dockergitlab-cidocker-buildkitbuildx

buildx fail building multiplatform docker image, becuase it try to copy xattrs (Extended file attributes) and fail doing this


I use buildx to build multiplatform docker image in the gitlab-ci. But the ci fail while building docker image, because it try to copy xattrs and fail to do this:

> [linux/arm/v7 2/4] RUN set -xe     && apk add --no-cache ca-certificates                           ffmpeg                           openssl                           aria2                           youtube-dl:
------
Dockerfile:8
--------------------
   7 |     
   8 | >>> RUN set -xe \
   9 | >>>     && apk add --no-cache ca-certificates \
  10 | >>>                           ffmpeg \
  11 | >>>                           openssl \
  12 | >>>                           aria2 \
  13 | >>>                           youtube-dl
  14 |     
--------------------
error: failed to solve: rpc error: code = Unknown desc = executor failed running [/dev/.buildkit_qemu_emulator /bin/sh -c set -xe     && apk add --no-cache ca-certificates                           ffmpeg                           openssl                           aria2                           youtube-dl]: failed to copy xattrs: failed to set xattr "security.selinux" on /tmp/buildkit-qemu-emulator371955051/dev/.buildkit_qemu_emulator: operation not supported

https://gitlab.com/Lukas1818/docker-youtube-dl-cron/-/jobs/1176558386#L181

I am using the following ci:

variables:
  DOCKER_DRIVER: overlay2
  DOCKER_HOST: tcp://docker:2375/

docker-build:
  # Use the docker image with buildx for multiplatform build.
  image: lukas1818/docker-with-buildx:latest
  stage: build
  services:
    - docker:dind
  before_script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  # Default branch leaves tag empty (= latest tag)
  # All other branches are tagged with the escaped branch name (commit ref slug)
  script:
    - |
      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
        tag=""
        echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'"
      else
        tag=":$CI_COMMIT_REF_SLUG"
        echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
      fi
    - docker buildx create --use
    - docker buildx build --push --platform linux/arm/v7,linux/arm64/v8,linux/amd64 --tag "$CI_REGISTRY_IMAGE${tag}" .
  # Run this job in a branch where a Dockerfile exists
  rules:
    - if: $CI_COMMIT_BRANCH
      exists:
        - Dockerfile

https://gitlab.com/Lukas1818/docker-youtube-dl-cron/-/blob/d12adf7779f7df71de6e9b46aa342e9ff41d5dfb/.gitlab-ci.yml

Dockerfile:

#
# Dockerfile for youtube-dl
#

FROM alpine
MAINTAINER kev <noreply@easypi.pro>

RUN set -xe \
    && apk add --no-cache ca-certificates \
                          ffmpeg \
                          openssl \
                          aria2 \
                          youtube-dl

# Try to run it so we know it works
RUN youtube-dl --version

WORKDIR /data

ENTRYPOINT ["youtube-dl"]
CMD ["--help"]

On my local machine, building using sudo docker buildx build --platform linux/arm/v7,linux/arm64/v8,linux/amd64 . does work wihtout any issue.


Solution

  • running the following command before docker buildx create --use may fix the problem:

    docker run --rm --privileged multiarch/qemu-user-static --reset -p yes  
    

    see: https://github.com/docker/buildx/issues/584#issuecomment-827122004