search

ReproNim / neurodocker

Generate custom Docker and Singularity images, and minimize existing containers
https://www.repronim.org/neurodocker/
Apache License 2.0
326 stars 97 forks source link

Allow miniconda to run as non-root user #536

Open kimsin98 opened 1 year ago

kimsin98 commented 1 year ago

Currently, due to the apt/yum dependency check, --miniconda has to run as root. This can lead to some surprises and inconveniences like https://github.com/ReproNim/neurodocker/issues/506#issuecomment-1397386258 because conda init only runs as root.

If this limitation is not intended, a possible fix is temporarily switching to root for the dependency check.

kaczmarj commented 1 year ago

thanks @kimsin98 - this limitation is not intended. could you please give an example of a neurodocker command line where this fails?

kimsin98 commented 1 year ago

This would build fine.

docker run --rm repronim/neurodocker:0.7.0 generate docker \
    --base neurodebian:bullseye --pkg-manager apt \
    --user=neuro --workdir /home/neuro \
    --miniconda create_env=neuro activate=true \
                conda_install='jupyter nilearn' \
    > Dockerfile

But after 0.8.0

docker run --rm repronim/neurodocker:0.8.0 generate docker \
    -b neurodebian:bullseye -p apt \
    --user=neuro --workdir /home/neuro \
    --miniconda version=latest env_name=neuro env_exists=false \
                conda_install='jupyter nilearn' \
    > Dockerfile

docker build runs into a permission error because it is not running as root

Step 6/9 : RUN apt-get update -qq     && apt-get install -y -q --no-install-recommends            bzip2            ca-certificates            curl     && rm -rf /var/lib/apt/lists/*     && export PATH="/opt/miniconda-latest/bin:$PATH"     && echo "Downloading Miniconda installer ..."     && conda_installer="/tmp/miniconda.sh"     && curl -fsSL -o "$conda_installer" https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh     && bash "$conda_installer" -b -p /opt/miniconda-latest     && rm -f "$conda_installer"     && conda update -yq -nbase conda     && conda config --system --prepend channels conda-forge     && conda config --set channel_priority strict     && conda config --system --set auto_update_conda false     && conda config --system --set show_channel_urls true     && conda init bash     && conda create -y  --name neuro     && conda install -y  --name neuro            "jupyter"            "nilearn"     && sync && conda clean --all --yes && sync     && rm -rf ~/.cache/pip/*
 ---> Running in 2a0cd57132ca
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
The command '/bin/sh -c apt-get update -qq     && apt-get install -y -q --no-install-recommends            bzip2            ca-certificates            curl     && rm -rf /var/lib/apt/lists/*     && export PATH="/opt/miniconda-latest/bin:$PATH"     && echo "Downloading Miniconda installer ..."     && conda_installer="/tmp/miniconda.sh"     && curl -fsSL -o "$conda_installer" https://repo.continuum.io/miniconda/Miniconda3-latest-Linux-x86_64.sh     && bash "$conda_installer" -b -p /opt/miniconda-latest     && rm -f "$conda_installer"     && conda update -yq -nbase conda     && conda config --system --prepend channels conda-forge     && conda config --set channel_priority strict     && conda config --system --set auto_update_conda false     && conda config --system --set show_channel_urls true     && conda init bash     && conda create -y  --name neuro     && conda install -y  --name neuro            "jupyter"            "nilearn"     && sync && conda clean --all --yes && sync     && rm -rf ~/.cache/pip/*' returned a non-zero code: 100
github-actions[bot] commented 10 months ago

This issue is stale because it has been open for 30 days with no activity.