Building a docker container on top of another image... "permission denied"? - docker

I am trying to build an extension of an existing image with FROM and then apt install additional packages on top and do own customizations. I get permission denied and "are you root" messages. Specifically, this is the image I want to extend:
https://hub.docker.com/r/makarius/isabelle
My Dockerfile:
FROM makarius/isabelle:latest
SHELL ["/bin/bash", "-c"]
# Add dependencies
RUN apt-get update && \
apt-get install --yes build-essential && \
apt-get install --yes openjdk-8-jdk && \
apt-get install --yes xterm && \
apt-get install --yes iputils-ping && \
apt-get install --yes vim && \
apt-get install --yes net-tools && \
apt-get -y install xauth && \
apt-get clean
# user
RUN useradd -m foo && (echo foo:foo | chpasswd)
USER foo
# Setup FOO repository
WORKDIR /home/foo
# ... some commands
ENTRYPOINT ["/bin/bash"]
Building it it seems I can't get the ability to install anything. There is no sudo in the image.
root#ub18:/home/x/foo/bar# sudo docker build -t i8:01 -f Dockerfile .
Sending build context to Docker daemon 408.7MB
Step 1/9 : FROM makarius/isabelle:latest
---> da948b0dd494
Step 2/9 : SHELL ["/bin/bash", "-c"]
---> Using cache
---> 64f897ae98ea
Step 3/9 : RUN apt-get update && apt-get install --yes build-essential && apt-get install --yes openjdk-8-jdk && apt-get install --yes xterm && apt-get install --yes iputils-ping && apt-get install --yes vim && apt-get install --yes net-tools && apt-get -y install xauth && apt-get clean
---> Running in 9ec12ecb98e8
Reading package lists...
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
The command '/bin/bash -c apt-get update && apt-get install --yes build-essential && apt-get install --yes openjdk-8-jdk && apt-get install --yes xterm && apt-get install --yes iputils-ping && apt-get install --yes vim && apt-get install --yes net-tools && apt-get -y install xauth && apt-get clean' returned a non-zero code: 100
I expect to be able to build the extended image from the existing one, with two users defined and all packages installed. I can get by with a single user as well if have to.

The parent image markarius/isabelle switched user to isabelle, you gotta switch it back to root to run apt-get with additional line USER root before that line in your docker file. There's no need to use sudo in docker images since by default you already have root access.

Related

How to run a bash script that takes multiple user intactive inputs , as part of dockerfile

I have the below dockerfile that needs to run a owasp bash file for its intallation.
This .sh file needs multiple inputs(like 1, Y, enter) from the user for the completion of installation.
How do I provide these inputs from dockerfile or is there a way to skip these inputs and continue the installation.
This dockerfile is a part of the docker-compose.
Below is thew dockerfile
FROM ubuntu:20.04
RUN apt-get update && apt-get upgrade -y && apt-get clean
RUN apt-get install python3-pip -y
RUN apt-get install vim -y
ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Indian
# Install OpenJDK-8
RUN apt-get install -y openjdk-8-jdk && \
apt-get install -y ant && \
apt-get clean;
# Fix certificate issues
RUN apt-get update && \
apt-get install ca-certificates-java && \
apt-get clean && \
update-ca-certificates -f
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
RUN export JAVA_HOME
RUN apt-get install wget -y && \
apt-get install unzip -y && \
apt-get install zip -y
RUN mkdir /home/owasp
RUN wget -c https://github.com/zaproxy/zaproxy/releases/download/v2.11.0/ZAP_2_11_0_unix.sh -P /home/owasp
RUN chmod u+x /home/owasp/ZAP_2_11_0_unix.sh
RUN ./home/owasp/ZAP_2_11_0_unix.sh
Use the Linux Package : https://github.com/zaproxy/zaproxy/releases/download/v2.11.0/ZAP_2.11.0_Linux.tar.gz
That has the same contents but is just a gziped tar file :)
Full list of ZAP downloads available is on https://www.zaproxy.org/download/
Or you can always extend our docker images https://www.zaproxy.org/docs/docker/
To provide input for command use some input generator and pipe it with your command.
Typical example is using command yes which provides endless stream of "y" on output:
RUN yes|./own-shell-scrpit.sh
You can run printf 'y\n1abc\nxxx' and pipe it. "\n" in printf states for newline (or enter).
I would suggest adding a ENTRYPOINT so it by default will invoke your bash script, but it gives the flexibily to the end user to pass different arguments. See the official docs. Keep in mind the CMD provided in a Dockerfile is a default command. You override it by passing any other value.
FROM ubuntu:20.04
ENV DEBIAN_FRONTEND=noninteractive
ENV TZ=Indian
RUN apt-get update && apt-get upgrade -y && apt-get clean
RUN apt-get install python3-pip -y
RUN apt-get install vim -y
# Install OpenJDK-8
RUN apt-get install -y openjdk-8-jdk && \
apt-get install -y ant && \
apt-get clean;
# Fix certificate issues
RUN apt-get update && \
apt-get install ca-certificates-java && \
apt-get clean && \
update-ca-certificates -f
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
RUN export JAVA_HOME
RUN apt-get install wget -y && \
apt-get install unzip -y && \
apt-get install zip -y
RUN mkdir /home/owasp
RUN wget -c https://github.com/zaproxy/zaproxy/releases/download/v2.11.0/ZAP_2_11_0_unix.sh -P /home/owasp
RUN chmod u+x /home/owasp/ZAP_2_11_0_unix.sh
ENTRYPOINT ./home/owasp/ZAP_2_11_0_unix.sh
CMD ['--some', '--default', '--args']
You can even choose to pass default flags on build. So your script will then always run with default flags you provided on docker build --build-args DEFAULT_PARAMS=--foo, unless you override it:
ARGS DEFAULT_PARAMS
FROM ubuntu:20.04
ENV DEFAULT_PARAMS=${DEFAULT_PARAMS}
ENV DEBIAN_FRONTEND=noninteractive
ENV TZ=Indian
RUN apt-get update && apt-get upgrade -y && apt-get clean
RUN apt-get install python3-pip -y
RUN apt-get install vim -y
# Install OpenJDK-8
RUN apt-get install -y openjdk-8-jdk && \
apt-get install -y ant && \
apt-get clean;
# Fix certificate issues
RUN apt-get update && \
apt-get install ca-certificates-java && \
apt-get clean && \
update-ca-certificates -f
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
RUN export JAVA_HOME
RUN apt-get install wget -y && \
apt-get install unzip -y && \
apt-get install zip -y
RUN mkdir /home/owasp
RUN wget -c https://github.com/zaproxy/zaproxy/releases/download/v2.11.0/ZAP_2_11_0_unix.sh -P /home/owasp
RUN chmod u+x /home/owasp/ZAP_2_11_0_unix.sh
ENTRYPOINT ./home/owasp/ZAP_2_11_0_unix.sh
CMD ${DEFAULT_PARAMS}

Dockerfile can't open ODBC driver 17 and fails during running the python script

I have create in docker 2 contains 1 to run the MSSQL server and the other a python container with the code to read data from an .xlsx file and inserting it into SQL server.
My Dockerfile has the below code :
FROM python:3.6-alpine
RUN apk update
RUN apk add gcc libc-dev g++ libffi-dev libxml2 unixodbc-dev mariadb-dev postgresql-dev
FROM continuumio/miniconda3
ADD test.py /
RUN apt-get update -y \
&& apt install python3 -y \
&& apt install python3-pip -y \
&& apt install python3-venv -y \
&& python3 -m venv venv
RUN apt-get -y install curl
**#Install FreeTDS and dependencies for PyODBC**
RUN apt-get update && apt-get install -y tdsodbc unixodbc-dev \
&& apt install unixodbc-bin -y \
&& apt-get clean -y
RUN apt-get update
RUN apt-get install -y tdsodbc unixodbc-dev
RUN apt install unixodbc-bin -y
RUN apt-get clean -y
RUN pip install pandas
RUN pip install pyodbc
RUN pip install DateTime
RUN pip install multiprocess
RUN pip install threaded
CMD [ "python", "./test.py" ]
It compiles successfully but fails every time i run the container with the below error :
pyodbc.Error: ('01000', "[01000] [unixODBC][Driver Manager]Can't open lib 'ODBC Driver 17 for SQL Server' : file not found (0) (SQLDriverConnect)")
I have been trying this for days but found no resolution.
Believe I need to install ODBC driver 17, if so how do I add it to my Dockerfile?

error running Julia on Ubuntu 16.04 docker for host with GPU

I'm stuck in getting Julia to run on Ubuntu 16.04 on a server having GPUs. Basically we want to utilise power of GPUs.
We're using Docker image to host Julia, it's pulled from nvidia-cuda, the docker image is building successfully, but when I run julia with any switch e.g. julia -v or just julia, I'm getting error ERROR: Unable to find compatible target in system image. I tried finding hints online but no luck, hence posting question here.
After building docker image, I'm running using docker run command by mounting some shared folders, it's coming up successfully, but Julia doesn't seem to work. Please let me know what wrong am I doing here.
Following is Dockerfile code
FROM nvidia/cuda:9.0-cudnn7-devel-ubuntu16.04
MAINTAINER comafire <comafire#gmail.com>
# Bash
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
USER root
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
apt-utils \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
# Lang
ARG locale="en_US.UTF-8"
ENV LOCALE ${locale}
RUN echo "LOCALE: $LOCALE"
RUN if [[ $LOCALE = *en* ]] \
; then \
apt-get update && apt-get install -y --no-install-recommends \
locales language-pack-en \
; else \
apt-get update && apt-get install -y --no-install-recommends \
locales language-pack-en \
; fi
RUN echo "$LOCALE UTF-8" > /etc/locale.gen && locale-gen
ENV LC_ALL ${LOCALE}
ENV LANG ${LOCALE}
ENV LANGUAGE ${LOCALE}
ENV LC_MESSAGES POSIX
# Common
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential vim curl wget git cmake bzip2 sudo unzip net-tools \
libffi-dev libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev llvm \
libfreetype6-dev libxft-dev
RUN apt-get update && apt-get install -y --no-install-recommends \
software-properties-common libjpeg-dev libpng-dev ncurses-dev imagemagick \
libgraphicsmagick1-dev libzmq-dev gfortran gnuplot gnuplot-x11 libsdl2-dev \
openssh-client htop iputils-ping
# Python2
RUN apt-get update && apt-get install -y --no-install-recommends \
python python-dev python-pip python-virtualenv python-software-properties
RUN pip2 install --upgrade pip
RUN pip2 install --cache-dir /tmp/pip2 --upgrade setuptools wheel
# Python3
RUN apt-get update && apt-get install -y --no-install-recommends \
python3 python3-dev python3-pip python3-virtualenv python3-software-properties
RUN pip3 install --upgrade pip
RUN pip3 install --cache-dir /tmp/pip3 --upgrade setuptools wheel
# Julia
ENV JULIA_VERSION 1.0.2
RUN apt-get update && apt-get install -y build-essential libatomic1 python gfortran perl wget m4 cmake pkg-config
RUN cd /usr/local && git clone git://github.com/JuliaLang/julia.git && cd julia && git checkout v${JULIA_VERSION}
#RUN make -C deps distclean-llvm && make
RUN cd /usr/local/julia && make -j4
RUN sudo ln -s /usr/local/julia/usr/bin/julia /usr/local/bin/julia
RUN /usr/local/julia/usr/bin/julia -v
RUN ls -al /usr/local/bin
RUN julia -v
WORKDIR /tmp
COPY packages.jl ./
RUN julia packages.jl
When executing RUN julia is julia already in your $PATH? Try executing julia directly, for example:
RUN chmod +x /path/to/julia
RUN /path/to/julia

Install from source in Docker

I need to install graph-tool from source, so I add in my Dockerfile this:
FROM ubuntu:18.04
RUN git clone https://git.skewed.de/count0/graph-tool.git
RUN cd graph-tool && ./configure && make && make install
as it written here.
When I try to build my Docker-compose I catch a error:
/bin/sh: 1: ./configure: not found
What am I doing wrong? Thanks!
ADDED Full Dockerfile:
FROM ubuntu:16.04
ENV LANG C.UTF-8
ENV PYTHONUNBUFFERED 1
ENV C_FORCE_ROOT true
# Install dependencies
RUN apt-get update \
&& apt-get install -y git \
&& apt-get install -y python3-pip python3-dev \
&& apt-get install -y binutils libproj-dev gdal-bin \
&& cd /usr/local/bin \
&& ln -s /usr/bin/python3 python \
&& pip3 install --upgrade pip
RUN git clone https://git.skewed.de/count0/graph-tool.git
RUN apt-get update && apt-get install -y gcc
RUN apt-get update && apt-get install -y libboost-all-dev
RUN apt update && apt install -y --no-install-recommends \
make \
build-essential \
g++
RUN cd graph-tool && ./configure && make && make install
# Project specific setups
RUN mkdir /code
WORKDIR /code
ADD . /code
RUN pip3 install -r requirements.txt
You need to run autogen.sh first, it will generate configure file
P.S. Make sure you install libtool
apt-get install libtool
You have to install the prerequisites first.
RUN apt update && apt install -y --no-install-recommends \
make \
build-essential \
g++ \
....
Don't forget to clean up and remove temp/unnecessary files!

Docker installation debian openjdk-7-jre

I've been trying to install openjdk-7-jre in a docker image. But when I tried to install it I got the following error:
E: Failed to fetch http://security.debian.org/pool/updates/main/o/openjdk-7/openjdk-7-jre-headless_7u111-2.6.7-2~deb8u1_amd64.deb Connection failed [IP: 200.17.202.197 80]
I've been spending a lot of hours trying this. For More details, the instruction in the Dockerfile is:
RUN apt-get update -qq && apt-get install -y -f xvfb wget
RUN sed -i -re 's/([a-z]{2}\.)?archive.ubuntu.com|security.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list && \
apt-get update -qq && \
apt-get install --fix-missing -y -f openjdk-7-jre
RUN wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb && \
dpkg --unpack google-chrome-stable_current_amd64.deb && \
apt-get install -f -y && \
apt-get clean && \
apt-get update && \
rm google-chrome-stable_current_amd64.deb
RUN npm install -g protractor mocha jasmine cucumber && \
webdriver-manager update && \
apt-get update
What am I doing wrong?
This is because you are getting an error in the second RUN command, apt-get update -qq. The error is getting buried because of -qq flag (which will quite the error messages. Try without -qq to diagnoise the error)
You can try using below Dockerfile for installing openjdk-7-jre.
FROM ubuntu
RUN apt-get update
RUN apt-get install -y software-properties-common
RUN add-apt-repository ppa:openjdk-r/ppa
RUN apt-get update
RUN apt-get install --fix-missing -y -f openjdk-7-jre
just added FROM debian:jessie to your dockerfile and successfully built the image. Your problem is your internet connection, Use VPN or Proxy servers to build the image.

Resources