We use cookies to ensure you get the best experience on our website
Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
0ct0pu5
/
moby
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

Update downloader script, to ensure that Authorization header is not passed when downloading blobs.

Signed-off-by: Alexander Midlash <amidlash@docker.com>
Alexander Midlash há 8 anos atrás
pai
050c1bb17b
commit
5c38e4c16a
1 ficheiros alterados com 15 adições e 9 exclusões
Visão Unificada Mostrar Estatísticas Diff
  1. 15 9
      contrib/download-frozen-image-v2.sh

+ 15 - 9
contrib/download-frozen-image-v2.sh
Ver Ficheiro 

@@ -44,6 +44,17 @@ if [ "$(go env GOHOSTOS)" = 'windows' ]; then
 
 	fi
 
 	fi
 
 fi
 
 fi
 
 
 
+fetch_blob() {
 
+	url=$1
 
+	token=$2
 
+	dest=$3
 
+	echo "Attempting to download blob $url"
 
+	target=$(curl -sS -v -H "Authorization: Bearer $token" "$url" 2>&1 | grep "Location:" | sed 's/< Location: \(.*\)\r/\1/')
 
+	# curl blob (exclude auth token)
 
+	curl -fsS --progress "${target}" -o "$dest"
 
+}
 
+
 
+
 
 while [ $# -gt 0 ]; do
 
 while [ $# -gt 0 ]; do
 
 	imageTag="$1"
 
 	imageTag="$1"
 
 	shift
 
 	shift
 
@@ -87,10 +98,7 @@ while [ $# -gt 0 ]; do
 
 					imageId="${configDigest#*:}" # strip off "sha256:"
 
 					imageId="${configDigest#*:}" # strip off "sha256:"
 
 
 
 					configFile="$imageId.json"
 
 					configFile="$imageId.json"
 
-					curl -fsSL \
 
-						-H "Authorization: Bearer $token" \
 
-						"https://registry-1.docker.io/v2/$image/blobs/$configDigest" \
 
-						-o "$dir/$configFile"
 
+					fetch_blob "https://registry-1.docker.io/v2/$image/blobs/$configDigest" $token "$dir/$configFile"
 
 
 
 					layersFs="$(echo "$manifestJson" | jq --raw-output --compact-output '.layers[]')"
 
 					layersFs="$(echo "$manifestJson" | jq --raw-output --compact-output '.layers[]')"
 
 					IFS="$newlineIFS"
 
 					IFS="$newlineIFS"
 
@@ -158,10 +166,7 @@ while [ $# -gt 0 ]; do
 
 									continue
 
 									continue
 
 								fi
 
 								fi
 
 								token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output '.token')"
 
 								token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output '.token')"
 
-								curl -fSL --progress \
 
-									-H "Authorization: Bearer $token" \
 
-									"https://registry-1.docker.io/v2/$image/blobs/$layerDigest" \
 
-									-o "$dir/$layerTar"
 
+								fetch_blob "https://registry-1.docker.io/v2/$image/blobs/$layerDigest" $token "$dir/$layerTar"
 
 								;;
 
 								;;
 
 
 
 							*)
 
 							*)
 
@@ -231,7 +236,8 @@ while [ $# -gt 0 ]; do
 
 					continue
 
 					continue
 
 				fi
 
 				fi
 
 				token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output '.token')"
 
 				token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output '.token')"
 
-				curl -fSL --progress -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/blobs/$imageLayer" -o "$dir/$layerId/layer.tar" # -C -
 
+				# find redirect using token:
 
+				fetch_blob "https://registry-1.docker.io/v2/$image/blobs/$imageLayer" $token "$dir/$layerId/layer.tar"
 
 			done
 
 			done
 
 			;;
 
 			;;

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5