Current extended-base (quay.io/bioconda/base-glibc-debian-bash:3.0) for container builds yields docker images unusable on some systems
#958
Comments
|
@pontus the base image is built using this Dockerfile. We're in the middle of moving the image-building over into this repo (bioconda-utils), but that dockerfile is not changing. The building itself is happening here with podman/buildah. That is currently being unified with other image building to happen here in bioconda-utils, but the commands are not changing. It's not immediately clear to me where the issue is being introduced, whether in the dockerfile, buildah commands, or later on when creating containers with mulled/involucro. Based on the links above is there anything you see that might be causing the issue? |
|
Thanks, I don't see anything that sticks out to me and can't directly replicate this when I try locally, I'll try to play a bit with that in github actions and see if I can trigger it. |
|
My image has been hit by the same problem..., using buildah I patched the source code of buildah here and the xattr + pull error is gone. here you can find how I replaced buildah with one build from source in GitHub Actions Hosted Runners. I have opened a PR against containers/storage, waiting for feedback |
|
Sounds promising, thanks @ChristopherHX! Link to PR for others: containers/storage#1847 (took me a while to find because I didn't realise that |
|
Hrrm, I haven't yet been able to trigger this issue with buildah, and the commit there is large enough that I can't read it and figure out how to trigger it either. |
See containers/storage#1847 for how to reproduce this by pulling an image built by buildah using latest docker:dind-rootless image. I believe docker buildx doesn't store extended attributes (xattr) in container layers.
I'm just adding to an if condition in the code that creates an archive of layers built by buildah The large diff is due to an implicit bump of the patched dependency, since I didn't patch the old revision. See containers/storage#1847 for the actual diff I never had to deal with any xattr before so I have no idea of implications |
|
My change seems to got an approval so it might be only a matter of time to get into buildah source tree |
Yes, I've seen the issue, I just haven't been able to trigger the issue (being the built image having a that extended attribute somewhere) myself with buildah. |
|
These steps for old buildah releases (like Output of tar
buildah created a layer with changed files for you? Even an apt install is enough to have many of them... (rootless mode) My own affected image has been built with docker buildx till 2023-08-01, all these images have no such xattr at all. Good news, my fix/workaround has been merged in buildah see containers/buildah@662908f I wonder if I should create an GitHub Action for setup-buildah from source code and cache the built artifacts via actions/cache, found previously another bug caused by outdated buildah. |
|
Thanks. I haven't managed to produce anything with these xattrs (and the above example does not) with Ubuntu 23.10 and buildah installed from standard sources with apt. |
New images use Debian 12.5 base and are built with Buildah >=1.35.0 for better compatibility w.r.t. gh-958 . refs: - bioconda/bioconda-containers#82 fixes gh-958 Signed-off-by: Marcel Bargull <marcel.bargull@udo.edu>
Since docker 25.0.0 (https://docs.docker.com/engine/release-notes/25.0/#2500),
The current image used as extended-base for container images unfortunately has one such extended attribute (
user.overlay.impure) set for /etc/ (set toy).This breaks various setups. In some cases it can be worked around (e.g. changing docker storage driver to
overlay-fuseinstead ofoverlay2), but it causes problems for users (and some situations, e.g. gitpod, make it quite difficult).Since I can't this being actually used anywhere, maybe we can use a base image without such an extended attribute?
The text was updated successfully, but these errors were encountered: