2

I am build docker images for a node.js application in a Github Actions workflow and I publish them on Azure ACR. When I try to pull the image from the ACR to my machine or the Azure App Service, on both environments, I receive errors like these:

Azure:

2023-03-31T09:44:59.401Z ERROR - failed to register layer: Error processing tar file(exit status 1): Container ID 2119470584 cannot be mapped to a host IDErr: 0, Message: failed to register layer: Error processing tar file(exit status 1): Container ID 2119470584 cannot be mapped to a host ID

localhost:

failed to register layer: ApplyLayer exit status 1 stdout:  stderr: failed to Lchown "/app/node_modules/external-editor/node_modules/tmp/LICENSE" for UID 2119470584, GID 2042662593 (try increasing the number of subordinate IDs in /etc/subuid and /etc/subgid): lchown /app/node_modules/external-editor/node_modules/tmp/LICENSE: invalid argument

when I first encountered this issue a few months ago, I tried adding a chown command as the last step in my Dockerfile:

RUN chown -R $(id -u):$(id -g) /app

Back then it solved the problem but now the problem occurs again.

EDIT: I'd like to rephrase the last sentence:

Back then it seemed to solve the problem but now the problem occurs again.

Could also be that back then the problem was just temporary (maybe the broken file came with that UID from npmjs.org back then and while I added that command, they had already fixed that?)

Update:

The problem seems to originate from the official node:18 Docker image. We build node 18 base images for some nestjs and nextjs applications in an nx monorepo in Github actions. The sources, including package.json, package.json etc. are copied to the image. Then, npm ci is run. The base image is then published to an Azure container registry. I recognized that npm ci displayed many warnings when I was trying to build it on my machine:

npm WARN tar TAR_ENTRY_ERROR EINVAL: invalid argument, fchown
npm WARN tar TAR_ENTRY_ERROR EINVAL: invalid argument, fchown
npm WARN tar TAR_ENTRY_ERROR EINVAL: invalid argument, fchown
npm WARN tar TAR_ENTRY_ERROR EINVAL: invalid argument, fchown
npm WARN tar TAR_ENTRY_ERROR EINVAL: invalid argument, fchown
[...]

But the command finished anyway. Then I found a hint in the CI build job logs that appeared during the npm ci command:

added 2896 packages, and audited 3126 packages in 53s

351 packages are looking for funding
  run `npm fund` for details

1 high severity vulnerability

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
npm notice 
npm notice New minor version of npm available! 9.5.0 -> 9.6.3
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v9.6.3>
npm notice Run `npm install -g npm@9.6.3` to update!

So I placed the following line right before the npm ci RUN npm install -g npm@9.6.3

I restarted the CI job and after completion, I was able to pull and extract the image from the Azure CR.

dfsg76
  • 504
  • 1
  • 6
  • 22
  • 1
    What _is_ the size of the subordinate UID range on your host? Have you tried to follow the advice in the message? (If background is needed, the Arch page at https://wiki.gentoo.org/wiki/Subuid_subgid is generally pretty informative, and the information it contains is largely applicable across all distros) – Charles Duffy Mar 31 '23 at 19:26
  • Thanks for the link :) I cannot follow the advice in the message because on Azure App Service I have no control over the available UIDs – dfsg76 Apr 07 '23 at 11:14
  • I hit this issue, I've no idea what the actual problem is, or why upgrading npm fixes it... but it does. Thanks @dfsg76 – ChadT Apr 19 '23 at 05:16

0 Answers0