Merge pull request containerd#3410 from apostasie/dev-login-hosts-file-default-port

Login refactor (small breakout): hostsstore resolution cleanup

Author: AkihiroSuda

pkg/imgutil/dockerconfigresolver/dockerconfigresolver.go

@@ -20,7 +20,6 @@ import (
 	"context"
 	"crypto/tls"
 	"errors"
-	"os"
 
 	"github.com/containerd/containerd/v2/core/remotes"
 	"github.com/containerd/containerd/v2/core/remotes/docker"
@@ -57,24 +56,9 @@ func WithSkipVerifyCerts(b bool) Opt {
 
 // WithHostsDirs specifies directories like /etc/containerd/certs.d and /etc/docker/certs.d
 func WithHostsDirs(orig []string) Opt {
-	var ss []string
-	if len(orig) == 0 {
-		log.L.Debug("no hosts dir was specified")
-	}
-	for _, v := range orig {
-		if _, err := os.Stat(v); err == nil {
-			log.L.Debugf("Found hosts dir %q", v)
-			ss = append(ss, v)
-		} else {
-			if errors.Is(err, os.ErrNotExist) {
-				log.L.WithError(err).Debugf("Ignoring hosts dir %q", v)
-			} else {
-				log.L.WithError(err).Warnf("Ignoring hosts dir %q", v)
-			}
-		}
-	}
+	validDirs := validateDirectories(orig)
 	return func(o *opts) {
-		o.hostsDirs = ss
+		o.hostsDirs = validDirs
 	}
 }
 
@@ -96,14 +80,19 @@ func NewHostOptions(ctx context.Context, refHostname string, optFuncs ...Opt) (*
 	}
 	var ho dockerconfig.HostOptions
 
-	ho.HostDir = func(s string) (string, error) {
-		for _, hostsDir := range o.hostsDirs {
-			found, err := dockerconfig.HostDirFromRoot(hostsDir)(s)
-			if (err != nil && !errdefs.IsNotFound(err)) || (found != "") {
-				return found, err
+	ho.HostDir = func(hostURL string) (string, error) {
+		regURL, err := Parse(hostURL)
+		if err != nil {
+			return "", err
+		}
+		dir, err := hostDirsFromRoot(regURL, o.hostsDirs)
+		if err != nil {
+			if errors.Is(err, errdefs.ErrNotFound) {
+				err = nil
 			}
+			return "", err
 		}
-		return "", nil
+		return dir, nil
 	}
 
 	if o.authCreds != nil {

pkg/imgutil/dockerconfigresolver/hostsstore.go

@@ -0,0 +1,66 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package dockerconfigresolver
+
+import (
+	"errors"
+	"os"
+
+	"github.com/containerd/containerd/v2/core/remotes/docker/config"
+	"github.com/containerd/errdefs"
+	"github.com/containerd/log"
+)
+
+// validateDirectories inspect a slice of strings and returns the ones that are valid readable directories
+func validateDirectories(orig []string) []string {
+	ss := []string{}
+	for _, v := range orig {
+		fi, err := os.Stat(v)
+		if err != nil || !fi.IsDir() {
+			if !errors.Is(err, os.ErrNotExist) {
+				log.L.WithError(err).Warnf("Ignoring hosts location %q", v)
+			}
+			continue
+		}
+		ss = append(ss, v)
+	}
+	return ss
+}
+
+// hostDirsFromRoot will retrieve a host.toml file for the namespace host, possibly trying without port
+// if the requested port is standard.
+// https://github.com/containerd/nerdctl/issues/3047
+func hostDirsFromRoot(registryURL *RegistryURL, dirs []string) (string, error) {
+	hostsDirs := validateDirectories(dirs)
+
+	// Go through the configured system location to consider for hosts.toml files
+	for _, hostsDir := range hostsDirs {
+		found, err := config.HostDirFromRoot(hostsDir)(registryURL.Host)
+		// If we errored with anything but NotFound, or if we found one, return now
+		if (err != nil && !errdefs.IsNotFound(err)) || (found != "") {
+			return found, err
+		}
+		// If not found, and the port is standard, try again without the port
+		if registryURL.Port() == standardHTTPSPort {
+			found, err = config.HostDirFromRoot(hostsDir)(registryURL.Hostname())
+			if (err != nil && !errors.Is(err, errdefs.ErrNotFound)) || (found != "") {
+				return found, err
+			}
+		}
+	}
+	return "", nil
+}