consider a timeout when calling docker-credential-osxkeychain

[oliverlangan]

I had a (probably) very obscure issue, which took down my entire development environment and was difficult to track down. This is specific to macos and docker-credential-osxkeychain

Symptoms:

• I could not pull any docker containers
  • it would show 'Pulling ...' with a timer, but then just sit there
  • I waited more than 30 minutes to see if anything would eventually resolve itself
• my VS Code extensions could not make any network calls—resulting in a hang on load unless all were disabled

Factors:

• I had some keychains loaded connected to Keychain Access
  • I later learned these could be displayed with security list-keychains
• those keychains were on a "Box Drive" volume
• Box was somehow broken, but it was not obvious. the folders opened and displayed files
  • critically, the files could not be opened or synced from the cloud

I eventually realized that docker pull and other commands would reach out to docker-credential-osxkeychain and just hang. Looking at that process in Activity Monitor showed that it was trying to access one of the files on the Box drive. At that point, I realized that nothing could be loaded from the Box drive.

I worked around the issue by uninstalling Box completely, but I believe one could also use security list-keychains -s ... to rewrite the keychain search paths.

Ultimately, however, it seems as though docker-credential-osxkeychain should have some sort of timeout.