Jim's Blog
Toggle navigation
Jim's Blog
Home
About Me
Archives
Tags
Registry Authentication
2022-02-23 03:16:55
654
0
0
jim
> https://docs.docker.com/registry/spec/auth/token/ ## 分步骤 ### 1. 获取认证地址 ``` curl -i -I https://harbor/v2/library/alpine/manifests/latest ``` ``` HTTP/1.1 401 Unauthorized Content-Length: 152 Content-Type: application/json; charset=utf-8 Date: Thu, 27 Jan 2022 03:19:00 GMT Docker-Distribution-Api-Version: registry/2.0 Server: nginx Set-Cookie: sid=9f4a1fdd3ce6f4464eaf1871f6230678; Path=/; HttpOnly Www-Authenticate: Bearer realm="https://harbor/service/token",service="harbor-registry",scope="repository:library/alpine:pull" X-Request-Id: 583bd0d4-e8ba-4dfa-80d7-0ffb20e6e940 ``` ### 2. 获取 Token ``` curl -i "https://harbor/service/token?service=harbor-registry&scope=repository:library/alpine:pull" ``` ``` HTTP/1.1 200 OK Content-Security-Policy: frame-ancestors 'none' Content-Type: application/json; charset=utf-8 Date: Thu, 27 Jan 2022 03:19:38 GMT Server: nginx Set-Cookie: sid=fca0ba3d02c3ebe62c40063d388e82cf; Path=/; HttpOnly X-Frame-Options: DENY X-Request-Id: 35086e4c-da31-4c97-b846-248e36adec99 Transfer-Encoding: chunked {"token":"","access_token":"","expires_in":1800,"issued_at":"2022-01-27T03:19:38Z"} ``` ### 3. 通过 tag 获取 manifests ``` curl -i -H "Authorization: Bearer $token" https://harbor/v2/library/alpine/manifests/latest ``` ``` { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 528, "digest": "sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3", "platform": { "architecture": "amd64", "os": "linux" } } ] } ``` ### 4. 通过 sha256 获取 manifests ``` curl -i -H "Authorization: Bearer $token" https://harbor/v2/library/alpine/manifests/sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3 ``` ``` { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "config": { "mediaType": "application/vnd.docker.container.image.v1+json", "size": 1471, "digest": "sha256:c059bfaa849c4d8e4aecaeb3a10c2d9b3d85f5165c66ad3a4d937758128c4d18" }, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 2818413, "digest": "sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3" } ] } ``` ### 5. 获取 blob ``` curl -i -H "Authorization: Bearer $token" https://harbor/v2/library/alpine/blobs/sha256:c059bfaa849c4d8e4aecaeb3a10c2d9b3d85f5165c66ad3a4d937758128c4d18 ``` ``` { "architecture": "amd64", "config": { "Hostname": "", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "/bin/sh" ], "Image": "sha256:b747534ae29d08c0c84cc4326caf04e873c6d02bb67cd9c7644be2b4fa8d2f31", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": null }, "container": "4292e8ed2ef2b6dc4bbaf8e1cda0cb5f95b96adc4aa2da3d15181b54d07a0b34", "container_config": { "Hostname": "4292e8ed2ef2", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "/bin/sh", "-c", "#(nop) ", "CMD [\"/bin/sh\"]" ], "Image": "sha256:b747534ae29d08c0c84cc4326caf04e873c6d02bb67cd9c7644be2b4fa8d2f31", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": {} }, "created": "2021-11-24T20:19:40.483367546Z", "docker_version": "20.10.7", "history": [ { "created": "2021-11-24T20:19:40.199700946Z", "created_by": "/bin/sh -c #(nop) ADD file:9233f6f2237d79659a9521f7e390df217cec49f1a8aa3a12147bbca1956acdb9 in / " }, { "created": "2021-11-24T20:19:40.483367546Z", "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759" ] } } ``` ## 脚本 ### 获取 Token ``` #!/bin/bash set -e # for private images, update username:password in curl username="" password="" image=harbor.example.com/library/alpine:latest domain=${image%%/*} path_tag=${image#*/} path=${path_tag%:*} tag=${path_tag##*:} result=$(curl -is -I https://${domain}/v2/${path}/manifests/${tag}) realm=$(echo $result | grep -oP '(?<=Bearer realm=")[^"]*') service=$(echo $result | grep -oP '(?<=service=")[^"]*') scope=$(echo $result | grep -oP '(?<=scope=")[^"]*') auth="" if [[ "$username:$password" != ":" ]]; then auth="-u $username:$password" fi token=$(curl $auth -s "${realm}?service=${service}&scope=${scope}" -k | grep -oP '(?<="token":")[^"]*') echo ${token} ```
Pre:
绿联 DX4600 开启 ssh
Next:
UEFI Operation
0
likes
654
新浪微博
微信
腾讯微博
QQ空间
人人网
Please enable JavaScript to view the
comments powered by Disqus.
comments powered by
Disqus
Table of content