search

sickcodes / Docker-OSX

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
https://hub.docker.com/r/sickcodes/docker-osx
GNU General Public License v3.0
48.51k stars 2.7k forks source link

Build VNC image failed EDIT: affecting all builds #144

Closed rluvaton closed 3 years ago

rluvaton commented 3 years ago

I can't build the VNC image for some reason 🤔

Output

I've cloned this repo to ~/Docker-OSX

root@laptop:~/Docker-OSX/vnc-version# docker build -t docker-osx-vnc --no-cache . 
Sending build context to Docker daemon  11.26kB
Step 1/18 : FROM sickcodes/docker-osx:latest
 ---> 5a2434b03272
Step 2/18 : MAINTAINER 'https://twitter.com/sickcodes' <https://sick.codes>
 ---> Running in 0c1a9d595a60
Removing intermediate container 0c1a9d595a60
 ---> 767f6c2d9ac8
Step 3/18 : USER root
 ---> Running in 6859003ee020
Removing intermediate container 6859003ee020
 ---> f54756524f28
Step 4/18 : ARG RANKMIRRORS
 ---> Running in de7978e905f6
Removing intermediate container de7978e905f6
 ---> c509d2c21dad
Step 5/18 : ARG MIRROR_COUNTRY=US
 ---> Running in 5a0dc7fa9f00
Removing intermediate container 5a0dc7fa9f00
 ---> 2cd075fddd76
Step 6/18 : ARG MIRROR_COUNT=10
 ---> Running in 09e28661feb1
Removing intermediate container 09e28661feb1
 ---> 837c2e94541f
Step 7/18 : RUN if [[ "${RANKMIRRORS}" ]]; then { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; }     ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors"     ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on"     | sed -e 's/^#Server/Server/' -e '/^#/d'     | head -n "$((${MIRROR_COUNT:-10}+1))"     | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist     && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch'     && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch'     && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch'     && cat /etc/pacman.d/mirrorlist ; fi
 ---> Running in 96115bf9e644
Removing intermediate container 96115bf9e644
 ---> 50030c26706d
Step 8/18 : USER arch
 ---> Running in 5be3f3213bd3
Removing intermediate container 5be3f3213bd3
 ---> 02cea8bb402d
Step 9/18 : RUN sudo pacman -Syyuu --noconfirm     && sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm     && mkdir -p ${HOME}/.vnc     && touch ~/.vnc/config     && tee -a ~/.vnc/config <<< 'geometry=1920x1080'     && tee -a ~/.vnc/config <<< 'localhost'     && tee -a ~/.vnc/config <<< 'alwaysshared'
 ---> Running in 1488ecc69020
:: Synchronizing package databases...
downloading core.db...
downloading extra.db...
downloading community.db...
downloading community-testing.db...
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (13) curl-7.75.0-1  findutils-4.8.0-1  gcc-libs-10.2.0-6  glib2-2.66.6-1  glibc-2.33-3  js78-78.7.1-1  libcups-1:2.3.3op2-1  libldap-2.4.57-1  linux-api-headers-5.10.13-1  pacman-mirrorlist-20210206-1  systemd-247.3-1  systemd-libs-247.3-1  systemd-sysvcompat-247.3-1

Total Download Size:    64.48 MiB
Total Installed Size:  310.01 MiB
Net Upgrade Size:       -0.16 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
downloading linux-api-headers-5.10.13-1-any.pkg.tar.zst...
downloading glibc-2.33-3-x86_64.pkg.tar.zst...
downloading gcc-libs-10.2.0-6-x86_64.pkg.tar.zst...
downloading findutils-4.8.0-1-x86_64.pkg.tar.zst...
downloading libldap-2.4.57-1-x86_64.pkg.tar.zst...
downloading systemd-libs-247.3-1-x86_64.pkg.tar.zst...
downloading curl-7.75.0-1-x86_64.pkg.tar.zst...
downloading glib2-2.66.6-1-x86_64.pkg.tar.zst...
downloading pacman-mirrorlist-20210206-1-any.pkg.tar.zst...
downloading systemd-247.3-1-x86_64.pkg.tar.zst...
downloading systemd-sysvcompat-247.3-1-x86_64.pkg.tar.zst...
downloading js78-78.7.1-1-x86_64.pkg.tar.zst...
downloading libcups-1:2.3.3op2-1-x86_64.pkg.tar.zst...
checking keyring...
checking package integrity...
loading package files...
checking for file conflicts...
:: Processing package changes...
upgrading linux-api-headers...
upgrading glibc...
Generating locales...
  en_US.UTF-8... done
Generation complete.
upgrading gcc-libs...
upgrading findutils...
upgrading libldap...
upgrading systemd-libs...
upgrading curl...
upgrading glib2...
upgrading js78...
upgrading libcups...
upgrading pacman-mirrorlist...
warning: /etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew
upgrading systemd...                                                                                                                                                 
upgrading systemd-sysvcompat...
:: Running post-transaction hooks...
(1/9) Creating system user accounts...
(2/9) Updating journal message catalog...
(3/9) Reloading system manager configuration...
  Skipped: Current root is not booted.
(4/9) Updating udev hardware database...
(5/9) Applying kernel sysctl settings...
  Skipped: Current root is not booted.
(6/9) Creating temporary files...
/usr/lib/tmpfiles.d/journal-nocow.conf:26: Failed to resolve specifier: uninitialized /etc detected, skipping
All rules containing unresolvable specifiers will be skipped.
(7/9) Reloading device manager configuration...
  Skipped: Device manager is not running.
(8/9) Arming ConditionNeedsUpdate...
(9/9) Reloading system bus configuration...
  Skipped: Current root is not booted.
error: failed to initialize alpm library
(could not find or read directory: /var/lib/pacman/)                                                                                                                 
The command '/bin/bash -c sudo pacman -Syyuu --noconfirm     && sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm     && mkdir -p ${HOME}/.vnc     && touch ~/.vnc/config     && tee -a ~/.vnc/config <<< 'geometry=1920x1080'     && tee -a ~/.vnc/config <<< 'localhost'     && tee -a ~/.vnc/config <<< 'alwaysshared'' returned a non-zero code: 255

My Laptop

root@laptop:~/Docker-OSX/vnc-version# neofetch
            .-/+oossssoo+/-.               root@laptop
        `:+ssssssssssssssssss+:`           ------------
      -+ssssssssssssssssssyyssss+-         OS: Ubuntu 20.04.2 LTS x86_64
    .ossssssssssssssssssdMMMNysssso.       Kernel: 5.4.0-65-generic
   /ssssssssssshdmmNNmmyNMMMMhssssss/      Uptime: 1 hour, 15 mins 
  +ssssssssshmydMMMMMMMNddddyssssssss+     Packages: 2387 (dpkg)
 /sssssssshNMMMyhhyyyyhmNMMMNhssssssss/    Shell: bash 5.0.17
.ssssssssdMMMNhsssssssssshNMMMdssssssss.   Resolution: 1920x1080, 1680x1050
+sssshhhyNMMNyssssssssssssyNMMMysssssss+   WM: Openbox
ossyNMMMNyMMhsssssssssssssshmmmhssssssso   Theme: Arc-Darker [GTK3]
ossyNMMMNyMMhsssssssssssssshmmmhssssssso   Icons: Adwaita [GTK3]
+sssshhhyNMMNyssssssssssssyNMMMysssssss+   Terminal: qterminal
.ssssssssdMMMNhsssssssssshNMMMdssssssss.   CPU: Intel i5-7300HQ (4) @ 3.500GHz
 /sssssssshNMMMyhhyyyyhdNMMMNhssssssss/    GPU: Intel HD Graphics 630
  +sssssssssdmydMMMMMMMMddddyssssssss+     Memory: 838MiB / 7819MiB
   /ssssssssssshdmNNNNmyNMMMMhssssss/
    .ossssssssssssssssssdMMMNysssso.
      -+sssssssssssssssssyyyssss+-
        `:+ssssssssssssssssss+:`
            .-/+oossssoo+/-.
sickcodes commented 3 years ago

Can you try docker pull sickcodes/docker-osx:latest

I just built the image:

$ docker build -t vnc .
Sending build context to Docker daemon  22.02kB
Step 1/18 : FROM sickcodes/docker-osx:latest
latest: Pulling from sickcodes/docker-osx
1c4e94bdea17: Already exists 
96c7b635cf70: Already exists 
f8d4447dd63b: Already exists 
4f4a528956c1: Already exists 
09f80b5cfe42: Already exists 
e9af729ef255: Already exists 
fa8d524577ff: Already exists 
2516367f9204: Already exists 
821773975777: Already exists 
ac62fa152b0a: Already exists 
c99ca6e32d85: Already exists 
9ca17f4c50b3: Already exists 
62d40556010a: Already exists 
Digest: sha256:be667082bd00f2d4541f86388ef2dd5219c7f60b12245ae3c603343b9ca68662
Status: Downloaded newer image for sickcodes/docker-osx:latest
 ---> 5a2434b03272
Step 2/18 : MAINTAINER 'https://twitter.com/sickcodes' <https://sick.codes>
 ---> Running in 1bf2ff8ad6be
Removing intermediate container 1bf2ff8ad6be
 ---> 4b29b8e9a46e
Step 3/18 : USER root
 ---> Running in 6a6e453b9541
Removing intermediate container 6a6e453b9541
 ---> 1e345d32ded5
Step 4/18 : ARG RANKMIRRORS
 ---> Running in d5e7061377bf
Removing intermediate container d5e7061377bf
 ---> 54c0f90d6f28
Step 5/18 : ARG MIRROR_COUNTRY=US
 ---> Running in cafa9ecabfed
Removing intermediate container cafa9ecabfed
 ---> c17eb9a1ebbf
Step 6/18 : ARG MIRROR_COUNT=10
 ---> Running in bc13be867e30
Removing intermediate container bc13be867e30
 ---> ad8b4a7c33fa
Step 7/18 : RUN if [[ "${RANKMIRRORS}" ]]; then { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; }     ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors"     ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on"     | sed -e 's/^#Server/Server/' -e '/^#/d'     | head -n "$((${MIRROR_COUNT:-10}+1))"     | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist     && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch'     && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch'     && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch'     && cat /etc/pacman.d/mirrorlist ; fi
 ---> Running in 93edb15f2286
Removing intermediate container 93edb15f2286
 ---> 501a5a3a35a6
Step 8/18 : USER arch
 ---> Running in 0d273a5fc374
Removing intermediate container 0d273a5fc374
 ---> 50a638817c73
Step 9/18 : RUN sudo pacman -Syyuu --noconfirm     && sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm     && mkdir -p ${HOME}/.vnc     && touch ~/.vnc/config     && tee -a ~/.vnc/config <<< 'geometry=1920x1080'     && tee -a ~/.vnc/config <<< 'localhost'     && tee -a ~/.vnc/config <<< 'alwaysshared'
 ---> Running in 4085c21bd611
:: Synchronizing package databases...
downloading core.db...
downloading extra.db...
downloading community.db...
downloading community-testing.db...
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (13) curl-7.75.0-1  findutils-4.8.0-1  gcc-libs-10.2.0-6  glib2-2.66.6-1  glibc-2.33-3  js78-78.7.1-1  libcups-1:2.3.3op2-1  libldap-2.4.57-1  linux-api-headers-5.10.13-1  pacman-mirrorlist-20210206-1  systemd-247.3-1  systemd-libs-247.3-1  systemd-sysvcompat-247.3-1

Total Download Size:    64.48 MiB
Total Installed Size:  310.01 MiB
Net Upgrade Size:       -0.16 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
downloading linux-api-headers-5.10.13-1-any.pkg.tar.zst...
downloading glibc-2.33-3-x86_64.pkg.tar.zst...
downloading gcc-libs-10.2.0-6-x86_64.pkg.tar.zst...
downloading findutils-4.8.0-1-x86_64.pkg.tar.zst...
downloading libldap-2.4.57-1-x86_64.pkg.tar.zst...
downloading systemd-libs-247.3-1-x86_64.pkg.tar.zst...
downloading curl-7.75.0-1-x86_64.pkg.tar.zst...
downloading glib2-2.66.6-1-x86_64.pkg.tar.zst...
downloading pacman-mirrorlist-20210206-1-any.pkg.tar.zst...
downloading systemd-247.3-1-x86_64.pkg.tar.zst...
downloading systemd-sysvcompat-247.3-1-x86_64.pkg.tar.zst...
downloading js78-78.7.1-1-x86_64.pkg.tar.zst...
downloading libcups-1:2.3.3op2-1-x86_64.pkg.tar.zst...
checking keyring...
checking package integrity...
loading package files...
checking for file conflicts...
:: Processing package changes...
upgrading linux-api-headers...
upgrading glibc...
Generating locales...
  en_US.UTF-8... done
Generation complete.
upgrading gcc-libs...
upgrading findutils...
upgrading libldap...
upgrading systemd-libs...
upgrading curl...
upgrading glib2...
upgrading js78...
upgrading libcups...
upgrading pacman-mirrorlist...
warning: /etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew
upgrading systemd...
upgrading systemd-sysvcompat...
:: Running post-transaction hooks...
(1/9) Creating system user accounts...
(2/9) Updating journal message catalog...
(3/9) Reloading system manager configuration...
  Skipped: Current root is not booted.
(4/9) Updating udev hardware database...
(5/9) Applying kernel sysctl settings...
  Skipped: Current root is not booted.
(6/9) Creating temporary files...
/usr/lib/tmpfiles.d/journal-nocow.conf:26: Failed to resolve specifier: uninitialized /etc detected, skipping
All rules containing unresolvable specifiers will be skipped.
(7/9) Reloading device manager configuration...
  Skipped: Device manager is not running.
(8/9) Arming ConditionNeedsUpdate...
(9/9) Reloading system bus configuration...
  Skipped: Current root is not booted.
resolving dependencies...
looking for conflicting packages...

Packages (23) fltk-1.3.5-4  libfontenc-1.1.4-3  libutempter-1.2.1-1  libxaw-1.0.13-3  libxfont2-2.0.4-3  libxkbfile-1.1.0-2  libxmu-1.1.3-2  libxpm-3.5.13-2  libxt-1.2.1-1  luit-20201003-1  xbitmaps-1.1.2-2  xorg-fonts-encodings-1.0.5-2  xorg-xauth-1.1-2  xorg-xinit-1.4.1-3  xorg-xkbcomp-1.4.4-1  xorg-xmodmap-1.0.10-2  xorg-xrdb-1.2.0-2  xorg-xsetroot-1.1.2-2  tigervnc-1.11.0-6  ufw-0.36-5  xdotool-3.20160805.1-3  xorg-xhost-1.0.8-2  xterm-365-1

Total Download Size:    6.25 MiB
Total Installed Size:  20.20 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
downloading libxt-1.2.1-1-x86_64.pkg.tar.zst...
downloading libxmu-1.1.3-2-x86_64.pkg.tar.zst...
downloading xorg-xauth-1.1-2-x86_64.pkg.tar.zst...
downloading xorg-xsetroot-1.1.2-2-x86_64.pkg.tar.zst...
downloading libxkbfile-1.1.0-2-x86_64.pkg.tar.zst...
downloading xorg-xkbcomp-1.4.4-1-x86_64.pkg.tar.zst...
downloading xorg-fonts-encodings-1.0.5-2-any.pkg.tar.zst...
downloading libfontenc-1.1.4-3-x86_64.pkg.tar.zst...
downloading libxfont2-2.0.4-3-x86_64.pkg.tar.zst...
downloading xorg-xrdb-1.2.0-2-x86_64.pkg.tar.zst...
downloading xorg-xmodmap-1.0.10-2-x86_64.pkg.tar.zst...
downloading xorg-xinit-1.4.1-3-x86_64.pkg.tar.zst...
downloading libxpm-3.5.13-2-x86_64.pkg.tar.zst...
downloading libxaw-1.0.13-3-x86_64.pkg.tar.zst...
downloading luit-20201003-1-x86_64.pkg.tar.zst...
downloading xbitmaps-1.1.2-2-any.pkg.tar.zst...
downloading libutempter-1.2.1-1-x86_64.pkg.tar.zst...
downloading xterm-365-1-x86_64.pkg.tar.zst...
downloading xorg-xhost-1.0.8-2-x86_64.pkg.tar.zst...
downloading fltk-1.3.5-4-x86_64.pkg.tar.zst...
downloading tigervnc-1.11.0-6-x86_64.pkg.tar.zst...
downloading xdotool-3.20160805.1-3-x86_64.pkg.tar.zst...
downloading ufw-0.36-5-any.pkg.tar.zst...
checking keyring...
checking package integrity...
loading package files...
checking for file conflicts...
:: Processing package changes...
installing fltk...
installing libxt...
installing libxmu...
installing xorg-xauth...
installing xorg-xsetroot...
installing libxkbfile...
installing xorg-xkbcomp...
installing xorg-fonts-encodings...
installing libfontenc...
installing libxfont2...
installing xorg-xrdb...
Optional dependencies for xorg-xrdb
    gcc: for preprocessing
    mcpp: a lightweight alternative for preprocessing
installing xorg-xmodmap...
installing xorg-xinit...
Optional dependencies for xorg-xinit
    xorg-twm
    xterm [pending]
installing tigervnc...
Optional dependencies for tigervnc
    mesa: for OpenGL functionality in Xvnc [installed]
installing libxpm...
installing libxaw...
installing luit...
installing xbitmaps...
installing libutempter...
installing xterm...
installing xorg-xhost...
installing xdotool...
installing ufw...
:: Running post-transaction hooks...
(1/6) Reloading system manager configuration...
  Skipped: Current root is not booted.
(2/6) Arming ConditionNeedsUpdate...
(3/6) Updating fontconfig cache...
(4/6) Updating icon theme caches...
(5/6) Updating the desktop file MIME type cache...
(6/6) Updating the MIME type database...
geometry=1920x1080
localhost
alwaysshared
Removing intermediate container 4085c21bd611
 ---> a92c16c4e876
Step 10/18 : RUN printf '\n%s\n' 'sudo rm -f /tmp/.X99-lock' 'export DISPLAY=:99' '/usr/bin/Xvnc -geometry 1920x1080 -rfbauth "${HOME}/.vnc/passwd" :99 &' > vnc.sh
 ---> Running in c072d1a2d77d
Removing intermediate container c072d1a2d77d
 ---> c389201109fb
Step 11/18 : RUN cat vnc.sh Launch.sh > Launch_custom.sh
 ---> Running in c9e1d34e986e
Removing intermediate container c9e1d34e986e
 ---> f68aa2874bf2
Step 12/18 : RUN chmod +x Launch_custom.sh
 ---> Running in 86be29c57e29
Removing intermediate container 86be29c57e29
 ---> 407292158ce7
Step 13/18 : RUN tee vncpasswd_file <<< "${VNC_PASSWORD:=$(openssl rand -hex 4)}"
 ---> Running in cee9bd896b2b
2f70ac15
Removing intermediate container cee9bd896b2b
 ---> 86863c0ab37b
Step 14/18 : RUN vncpasswd -f < vncpasswd_file > ${HOME}/.vnc/passwd
 ---> Running in 994c5aad4d01
Removing intermediate container 994c5aad4d01
 ---> 233071656183
Step 15/18 : RUN chmod 600 ~/.vnc/passwd
 ---> Running in 0cfc140b3e16
Removing intermediate container 0cfc140b3e16
 ---> 796d39dcbb53
Step 16/18 : RUN printf '\n\n\n\n%s\n%s\n\n\n\n' '===========VNC_PASSWORD========== ' "$(<vncpasswd_file)"
 ---> Running in a90b563142a0

===========VNC_PASSWORD========== 
2f70ac15

Removing intermediate container a90b563142a0
 ---> eea448924536
Step 17/18 : WORKDIR /home/arch/OSX-KVM
 ---> Running in 20e392b8f2b8
Removing intermediate container 20e392b8f2b8
 ---> 4b40c34367f6
Step 18/18 : CMD ./enable-ssh.sh && envsubst < ./Launch_custom.sh | bash
 ---> Running in 158e12aa3710
Removing intermediate container 158e12aa3710
 ---> 4cde56cc8479
Successfully built 4cde56cc8479
Successfully tagged vnc:latest
sickcodes commented 3 years ago

Latest image build in hub.docker.com failed to build from this error too, might be an archlinux image bug, checking it out

/etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew

upgrading systemd...
upgrading systemd-sysvcompat...
:: Running post-transaction hooks...
(1/9) Creating system user accounts...
(2/9) Updating journal message catalog...
(3/9) Reloading system manager configuration...
Skipped: Current root is not booted.
(4/9) Updating udev hardware database...
(5/9) Applying kernel sysctl settings...
Skipped: Current root is not booted.
(6/9) Creating temporary files...
/usr/lib/tmpfiles.d/journal-nocow.conf:26: Failed to resolve specifier: uninitialized /etc detected, skipping
All rules containing unresolvable specifiers will be skipped.
(7/9) Reloading device manager configuration...
Skipped: Device manager is not running.
(8/9) Arming ConditionNeedsUpdate...
(9/9) Reloading system bus configuration...
Skipped: Current root is not booted.
error: failed to initialize alpm library
(could not find or read directory: /var/lib/pacman/)

Removing intermediate container 5f609d05b0a0
The command '/bin/bash -c pacman -Syu --noconfirm && pacman -S sudo git vim nano alsa-utils openssh --noconfirm && yes | pacman -Scc && ln -s /bin/vim /bin/vi && useradd arch -p arch && tee -a /etc/sudoers <<< 'arch ALL=(ALL) NOPASSWD: ALL' && mkdir /home/arch && chown arch:arch /home/arch' returned a non-zero code: 255
sickcodes commented 3 years ago

Bug is featured here, should be fixed in a few hours:

https://bbs.archlinux.org/viewtopic.php?id=263379

https://bugs.archlinux.org/task/69563

rluvaton commented 3 years ago

@sickcodes Maybe we change the base image version instead of using the latest tag

sickcodes commented 3 years ago

The bug only occurs when on some hosts, for example, the hub.docker.com or ubuntu hosts.

If you have an Arch Linux host, you won't be affected.

I'm building and pushing fresh images right now to hub.docker.com.

What host are you running?

rluvaton commented 3 years ago

I'm running on Lubuntu, thank you for your great work!

sickcodes commented 3 years ago

Some notes regarding the VNC image build security here: https://github.com/sickcodes/Docker-OSX/issues/146

rluvaton commented 3 years ago

I'm building and pushing fresh images right now to hub.docker.com.

Just trying to build again (update the repo, remove all of my images + containers) The bug still exists with the same error message but earlier

root@laptop:~/Docker-OSX/vnc-version# docker build -t docker-osx-vnc .
Sending build context to Docker daemon  6.144kB
Step 1/18 : FROM sickcodes/docker-osx:latest
latest: Pulling from sickcodes/docker-osx
1c4e94bdea17: Pull complete 
96c7b635cf70: Pull complete 
4ee2dc95a5d8: Pull complete 
3566aea5fae0: Pull complete 
98cbc731da59: Pull complete 
af25ac881293: Pull complete 
d1746c490f44: Pull complete 
dc6bb75ffe3f: Pull complete 
915715c17a06: Pull complete 
514bf62410a2: Pull complete 
a27d67cd094f: Pull complete 
5897ae3ac713: Pull complete 
471a756f8263: Pull complete 
cc81904c4dcc: Pull complete 
Digest: sha256:7b8175032f7fb60ef8c870c86e74d922ca2fa2765bfd1bb99362cdda97818a58
Status: Downloaded newer image for sickcodes/docker-osx:latest
 ---> 19dce4f74540
Step 2/18 : MAINTAINER 'https://twitter.com/sickcodes' <https://sick.codes>
 ---> Running in 8e2e19c35d89
Removing intermediate container 8e2e19c35d89
 ---> d82dba3ea0e4
Step 3/18 : USER root
 ---> Running in fa7132f0b732
Removing intermediate container fa7132f0b732
 ---> 9044e318bd2b
Step 4/18 : ARG RANKMIRRORS
 ---> Running in acfc743d28db
Removing intermediate container acfc743d28db
 ---> c5a3336b7255
Step 5/18 : ARG MIRROR_COUNTRY=US
 ---> Running in 84e970742ab3
Removing intermediate container 84e970742ab3
 ---> c74a1e3cf0a1
Step 6/18 : ARG MIRROR_COUNT=10
 ---> Running in 1d1ea0f7ee88
Removing intermediate container 1d1ea0f7ee88
 ---> c444a839c456
Step 7/18 : RUN if [[ "${RANKMIRRORS}" ]]; then { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; }     ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors"     ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on"     | sed -e 's/^#Server/Server/' -e '/^#/d'     | head -n "$((${MIRROR_COUNT:-10}+1))"     | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist     && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch'     && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch'     && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch'     && cat /etc/pacman.d/mirrorlist ; fi
 ---> Running in 05f9a8e6983b
Removing intermediate container 05f9a8e6983b
 ---> 5fffaced4230
Step 8/18 : USER arch
 ---> Running in 1160d2fe7b4d
Removing intermediate container 1160d2fe7b4d
 ---> aa71cca41acf
Step 9/18 : RUN sudo pacman -Syyuu --noconfirm     && sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm     && mkdir -p ${HOME}/.vnc     && touch ~/.vnc/config     && tee -a ~/.vnc/config <<< 'geometry=1920x1080'     && tee -a ~/.vnc/config <<< 'localhost'     && tee -a ~/.vnc/config <<< 'alwaysshared'
 ---> Running in 91a167e0e760
error: failed to initialize alpm library
(could not find or read directory: /var/lib/pacman/)                                                                                                                 
The command '/bin/bash -c sudo pacman -Syyuu --noconfirm     && sudo pacman -S tigervnc xterm xorg-xhost xdotool ufw --noconfirm     && mkdir -p ${HOME}/.vnc     && touch ~/.vnc/config     && tee -a ~/.vnc/config <<< 'geometry=1920x1080'     && tee -a ~/.vnc/config <<< 'localhost'     && tee -a ~/.vnc/config <<< 'alwaysshared'' returned a non-zero code: 255

When trying to build the Dockerfile in the repo root I get the same error but in a different place

root@laptop:~/Docker-OSX# docker build -t docker-osx .
Sending build context to Docker daemon  1.541MB
Step 1/33 : FROM archlinux:latest
latest: Pulling from library/archlinux
1c4e94bdea17: Pull complete 
96c7b635cf70: Pull complete 
Digest: sha256:59514fb3d7199fd345d9b5060158cc065a1049d51fab4eceaa1cba87654e05ed
Status: Downloaded newer image for archlinux:latest
 ---> f20b97ac8a3f
Step 2/33 : MAINTAINER 'https://sick.codes' <https://sick.codes>
 ---> Running in a618e349cdc6
Removing intermediate container a618e349cdc6
 ---> 0a6c55b42b05
Step 3/33 : SHELL ["/bin/bash", "-c"]
 ---> Running in eb2193ab0a18
Removing intermediate container eb2193ab0a18
 ---> fd6b379acda7
Step 4/33 : ARG SIZE=200G
 ---> Running in 635995b15583
Removing intermediate container 635995b15583
 ---> 4f041fbaf822
Step 5/33 : ARG VERSION=10.15.6
 ---> Running in edcadf9d0f91
Removing intermediate container edcadf9d0f91
 ---> 936bdc9610fd
Step 6/33 : ARG RANKMIRRORS
 ---> Running in bff13d09e130
Removing intermediate container bff13d09e130
 ---> ce369ccab2ac
Step 7/33 : ARG MIRROR_COUNTRY=US
 ---> Running in e5374907796d
Removing intermediate container e5374907796d
 ---> 1e4de857fec0
Step 8/33 : ARG MIRROR_COUNT=10
 ---> Running in 6b70ea1d3e74
Removing intermediate container 6b70ea1d3e74
 ---> 2290334d353c
Step 9/33 : RUN if [[ "${RANKMIRRORS}" ]]; then         { pacman -Sy wget --noconfirm || pacman -Syu wget --noconfirm ; }         ; wget -O ./rankmirrors "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/rankmirrors"         ; wget -O- "https://www.archlinux.org/mirrorlist/?country=${MIRROR_COUNTRY:-US}&protocol=https&use_mirror_status=on"         | sed -e 's/^#Server/Server/' -e '/^#/d'         | head -n "$((${MIRROR_COUNT:-10}+1))"         | bash ./rankmirrors --verbose --max-time 5 - > /etc/pacman.d/mirrorlist         && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch'         && tee -a /etc/pacman.d/mirrorlist <<< 'Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch'         && tee -a /etc/pacman.d/mirrorlist <<< 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch'         && cat /etc/pacman.d/mirrorlist     ; fi
 ---> Running in b76789fba761
Removing intermediate container b76789fba761
 ---> 1a017b0c16c3
Step 10/33 : RUN tee -a /etc/pacman.conf <<< '[community-testing]'     && tee -a /etc/pacman.conf <<< 'Include = /etc/pacman.d/mirrorlist'
 ---> Running in d07e01b6d27c
[community-testing]
Include = /etc/pacman.d/mirrorlist
Removing intermediate container d07e01b6d27c
 ---> 3427f274c2e3
Step 11/33 : RUN pacman -Syu sudo git vim nano alsa-utils openssh --noconfirm     && ln -s /bin/vim /bin/vi     && useradd arch -p arch     && tee -a /etc/sudoers <<< 'arch ALL=(ALL) NOPASSWD: ALL'     && mkdir /home/arch     && chown arch:arch /home/arch
 ---> Running in dfd7ba83e3e4
:: Synchronizing package databases...
downloading core.db...
downloading extra.db...
downloading community.db...
downloading community-testing.db...
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (33) alsa-lib-1.2.4-3  alsa-topology-conf-1.2.4-2  alsa-ucm-conf-1.2.4-2  curl-7.75.0-1  db-5.3.28-5  dnssec-anchors-20190629-3  e2fsprogs-1.46.0-1  findutils-4.8.0-1  gcc-libs-10.2.0-6  gdbm-1.19-1  glib2-2.66.6-1  glibc-2.33-3  gpm-1.20.7.r38.ge82d1a6-3  ldns-1.7.1-2  libedit-20191231_3.1-3  libldap-2.4.57-1  libsamplerate-0.1.9-3  linux-api-headers-5.10.13-1  pacman-mirrorlist-20210206-1  perl-5.32.0-3  perl-error-0.17029-2  perl-mailtools-2.21-4  perl-timedate-2.33-2  systemd-247.3-1  systemd-libs-247.3-1  systemd-sysvcompat-247.3-1  vim-runtime-8.2.2380-1  alsa-utils-1.2.4-2  git-2.30.0-1  nano-5.5-1  openssh-8.4p1-2  sudo-1.9.5.p2-1  vim-8.2.2380-1

Total Download Size:    91.51 MiB
Total Installed Size:  399.83 MiB
Net Upgrade Size:      150.30 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
downloading linux-api-headers-5.10.13-1-any.pkg.tar.zst...
downloading glibc-2.33-3-x86_64.pkg.tar.zst...
downloading gcc-libs-10.2.0-6-x86_64.pkg.tar.zst...
downloading e2fsprogs-1.46.0-1-x86_64.pkg.tar.zst...
downloading libldap-2.4.57-1-x86_64.pkg.tar.zst...
downloading sudo-1.9.5.p2-1-x86_64.pkg.tar.zst...
downloading findutils-4.8.0-1-x86_64.pkg.tar.zst...
downloading systemd-libs-247.3-1-x86_64.pkg.tar.zst...
downloading curl-7.75.0-1-x86_64.pkg.tar.zst...
downloading gdbm-1.19-1-x86_64.pkg.tar.zst...
downloading db-5.3.28-5-x86_64.pkg.tar.xz...
downloading perl-5.32.0-3-x86_64.pkg.tar.zst...
downloading gpm-1.20.7.r38.ge82d1a6-3-x86_64.pkg.tar.zst...
downloading nano-5.5-1-x86_64.pkg.tar.zst...
downloading libedit-20191231_3.1-3-x86_64.pkg.tar.zst...
downloading dnssec-anchors-20190629-3-any.pkg.tar.zst...
downloading ldns-1.7.1-2-x86_64.pkg.tar.xz...
downloading openssh-8.4p1-2-x86_64.pkg.tar.zst...
downloading glib2-2.66.6-1-x86_64.pkg.tar.zst...
downloading pacman-mirrorlist-20210206-1-any.pkg.tar.zst...
downloading systemd-247.3-1-x86_64.pkg.tar.zst...
downloading systemd-sysvcompat-247.3-1-x86_64.pkg.tar.zst...
downloading perl-error-0.17029-2-any.pkg.tar.zst...
downloading perl-timedate-2.33-2-any.pkg.tar.zst...
downloading perl-mailtools-2.21-4-any.pkg.tar.zst...
downloading git-2.30.0-1-x86_64.pkg.tar.zst...
downloading vim-runtime-8.2.2380-1-x86_64.pkg.tar.zst...
downloading vim-8.2.2380-1-x86_64.pkg.tar.zst...
downloading alsa-topology-conf-1.2.4-2-any.pkg.tar.zst...
downloading alsa-ucm-conf-1.2.4-2-any.pkg.tar.zst...
downloading alsa-lib-1.2.4-3-x86_64.pkg.tar.zst...
downloading libsamplerate-0.1.9-3-x86_64.pkg.tar.zst...
downloading alsa-utils-1.2.4-2-x86_64.pkg.tar.zst...
checking keyring...
checking package integrity...
loading package files...
checking for file conflicts...
:: Processing package changes...
upgrading linux-api-headers...
upgrading glibc...
Generating locales...
  en_US.UTF-8... done
Generation complete.
upgrading gcc-libs...
upgrading e2fsprogs...
upgrading libldap...
installing sudo...
upgrading findutils...
upgrading systemd-libs...
upgrading curl...
installing gdbm...
installing db...
installing perl...
installing perl-error...
installing perl-timedate...
installing perl-mailtools...
installing git...
Optional dependencies for git
    tk: gitk and git gui
    perl-libwww: git svn
    perl-term-readkey: git svn and interactive.singlekey setting
    perl-mime-tools: git send-email
    perl-net-smtp-ssl: git send-email TLS support
    perl-authen-sasl: git send-email TLS support
    perl-mediawiki-api: git mediawiki support
    perl-datetime-format-iso8601: git mediawiki support
    perl-lwp-protocol-https: git mediawiki https support
    perl-cgi: gitweb (web interface) support
    python: git svn & git p4
    subversion: git svn
    org.freedesktop.secrets: keyring credential helper
    libsecret: libsecret credential helper [installed]
installing vim-runtime...
Optional dependencies for vim-runtime
    sh: support for some tools and macros [installed]
    python: demoserver example tool
    gawk: mve tools upport [installed]
installing gpm...
installing vim...
Optional dependencies for vim
    python2: Python 2 language support
    python: Python 3 language support
    ruby: Ruby language support
    lua: Lua language support
    perl: Perl language support [installed]
    tcl: Tcl language support
installing nano...
installing alsa-topology-conf...
installing alsa-ucm-conf...
installing alsa-lib...
installing libsamplerate...
Optional dependencies for libsamplerate
    libsndfile.so: for sndfile-resample
installing alsa-utils...
Optional dependencies for alsa-utils
    fftw: for alsabat
installing libedit...
installing dnssec-anchors...
installing ldns...
Optional dependencies for ldns
    libpcap: ldns-dpa tool [installed]
installing openssh...
Optional dependencies for openssh
    xorg-xauth: X11 forwarding
    x11-ssh-askpass: input passphrase in X
    libfido2: FIDO/U2F support
upgrading glib2...
upgrading pacman-mirrorlist...
warning: /etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew
upgrading systemd...                                                                                                                                                 
Creating group git with gid 977.
Creating user git (git daemon user) with uid 977 and gid 977.
upgrading systemd-sysvcompat...
:: Running post-transaction hooks...
( 1/10) Creating system user accounts...
( 2/10) Updating journal message catalog...
( 3/10) Reloading system manager configuration...
  Skipped: Current root is not booted.
( 4/10) Updating udev hardware database...
( 5/10) Applying kernel sysctl settings...
  Skipped: Current root is not booted.
( 6/10) Creating temporary files...
/usr/lib/tmpfiles.d/journal-nocow.conf:26: Failed to resolve specifier: uninitialized /etc detected, skipping
All rules containing unresolvable specifiers will be skipped.
( 7/10) Reloading device manager configuration...
  Skipped: Device manager is not running.
( 8/10) Arming ConditionNeedsUpdate...
( 9/10) Reloading system bus configuration...
  Skipped: Current root is not booted.
(10/10) Warn about old perl modules
arch ALL=(ALL) NOPASSWD: ALL
Removing intermediate container dfd7ba83e3e4
 ---> a318fb176966
Step 12/33 : RUN mkdir -m 700 /root/.ssh
 ---> Running in 35b1cff78b43
Removing intermediate container 35b1cff78b43
 ---> e1c161be0882
Step 13/33 : WORKDIR /root/.ssh
 ---> Running in b653c98296ab
Removing intermediate container b653c98296ab
 ---> e51246839ec1
Step 14/33 : RUN touch authorized_keys     && chmod 644 authorized_keys
 ---> Running in cab4fcedbad5
Removing intermediate container cab4fcedbad5
 ---> 111fbfb08c95
Step 15/33 : WORKDIR /etc/ssh
 ---> Running in 521cfe217e22
Removing intermediate container 521cfe217e22
 ---> 7ebc56634e83
Step 16/33 : RUN tee -a sshd_config <<< 'AllowTcpForwarding yes'     && tee -a sshd_config <<< 'PermitTunnel yes'     && tee -a sshd_config <<< 'X11Forwarding yes'     && tee -a sshd_config <<< 'PasswordAuthentication yes'     && tee -a sshd_config <<< 'PermitRootLogin yes'     && tee -a sshd_config <<< 'PubkeyAuthentication yes'     && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_rsa_key'     && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ecdsa_key'     && tee -a sshd_config <<< 'HostKey /etc/ssh/ssh_host_ed25519_key'
 ---> Running in 879f3c3544fb
AllowTcpForwarding yes
PermitTunnel yes
X11Forwarding yes
PasswordAuthentication yes
PermitRootLogin yes
PubkeyAuthentication yes
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
Removing intermediate container 879f3c3544fb
 ---> 7310b7f8ab12
Step 17/33 : USER arch
 ---> Running in 63d2fbc93459
Removing intermediate container 63d2fbc93459
 ---> 9829d6f56610
Step 18/33 : RUN git clone --depth 1 https://github.com/kholia/OSX-KVM.git /home/arch/OSX-KVM
 ---> Running in a47350b82fa3
Cloning into '/home/arch/OSX-KVM'...
Removing intermediate container a47350b82fa3                                                                                                                         
 ---> 94bac8e77ba2
Step 19/33 : USER arch
 ---> Running in e7e2c5400c28
Removing intermediate container e7e2c5400c28
 ---> 207d7bb346d5
Step 20/33 : WORKDIR /home/arch/OSX-KVM
 ---> Running in 3d08386521ae
Removing intermediate container 3d08386521ae
 ---> e6a1f5c081ad
Step 21/33 : RUN touch enable-ssh.sh     && chmod +x ./enable-ssh.sh     && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_rsa_key ]] || \'     && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \'     && tee -a enable-ssh.sh <<< '[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \'     && tee -a enable-ssh.sh <<< 'sudo /usr/bin/ssh-keygen -A'     && tee -a enable-ssh.sh <<< 'nohup sudo /usr/bin/sshd -D &'
 ---> Running in c65eae0e271f
[[ -f /etc/ssh/ssh_host_rsa_key ]] || \
[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \
[[ -f /etc/ssh/ssh_host_ed25519_key ]] || \
sudo /usr/bin/ssh-keygen -A
nohup sudo /usr/bin/sshd -D &
Removing intermediate container c65eae0e271f
 ---> 8fe5c75bfe8c
Step 22/33 : RUN yes | sudo pacman -Syu qemu libvirt dnsmasq virt-manager bridge-utils openresolv jack ebtables edk2-ovmf netctl libvirt-dbus --overwrite --noconfirm     && yes | sudo pacman -Scc
 ---> Running in d2119cbcc091
error: failed to initialize alpm library
(could not find or read directory: /var/lib/pacman/)                                                                                                                 
The command '/bin/bash -c yes | sudo pacman -Syu qemu libvirt dnsmasq virt-manager bridge-utils openresolv jack ebtables edk2-ovmf netctl libvirt-dbus --overwrite --noconfirm     && yes | sudo pacman -Scc' returned a non-zero code: 255
sickcodes commented 3 years ago

Docker responded and the bug is being tracked in the following already merged pull request:

https://github.com/opencontainers/runc/pull/2750

Will update when hub.docker.com states they've fixed it.

rluvaton commented 3 years ago

@sickcodes Just to let you know I switched to Manjaro (which is based on Arch as you know) and it work fine there

sickcodes commented 3 years ago

@sickcodes Just to let you know I switched to Manjaro (which is based on Arch as you know) and it work fine there

Nice! This bug is a mess though, it prevents anyone from building images. Hopefully hub.docker.com fix their runc implementation.

Waiting for different distros to upgrade their Docker packages undermines the entire concept of Docker.

Also, running old software can be equally as bad.

The bug has been patched but we literally have to wait for them.

I'm building images on a debian-to-arch on digital ocean (semi-automatically) https://github.com/gh2o/digitalocean-debian-to-arch

sickcodes commented 3 years ago

A critical fix is being raised:

https://bugs.archlinux.org/task/69613

sickcodes commented 3 years ago

Temporary fix here by @MrBenFTW

https://github.com/sickcodes/Docker-OSX/pull/150