From ee022069ac8a29ecda14c3763fcdad211cf0716a Mon Sep 17 00:00:00 2001 From: Adam Cmiel Date: Mon, 12 Aug 2024 16:30:19 +0200 Subject: [PATCH] download-sbom: make auth work with curl < 7.83.0 Curl versions lower than 7.83.0 do not support the %header{...} syntax. Write out all the headers and pick out the one we need using sed. Signed-off-by: Adam Cmiel --- .../download-sbom-from-url-in-attestation.yaml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/task/download-sbom-from-url-in-attestation/0.1/download-sbom-from-url-in-attestation.yaml b/task/download-sbom-from-url-in-attestation/0.1/download-sbom-from-url-in-attestation.yaml index 2bf55df89c..7dfc833133 100644 --- a/task/download-sbom-from-url-in-attestation/0.1/download-sbom-from-url-in-attestation.yaml +++ b/task/download-sbom-from-url-in-attestation/0.1/download-sbom-from-url-in-attestation.yaml @@ -207,19 +207,21 @@ spec: local tmp_dest=$(mktemp --tmpdir) + local headers_file + headers_file=$(mktemp --tmpdir download-sbom-task.headers.XXXXXX) + local common_curl_opts=(--silent --show-error --retry "${HTTP_RETRIES:-3}") echo "GET $blob_url" >&2 - local outputs - mapfile -t outputs < <(curl \ + local response_code + response_code=$(curl \ "${common_curl_opts[@]}" \ -L \ - --write-out '%header{www-authenticate}\n%{response_code}' \ + --write-out '%{response_code}' \ --output "$tmp_dest" \ + --dump-header "$headers_file" \ "$blob_url" ) - local www_authenticate=${outputs[0]} - local response_code=${outputs[1]} if [[ "$response_code" -eq 200 ]]; then # Blob download didn't require auth, we're done @@ -227,6 +229,9 @@ spec: elif [[ "$response_code" -eq 401 ]]; then echo "Got 401, trying to authenticate" >&2 + local www_authenticate + www_authenticate=$(sed -n 's/^www-authenticate:\s*//ip' "$headers_file") + local realm service scope token_url realm=$(get_from_www_auth_header "$www_authenticate" realm) service=$(get_from_www_auth_header "$www_authenticate" service)