Closed namloc2001 closed 3 years ago
Thanks for reaching out and the thorough analysis!
The problem is that the image is built with REGISTRY_AUTH_FILE=/auth.json
in the environment and with /
only being writable by root, non-root users fail. I opened https://github.com/containers/skopeo/pull/1234 to change the path.
@vrothberg, is this issue a skopeo login
only, or are buildah login
and podman login
also affected?
@vrothberg, is this issue a
skopeo login
only, or arebuildah login
andpodman login
also affected?
In theory, if the buildah/podman images set the env variable in the same way, they'd be affected as well.
Podman and Buildah do not set that environment variable.
OK, good to know. Then we can tell folks to please try podman login
or buildah login
until this appears in a release.
How would that work in the skopeo
container image?
@TomSweeneyRedHat @vrothberg isn't the workaround, as per I stated above, using --authfile <path/to/file>
?
skopeo login -u iamapikey -p <redacted> uk.icr.io/<redacted> --authfile /home/skopeo/auth.json
@namloc2001, yes, that's a good workaround :+1:
Hi, I'm running
docker run -it --entrypoint=/bin/sh --user skopeo:skopeo quay.io/containers/skopeo:v1.2.0
and then I attempt toskopeo login
but I get an error;However, if I run as root, via:
docker run -it --entrypoint=/bin/sh quay.io/containers/skopeo:v1.2.0
(root is default as noUSER
is specified in the image), I am able to login:Notice how when I run as root user, the
/auth.json
file gets created and is only givenrw
permissions to root user.Is the expectation that I must include
--authfile
in theskopeo login
command, such as: