search

docker / docker-credential-helpers

Programs to keep Docker login credentials safe by storing in platform keystores
MIT License
1.06k stars 169 forks source link

linux/arm64 cannot be ran on amd64 or arm64 platforms #262

Closed woodcockjosh closed 1 year ago

woodcockjosh commented 1 year ago

linux amd64 image is compiled on arm architecture and does not work at all when doing docker login. 

Error saving credentials: error storing credentials - err: fork/exec /usr/local/bin/docker-credential-pass: exec format error, out: ``
crazy-max commented 1 year ago

linux amd64 image

I guess you mean the binary from GH release right?: https://github.com/docker/docker-credential-helpers/releases/download/v0.7.0/docker-credential-pass-v0.7.0.linux-amd64

If so it LGTM:

$ file docker-credential-pass-v0.7.0.linux-amd64 
docker-credential-pass-v0.7.0.linux-amd64: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=u6TbmCFE5xObxvri4zkh/JO5cjrev7EjAwYq3rOMx/SP9moLTg0y44ugD-0poF/lE6QHU_cqsXvJ7ewl_q0, stripped

You might have downloaded the wrong one.

woodcockjosh commented 1 year ago

Looks like it was an issue with my entrypoint. Thanks for the quick reply!

woodcockjosh commented 1 year ago

Sorry I am still getting this issue. I have tried on several different machines. It occurs when building linux/arm on amd64 multi-platform image. See example project here: https://gitlab.com/cryptexlabs/public/docker/docker-git. Unless anyone knows of an arm build I can use I would have to say this project doesn't support arm yet.

woodcockjosh commented 1 year ago

I have also tried to run arm build on arm64/v8 platform mac m1 and get the same issue

thaJeztah commented 1 year ago

It looks like your Dockerfile uses wget -o (lowercase) instead of wget -O (uppercase);

wget --help
BusyBox v1.35.0 (2022-11-19 10:13:10 UTC) multi-call binary.

Usage: wget [-cqS] [--spider] [-O FILE] [-o LOGFILE] [--header STR]
    [--post-data STR | --post-file FILE] [-Y on/off]
    [-P DIR] [-U AGENT] [-T SEC] URL...

Retrieve files via HTTP or FTP

    --spider    Only check URL existence: $? is 0 if exists
    --header STR    Add STR (of form 'header: value') to headers
    --post-data STR Send STR using POST method
    --post-file FILE    Send FILE using POST method
    -c      Continue retrieval of aborted transfer
    -q      Quiet
    -P DIR      Save to DIR (default .)
    -S          Show server response
    -T SEC      Network read timeout is SEC seconds
    -O FILE     Save to FILE ('-' for stdout)
    -o LOGFILE  Log messages to FILE
    -U STR      Use STR for User-Agent header
    -Y on/off   Use proxy

So the binary you stored is not the binary, but wget's logfile (note the size is 214 bytes, and the output after that shows the contents);

docker run --rm alpine sh -c 'wget "https://github.com/docker/docker-credential-helpers/releases/download/v0.7.0/docker-credential-pass-v0.7.0.linux-arm64" -o /docker-credential-pass && ls -laH /docker-credential-pass && cat /docker-credential-pass'

-rw-r--r--    1 root     root           214 Apr 17 17:06 /docker-credential-pass
Connecting to github.com (140.82.121.4:443)
Connecting to objects.githubusercontent.com (185.199.109.133:443)
saving to 'docker-credential-pass-v0.7.0.linux-arm64'
'docker-credential-pass-v0.7.0.linux-arm64' saved

You can probably also simplify your Dockerfile to uses BuildKit's pre-defined args for cross-platform builds; https://docs.docker.com/engine/reference/builder/#predefined-args

For example;

# docker/dockerfile:1

FROM docker:23
ARG CREDS_HELPER_VERSION=v0.7.0
ARG TARGETARCH
ADD --chmod=0755 https://github.com/docker/docker-credential-helpers/releases/download/${CREDS_HELPER_VERSION}/docker-credential-pass-${CREDS_HELPER_VERSION}.linux-${TARGETARCH} /usr/local/bin/docker-credential-pass
RUN /usr/local/bin/docker-credential-pass version

And building it for amd64 or arm64 (note that this is using QEMU binmft to build amd64 on arm64 hardware);

docker build -t foo --progress=plain --platform=linux/amd64 .
...
#6 [2/3] ADD --chmod=0755 https://github.com/docker/docker-credential-helpers/releases/download/v0.7.0/docker-credential-pass-v0.7.0.linux-amd64 /usr/local/bin/docker-credential-pass
#6 DONE 0.2s

#7 [3/3] RUN /usr/local/bin/docker-credential-pass version
#7 0.218 docker-credential-pass (github.com/docker/docker-credential-helpers) v0.7.0
#7 DONE 0.2s

docker build -t foo --progress=plain --platform=linux/arm64 .
...
#6 [2/3] ADD --chmod=0755 https://github.com/docker/docker-credential-helpers/releases/download/v0.7.0/docker-credential-pass-v0.7.0.linux-arm64 /usr/local/bin/docker-credential-pass
#6 DONE 0.1s

#7 [3/3] RUN /usr/local/bin/docker-credential-pass version
#7 0.149 docker-credential-pass (github.com/docker/docker-credential-helpers) v0.7.0
#7 DONE 0.2s
thaJeztah commented 1 year ago

closing this, per the above, but feel free to continue the conversation if you think there's something remaining