Skip to content

osxkeychain: store: add atyp attribute #367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
akerouanton merged 1 commit into from
Mar 14, 2025
Merged

osxkeychain: store: add atyp attribute #367

akerouanton merged 1 commit into from
Mar 14, 2025

Conversation

@akerouanton
Copy link
Member

@akerouanton akerouanton commented Mar 14, 2025

- What I did

Prior to v0.9.0, the osxkeychain creds helper was adding the atyp attribute (ie. authentication type) to its credentials. It was also specifying this attribute when querying the keychain for credentials.

Since v0.9.0, we don't set this attribute anymore. So, if a credential is stored with v0.9.0+ and then queried with a v0.8.2 helper, the atyp attribute will be missing and the credential won't be found.

- How to verify it

- Description for the changelog

- osxkeychain: fix a bug that was preventing credentials created with v0.9.0+ to be retrieved with older versions

@akerouanton akerouanton requested a review from crazy-max March 14, 2025 11:30
@codecov-commenter
Copy link

codecov-commenter commented Mar 14, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 52.08%. Comparing base (cfd6d21) to head (e7bd395).
Report is 2 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #367      +/-   ##
==========================================
+ Coverage   51.28%   52.08%   +0.79%     
==========================================
  Files          13       13              
  Lines         661      672      +11     
==========================================
+ Hits          339      350      +11     
  Misses        278      278              
  Partials       44       44

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

akerouanton
akerouanton commented Mar 14, 2025
View reviewed changes
osxkeychain/osxkeychain.go
//
// In order to keep compatibility with older versions, we need to store
// credentials with this attribute set.
item.SetAuthenticationType("dflt")
Copy link
Member Author

@akerouanton akerouanton Mar 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As a follow-up, it'd be great to add this constant and the ones I hardcoded in #361 to keybase/go-keychain.

I started doing that, but it's lower priority than getting this fixed here before we release the next version of Docker Desktop with a creds store that doesn't support downgrades.

Copy link
Member

@crazy-max crazy-max Mar 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hum yes indeed I looked at previous implem https://github.com/docker/docker-credential-helpers/pull/282/files#diff-13e5d0d1bee45d43439783edc43138e1d9584d2ec29cab4969460384db72ec42L28 and we set it to dflt as well.

I thought dflt was the default SecAuthenticationType in keybase/go-keychain so agree to set this upstream.

Copy link
Member Author

@akerouanton akerouanton Mar 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh! I forgot to add a link to keychain_get in my comment. Let me update it before I merge.

@akerouanton
osxkeychain: store: add atyp attribute
e7bd395 
Prior to v0.9.0, the osxkeychain creds helper was adding the `atyp`
attribute (ie. authentication type) to its credentials. It was also
specifying this attribute when querying the keychain for credentials.

Since v0.9.0, we don't set this attribute anymore. So, if a credential
is stored with v0.9.0+ and then queried with a v0.8.2 helper, the
atyp attribute will be missing and the credential won't be found.

Signed-off-by: Albin Kerouanton <[email protected]>
@akerouanton akerouanton force-pushed the osxkeychain-set-atyp branch from 79117ca to e7bd395 Compare March 14, 2025 11:46
@akerouanton akerouanton merged commit f9d3010 into docker:master Mar 14, 2025
12 checks passed
@akerouanton akerouanton deleted the osxkeychain-set-atyp branch March 14, 2025 11:52
@BrewTestBot BrewTestBot mentioned this pull request Mar 14, 2025
Merged
@red-hat-konflux red-hat-konflux bot mentioned this pull request Apr 13, 2025
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crazy-max crazy-max crazy-max approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akerouanton @codecov-commenter @crazy-max