unix home directory - give precedence to $HOME

GoogleCloudPlatform / docker-credential-gcr

A Docker credential helper for GCR users

https://gcr.io

Apache License 2.0

292 stars 92 forks source link

unix home directory - give precedence to $HOME #85

Closed vrothberg closed 3 years ago

vrothberg commented 3 years ago

Give precedence to the $HOME environment variable of the password database. The credential helper may be running in a user namespace where the database is likely tricked into looking up a wrong user since the current UID is different.

Giving precedence to $HOME will fix an issue in Podman [1] where the credential helper is erroring out with EPERMs since it uses the root's home directory.

[1] https://lists.podman.io/archives/list/podman@lists.podman.io/thread/CZY7J34AZHXZOK34Y4JNNIOVR62N43XO/

Signed-off-by: Valentin Rothberg rothberg@redhat.com

vrothberg commented 3 years ago

@jonjohnsonjr, can you help me get eyes on this PR?

vrothberg commented 3 years ago

Updated.

fdcds commented 3 years ago

The original issue was about docker-credential-gcloud, not docker-credential-gcr. Will this fix somehow also appear there or is additional action needed?

jonjohnsonjr commented 3 years ago

The docker-credential-gcloud code is unfortunately not on GitHub. Looking through the code, it seems like we should be giving precedence to $HOME already, so I'm not sure what's going on there. Another option might be to set $DOCKER_CONFIG to the right directory?

arneyjfs commented 6 months ago

I am still facing this issue with podman and docker-credential-gcloud

Another option might be to set $DOCKER_CONFIG to the right directory?

@jonjohnsonjr This did not seem to fix it. Any other info I can provide to help?

versions:

$ gcloud --version
Google Cloud SDK 467.0.0
alpha 2024.02.29
beta 2024.02.29
bq 2.0.101
bundled-python3-unix 3.11.8
core 2024.02.29
gcloud-crc32c 1.0.0
gsutil 5.27
minikube 1.32.0
skaffold 2.9.0

$ podman --version
podman version 3.4.2

joedg1 commented 6 months ago

me too. i am facing same issue with podman and docker-credential-gcloud. Ubuntu 22.04.4 LTS.

$ podman login gcr.io
2024/03/31 05:11:39.413931 cmd_run.go:1046: WARNING: cannot create user data directory: cannot create snap home dir: mkdir /root/snap: permission denied
Sorry, home directories outside of /home needs configuration.
See https://forum.snapcraft.io/t/11209 for details.
Error: get credentials: 1 error occurred:
    * error getting credentials - err: exit status 1, out: ``

$ gcloud version
Google Cloud SDK 470.0.0
alpha 2024.03.22
beta 2024.03.22
bq 2.1.2
bundled-python3-unix 3.11.8
core 2024.03.22
gcloud-crc32c 1.0.0
gsutil 5.27
minikube 1.32.0
skaffold 2.9.0

$ podman --version
podman version 3.4.4

arneyjfs commented 5 months ago

@joedg1 I temporarily got around my problem by switching to docker-credential-gcr which could help you - however that project I believe is slated for deprecation soon (this month if I remember reading that somewhere?) and so ultimately I decided to move to a different architecture without podman.

I would think that with clearly more than just me struggling with this and this issue being merged and this thread dead, it is probably acceptable to open a new issue. If you do I'd be super grateful if you could link to it here as I'd still be keen to know if it's ever going to be feasible to switch back