Develop Reference

Dockerfile | => ERROR [base 2/7] RUN apt-get update -y && apt-get -y --no-install-recommends install curl wget && rm -rf /var/lib/apt/lists/* [duplicate]

I'm trying to build a docker image but it throws an error and I can't seem to figure out why.
It is stuck at RUN apt-get -y update with the following error messages:
4.436 E: Release file for http://security.debian.org/debian-security/dists/buster/updates/InRelease is not valid yet (invalid for another 2d 16h 26min 22s). Updates for this repository will not be applied.
4.436 E: Release file for http://deb.debian.org/debian/dists/buster-updates/InRelease is not valid yet (invalid for another 3d 10h 28min 24s). Updates for this repository will not be applied.
executor failed running [/bin/sh -c apt-get -y update]: exit code: 100
Here's my docker file:
FROM python:3.7
# Adding trusting keys to apt for repositories
RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
# Adding Google Chrome to the repositories
RUN sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list'
# Updating apt to see and install Google Chrome
RUN apt-get -y update
# Magic happens
RUN apt-get install -y google-chrome-stable
# Installing Unzip
RUN apt-get install -yqq unzip
# Download the Chrome Driver
RUN CHROMEDRIVER_RELEASE=$(curl http://chromedriver.storage.googleapis.com/LATEST_RELEASE) && \
echo "Chromedriver latest version: $CHROMEDRIVER_RELEASE" && \
wget --quiet "http://chromedriver.storage.googleapis.com/$CHROMEDRIVER_RELEASE/chromedriver_linux64.zip" && \
unzip chromedriver_linux64.zip && \
rm -rf chromedriver_linux64.zip && \
mv chromedriver /usr/local/bin/chromedriver && \
chmod +x /usr/local/bin/chromedriver && \
chromedriver --version
# Set display port as an environment variable
ENV DISPLAY=:99
WORKDIR /
COPY requirements.txt ./
RUN pip install --upgrade pip && pip install -r requirements.txt
COPY . .
RUN pip install -e .
What is happening here?

In my case, docker was still using the cached RUN apt update && apt upgrade command, thus not updating the package sources.
The solution was to build the docker image once with the --no-cache flag:
docker build --no-cache .

If you are using docker desktop, please check if enough resources are set in settings/preferences.
Eg. memory and disk requirement

It's answered here https://askubuntu.com/questions/1059217/getting-release-is-not-valid-yet-while-updating-ubuntu-docker-container
Correct your system clock. (in comments I also suggested checking for a mismatch between clock and your timezone too)

I get this ERROR: executor failed running [...]: exit code: 100 error message when I mistyped the name of a package.
This was in my Dockerfile:
RUN sudo apt-get update; \
sudo apt-get -y upgrade; \
sudo apt-get install -y gnupg2 wget lsb_release
instead of this:
RUN sudo apt-get update; \
sudo apt-get -y upgrade; \
sudo apt-get install -y gnupg2 wget lsb-release
(see the difference between the underscore and the dash.)
Fixing the package name solved the problem.

This happens specific to OS also.
I had same issues running MariaDB on my Windows 10.
Check for Docker Settings:
{
"registry-mirrors": [],
"insecure-registries": [],
"debug": false,
"experimental": false,
"features": {
"buildkit": true
},
"builder": {
"gc": {
"enabled": true,
"defaultKeepStorage": "20GB"
}
}
}
Remove below block, and it should work:
"features": {
"buildkit": true
},

I had this error and I think it was because I installed buildx but the version of the plugin didn't match my docker installation. Uninstalling buildx resolved the issue for me:
docker buildx uninstall

For me adding this to the Dockerfile did the job:
RUN apk add --update linux-headers;

How to cache maven repo when building Spring Boot docker image on Jenkins

I'm trying to build docker images for a Spring Boot application (2.3.6.RELEASE) using the spring-boot-maven-plugin build-image goal (buildpacks), but it's downloading the internet everytime! Is there a way to mount the .m2 directory to the buildpack, so it can use dependencies from the cache?
sudo ./mvnw -pl ${PROJECT_NAME} org.springframework.boot:spring-boot-maven-plugin:2.3.6.RELEASE:build-image -DskipTests=true"
I'm using the ecs jenkins plugin (https://plugins.jenkins.io/amazon-ecs/) and binding the .m2 directory and the docker socket:
Update: Ok I think the issue is I'm mounting the .m2 directory to /home/jenkins/.m2, but I'm executing the build-image goal with sudo to give the command access to docker daemon, and the default maven repo location is ~/.m2. If I execute it without sudo I get the following error:
[INFO] Building image 'docker.io/library/tellus-emergency-lighting:dev-SNAPSHOT'
[INFO]
[INFO] I/O exception (java.io.IOException) caught when processing request to {}->docker://localhost:2376: com.sun.jna.LastErrorException: [13] Permission denied
[INFO] Retrying request to {}->docker://localhost:2376
[INFO] I/O exception (java.io.IOException) caught when processing request to {}->docker://localhost:2376: com.sun.jna.LastErrorException: [13] Permission denied
[INFO] Retrying request to {}->docker://localhost:2376
[INFO] I/O exception (java.io.IOException) caught when processing request to {}->docker://localhost:2376: com.sun.jna.LastErrorException: [13] Permission denied
[INFO] Retrying request to {}->docker://localhost:2376
[INFO] > Pulling builder image 'gcr.io/paketo-buildpacks/builder:base-platform-api-0.3' 100%
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 7.685 s
[INFO] Finished at: 2020-11-23T23:19:19Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:2.3.6.RELEASE:build-image (default-cli) on project tellus-emergency-lighting: Execution default-cli of goal org.springframework.boot:spring-boot-maven-plugin:2.3.6.RELEASE:build-image failed: Connection to the Docker daemon at 'localhost' failed with error "[13] Permission denied"; ensure the Docker daemon is running and accessible: com.sun.jna.LastErrorException: [13] Permission denied -> [Help 1]
Is there some way I can execute it without sudo?
I also tried adding -Dmaven.repo.local=/home/jenkins/.m2, but that didn't seem to help (it still downloads the dependencies again):
sudo ./mvnw -pl ${PROJECT_NAME} org.springframework.boot:spring-boot-maven-plugin:build-image -DskipTests=true -Dmaven.repo.local=/home/jenkins/.m2
Here's my ECS agent dockerfile:
FROM jenkins/inbound-agent as builder
FROM ubuntu:20.04
#################################################
# Inspired by
# https://github.com/cloudbees/java-build-tools-dockerfile/blob/master/Dockerfile
#################################################
#================================================
# Customize sources for apt-get
#================================================
RUN DISTRIB_CODENAME=$(cat /etc/*release* | grep DISTRIB_CODENAME | cut -f2 -d'=') \
&& echo "deb http://archive.ubuntu.com/ubuntu ${DISTRIB_CODENAME} main universe\n" > /etc/apt/sources.list \
&& echo "deb http://archive.ubuntu.com/ubuntu ${DISTRIB_CODENAME}-updates main universe\n" >> /etc/apt/sources.list \
&& echo "deb http://security.ubuntu.com/ubuntu ${DISTRIB_CODENAME}-security main universe\n" >> /etc/apt/sources.list
RUN apt-get update -qqy \
&& apt-get -qqy --no-install-recommends install software-properties-common \
&& add-apt-repository -y ppa:git-core/ppa
#========================
# Miscellaneous packages
# iproute which is surprisingly not available in ubuntu:15.04 but is available in ubuntu:latest
# OpenJDK11
# groff is for aws-cli
# tree is convenient for troubleshooting builds
#========================
RUN apt-get update -qqy \
&& apt-get -qqy --no-install-recommends install \
iproute2 \
openssh-client ssh-askpass\
ca-certificates \
gpg gpg-agent \
openjdk-11-jdk \
tar zip unzip \
wget curl \
git \
build-essential \
less nano tree \
jq \
python3 python3-pip groff \
rsync \
&& apt-get clean
# && sed -i 's/securerandom\.source=file:\/dev\/random/securerandom\.source=file:\/dev\/urandom/' ./usr/lib/jvm/java-11-openjdk-amd64/jre/lib/security/java.security
# Update pip after install
RUN pip3 install --upgrade pip setuptools
RUN pip3 install yq
#==========
# Docker
#==========
RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
RUN apt-get -qqy install --no-install-recommends docker-ce docker-ce-cli containerd.io
RUN apt-get update
RUN apt-get install sudo -y
#==========
# Maven
#==========
ENV MAVEN_VERSION 3.6.3
RUN curl -fsSL http://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz | tar xzf - -C /usr/share \
&& mv /usr/share/apache-maven-$MAVEN_VERSION /usr/share/maven \
&& ln -s /usr/share/maven/bin/mvn /usr/bin/mvn
ENV MAVEN_HOME /usr/share/maven
#==========
# Gradle
#==========
ENV GRADLE_VERSION 6.5.1
RUN wget -q https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip -P /tmp \
&& unzip -d /opt/gradle /tmp/gradle-${GRADLE_VERSION}-bin.zip \
&& ln -s /opt/gradle/gradle-${GRADLE_VERSION}/bin/gradle /usr/bin/gradle \
&& rm /tmp/gradle-${GRADLE_VERSION}-bin.zip
#========================================
# Add normal user with passwordless sudo
#========================================
RUN useradd jenkins --shell /bin/bash --create-home \
&& usermod -a -G sudo jenkins \
&& echo 'ALL ALL = (ALL) NOPASSWD: ALL' >> /etc/sudoers \
&& echo 'jenkins ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers \
&& echo 'jenkins:secret' | chpasswd
#====================================
# AWS CLI
#====================================
RUN pip3 install awscli
# compatibility with CloudBees AWS CLI Plugin which expects pip to be installed as user
RUN mkdir -p /home/jenkins/.local/bin/ \
&& ln -s /usr/local/bin/pip /home/jenkins/.local/bin/pip \
&& chown -R jenkins:jenkins /home/jenkins/.local
#====================================
# Kubernetes CLI
# See https://storage.googleapis.com/kubernetes-release/release/stable.txt
#====================================
RUN curl https://storage.googleapis.com/kubernetes-release/release/v1.19.3/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl
#==========
# Slave
#==========
COPY --from=builder /usr/local/bin/jenkins-slave /usr/local/bin/jenkins-agent
COPY --from=builder /usr/share/jenkins/agent.jar /usr/share/jenkins/agent.jar
USER root
RUN chmod +x /usr/local/bin/jenkins-agent \
&& ln -s /usr/local/bin/jenkins-agent /usr/local/bin/jenkins-slave
RUN chmod 644 /usr/share/jenkins/agent.jar \
&& ln -sf /usr/share/jenkins/agent.jar /usr/share/jenkins/slave.jar
USER jenkins
ENTRYPOINT ["jenkins-agent"]

There's probably a better way to do it, but I got it working by adding: -Dmaven.repo.local=/home/jenkins/.m2/repository, so:
sudo ./mvnw -pl ${PROJECT_NAME} org.springframework.boot:spring-boot-maven-plugin:2.3.6.RELEASE:build-image -Dmaven.repo.local=/home/jenkins/.m2/repository -DskipTests=true"

small issue with ddev - brew - docker

just set up a dev laptop but installing ddev has been problematic. followed instructions from docs.docker.com, ddev.readthedocs.com, and Mike Anello's book for DDEV LOCAL.
An unusual and undocumented bit of installation is when I tried to run brew initially, my Ubuntu 18.04 complained to me to install linuxbrew-wrapper so I did. Then the brew worked properly.
The situation is this: I cannot run ddev unless the docker container is stopped. Looking in /bin and /Cellar shows most of the executables have myname:docker as owner/group but ddev, hello, patchelf are myname:myname owner/group.
Should I chown those files to myname:docker owner/group to be able to run them while the container is live?
or
Am I supposed to shut off the container for running ddev?
Solution (ymmv)
Part 1
sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo docker run hello-world
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose
docker-compose --version
sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker
Part 2
sh -c "$(curl -fsSL https://raw.githubusercontent.com/Linuxbrew/install/master/install.sh)"
sudo apt-get install build-essential
sudo apt-get -o Dpkg::Options::="--force-overwrite" install --fix-broken
echo 'eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv)' >>~/.profile
eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv)
echo 'eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv)' >>~/.bashrc
source .bashrc
Part 3
brew
brew install gcc
brew tap drud/ddev && brew install ddev
mkcert --install

Docker socket permissions within container

I'm trying to access docker running on my host from a user within a container. I'm attempting to do this by mapping the socket on my host to the container volume docker run -it -v /var/run/docker.sock:/var/run/docker.sock myimage bash
on my host ls -l on /var/run/docker.sock shows that the owner is my normal host user (not root), but when I look in the container, it's owned by root. Consequently I get "permission denied" when trying to connect to docker within the container. Here is a sample image
FROM ubuntu:latest
USER root
RUN apt-get update -y && apt-get upgrade -y \
&& apt-get install -y python python-dev python3.6 python-pip
virtualenv libssl-dev libpq-dev git build-essential libfontconfig1
libfontconfig1-dev
RUN pip install setuptools docker
RUN useradd -ms /bin/bash -d /usr/local/myuser myuser
RUN chown -R myuser: /usr/local/myuser
USER myuser
build the image
docker build -t myimage .
start a bash shell
docker run -it -v /var/run/docker.sock:/var/run/docker.sock myimage bash
try for example to connect via python
python -c "import docker; c = docker.from_env(); c.containers.list()
gives a permission denied error.
How can I map the correct permissions of the volume (and why do they change when I map the volume)? And is it possible to do this in the Dockerfile or in the run command (eg my actual application is using docker-compose).
I've tried creating a docker group in my dockerfile and adding myuser to the group but this does not seem to work, i'm not sure why but possibly because I'm on a mac and installed docker using the gui installer

Simple change UID of the user,
RUN useradd -ms /bin/bash -d /usr/local/myuser -u ${UID} myuser
where UID can be taken via
id
in terminal

Docker volume not mounting in the Ubuntu container from Windows host

I'm trying to play with Facebook's HHVM on my lovely Windows, but since it isn't supported yet I'm trying Docker.
Pretty simple. I have only these two files on the same directory in path /c/apache/htdocs/hello-hhvm
Dockerfile
FROM ubuntu:wily
RUN apt-get -y install software-properties-common
RUN apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449
RUN add-apt-repository "deb http://dl.hhvm.com/ubuntu $(lsb_release -sc) main"
RUN apt-get -y update
RUN apt-get -y install hhvm
VOLUME /app
WORKDIR /app
hello.php
<?hh echo 'its me';
Then I build the image:
docker build -t hhvm .
And run the container trying to mount the volume /app:
docker run --rm -it -v /c/apache/htdocs/hello-hhvm:/app hhvm bash
I successfully start a bash session on the container already in the /app directory BUUUUT there is no hello.php neither Dockerfile in there.
What I'm doing wrong?
Thanks.