Issue
It appears that yum's dependency resolution behaves differently depending on whether it is invoked from the RUN statement of a Dockerfile, or from docker run.
Consider this Dockerfile:
FROM themattrix/centos5-vault-i386
RUN rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm
RUN yum update -y
The docker build fails on the last command. The full output is included below, but basically yum selects packages for both i386 and x86_64.
But running the same commands from docker run works! No packages for x86_64 are selected.
docker run --rm themattrix/centos5-vault-i386 sh -c "
rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm &&
yum update -y"
What could explain this strange behaviour?
And how to get the Dockerfile to build?
Environment
$ uname -srmp
Darwin 17.7.0 x86_64 i386
$ docker -v
Docker version 18.09.2, build 6247962
Output from docker build
$ docker build .
Sending build context to Docker daemon 6.656kB
Step 1/3 : FROM themattrix/centos5-vault-i386
---> 5706f03d3346
Step 2/3 : RUN rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm
---> Using cache
---> ee89f27432c1
Step 3/3 : RUN yum update -y
---> Running in 19e822b9dccc
Loaded plugins: fastestmirror
Determining fastest mirrors
* epel: ftp-stud.hs-esslingen.de
Reducing CentOS-5 - libselinux to included packages only
Finished
Setting up Update Process
Resolving Dependencies
--> Running transaction check
--> Processing Dependency: libselinux = 1.33.4-5.7.el5 for package: libselinux-python
--> Processing Dependency: libselinux = 1.33.4-5.7.el5 for package: libselinux-utils
---> Package libselinux.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package libselinux-devel.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package tuxad-release.noarch 0:5-7 set to be updated
--> Running transaction check
---> Package libselinux.x86_64 0:1.33.4-5.7.el5 set to be updated
--> Processing Dependency: libc.so.6(GLIBC_2.2.5)(64bit) for package: libselinux
--> Processing Dependency: ld-linux-x86-64.so.2(GLIBC_2.3)(64bit) for package: libselinux
--> Processing Dependency: ld-linux-x86-64.so.2()(64bit) for package: libselinux
--> Processing Dependency: libc.so.6(GLIBC_2.3)(64bit) for package: libselinux
--> Processing Dependency: libc.so.6(GLIBC_2.4)(64bit) for package: libselinux
--> Processing Dependency: libc.so.6(GLIBC_2.3.4)(64bit) for package: libselinux
--> Processing Dependency: libdl.so.2()(64bit) for package: libselinux
--> Processing Dependency: libc.so.6()(64bit) for package: libselinux
--> Processing Dependency: libsepol.so.1()(64bit) for package: libselinux
--> Running transaction check
---> Package glibc.x86_64 0:2.5-123.el5_11.3 set to be updated
---> Package libsepol.x86_64 0:1.15.2-3.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
libselinux i386 1.33.4-5.7.el5.centos libselinux 77 k
libselinux-devel i386 1.33.4-5.7.el5.centos libselinux 144 k
tuxad-release noarch 5-7 tuxad 13 k
Installing for dependencies:
glibc x86_64 2.5-123.el5_11.3 updates 4.8 M
libselinux x86_64 1.33.4-5.7.el5 base 78 k
libsepol x86_64 1.15.2-3.el5 base 131 k
Transaction Summary
================================================================================
Install 3 Package(s)
Upgrade 3 Package(s)
Total download size: 5.2 M
Downloading Packages:
--------------------------------------------------------------------------------
Total 925 kB/s | 5.2 MB 00:05
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID a95f6f37
Importing GPG key 0xA95F6F37 "Frank W. Bergmann (tuxad.com) <[email protected]>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-TUXAD-A95F6F37
Running rpm_check_debug
ERROR with rpm_check_debug vs depsolve:
libselinux is needed by (installed) libselinux-utils-1.33.4-5.7.el5.i386
libselinux is needed by (installed) libselinux-python-1.33.4-5.7.el5.i386
Complete!
(1, [u'Please report this error in http://bugs.centos.org/yum5bug'])
The command '/bin/sh -c yum update -y' returned a non-zero code: 1
Output from docker run
$ docker run --rm themattrix/centos5-vault-i386 sh -c "rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm && yum update -y"
warning: /var/tmp/rpm-xfer.ZSEYyZ: Header V3 DSA signature: NOKEY, key ID a95f6f37
Loaded plugins: fastestmirror
Determining fastest mirrors
* epel: ftp-stud.hs-esslingen.de
Reducing CentOS-5 - libselinux to included packages only
Finished
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package curl.i386 0:7.15.5-17.el5_11.1 set to be updated
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.1) for package: curl
--> Processing Dependency: libssl.so.10 for package: curl
--> Processing Dependency: libcrypto.so.10(libcrypto.so.10) for package: curl
--> Processing Dependency: libcrypto.so.10 for package: curl
--> Processing Dependency: libssl.so.10(libssl.so.10) for package: curl
---> Package kernel-headers.i386 0:2.6.18-419.el5 set to be updated
---> Package libselinux.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package libselinux-devel.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package libselinux-python.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package libselinux-utils.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package openldap.i386 0:2.3.43-29.el5_11.openssl1 set to be updated
---> Package openssl.i686 0:0.9.8e-40.el5_11.1 set to be updated
---> Package openssl-devel.i386 0:0.9.8e-40.el5_11.1 set to be updated
---> Package tuxad-release.noarch 0:5-7 set to be updated
---> Package tzdata.i386 0:2017b-1.el5 set to be updated
---> Package wget.i386 0:1.11.4-3.el5_11.2.1 set to be updated
--> Running transaction check
---> Package openssl1.i686 0:1.0.1e-57.1.el5_11 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
curl i386 7.15.5-17.el5_11.1 tuxad 893 k
kernel-headers i386 2.6.18-419.el5 updates 1.5 M
libselinux i386 1.33.4-5.7.el5.centos libselinux 77 k
libselinux-devel i386 1.33.4-5.7.el5.centos libselinux 144 k
libselinux-python i386 1.33.4-5.7.el5.centos libselinux 73 k
libselinux-utils i386 1.33.4-5.7.el5.centos libselinux 55 k
openldap i386 2.3.43-29.el5_11.openssl1 tuxad 717 k
openssl i686 0.9.8e-40.el5_11.1 tuxad 2.9 M
openssl-devel i386 0.9.8e-40.el5_11.1 tuxad 1.9 M
tuxad-release noarch 5-7 tuxad 13 k
tzdata i386 2017b-1.el5 updates 757 k
wget i386 1.11.4-3.el5_11.2.1 tuxad 593 k
Installing for dependencies:
openssl1 i686 1.0.1e-57.1.el5_11 tuxad 3.5 M
Transaction Summary
================================================================================
Install 1 Package(s)
Upgrade 12 Package(s)
Total download size: 13 M
Downloading Packages:
--------------------------------------------------------------------------------
Total 1.4 MB/s | 13 MB 00:09
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID a95f6f37
Importing GPG key 0xA95F6F37 "Frank W. Bergmann (tuxad.com) <[email protected]>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-TUXAD-A95F6F37
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : openssl 1/25
Updating : libselinux 2/25
Updating : libselinux-devel 3/25
Updating : openssl-devel 4/25
Updating : tzdata 5/25
Updating : kernel-headers 6/25
Updating : tuxad-release 7/25
Installing : openssl1 8/25
Updating : openldap 9/25
Updating : curl 10/25
Updating : wget 11/25
Updating : libselinux-utils 12/25
Updating : libselinux-python 13/25
Cleanup : libselinux 14/25
Cleanup : tuxad-release 15/25
Cleanup : wget 16/25
Cleanup : libselinux-devel 17/25
Cleanup : openssl-devel 18/25
Cleanup : kernel-headers 19/25
Cleanup : tzdata 20/25
Cleanup : libselinux-utils 21/25
Cleanup : openldap 22/25
Cleanup : curl 23/25
Cleanup : libselinux-python 24/25
Cleanup : openssl 25/25
Dependency Installed:
openssl1.i686 0:1.0.1e-57.1.el5_11
Updated:
curl.i386 0:7.15.5-17.el5_11.1
kernel-headers.i386 0:2.6.18-419.el5
libselinux.i386 0:1.33.4-5.7.el5.centos
libselinux-devel.i386 0:1.33.4-5.7.el5.centos
libselinux-python.i386 0:1.33.4-5.7.el5.centos
libselinux-utils.i386 0:1.33.4-5.7.el5.centos
openldap.i386 0:2.3.43-29.el5_11.openssl1
openssl.i686 0:0.9.8e-40.el5_11.1
openssl-devel.i386 0:0.9.8e-40.el5_11.1
tuxad-release.noarch 0:5-7
tzdata.i386 0:2017b-1.el5
wget.i386 0:1.11.4-3.el5_11.2.1
Complete!
Solution
The reason is that the package manager relies on the information provided by the kernel (via uname(2)) to decide which versions of packages (for which target architecture) should it install. Though your base image has i386 environment inside, you still run the build on x86_64 kernel, so things become a bit tricky.
When you run the container using docker run, you pass through the entrypoint linux32 - a small program which asks the kernel to pretend that it runs on i386 hardware. However, when you run docker build, the entrypoint is not used by RUNs, so yum sees that it runs on x86_64 kernel, hence the mess with platforms. You may check this answer for more detailed explanation; the issue is pretty similar.
To build your image correctly (installing only i386 packages), run yum and other architecture-sensitive commands in RUNs under linux32, e.g.:
RUN linux32 yum update -y
Answered By - Danila Kiver