Dockerfile:$ HOME不适用于ADD / COPY指令 [英] Dockerfile: $HOME is not working with ADD/COPY instructions
问题描述
在提交错误之前,我想请某人确认我最近遇到的奇怪的 docker build
行为。
Before filing a bug I would like to ask someone to confirm the weird docker build
behavior I have recently faced with.
考虑一下,我们有一个简单的Dockerfile,我们正在其中尝试将一些文件复制到非root用户的主目录中:
Consider we have a simple Dockerfile where we're trying to copy some files into home directory of a non-root user:
FROM ubuntu:utopic
ENV DEBIAN_FRONTEND=noninteractive
RUN sed -i.bak 's/http:\/\/archive.ubuntu.com\/ubuntu\//mirror:\/\/mirrors.ubuntu.com\/mirrors.txt\//g' /etc/apt/sources.list
RUN echo "deb http://repo.aptly.info/ squeeze main" >> /etc/apt/sources.list.d/_aptly.list
RUN apt-key adv --keyserver keys.gnupg.net --recv-keys e083a3782a194991
RUN apt-get update
RUN apt-get install -y aptly
RUN useradd -m aptly
RUN echo aptly:aptly | chpasswd
USER aptly
COPY ./.aptly.conf $HOME/.aptly.conf
COPY ./public.key $HOME/public.key
COPY ./signing.key $HOME/signing.key
RUN gpg --import $HOME/public.key $HOME/signing.key
RUN aptly repo create -comment='MAILPAAS components' -distribution=utopic -component=main mailpaas
CMD ["/usr/bin/aptly", "api", "serve"]
这就是我尝试构建此图像时得到的:
That's what I get when I am trying to build this image:
...
Step 10 : USER aptly
---> Running in 8639f826420b
---> 3242919b2976
Removing intermediate container 8639f826420b
Step 11 : COPY ./.aptly.conf $HOME/.aptly.conf
---> bbda6e5b92df
Removing intermediate container 1313b12ca6c6
Step 12 : COPY ./public.key $HOME/public.key
---> 9a701a78d10d
Removing intermediate container 3a6e40b8593a
Step 13 : COPY ./signing.key $HOME/signing.key
---> 3d4eb847abe8
Removing intermediate container 5ed8cf52b810
Step 14 : RUN gpg --import $HOME/public.key $HOME/signing.key
---> Running in 6e481ec97f74
gpg: directory `/home/aptly/.gnupg' created
gpg: new configuration file `/home/aptly/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/aptly/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/aptly/.gnupg/secring.gpg' created
gpg: keyring `/home/aptly/.gnupg/pubring.gpg' created
gpg: can't open `/home/aptly/public.key': No such file or directory
gpg: can't open `/home/aptly/signing.key': No such file or directory
gpg: Total number processed: 0
好像 $ HOME
是空的。但为什么?将绝对路径而不是 $ HOME
放到主目录不是很方便。
Seems like $HOME
is empty. But why? Putting the absolute path to home dir instead of $HOME
is not very convenient.
推荐答案
这是您的问题:
使用 USER
指令时,它会影响用于启动的用户ID容器中的新命令。因此,例如,如果您这样做:
When you use the USER
directive, it affects the userid used to start new commands inside the container. So, for example, if you do this:
FROM ubuntu:utopic
RUN useradd -m aptly
USER aptly
RUN echo $HOME
您得到了:
Step 4 : RUN echo $HOME
---> Running in a5111bedf057
/home/aptly
因为 RUN
命令在容器内启动一个新外壳,该外壳由前面的 USER
指令修改。
Because the RUN
commands starts a new shell inside a container, which is modified by the preceding USER
directive.
使用 COPY
指令时,您没有在容器内启动进程,并且Docker无法知道将暴露哪些环境变量(如果有)。
When you use the COPY
directive, you are not starting a process inside the container, and Docker has no way of knowing what (if any) environment variables would be exposed by a shell.
您最好的选择是在Dockerfile中设置 ENV HOME / home / aptly
工作,或将文件暂存到临时位置,然后:
Your best bet is to either set ENV HOME /home/aptly
in your Dockerfile, which will work, or stage your files into a temporary location and then:
RUN cp /skeleton/myfile $HOME/myfile
另外,请记住,当您 COPY
个文件时,由 root
拥有;您将需要将它们明确 chown
分配给适当的用户。
Also, remember that when you COPY
files in they will be owned by root
; you will need to explicitly chown
them to the appropriate user.
这篇关于Dockerfile:$ HOME不适用于ADD / COPY指令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!