It would be super if "asdf exec" works with read-only file-system on docker containers.
Steps to reproduce
$ docker run --rm --read-only -t -i "any-asdf-container" asdf exec node
Expected behavior
Node to run
Actual behavior
/root/.asdf/lib/utils.sh: line 615: cannot create temp file for here-document: Read-only file system
/root/.asdf/lib/utils.sh: line 305: cannot create temp file for here-document: Read-only file system
asdf: No version set for command node
you might want to add one of the following in your .tool-versions file:
Environment
OS: Debian
asdf version: 0.7.2
peleteiro
All 3 comments
Hi there, I am unrelated to the project but am familiar with Docker. This problem seems like it can be resolved in several ways: both at run time and at build time.
Notice the error is that it is trying to create the .asdf directory under /root. This is actually the system's attempt to match a user's home directory.
For a run time solution, try running
docker run --rm --read-only -t -i -u root "any-asdf-container" asdf exec node
and the error might go away. (-u root was added). If it does not, it could be due to permissions and some unsafe arguments like --privileged could help. If that is required, I would consider what you are doing this for, and potentially stop going down this route if it opens security holes.
For a build time solution, this should be fixed this in the upstream image. Without seeing the Dockerfile I cannot help specifically, but it may be as simple as a chown/chmod command.
WORKDIR /root/.asdf/
RUN chown -R root:root /root/.asdf
Instead of root, a user could be created and given permissions and assigned as the default user for the container.
Ideally it would be invisible to a user of the container unless they needed to do something like volume mounts or override the defaults, so it is worth documenting somewhere near the Dockerfile.
If you extend a node public Docker image in the FROM then you would change the root:root to node:node as that image already provide a node user. A 'la the previous paragraph.
Anyway I hope this helps.
P.S. You will likely need to do this with most languages you install in the image as well. May not be for the faint of heart.
P.S.S FWIW I think asdf is primarily for use-cases without involving Docker. Because instead of asdf you could use Docker on its own to decide which version of node to use and then you don't worry about asdf but just use the right image. Your apps' Dockerfile then declares what versions it needs, so by always building/running the container you are always at the right version. The trade-off being that instead of on your host, now the executing and access to the app happens in the container so some level of awareness of volume mounting and port forwarding is helpful. Since you are using asdf in an image I presume that that is already part of your plan, but just incase I figure I should mention it. If you tell us more of what you are trying to do with this approach someone might have some ideas to help propel you more specifically in that direction :)
r4j4h
on 26 Jul 2019
Thank you very very much.
peleteiro
on 30 Jul 2019
@peleteiro Closing this issue since @r4j4h has a clear explanation.
If you feel this is a valid issue, please go ahead and reopen it.
Thank you @r4j4h ~!
HashNuke
on 18 Sep 2019
Related issues
kevinkjt2000
路
4Comments
ypid
路
3Comments
jayvdb
路
4Comments
pachun
路
3Comments
Stratus3D
路
3Comments
Most helpful comment
Hi there, I am unrelated to the project but am familiar with Docker. This problem seems like it can be resolved in several ways: both at run time and at build time.
Notice the error is that it is trying to create the
.asdfdirectory under/root. This is actually the system's attempt to match a user's home directory.For a run time solution, try running
docker run --rm --read-only -t -i -u root "any-asdf-container" asdf exec nodeand the error might go away. (
-u rootwas added). If it does not, it could be due to permissions and some unsafe arguments like--privilegedcould help. If that is required, I would consider what you are doing this for, and potentially stop going down this route if it opens security holes.For a build time solution, this should be fixed this in the upstream image. Without seeing the Dockerfile I cannot help specifically, but it may be as simple as a
chown/chmodcommand.Instead of root, a user could be created and given permissions and assigned as the default user for the container.
Ideally it would be invisible to a user of the container unless they needed to do something like volume mounts or override the defaults, so it is worth documenting somewhere near the Dockerfile.
If you extend a
nodepublic Docker image in theFROMthen you would change theroot:roottonode:nodeas that image already provide a node user. A 'la the previous paragraph.Anyway I hope this helps.
P.S. You will likely need to do this with most languages you install in the image as well. May not be for the faint of heart.
P.S.S FWIW I think
asdfis primarily for use-cases without involving Docker. Because instead ofasdfyou could useDockeron its own to decide which version of node to use and then you don't worry aboutasdfbut just use the right image. Your apps'Dockerfilethen declares what versions it needs, so by always building/running the container you are always at the right version. The trade-off being that instead of on your host, now the executing and access to the app happens in the container so some level of awareness of volume mounting and port forwarding is helpful. Since you are usingasdfin an image I presume that that is already part of your plan, but just incase I figure I should mention it. If you tell us more of what you are trying to do with this approach someone might have some ideas to help propel you more specifically in that direction :)