Hi,
> I'm on Ubuntu, and I've recently encountered an issue when trying to use rootless podman with the docker-credential-gcloud helper installed via snap.
> This works fine when using the official google-cloud-sdk apt packages, and it used to work with snap packages until last October.
Do you recall if it broke with an update to Podman?
I forgot to mention that this also happens with buildah, but I guess they share the same code for pulling and pushing?
Well, yikes, my shell history shows that this first happened in July, but I decided to just do my builds somewhere else and deal with it later. "Later" didn't
come until November, when I next tried to push something, and ended up uninstalling the gcloud snap.
So this was when I first encountered it, according to my history:
(I do still have those trace files, but I'm not sure if they would have anything private in them, so I won't post them here)
The last update before that was on 2020-06-24, buildah from 1.14.9~1 to 1.15.0~1 and podman from 1.9.3~1 to 2.0.0~1.
Unfortunately, my shell history doesn't go back before June, but there couple of images which would've only be pushed by me in the registry, which are dated 2020-05-20.
At that point, apt history shows buildah 1.14.9~1, so 1.15.0 does seem the likely suspect.
> So it looks like the credential helper is being executed as root now. I'm not sure in which component the problem lies, or where I should file an issue.
> Any pointers would be appreciated.
I suspect that's due to the user namespace rootless Podman runs in.
Is it possible that podman/buildah used to call the credhelper before setting up the user namespace?
Thanks
Ioan Rogers