docker v18 & packages repositories & rocker's images

[foulong]

Hello,

I would like to understand the used OS and security with packages repositories. I'm going to explain me. My purpose is :

• use docker version 18 (production & test servers. I don't upgrade for the moment)
• use a image with Rbase >=4.1
• apt-get update & install ...
• install.packages from CRAN packages
• install.packages from local packages

I have a problem during the "apt-get update & install ...". Already invoked here :

• https://github.com/rocker-org/rocker/issues/167
• https://stackoverflow.com/questions/72624687/apt-get-update-fails-on-ubuntu-22-base-docker-image

Summarize (topic of Stack overflow) :

It's a docker problem. Ubuntu makes use of syscalls for better key security, which Docker didn't support yet. The solution is to update docker... or use nerdctl, runc or something similar.

Instead of apt getting the message that the syscalls aren't supported, it gets the message that permission is denied, which results in the confusing error messages.

I have the problem with :

• r-base:4.3.1
• rocker/r-base:4.3.1
• rocker/r-ver:4.3.1
• rstudio/plumber:v0.4.6
• rstudio/plumber:v1.2.0

I don't have the problem with :

• rocker/tidyverse (tests with 4.1)

It runs. In my container docker :

root@e216c6572050:/# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

I don't need to tidyverse (but i will use this image for my case for the moment). Why doesn't run it with "rocker/r-ver" for example ? Ideally, i would like to use just "rocker/r-ver" image and understand.

Thx in advance for your help.

[eitsupi]

Could you check the document? https://rocker-project.org/images/versioned/r-ver.html

[foulong]

Hi @eitsupi and thx.

I read this document. Understood : "rocker/r-ver image based on ubuntu with the most recent LTS available at the time when the corresponding R version was released" Understood : "rocker/tidyverse image based on rocker/r-ver with the most recent LTS available at the time when the corresponding R version was released" Understood : "r-ver image based on debian with the most recent LTS available at the time when the corresponding R version was released"

But why security key OS (debian/ubuntu) problematics with "rocker/r-ver" image and not "rocker/tidyverse" image for example ? I didn't find an explication in the documentation of rocker project. Could i have an explanation please ?

Thx in advance.

[eitsupi]

@foulong Aren't you comparing the two on the same R version?

You wrote that you tried rocker/r-ver:4.3.1 and rocker/tidyverse:4.1. How about to test rocker/r-ver:4.1 and rocker/tidyverse:4.3.1?

[foulong]

Good remark @eitsupi, thx ! It's true, i should have to test the same version number for each image type. "rocker/r-ver:4.1" runs ! Until 4.2.1 version.

Below, tests with different versions of "rocker/r-ver" image. I read image layers on hub.docker.com but i don't have information about base image (debian/ubuntu, yes which OS version ?). If u have this information, i'm interested, thx !

Build failed (based on "ubuntu 22.04 (Jammy)" image, according to logs during the apt-get update) :

• rocker/r-ver:4.3.1
• rocker/r-ver:4.2.3
• rocker/r-ver:4.2.2

Build success (based on "ubuntu 20.04 (Focal)" image, according to logs during the apt-get update) :

• rocker/r-ver:4.2.1
• rocker/r-ver:4.2.0
• rocker/r-ver:4.1

[eitsupi]

I read image layers on hub.docker.com but i don't have information about base image (debian/ubuntu, yes which OS version ?). If u have this information, i'm interested, thx !

Please read the documentation as it is written in the documentation. Or you should be able to check the source code. All information is public.

https://rocker-project.org/images/versioned/r-ver.html#quick-reference

1 Quick reference

• Source repository: rocker-org/rocker-versioned2
• Dockerfile
• tags
  • DockerHub
  • GitHub Container Registry
• Published image details: rocker-org/rocker-versioned2’s wiki
• Non-root default user: not exist