ctr/registry.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,13 @@ func NewRegistryConfig(registryConfigFile string) (*RegistryConfig, error) {
return &config, toml.Unmarshal(raw, &config)
}

// NewBlankRegistryConfig sets up a RegistryConfig without unmarshalling any toml
func NewBlankRegistryConfig() *RegistryConfig {
config := RegistryConfig{}
// no config to unmarshal
return &config
}

// registryHosts returns the registry hosts to be used by the resolver.
// Heavily borrowed from containerd CRI plugin's implementation.
// See https://github.com/containerd/containerd/blob/1407cab509ff0d96baa4f0eb6ff9980270e6e620/pkg/cri/server/image_pull.go#L332-L405
Expand All @@ -58,15 +65,19 @@ func registryHosts(registryConfig *RegistryConfig, authorizerOverride *docker.Au
authConfig runtime.AuthConfig
)
// Set up endpoints for the registry
if _, ok := registryConfig.Mirrors[host]; ok {
endpoints = registryConfig.Mirrors[host].Endpoints
} else {
endpoints = registryConfig.Mirrors["*"].Endpoints
// The endpoints array may still be empty after this step
if registryConfig != nil {
if _, ok := registryConfig.Mirrors[host]; ok {
endpoints = registryConfig.Mirrors[host].Endpoints
} else if _, ok := registryConfig.Mirrors["*"]; ok {
endpoints = registryConfig.Mirrors["*"].Endpoints
}
}
defaultHost, err := docker.DefaultHost(host)
if err != nil {
return nil, errors.Wrap(err, "get default host")
}
// append this default host to the possibly-empty endpoints array
endpoints = append(endpoints, defaultHost)

for _, endpoint := range endpoints {
Expand Down
Loading