Rootless podman - subuid / subgid issue

pretalx / pretalx-docker

Docker setup for a complete pretalx installation. Community-sourced, not officially supported.

30 stars 39 forks source link

Rootless podman - subuid / subgid issue #59

Open kuhball opened 3 months ago

kuhball commented 3 months ago

I'm trying to get pretalx to run within rootless podman. Pulling the image from dockerhub the following issue occurs:

Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:3e45d37343fb3198922fe73f2463b28816b2bade1ae4707c3b2282944d7ceaa1": processing tar file(potentially insufficient UIDs or GIDs available in user namespace (requested 1618591017:1876110778 for /pretalx/src/pretalx/frontend/schedule-editor/node_modules/character-parser/.npmignore): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /pretalx/src/pretalx/frontend/schedule-editor/node_modules/character-parser/.npmignore: invalid argument): exit status 1

In rootless podman the user normally gets a start uid and a range - f.e. core:100000:1000000. Looking at the requested id's this seems unnecessarily high and far from each other. Is there a particular reason for this?

Workaround is to build the image locally within rootless podman.

rixx commented 3 months ago

Happy to merge PRs fixing the problem!

robe2 commented 3 months ago

I ran into the same issue too but I'm not using podman. The error I get is:

failed to register layer: failed to Lchown "/pretalx/src/pretalx/frontend/schedule-editor/node_modules/character-parser/.npmignore" for UID 1618591017, GID 1876110778 (try increasing the number of subordinate IDs in /etc/subuid and /etc/subgid): lchown /pretalx/src/pretalx/frontend/schedule-editor/node_modules/character-parser/.npmignore: invalid argument

In my case I am running docker under a Linux container (LXD) and I think it has similar subuid limitations as podman.

I don't think it's anything with the code, but something about how this is being built because I can use the scripts as is to build the docker image.

Push it to my org nexus docker registry and then pull it down from another machine fine and use docker-compose.yml as usual.

kuhball commented 3 months ago

After a bit of searching this seems to be a npm problem - https://github.com/npm/cli/issues/5889 . The used python:3.10-bookworm ships with npm version 9.2.0 which has been released before the issue has been closed.

Solution to this would probably be a newer version of npm, not totally sure what exact npm version fixes this.

rixx commented 3 months ago

pretalx only supports currently supported Nodejs versions, and 9.2.0 is way outdated at this point – the oldest still-maintained version is v18 at the moment.

kuhball commented 3 months ago

I was talking about the npm version, not nodejs. Current npm version is 10.5.1. The mentioned npm version is the one provided by the bookworm repositorys.

rixx commented 3 months ago

Ah, gotcha, sorry!