Open davidje13 opened 4 years ago
Could be causing this error downstream.
The problem is not the exception handling in auth.py, but this test: https://github.com/docker/docker-py/blob/master/docker/credentials/errors.py#L15
The message it looks for is defined here: https://github.com/docker/docker-credential-helpers/blob/master/credentials/error.go#L6
For some reasons, docker-credential-desktop
seems to return No stored credential for https://index.docker.io/v1/
though.
(I now see that @davidje13 also reported this in https://github.com/shin-/dockerpy-creds/issues/13; @davidje13 that repository is inactive, since it was inclued in docker-py some time ago via a823acc2cae10c4635db2fb963cc37d8a23cc0c4)
Anyway, I guess the main question is why docker-credentials-desktop
does not return the expected error message. I'm wondering what program this actually is. I first assumed it would be one of the programs in https://github.com/docker/docker-credential-helpers (probably the macOS version), but that hasn't been changed in years. The only idea I have is that the hardcoded macOS error message:
https://github.com/docker/docker-credential-helpers/blob/master/osxkeychain/osxkeychain_darwin.go#L22
has changed in macOS. (It returns the message returned by macOS itself if it doesn't find this one.) I guess that now it returns No stored credential for https://index.docker.io/v1/
instead of The specified item could not be found in the keychain.
...
That leads to the C call to SecKeychainFindInternetPassword
that is made (https://developer.apple.com/documentation/security/1397763-seckeychainfindinternetpassword?language=objc). Instead of working with the error codes (https://developer.apple.com/documentation/security/1542001-security_framework_result_codes?language=objc), the code in https://github.com/docker/docker-credential-helpers/blob/master/osxkeychain/osxkeychain_darwin.c#L71 uses SecCopyErrorMessageString
(https://developer.apple.com/documentation/security/1394686-seccopyerrormessagestring?language=objc) to get a human-readable string. Which I guess changed over time.
So this should be a bug in https://github.com/docker/docker-credential-helpers, not in this repository.
Glad to see this issue is slowly-but-surely navigating the labyrinth of docker repositories!
Someone posted a workaround in docker/docker-credential-helpers#177, maybe that helps you.
Originally reported in https://github.com/docker/compose/issues/6939 but traced to code in this repository.
When using docker on a machine without logging in, running
docker-compose up
(with images which are not downloaded locally but are publicly available on dockerhub) will work on linux but fail on mac.Steps to reproduce the issue
Output of docker-compose version
Output of docker version
Output of docker-compose config
(nginx is used as an example here but any docker hub image will do)
docker-compose up
Stacktrace / full error message
It appears that an attempt has been made to handle this situation:
https://github.com/docker/docker-py/blob/a0b9c3d0b38abd4af1880ca3dde2845556dd2f70/docker/auth.py#L276
Note that the exception type thrown by
store.get
does not match the expected type, so the wrapping logic in lines 279–282 applies instead, resulting in the observeddocker.errors.DockerException: Credentials store error: StoreError('Credentials store docker-credential-desktop exited with "No stored credential for https://index.docker.io/v1/".',)
.