skip registry access check

cmd/lifecycle/analyzer.go

@@ -10,10 +10,12 @@ import (
 	"github.com/google/go-containerregistry/pkg/authn"
 
 	"github.com/buildpacks/lifecycle"
+	"github.com/buildpacks/lifecycle/auth"
 	"github.com/buildpacks/lifecycle/buildpack"
 	"github.com/buildpacks/lifecycle/cmd"
 	"github.com/buildpacks/lifecycle/cmd/lifecycle/cli"
 	"github.com/buildpacks/lifecycle/platform"
+	"github.com/buildpacks/lifecycle/priv"
 )
 
 type analyzeCmd struct {
@@ -80,6 +82,23 @@ func (a *analyzeCmd) Args(nargs int, args []string) error {
 func (a *analyzeCmd) Privileges() error {
 	// Temporarily skip Privileges() call when used inside ACA builder
 	cmd.DefaultLogger.Debugf("Skipping Privileges() call inside analyzer.")
+	var err error
+	a.keychain, err = auth.DefaultKeychain(a.RegistryImages()...)
+	if err != nil {
+		return cmd.FailErr(err, "resolve keychain")
+	}
+	if a.UseDaemon {
+		a.docker, err = priv.DockerClient()
+		if err != nil {
+			return cmd.FailErr(err, "initialize docker client")
+		}
+	}
+	if err = priv.EnsureOwner(a.UID, a.GID, a.LayersDir, a.CacheDir, a.LaunchCacheDir); err != nil {
+		return cmd.FailErr(err, "chown volumes")
+	}
+	if err = priv.RunAs(a.UID, a.GID); err != nil {
+		return cmd.FailErr(err, fmt.Sprintf("exec as user %d:%d", a.UID, a.GID))
+	}
 	return nil
 }
 

cmd/lifecycle/main.go

@@ -5,7 +5,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/buildpacks/imgutil/remote"
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/pkg/errors"
 
@@ -121,46 +120,10 @@ func NewRegistryHandler(keychain authn.Keychain) *DefaultRegistryHandler {
 }
 
 func (rv *DefaultRegistryHandler) EnsureReadAccess(imageRefs ...string) error {
-	for _, imageRef := range imageRefs {
-		if err := verifyReadAccess(imageRef, rv.keychain); err != nil {
-			return err
-		}
-	}
 	return nil
 }
 
 func (rv *DefaultRegistryHandler) EnsureWriteAccess(imageRefs ...string) error {
-	for _, imageRef := range imageRefs {
-		if err := verifyReadWriteAccess(imageRef, rv.keychain); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func verifyReadAccess(imageRef string, keychain authn.Keychain) error {
-	if imageRef == "" {
-		return nil
-	}
-	img, _ := remote.NewImage(imageRef, keychain)
-	canRead, err := img.CheckReadAccess()
-	if !canRead {
-		cmd.DefaultLogger.Debugf("Error checking read access: %s", err)
-		return errors.Errorf("ensure registry read access to %s", imageRef)
-	}
-	return nil
-}
-
-func verifyReadWriteAccess(imageRef string, keychain authn.Keychain) error {
-	if imageRef == "" {
-		return nil
-	}
-	img, _ := remote.NewImage(imageRef, keychain)
-	canReadWrite, err := img.CheckReadWriteAccess()
-	if !canReadWrite {
-		cmd.DefaultLogger.Debugf("Error checking read/write access: %s", err)
-		return errors.Errorf("ensure registry read/write access to %s", imageRef)
-	}
 	return nil
 }