Bootc with credential helper fails without /etc/ostree/auth.json #562
Labels
area/cli
Related to the client/CLI
area/config
Related to configuration
triaged
This looks like a valid issue
Comments
cgwalters
added
area/config
cgwalters
added a commit
to cgwalters/bootc
that referenced
this issue
May 23, 2024
In the [current architecture](https://github.com/ostreedev/ostree-rs-ext/) unfortunately it's going to be hard for us to fix this...it's explicitly by design today: https://github.com/ostreedev/ostree-rs-ext/blob/c0e8c8fe9c3344b9d349e2c9371e1335e1173bef/lib/src/container/mod.rs#L427 To handle the "credential helper only" case we'd need to enhance skopeo with something like `--no-root-homedir`. Closes: containers#562
|
In the current architecture unfortunately it's going to be hard for us to fix this...it's somewhat explicitly by design today: https://github.com/ostreedev/ostree-rs-ext/blob/c0e8c8fe9c3344b9d349e2c9371e1335e1173bef/lib/src/container/mod.rs#L427 |
|
PR in #563 for docs, sorry it's going to be hard for us to do better in a short term. |
|
Updating the docs is great, thanks! Just don't want others to get stuck on this for as long as I did 😆 Since the docs have been updated, it should be clearer to others how to resolve this issue. Edit: They will be updated once the PR is merged. Jumped the gun a little 😆 |
cgwalters
added a commit
to cgwalters/bootc
that referenced
this issue
May 23, 2024
In the [current architecture](https://github.com/ostreedev/ostree-rs-ext/) unfortunately it's going to be hard for us to fix this...it's explicitly by design today: https://github.com/ostreedev/ostree-rs-ext/blob/c0e8c8fe9c3344b9d349e2c9371e1335e1173bef/lib/src/container/mod.rs#L427 To handle the "credential helper only" case we'd need to enhance skopeo with something like `--no-root-homedir`. Closes: containers#562 Signed-off-by: Colin Walters <walters@verbum.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A bit of a strange one, and I'm not too sure where to file this.
I am trying to deploy a bootc image to AWS, with the image hosted in ECR. To pull from ECR, it's best to use the docker-credential-ecr-login helper. I don't know if any of this information about the credential helpers is actually relevant, but I do not currently have an environment to test without.
So I added the credential helper binary to my $PATH, along with the following
/etc/containers/registries.conf.d/001-ecr-login.confconfig:A bootc upgrade failed with "authentication required".
Now comes the weird part. If I create an empty
/etc/ostree/auth.jsonfile, an upgrade works...If this is a required file, I suggest a relevant error message be thrown when not present. Or specifying this somewhere in the docs would also be good.
Thank you
Rob
The text was updated successfully, but these errors were encountered: