2:52 p.m.
Hi,
> I'm on Ubuntu, and I've recently encountered an issue
when trying to use rootless podman with the docker-credential-gcloud helper installed via
snap.
> This works fine when using the official google-cloud-sdk apt packages, and it used
to work with snap packages until last October.
Do you recall if it broke with an update to Podman?
I forgot to mention that this also happens with buildah, but I guess they share the same
code for pulling and pushing?
Well, yikes, my shell history shows that this first happened in July, but I decided to
just do my builds somewhere else and deal with it later. "Later" didn't
come until November, when I next tried to push something, and ended up uninstalling the
gcloud snap.
So this was when I first encountered it, according to my history:
2020-07-07 strace -ff -o tr buildah push --authfile auth.json gcr.io/private/image:xxx
(I do still have those trace files, but I'm not sure if they would have anything
private in them, so I won't post them here)
The last update before that was on 2020-06-24, buildah from 1.14.9~1 to 1.15.0~1 and
podman from 1.9.3~1 to 2.0.0~1.
Unfortunately, my shell history doesn't go back before June, but there couple of
images which would've only be pushed by me in the registry, which are dated
2020-05-20.
At that point, apt history shows buildah 1.14.9~1, so 1.15.0 does seem the likely
suspect.
> So it looks like the credential helper is being executed as root
now. I'm not sure in which component the problem lies, or where I should file an
issue.
> Any pointers would be appreciated.
I suspect that's due to the user namespace rootless Podman runs
in.
Is it possible that podman/buildah used to call the credhelper before setting up the user
namespace?
Thanks
Ioan Rogers