[Bug]: Cannot execute chrome for testing in read only docker "--database is required"

[furstenheim-goodnotes]

Steps to reproduce

Dockerfile:

FROM node:18-slim
RUN npx @puppeteer/browsers install chrome@116.0.5793.0 --path /usr/bin/chrome-install

RUN apt-get update \
    && apt-get install -y wget gnupg dumb-init \
          ## chromium dependencies https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md#chrome-doesnt-launch-on-linux
          ca-certificates \
          fonts-liberation \
          libasound2 \
          libatk-bridge2.0-0 \
          libatk1.0-0 \
          libc6 \
          libcairo2 \
          libcups2 \
          libdbus-1-3 \
          libexpat1 \
          libfontconfig1 \
          libgbm1 \
          libgcc1 \
          libglib2.0-0 \
          libgtk-3-0 \
          libnspr4 \
          libnss3 \
          libpango-1.0-0 \
          libpangocairo-1.0-0 \
          libstdc++6 \
          libx11-6 \
          libx11-xcb1 \
          libxcb1 \
          libxcomposite1 \
          libxcursor1 \
          libxdamage1 \
          libxext6 \
          libxfixes3 \
          libxi6 \
          libxrandr2 \
          libxrender1 \
          libxss1 \
          libxtst6 \
          lsb-release \
          wget \
          xdg-utils \
      && apt-get update

ENTRYPOINT [ "/bin/bash", "-c" ]

CMD ["bash"]

In the terminal:

$ docker build -t test-puppeteer -f Dockerfile . && docker run --read-only -it test-puppeteer   bash
## inside docker
$ /usr/bin/chrome-install/chrome/linux-116.0.5793.0/chrome-linux64/chrome

Expected results

I should be able to run the browser. Before chrome testing, I was using chromium and it was possible.

Actual results

I get the following error

chrome_crashpad_handler: --database is required
Try 'chrome_crashpad_handler --help' for more information.
Trace/breakpoint trap (core dumped)
root@27814e039735:/# 
exit

[OrKoN]

@furstenheim-goodnotes could you try a non-slim image? I assume the slim one is based on the Alpine image?

[OrKoN]

@thiagowfx is it something for the CfT?

[furstenheim-goodnotes]

@OrKoN sure, which one do you want me to try?

[OrKoN]

@furstenheim-goodnotes the node one should work https://github.com/puppeteer/puppeteer/blob/main/docker/Dockerfile

[furstenheim-goodnotes]

node doesn't work either. Note, that the key here is the "read-only". If I remove read-only flag when running it works

[OrKoN]

@furstenheim-goodnotes ah sorry, what does actually --read-only do? Chrome needs to be able to write to the profile directory at least (--user-data-dir). You probably want to mount it as a volume if --read-only works how I imagine it would.

[furstenheim-goodnotes]

Is there a way to run this in a read only environment? Chromium was running in such a way before (installing it with apt-get update...). It's better from a security perspective.

[OrKoN]

@furstenheim-goodnotes not sure, there should be no differences between Chrome and Chrome for Testing that would affect the behaviour here. Perhaps, the apt-get version creates a user data dir at the build time? Also, the --headless mode might run.

[furstenheim-goodnotes]

Using --user-data-dir on a folder that has permissions is not enough

mkdir tmp
## -v tmp:/tmp makes the volume writeable
docker build -t test-puppeteer -f Dockerfile . && docker run --read-only -v tmp:/tmp -it test-puppeteer   bash
### inside docker
### succeeds
$ touch /tmp/a
### succeeds
$ mkdir /tmp/profile 
$ /usr/bin/chrome-folder/chrome --user-data-dir=/tmp/profile 
chrome_crashpad_handler: --database is required
Try 'chrome_crashpad_handler --help' for more information.
[191:191:0925/134323.066842:ERROR:socket.cc(120)] recvmsg: Connection reset by peer (104)
Trace/breakpoint trap

[OrKoN]

Does adding ~/.config folder help?

[furstenheim-goodnotes]

Thanks @OrKoN, making .config also readable works.

[OrKoN]

Great, so I don't think we are able to change this behaviour here and I am not sure Chrome would support a readonly mode. Consider filing a crbug.com if you want this feature.

[thiagowfx]

https://chromium.googlesource.com/chromium/src/+/457b3daf6fdbb82bbb3e29f4da806b1d48c723b1 could be related:

Use ~/.config/google-chrome-for-testing instead of ~/.config/chromium.

[sfc-gh-selee]

We got this to work by setting in the environment:

XDG_CONFIG_HOME=/tmp/.chromium
XDG_CACHE_HOME=/tmp/.chromium

[galenhuntington]

I encountered a problem similar to this, and the culprit turned out to be this bug:
https://bugs.launchpad.net/ubuntu/+source/docker.io-app/+bug/2029523

Upgrading to a fixed version of Docker made it work again.

[Bloodsucker]

If anyone is coming to this issue because they encounter a Puppeteer/Chrome issue with the --database flag when running CI/CD on a Jenkins Pipeline + Docker on a linux host, then the solution from @sfc-gh-selee works. In my case:

XDG_CONFIG_HOME="$WORKSPACE@tmp/.chromium"
XDG_CACHE_HOME="$WORKSPACE@tmp/.chromium"

[agrinko]

@sfc-gh-selee thank you so much! 👍
I've spent several days fighting with a similar issue.
In my case, a docker container with Puppeteer worked fine locally (when running with Docker Desktop), but failed when deployed on an actual environment via Kubernetes. I couldn't figure out the root cause until I tried these magic variables. I'm still not sure what they do but I'll always keep them with me, just in case 😅

[stormspirit03]

@agrinko
This command is setting environment variables and then running the chromium-browser command.

XDG_CONFIG_HOME and XDG_CACHE_HOME are environment variables defined by the XDG Base Directory Specification. This specification defines standard locations for various types of files, such as configuration files and cached data.

• XDG_CONFIG_HOME is used to specify the base directory for user-specific configuration files. If this environment variable is not set, the default location is ~/.config.

• XDG_CACHE_HOME is used to specify the base directory for user-specific non-essential (cached) data. If this environment variable is not set, the default location is ~/.cache.

In this command, both XDG_CONFIG_HOME and XDG_CACHE_HOME are being set to /tmp/.chromium. This means that when chromium-browser is run, it will store its configuration files and cached data in /tmp/.chromium instead of the default locations.

This can be useful in a number of scenarios. For example, if you're running Chromium in a Docker container, you might want to store these files in a temporary directory that gets cleaned up when the container is stopped. Or, you might want to isolate the Chromium files from the rest of your system for testing or debugging purposes.