Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packages Write permission only works when ALL other permissions are set to Write #19986

Closed
Fogapod opened this issue Jun 16, 2022 · 4 comments · Fixed by #20517
Closed

Packages Write permission only works when ALL other permissions are set to Write #19986

Fogapod opened this issue Jun 16, 2022 · 4 comments · Fixed by #20517
Labels
type/bug

Comments

@Fogapod
Copy link
Contributor

Fogapod commented Jun 16, 2022
edited
Loading

Description

I have CI account I added to my organization that is used for pushing containers. I created a separate team for it named CI. Account isn't in any other team. Team permissions:
image

I want this group to only have write access to packages and maybe releases but if i uncheck ANY permission to Read and save, pushing image stops working:

$ podman login git.my.domain
# ...
$ podman push git.my.domain/org/repo:latest
Getting image source signatures
Copying blob da62b97c2205 skipped: already exists  
Copying blob caa0fe6c85de skipped: already exists  
Copying blob 5a2d1674fe82 skipped: already exists  
Copying blob 2a34cef01f5f skipped: already exists  
Copying blob 5b8b24c2f164 skipped: already exists  
Copying blob fce7eced52b0 skipped: already exists  
Copying blob 81267142ac55 skipped: already exists  
Copying blob 95b66a4f2600 skipped: already exists  
Copying blob 637044167be1 skipped: already exists  
Copying config aedda0f877 done  
Writing manifest to image destination
Error: writing manifest: uploading manifest latest to git.my.domain/org/repo: unauthorized: authentication required

When I change all permissions to Write, push works again.

I tried pushing container as admin and linking it to repository but it didn't change anything.

Looks like try.gitea.io doesn't allow creating organizations so i can't test it there.

Gitea Version

1.17.0+dev-719-gf0ce5470e

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Locally compiled binary

Database

PostgreSQL
@Fogapod Fogapod changed the title Container registry write permissions seem broken Container registry write permission seem broken (only works when ALL other permissions set to Write as well) Jun 16, 2022
@dbotwinick
Copy link

+1
Note I encountered the same behavior for maven package registry on v1.17.0-rc1.

@lunny
Copy link
Member

lunny commented Jun 21, 2022

Write means Read and Write.

@Fogapod Fogapod changed the title Container registry write permission seem broken (only works when ALL other permissions set to Write as well) Packages Write permission only works when ALL other permissions are set to Write Jun 21, 2022
@Fogapod
Copy link
Contributor Author

Fogapod commented Jun 22, 2022

Write means Read and Write.

I think you misunderstood the issue. In order to be able to push image to registry I had to set Wiki and Issues and Code and everything else to Write, not just Packages

@lunny
Copy link
Member

lunny commented Jun 22, 2022

Write means Read and Write.

I think you misunderstood the issue. In order to be able to push image to registry I had to set Wiki and Issues and Code and everything else to Write, not just Packages

Got it.

@Fogapod Fogapod mentioned this issue Jul 6, 2022
Closed
@algernon algernon mentioned this issue Jul 19, 2022
Closed
@KN4CK3R KN4CK3R mentioned this issue Jul 28, 2022
Merged
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix package permission checks for organizations KN4CK3R/gitea
3 participants
@lunny @dbotwinick @Fogapod