Bug 2183597

Summary: docker login compatibility issue
Product: Red Hat Enterprise Linux 9 Reporter: Tom Sweeney <tsweeney>
Component: podmanAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Alex Jia <ajia>
Severity: high Docs Contact:
Priority: unspecified    
Version: 9.3CC: ajia, atomic-bugs, bbaude, dwalsh, jligon, jnovy, lsm5, mboddu, mheon, pthomas, tsweeney, umohnani, ypu
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: podman-4.6.1-2.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2183596
: 2183602 (view as bug list) Environment:
Last Closed: 2023-11-07 08:33:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2183596    
Bug Blocks: 2183602    

Description Tom Sweeney 2023-03-31 18:09:45 UTC 
+++ This bug was initially created as a clone of Bug #2183596 +++

Description of problem:

There is a docker login registry compatiliby issue.  Please see: 
https://github.com/containers/podman/issues/17571 for details.

This is already fixed upstream, creating BZs to get it into RHEL 8.8/9.2 ZeroDay.

For RHEL 8.8 and 9.2, this Fix: https://github.com/containers/podman/pull/17581 needs to be backported into the Podman v4.4.1 release branch, and c/common needs to be bumped up to v0.51.2 within the same branch.
Comment 2 Tom Sweeney 2023-03-31 19:10:29 UTC 
Addressed with:  https://github.com/containers/podman/pull/17581

Assigning to @jnovy for any further BZ or packaging needs.
Comment 3 Alex Jia 2023-04-11 08:33:03 UTC 
This bug has been verified on podman-4.4.1-8.el9.

[test@kvm-01-guest11 ~]$ cat /etc/redhat-release 
Red Hat Enterprise Linux release 9.3 Beta (Plow)

[test@kvm-01-guest11 ~]$ rpm -q podman runc systemd kernel
podman-4.4.1-8.el9.x86_64
runc-1.1.5-2.el9.x86_64
systemd-252-13.el9_2.x86_64
kernel-5.14.0-295.el9.x86_64

[test@kvm-01-guest11 ~]$ id
uid=1000(test) gid=1000(test) groups=1000(test) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[test@kvm-01-guest11 ~]$ podman system service -t 0 &
[1] 84942

[test@kvm-01-guest11 ~]$ podman run --privileged -it --rm -v $XDG_RUNTIME_DIR/podman/podman.sock:/var/run/docker.sock docker sh
Resolved "docker" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/docker:latest...
Getting image source signatures
Copying blob 04921806bf90 done  
Copying blob f56be85fc22e done  
Copying blob 7ed9ddfd3b8f done  
Copying blob 788e1ab5616a done  
Copying blob 4e33d011f086 done  
Copying blob 383037bf46bc done  
Copying blob de21e211d8be done  
Copying blob d1a705462f92 done  
Copying blob 026562b829bc done  
Copying blob 97a6e8d4b278 done  
Copying blob f4bc4d1e2e3a done  
Copying blob 06512f64e545 done  
Copying blob 65fc0503abc0 done  
Copying blob 810d9c8fb6b2 done  
Copying config e072c2e5e5 done  
Writing manifest to image destination
Storing signatures
/ # docker images
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
docker       latest    e072c2e5e550   6 days ago   319MB
/ # docker login -u foo -p bar
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: login attempt to https://index.docker.io/v1/ failed with status: 401 Unauthorized

NOTE: I can login successfully w/ real username and password.
Comment 6 Alex Jia 2023-08-22 04:22:18 UTC 
This bug has been verified on podman-4.6.1-2.el9.

[test@kvm-02-guest03 ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux release 9.3 Beta (Plow)

[test@kvm-02-guest03 ~]$ rpm -q podman runc systemd kernel
podman-4.6.1-2.el9.x86_64
runc-1.1.9-1.el9.x86_64
systemd-252-17.el9.x86_64
kernel-5.14.0-356.el9.x86_64

[test@kvm-02-guest03 ~]$ id
uid=1000(test) gid=1000(test) groups=1000(test) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[test@kvm-02-guest03 ~]$ podman system service -t 0 &
[1] 87241
[test@kvm-02-guest03 ~]$ podman run --privileged -it --rm -v $XDG_RUNTIME_DIR/podman/podman.sock:/var/run/docker.sock docker sh
Resolved "docker" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/docker:latest...
Getting image source signatures
Copying blob 2e4943246593 done  
Copying blob 7264a8db6415 done  
Copying blob 95cddd6e4406 done  
Copying blob 4f4fb700ef54 done  
Copying blob 609329a09c8f done  
Copying blob 926b2fbdc5ad done  
Copying blob 8c9db0bb2866 done  
Copying blob 5a49a496a342 done  
Copying blob 4f3e1e90b486 done  
Copying blob 150f5b2039ca done  
Copying blob d24c11514afe done  
Copying blob 66b523b76aab done  
Copying blob 785edea07e4d done  
Copying blob e2260d69ffa1 done  
Copying config 1dab0c1da2 done  
Writing manifest to image destination
/ # docker images
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
docker       latest    1dab0c1da22a   4 weeks ago   336MB
/ # docker login -u foo -p bar
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: login attempt to https://index.docker.io/v1/ failed with status: 401 Unauthorized
Comment 8 errata-xmlrpc 2023-11-07 08:33:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: podman security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6474