Pretty new to docker; trying to get base layer setup on docker though it gives me these errors:
It's noting that the repository is failing / how do I set that repository?
I don't think it's AWS issue as I have been able to see the AWS push in cloud formation.
$./generate_base_layer.sh
Error: No such container: layer-container
[+] Building 27.7s (6/13)
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 551B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/amazonlinux:2 0.9s
=> [auth] library/amazonlinux:pull token for registry-1.docker.io 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 37B 0.0s
=> [2/8] RUN yum install -y python37 && yum install -y python3-pip && yum install -y 26.7s
=> => # Loaded plugins: ovl, priorities
> [2/8] RUN yum install -y python37 && yum install -y python3-pip && yum install -y zip && yum clean all:
#6 0.369 Loaded plugins: ovl, priorities
#6 36.47
#6 36.47
#6 36.47 One of the configured repositories failed (Unknown),
#6 36.47 and yum doesn't have enough cached data to continue. At this point the only
#6 36.47 safe thing yum can do is fail. There are a few ways to work "fix" this:
#6 36.47
#6 36.47 1. Contact the upstream for the repository and get them to fix the problem.
#6 36.47
#6 36.47 2. Reconfigure the baseurl/etc. for the repository, to point to a working
#6 36.47 upstream. This is most often useful if you are using a newer
#6 36.47 distribution release than is supported by the repository (and the
#6 36.47 packages for the previous distribution release still work).
#6 36.47
#6 36.47 3. Run the command with the repository temporarily disabled
#6 36.47 yum --disablerepo=<repoid> ...
#6 36.47
#6 36.47 4. Disable the repository permanently, so yum won't use it by default. Yum
#6 36.47 will then just ignore the repository until you permanently enable it
#6 36.47 again or use --enablerepo for temporary usage:
#6 36.47
#6 36.47 yum-config-manager --disable <repoid>
#6 36.47 or
#6 36.47 subscription-manager repos --disable=<repoid>
#6 36.47
#6 36.47 5. Configure the failing repository to be skipped, if it is unavailable.
#6 36.47 Note that yum will try to contact the repo. when it runs most commands,
#6 36.47 so will have to try and fail each time (and thus. yum will be be much
#6 36.47 slower). If it is a very temporary problem though, this is often a nice
#6 36.47 compromise:
#6 36.47
#6 36.47 yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
#6 36.47
#6 36.47 Cannot find a valid baseurl for repo: amzn2-core/2/aarch64
#6 36.47 Could not retrieve mirrorlist http://amazonlinux.default.amazonaws.com/2/core/latest/aarch64/mirror.list error was
#6 36.47 12: Timeout on http://amazonlinux.default.amazonaws.com/2/core/latest/aarch64/mirror.list: (28, 'Failed to connect to amazonlinux.default.amazonaws.com port 80 after 4723 ms: Connection timed out')
------
executor failed running [/bin/sh -c yum install -y python37 && yum install -y python3-pip && yum install -y zip && yum clean all]: exit code: 1
Unable to find image 'base-layer:latest' locally
docker: Error response from daemon: pull access denied for base-layer, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
Error: No such container:path: layer-container:layer.zip
I've already logged into docker and tried it with docker build -t... ; same issue
dockerfile:
FROM amazonlinux:2
# Install Python
RUN yum install -y python37 && \
yum install -y python3-pip && \
yum install -y zip && \
yum clean all
# Set up PIP and Venv
RUN python3.7 -m pip install --upgrade pip && \
python3.7 -m pip install virtualenv
RUN python3.7 -m venv base
RUN source base/bin/activate
# Install dependencies
COPY ./requirements.txt .
RUN pip install -r requirements.txt -t ./python
# Zip it up for deployment.
RUN zip -r layer.zip ./python/
ENTRYPOINT ["/bin/bash", "-l"]
generate_base.. file:
# Generates a base layer for the Lambda functions.
# Remove the container first (if it exists).
docker rm layer-container
# Build the base layer.
docker build -t base-layer .
# Rename it to layer-container.
docker run --name layer-container base-layer
# Copy the generated zip artifact so our CDK can use it.
docker cp layer-container:layer.zip . && echo "Created layer.zip with updated base layer."
Related
I am new to Docker, currently trying to test ping google.com within Docker container (WSL2 Ubuntu 20.04 and Docker desktop).
I am trying to build an image with Ubuntu:20.04. When it comes to 'RUN apt-get update', it failed to fetch and return 'E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease 403 Forbidden [IP: 91.189.91.39 80]'.
Also, I have built another image with Alpine:latest and 'RUN apk update' but the build was success and execute as expected. Further, 'apt-get update' works just fine inside WSL2.
These are the things that I tried (based on related problems on SO) but returns the same error:-
change DNS within /etc/docker/daemon.json
change the 'http' to 'ftp' to 'https' within /etc/apt/source.lists
install apt-transport-https
update apt mirrors accordingly to my region
upgrade WSL2 dist to release 22.04 jammy
remove all files within /var/lib/apt/lists/ and apt-get update
reinstall Docker desktop
Dockerfile:
#pull base image
FROM ubuntu:20.04
#sudo su
USER root
#update and clean packages
RUN : \
&& apt-get update \
&& rm -rf /var/cache/apk/* \
&& apt-get clean \
&& :
#copy all all files in current directory into container directory /home/app
COPY . /home/app
#set /home/app as working directory
WORKDIR /home/app
#execute ping.sh
ENTRYPOINT ["sh", "ping.sh"]
ping.sh
#!/bin/bash
ping google.com
/etc/docker/daemon.json
{
"dns": ["192.168.224.1", "8.8.8.8"]
}
/etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 172.30.176.1
docker build -t test-ping-ubuntu:0.1 .
[+] Building 52.1s (7/9)
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 442B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/ubuntu:20.04 45.6s
=> [auth] library/ubuntu:pull token for registry-1.docker.io 0.0s
=> [1/4] FROM docker.io/library/ubuntu:20.04#sha256:0e0402cd13f68137edb0266e1d2c682f217814420f 5.1s
=> => resolve docker.io/library/ubuntu:20.04#sha256:0e0402cd13f68137edb0266e1d2c682f217814420f 0.0s
=> => sha256:0e0402cd13f68137edb0266e1d2c682f217814420f2d43d300ed8f65479b14fb 1.42kB / 1.42kB 0.0s
=> => sha256:8eb87f3d6c9f2feee114ff0eff93ea9dfd20b294df0a0353bd6a4abf403336fe 529B / 529B 0.0s
=> => sha256:d5447fc01ae62c20beffbfa50bc51b2797f9d7ebae031b8c2245b5be8ff1c75b 1.46kB / 1.46kB 0.0s
=> => sha256:846c0b181fff0c667d9444f8378e8fcfa13116da8d308bf21673f7e4bea8d58 28.58MB / 28.58MB 4.0s
=> => extracting sha256:846c0b181fff0c667d9444f8378e8fcfa13116da8d308bf21673f7e4bea8d580 0.9s
=> [internal] load build context 0.0s
=> => transferring context: 500B 0.0s
=> ERROR [2/4] RUN : && apt-get update && rm -rf /var/cache/apk/* && apt-get clean 1.3s
------
> [2/4] RUN : && apt-get update && rm -rf /var/cache/apk/* && apt-get clean && ::
#6 0.405 Err:1 http://security.ubuntu.com/ubuntu focal-security InRelease
#6 0.405 403 Forbidden [IP: 185.125.190.39 80]
#6 0.623 Err:2 http://archive.ubuntu.com/ubuntu focal InRelease
#6 0.623 403 Forbidden [IP: 185.125.190.36 80]
#6 0.631 Err:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
#6 0.631 403 Forbidden [IP: 185.125.190.36 80]
#6 0.639 Err:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease
#6 0.639 403 Forbidden [IP: 185.125.190.36 80]
#6 0.642 Reading package lists...
#6 0.648 E: The repository 'http://security.ubuntu.com/ubuntu focal-security InRelease' is not signed.
#6 0.648 E: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease 403 Forbidden [IP: 185.125.190.39 80]
#6 0.648 E: The repository 'http://archive.ubuntu.com/ubuntu focal InRelease' is not signed.
#6 0.648 E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease 403 Forbidden [IP: 185.125.190.36 80]
#6 0.648 E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease 403 Forbidden [IP: 185.125.190.36 80]
#6 0.648 E: The repository 'http://archive.ubuntu.com/ubuntu focal-updates InRelease' is not signed.
#6 0.648 E: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease 403 Forbidden [IP: 185.125.190.36 80]
#6 0.648 E: The repository 'http://archive.ubuntu.com/ubuntu focal-backports InRelease' is not signed.
------
executor failed running [/bin/sh -c : && apt-get update && rm -rf /var/cache/apk/* && apt-get clean && :]: exit code: 100
Can you add:
apt-get --allow-releaseinfo-change update
before apt-update command
Analysing your error message it seems to me to be an issue with the docker cache.
Look after the error, you see that there is a probleme with the signature executing apt update.
You said you installed Docker-desktop. Have you removed everything before? Reset to factory settings? Clean all?
docker rm -vf $(docker ps -a -q)
docker rmi -f $(docker images -a -q)
should delete also all
Your alpine image is executed well, because it does not update anything from the ubuntu repository which is generating the issue. (as alpine is a different linux distro)
You dont need to edit dns settings or anything else.
I tested your image, it is working fine.
Think, when you build the docker image it is not using your local wsl distro. It uses the Ubuntu version in the image itselfs, which comes from
FROM ubuntu:20.04
To check if it is related to the docker cache you can also try
FROM ubuntu:22.04
Another thing you can also add a .dockerignore file.
And inside put the folders where docker should ignore the cache when building the image. Find more info here:
https://www.techrepublic.com/article/what-is-a-dockerignore-file-and-why-you-should-be-using-them/
Please let me know if this could resolve your issue.
Update:
Executed with gitbash
docker rm -vf $(docker ps -a -q)
b206807c674c
e63668bd62ed
276f59d1c41c
8b4c3d66dd0e
1bce2f46e207
f53fb77ce6f0
9193b1727cf9
c6f93789d038
If you run them in WSL, Think:
WSL is a virtual macchine.
execute docker ps -aq from there, if it doesnt return anything you dont have containers in WSL running. So the $(docker ps -aq) in docker rm $(docker ps -aq) is empty and the error atleast one argument ist required comes from there.
Update Docker-Desktop, there was a bug reletad to images in the version before.
My Dockerfile
FROM continuumio/miniconda3
RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
&& apt-get -y install --no-install-recommends g++ unixodbc-dev
# Copy environment.yml (if found) to a temp location so we update the environment.
COPY environment.yml /tmp/conda-tmp/
RUN if [ -f "/tmp/conda-tmp/environment.yml" ]; then /opt/conda/bin/conda env update -n base -f /tmp/conda-tmp/environment.yml; fi \
&& rm -rf /tmp/conda-tmp
RUN apt install -y gnupg curl
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
RUN curl https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list
RUN apt-get update
RUN ACCEPT_EULA=Y apt-get install -y msodbcsql17
# optional: for bcp and sqlcmd
RUN ACCEPT_EULA=Y apt-get install -y mssql-tools
RUN echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc
RUN . ~/.bashrc
# optional: for unixODBC development headers
RUN apt-get install -y unixodbc-dev
WORKDIR /workspace
COPY . .
ENTRYPOINT ["/bin/bash"]
When I am trying to build the docker image using docker build -t my-simulator . I am getting the followings:
=> [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 1.09kB 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 34B 0.0s => [internal] load metadata for docker.io/continuumio/miniconda3:latest 1.1s => [auth] continuumio/miniconda3:pull token for registry-1.docker.io 0.0s => [internal] load build context 0.0s => => transferring context: 11.16kB 0.0s => [ 1/15] FROM docker.io/continuumio/miniconda3#sha256:977263e8d1e476972fddab1c75fe050dd3cd17626390e874448bd92721fd659b 0.0s => CACHED [ 2/15] RUN apt-get update && export DEBIAN_FRONTEND=noninteractive && apt-get -y install --no-install-recommends g++ unixodbc-dev 0.0s => CACHED [ 3/15] COPY environment.yml /tmp/conda-tmp/ 0.0s => CACHED [ 4/15] RUN if [ -f "/tmp/conda-tmp/environment.yml" ]; then /opt/conda/bin/conda env update -n base -f /tmp/conda-tmp/environment.yml; fi && rm -rf /tmp/conda- 0.0s => CACHED [ 5/15] RUN apt install -y gnupg curl 0.0s => CACHED [ 6/15] RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - 0.0s => CACHED [ 7/15] RUN curl https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list 0.0s => CACHED [ 8/15] RUN apt-get update 0.0s => ERROR [ 9/15] RUN ACCEPT_EULA=Y apt-get install -y msodbcsql17 0.8s ------
> [ 9/15] RUN ACCEPT_EULA=Y apt-get install -y msodbcsql17:
#14 0.313 Reading package lists...
#14 0.651 Building dependency tree...
#14 0.736 Reading state information...
#14 0.771 Some packages could not be installed. This may mean that you have
#14 0.771 requested an impossible situation or if you are using the unstable
#14 0.771 distribution that some required packages have not yet been created
#14 0.771 or been moved out of Incoming.
#14 0.771 The following information may help to resolve the situation:
#14 0.771
#14 0.771 The following packages have unmet dependencies:
#14 0.810 libodbc1 : PreDepends: multiarch-support but it is not installable
#14 0.810 odbcinst1debian2 : PreDepends: multiarch-support but it is not installable
#14 0.817 E: Unable to correct problems, you have held broken packages.
------
executor failed running [/bin/sh -c ACCEPT_EULA=Y apt-get install -y msodbcsql17]: exit code: 100
It seems the issue is multiarch-suppot being not installable. I have tried these solutions (#1 and #2) without success.
I've been using the following Docker image (condensed for brevity) for a long time:
FROM elixir:1.11
ARG USER
ARG GROUP
ARG UID=1000
ARG GID=1000
ARG POSTGRESQL_VERSION=13
ARG POSTGRESQL_CLUSTER=my-cluster
ARG POSTGRESQL_PORT=5432
ARG POSTGRESQL_DIR=/etc/postgresql/$POSTGRESQL_VERSION/$POSTGRESQL_CLUSTER
ARG DEBIAN_FRONTEND=noninteractive
RUN set -xe \
&& ln -sf /usr/share/zoneinfo/Portugal /etc/localtime \
&& groupadd -g $GID $GROUP \
&& useradd -r -u $UID -g $GROUP -m -s /bin/bash -c "Docker image user" $USER \
&& apt-get update \
&& apt-get install -y lsb-release cmake \
&& echo "deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list \
&& echo "deb http://deb.debian.org/debian `lsb_release -cs`-backports bullseye main" | tee -a /etc/apt/sources.list.d/pgdg.list \
&& echo "deb http://deb.debian.org/debian testing non-free contrib main" | tee -a /etc/apt/sources.list.d/pgdg.list \
&& wget -q -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
&& curl -sL https://deb.nodesource.com/setup_12.x | bash - \
&& apt-get update \
&& apt-get install -y postgresql-$POSTGRESQL_VERSION inotify-tools libgit2-dev vim expect nodejs lsof
However, I suddenly started experiencing the following error:
#6 31.36 Get:131 http://deb.debian.org/debian testing/main amd64 vim amd64 2:8.2.2434-3 [1494 kB]
#6 31.64 debconf: delaying package configuration, since apt-utils is not installed
#6 31.85 Fetched 175 MB in 6s (30.9 MB/s)
#6 31.87 Selecting previously unselected package gcc-11-base:amd64.
(Reading database ... 36509 files and directories currently installed.)
#6 31.90 Preparing to unpack .../gcc-11-base_11.2.0-4_amd64.deb ...
#6 31.90 Unpacking gcc-11-base:amd64 (11.2.0-4) ...
#6 31.95 Setting up gcc-11-base:amd64 (11.2.0-4) ...
#6 32.00 Selecting previously unselected package libgcc-s1:amd64.
(Reading database ... 36514 files and directories currently installed.)
#6 32.02 Preparing to unpack .../libgcc-s1_11.2.0-4_amd64.deb ...
#6 32.03 Unpacking libgcc-s1:amd64 (11.2.0-4) ...
#6 32.03 Replacing files in old package libgcc1:amd64 (1:8.3.0-6) ...
#6 32.08 Setting up libgcc-s1:amd64 (11.2.0-4) ...
(Reading database ... 36516 files and directories currently installed.)
#6 32.17 Preparing to unpack .../g++_4%3a10.2.1-1_amd64.deb ...
#6 32.18 Unpacking g++ (4:10.2.1-1) over (4:8.3.0-1) ...
#6 32.21 Preparing to unpack .../gcc_4%3a10.2.1-1_amd64.deb ...
#6 32.22 Unpacking gcc (4:10.2.1-1) over (4:8.3.0-1) ...
(Reading database ... 36516 files and directories currently installed.)
#6 32.32 Removing g++-8 (8.3.0-6) ...
#6 32.41 dpkg: gcc-8: dependency problems, but removing anyway as you requested:
#6 32.41 libtool depends on gcc | c-compiler; however:
#6 32.41 Package gcc is not configured yet.
#6 32.41 Package c-compiler is not installed.
#6 32.41 Package gcc-8 which provides c-compiler is to be removed.
#6 32.41 Package gcc which provides c-compiler is not configured yet.
#6 32.41
#6 32.41 Removing gcc-8 (8.3.0-6) ...
#6 32.44 dpkg: libgcc-8-dev:amd64: dependency problems, but removing anyway as you requested:
#6 32.44 libstdc++-8-dev:amd64 depends on libgcc-8-dev (= 8.3.0-6).
#6 32.44
#6 32.44 Removing libgcc-8-dev:amd64 (8.3.0-6) ...
(Reading database ... 36304 files and directories currently installed.)
#6 32.55 Preparing to unpack .../libc6_2.31-17_amd64.deb ...
#6 32.66 Checking for services that may need to be restarted...
#6 32.67 Checking init scripts...
#6 32.69 Unpacking libc6:amd64 (2.31-17) over (2.28-10) ...
#6 33.57 Setting up libc6:amd64 (2.31-17) ...
#6 33.60 /usr/bin/perl: error while loading shared libraries: libcrypt.so.1: cannot open shared object file: No such file or directory
#6 33.60 dpkg: error processing package libc6:amd64 (--configure):
#6 33.60 installed libc6:amd64 package post-installation script subprocess returned error exit status 127
#6 33.61 Errors were encountered while processing:
#6 33.61 libc6:amd64
#6 33.72 E: Sub-process /usr/bin/dpkg returned an error code (1)
After trying certain changes and going by trial and error I believe the culprit is the command
echo "deb http://deb.debian.org/debian testing non-free contrib main" | tee -a /etc/apt/sources.list.d/pgdg.list
I'm suspicious of this being related to the recent release of Debian Bullseye, but I'm not sure. I need the testing repository to fetch a libgit2-dev version from 1.0.0 onwards (the stable repository download 0.27.0).
Some fixes I tried were installing libssl-dev and other crypto related packages but nothing seems to work so far. If I remove the command shown above it works, but installs the older version of libgit2.
Any help would be appreciated
What I want to do
I want to install yq to edit some yaml files on a Docker container.
Dockerfile
FROM python:3
RUN apt-get update
RUN apt-key adv --keyserver keyserver.ubuntu.com --keyserver-option http-proxy=http://xxxxxx.com:9999 --recv-keys CC86BB64
RUN apt-get install -y software-properties-common
RUN add-apt-repository ppa:rmescandon/yq
RUN apt update
RUN apt install yq -y
Reference
https://github.com/mikefarah/yq#on-ubuntu-1604-or-higher-from-debian-package
Build Logs
=> => transferring dockerfile: 486B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/python:3 0.0s
=> CACHED [1/7] FROM docker.io/library/python:3 0.0s
=> [2/7] RUN apt-get update 2.7s
=> [3/7] RUN apt-key adv --keyserver keyserver.ubuntu.com --keyserver-option http-proxy=http://xxxxxx.com:9999 --recv-keys CC86BB64 1.2s
=> [4/7] RUN apt-get install -y software-properties-common 11.4s
=> [5/7] RUN add-apt-repository ppa:rmescandon/yq 13.3s
=> ERROR [6/7] RUN apt update 1.8s
------
> [6/7] RUN apt update:
#9 0.159
#9 0.159 WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
#9 0.159
#9 0.205 Hit:1 http://deb.debian.org/debian buster InRelease
#9 0.205 Hit:2 http://security.debian.org/debian-security buster/updates InRelease
#9 0.227 Hit:3 http://deb.debian.org/debian buster-updates InRelease
#9 0.870 Ign:4 http://ppa.launchpad.net/rmescandon/yq/ubuntu impish InRelease
#9 1.356 Err:5 http://ppa.launchpad.net/rmescandon/yq/ubuntu impish Release
#9 1.356 404 Not Found [IP: 91.189.95.85 80]
#9 1.381 Reading package lists...
#9 1.752 E: The repository 'http://ppa.launchpad.net/rmescandon/yq/ubuntu impish Release' does not have a Release file.
------
executor failed running [/bin/sh -c apt update]: exit code: 100
Question
How can I fix it?
TL;DR
The PPA for yq is not available on the python:3 image's Linux distribution.
Change your Dockerfile to download the binary directly instead:
FROM python:3
RUN apt-get update
RUN apt-get install -y wget
# Latest on https://launchpad.net/~rmescandon/+archive/ubuntu/yq is 4.9.6
ARG VERSION=v4.9.6
ARG BINARY=yq_linux_386
RUN wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY} -O /usr/bin/yq \
&& chmod +x /usr/bin/yq
Explanation
The mentioned instructions for installing yq are expecting an Ubuntu-based image, but the python:3 Docker image is based on Debian 10 / Buster (as of the writing of this answer):
Dockerfile for python:3 = python:3.9 = python:3.9.6:
FROM buildpack-deps:buster
$ docker run -it python:3 bash
root#fa97b25dc0d3:/# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root#fa97b25dc0d3:/#
The error
E: The repository 'http://ppa.launchpad.net/rmescandon/yq/ubuntu impish Release' does not have a Release file.
means that the package ppa:rmescandon/yq does not support your distribution. You can check the supports distributions from http://ppa.launchpad.net/rmescandon/yq/ubuntu:
The workaround is to just install it from source or to just download the yq binary itself. This is supported by yq: https://github.com/mikefarah/yq#wget:
wget
Use wget to download the pre-compiled binaries:
Compressed via tar.gz
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - | tar xz && mv ${BINARY} /usr/bin/yq
Plain binary
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY} -O /usr/bin/yq && chmod +x /usr/bin/yq
For instance, VERSION=v4.2.0 and BINARY=yq_linux_amd64
Pick out a specific release from yq's Releases page (preferably matching one of the versions distributed for Ubuntu same as in the PPA) and modify your Dockerfile to:
FROM python:3
RUN apt-get update
RUN apt-get install -y wget
# Latest on https://launchpad.net/~rmescandon/+archive/ubuntu/yq is 4.9.6
ARG VERSION=v4.9.6
ARG BINARY=yq_linux_386
RUN wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY} -O /usr/bin/yq \
&& chmod +x /usr/bin/yq
Previous answer did not work in my case.
So this is my alternative solution:
Download the latest executable file of yq from GitHub:
RUN wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
Set execute permission for file:
RUN chmod a+x /usr/local/bin/yq
You can also get the yq in an image using,
FROM docker.io/mikefarah/yq:4.30.6 as yq
FROM python:3
COPY --from=yq "/usr/bin/yq" "/usr/local/bin/yq"
...
Suppose I am at network where there is MITM SSL swaping firewall (google.com is not issued by Google, but reissued by custom CA root authority) some more details here https://security.stackexchange.com/questions/107542/is-it-common-practice-for-companies-to-mitm-https-traffic .
I have simple Dockerfile:
FROM alpine:latest
RUN apk --no-cache add curl
It fails badly with error with SSL errors
=> ERROR [2/2] RUN apk --no-cache add curl 1.0s
------
> [2/2] RUN apk --no-cache add curl:
#5 0.265 fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
#5 0.647 140037857143624:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:
#5 0.649 WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/main: Permission denied
#5 0.649 fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
#5 0.938 140037857143624:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:
#5 0.940 WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/community: Permission denied
#5 0.941 ERROR: unable to select packages:
#5 0.942 curl (no such package):
#5 0.942 required by: world[curl]
------
executor failed running [/bin/sh -c apk --no-cache add curl]: exit code: 1
Every tutorial at Internet says that I can add own "trusted" root certificate and run update-ca-certificates.
But it can be added by "apt add" only. This situation seems to me as "chicken-egg" problem.
FROM alpine:latest
USER root
RUN apk --no-cache add ca-certificates \
&& update-ca-certificates
Error is similar
=> ERROR [2/2] RUN apk --no-cache add ca-certificates && update-ca-certificates 1.0s
------
> [2/2] RUN apk --no-cache add ca-certificates && update-ca-certificates:
#5 0.269 fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
#5 0.662 140490932583240:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:
#5 0.663 fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
#5 0.663 WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/main: Permission denied
#5 0.929 140490932583240:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:
#5 0.931 WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/community: Permission denied
#5 0.932 ERROR: unable to select packages:
#5 0.933 ca-certificates (no such package):
#5 0.933 required by: world[ca-certificates]
------
executor failed running [/bin/sh -c apk --no-cache add ca-certificates && update-ca-certificates]: exit code: 1
Is there some other solution how to install update-ca-certificates tool? Or am I missing something?
Thx
See #kthompso answer for working solution.
Working solution (with update-ca-certificates commnad) based on #kthompso answer and info from unable to add certificates to alpine linux container
FROM alpine:latest
USER root
# To be able to download `ca-certificates` with `apk add` command
COPY my-root-ca.crt /root/my-root-ca.crt
RUN cat /root/my-root-ca.crt >> /etc/ssl/certs/ca-certificates.crt
# Add again root CA with `update-ca-certificates` tool
RUN apk --no-cache add ca-certificates \
&& rm -rf /var/cache/apk/*
COPY my-root-ca.crt /usr/local/share/ca-certificates
RUN update-ca-certificates
RUN apk --no-cache add curl
Edit: One solution I have in my mind is to use curl docker image with -k option and download .apk with those certificates and tools. Install it as local file. Add my root CA certificate and run update-ca-certificates. It sounds super crazy, so I think that have to be better solution :)
Append your self-signed cert to /etc/ssl/certs/ca-certificates.crt manually.
Assuming you have the self-signed certificate in a file in your build directory called my-cert.pem:
FROM alpine:latest
COPY my-cert.pem /usr/local/share/ca-certificates/my-cert.crt
RUN cat /usr/local/share/ca-certificates/my-cert.crt >> /etc/ssl/certs/ca-certificates.crt && \
apk --no-cache add \
curl
Note: When you're using update-ca-certificates, you need to place your cert file into /usr/local/share/ca-certificates/ first. Otherwise it will be removed from /etc/ssl/certs/ca-certificates.crt the first time you run update-ca-certificates.