Description
Environment:
- Jib version: 3.1.4
- Build tool: Maven 3.8.2
- OS: Linux
Description of the issue:
When building an OCI image with Jib and Podman, if the base image is stored in a registry that requires authentication, Jib looks up the docker authentication token and fails to connect, unless Docker itself is logged in, independently of Podman.
The documentation explains clearly how to specify another folder where to look up the authentication token, but Podman not only uses a different folder location but also uses a different filename: it write to ${XDG_RUNTIME_DIR}/containers/auth.json as opposed to ${HOME}/.docker/config.json , which as far as I could tell is not currently configurable in Jib.
Expected behavior:
When using Podman, it should be possible to let Jib use Podman's authentication token.
I suggest to extend Jib's behaviour s.t. we can either specify a specific file where to look up authentication tokens, or, given the growing popularity of Podman, let Jib also look for authentication token in ${XDG_RUNTIME_DIR}/containers/auth.json by default, which would let Podman work out of the box and make Jib less Docker-specific.
Steps to reproduce:
# this stores an authentication token in ${XDG_RUNTIME_DIR}/containers/auth.json
aws ecr get-login-password | podman login --username AWS --password-stdin <my-aws-account-id>.dkr.ecr.eu-west-1.amazonaws.com
# this expects the token to be found in ~/.docker/config.json and therefore fails to connect to ECR:
mvn jib:dockerBuild -Djib.dockerClient.executable=$(which podman)As a work-around, one can login with docker and use podman with Jib:
# this works, but makes Podman rely on Docker's token :(
aws ecr get-login-password | docker login --username AWS --password-stdin <my-aws-account-id>.dkr.ecr.eu-west-1.amazonaws.com
mvn jib:dockerBuild -Djib.dockerClient.executable=$(which podman)Another work-around is to let Podman write where into Docker's config:
# this works, but makes Podman write into Docker's config!
aws ecr get-login-password | podman login --username AWS --password-stdin <my-aws-account-id>.dkr.ecr.eu-west-1.amazonaws.com --authfile=${HOME}/.docker/config.json
mvn jib:dockerBuild -Djib.dockerClient.executable=$(which podman)Neither of those two workaround seem satisfactory to me since it makes two independent tools share one single location for storing security details and other configuration.
I'm happy to work on this if that's relevant.
Looking forward to your thoughts.
Activity
zhumin8 commentedon Dec 13, 2021
Thanks for bringing this up and doing the investigation!
Please feel free to contribute with a PR and we'll be happy to review.
emmileaf commentedon Aug 5, 2022
Closing as resolved by #3532.