Use c/storage/pkg/ioutils.AtomicWriteFiles to update auth.json

... so that users can't observe an intermediate empty, or partial, file. (Note that there is still no locking, so two simultaneous updates to auth.json might lose some updates.) Fixes at least the worst impact of containers#1365 . Signed-off-by: Miloslav Trmač <mitr@redhat.com>
mtrmac · Apr 4, 2022 · b12b8a2 · b12b8a2
1 parent dc7fe92
commit b12b8a2
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/pkg/docker/config/config.go b/pkg/docker/config/config.go
@@ -15,6 +15,7 @@ import (
 	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/storage/pkg/homedir"
+	"github.com/containers/storage/pkg/ioutils"
 	helperclient "github.com/docker/docker-credential-helpers/client"
 	"github.com/docker/docker-credential-helpers/credentials"
 	"github.com/hashicorp/go-multierror"
@@ -605,7 +606,7 @@ func modifyJSON(sys *types.SystemContext, editor func(auths *dockerConfigFile) (
 			return "", errors.Wrapf(err, "marshaling JSON %q", path)
 		}
 
-		if err = ioutil.WriteFile(path, newData, 0600); err != nil {
+		if err = ioutils.AtomicWriteFile(path, newData, 0600); err != nil {
 			return "", errors.Wrapf(err, "writing to file %q", path)
 		}
 	}