From 80174c1bc4bc7d33d6d5583c6141d8933b75a797 Mon Sep 17 00:00:00 2001 From: Erlend Hamnaberg Date: Thu, 22 May 2025 22:25:49 +0200 Subject: [PATCH 1/3] Allow absolute path in credential store/helpers This would allow users to use a helper that does not live in path. The underlying credentials helper library uses os/exec exec.Command so this should be safe to do. I should add a test, please advice for the best location to do that. Signed-off-by: Erlend Hamnaberg --- cli/config/credentials/native_store.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cli/config/credentials/native_store.go b/cli/config/credentials/native_store.go index b9af145b9dcb..4062952d3a66 100644 --- a/cli/config/credentials/native_store.go +++ b/cli/config/credentials/native_store.go @@ -4,6 +4,7 @@ import ( "github.com/docker/cli/cli/config/types" "github.com/docker/docker-credential-helpers/client" "github.com/docker/docker-credential-helpers/credentials" + "path/filepath" ) const ( @@ -22,7 +23,12 @@ type nativeStore struct { // NewNativeStore creates a new native store that // uses a remote helper program to manage credentials. func NewNativeStore(file store, helperSuffix string) Store { - name := remoteCredentialsPrefix + helperSuffix + var name string + if filepath.IsAbs(helperSuffix) { + name = helperSuffix + } else { + name = remoteCredentialsPrefix + helperSuffix + } return &nativeStore{ programFunc: client.NewShellProgramFunc(name), fileStore: NewFileStore(file), From e5ff2f8d43f71a9dafe9d28c4d6fde9f2e24622c Mon Sep 17 00:00:00 2001 From: Erlend Hamnaberg Date: Sun, 25 May 2025 20:07:31 +0200 Subject: [PATCH 2/3] Update cli/config/credentials/native_store.go Co-authored-by: Laura Brehm Signed-off-by: Erlend Hamnaberg --- cli/config/credentials/native_store.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/cli/config/credentials/native_store.go b/cli/config/credentials/native_store.go index 4062952d3a66..c4f67dcb30fe 100644 --- a/cli/config/credentials/native_store.go +++ b/cli/config/credentials/native_store.go @@ -23,11 +23,9 @@ type nativeStore struct { // NewNativeStore creates a new native store that // uses a remote helper program to manage credentials. func NewNativeStore(file store, helperSuffix string) Store { - var name string - if filepath.IsAbs(helperSuffix) { - name = helperSuffix - } else { - name = remoteCredentialsPrefix + helperSuffix + name := helperSuffix + if !filepath.IsAbs(name) { + name = remoteCredentialsPrefix + name } return &nativeStore{ programFunc: client.NewShellProgramFunc(name), From b198fa47778629a3c741bf558f910d1107250952 Mon Sep 17 00:00:00 2001 From: Erlend Hamnaberg Date: Thu, 19 Jun 2025 12:29:44 +0200 Subject: [PATCH 3/3] changes after review Signed-off-by: Erlend Hamnaberg --- cli/config/credentials/native_store.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/cli/config/credentials/native_store.go b/cli/config/credentials/native_store.go index c4f67dcb30fe..6ac0a2510e11 100644 --- a/cli/config/credentials/native_store.go +++ b/cli/config/credentials/native_store.go @@ -1,10 +1,11 @@ package credentials import ( + "path/filepath" + "github.com/docker/cli/cli/config/types" "github.com/docker/docker-credential-helpers/client" "github.com/docker/docker-credential-helpers/credentials" - "path/filepath" ) const ( @@ -23,9 +24,10 @@ type nativeStore struct { // NewNativeStore creates a new native store that // uses a remote helper program to manage credentials. func NewNativeStore(file store, helperSuffix string) Store { - name := helperSuffix - if !filepath.IsAbs(name) { - name = remoteCredentialsPrefix + name + name = remoteCredentialsPrefix + name + + if filepath.IsAbs(helperSuffix) { + name = helperSuffix } return &nativeStore{ programFunc: client.NewShellProgramFunc(name),