Windows: Pulling images without full names in Powershell causes "short-name resolution enforced but cannot prompt without a TTY"

[duoduobingbing]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind feature

Description

Running podman on Windows, running e.g. podman pull eclipse-temurin:17 in PowerShell causes Error: short-name resolution enforced but cannot prompt without a TTY.

I know that this can be worked around by either prepending docker.io/ to the requested image name or by setting short-name-mode="permissive", however it would be nice to get the repo select dialogue in Powershell as well, because the first workaround cannot be performed because I am in a setting where I am not the owner of a greater amount of Dockerfiles that would need changing in order to prepend the prefix.

Using winpty did not work: C:\Program` Files\Git\usr\bin\winpty podman pull eclipse-temurin:17 still results in Error: short-name resolution enforced but cannot prompt without a TTY

Steps to reproduce the issue:

1. Install podman-*.exe

2. Run podman machine init & podman machine start

3. Run podman pull eclipse-temurin:17

Describe the results you expected: The repo select list should be displayed

Describe the results you received: Error: short-name resolution enforced but cannot prompt without a TTY is shown instead

Output of podman version:

Client:       Podman Engine
Version:      4.3.0
API Version:  4.3.0
Go Version:   go1.18.7
Git Commit:   ad42af94903ce4f3c3cd0693e4e17e4286bf094b
Built:        Wed Oct 19 19:53:21 2022
OS/Arch:      windows/amd64

Server:       Podman Engine
Version:      4.2.1
API Version:  4.2.1
Go Version:   go1.18.5
Built:        Wed Sep  7 21:58:19 2022
OS/Arch:      linux/amd64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional details/info
age for Windows had a similar problem with Powershell and solved it this way

[vrothberg]

Thanks for reaching out, @duoduobingbing!

The code in question is here: https://github.com/containers/image/blob/main/pkg/shortnames/shortnames.go#L355-L367

Pulling in our windows expert for advice. @n1hility WDYT?

[Luap99]

Isn't this the problem that windows and MacOS use the remote client and the remote client cannot prompt?

[vrothberg]

Isn't this the problem that windows and MacOS use the remote client and the remote client cannot prompt?

For some reason I thought, the prompting works for remote clients but you are right. We decided against attempting to do it because it would be massive change breaking backwards compat and very hard to keep stable since too many commands and code paths would need to prompt. Thanks for pointing that out, @Luap99.

podman machine init should configure only one unqualified-search registry though. @duoduobingbing can you share the output of podman info.

[duoduobingbing]

@duoduobingbing can you share the output of podman info.

Of course:

PS > podman info
host:
  arch: amd64
  buildahVersion: 1.27.0
  cgroupControllers:
  - cpuset
  - cpu
  - cpuacct
  - blkio
  - memory
  - devices
  - freezer
  - net_cls
  - perf_event
  - net_prio
  - hugetlb
  - pids
  - rdma
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.4-3.fc36.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.4, commit: '
  cpuUtilization:
    idlePercent: 97.94
    systemPercent: 1.48
    userPercent: 0.58
  cpus: 8
  distribution:
    distribution: fedora
    variant: container
    version: "36"
  eventLogger: journald
  hostname: device5081
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.10.102.1-microsoft-standard-WSL2
  linkmode: dynamic
  logDriver: journald
  memFree: 13107220480
  memTotal: 13353656320
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun-1.6-2.fc36.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.6
      commit: 18cf2efbb8feb2b2f20e316520e0fd0b6c41ef4d
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-0.2.beta.0.fc36.x86_64
    version: |-
      slirp4netns version 1.2.0-beta.0
      commit: 477db14a24ff1a3de3a705e51ca2c4c1fe3dda64
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.3
  swapFree: 4294967296
  swapTotal: 4294967296
  uptime: 0h 0m 7.00s
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 269490393088
  graphRootUsed: 1302990848
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 2
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.2.1
  Built: 1662580699
  BuiltTime: Wed Sep  7 21:58:19 2022
  GitCommit: ""
  GoVersion: go1.18.5
  Os: linux
  OsArch: linux/amd64
  Version: 4.2.1

We decided against attempting to do it because it would be massive change breaking backwards compat and very hard to keep stable since too many commands and code paths would need to prompt.

That's sad but understable. Nonetheless, it would have been very nice to have the select dialogue in Powershell as well.

[rhatdan]

The issue is the Windows image has 4 registries defined, where as podman machine on a MAC only lists docker.io. We need to change the image we use in WSL by default to not have multiple registries.

@n1hility WDYT?

[mheon]

We'd be seeing this everywhere if that was actually the case. I suspect Podman on WSL in general is fine, but we have an environment issue here that has cause the registries to not be modified on machine creation.

[vrothberg]

Let's have a look at the code. I recall doing enforcing docker.io via ignition. Did something change?

[Luap99]

Let's have a look at the code. I recall doing enforcing docker.io via ignition. Did something change?

WSL does not use ignition AFAIK, it uses completely different setup code compared tp the qemu backend.

[n1hility]

The issue is the Windows image has 4 registries defined, where as podman machine on a MAC only lists docker.io. We need to change the image we use in WSL by default to not have multiple registries.

@n1hility WDYT?

@rhatdan Yeah I agree. This should be changed to mirror. I'll send a PR today. @Luap99 is correct that WSL based provisioning takes a different path since its not CoreOS based (instead derived from base Fedora). In this case it's taking the package defaults.

[vrothberg]

Thanks folks. Here's the ignition code: https://github.com/containers/podman/blob/main/pkg/machine/ignition.go#L428-L446

It worries me that Windows and Mac differ for configuring the machines. Maybe we can find a way to consolidate parts of the setting up the machine.