Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

buildx overwrites local docker config.json #1653

Open
steve-thousand opened this issue Mar 4, 2023 · 3 comments
Open

buildx overwrites local docker config.json #1653

steve-thousand opened this issue Mar 4, 2023 · 3 comments

Comments

@steve-thousand
Copy link

I am trying to use the buildx config and am pointing it to my local ~/.docker directory. I want it to use this location because that is where my config.json has credential information allowing me to push/pull against private registries. Unfortunately it looks like the code that makes use of the configured docker state directory tries to overwrite the config file with a temp file that it later deletes.

I am referring to this bit from the BuildXService. When I configure the plugin to use my local ~/.docker directory as the dockerStateDir my config.json is overwritten and I receive auth errors when I need to push/pull private registries

    private <C> void useBuilder(ProjectPaths projectPaths, ImageConfiguration imageConfig, String configuredRegistry, AuthConfig authConfig, C context, Builder<C> builder) throws MojoExecutionException {
        BuildDirs buildDirs = new BuildDirs(projectPaths, imageConfig.getName());

        Path configPath = getDockerStateDir(imageConfig.getBuildConfiguration(),  buildDirs);
        List<String> buildX = Arrays.asList("docker", "--config", configPath.toString(), "buildx");

        String builderName = createBuilder(configPath, buildX, imageConfig, buildDirs);
        Path configJson = configPath.resolve("config.json");
        try {
            createConfigJson(configJson, authConfig);
            builder.useBuilder(buildX, builderName, buildDirs, imageConfig,  configuredRegistry, context);
        } finally {
            removeConfigJson(configJson);
        }
    }

Output:

[INFO] DOCKER> ERROR: failed to solve: redacted.private.repo.com/redacted-image: pulling from host redacted.private.repo.com failed with status code [manifests redacted-image]: 401 Unauthorized
[ERROR] DOCKER> Error status (1) when building

I created a local branch with the following changes. Running the build and push steps with this code has no auth issues and no longer overwrites/deletes my config.json file

        //if we point to an existing, persistent config.json, then we should not create/delete one for this build step
        boolean createTempConfigJson = Files.notExists(configJson);
        try {
            if(createTempConfigJson) {
                createConfigJson(configJson, authConfig);
            }
            builder.useBuilder(buildX, builderName, buildDirs, imageConfig,  configuredRegistry, context);
        } finally {
            if(createTempConfigJson) {
                removeConfigJson(configJson);
            }
        }

I am testing with the latest 0.42.0 release, and my test branch that addressed the issue was branched off of commit c1f1080 (0.43-SNAPSHOT). And the following are my docker/buildx versions

~ docker version
Client:
 Version:           20.10.21-rd
 API version:       1.41
 Go version:        go1.18.7
 Git commit:        ac29474
 Built:             Tue Nov 22 22:21:43 2022
 OS/Arch:           darwin/arm64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.20
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.7
  Git commit:       03df974ae9e6c219862907efdd76ec2e77ec930b
  Built:            Wed Oct 19 02:58:31 2022
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          v1.6.8
  GitCommit:        9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
 runc:
  Version:          1.1.4
  GitCommit:        5fd4c4d144137e991c4acebb2146ab1483a97925
 docker-init:
  Version:          0.19.0
  GitCommit:
➜ ~ docker buildx version
github.com/docker/buildx v0.9.1 ed00243a0ce2a0aee75311b06e32d33b44729689

Aside from that, I also tried pushing my changes in a branch to open a PR but am unable to due to permissions. I wonder if maybe there is some instructional information I am missing in the CONTRIBUTING.MD that I should be following
@steve-thousand steve-thousand mentioned this issue Mar 5, 2023
Open
@chonton
Copy link
Contributor

chonton commented Mar 5, 2023

The purpose of the clean up is to remove any auth credentials that are in clear text. The auth credentials are extracted from one of the many credential locations supported by docker-maven-plugin (https://dmp.fabric8.io/#authentication) and written to the per-project config directory. Specifying ~/.docker for is probably not a good idea. Does buildx find your credentials if you do not provide a configDir?

@steve-thousand
Copy link
Author

steve-thousand commented Mar 31, 2023
edited
Loading

I was not aware of the DOCKER_CONFIG setting allowing us to specify the location of the config.json. This may actually be a good solution if it allows us to use a temporary .docker directory for buildx info but also specify a stateful config.json

@peschee
Copy link

peschee commented Oct 30, 2023

We're also running into this issue and it breaks other parts of the build since the buildx builder logic removes a perfectly valid (and workspace-based) docker config.json :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@peschee @chonton @steve-thousand