krew: Unable to install plugins from private repo

I’ve setup a private git repository on github that houses a krew index. I have a plugin that I can install manually locally, pointed krew at the registry successfully. However, It cannot seem to download the tarball from the registry. It is mostly erroring on comparing the checksums, but the checksum it generates is different on every request, so I don’t think it is actually getting the tarball.

I0115 16:35:35.030871  220612 scanner.go:78] Reading plugin "razee" from /home/esatterwhite/.krew/index/logdna/plugins
I0115 16:35:35.031374  220612 util.go:56] parsed receipt for ctx: version=v0.9.1
I0115 16:35:35.035813  220612 util.go:56] parsed receipt for images: version=v0.3.2
I0115 16:35:35.036225  220612 util.go:56] parsed receipt for krew: version=v0.4.0
I0115 16:35:35.036459  220612 util.go:56] parsed receipt for ns: version=v0.9.1 
I0115 16:35:35.036775  220612 util.go:56] parsed receipt for oulogin: version=v0.0.3
I0115 16:35:35.037064  220612 util.go:56] parsed receipt for service-tree: version=v0.2.1
I0115 16:35:35.037388  220612 util.go:56] parsed receipt for status: version=v0.4.1
I0115 16:35:35.037667  220612 util.go:56] parsed receipt for tail: version=v0.15.0
I0115 16:35:35.037981  220612 util.go:56] parsed receipt for tree: version=v0.4.0
I0115 16:35:35.038411  220612 util.go:56] parsed receipt for view-utilization: version=v0.3.3
I0115 16:35:35.042009  220612 scanner.go:78] Reading plugin "razee" from /home/esatterwhite/.krew/index/logdna/plugins
I0115 16:35:35.042604  220612 install.go:148] Will install plugin: logdna/razee 
Installing plugin: razee                  
I0115 16:35:35.042624  220612 install.go:58] Looking for installed versions
I0115 16:35:35.042644  220612 platform.go:43] Matching platform for labels(arch=amd64,os=linux)
I0115 16:35:35.042667  220612 platform.go:51] Found matching platform with index (0)
I0115 16:35:35.042677  220612 install.go:77] Install plugin razee at version=v0.0.0
I0115 16:35:35.042683  220612 install.go:94] Creating download staging directory
I0115 16:35:35.042707  220612 install.go:99] Successfully created download staging directory "/tmp/krew-downloads497292283"
I0115 16:35:35.042724  220612 fetch.go:39] Fetching "https://github.com/answerbook/tooling-kubectl/releases/download/razee@0.0.0/razee-0.0.0.tgz"
I0115 16:35:35.301622  220612 downloader.go:42] Reading archive file into memory
I0115 16:35:35.403461  220612 downloader.go:47] Read 176808 bytes from archive into memory
I0115 16:35:35.403482  220612 verifier.go:51] Compare sha256 (5aad9180d4cac1acbe53fa1e609b141c521f70ac1b606f18254984a1a0cc59df) signed version
I0115 16:35:35.403510  220612 install.go:101] Deleting the download staging directory /tmp/krew-downloads497292283
W0115 16:35:35.403536  220612 install.go:164] failed to install plugin "razee": install failed: failed to unpack into staging dir: failed to unpack the plugin archive: checksum does not match, want: 5aad9180d4cac1acbe53fa1e609b141c521f70ac1b606f18254984a1a0cc59df, got 5f9d7bcff7b4ef23d3e25f947e1b81ef61eac343b8f8cb1ce
40b2230ab479bf0                                                   
F0115 16:35:35.403586  220612 root.go:77] checksum does not match, want: 5aad9180d4cac1acbe53fa1e609b141c521f70ac1b606f18254984a1a0cc59df, got 5f9d7bcff7b4ef23d3e25f947e1b81ef61eac343b8f8cb1ce40b2230ab479bf0
sigs.k8s.io/krew/internal/download.sha256Verifier.Verify               
        /home/runner/work/krew/krew/internal/download/verifier.go:55

and the next time

F0115 16:36:41.901396  221294 root.go:77] checksum does not match, want: 5aad9180d4cac1acbe53fa1e609b141c521f70ac1b606f18254984a1a0cc59df, got 5a7d6df2fe789c3d1e9287eacfaa52e87db70df38a034180cdc44986cf3d485b

Is this possible to do? Krew would have to make an authenticated request as far as I can tell.

About this issue

  • Original URL
  • State: open
  • Created 3 years ago
  • Reactions: 6
  • Comments: 30 (13 by maintainers)

Most upvoted comments

Yeah maybe we can consider supporting OCI layers in addition to https:// URLs and use the docker credentials detection logic docker already has. That would require us to do some work defining the format. I am doubting many other “private access” use cases actually will use a OCI Registry though.

+7
ahmetb on Apr 27, 2021

@millermatt: You can’t reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

+2
k8s-ci-robot on Aug 17, 2021

@ahmetb recalling our early conversations around use-cases and looking at the proposal in https://github.com/kubernetes-sigs/krew/pull/816 makes me think this would be an extensible way for users to explore and work within the constraints provided by their organizations. If anything this could inform additional more formal protocol support without changing the Plugin schema in the near term.

+1
shaunofneuron on Dec 1, 2022

Any movement on this? Has anyone started a PR yet?

no there isn’t a PR for this yet. @tomelliot16 what is your specific use case here? private github repos was a use case mentioned earlier in this thread and I’m guessing that would be a large portion of use cases. we need to figure out requirements and come up with a design for this feature before working on a PR

+1
chriskim06 on Sep 10, 2021
Read more comments on GitHub
← krew: Krew installation fails on Windows 10
kubebuilder: `create webhook`: return error when used with a core type →