弄清楚设置“id_rsa”; Dockerfile 中的路径
我正在尝试将 dockerFile 中的 github 私有存储库克隆到我的 ubuntu 服务器。 为了对其进行身份验证,我必须将 id_rsa 文件添加到根文件夹中。
FROM python:3.8.12
RUN mkdir /root/.ssh
ADD ./.ssh/id_rsa /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts
WORKDIR /home/
RUN git clone [email protected]:~~~/~~~.git
但是,当我尝试在 /home/ubuntu 中命令 sudo docker build image 时,
它会返回一条消息,指出 错误检查上下文:“无权从 '/home 读取” /ubuntu/.bash_history''.
所以我将 dockerfile 移至 /home/ubuntu/abc 我更改了下面的 Dockerfile
FROM python:3.8.12
RUN mkdir /root/.ssh
ADD ../.ssh/id_rsa /root/.ssh/id_rsa <------------------------ HERE
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts
WORKDIR /home/
RUN git clone [email protected]:~~~/~~~.git
,然后它返回 ADD failed: 构建上下文之外禁止的路径:../.ssh/id_rsa () 我有什么办法可以修复它吗? 谢谢!
I am trying to clone github private repo in dockerFile to my ubuntu server.
In order to authenticate it, I had to add id_rsa file into root folder.
FROM python:3.8.12
RUN mkdir /root/.ssh
ADD ./.ssh/id_rsa /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts
WORKDIR /home/
RUN git clone [email protected]:~~~/~~~.git
But when I try to command sudo docker build image in /home/ubuntu
it returns a message saying error checking context: 'no permission to read from '/home/ubuntu/.bash_history''.
So I moved my dockerfile to /home/ubuntu/abc
and I changed Dockerfile below
FROM python:3.8.12
RUN mkdir /root/.ssh
ADD ../.ssh/id_rsa /root/.ssh/id_rsa <------------------------ HERE
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan github.com >> /root/.ssh/known_hosts
WORKDIR /home/
RUN git clone [email protected]:~~~/~~~.git
then it returns ADD failed: forbidden path outside the build context: ../.ssh/id_rsa ()
Is there any way I can fix it?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为(!)可能有一个新的推荐机制来做到这一点。
我的方法是创建一个个人访问令牌 (PAD),然后在构建需要 git clone 存储库的容器时将其作为构建参数传递。这会保存
ADD'ing密钥,并且凭证仅在内存中传递。然后例如 podman build --build-arg=TOKEN=${TOKEN} ...
I think (!) that there may be a new recommended mechanism to do this.
My approach has been to create a Personal Access Token (PAD) and then pass it as a build argument when building containers that need to
git clonerepos. This savesADD'ing keys and the credentials are passed in memory only.And then e.g.
podman build --build-arg=TOKEN=${TOKEN} ...如果可能,请避免以
sudo运行 docker build(例如,将您的用户添加到dockergroup 或者,最好以无根模式运行 docker 守护进程,例如podman)您可以在此处看到类似的错误,其中评论补充道:
If possible, avoid running docker build as
sudo(by, for instance, adding your user to thedockergroup or, preferably, running a docker daemon in a rootless mode, likepodman)You can see a similar error here, where a comment adds: