3

I'm trying to build a Docker image using DOCKER_BUILDKIT which involves cloning a private remote repository from GitLab, with the following lines of my Dockerfile being used for the git clone:

# Download public key for gitlab.com
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
RUN --mount=type=ssh git clone git@gitlab.com:*name_of_repo* *download_location*

However, when I run the docker build command using:

DOCKER_BUILDKIT=1 docker build --ssh default --tag test:local .

I get the following error when it is trying to do the git clone:

git@gitlab.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I've set up the ssh access successfully on the machine I'm trying to build this image on, and both the ssh -T git@gitlab.com and trying to clone the repository outside of the Docker build work just fine.

I've had a look around but can't find any info on what might be causing this specific issue - any pointers much appreciated.

JackLidge
  • 391
  • 4
  • 16
  • Do you have an ssh-agent running and did you add the ssh key to it? See https://www.ssh.com/academy/ssh/agent – Julien B. Sep 05 '22 at 14:01
  • I had an agent running, but I think I hadn't added the ssh key to it! It works now. Happy to either delete this question or if you want to write up an answer I can accept it – JackLidge Sep 05 '22 at 14:51

2 Answers2

3

Make sure you have an SSH agent running and that you added your private key to it.

Depending on your platform, the commands may vary but since it's tagged gitlab I will assume that Linux is your platform.

Verify that you have an SSH agent running with echo $SSH_AUTH_SOCK or echo $SSH_AGENT_SOCK if both echo an empty string, you most likely do not have an agent running.

To start an agent you can usually type:

eval `ssh-agent`

Next, you can verify what key are added (if any) with:

ssh-add -l

If the key you need is not listed, you can add it with:

ssh-add /path/to/your/private-key

Then you should be good to go.

More info here: https://www.ssh.com/academy/ssh/agent

Cheers

Julien B.
  • 3,023
  • 2
  • 18
  • 33
1

For testing, use a non-encrypted private SSH key (meaning you don't have to manage an ssh-agent, which is only needed for encrypted private key passphrase caching)

And use ssh -Tv git@gitlab.com to check where SSH is looking for your key.

Then, in your Dockerfile, add before the line with git clone:

ENV GIT_SSH_COMMAND='ssh -Tv'

You will see again where Docker/SSH is looking when executing git clone with an SSH URL.

I suggested as much here, and there were some mounting folders missing then.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250