-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to login to docker registry using podman on macOS using certificate in keychain #11507
Comments
Just bringing some Docker Desktop knowledge about certs here: First, when starting the VM, Docker Desktop takes all installed certs (in the keychain for macOS) on the host and push them in the VM (/etc/ssl/...). Second, user can have custom certs installer in location like this:
Docker Desktop will also put these files in the right place in the VM. |
A friendly reminder that this issue had no activity for 30 days. |
A friendly reminder that this issue had no activity for 30 days. |
I am struggling with this issue as well. Although, it does work if you add However, since I have trusted the certs for my local registry, it would be nice if there were a way to inject them into the VM that |
I ran into this issue yesterday and haven't gotten much traction on a solution. There's a I found this link that suggests that certificates could be added to the CoreOS vm through an entry in the Would this work for passing in the CA cert, and is there any guidance for producing the kind of ignition file that podman machine needs? I took a stab at it, and it disabled creation of the SSH connection information. |
@mtrmac @vrothberg Is this a case were we need to include the Certs in the Payload, or do we require the certs to be on the server side? I guess if you copied the Certs into the VM this would work. Not sure what Docker is doing in this case. |
In Docker Desktop, the certs are copied from the host into the VM that the true Docker daemon runs in. For Podman on Mac, we'd want the same thing (contents of |
A friendly reminder that this issue had no activity for 30 days. |
@Conan-Kudo @rdean-csx Could one of you please try above PR on |
I agree this should be done at init or start. |
Hi, can anyone share documentation or validation steps on MacOS after this fix has been merged ? we are facing the same issue on MacOs and I tried to build 4.0.0-rc2 version , but I'm still running into the same issue where the certs are not copied inside the VM source code : https//github.com/containers/podman/archive/refs/tags/v4.0.0-rc2.tar.gz
MacOs Host dir :
VM certs dir
any suggestions ? am i missing something ? |
The fact that the server in the VM is still on v3.4.4 definitely seems like a potential cause |
yes, i was suspecting that . are there any docs on how to build the server from source ? the instructions here seem to only build the client |
We're talking about how to get a VM image out with Podman v4.0 pre-installed, so folks can test by just swapping in a custom image. Building the image is easy, we just need to figure out how to distribute it; @baude is looking into it. |
Is this a FEATURE REQUEST? (leave only one on its own line)
/kind feature
Unable to login to docker registry using podman on macOS using keychain. When I try it I get this after entering username/passowrd:
Note that this works perfectly with
docker
so not sure if its a feature podman supports or not or I am doing something wrong.I have created a stackoverflow for it too in case: https://stackoverflow.com/questions/69111227/unable-to-login-to-docker-registry-using-podman-on-macos-x509-certificate-sig
Additional information you deem important (e.g. issue happens only occasionally):
Output of
podman version
:Output of
podman info --debug
:Package info (e.g. output of
rpm -q podman
orapt list podman
):Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)
Yes
Additional environment details (AWS, VirtualBox, physical, etc.):
Used
podman machine init
and the default VM it usesThe text was updated successfully, but these errors were encountered: