containerd
nerdctl login fails when 2fa is enabled (registry.gitlab.com)
Description
When enabling 2fa in gitlab the login to the registry is not working.
Steps to reproduce the issue
- enable gitlab 2fa
- run "nerdctl login registry.gitlab.com -u user"
- input password
- Error:
ERRO[0012] failed to call tryLoginWithRegHost error="failed to call rh.Authorizer.Authorize: failed to fetch oauth token: unexpected status from GET request to https://gitlab.com/jwt/auth?offline_token=true&service=container_registry: 401 Unauthorized" i=0
FATA[0012] failed to call rh.Authorizer.Authorize: failed to fetch oauth token: unexpected status from GET request to https://gitlab.com/jwt/auth?offline_token=true&service=container_registry: 401 Unauthorized
Describe the results you received and expected
I expected the login to function normally even with 2fa
What version of nerdctl are you using?
0.23.0
Are you using a variant of nerdctl? (e.g., Rancher Desktop)
Rancher Desktop for Windows
Host information
Windows 10 (WinBuild.160101.0800)
Thanks @hrkrx I am not a gitlab user. Would you have a reproducer for this? (eg: a few lines to setup gitlab with 2fa locally)
Otherwise, I will look into gitlab of course - but might take some time.
Actually, since you enabled 2FA, you need to use a personal access token or a deploy token to login against your gitlab registry with a cli.
This is true for both docker and nerdctl.
Documentation here:
https://docs.gitlab.com/ee/user/packages/container_registry/troubleshoot_container_registry.html
@AkihiroSuda can we tag this as question and close it?