docker login returns "error getting credentials - err: exit status 1 ..."
BradleyA opened this issue ยท 52 comments
The docker login command is returning the following error for two users out of three users on the same physical host using docker-credential-secretservice Release v0.5.0. The user that can login to docker hub does not have any issue pushing or pulling. All users have the same docker environment variable settings, path, file permissions and content for $HOME/.docker/config.json, run the same shell /bin/bash, same .profile and .bashrc. All users were able to connect to Docker Hub before installing docker-credential-secretservice.
When I delete the $HOME/.docker/config.json file from a user that is receiving the error message, the user continues receiving the same error message when entering docker login until I removed /usr/local/bin/docker-credential-secretservice from the host. Then the user can login to docker hub without the use of docker-credential-secretservice without any incident. It is like docker is looking for docker-credential-secretservice in the PATH before it is checking $HOME/.docker/config.json to see if the user is going to use it. If this assumption is correct then there would be a line added to docker.log unless the error is coming from something docker is calling. Either way what is creating the error message, error getting credentials - err: . . .?
When I re-download and install docker-credential-secretservice onto the host in /usr/local/bin the user again receives the error message. If I remove /usr/local/bin/docker-credential-secretservice but leave $HOME/.docker/config.json as shown below I receive an error that I would expect; error getting credentials - err: exec: "docker-credential-secretservice": executable file not found in $PATH, out: ``
$ docker login
error getting credentials - err: exit status 1, out: Error spawning command line 'dbus-launch --autolaunch=d7159335070ef1c0854c75de55c8f588 --binary-syntax --close-stderr': Child process exited with code 1
Any help will be appreciated:
Expected all users on the same physical host to receive a login prompt from docker hub.
This incident is also effecting other accounts on other hosts (running Docker 17.04.0-ce, 17.05.0-ce-rc2, and 1.13.1) with similar but different error messages
$ docker login
error getting credentials - err: exit status 127, out: ``
$ cat $HOME/.docker/config.json
{
"auths": {},
"credsStore": "secretservice"
}
$ ls -l $HOME/.docker/config.json
-rw------- 1 uadmin uadmin 49 Apr 29 08:20 /home/uadmin/.docker/config.json
$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$ ls -l /usr/local/bin/docker-credential-secretservice
-rwxr-xr-x 1 root root 2382344 Mar 14 05:20 /usr/local/bin/docker-credential-secretservice
$ env | grep -i docker
DOCKER_HOST=tcp://three.cptx86.com:2376
DOCKER_TLS_VERIFY=1
PWD=/home/uadmin/.docker
DOCKER_CERT_PATH=/home/uadmin/.docker
DOCKER_CONTENT_TRUST=1
OS: Ubuntu 14.04.5 LTS
$ docker version
Client:
Version: 17.03.0-ce
API version: 1.26
Go version: go1.7.5
Git commit: 60ccb22
Built: Thu Feb 23 10:57:47 2017
OS/Arch: linux/amd64
Server:
Version: 17.03.0-ce
API version: 1.26 (minimum version 1.12)
Go version: go1.7.5
Git commit: 60ccb22
Built: Thu Feb 23 10:57:47 2017
OS/Arch: linux/amd64
Experimental: false
$ cat /etc/default/docker
DOCKER_OPTS="
--graph=/usr/local/docker
--dns 192.168.1.202
--dns 8.8.8.8
--dns 8.8.4.4
--host=hostname -f:2376
--label XHOST=hostname -f
--label XIPADDRESS=hostname -i
--label XOS=lsb_release -d | awk '{ print $2"-"$3"-"$4 }'
--label XRELEASE=docker version | grep -m 1 Version: | awk '{ print $2 }'
--label XSECURITY=namespace-control
--log-level warn
--log-driver=json-file
--log-opt max-size=5m
--log-opt max-file=7
--log-opt labels=host,ip,gateway,id
--tlsverify
--tlscacert=/etc/docker/certs.d/daemon/ca.pem
--tlscert=/etc/docker/certs.d/daemon/hostname -f-cert.pem
--tlskey=/etc/docker/certs.d/daemon/hostname -f-priv-key.pem
--userns-remap=default
"
$ docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 2
Server Version: 17.03.0-ce
Storage Driver: aufs
Root Dir: /usr/local/docker/362144.362144/aufs
Backing Filesystem: extfs
Dirs: 2
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: active
NodeID: 6hkwnobu6t374trqoaosx2wbg
Is Manager: true
ClusterID: fphwipe950p46noadhkzjci06
Managers: 1
Nodes: 1
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 3
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Node Address: 192.168.1.203
Manager Addresses:
192.168.1.203:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 977c511eda0925a723debdc94d09459af49d082a
runc version: a01dafd48bc1c7cc12bdb01206f9fea7dd6feb70
init version: 949e6fa
Security Options:
apparmor
userns
Kernel Version: 4.4.0-75-generic
Operating System: Ubuntu 14.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 11.72 GiB
Name: three
ID: KIKV:2ITY:O5GF:5JEA:O5F6:GKKS:DYGG:NUMO:UTYK:B6ZR:OKB7:BECJ
Docker Root Dir: /usr/local/docker/362144.362144
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Labels:
XHOST=three.cptx86.com
XIPADDRESS=192.168.1.203
XOS=Ubuntu-14.04.5-LTS
XRELEASE=17.03.0-ce
XSECURITY=namespace-control
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
$ tail /var/log/upstart/docker.log
No error found in /var/log/upstart/docker.log
Daemon debug mode: The daemon output with debug set is the same for all three users.
$ tail /var/log/upstart/docker.log
time="2017-04-29T11:30:51.531218145-05:00" level=debug msg="Calling GET /_ping"
time="2017-04-29T11:30:51.531554559-05:00" level=debug msg="Calling GET /v1.26/info"
any update?
@runcom ^^
The same situation before.
If you use iTerm 2 & macOS 10.13, please try command like 'sudo ls', it might be say "sudo: unknown uid 501: who are you", you can restart iTerm can resolve this problem.
This solved my problem @cuiweiqiang.
I had the same issue as mentioned above. Thanks a lot!
I had kind of similar issue, just remove
"credsStore": "secretservice" line from the docker config file, if you do not need it. Then the login should go smoothly. I found the answer here: #24
after I update to Mac OS 10.13.1 (17B48) this problem appears and It solved by removing "credsStore":
from
~/.docker/config.json
+1
After removing credsStore in the config.json I got still an error. By disabling the checkbox "securely save docker logins in macOS keychain" in the docker preferences I could finally access my registry.
mac OS 10.13.2
lunch keychaine access
right click login, lock then unlock
That's it!
just lock and unlock again the KeyChain Acess in Mac
@Dean-Christian-Armada solved
I'll submit a fix to get the command to prompt the keychain password in order to unlock it if needed before trying to access elements.
Thanks for submitting the issue and the solution.
For me I had to remove the package golang-docker-credential-helpers which somehow got installed on my headless Ubuntu 18.04 device. This package is installed with docker-compose.
@RyanRamchandar I tried removing the above package but docker-compose got removed too...
@extraymond Just tried it. Running apt-get remove golang-docker-credential-helpers also removes docker-compose for some reason. Hmm...
@RyanRamchandar it removes docker-compose as well which I cannot afford to lose on my headless Ubuntu 18.04. Any other ideas anyone?
So for now i switched my scripts to do what compose would have done for me, but like this there is no point to continue using aws ecr for me now since I won't be able to docker login on any host that has docker-compose installed, which in turn defeats the whole purpose..
I could of course just totally packer everything into AMIs and spool these up but cmon.. this annoys me seriously
@Megachill I'd like to preserve docker-compose too. Still investigating.
If you'd like to keep docker-compose on Ubuntu while removing the golang-docker-credential-helpers package, you can apt remove, and then just install the docker-compose binary manually: https://docs.docker.com/compose/install/#install-compose
The real problem is that golang-docker-credential-helpers should not be a requirement for the ubuntu/debian docker-compose package. Closing this bug does nothing to address that fundamental issue.
The correct workaround should be
- do not automatically install
golang-docker-credential-helperswhen installingdocker-compose - allow the user to
apt remove golang-docker-credential-helperswithout removingdocker-compose
This is actually a packaging issue. I will open the appropriate debian and ubuntu bugs time permitting.
Ubuntu 18.0.1 when installing docker-compose (apt install docker-compose) it comes with golang-docker-credential-helpers
quick solution is to apt remove golang-docker-credential-helpers => docker login => then apt install docker-compose back
@abdrmdn Tried that but didn't work. See #60 (comment)
You can do rm /usr/bin/docker-credential-secretservice after you installed docker-compose since removing golang-docker-credential-helpers will remove the entire docker-compose
@extraymond Just tried it. Running
apt-get remove golang-docker-credential-helpersalso removesdocker-composefor some reason. Hmm...
It worked Thanks
You can do
rm /usr/bin/docker-credential-secretserviceafter you installed docker-compose since removinggolang-docker-credential-helperswill remove the entire docker-compose
It only removes the old docker-compose. The by docker supported one remains.
You can also remove golang-docker-credentials-helpers using dpkg:
sudo dpkg --remove --force-depends golang-docker-credential-helpers
I had kind of similar issue, just remove
"credsStore": "secretservice" line from the docker config file, if you do not need it. Then the login should go smoothly. I found the answer here: #24
Be aware that if you do this your docker login password may be stored in the clear in your config.json file.
Ubuntu 18.0.1 when installing docker-compose (apt install docker-compose) it comes with
golang-docker-credential-helpers
quick solution is toapt remove golang-docker-credential-helpers=> docker login => thenapt install docker-composeback
thanks for your answer
You can remove the package and ignore the dependency. I did the following and it fixed the problem:
dpkg -r --ignore-depends=golang-docker-credential-helpers golang-docker-credential-helpers
(Reading database ... 92450 files and directories currently installed.)
Removing golang-docker-credential-helpers (0.5.0-2) ...
@nicholasbernstein if I do so I get
dockerpycreds.errors.InitializationError: docker-credential-secretservice not installed or not available in PATH
@nicholasbernstein if I do so I get
dockerpycreds.errors.InitializationError: docker-credential-secretservice not installed or not available in PATH
Also getting this.
Edit: Instead of removing golang-docker-credential-helpers I did rm /usr/bin/docker-credential-secretservice and then a docker login, this forces the auth to be stored in ~/.docker/config.json instead of the secretservice
rm /usr/bin/docker-credential-secretservice
This is not a great solution cause apt will think this package is still install and this could lead to strange errros.
Use this sudo dpkg --remove --force-depends golang-docker-credential-helpers
Why this is closed?
The error is not solved...
Not resolved! Come on !
just started getting this out of the blue in ubuntu 22.04
just started getting this out of the blue in ubuntu 22.04
Same with me on Ubuntu 22.04 LTS
The most voted answer in this Stackoverflow help me solve the issue
https://stackoverflow.com/questions/50151833/cannot-login-to-docker-account
For anyone using docker-desktop on ubuntu 20.04 and facing this issue.
- Make sure you have
passandgpginstalled. Then Follow this page: https://docs.docker.com/desktop/get-started/ to initializepass. - Install the docker credential helper.
sudo apt install golang-docker-credential-helpers - Initialize helper pass:
pass insert docker-credential-helpers/docker-pass-initialized-checkand set your password. - edit the ~/.docker/.config.json (create one if needed) and insert
{
"credsStore": "pass"
}docker logoutdocker login
it seems like when you pull image from public hub, it docker automatically make you need to login, just do as #60 (comment) in ~/.docker/config.json or C:\Users\<UserNameHere>\.docker\config.json. It's work for me tho. My case is win10 pro + wsl. Both run docker compose up fine after do as above
after I update to Mac OS 10.13.1 (17B48) this problem appears and It solved by removing "credsStore": from ~/.docker/config.json
This works for me.
I followed these steps:
- cd
~/.docker/ - run
sudo nano config.json - you will see an object like:
{ "credsStore" : desktop }just remove the content of the object and have an empty object{ } - type control + o to save what you have just edited in the
config.jsonfile. - press
control + xkey to exit from the terminal - go back to rerun your docker command and it should work
Only with run the first two points here, worked for me on Debian 11:
* Make sure you have `pass` and `gpg` installed. Then Follow this page: https://docs.docker.com/desktop/get-started/ to initialize `pass`. * Install the docker credential helper. `sudo apt install golang-docker-credential-helpers`
Still a bug
same question, fixed by:
open ~/.docker/config.json- remove
"credsStore": "desktop"
For those on MacOS, I've noticed that docker will add "credsStore": "desktop" back to the config whenever it starts up and will crash if you change the config permissions to read-only. I was able to fix this by updating ~/.docker/config.json to have "credsStore": "osxkeychain".
Now, whenever I restart docker I no longer need to edit the config file.
@MuktadirHassan funcionou pra mim , muito obrigado !! <3 ๐ง๐ท ๐ง๐ท ๐ง๐ท
For those on Archlinux, docker add "credsStore": "desktop" on ~/.docker/config.json file. Updating this to removing this key works for me.
I ran into this issue using Ubuntu WSL and Rancher Desktop. I had previously (a couple weeks ago) logged into my registry, but my solution was to simply log in again using:
docker login <your.registry.url>
In my case I use WSL2 Debian and I had this issue, and I solved it by using
rm ~/.docker/config.json
after I update to Mac OS 10.13.1 (17B48) this problem appears and It solved by removing "credsStore": from ~/.docker/config.json
this fixed it for me. Thanks!
I had kind of similar issue, just remove "credsStore": "secretservice" line from the docker config file, if you do not need it. Then the login should go smoothly. I found the answer here: #24
I can't believe this worked... literally been fighting this for 3 hours. You're a life saver!
I'm assuming this works because of the internal fallback logic of docker credentials helper? (e.g. looks for pass first, then secretservice, then...)
I was getting errors about how the context was canceled due to no gpg secret key. When I would do a docker logout I would get an error about how credentials couldn't be removed from storage because they couldn't be found. It wasn't until I removed this line from the configuration file, that I was able to logout with no errors, then login, and image pull was working again.
I had to update my GPG Key, and in the process, I think it was somehow persistent in the credentials cache as missing credentials, and only knew about it on logout. I had already updated the new GPG key everywhere else, but for some reason docker was holding on to the old reference.