Dockerfile：$ HOME不适用于ADD / COPY指令 [英] Dockerfile: $HOME is not working with ADD/COPY instructions

问题描述

在提交错误之前，我想请某人确认我最近遇到的奇怪的 docker build 行为。

Before filing a bug I would like to ask someone to confirm the weird docker build behavior I have recently faced with.

考虑一下，我们有一个简单的Dockerfile，我们正在其中尝试将一些文件复制到非root用户的主目录中：

Consider we have a simple Dockerfile where we're trying to copy some files into home directory of a non-root user:

FROM ubuntu:utopic

ENV DEBIAN_FRONTEND=noninteractive

RUN sed -i.bak 's/http:\/\/archive.ubuntu.com\/ubuntu\//mirror:\/\/mirrors.ubuntu.com\/mirrors.txt\//g' /etc/apt/sources.list
RUN echo "deb http://repo.aptly.info/ squeeze main" >> /etc/apt/sources.list.d/_aptly.list
RUN apt-key adv --keyserver keys.gnupg.net --recv-keys e083a3782a194991
RUN apt-get update
RUN apt-get install -y aptly

RUN useradd -m aptly
RUN echo aptly:aptly | chpasswd

USER aptly
COPY ./.aptly.conf $HOME/.aptly.conf

COPY ./public.key $HOME/public.key
COPY ./signing.key $HOME/signing.key
RUN gpg --import $HOME/public.key $HOME/signing.key

RUN aptly repo create -comment='MAILPAAS components' -distribution=utopic -component=main mailpaas
CMD ["/usr/bin/aptly", "api", "serve"]

这就是我尝试构建此图像时得到的：

That's what I get when I am trying to build this image:

    ...    
    Step 10 : USER aptly
     ---> Running in 8639f826420b
     ---> 3242919b2976
    Removing intermediate container 8639f826420b
    Step 11 : COPY ./.aptly.conf $HOME/.aptly.conf
     ---> bbda6e5b92df
    Removing intermediate container 1313b12ca6c6
    Step 12 : COPY ./public.key $HOME/public.key
     ---> 9a701a78d10d
    Removing intermediate container 3a6e40b8593a
    Step 13 : COPY ./signing.key $HOME/signing.key
     ---> 3d4eb847abe8
    Removing intermediate container 5ed8cf52b810
    Step 14 : RUN gpg --import $HOME/public.key $HOME/signing.key
     ---> Running in 6e481ec97f74
    gpg: directory `/home/aptly/.gnupg' created
    gpg: new configuration file `/home/aptly/.gnupg/gpg.conf' created
    gpg: WARNING: options in `/home/aptly/.gnupg/gpg.conf' are not yet active during this run
    gpg: keyring `/home/aptly/.gnupg/secring.gpg' created
    gpg: keyring `/home/aptly/.gnupg/pubring.gpg' created
    gpg: can't open `/home/aptly/public.key': No such file or directory
    gpg: can't open `/home/aptly/signing.key': No such file or directory
    gpg: Total number processed: 0

好像 $ HOME 是空的。但为什么？将绝对路径而不是 $ HOME 放到主目录不是很方便。

Seems like $HOME is empty. But why? Putting the absolute path to home dir instead of $HOME is not very convenient.

推荐答案

这是您的问题：

使用 USER 指令时，它会影响用于启动的用户ID容器中的新命令。因此，例如，如果您这样做：

When you use the USER directive, it affects the userid used to start new commands inside the container. So, for example, if you do this:

FROM ubuntu:utopic
RUN useradd -m aptly
USER aptly
RUN echo $HOME

您得到了：

Step 4 : RUN echo $HOME
 ---> Running in a5111bedf057
/home/aptly

因为 RUN 命令在容器内启动一个新外壳，该外壳由前面的 USER 指令修改。

Because the RUN commands starts a new shell inside a container, which is modified by the preceding USER directive.

使用 COPY 指令时，您没有在容器内启动进程，并且Docker无法知道将暴露哪些环境变量（如果有）。

When you use the COPY directive, you are not starting a process inside the container, and Docker has no way of knowing what (if any) environment variables would be exposed by a shell.

您最好的选择是在Dockerfile中设置 ENV HOME / home / aptly 工作，或将文件暂存到临时位置，然后：

Your best bet is to either set ENV HOME /home/aptly in your Dockerfile, which will work, or stage your files into a temporary location and then:

RUN cp /skeleton/myfile $HOME/myfile

另外，请记住，当您 COPY 个文件时，由 root 拥有；您将需要将它们明确 chown 分配给适当的用户。

Also, remember that when you COPY files in they will be owned by root; you will need to explicitly chown them to the appropriate user.

这篇关于Dockerfile：$ HOME不适用于ADD / COPY指令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！