
Description
-
VSCode Version:
Version: 1.74.2
Commit: e8a3071ea4344d9d48ef8a4df2c097372b0c5161
Date: 2022-12-20T10:32:21.587Z
Electron: 19.1.8
Chromium: 102.0.5005.167
Node.js: 16.14.2
V8: 10.2.154.15-electron.0
OS: Darwin arm64 21.6.0
Sandboxed: No -
Local OS Version:
Mac OS X Version 12.6 -
Local chip architecture: <x86, arm64, Apple Silicon>
Apple M1 -
Reproduces in: <Codespaces | Remote - Containers | Both>
Remote Containers -
Name of Dev Container Definition with Issue:
old location:
https://github.com/microsoft/vscode-dev-containers/tree/main/containers/docker-from-docker
new location:
https://github.com/devcontainers/features/tree/main/src/docker-from-docker
The entry from our devcontainer.json:
"docker-from-docker": {
"version": "latest",
"moby": true
},
I also tried updating the above to the "new format":
"features": {
"ghcr.io/devcontainers/features/docker-from-docker:1": {}
}
to no effect.
I posted a question here:
devcontainers/community#20
to find out where this issue/bug should be created - but this seems like the best place for it.
Steps to Reproduce:
Hi there, we've been successfully using devcontainers (non root user spinning up docker containers) for over a year now.
A new version of docker was pushed out in late December - with a new version of credential helper and it appears to have broken our usage of visual studio code devcontainer's. Our usage of devcontainers is with a non root user using the "docker from docker" workflow.
This technique has been working for over a year now using the documentation here:
https://code.visualstudio.com/remote/advancedcontainers/add-nonroot-user
We added our non root user to the group docker.
When the issue first started happening we got the following error:
failed to solve with frontend dockerfile.v0: failed to create LLB definition: rpc error: code = Unknown desc = error getting credentials - err: exit status 255, out: `
So we blew away all data (containers, images + volumes) using the docker purge data.
Then when we re-ran docker-compose - we started getting python errors like this:
Pulling <docker image name> (<docker image name>:)...
Traceback (most recent call last):
File "/usr/local/pipx/venvs/docker-compose/lib/python3.9/site-packages/docker/credentials/store.py", line 76, in _execute
output = subprocess.check_output(
File "/usr/lib/python3.9/subprocess.py", line 424, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
File "/usr/lib/python3.9/subprocess.py", line 528, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['/usr/local/bin/docker-credential-dev-containers-f90694ffd4ef7d23592ec24c6172cf511d70ae8b', 'get']' returned non-zero exit status 255.
Along with a few other python errors - which appear to be similarly just trying to run some command line executables.
After a lot of reading online - it seems the issue is that the
/home/<non root user>/.docker/config.json
is getting populated with invalid credentials in the following format:
{
"credsStore": "dev-containers-<hash number>"
}
After removing this entry from the config.json - everything "just works" - the non root user is once again able to talk to the docker daemon, create images + subsequently containers.
I'm not sure if this issue needs to be "cross posted" to a docker issue repository since this may be in the realm of an integration issue.