From de6f9653bc1f02193be6473e9b7f5ab4a74f986f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 08:28:01 +0000 Subject: [PATCH 1/2] chore(deps): bump the minor group with 3 updates Bumps the minor group with 3 updates: [github.com/ccoveille/go-safecast/v2](https://github.com/ccoveille/go-safecast), [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) and [github.com/sylabs/oci-tools](https://github.com/sylabs/oci-tools). Updates `github.com/ccoveille/go-safecast/v2` from 2.0.0 to 2.0.1 - [Release notes](https://github.com/ccoveille/go-safecast/releases) - [Commits](https://github.com/ccoveille/go-safecast/compare/v2.0.0...v2.0.1) Updates `github.com/sigstore/sigstore` from 1.10.6 to 1.10.7 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.10.6...v1.10.7) Updates `github.com/sylabs/oci-tools` from 0.19.0 to 0.20.0 - [Release notes](https://github.com/sylabs/oci-tools/releases) - [Commits](https://github.com/sylabs/oci-tools/compare/v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: github.com/ccoveille/go-safecast/v2 dependency-version: 2.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor - dependency-name: github.com/sylabs/oci-tools dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor ... Signed-off-by: dependabot[bot] --- go.mod | 15 +++++++-------- go.sum | 32 ++++++++++++++++---------------- 2 files changed, 23 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index 01a3274aa9..2734e13ce5 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/blang/semver/v4 v4.0.0 github.com/buger/goterm v1.0.4 github.com/buger/jsonparser v1.2.0 - github.com/ccoveille/go-safecast/v2 v2.0.0 + github.com/ccoveille/go-safecast/v2 v2.0.1 github.com/containerd/containerd/v2 v2.2.3 github.com/containerd/go-runc v1.1.0 github.com/containerd/platforms v1.0.0-rc.4 @@ -27,7 +27,7 @@ require ( github.com/fatih/color v1.19.0 github.com/go-log/log v0.2.0 github.com/gofrs/flock v0.13.0 - github.com/google/go-containerregistry v0.21.3 + github.com/google/go-containerregistry v0.21.6 github.com/google/uuid v1.6.0 github.com/gosimple/slug v1.15.0 github.com/moby/buildkit v0.30.0 @@ -51,13 +51,13 @@ require ( github.com/seccomp/libseccomp-golang v0.11.1 github.com/shopspring/decimal v1.4.0 github.com/sigstore/cosign/v2 v2.6.3 - github.com/sigstore/sigstore v1.10.6 + github.com/sigstore/sigstore v1.10.7 github.com/sirupsen/logrus v1.9.4 github.com/spf13/cobra v1.10.2 github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 github.com/sylabs/json-resp v0.9.5 - github.com/sylabs/oci-tools v0.19.0 + github.com/sylabs/oci-tools v0.20.0 github.com/sylabs/scs-build-client v0.9.20 github.com/sylabs/scs-key-client v0.7.9 github.com/sylabs/scs-library-client v1.4.14 @@ -184,14 +184,13 @@ require ( github.com/josharian/native v1.1.0 // indirect github.com/klauspost/compress v1.18.6 // indirect github.com/klauspost/pgzip v1.2.6 // indirect - github.com/letsencrypt/boulder v0.20260223.0 // indirect + github.com/letsencrypt/boulder v0.20260309.0 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.23 // indirect github.com/mattn/go-shellwords v1.0.12 // indirect github.com/mdlayher/packet v1.1.2 // indirect github.com/mdlayher/socket v0.5.1 // indirect - github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect @@ -225,7 +224,7 @@ require ( github.com/safchain/ethtool v0.6.2 // indirect github.com/sasha-s/go-deadlock v0.3.5 // indirect github.com/sassoftware/relic v7.2.1+incompatible // indirect - github.com/secure-systems-lab/go-securesystemslib v0.10.0 // indirect + github.com/secure-systems-lab/go-securesystemslib v0.11.0 // indirect github.com/sergi/go-diff v1.4.0 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/sigstore/protobuf-specs v0.5.0 // indirect @@ -275,7 +274,7 @@ require ( go.uber.org/zap v1.27.1 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/mod v0.35.0 // indirect + golang.org/x/mod v0.36.0 // indirect golang.org/x/net v0.54.0 // indirect golang.org/x/oauth2 v0.36.0 // indirect golang.org/x/time v0.15.0 // indirect diff --git a/go.sum b/go.sum index 81fa49fb27..dca6d99e33 100644 --- a/go.sum +++ b/go.sum @@ -120,8 +120,8 @@ github.com/buger/goterm v1.0.4 h1:Z9YvGmOih81P0FbVtEYTFF6YsSgxSUKEhf/f9bTMXbY= github.com/buger/goterm v1.0.4/go.mod h1:HiFWV3xnkolgrBV3mY8m0X0Pumt4zg4QhbdOzQtB8tE= github.com/buger/jsonparser v1.2.0 h1:4EFcvK1kD4jyj6YqNK6skK6w+y7FHHBR+XBCtxwu/6g= github.com/buger/jsonparser v1.2.0/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= -github.com/ccoveille/go-safecast/v2 v2.0.0 h1:+5eyITXAUj3wMjad6cRVJKGnC7vDS55zk0INzJagub0= -github.com/ccoveille/go-safecast/v2 v2.0.0/go.mod h1:JIYA4CAR33blIDuE6fSwCp2sz1oOBahXnvmdBhOAABs= +github.com/ccoveille/go-safecast/v2 v2.0.1 h1:2+mIu3gXtwmWelBia2kkxfB8eP4orTHDH7ClSlWkd6I= +github.com/ccoveille/go-safecast/v2 v2.0.1/go.mod h1:JIYA4CAR33blIDuE6fSwCp2sz1oOBahXnvmdBhOAABs= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= @@ -368,8 +368,8 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-containerregistry v0.21.3 h1:Xr+yt3VvwOOn/5nJzd7UoOhwPGiPkYW0zWDLLUXqAi4= -github.com/google/go-containerregistry v0.21.3/go.mod h1:D5ZrJF1e6dMzvInpBPuMCX0FxURz7GLq2rV3Us9aPkc= +github.com/google/go-containerregistry v0.21.6 h1:T+yqQIlJXKrM98Om4DlW3GoWQAmhZuLMwoDOvVrtiUM= +github.com/google/go-containerregistry v0.21.6/go.mod h1:U7MMSBIJynke2MVQrQk19NP9k/uQsGz/h0amIFSHMbo= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -494,8 +494,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/letsencrypt/boulder v0.20260223.0 h1:xdS2OnJNUasR6TgVIOpqqcvdkOu47+PQQMBk9ThuWBw= -github.com/letsencrypt/boulder v0.20260223.0/go.mod h1:r3aTSA7UZ7dbDfiGK+HLHJz0bWNbHk6YSPiXgzl23sA= +github.com/letsencrypt/boulder v0.20260309.0 h1:kZynrxK3QfqLGx6hhoz+Rfs3hgltJs1p9Mp+4+VwnY0= +github.com/letsencrypt/boulder v0.20260309.0/go.mod h1:yG8lj8pNPZ8taq3oNdTpfBS+eC74IaEuiewqzVpXiWE= github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= @@ -677,8 +677,8 @@ github.com/sebdah/goldie/v2 v2.8.0 h1:dZb9wR8q5++oplmEiJT+U/5KyotVD+HNGCAc5gNr8r github.com/sebdah/goldie/v2 v2.8.0/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI= github.com/seccomp/libseccomp-golang v0.11.1 h1:wuk4ZjSx6kyQII4rj6G6fvVzRHQaSiPvccJazDagu4g= github.com/seccomp/libseccomp-golang v0.11.1/go.mod h1:5m1Lk8E9OwgZTTVz4bBOer7JuazaBa+xTkM895tDiWc= -github.com/secure-systems-lab/go-securesystemslib v0.10.0 h1:l+H5ErcW0PAehBNrBxoGv1jjNpGYdZ9RcheFkB2WI14= -github.com/secure-systems-lab/go-securesystemslib v0.10.0/go.mod h1:MRKONWmRoFzPNQ9USRF9i1mc7MvAVvF1LlW8X5VWDvk= +github.com/secure-systems-lab/go-securesystemslib v0.11.0 h1:iuCR9kcMFD4QurdKrGvPLoKZLv9YvwPYVr0473BdtFs= +github.com/secure-systems-lab/go-securesystemslib v0.11.0/go.mod h1:+PMOTjUGwHj2vcZ+TFKlb1tXRbrdWE1LYDT5i9JC80Q= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= @@ -694,8 +694,8 @@ github.com/sigstore/rekor v1.5.0 h1:rL7SghHd5HLCtsCrxw0yQg+NczGvM75EjSPPWuGjaiQ= github.com/sigstore/rekor v1.5.0/go.mod h1:D7JoVCUkxwQOpPDNYeu+CE8zeBC18Y5uDo6tF8s2rcQ= github.com/sigstore/rekor-tiles/v2 v2.0.1 h1:1Wfz15oSRNGF5Dzb0lWn5W8+lfO50ork4PGIfEKjZeo= github.com/sigstore/rekor-tiles/v2 v2.0.1/go.mod h1:Pjsbhzj5hc3MKY8FfVTYHBUHQEnP0ozC4huatu4x7OU= -github.com/sigstore/sigstore v1.10.6 h1:YWhMQfTrJSK80QB1pbxjYeAwGKx+5UwWPPAY9hrPPZg= -github.com/sigstore/sigstore v1.10.6/go.mod h1:k/mcVVXw3I87dYG/iCVTSW2xTrW7vPzxxGic4KqsqXs= +github.com/sigstore/sigstore v1.10.7 h1:smc+VHwYFBVKJ7KqZayvrO2s0BOIUSMPL1QL6/edzFg= +github.com/sigstore/sigstore v1.10.7/go.mod h1:iGY02UN1B0tcy4hdNzwK2yyadEyuOeSG2XNNUc7W2q8= github.com/sigstore/sigstore-go v1.1.4 h1:wTTsgCHOfqiEzVyBYA6mDczGtBkN7cM8mPpjJj5QvMg= github.com/sigstore/sigstore-go v1.1.4/go.mod h1:2U/mQOT9cjjxrtIUeKDVhL+sHBKsnWddn8URlswdBsg= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.10.5 h1:aqHRubTITULckG9JAcq2FEhtKkT/RRE8oErfuV3smSI= @@ -742,8 +742,8 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/sylabs/json-resp v0.9.5 h1:mSMWgfolaCOeWB/+IpedxlZ+MRYh4PcCLMgay5b/Xyk= github.com/sylabs/json-resp v0.9.5/go.mod h1:Q9X4wRlZNPv3x76KaL8vTCBO4aC/DP2gh13xdtEqd1g= -github.com/sylabs/oci-tools v0.19.0 h1:7Dr+CjL2Xl/VzILxdPBhLQif84+W4QJ7XHltyyOf24E= -github.com/sylabs/oci-tools v0.19.0/go.mod h1:ZiYPGZHUshGkzXtE3pEuWSUqBLJNH4Q2eDxE/1OhMyc= +github.com/sylabs/oci-tools v0.20.0 h1:x/d0JiQfIP7GRFgTbV1w0cl/f3crZcFsE29aTbUOGQY= +github.com/sylabs/oci-tools v0.20.0/go.mod h1:g7u7iEOeQq01JNBN8nYI0Rd+sKBJmuqWIsh/nz2Fw70= github.com/sylabs/scs-build-client v0.9.20 h1:E3ut1cyxj+75RS4YrrjL0AmuASk7lhjsgAbSyTXI29g= github.com/sylabs/scs-build-client v0.9.20/go.mod h1:Qz4G6pOq4OQNyLFQUVaF7aBoSOHWUxGIJ5v5BYW37/Y= github.com/sylabs/scs-key-client v0.7.9 h1:ycAuGVZ4nObDJP9nP5o6j9ei3K+La3Sjyfjo6Zps+Og= @@ -897,8 +897,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= -golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= +golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= +golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -986,8 +986,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c= -golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI= +golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8= +golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 9c6b32a8c96a1ce11a99326b2f39100fd1ac6414 Mon Sep 17 00:00:00 2001 From: David Trudgian Date: Mon, 1 Jun 2026 14:00:40 +0100 Subject: [PATCH 2/2] fix: e2e: registry & auth on same port In google/go-containerregistry, validation of private / link-local auth realms now requires a host:port match with the registry. We need to put the auth behind a mux, so it's at the same host:port instead of running at a separate listener. --- LICENSE_DEPENDENCIES.md | 30 -------------- e2e/internal/e2e/docker.go | 57 +++++++++++--------------- e2e/internal/e2e/docker_auth_server.go | 13 ++---- go.mod | 2 +- 4 files changed, 29 insertions(+), 73 deletions(-) diff --git a/LICENSE_DEPENDENCIES.md b/LICENSE_DEPENDENCIES.md index 2b321fe34e..eb5f7b0781 100644 --- a/LICENSE_DEPENDENCIES.md +++ b/LICENSE_DEPENDENCIES.md @@ -18428,36 +18428,6 @@ SOFTWARE. ``` -## github.com/mitchellh/go-homedir - -**License:** MIT - -``` -The MIT License (MIT) - -Copyright (c) 2013 Mitchell Hashimoto - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. - -``` - - ## github.com/mitchellh/hashstructure/v2 **License:** MIT diff --git a/e2e/internal/e2e/docker.go b/e2e/internal/e2e/docker.go index cacd503d3b..36386f08d8 100644 --- a/e2e/internal/e2e/docker.go +++ b/e2e/internal/e2e/docker.go @@ -24,6 +24,7 @@ import ( dcontext "github.com/distribution/distribution/context" "github.com/distribution/distribution/registry/handlers" "github.com/docker/distribution/configuration" + "github.com/gorilla/mux" // necessary imports for registry drivers _ "github.com/distribution/distribution/registry/storage/driver/filesystem" @@ -64,9 +65,9 @@ func StartRegistry(t *testing.T, env TestEnv) string { ctx := context.Background() - authListener, err := net.Listen("tcp", "127.0.0.1:0") + listener, err := net.Listen("tcp", "127.0.0.1:0") if err != nil { - t.Fatalf("could not setup listener for docker auth server: %s", err) + t.Fatalf("could not setup listener for docker registry: %s", err) } certsDir := filepath.Join(env.TestDir, "certs") @@ -98,12 +99,10 @@ func StartRegistry(t *testing.T, env TestEnv) string { t.Fatalf("openssl command failed: %v\nOutput: %s", err, out) } - go func() { - // for simplicity let this be brutally stopped once test finished - if err := startAuthServer(authListener, certFile, keyFile); err != nil && err != http.ErrServerClosed { - panic(fmt.Errorf("failed to start docker auth server: %s", err)) - } - }() + authHandler, err := newAuthHandler(certFile, keyFile) + if err != nil { + t.Fatalf("failed to create docker auth handler: %s", err) + } regDir := filepath.Join(env.TestDir, "local-registry") if err := os.Mkdir(regDir, 0o755); err != nil { @@ -120,7 +119,7 @@ func StartRegistry(t *testing.T, env TestEnv) string { RootCertBundle string }{ RootDir: regDir, - Realm: fmt.Sprintf("http://%s/auth", authListener.Addr().String()), + Realm: fmt.Sprintf("http://%s/auth", listener.Addr().String()), RootCertBundle: certFile, } @@ -137,47 +136,39 @@ func StartRegistry(t *testing.T, env TestEnv) string { ctx = dcontext.WithLogger(ctx, dcontext.GetLogger(ctx)) app := handlers.NewApp(ctx, config) + + router := mux.NewRouter() + // The auth server shares the registry's host:port, distinguished by the + // /auth path. This matches the Realm advertised in the registry config. + router.Handle("/auth", authHandler) + router.HandleFunc("/", func(w http.ResponseWriter, _ *http.Request) { + w.Header().Set("Cache-Control", "no-cache") + w.WriteHeader(http.StatusOK) + }).Methods(http.MethodGet) + router.PathPrefix("/").Handler(app) + server := &http.Server{ - Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.URL.Path == "/" { - w.Header().Set("Cache-Control", "no-cache") - w.WriteHeader(http.StatusOK) - return - } - app.ServeHTTP(w, r) - }), + Handler: router, ReadHeaderTimeout: httpTimeout, } - registryListener, err := net.Listen("tcp", "127.0.0.1:0") - if err != nil { - t.Fatalf("could not setup listener for docker registry: %s", err) - } - go func() { - if err := server.Serve(registryListener); err != nil && err != http.ErrServerClosed { + if err := server.Serve(listener); err != nil && err != http.ErrServerClosed { panic(fmt.Errorf("failed to start docker local registry: %s", err)) } }() - _, port, err := net.SplitHostPort(registryListener.Addr().String()) - if err != nil { - t.Fatalf("failed to retrieve local registry port: %s", err) - } - - addr := net.JoinHostPort("localhost", port) - for range 30 { - resp, err := http.Get(fmt.Sprintf("http://%s/", addr)) + resp, err := http.Get(fmt.Sprintf("http://%s/", listener.Addr().String())) resp.Body.Close() if err != nil || resp.StatusCode != 200 { time.Sleep(time.Second) continue } - return addr + return listener.Addr().String() } t.Fatalf("local registry not reachable") - return addr + return listener.Addr().String() } diff --git a/e2e/internal/e2e/docker_auth_server.go b/e2e/internal/e2e/docker_auth_server.go index dbd68897e4..9c1e75f67c 100644 --- a/e2e/internal/e2e/docker_auth_server.go +++ b/e2e/internal/e2e/docker_auth_server.go @@ -1,5 +1,5 @@ // Copyright (c) 2020, Control Command Inc. All rights reserved. -// Copyright (c) 2021-2025, Sylabs Inc. All rights reserved. +// Copyright (c) 2021-2026, Sylabs Inc. All rights reserved. // Copyright (c) Contributors to the Apptainer project, established as // Apptainer a Series of LF Projects LLC. // This software is licensed under a 3-clause BSD license. Please consult the @@ -10,7 +10,6 @@ package e2e import ( "fmt" - "net" "net/http" "strings" "sync" @@ -75,7 +74,7 @@ func (a *authnz) Authorize(req *registry.AuthorizationRequest) ([]string, error) return []string{"pull", "push"}, nil } -func startAuthServer(ln net.Listener, crt, key string) error { +func newAuthHandler(crt, key string) (http.Handler, error) { authnz := new(authnz) opt := ®istry.Option{ @@ -89,14 +88,10 @@ func startAuthServer(ln net.Listener, crt, key string) error { srv, err := registry.NewAuthServer(opt) if err != nil { - return err + return nil, err } - http.Handle("/auth", &dockerAuthHandler{srv: srv}) - server := &http.Server{ - ReadHeaderTimeout: httpTimeout, - } - return server.Serve(ln) + return &dockerAuthHandler{srv: srv}, nil } func (d *dockerAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { diff --git a/go.mod b/go.mod index 2734e13ce5..9a5608f293 100644 --- a/go.mod +++ b/go.mod @@ -29,6 +29,7 @@ require ( github.com/gofrs/flock v0.13.0 github.com/google/go-containerregistry v0.21.6 github.com/google/uuid v1.6.0 + github.com/gorilla/mux v1.8.1 github.com/gosimple/slug v1.15.0 github.com/moby/buildkit v0.30.0 github.com/moby/go-archive v0.2.0 @@ -165,7 +166,6 @@ require ( github.com/google/go-cmp v0.7.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/gorilla/handlers v1.5.2 // indirect - github.com/gorilla/mux v1.8.1 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/gosimple/unidecode v1.0.1 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect