rootless podman supports credHelper

[QiWang19]

c/image and podman already support "credHelpers", but only works for config in /run/user/0/auth.json and sudo podman login

with config in /run/user/1000/auth.json and podman login got error

{
        "credHelpers": {
                "docker.io": "secretservice"
        }
}

$ podman login docker.io
Error: error reading auth file: error getting credentials - err: exit status 1, out: `Exhausted all available authentication mechanisms (tried: EXTERNAL) (available: EXTERNAL)`

[sdouche]

Hi,
The lack of non-root use is the blocking point to switch to Podman from Docker on some use-cases. Highly interested in this feature.
Do you know a workaround to bypass this restriction?

[mtrmac]

I can’t see why this should not work in principle, c/image does nothing interesting about privileges/credentials.

That bug is almost certainly reported by the secretservice helper itself, and needs to be diagnosed within it. (As a wild guess, it needs some local secrets that are available to root but not UID=1000?)

[github-actions]

This issue had no activity for 30 days. In the absence of activity or the "do-not-close" label, the issue will be automatically closed within 7 days.

[TomSweeneyRedHat]

Going to keep this one alive.

[sdouche]

Hi:). Do you think this issue will be included in the short-term roadmap? To know if should switch back on Docker.

[vrothberg]

@QiWang19, do you have cycles to look into it?

[rhatdan]

@sdouche do you have a specific credhelper you are looking for?

[QiWang19]

@QiWang19, do you have cycles to look into it?

yes, I want to look into this

[sdouche]

@sdouche do you have a specific credhelper you are looking for?

Hi @rhatdan. For now, to retrieve containers from AWS ECR:

{
  "credHelpers": {
    "xxx.dkr.ecr.eu-west-1.amazonaws.com": "ecr-login"
  }
}

Does that answer your question?

[rhatdan]

Yes, that is exactly what I was looking for.

[sdouche]

I forgot, feel free to ping me for testing :). Thanks for your work.