Details
-
Bug
-
Resolution: Done
-
Undefined
-
None
-
4.14
-
No
-
False
-
Description
Description of problem:
When trying to run container unencapsulate in a private repo, I get unauthorized: access to the requested resource is not authorized
[root@sno ~]# oci_url=quay.io/whatever/ost:backup [root@sno ~]# ostree container unencapsulate --repo /ostree/repo ostree-unverified-registry:$oci_url error: Creating importer: Failed to invoke skopeo proxy method OpenImage: remote error: reading manifest backup in quay.io/whatever/ost: unauthorized: access to the requested resource is not authorized
When trying with podman, I have no problems pulling the image using /etc/ostree/auth.json:
[root@sno ~]# podman pull --authfile /etc/ostree/auth.json $oci_url Trying to pull quay.io/whatever/ost:backup... Getting image source signatures Copying blob 346d2d8b7e27 done Copying config 09a563fade done Writing manifest to image destination Storing signatures 09a563fade9b04e3ab59e1b8246daa9d55a7011357921c48d913e82c8082759e Check /etc/ostree/auth.json file permissions [root@sno ~]# ls -ld /etc/ostree/auth.json rw------. 1 root root 97 Aug 28 12:12 /etc/ostree/auth.json
Version-Release number of selected component (if applicable):
4.14.0-ec.4
How reproducible:
100%
Steps to Reproduce:
1. Push ostree OCI image to a private repo 2. Create an authentication file with the credentials for that repo 3.
Actual results:
[root@sno ~]# oci_url=quay.io/whatever/ost:backup [root@sno ~]# ostree container unencapsulate --repo /ostree/repo ostree-unverified-registry:$oci_url error: Creating importer: Failed to invoke skopeo proxy method OpenImage: remote error: reading manifest backup in quay.io/whatever/ost: unauthorized: access to the requested resource is not authorized
Expected results:
expected the operation to succeed
Additional info:
See the issue in upstream ostree
https://github.com/ostreedev/ostree/issues/3015
A fix was already merged into ostree, we need this fix in the rhcos OCP will use in 4.14