crane: auth get doesn't work with default keychain on Mac M1 + Podman

[kostola]

Describe the bug

On a Mac M1 laptop with Podman (running through Podman Machine), crane auth get <registry> fails with credentials not found in native keychain even if podman itself is successfully logged into the same registry.

Credentials are correctly stored in $HOME/.config/containers/auth.json

To Reproduce

1. Login with podman to the target registry: podman login <registry>
2. Try to retrieve credentials for the same registry with crane: crane auth get <registry>

Expected behavior

Crane should return the expected output for crane auth get: a JSON containing the credentials, like:

{"Username":"kostola","Secret":"<redacted>"}

Additional context

• Output of crane version: 0.19.1
• Registry used: docker.io, ghcr.io, quay.io

[kostola]

Looking at the code, the default keychain looks for credential into (in order):

1. $HOME/.docker/config.json
2. $DOCKER_CONFIG/config.json
3. $REGISTRY_AUTH_FILE
4. $XDG_RUNTIME_DIR/containers/auth.json

1 and 2 are Docker related, 3 is intended as explicit override by the user and 4 doesn't work because XDG_RUNTIME_DIR is not set in macOS.

Podman login docs, however, state that:

--authfile=path
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json on Linux, and $HOME/.config/containers/auth.json on Windows/macOS.

It seems like option 4 should consider the host OS.

[nmcostello]

Omg, I just independently wrote the same fix 🤦

#2014

[kostola]

@jonjohnsonjr @imjasonh I am pinging you as top contributors. What do you think of this fix?

[github-actions]

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Keep fresh with the 'lifecycle/frozen' label.