Open artshade opened 1 month ago
Dear Developers,
Thank you for the awesome project!
For some reason, pass helper may result in error when trying to docker push:
pass
docker push
denied: requested access to the resource is denied
There is no other error message shown even if docker login returns "Login Successful" called just prior a pushing.
docker login
The issue is that the helper probably does not respect the non-zero exit code returned from pass, that is also shown in the strace:
strace
... epoll_ctl(4, EPOLL_CTL_DEL, 3, 0xc0000d5724) = 0 close(3) = 0 epoll_ctl(4, EPOLL_CTL_DEL, 9, 0xc0000d5724) = 0 close(9) = 0 epoll_ctl(4, EPOLL_CTL_DEL, 11, 0xc0000d5724) = 0 close(11) = 0 --- SIGURG {si_signo=SIGURG, si_code=SI_TKILL, si_pid=6150, si_uid=1000} --- rt_sigreturn({mask=[]}) = 0 waitid(P_PID, 6156, {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6156, si_uid=1000, si_status=0, si_utime=0, si_stime=0}, WEXITED|WNOWAIT, NULL) = 0 futex(0x5d73a0, FUTEX_WAKE_PRIVATE, 1) = 1 wait4(6156, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, {ru_utime={tv_sec=0, tv_usec=7522}, ru_stime={tv_sec=0, tv_usec=26082}, ...}) = 6156 sched_yield() = 0 futex(0x5d72b8, FUTEX_WAKE_PRIVATE, 1) = 0 epoll_pwait(4, [], 128, 0, NULL, 0) = 0 epoll_pwait(4, [{events=EPOLLOUT, data={u32=1010302978, u64=9167000871277953026}}], 128, -1, NULL, 0) = 1 epoll_pwait(4, [], 128, 0, NULL, 0) = 0 epoll_pwait(4, [{events=EPOLLOUT, data={u32=994050050, u64=9167000871261700098}}], 128, -1, NULL, 0) = 1 epoll_pwait(4, [], 128, 0, NULL, 0) = 0 epoll_pwait(4, [{events=EPOLLOUT, data={u32=1042808835, u64=9167000871310458883}}], 128, -1, NULL, 0) = 1 epoll_pwait(4, [], 128, 0, NULL, 0) = 0 epoll_pwait(4, [{events=EPOLLIN, data={u32=1026555906, u64=9167000871294205954}}], 128, -1, NULL, 0) = 1 futex(0x5d73a0, FUTEX_WAKE_PRIVATE, 1) = 1 read(10, "gpg: decryption failed: No secret key\n", 512) = 38 read(10, 0xc0001b4026, 986) = -1 EAGAIN (Resource temporarily unavailable) epoll_pwait(4, [], 128, 0, NULL, 0) = 0 epoll_pwait(4, [{events=EPOLLHUP, data={u32=1026555906, u64=9167000871294205954}}, {events=EPOLLHUP, data={u32=961544194, u64=9167000871229194242}}], 128, -1, NULL, 0) = 2 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6164, si_uid=1000, si_status=2, si_utime=0, si_stime=2} --- rt_sigreturn({mask=[]}) = 2 futex(0xc000080148, FUTEX_WAKE_PRIVATE, 1) = 1 read(8, "", 512) = 0 epoll_ctl(4, EPOLL_CTL_DEL, 8, 0xc0000345e4) = 0 close(8) = 0 futex(0xc00003e548, FUTEX_WAKE_PRIVATE, 1) = 0 write(1, "exit status 2: gpg: decryption failed: No secret key\n\n", 54) = 54 exit_group(1) = ? +++ exited with 1 +++
exit status 2: gpg: decryption failed: No secret key
So, in the case the password store is currently locked, Docker usage with such credentials is probably impossible.
A solution is to "cache" the GPG key via pass show with gpg-agent, for example, and call docker push immediately afterwards:
pass show
gpg-agent
Is that an intended behavior?
Best and kind regards ✨
Dear Developers,
Thank you for the awesome project!
Issue
For some reason,
passhelper may result in error when trying todocker push:There is no other error message shown even if
docker loginreturns "Login Successful" called just prior a pushing.The issue is that the helper probably does not respect the non-zero exit code returned from
pass, that is also shown in thestrace:So, in the case the password store is currently locked, Docker usage with such credentials is probably impossible.
Solution
A solution is to "cache" the GPG key via
pass showwithgpg-agent, for example, and calldocker pushimmediately afterwards:Question
Is that an intended behavior?
Best and kind regards ✨