Skip to content

Commit

Permalink
images: Create simple /etc/nsswitch.conf file
Browse files Browse the repository at this point in the history 
This is a workaround for

  golang/go#35305

which makes it possible to successfully push to a local registry
using

  $ docker buildx build --push --tag localhost:5000/foo .

assuming, of course, that the builder instance currently in use
has been created using

  $ docker buildx create --driver-opt network=host

The workaround is no longer going to be necessary once Go 1.16
is used for builds.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
  • Loading branch information
@andreabolognani
andreabolognani committed Nov 20, 2020
1 parent fcb87e6 commit a4f57b1
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions Dockerfile
View file
Expand Up @@ -131,7 +131,12 @@ FROM scratch AS release
COPY --from=releaser /out/ /

FROM alpine:${ALPINE_VERSION} AS buildkit-export
RUN apk add --no-cache fuse3 git pigz xz && ln -s fusermount3 /usr/bin/fusermount
# nsswitch.conf needs to be present to work around
# https://github.com/golang/go/issues/35305
# drop this once we start building with Go 1.16
RUN apk add --no-cache fuse3 git pigz xz \
&& ln -s fusermount3 /usr/bin/fusermount \
&& echo "hosts: files dns" >/etc/nsswitch.conf
COPY examples/buildctl-daemonless/buildctl-daemonless.sh /usr/bin/
VOLUME /var/lib/buildkit

Expand Down Expand Up @@ -286,11 +291,15 @@ COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap
COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap
COPY --from=fuse-overlayfs /out/fuse-overlayfs /usr/bin/
# we could just set CAP_SETUID filecap rather than `chmod u+s`, but requires kernel >= 4.14
# nsswitch.conf needs to be present to work around
# https://github.com/golang/go/issues/35305
# drop this once we start building with Go 1.16
RUN chmod u+s /usr/bin/newuidmap /usr/bin/newgidmap \
&& adduser -D -u 1000 user \
&& mkdir -p /run/user/1000 /home/user/.local/tmp /home/user/.local/share/buildkit \
&& chown -R user /run/user/1000 /home/user \
&& echo user:100000:65536 | tee /etc/subuid | tee /etc/subgid
&& echo user:100000:65536 | tee /etc/subuid | tee /etc/subgid \
&& echo "hosts: files dns" >/etc/nsswitch.conf
COPY --from=rootlesskit /rootlesskit /usr/bin/
COPY --from=binaries / /usr/bin/
COPY examples/buildctl-daemonless/buildctl-daemonless.sh /usr/bin/
Expand Down

0 comments on commit a4f57b1

Please sign in to comment.