search

genuinetools / img

Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.
https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/
MIT License
3.88k stars 230 forks source link

nsenter: USER is unset: No error information #275

Closed Bean900 closed 4 years ago

Bean900 commented 4 years ago

Hey :)

i want to use img to create dockerimages in jenkins slave that runs as dockerimage in a Kubernetes cluster. I am currently experiencing the following error when using the jenkins user: nsenter: USER is unset: No error information

When I use the root user, I get this error as expected (is only for testing):

Building docker.io/library/test:latest
Setting up the rootfs... this may take a bit.
time="2020-01-07T10:29:08Z" level=warning msg="Process sandbox is not available, consider unmasking procfs: "

So my question is how to use the Jenkins user and get the same error as when I use the root user.

To test this case, I used the following Docker file:

FROM jenkins/slave:3.35-3-alpine
ARG user=jenkins
USER root
RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
RUN apk update
RUN apk add --no-cache img

USER ${user}
RUN img build -t test .
issue-label-bot[bot] commented 4 years ago

Issue Label Bot is not confident enough to auto-label this issue. See dashboard for more details.

AkihiroSuda commented 4 years ago

ENV USER needs to be set

Asgoret commented 4 years ago

@AkihiroSuda where did you set ENV USER? I tried it do in jenkins-slave docker but still get this error.

Bean900 commented 4 years ago

You have to write ENV USER jenkins Or in the example Dockerfile i wrote ENV USER ${user}

Asgoret commented 4 years ago

@Bean900 thanks) Gess to this early))) Come to set my dockerfile for jenkins slave))

This jenkins slave works in OKD 3.11

# The MIT License
#
#  Copyright (c) 2015-2017, CloudBees, Inc.
#
#  Permission is hereby granted, free of charge, to any person obtaining a copy
#  of this software and associated documentation files (the "Software"), to deal
#  in the Software without restriction, including without limitation the rights
#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
#  copies of the Software, and to permit persons to whom the Software is
#  furnished to do so, subject to the following conditions:
#
#  The above copyright notice and this permission notice shall be included in
#  all copies or substantial portions of the Software.
#
#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
#  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
#  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
#  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
#  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
#  THE SOFTWARE.

ARG version=3.40-1-alpine
FROM jenkins/slave:$version

ARG version
MAINTAINER Oleg Nenashev <o.v.nenashev@gmail.com>
LABEL Description="This is a base image, which allows connecting Jenkins agents via JNLP protocols" Vendor="Jenkins project" Version="$version"

ENV user=jenkins

USER root
COPY jenkins-agent /usr/local/bin/jenkins-agent
RUN chmod +x /usr/local/bin/jenkins-agent &&\
    ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave && \
    apk add --no-cache gcc make && \
    apk add img --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing && \
    ln -s /usr/bin/img /usr/bin/docker
USER ${user}

ENTRYPOINT ["jenkins-slave"]
Bean900 commented 4 years ago

U need to write user in uppercase letters like "USER" ;)

Asgoret commented 4 years ago

U need to write user in uppercase letters like "USER" ;)

Strange...it works...