skip to Main Content

I am trying to build a docker image on an Ubuntu machine, where one of the dependencies is
an internally hosted Gitlab project (IT IS NOT HOSTED ON GITLAB.COM).

The docker file is:

FROM  rayproject/ray:1.12.0-py39-cpu
RUN git config --global user.name <MY USER NAME>
RUN git config --global http.sslVerify false
COPY .ssh/id_rsa /home/ray/.ssh/id_rsa
RUN sudo chmod -R 777 ~/.ssh/*
RUN eval "$(ssh-agent -s)"
RUN eval `ssh-agent -s` && ssh-add $HOME/.ssh/id_rsa
RUN pip install git+https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git

I am attempting to build the docker file with:

docker build .

I receive this error message when building the docker image:

Step 8/29 : RUN pip install git+https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git
 ---> Running in b9e11319c84d
Collecting git+https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git
  Cloning https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git to /tmp/pip-req-build-l1qklujg
  Running command git clone -q https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git /tmp/pip-req-build-l1qklujg
  fatal: could not read Username for 'https://gitlab.<EMPLOYERS DOMAIN>.com': No such device or address
WARNING: Discarding git+https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git. Command errored out with exit status 128: git clone -q https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git /tmp/pip-req-build-l1qklujg Check the logs for full command output.
ERROR: Command errored out with exit status 128: git clone -q https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git /tmp/pip-req-build-l1qklujg Check the logs for full command output.

However, from my machine, I can run

pip install https://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git

without being asked to enter my username/password.

I’m unsure whether or not my machine was configured to use the RSA key to login into the internal Gitlab.

How can I install the package when building the docker image?

2

Answers


  1. Use ssh instead of https. i.e.

    RUN pip install git+ssh://gitlab.<EMPLOYERS DOMAIN>.com/xyz/my_project.git
    
    Login or Signup to reply.
  2. Just to recall a security issue that wouldn’t fit in a mere comment:

    Every datum that we COPY within the Dockerfile is kept forever
    (even if we do RUN rm -fr something afterwards!),
    so this means here that anyone that can pull the Docker image can retrieve the contents of the /home/ray/.ssh/id_rsa fileā€¦ to avoid this, two ways:

    1. either do the cloning of the repo outside of the Dockerfile from GitLab-CI (then do a mere COPY my_project my_project then RUN pip install ./my_project)
    2. or use the docker build --ssh feature.
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search