-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.3.1 Docker credentials not read from ~/.docker/config.json #2228
Comments
@JasonYangShadow please take a look at this |
@kshakir thanks so much for the detailed investigation and report. Yeah, this issue is recreated by upgrading the oras-go library in 1.3.x. I will take a look at this issue and will update here. |
@DrDaveD cc @ikaneshiro @cclerget
it looks like the |
The only idea I have is to try it with older versions to see if it used to work, and if so figure out when it changed. |
Version of Apptainer
Expected behavior
If one only has a
~/.docker/config.json
then the credentials should be read from this file path, as stated in the apptainer documentation.Actual behavior
Only the file
~/.apptainer/docker-config.json
is searched for credentials.Steps to reproduce this behavior
Remove your apptainer docker-config.json
# for example: rm ~/.apptainer/docker-config.json
Remove your docker configuration directory
# for example: rm ~/.docker/config.json
Login to DockerHub
$ apptainer registry login -u [elided] docker://docker.io Password / Token: INFO: Token stored in /[elided]/.apptainer/remote.yaml $
NOTE: As we'll see, the token is NOT stored in that file… but that message isn't really the issue.
Try to pull a private docker image (this works)
Move the file containing the token to
~/.docker/config.json
(Optional) Verify your username and password are stored within the
~/.docker/config.json
Try to pull the same private image, but using ~/.docker/config.json (should work but doesn't)
What OS/distro are you running
How did you install Apptainer
Was probably installed via RPM by our I/T department.
Other notes:
If this feels like a repeat, it is. This was filed as #1616 and then fixed in v1.2.3. I can only guess that PR #1866 recreated the issue.
For anyone else looking for a workaround, I recommend users on our cluster link the path apptainer is looking for credential info back to the place docker and others are looking for credential info:
I'm not sure of the full extent of the side effects of this symlink on
apptainer registry login
. But apptainer seems happy with the linking on our system, along with third-party tools likegcloud auth configure-docker
that only write to the file~/.docker/config.json
.Alternatively, it's possible that apptainer only wants to support the
~/.apptainer/docker-config.json
, in which case this is a documentation bug, as referred to in the "expected behavior" above.The text was updated successfully, but these errors were encountered: