Minikube: Failed to cache ISO: open .netrc: permission denied

Created on 17 Oct 2019  路  20Comments  路  Source: kubernetes/minikube

I just freshly installed minikube to try it out in my Mac but have not managed to start 

stanleynguyen@macair:~ $ minikube version
minikube version: v1.4.0
commit: 7969c25a98a018b94ea87d949350f3271e9d64b6
stanleynguyen@macair:~ $ minikube start
馃槃  minikube v1.4.0 on Darwin 10.14.6
馃捒  Downloading VM boot image ...

馃挘  Failed to cache ISO: https://storage.googleapis.com/minikube/iso/minikube-v1.4.0.iso: invalid checksum: Error downloading checksum file: Error parsing netrc file at "/Users/stanleynguyen/.netrc": open /Users/stanleynguyen/.netrc: permission denied

馃樋  Sorry that minikube crashed. If this was unexpected, we would love to hear from you:
馃憠  https://github.com/kubernetes/minikube/issues/new/choose

It seems that because minikube is asking for access to my .netrc file but I don't think it's supposed to have access to such file with sensitive info like my passwords

I still tried running it in superuser mode anyway, and faced with another problem

stanleynguyen@macair:~ $ sudo minikube start
Password:
馃槃  minikube v1.4.0 on Darwin 10.14.6
馃洃  The "virtualbox" driver should not be used with root privileges.
馃挕  If you are running minikube within a VM, consider using --vm-driver=none:
馃摌    https://minikube.sigs.k8s.io/docs/reference/drivers/none/

Note: I have virtualbox installed in my local as VM environment (I also used this for Docker)

The operating system version: MacOS Mojave 10.14.6

arenetworking kinsupport lifecyclrotten prioritawaiting-more-evidence
Source
picture stanleynguyen

Most helpful comment

It seems like the network library minikube uses accesses .netrc, and raises an error if it cannot: https://github.com/hashicorp/go-getter/blob/master/netrc.go

As a workaround, you can manually download the ISO:

curl -L https://storage.googleapis.com/minikube/iso/minikube-v1.4.0.iso > ~/.minikube/cache/iso/minikube-v1.4.0.iso

Like most network commands, curl also references your .netrc, but it is nice enough to fail.

picture tstromberg on 18 Oct 2019
👍2

All 20 comments

It seems like the network library minikube uses accesses .netrc, and raises an error if it cannot: https://github.com/hashicorp/go-getter/blob/master/netrc.go

As a workaround, you can manually download the ISO:

curl -L https://storage.googleapis.com/minikube/iso/minikube-v1.4.0.iso > ~/.minikube/cache/iso/minikube-v1.4.0.iso

Like most network commands, curl also references your .netrc, but it is nice enough to fail.

tstromberg picture tstromberg on 18 Oct 2019
👍2

Thanks @tstromberg :smile: how do you think we should go about solving this? I will take this issue

stanleynguyen picture stanleynguyen on 18 Oct 2019

Why is it a bug that it reads user configuration from the home directory ? I don't see why it is.

afbjorklund picture afbjorklund on 19 Oct 2019

@afbjorklund Since the ISO is public, I don't think it's necessary to read .netrc 馃

stanleynguyen picture stanleynguyen on 19 Oct 2019

Oh, it's not _used_ at all (each entry has a machine token anyway). Just wondered why it was "bad" ?
It's a standard configuration file, so read-protecting it is a bit strange... Better to move/rename it, if so.

afbjorklund picture afbjorklund on 19 Oct 2019

My .netrc has always been read protected from the start though. I don't know what the convention out there is but it makes sense to me as this file contains some of my passwords to cloud services (heroku, etc.)

stanleynguyen picture stanleynguyen on 19 Oct 2019

Perhaps having another way to download the .iso when the first way of downloading it failed ?

nanikjava picture nanikjava on 28 Oct 2019

Yea I'm thinking of using https://github.com/cavaliercoder/grab as fallback

stanleynguyen picture stanleynguyen on 4 Nov 2019

I'd rather not import two different HTTP libraries.

I believe the workaround is to either rename your .netrc or use the following invocation to tell it to ignore your netrc file:

env NETRC=/nonexistent minikube start

I would also argue that storing plain-text passwords in a local file is bad news, and that .netrc is an outdated idea not suited for a world where private/public key cryptography is king. .netrc files served us well for the last 40 years, and will die a slow death, just like .rhosts did before it.

tstromberg picture tstromberg on 6 Nov 2019

If you would like to see this get fixed, please open an issue with upstream:

https://github.com/hashicorp/go-getter/issues/new

Once fixed there, we can upgrade which go-getter version we point to.

tstromberg picture tstromberg on 6 Nov 2019

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

fejta-bot picture fejta-bot on 4 Feb 2020

@stanleynguyen How did you resolve this issue? I am facing the issue with minikube 1.7.0.

naveeniitbhu picture naveeniitbhu on 13 Feb 2020

It seems like the network library minikube uses accesses .netrc, and raises an error if it cannot: https://github.com/hashicorp/go-getter/blob/master/netrc.go

As a workaround, you can manually download the ISO:

curl -L https://storage.googleapis.com/minikube/iso/minikube-v1.4.0.iso > ~/.minikube/cache/iso/minikube-v1.4.0.iso

Like most network commands, curl also references your .netrc, but it is nice enough to fail.

@naveeniitbhu u can follow the above comment to work around

stanleynguyen picture stanleynguyen on 13 Feb 2020

Did you open a bug report upstream yet ? Looks like a library issue...

afbjorklund picture afbjorklund on 13 Feb 2020
👍1

@afbjorklund yup. https://github.com/hashicorp/go-getter/issues/221 was opened for this

stanleynguyen picture stanleynguyen on 14 Feb 2020

I added an implementation (even wrote a test case).

Most likely it would be better to keep the secret file somewhere else and use $NETRC for accessing it, but then again we can just ignore the contents instead of throwing a "permission denied" error...

Upstream looks comatose, but maybe we can cherry-pick.

afbjorklund picture afbjorklund on 14 Feb 2020

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

fejta-bot picture fejta-bot on 15 Mar 2020

/close

stanleynguyen picture stanleynguyen on 16 Mar 2020

@stanleynguyen: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 16 Mar 2020

It seems like the network library minikube uses accesses .netrc, and raises an error if it cannot: https://github.com/hashicorp/go-getter/blob/master/netrc.go

As a workaround, you can manually download the ISO:

curl -L https://storage.googleapis.com/minikube/iso/minikube-v1.4.0.iso > ~/.minikube/cache/iso/minikube-v1.4.0.iso

Like most network commands, curl also references your .netrc, but it is nice enough to fail.

i did as u mantioned after downloading iso now i start minikube by command "minkube start" but it again stuck on downloading VM boot image.

irtaza909 picture irtaza909 on 20 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

wudongyin picture wudongyin  路  3Comments
mdkess picture mdkess  路  3Comments
djschny picture djschny  路  3Comments
javajon picture javajon  路  3Comments
kphatak picture kphatak  路  3Comments