Load $XDG_CONFIG_HOME/containers/auth.json

devurandom commented 4 years ago

/kind feature

Description

podman login currently ignores $XDG_CONFIG_HOME/containers/auth.json

Steps to reproduce the issue:

Place a valid auth file at $XDG_CONFIG_HOME/containers/auth.json
Run podman login
Observe how you're being asked for a password
Run podman login --authfile=$HOME/.config/containers/auth.json
Observe Authenticating with existing credentials...

Describe the results you received:

s.a.

Describe the results you expected:

podman login should try to load $XDG_CONFIG_HOME/containers/auth.json in addition to $XDG_RUNTIME_DIR/containers/auth.json. (Note that if $XDG_CONFIG_HOME is unset, it should fall back to $HOME/.config.)

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:      2.0.5
API Version:  1
Go Version:   go1.15
Built:        Mon Aug 31 20:50:43 2020
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.15.1
  cgroupVersion: v2
  conmon:
    package: Unknown
    path: /usr/libexec/podman/conmon
    version: 'conmon version 2.0.20, commit: 13244db638cf987c415298a3c23393ae5abeb885'
  cpus: 8
  distribution:
    distribution: gentoo
    version: unknown
  eventLogger: file
  hostname: ernie
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65535
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65535
  kernel: 5.8.3
  linkmode: dynamic
  memFree: 884527104
  memTotal: 14535000064
  ociRuntime:
    name: crun
    package: Unknown
    path: /usr/bin/crun
    version: |-
      crun version 0.14.1
      commit: 598ea5e192ca12d4f6378217d3ab1415efeddefa
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  rootless: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: Unknown
    version: |-
      slirp4netns version 1.1.4
      commit: b66ffa8e262507e37fca689822d23430f3357fe8
      libslirp: 4.3.1
      SLIRP_CONFIG_VERSION_MAX: 3
  swapFree: 0
  swapTotal: 0
  uptime: 36h 52m 39.37s (Approximately 1.50 days)
registries:
  search:
  - docker.io
  - quay.io
  - registry.fedoraproject.org
store:
  configFile: /home/dschridde/.config/containers/storage.conf
  containerStore:
    number: 21
    paused: 0
    running: 0
    stopped: 21
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: Unknown
      Version: |-
        fusermount3 version: 3.9.3
        fuse-overlayfs: version 1.1.0
        FUSE library version 3.9.3
        using FUSE kernel interface version 7.31
  graphRoot: /home/dschridde/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 56
  runRoot: /run/user/1000/containers
  volumePath: /home/dschridde/.local/share/containers/storage/volumes
version:
  APIVersion: 1
  Built: 1598899843
  BuiltTime: Mon Aug 31 20:50:43 2020
  GitCommit: ""
  GoVersion: go1.15
  OsArch: linux/amd64
  Version: 2.0.5

Package info (e.g. output of rpm -q podman or apt list podman):

Portage 3.0.5 (python 3.6.9-final-0, default/linux/amd64/17.1/desktop/plasma/systemd, gcc-10.2.0, glibc-2.32-r1, 5.8.3 x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-5.8.3-x86_64-AMD_Ryzen_5_2400G_with_Radeon_Vega_Graphics-with-gentoo-2.7
KiB Mem:    14194336 total,    653792 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Mon, 07 Sep 2020 11:15:01 +0000
Head commit of repository gentoo: c18e397d3dc36995c78ff81dd813877bd6dcf1ad
Head commit of repository flatpak-overlay: 26c396aef4d2f8908eea9b3ad2ccf7dc843a0887

Timestamp of repository haskell: Mon, 07 Sep 2020 04:35:30 +0000
Head commit of repository haskell: 06ebc8423c18f8cd90ad6c5e84e5ae78d4c8bc62

Head commit of repository local: f5e341d4f6c14425021f6f482ac2f9eb62795d5e

sh bash 5.0_p18
ld GNU gold (Gentoo 2.34 p6 2.34.0) 1.16
ccache version 3.7.11 [disabled]
app-shells/bash:          5.0_p18::gentoo
dev-java/java-config:     2.3.1::gentoo
dev-lang/perl:            5.30.3-r1::gentoo
dev-lang/python:          2.7.18-r1::gentoo, 3.6.12::gentoo, 3.7.9::gentoo, 3.8.5::gentoo, 3.9.0_rc1::gentoo
dev-util/ccache:          3.7.11::gentoo
dev-util/cmake:           3.18.2::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.7::gentoo
sys-apps/sandbox:         2.20::gentoo
sys-devel/autoconf:       2.13-r1::gentoo, 2.69-r5::gentoo
sys-devel/automake:       1.13.4-r2::gentoo, 1.16.2::gentoo
sys-devel/binutils:       2.34-r2::gentoo
sys-devel/gcc:            10.2.0-r1::gentoo
sys-devel/gcc-config:     2.3.2::gentoo
sys-devel/libtool:        2.4.6-r6::gentoo
sys-devel/make:           4.3::gentoo
sys-kernel/linux-headers: 5.8::gentoo (virtual/os-headers)
sys-libs/glibc:           2.32-r1::gentoo
Repositories:

gentoo
    location: /var/cache/portage/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.de.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-extra-opts: --new-compress
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-max-age: 24
    sync-rsync-verify-metamanifest: yes

flatpak-overlay
    location: /var/db/repos/flatpak-overlay
    sync-type: git
    sync-uri: https://github.com/fosero/flatpak-overlay.git
    masters: gentoo

haskell
    location: /var/db/repos/haskell
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/haskell.git
    masters: gentoo

crossdev
    location: /var/cache/portage/crossdev
    masters: gentoo
    priority: 100

local
    location: /var/cache/portage/local
    sync-type: git
    sync-uri: https://github.com/devurandom/gentoo-overlay.git
    masters: gentoo
    priority: 1000

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-pipe -O2 -march=znver1"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/grs/systems.conf /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.6/conf"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.4/ext-active/ /etc/php/cgi-php7.4/ext-active/ /etc/php/cli-php7.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-pipe -O2 -march=znver1"
DISTDIR="/var/cache/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildsyspkg cgroup compressdebug config-protect-if-modified distlocks ebuild-locks fakeroot fixlafiles ipc-sandbox merge-sync mount-sandbox multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ http://distfiles.gentoo.org"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"
MAKEOPTS="-j6 -l4"
PKGDIR="/var/cache/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="--new-compress"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/tmp"
USE="7z 7zip X a52 aac aacplus aacs acl acpi activities aio alsa amd64 appindicator appstream archive audit avahi ayatana bdplus berkdb blake2 blas bluetooth bluray bpf branding brotli bs2b btrfs bzip2 cairo caps cdda cddb cdio cdr celt chromaprint cjk clang cli clipboard color-management colord conntrack crypt cups d3d9 dav1d dbus declarative device-mapper dirac djvu dri drm dts dvb dvd dvdr ed25519 editorconfig egl elf emboss encode epub evdev exif faudio fax fbcon fdk ffmpeg fftw filecaps firefox firewalld fish-completion fits flac fontconfig fontforge fortran fribidi gamepad gbm gdal gdbm geoclue geolocation gif git gles2 gles3 gmp gnome-online-accounts gnupg google googledrive gpg gps graphicsmagick gstreamer gtk gtk3 gui gzip harfbuzz hdf5 heif http2 ibus iconv icu idn imlib inotify introspection ipv6 iwd jemalloc jpeg jpeg2k json kde kipi kms kwallet ladspa lapack latex lcms libatomic libglvnd libidn2 libinput libnotify libproxy libsecret libsoxr libtirpc libvirt lm-sensors lrz lv2 lvm lz4 lzma lzo mad man mariadb markdown mbim mercurial mjpeg mng mobi modemmanager modplug mp3 mp4 mpeg mplayer mpris mtp multilib mysql ncurses netlink networkmanager nftables nls nptl numa office ofono ofx ogg openal opencl opencv openexr opengl openh264 openmax openmp opus pam pango pcap pch pcre pcre2 pdf pgo phonon pixman pkcs11 pkcs7 plasma pm-utils png policykit postscript ppds prison pulseaudio pwquality python qml qrcode qt5 raw rdp readline redfish samba sasl scanner schroedinger screencast sctp sdl sdl2 seccomp semantic-desktop share smartcard snappy sparse speech speex spell spice ssl startup-notification steamruntime stemmer svg systemd systemtap tbb tcpd teamd telemetry telepathy tga theora threads thunderbolt tiff timezone tmux truetype tslib udev udisks uinput unicode unwind upnp upnp-av upower usb utempter v4l v4l2 vaapi vdpau vkd3d vorbis vpx vulkan wasm wavpack wayland webchannel webengine webp widgets wireguard wmf woff2 wps x264 x265 xattr xcb xinerama xkb xml xmp xrandr xscreensaver xv xvid xwayland xxhash xz yaml zeroconf zeromq zimg zlib zstd" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" ENLIGHTENMENT_MODULES="*" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="joystick libinput" KERNEL="linux" L10N="de de-DE en en-GB ar fa tr ja ko zh zh-CN zh-TW" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="nlpsolver scripting-javascript wiki-publisher" LIRC_DEVICES="devinput" LLVM_TARGETS="AMDGPU BPF RISCV WebAssembly" LUA_TARGET="lua5-2" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2 php7-3 php7-4" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_7" PYTHON_TARGETS="python2_7 python3_7 pypy pypy3" QEMU_SOFTMMU_TARGETS="riscv32 riscv64 x86_64" QEMU_USER_TARGETS="riscv32 riscv64" RUBY_TARGETS="ruby25" USERLAND="GNU" VIDEO_CARDS="amdgpu virgl" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS

=================================================================
                        Package Settings
=================================================================

app-emulation/libpod-2.0.5::gentoo was built with the following:
USE="btrfs fuse rootless -apparmor (-selinux)" ABI_X86="(64)"
LDFLAGS=""

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

No

Additional environment details (AWS, VirtualBox, physical, etc.):

rhatdan commented 4 years ago

XDG_RUNTIME_DIR to locate the auth file

rhatdan commented 4 years ago

... man podman login podman-login(1)() podman-login(1)()

NAME podman-login - Login to a container registry

SYNOPSIS podman login [options] [registry]

DESCRIPTION podman login logs into a specified registry server with the correct username and password. If the registry is not specified, the first reg‐ istry under [registries.search] from registries.conf will be used. pod‐ man login reads in the username and password from STDIN. The username and password can also be set using the username and password flags. The path of the authentication file can be specified by the user by setting the authfile flag. The default path used is ${XDG_RUN‐ TIME_DIR}/containers/auth.json.

devurandom commented 4 years ago

XDG_RUNTIME_DIR to locate the auth file

I know. I would like podman to load $XDG_CONFIG_HOME/containers/auth.json in addition to $XDG_RUNTIME_DIR/containers/auth.json.

rhatdan commented 4 years ago

So you want it to search through each one of these?

rhatdan commented 4 years ago

@QiWang19 PTAL

devurandom commented 4 years ago

So you want it to search through each one of these?

Yes, that would be very convenient, because then I could store authentication information permanently.

Also it would be nice if the way podman, buildah and skopea read config files could be unified, so when e.g. authenticated access to a registry works in one of them, it works in all of them. (I was surprised when I read the different manpages and found out they each have their own search path for the various "containers" config files.) But that is out of scope for this request.

rhatdan commented 4 years ago

They should all share the authorization file now. They share the same code for it. I am fine with adding XDG_CONFIG_HOME to the search if XDG_RUNTIME_DIR file does not exists. Similar to how we currently look for $HOME/.docker/config.json

containers / podman

Load $XDG_CONFIG_HOME/containers/auth.json #7563