From bee9963fa4f53eb016a9659a0a6f9203e9d92ae5 Mon Sep 17 00:00:00 2001
From: Nicholas Carlson <carlsonn@vmware.com>
Date: Wed, 22 Mar 2023 10:28:15 -0600
Subject: [PATCH] Write .docker config to tmp directory instead of root

---
 cmd/completion/main.go | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/cmd/completion/main.go b/cmd/completion/main.go
index 059394aa3..8c9557434 100644
--- a/cmd/completion/main.go
+++ b/cmd/completion/main.go
@@ -99,16 +99,6 @@ func main() {
 		}
 	}
 
-	homeDir, err := os.UserHomeDir()
-	if err != nil {
-		log.Fatal(errors.Wrapf(err, "error obtaining home directory"))
-	}
-
-	err = creds.Save(filepath.Join(homeDir, ".docker", "config.json"))
-	if err != nil {
-		log.Fatal(errors.Wrapf(err, "error writing docker creds"))
-	}
-
 	keychain := authn.NewMultiKeychain(k8sNodeKeychain, creds)
 
 	metadataRetriever := cnb.RemoteMetadataRetriever{
@@ -140,6 +130,21 @@ func main() {
 	}
 
 	if hasCosign() || notaryV1URL != "" {
+		tempDir, err := os.MkdirTemp("", "")
+		if err != nil {
+			log.Fatal(errors.Wrapf(err, "error creating temprary directory"))
+		}
+
+		err = creds.Save(filepath.Join(tempDir, ".docker", "config.json"))
+		if err != nil {
+			log.Fatal(errors.Wrapf(err, "error writing docker creds"))
+		}
+
+		err = os.Setenv("DOCKER_CONFIG", filepath.Join(tempDir, ".docker"))
+		if err != nil {
+			log.Fatal(errors.Wrapf(err, "error setting DOCKER_CONFIG env"))
+		}
+
 		if err := signImage(report, keychain); err != nil {
 			log.Fatal(err)
 		}