Unable to download docker image layer from JFrog Artifactory using curl - artifactory

I am using the command:
curl -O -u username:API_KEY https://artifactory_url/artifactory/docker_repo/image/tag/sha
The file created after curl completes successfully is empty

This could happen if redirect download feature is enabled on Artifactory side. The reason is, when a repository is configured to redirect downloads, a client requesting Artifactory for an artifact(exceeding a specific file size) hosted in that repository receives a 302 response initially with a Location header containing a signed direct download url. Then the client uses the particular URL to download the actual file.
Hence we would need to make sure follow redirect option is enabled by the client attempting to download it. In case of curl it can be achieved by adding -L
curl -O -L -u username:API_KEY
https://artifactory_url/artifactory/docker_repo/image/tag/sha

Related

wget - download file from ftp server (with auth) via http proxy (with auth)

I want to use wget to download a whole folder from ftp (i know about -r), curl does not allow downloading folder in one request. I have the following syntax for curl working but can't work out the syntax for even downloading a single file via wget. The key things here are that ftp has auth and getting to ftp is via http proxy (with diff credentials).
This is the working curl command:
curl --proxy-anyauth --proxy-user NTADMIN\proxyuser:proxypass --proxy http://httpproxyhost:8080 --anyauth -u ftpuser:ftppass -v 'ftp://ftphost/file'
What is the equivalent in wget?
You can try to use canonical URI format:
curl --proxy http://proxyuser:proxypass#httpproxyhost:8080 -v 'ftp://ftpuser:ftppass#ftphost/file'
With wget you can use command like this:
ftp_proxy=http://proxyuser:proxypass#httpproxyhost:8080 wget ftp://ftpuser:ftppass#ftphost/file

Download docker image from artifactory using curl or wget..?

Do we have any option/way to download a docker image using wget or curl.
My docker image is present in Jfrog artifactory.
First, any curl command to an Artifactory repo would need the API key of your account. See "How to use docker registry API with Artifactory Docker Repository when not using docker client?"
you can use the following header: "X-JFrog-Art-Api" and pass the API key of the user to authenticate. The API key of the user can be retrieved from the "User Profile" page in Artifactory. Artifactory REST API supports three forms of authentication and you can use any one of them with the docker repository
Second, downloading an image is not trivial (as you need to get all the layers).
You might have some chance adapting the moby contrib script download-frozen-image-v2.sh
Or try docker-registry-debug which will print a curl command for fetching the layer, as explained here.
I found this answer while looking to do the same thing with gitlab. I modified the suggested moby contrib script to do the same thing for a gitlab instance.
Download download-gitlab-frozen-docker-image.sh
Mark it executable (chmod +x download-gitlab-frozen-docker-image.sh)
Run the script:
./download-gitlab-frozen-docker-image.sh <FOLDER_NAME> <DOCKER_URL>
where FOLDER_NAME is the folder to store the frozen docker image and DOCKER_URL is the url straight out of the gitlab container registry.
Import the frozen folder into docker (at your convenience/any future date):
tar -cC '<FOLDER_NAME>' . | docker load

Artifactory: upload with api key (not password)

How would you upload an artifact to artifactory without using a password?
If I create a new user specific for uploads, that user by default doesn't git the 'upload' permission unless they are an administrator.
To upload with credentials
curl -u admin:'correct-horse-battery-staple' -T foo.zip
To upload with an api key
curl --header 'X-JFrog-Art-Api: 1234567890' -T foo.zip
Alternativly you can use the syntax <username:apikey>
curl -u admin:1234567890 -T foo.zip
https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API
You can create the api key on the user profile page.
See the various authentication options, including authentication using API key, in the JFrog CLI for Artifactory documentation page:
https://www.jfrog.com/confluence/display/CLI/CLI+for+JFrog+Artifactory
If you want to use .pypirc you can just put:
[distutils]
index-servers = local
[local]
repository: https://artifactory-url/repo
username: <username>
password: <api-key>
Then you can upload using python setup.py bdist_wheel upload -r local.
Though my user is an admin at the moment so it answers only the API key part of the question.
If you're looking at a nuget artifact, here's the one line CLI command below.
nuget push <your-package-name.nupkg> -source <artifactory-repo-url>/nuget-local/ -ApiKey <your-user-name>:<apikey>
It's buried in the jfrog documentation. I would think uploading other artifacts would follow a similar pattern.

How do use ngrok in conjunction with Google Oauth?

I recently installed Ngrok in order to test my localhost meteor App on my phone.
I am successful in accessing the meteor app via a tunnel by ngrok.
However when I try to login using I get this error message:
The login process shows the following error message:
400. That’s an error.
Error: redirect_uri_mismatch
Application: AppName
You can email the developer of this application at: my#emailadress.com
The redirect URI in the request, http://localhost:7123/_oauth/google,
does not match the ones authorized for the OAuth client.
Updating the Authorized JavaScript origins & redirect URIs to the Ngrok forwarding addresses, doesn't have an effect.
How do I correctly use ngrok in conjuction with Google Oauth?
Any help would be greatly appreciated
Use ngrok and change the Root URL to the one supplied by ngrok.
ROOT_URL=http:XXXXXXXX.ngrok.io meteor to start meteor.
It's trying to use http://localhost:7123/_oauth/google instead of a more ngrok-like url that could be, for example: https://fd4fdbbb.ngrok.io/_oauth/google
You can check the parameters that you are using to run the app and the environment variables too.
For example, I typically use
ServiceConfiguration.configurations.upsert(
{ service: 'facebook' },
{
$set: {
appId: process.env.facebookConsumerKey,
secret: process.env.facebookConsumerSecret,
loginStyle: 'popup'
}
}
);
And run meteor using a bash script that looks like:
#!/bin/bash
export NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm
nvm install 4.4.7
IP_ADDRESS=`ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | grep -v '10.0.0.1'` echo "Starting app on: $IP_ADDRESS:3000"
# NODE_DEBUG=request \
# facebookOAuthRedirectURL=http://$IP_ADDRESS:3000/_oauth/facebook \
facebookAppName="BlahApp - local dev" \
facebookConsumerKey=12345 \
facebookConsumerSecret=xxxxxx \
facebookOAuthRedirectURL=http://$IP_ADDRESS:3000/_oauth/facebook \
MONGO_URL=mongodb://$IP_ADDRESS:27017/staging-blah-app \
ROOT_URL=http://$IP_ADDRESS:3000 \
BIND_IP=$IP_ADDRESS \
MOBILE_DDP_URL=http://$IP_ADDRESS \
MOBILE_ROOT_URL=http://$IP_ADDRESS \
meteor --port $IP_ADDRESS:3000 --settings development-settings.json
So you can, instead of using googleOAuthRedirectURL=http://$IP_ADDRESS:3000/_oauth/google could use https://fd4fdbbb.ngrok.io/_oauth/google
The issue was that the environment variable were not read by meteor, and even though it was overwritten on the client side, somehow the server connected to google with a wrong callback url.
Now for the solution... I started by ensuring that the settings in the google service configuration were reset by running this in the terminal after killing the app:
meteor reset
In a separate terminal, I then started ngrok to generate a tunnel link:
./ngrok http 7123
Yielding the tunnel link:
http://adba9b9f.ngrok.io/
In a separate terminal I start my app by assigning it to "port 7123" and setting "http://adba9b9f.ngrok.io" as the absoluteUrl like this:
ROOT_URL=http://adba9b9f.ngrok.io meteor --port 7123
To confirm that this command has been carried out, I typed this into the browser console
Meteor.absoluteUrl()
The response:
"http://adba9b9f.ngrok.io"
Indicates that the Meteor.absoluteUrl() command was successful.
Next, I accessed my app via the "http://adba9b9f.ngrok.io" tunnel and clicked on the "Configure google button", where GLADLY noticed that the Authorized JavaScript origins were preset to:
http://adba9b9f.ngrok.io and
Authorized redirect URIs preset to: http://adba9b9f.ngrok.io/_oauth/google
I then filled in the Client ID and Client Secret part with details from the google credentials, and updated the google credentials with the details from the configure google button details and saved.
Am happy to say... Everything works desirably now.

How to download objects from svn repository to unix AIX

I am unable to download file's from svn repository into unix AIX system. I am using "curl" command in unix to download the file but it fails with below error
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
command used :
curl -u username:password http://server.com/svn/trunk/test.file
Are there any settings in subversion repository which i need to change to make the curl command work.If yes, then how to change them.
I cannot use wget because it is not installed on our machine the alternative is curl.
Please, help me download subversion files into unix. your help will be greatly appreciated.
Thanks,
Sri
The short way to do it would be to add the --insecure option to the curl command. This tells cURL to ignore the fact that it can't verify the signer of the SSL cert used by your SVN server.
curl -u username:password --insecure https://server.com/svn/trunk/test.file
The error is happening for one of two reasons, either your SVN access is secured using a self-signed certificate from a CA not in the certificate chain for the OS, or the trusted certs cURL is using is outdated and doesn't have a certificate from the CA that signed your SVN SSL certificate.
You can either download the root certificate that signed your SSL cert and specify it like: curl --cacert /path/to/cert.pem. Otherwise, you'll need to determine how and where to install additional certificates to be trusted. This partly depends on whether or not cURL is using OpenSSL or NSS. This site has some guidance on how to do this for various operating systems.
Thanks for your response. I have changed the command to
curl -k http://server.com/svn/trunk/test.file -u username:password > test.file
and it worked.
Thanks,
Sri

Resources