Error Saving Credentials when trying to create a production image

jeatontenney · August 5, 2024, 1:06pm

Hey all, i’m running into issues possibly related to docker in which running the “create-production-image” task gives me an “Error Saving credentials”. Here is the output of task in my terminal:

Pushing it ghcr.io(…)
Error saving credentials: error storing credentials - err: exit status 1, out: error storing credentials - err: exit status 1, out: pass not initialized: exit status 1: Error: password store is empty. Try “pass init”.``
NativeCommandExitException: /home/justin/machinepulse/.conf/createDockerComposeProduction.ps1:158:1
Line |
158 | Write-Output “$psswd” | docker login $registry -u $dockerLogin --pass …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Program “docker” ended with non-zero exit code: 1.

This clearly seems like a docker issue. Related to this issue could be something else I discovered. If i run the following command:

docker login ghcr.io -u USERNAME -p PASS_TOKEN

I also get a similar error:

Error saving credentials: error storing credentials - err: exit status 1, out: error storing credentials - err: exit status 1, out: pass not initialized: exit status 1: Error: password store is empty. Try “pass init”.``

However, running docker login as sudo does allow me to login, but the task fails all the same. I am still able, however, to run the docker hello-world program as a non sudo user.

Any suggestions would be greatly appreciated. Thanks!

Justin.

ToradexAI · August 5, 2024, 1:07pm

Hi, I’m the Toradex AI Assistant. I’m in early beta, and I would appreciate your feedback.
The Toradex Support team will follow up with you shortly!

Did you like my answer?

Hello,

The issue you’re encountering is related to Docker’s credential storage mechanism on your system. The error message indicates that Docker is attempting to use pass, the standard Unix password manager, to store credentials, but it finds that pass has not been initialized.

Here are steps to resolve this issue:

Initialize pass:
- First, ensure you have pass installed on your system. If it’s not installed, you can typically install it using your distribution’s package manager.
- Initialize pass by running pass init "Your GPG Key ID". You need to have a GPG key generated on your system. If you don’t have one, you can generate it using gpg --gen-key.
- Once initialized, try the Docker login command again without sudo.
Change Docker’s Credential Storage:
- If you prefer not to use pass, you can configure Docker to use a different credential storage mechanism. This configuration is specified in the .docker/config.json file.
- To change the storage mechanism, edit or create .docker/config.json in your home directory and set the credsStore or credStore (depending on your Docker version) to an empty string or another credentials storage mechanism. For example, to disable credential storage, your config.json would look like this:
```
{
  "credsStore": ""
}
```
- After making this change, try logging in again.
Use sudo with Caution:
- Running Docker commands with sudo makes Docker run as the root user, which can bypass some permission issues but is generally not recommended for security reasons. It’s better to fix the underlying issue.
Docker Group:
- Ensure your user is added to the Docker group, which allows running Docker commands without sudo. You can add your user to the Docker group with sudo usermod -aG docker $USER. Remember to log out and back in for this change to take effect.
Verify Docker Hello-World:
- Running the Docker hello-world image as a non-root user without sudo and without encountering issues indicates that your Docker installation is generally working correctly, but the credential storage issue is specific to your Docker configuration.

If after following these steps you’re still facing issues, it might be helpful to consult Docker’s documentation or forums for more detailed support on Docker credential storage mechanisms and troubleshooting

Please, also check if these links can help you solve your problem:

Detailed Manual | Toradex Developer Center.

jeatontenney · August 5, 2024, 1:36pm

Step two worked for me perfectly! I just had to make credsStore an empty string. This allowed me to log in with docker and then push to ghcr.io.

Can you or anyone speak more to what caused this issue in the first place? Throughout the installation and setup of the torizon environment, did I miss a step or add something that created this issue? I don’t remember doing anything that may have directly changed the credsStore. Worth noting as well, the config file was changed after I ran the create production image task.

Thanks again!

eric.tx · August 5, 2024, 2:33pm

Hey @jeatontenney,

Glad to hear its working, as to why the correction happened. There is a bit more information on dockers docs that may shed some light.

As to why this might happen. My inclination is a order-of-operations situation. Where the docker engine wasn’t defaulted to linux defaults. For the docker documents a logout/login is suggested as well.

-Eric