Open Davincible opened 1 year ago
@Davincible what version of docker are you running in what OS? I too was seeing this message when trying to build a docker image for arm64
. And in my case it seems I was having problems due to the /home/ory
directory being owned by root:root after user creation in the Dockerfile, instead of being owned by the ory
user.
In my case this seemed to be because of strange behaviour from the docker.io
package on Ubuntu 22.04.3 LTS
where the adduser
command would create a properly owned directory, but this ownership would be lost in later RUN
commands.
I opened a ticket for this upstream: https://github.com/moby/moby/issues/46161
If you are in the same situation as me I would suggest trying to run an upstream version instead and see if the problem is still there.
On Manjaro, Docker 24.
Fixed by creating a manual dockerfile:
FROM node:18.12.1-alpine
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
ARG LINK=no
RUN adduser -S ory -D -u 10000 -s /bin/nologin
RUN chown -R 10000:65533 /home/ory
# COPY package.json .
# COPY package-lock.json .
RUN apk add git
RUN git clone https://github.com/ory/kratos-selfservice-ui-node /usr/src/app
RUN npm ci --fetch-timeout=600000
# COPY . /usr/src/app
RUN if [ "$LINK" == "true" ]; then (cd ./contrib/sdk/generated; rm -rf node_modules; npm ci; npm run build); \
cp -r ./contrib/sdk/generated/* node_modules/@ory/kratos-client/; \
fi
RUN npm run build
USER 10000
ENTRYPOINT ["/bin/sh", "-c"]
CMD ["npm run serve"]
EXPOSE 3000
Hmm I see... I am curious how the RUN chown -R 10000:65533 /home/ory
changes anything as if I use this diff:
-RUN adduser -S ory -D -u 10000 -s /bin/nologin
+RUN adduser -S ory -D -u 10000 -s /bin/nologin && ls -l /home && ls -la /home/ory
It shows the directory as properly owned and with nothing inside it:
#8 [ 4/10] RUN adduser -S ory -D -u 10000 -s /bin/nologin && ls -l /home && ls -la /home/ory
#8 0.271 total 8
#8 0.271 drwxr-sr-x 2 node node 4096 Dec 12 2022 node
#8 0.271 drwxr-sr-x 2 ory nogroup 4096 Aug 7 07:56 ory
#8 0.271 total 8
#8 0.271 drwxr-sr-x 2 ory nogroup 4096 Aug 7 07:56 .
#8 0.271 drwxr-xr-x 1 root root 4096 Aug 7 07:56 ..
#8 DONE 0.3s
After running a docker version that was able to persist such ownership things seemed to work with no changes (and it seems to be ubuntu-related: https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/2029564).
I guess it would be interesting to revert your changes to the default and inspect if the permissions are not correct after user creation as I guess this is what would make npm sad in the later steps.
Preflight checklist
Describe the bug
This happens for every clean build on latest
Reproducing the bug
Run container
Relevant log output
No response
Relevant configuration
No response
Version
latest
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
No response