pretalx-docker icon indicating copy to clipboard operation
pretalx-docker copied to clipboard

Published 20 hours ago verified publisher icon pretalx

Rootless podman - subuid / subgid issue

Open kuhball opened this issue 1 year ago • 6 comments

I'm trying to get pretalx to run within rootless podman. Pulling the image from dockerhub the following issue occurs:

Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:3e45d37343fb3198922fe73f2463b28816b2bade1ae4707c3b2282944d7ceaa1": processing tar file(potentially insufficient UIDs or GIDs available in user namespace (requested 1618591017:1876110778 for /pretalx/src/pretalx/frontend/schedule-editor/node_modules/character-parser/.npmignore): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /pretalx/src/pretalx/frontend/schedule-editor/node_modules/character-parser/.npmignore: invalid argument): exit status 1

In rootless podman the user normally gets a start uid and a range - f.e. core:100000:1000000. Looking at the requested id's this seems unnecessarily high and far from each other. Is there a particular reason for this?

Workaround is to build the image locally within rootless podman.

kuhball avatar Mar 16 '24 15:03 kuhball

Happy to merge PRs fixing the problem!

rixx avatar Mar 17 '24 00:03 rixx

I ran into the same issue too but I'm not using podman. The error I get is:

failed to register layer: failed to Lchown "/pretalx/src/pretalx/frontend/schedule-editor/node_modules/character-parser/.npmignore" for UID 1618591017, GID 1876110778 (try increasing the number of subordinate IDs in /etc/subuid and /etc/subgid): lchown /pretalx/src/pretalx/frontend/schedule-editor/node_modules/character-parser/.npmignore: invalid argument

In my case I am running docker under a Linux container (LXD) and I think it has similar subuid limitations as podman.

I don't think it's anything with the code, but something about how this is being built because I can use the scripts as is to build the docker image.

Push it to my org nexus docker registry and then pull it down from another machine fine and use docker-compose.yml as usual.

robe2 avatar Apr 07 '24 06:04 robe2

After a bit of searching this seems to be a npm problem - https://github.com/npm/cli/issues/5889 . The used python:3.10-bookworm ships with npm version 9.2.0 which has been released before the issue has been closed.

Solution to this would probably be a newer version of npm, not totally sure what exact npm version fixes this.

kuhball avatar Apr 07 '24 09:04 kuhball

pretalx only supports currently supported Nodejs versions, and 9.2.0 is way outdated at this point – the oldest still-maintained version is v18 at the moment.

rixx avatar Apr 08 '24 13:04 rixx

I was talking about the npm version, not nodejs. Current npm version is 10.5.1. The mentioned npm version is the one provided by the bookworm repositorys.

kuhball avatar Apr 08 '24 16:04 kuhball

Ah, gotcha, sorry!

rixx avatar Apr 09 '24 13:04 rixx

@almereyda @kuhball I am very open to PRs to update the Dockerfile. For now I would close this issue, as there was a bigger upgrade and I want to start fresh. Thank you! :)

saschafoerster avatar May 16 '25 09:05 saschafoerster