### What needs to get done [`rockcraft.oci.Image` class](https://github.com/canonical/rockcraft/blob/d09ad13493b8dc0cbb95db7285ef4a6d8a166f67/rockcraft/oci.py#L54) needs extending to add configurable credentials during the `skopeo copy` of the base image from Amazon ECR. Will probably need adding the args as top-level `rockcraft` args themselves and transparently propagating the arguments down to the actual `skopeo copy` command using `--src-creds` as seen in [`man skopeo-copy`](https://manpages.ubuntu.com/manpages/mantic/man1/skopeo-copy.1.html). ### Why it needs to get done Although ECR is considerably more lenient than DockeHub in terms of data pull limits for unverified requests, it still has them, leading to errors like these: ```python3 024-07-29 11:06:56.991 Execute process: ['/snap/rockcraft/1783/bin/skopeo', '--insecure-policy', '--override-arch', 'amd64', 'copy', '--retry-times', '5', 'docker://public.ecr.aws/ubuntu/ubuntu:22.04', 'oci:/root/images/ubuntu:22.04'], kwargs={} 2024-07-29 11:10:30.466 Failed to copy image: Command '['/snap/rockcraft/1783/bin/skopeo', '--insecure-policy', '--override-arch', 'amd64', 'copy', '--retry-times', '5', 'docker://public.ecr.aws/ubuntu/ubuntu:22.04', 'oci:/root/images/ubuntu:22.04']' returned non-zero exit status 1. (time="2024-07-29T11:07:28Z" level=warning msg="Failed, retrying in 1s ... (1/5). Error: initializing source docker://public.ecr.aws/ubuntu/ubuntu:22.04: reading manifest 22.04 in public.ecr.aws/ubuntu/ubuntu: toomanyrequests: Data limit exceeded" ``` Depending on the project being rock'd, these limits can be quite the nuisance. The [`canonical/harbor-rocks` repo](https://github.com/canonical/harbor-rocks) for example defines rocks for 10 components x 3 versions x 2 architectures = 60 whole images, and it's virtually guaranteed that 2-3 of the build workflows will fail.