docker
buildx build produces git not found warning even with attestations disabled
Contributing guidelines
- [X] I've read the contributing guidelines and wholeheartedly agree
I've found a bug and checked that ...
- [X] ... the documentation does not mention anything about my problem
- [X] ... there are no open or closed issues that are related to my problem
Description
The WARNING: buildx: git was not found in the system. Current commit information was not captured by the build warning appears on systems without git installed even if attestations are disabled with --provenance=false and --sbom=false.
I'm presuming attestations are the cause, but there's no documentation for this warning and the documentation on just how attestations data is gathered is fairly threadbare. The fact that this warning gives no indication of why it's a problem and why buildx is complaining about not finding git and what to do to remedy the situation if git not being available is correct behaviour suggests that either the warning and/or documentation is inadequate.
Expected behaviour
If attestations are switched off, buildx shouldn't be trying to gather data for them.
Actual behaviour
Warning generated suggests that attestations data is being gathered regardless of whether it's enabled or not.
Buildx version
github.com/docker/buildx v0.10.4 c513d34049e499c53468deac6c4267ee72948f02
Docker info
Client:
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.10.4
Path: /usr/libexec/docker/cli-plugins/docker-buildx
Server:
Containers: 3
Running: 2
Paused: 0
Stopped: 1
Images: 42
Server Version: 24.0.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc version: v1.1.7-0-g860f061
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.49-linuxkit-pr
Operating System: Docker Desktop
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.841GiB
Name: docker-desktop
ID: a7556ca5-8fa3-4032-8a01-d9b50ca2c610
Docker Root Dir: /var/lib/docker
Debug Mode: true
File Descriptors: 70
Goroutines: 102
System Time: 2023-06-14T18:19:57.576077242Z
EventsListeners: 11
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Registry: https://index.docker.io/v1/
Experimental: true
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
Builders list
default * docker
default default running v0.11.7-0.20230525183624-798ad6b0ce9f linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
Configuration
Not applicable.
Build logs
No response
Additional info
Reproduced with a git source tree copied over to a minimal build system without git installed, then docker build ran.
I'm not able to repro with latest release:
$ docker run -d --privileged --name test-1881 docker:24-dind
$ docker exec -it test-1881 sh
/ # docker info
Client:
Version: 24.0.4
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.1
Path: /usr/local/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.20.0
Path: /usr/local/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 24.0.4
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 1677a17964311325ed1c31e2c0a3589ce6d5c30d
runc version: v1.1.7-0-g860f061
init version: de40ad0
Security Options:
seccomp
Profile: builtin
Kernel Version: 5.15.90.1-microsoft-standard-WSL2
Operating System: Alpine Linux v3.18 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 32
Total Memory: 31.31GiB
Name: f8814648eedc
ID: 8d767066-e401-4a82-8254-07d3b4d7e294
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
/ # docker buildx ls
NAME/NODE DRIVER/ENDPOINT STATUS BUILDKIT PLATFORMS
default * docker
default default running v0.11.7-0.20230525183624-798ad6b0ce9f linux/amd64, linux/amd64/v2, linux/amd64/v3, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
/ # type git
git: not found
/ # cd /tmp
/tmp # docker buildx build -t casspy -f- . <<EOF
> FROM busybox
> RUN echo hello
> EOF
[+] Building 2.8s (6/6) FINISHED docker:default
=> [internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.0s
=> [internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 65B 0.0s
=> [internal] load metadata for docker.io/library/busybox:latest 1.7s
=> [1/2] FROM docker.io/library/busybox@sha256:2376a0c12759aa1214ba83e771ff252c7b1663216b192fbe5e0fb364e952f85c 0.5s
=> => resolve docker.io/library/busybox@sha256:2376a0c12759aa1214ba83e771ff252c7b1663216b192fbe5e0fb364e952f85c 0.0s
=> => sha256:2376a0c12759aa1214ba83e771ff252c7b1663216b192fbe5e0fb364e952f85c 2.29kB / 2.29kB 0.0s
=> => sha256:67a8ef886e2ca4055f00e7cd13aedb9b24148c1451a6832d16fcc997a157eedc 528B / 528B 0.0s
=> => sha256:5242710cbd55829f6c44b34ff249913bb7cee748889e7e6925285a29f126aa78 1.46kB / 1.46kB 0.0s
=> => sha256:809d8e20e2032a1e633651f87c525fd60e5d5b1bc41560aa63920962700c44fd 2.22MB / 2.22MB 0.3s
=> => extracting sha256:809d8e20e2032a1e633651f87c525fd60e5d5b1bc41560aa63920962700c44fd 0.1s
=> [2/2] RUN echo hello 0.3s
=> exporting to image 0.1s
=> => exporting layers 0.1s
=> => writing image sha256:fc2ff000354a2c353020f66f883a4c089af373ed0a5ca16bc6c5a8ecb73240e1 0.0s
=> => naming to docker.io/library/casspy 0.0s
/tmp #
I am getting the same error message on macOS even though I have git installed.
level=warning msg="buildx: git was not found in the system. Current commit information was not captured by the build"
@crazy-max , you are not able to reproduce, because you forgot the important part: executing it in a git repo (or something that looks like one)
adjusting your minimal example above, just before you run docker buildx [...] run mkdir .git. You don't even need to have an actual repository, just having the folder present produces the warning.
Okay, so I can confirm this is maybe an issue.
Reproduction:
- Start on a host without git
- Build an image with
--provenance=false, with a git repository in the context - The warning
buildx: git was not found in the system. Current commit information was not captured by the buildis still produced.
Note
For any users coming across this, you can disable the warning by setting
BUILDX_GIT_INFO=falsein the environment.
The logic here is at fault: https://github.com/docker/buildx/blob/f35b2b7cabf94dc040f11a5d682958b626a86582/build/build.go#L736-L757
While there is still value in attaching the vcs info if provenance is disabled (we still generated provenance to store in the history api even if it's disabled from the output), it is still quite a confusing warning to display unconditionally if provenance is disabled.
We could sort the call to getGitAttributes to be after the toSolveOpt call where we determine whether to enable provenance. Then we could only display the warning in cases where provenance is enabled? Perhaps we should take a leaf out of golang's toolchain and just silently fail?
(if we ever completed the work in https://github.com/moby/buildkit/pull/1048, then we could potentially avoid this issue entirely :tada:)
@jedevc Thanks for tracking this down, my use case turned to to be too complicated and entangled for me to easily extract simple steps to reproduce, but it looks like you've found the issue. I can confirm that BUILDX_GIT_INFO=false in the environment suppresses it, so it looks like you've found the right problem. :)
For anyone experiencing the following issue
Please check your .dockerignore file and see if you have backslashes instead of forward slashes, I mistakenly added backslashes through GitHub Copilot thinking it doesn't matter and turns out this was the issue.
I've also been seeing this problem for months, and annoyingly didn't find this bug report until now. My MacBook would ask me to install XCode developer tools to install git everytime I ran a build. It was driving me nuts. I can confirm BUILDX_GIT_INFO=false has fixed it!
