buildkit icon indicating copy to clipboard operation
buildkit copied to clipboard

Published 20 hours ago verified publisher icon moby

buildkit WCOW cannot seemingly run `RUN powershell ...`, while vanilla dockerd can

Open doctorpangloss opened this issue 9 months ago • 5 comments

Dockerfile:

FROM mcr.microsoft.com/windows/servercore:ltsc2022
# example: install chocolatey
RUN powershell -NoProfile -ExecutionPolicy Bypass -Command "[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))"

This errors with "is not a command" on buildkit / containerd (latest), runs fine in dockerd.

doctorpangloss avatar May 04 '24 00:05 doctorpangloss

To provide a bit more context:

The following works:

FROM mcr.microsoft.com/windows/servercore:ltsc2022
RUN C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe write-host Hello

# Outputs: Hello

While this doesn't:

FROM mcr.microsoft.com/windows/servercore:ltsc2022
RUN powershell.exe write-host Hello

# Error: 'powershell.exe' is not recognized as an internal or external command,
# operable program or batch file.

Seems that it doesn't load the PATH correctly. Docker/nerdctl works fine:

nerdctl.exe run --rm -it mcr.microsoft.com/windows/servercore:ltsc2022 powershell hello

# Outputs: hello

Additionally, buildkit seems to persist the PATH issue to the generated image:

# Default servercore
nerdctl run --rm mcr.microsoft.com/windows/servercore:ltsc2022 cmd /c echo %PATH%
# C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\ContainerAdministrator\AppData\Local\Microsoft\WindowsApps

# image built with buildkit based on servercore
nerdctl run --rm -it my-buildkit-image:latest cmd /c echo %PATH%
# c:\Windows\System32;c:\Windows

Versions: containerd v1.7.16 buildkitd v0.13.2

lippertmarkus avatar May 06 '24 13:05 lippertmarkus

ref https://github.com/moby/buildkit/pull/4895 https://github.com/moby/buildkit/pull/3158

lippertmarkus avatar May 07 '24 17:05 lippertmarkus

Sure, we're picking up this discussion from #3158 // For the time-being, a work-around will be adding this at the beginning:

SHELL ["C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell"]

profnandaa avatar May 13 '24 04:05 profnandaa

/cc. @danielgithinji

profnandaa avatar May 13 '24 04:05 profnandaa

Another workaround that should help solve this issue is by changing the PATH environment variable. This can be done by using the ENV dockerfile command i.e:

ENV PATH="C\yourPath

By using docker you can also grab the container path and use the ENV command to modify the path in your dockerfile as shown above. That way any executable in the path will be accessible.

A docker command to grab the path is as follows:

docker run -it mcr.microsoft.com/windows/servercore:ltsc2022 cmd /S /C set path

danielGithinji avatar Jun 13 '24 05:06 danielGithinji