Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker build triggers useless gpg passphrase dialog #250

Open
user706 opened this issue Nov 20, 2022 · 3 comments
Open

docker build triggers useless gpg passphrase dialog #250

user706 opened this issue Nov 20, 2022 · 3 comments

Comments

@user706
Copy link

user706 commented Nov 20, 2022
edited

I'm on linux (working with docker engine). I started fiddling with docker-credential-pass in order to be able to do this:

aws ecr-public get-login-password --region us-east-1 --profile myprofile \
         | docker login --username AWS --password-stdin public.ecr.aws/z7f783hdj

ok that's now working. but...

Problem

Now everytime I do

docker build --progress=plain `#--no-cache` -t=myimage -f Dockerfile_great .

I first get a useless gpg diaglog window asking for my passphrase:

Passphrase
Please enter the passphrase to unlock the OpenPGP secret key

I just hit Cancel and then (and only then) the actual build starts.

How do I get rid of this useless dialog. Why is it coming??

My details:

# cat ~/.docker/config.json       # shows
{
	"auths": {
		"public.ecr.aws": {}
	},
	"credsStore": "desktop",
	"credHelpers": {
		"public.ecr.aws/z7f783hdj": "pass"
	}
}

Thanks for tipps and suggestions.
@user706
Copy link
Author

user706 commented Nov 20, 2022

ok, to analyze the situation, I replaced both these tools...

  • /usr/bin/credential-helper-pass
  • /usr/bin/gpg
    ...with this script:
#!/usr/bin/env bash

echo "$@" | tee -a /home/hero/args.txt
cat -     | tee -a /home/hero/stdin.txt

and then ran docker build -t im_test .

The result is:

/usr/bin/credential-helper-pass gets called with:

  • args: list
  • stdin: unused

/usr/bin/gpggets called with:

  • args: -d --quiet --yes --compress-algo=none --no-encrypt-to /home/albert/.password-store/docker-credential-helpers/cHVblablabla=/AWS.gpg
  • stdin: (nothing)

And sure enough (once I put back the original tools) and run:

gpg -d --quiet --yes --compress-algo=none --no-encrypt-to /home/albert/.password-store/docker-credential-helpers/cHVblablabla=/AWS.gpg

I get the same dialog, asking for the passphrase.

Why is gpg with those arguments during docker build?
Thanks.

PS:
if I call pass I get

Password Store
└── docker-credential-helpers
    └── cHVblablabla=
        └── AWS

(Should the pass gpg key used for docker-credential-helpers... not have a passphrase????)

@user706
Copy link
Author

user706 commented Nov 20, 2022

Why is a normal docker build asking for my aws credential????

By the way:
I now did docker logout.

It shows:

Removing login credentials for https://index.docker.io/v1/
WARNING: could not erase credentials:
https://index.docker.io/v1/: error erasing credentials - err: exit status 1, out: `exit status 1: Error: docker-credential-helpers/aHR0cHM6blablablablablaIuaW8vdjEv is not in the password store.`

I think aHR0cHM6blablablablablaIuaW8vdjEv is referring to a gpg key-id in the password store.

Well I recently deleted ~/.password-store/ because I wanted to start afresh. Maybe that's what's causing the problem.

How can I go about fixing it?

@user706
Copy link
Author

user706 commented Nov 20, 2022

I've now done docker logout registry... and it returned

Removing login credentials for registry

and now (magically)

docker build works without calling the gpg dialog. Perfect.

But: What's going on exacly? (Any pointers to good documentation, to help me understand whats going on?)
Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@user706