docker-credential-helpers
docker-credential-helpers copied to clipboard
docker
docker build triggers useless gpg passphrase dialog
I'm on linux (working with docker engine). I started fiddling with docker-credential-pass in order to be able to do this:
aws ecr-public get-login-password --region us-east-1 --profile myprofile \
| docker login --username AWS --password-stdin public.ecr.aws/z7f783hdj
ok that's now working. but...
Problem
Now everytime I do
docker build --progress=plain `#--no-cache` -t=myimage -f Dockerfile_great .
I first get a useless gpg diaglog window asking for my passphrase:
Passphrase
Please enter the passphrase to unlock the OpenPGP secret key
I just hit Cancel and then (and only then) the actual build starts.
How do I get rid of this useless dialog. Why is it coming??
My details:
# cat ~/.docker/config.json # shows
{
"auths": {
"public.ecr.aws": {}
},
"credsStore": "desktop",
"credHelpers": {
"public.ecr.aws/z7f783hdj": "pass"
}
}
Thanks for tipps and suggestions.
ok, to analyze the situation, I replaced both these tools...
-
/usr/bin/credential-helper-pass -
/usr/bin/gpg...with this script:
#!/usr/bin/env bash
echo "$@" | tee -a /home/hero/args.txt
cat - | tee -a /home/hero/stdin.txt
and then ran docker build -t im_test .
The result is:
/usr/bin/credential-helper-pass gets called with:
- args:
list - stdin:
unused
/usr/bin/gpggets called with:
- args:
-d --quiet --yes --compress-algo=none --no-encrypt-to /home/albert/.password-store/docker-credential-helpers/cHVblablabla=/AWS.gpg - stdin: (nothing)
And sure enough (once I put back the original tools) and run:
gpg -d --quiet --yes --compress-algo=none --no-encrypt-to /home/albert/.password-store/docker-credential-helpers/cHVblablabla=/AWS.gpg
I get the same dialog, asking for the passphrase.
Why is gpg with those arguments during docker build?
Thanks.
PS:
if I call pass I get
Password Store
└── docker-credential-helpers
└── cHVblablabla=
└── AWS
(Should the pass gpg key used for docker-credential-helpers... not have a passphrase????)
Why is a normal docker build asking for my aws credential????
By the way:
I now did docker logout.
It shows:
Removing login credentials for https://index.docker.io/v1/
WARNING: could not erase credentials:
https://index.docker.io/v1/: error erasing credentials - err: exit status 1, out: `exit status 1: Error: docker-credential-helpers/aHR0cHM6blablablablablaIuaW8vdjEv is not in the password store.`
I think aHR0cHM6blablablablablaIuaW8vdjEv is referring to a gpg key-id in the password store.
Well I recently deleted ~/.password-store/ because I wanted to start afresh. Maybe that's what's causing the problem.
How can I go about fixing it?
I've now done docker logout registry... and it returned
Removing login credentials for registry
and now (magically)
docker build works without calling the gpg dialog. Perfect.
But: What's going on exacly? (Any pointers to good documentation, to help me understand whats going on?) Thank you.