Home > Mobile >  docker build command using ssh url to git repo: Permission denied
docker build command using ssh url to git repo: Permission denied

Time:09-16

I'm trying to make a script that will build a bunch of docker images and push them to a private repository.

From the documentation, the docker build command seems to accept git urls: very nice indeed.

All the repos are private and everyone in the company have ssh keys setup to access the git repos via ssh like git clone [email protected]:/my-org/my-repo.git

I assumed that providing such url would work as well as it seems to be a very common use case. Turns out it doesn't.

I googled around for a solution and found a git ticket about url formatting so I tried all the following:

Th last one in this list is the most promising as I'm getting the following output:

$ docker build -t registry.example.com:5000/my-repo:latest --ssh=default [email protected]:my-org/my-repo.git

[ ] Building 0.9s (1/1) FINISHED                                                                                                                                                             
 => ERROR [internal] load git source [email protected]:my-org/my-repo.git                                                                                                     0.9s
------                                                                                                                                                                                       
 > [internal] load git source [email protected]:my-org/my-repo.git:                                                                                                                
#1 0.551 Warning: Permanently added the RSA host key for IP address '140.82.121.3' to the list of known hosts.
#1 0.896 [email protected]: Permission denied (publickey).
#1 0.898 fatal: Could not read from remote repository.
#1 0.898 
#1 0.898 Please make sure you have the correct access rights
#1 0.898 and the repository exists.
------
failed to solve with frontend dockerfile.v0: failed to read dockerfile: failed to load cache key: failed to fetch remote [email protected]:my-org/my-repo.git: exit status 128

Before someone asks: yes the repo exists and I can clone it :)

I was assuming the "cloning" part of the process would be done "locally" using my own ssh keys before sending the context out for docker to build. Apparently it is not the case.

Is it a supported feature and if so how to make it work?

EDIT: I realised I forgot to give some context.

I'm running Docker Desktop on macOS big sur

Docker version 20.10.8, build 3967b7d

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
  compose: Docker Compose (Docker Inc., v2.0.0-rc.3)
  scan: Docker Scan (Docker Inc., v0.8.0)

Server:
 Containers: 9
  Running: 8
  Paused: 0
  Stopped: 1
 Images: 28
 Server Version: 20.10.8
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e25210fe30a0a703442421b0f60afac609f950a3
 runc version: v1.0.1-0-g4144b63
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.10.47-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 3.842GiB
 Name: docker-desktop
 ID: 77LC:Z2AY:K6AA:OXAY:3JYQ:RSSL:RCJZ:GOSK:FUTG:DAPY:WIKK:BB7A
 Docker Root Dir: /var/lib/docker
 Debug Mode: true
  File Descriptors: 105
  Goroutines: 93
  System Time: 2021-09-16T08:47:27.924652162Z
  EventsListeners: 4
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  <REDACTED>
 Live Restore Enabled: false

CodePudding user response:

Docker for Mac does not run natively on your machine, but in a VirtualMachine. It looks like the git clone command is executed inside the VirtualMachine

My assumption is based on this log entry: #1 0.551 Warning: Permanently added the RSA host key for IP address '140.82.121.3' to the list of known hosts.

So in order to have access to your private repository via ssh, you need to store the ssh keypair in Docker's VirtualMachine as well.

EDIT To connect to the VirtualMachine open a terminal and run docker run -it --privileged --pid=host justincormack/nsenter1

CodePudding user response:

In my case I generated ssh-keygen inside the container and copy past it in my account. Then, exec to the container and tested git clone my-ssh-url and it worked.

Page link:https//www.codepudding.com/Mobile/114592.html

Prev:Can we (locally) have multiple remotes for multiple forks, and push to a branch of a different forks
Next:Unable to do "git checkout main" [duplicate]
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding