Finch failing to build with a Dockerfile containing a "from" clause when username doesn't match with folder name

[AndreaCatalucciTractable]

Describe the bug My username is "andrea" but my home folder is "/Users/andreacatalucci" . Whenever i run finch build ., with the Dockerfile including a "FROM" clause, finch fails with error: failed to solve: mkdir /Users/andrea: permission denied

Steps to reproduce Run finch build . in a folder with a Dockerfile containing a FROM clause error fails with error: failed to solve: mkdir /Users/andrea: permission denied

Expected behavior Image succeeds the build

Screenshots or logs example (trying to build a codebuild image)

➜ finch build -t aws/codebuild/standard:6.0 .
[+] Building 0.7s (3/3) FINISHED
 => [internal] load build definition from Dockerfile                                                                                0.1s
 => => transferring dockerfile: 18.42kB                                                                                             0.0s
 => [internal] load .dockerignore                                                                                                   0.1s
 => => transferring context: 2B                                                                                                     0.0s
 => ERROR [internal] load metadata for public.ecr.aws/ubuntu/ubuntu:22.04                                                           0.6s
------
 > [internal] load metadata for public.ecr.aws/ubuntu/ubuntu:22.04:
------
Dockerfile:11
--------------------
   9 |     # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied.
  10 |     # See the License for the specific language governing permissions and limitations under the License.
  11 | >>> FROM public.ecr.aws/ubuntu/ubuntu:22.04 AS core
  12 |
  13 |     ARG DEBIAN_FRONTEND="noninteractive"
--------------------
error: failed to solve: mkdir /Users/andrea: permission denied

Additional context My username is andrea but my home folder is /Users/andreacatalucci The same command works with docker desktop, but not in colima + docker cli

[vsiravar]

Hi Andrea, Thanks for trying out finch. I suspect the user andrea does not have write permissions on /Users/andreacatalucci. Are you able to create a file in /Users/andreacatalucci as andrea? I tried a simple test on my side Setup for the test.

% sudo -su
% mkdir -p /Users/vsiravara
% chown siravara /Users/vsiravara/
% export HOME=/Users/vsiravara
% echo $HOME
/Users/vsiravara
% whoami
siravara

Now I create a Dockerfile in /Users/siravara/vishwas-tests

% pwd           
/Users/siravara/vishwas-tests
% cat Dockerfile
FROM public.ecr.aws/docker/library/alpine:3.13

Now build it.

 finch build . 
INFO[0000] Using default values due to missing config file at "/Users/vsiravara/.finch/finch.yaml" 
INFO[0000] "/Users/vsiravara/.finch" directory doesn't exist, attempting to create it 
[+] Building 1.5s (5/5) FINISHED                                                
 => [internal] load build definition from Dockerfile                       0.0s
 => => transferring dockerfile: 84B                                        0.0s
 => [internal] load .dockerignore                                          0.1s
 => => transferring context: 2B                                            0.0s
 => [internal] load metadata for public.ecr.aws/docker/library/alpine:3.1  1.1s
 => [1/1] FROM public.ecr.aws/docker/library/alpine:3.13@sha256:469b6e04e  0.3s
 => => resolve public.ecr.aws/docker/library/alpine:3.13@sha256:469b6e04e  0.0s
 => => sha256:25f523f0e93b2b5fa676c15d91b90f08ee4de7a160874e6 0B / 2.72MB  0.3s
 => exporting to image                                                     0.4s
 => => exporting layers                                                    0.0s
 => => exporting manifest sha256:1ebab426c37467669a7ebb564bf78d67b88a6295  0.0s
 => => exporting config sha256:e2730a754813a28b0f90c47d888aafc6c53ec1bb87  0.0s
 => => naming to <none>@sha256:1ebab426c37467669a7ebb564bf78d67b88a629585  0.0s
 => => unpacking to <none>@sha256:1ebab426c37467669a7ebb564bf78d67b88a629  0.3s

Build is successful. Hope this helps.

[AndreaCatalucciTractable]

Thanks for the quick reply @vsiravar ! For starters, i think there's a bug in the fact that colima doesn't use my actual home folder, but seems to use my username to infer it, which isn't a correct behaviour on macos.

As a second point, yes i did chown the /Users/andrea directory and i'm able to create files in there as the current user, but finch keeps erroring with the above.

I'm using finch v0.2.0 on macos ventura 13.1

[vsiravar]

Thanks for providing more details.

For starters, i think there's a bug in the fact that colima doesn't use my actual home folder, but seems to use my username to infer it, which isn't a correct behaviour on macos.

Finch does not interact with colima. You don't need colima as a dependency to run finch.

I am having trouble reproducing the issue. Can you provide the Dockerfile that you are using for the build.

[AndreaCatalucciTractable]

hey, any dockerfile with a "FROM" clause causes the issue. the minimal Dockerfile that causes the issue for me is something like this:

FROM node:16

if now i run finch build . i get

[+] Building 0.4s (3/3) FINISHED
 => [internal] load build definition from Dockerfile                                                                                0.0s
 => => transferring dockerfile: 49B                                                                                                 0.0s
 => [internal] load .dockerignore                                                                                                   0.0s
 => => transferring context: 2B                                                                                                     0.0s
 => ERROR [internal] load metadata for docker.io/library/node:16                                                                    0.4s
------
 > [internal] load metadata for docker.io/library/node:16:
------
Dockerfile:1
--------------------
   1 | >>> FROM node:16
--------------------
error: failed to solve: mkdir /Users/andrea: permission denied

note that i created the /Users/andrea folder and i ran chown -R andrea /Users/andrea : it seems that somehow colima wants to create that folder? (which is a folder i had from my old username, so creation will fail cause it's already there). Even after deleting that folder, it still fails cause it needs permissions to mkdir in /Users, which is a system folder -> and running finch as root to see whether it can create that fails with FATA[0000] exit status 1, stderr: time="2023-02-03T09:47:35Z" level=fatal msg="must not run as the root"

[vsiravar]

Thanks for providing further details. I was able to reproduce this after following this post to change my home directory. Merely changing env HOME did not help to reproduce this issue. Since upstream is trying to write to /Users/andrea and /Users/andrea is not mounted in the vm you get mkdir /Users/andrea: permission denied error , as a workaround you could configure additional mounts as described here. You can edit the ~/.finch/finch.yaml to look like

% cat ~/.finch/finch.yaml 
cpus: 2
memory: 2GiB
additional_directories:
    - path: /Users/andrea

By default only the home directory is mounted which is /Users/andreacatalucci in your case. After editing this file, you should reinitialize the vm using the following commands

finch vm stop
finch vm remove
finch vm init

You can try building the image after these steps.

FATA[0000] exit status 1, stderr: time="2023-02-03T09:47:35Z" level=fatal msg="must not run as the root"

This is because containerd(nerdctl) is running in rootless mode and lima ensures that the user is not root.

Let me know if this helps.

[AndreaCatalucciTractable]

thanks so much! i indeed managed to solve the issue with this workaround! does this mean i should open a bug ticket in colima? this all works smoothly in docker desktop, and would be good to have the behaviour be the same to ensure a smooth migration