Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need to do "pass init" repeatedly in order to make authorization work #217

Open
svdHero opened this issue Feb 9, 2022 · 2 comments
Open

Comments

@svdHero
Copy link

svdHero commented Feb 9, 2022

Hi there,

after having installed Docker Credential Helpers on my Ubuntu machine, I did the following steps

# Configure password manager:
sudo apt-get -y install pass
gpg --generate-key
pass init harbor-user

# Setup container registry login:
tee .docker/config.json > /dev/null <<EOT
{
  "credHelpers": {
    "harbor.mycompany.com": "pass"
  }
}
EOT

docker login --username=harbor-user harbor.mycompany.com

The login succeeded and I could download protected images from my local harbor-registry just fine.

However, every now and then when I do a

docker pull harbor.mycompany.com/project/foo

I get the error message

Error response from daemon: unauthorized: unauthorized to access repository: project/foo, action: pull: unauthorized to access repository: project/foo, action: pull

Same thing for a docker-compose up, where I would get a

Pulling foo (harbor.mycompany.com/project/foo:1.0.1.40141)...
Traceback (most recent call last):
  File "docker/credentials/store.py", line 80, in _execute
  File "subprocess.py", line 411, in check_output
  File "subprocess.py", line 512, in run
subprocess.CalledProcessError: Command '['docker-credential-pass', 'get']' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "docker/auth.py", line 264, in _resolve_authconfig_credstore
  File "docker/credentials/store.py", line 35, in get
  File "docker/credentials/store.py", line 93, in _execute
docker.credentials.errors.StoreError: Credentials store docker-credential-pass exited with "exit status 2: gpg: decryption failed: No secret key".

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "docker-compose", line 3, in <module>
  File "compose/cli/main.py", line 81, in main
  File "compose/cli/main.py", line 203, in perform_command
  File "compose/metrics/decorator.py", line 18, in wrapper
  File "compose/cli/main.py", line 1186, in up
  File "compose/cli/main.py", line 1182, in up
  File "compose/project.py", line 664, in up
  File "compose/service.py", line 358, in ensure_image_exists
  File "compose/service.py", line 1251, in pull
  File "compose/progress_stream.py", line 99, in get_digest_from_pull
  File "compose/service.py", line 1218, in _do_pull
  File "docker/api/image.py", line 411, in pull
  File "docker/auth.py", line 48, in get_config_header
  File "docker/auth.py", line 324, in resolve_authconfig
  File "docker/auth.py", line 235, in resolve_authconfig
  File "docker/auth.py", line 281, in _resolve_authconfig_credstore
docker.errors.DockerException: Credentials store error: StoreError('Credentials store docker-credential-pass exited with "exit status 2: gpg: decryption failed: No secret key".')
[64079] Failed to execute script docker-compose

The errors will NOT go away when I log in again. The only way to solve the problem is to do a

pass init harbor-user

again.

What's wrong here? I would be grateful for any advice.

My docker version: 20.10.12, build e91ed57
My docker compose version: 1.29.2, build 5becea4c
My docker credentials helpers version: v0.6.4
OS: Ubuntu Server 20.04 LTS

@romain-trotard
Copy link

romain-trotard commented Jul 25, 2022

Hello @svdHero
I encounter the same problem. Did you find any solution ?

Edit:
On my side, I have to do all the step again from gpg --generate-key (I tried with gpg2 but same problem each time)

@dmitrii-kalashnikov
Copy link

first, install the list of libs below:
wget libsecret gpg pass gpg-agent

 - wget https://github.com/docker/docker-credential-helpers/releases/download/v0.6.3/docker-credential-pass-v0.6.3- 
   amd64.tar.gz
- tar xvzf docker-credential-pass-v0.6.3-amd64.tar.gz
- chmod a+x docker-credential-pass
- mv docker-credential-pass /usr/local/bin/
- docker-credential-pass list
- mkdir ~/.docker
- |
  gpg2 --generate-key --batch <<eoGpgConf
   %echo Started!
   Key-Type: default
   Key-Length: default
   Subkey-Type: default
   Name-Real: Docker
   Name-Comment: Something funny
   Name-Email: [email protected]
   Expire-Date: 0
   Passphrase: Yousuperstrongpassword
   %commit
   %echo Done.
  eoGpgConf
- gpg2 -k [email protected]| sed -e '/^pub/{N;s/.*\(.\{40\}\)/\1/;p;s/^.\{40\}//;q};d' >> gpgpub.txt
- gpg2 --list-secret-keys
- GPGPUBKEY=$(cat gpgpub.txt)
- pass init $GPGPUBKEY
- touch ~/.docker/config.json
- |
  echo $'{\n"credsStore": "pass"\n}' >> ~/.docker/config.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants