1

I have the following Dockerfile:

FROM alpine:latest
RUN apk update
RUN apk add --no-cache curl openssh sshpass rsync
#etc

And this docker-compose.yml:

[...]
services:
  my-container:
    build:
      context: ./my-folder
      dockerfile: Dockerfile
    container_name: my-container
    restart: unless-stopped
    #etc

And I'm running this command:

docker-compose up -d --remove-orphans --build

I'm getting this error on build:

 => ERROR [3/7] RUN apk add --no-cache curl openssh sshpass rsync                                                                                                                                               3.7s
------                                                                                                                                                                                                               
 > [3/7] RUN apk add --no-cache curl openssh sshpass rsync:                                                                                                                                                          
#0 1.448 fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/aarch64/APKINDEX.tar.gz                                                                                                                              
#0 1.859 fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/aarch64/APKINDEX.tar.gz                                                                                                                         
#0 2.732 ERROR: unable to select packages:                                                                                                                                                                           
#0 2.741   openssh-client-common-9.3_p1-r3:
#0 2.741     breaks: openssh-client-default-9.3_p2-r0[openssh-client-common=9.3_p2-r0]

And for the life of me I cannot figure this out. I tried changing the the alpine image version to a few other options, I ran docker builder prune just in case this was some kind of caching problem. I also tried forcing specific versions numbers for openssh and running just with RUN apk add --no-cache openssh, but the error still appeared.

Any ideas would be very much appreciated.

EDIT: answers to comments.

Docker is running on Raspberry Pi OS (64 bit), fully updated.

$ docker version
Client: Docker Engine - Community
 Version:           24.0.4
 API version:       1.43
 Go version:        go1.20.5
 Git commit:        3713ee1
 Built:             Fri Jul  7 14:50:52 2023
 OS/Arch:           linux/arm64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.4
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.5
  Git commit:       4ffc614
  Built:            Fri Jul  7 14:50:52 2023
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
Alex
  • 5,009
  • 3
  • 39
  • 73
  • What application will the container ultimately run? How does it invoke `ssh`? Can you use a library for it instead of calling a subprocess? – David Maze Jul 24 '23 at 11:10
  • When I try to build it, it installs without error. The only thing I can think of that might cause different behaviour is the hardware platform. I'm on x86_64. What are you on? – Hans Kilian Jul 24 '23 at 12:10
  • I am also unable to reproduce this problem. Can you tell us more about your environment? Host OS, docker version, etc. What is the output of `docker image ls alpine`? – larsks Jul 24 '23 at 13:01
  • @DavidMaze container runs a .sh script that runs rsync which uses ssh. I don't understand what you mean with "library instead of subprocess", but using rsync seems pretty standard, so I'd like to keep using the .sh script exactly as I have it (not to mention that the script has been tested already and I'd be a pain to change it). – Alex Jul 24 '23 at 15:06
  • @larsks Output of "docker image ls alpine" is an empty list. – Alex Jul 24 '23 at 15:13
  • I only have 32 bit raspberry pi os, and this all works fine in that environment (using the same version of docker). – larsks Jul 24 '23 at 15:38
  • @larsks To be fair, this has worked flawlessly for many months, and so it's also a surprise for me that it stopped working out of the blue a few days ago. – Alex Jul 24 '23 at 15:52
  • My guess is that there is an issue with the apk packages for arm64. But as I don't have access to an arm64 machine, I don't have any way to verify. – Hans Kilian Jul 24 '23 at 16:31

2 Answers2

3

We got the same issue for the last week or so on our gitlab pipelines running on on-demand aws t2.Large instances running scripts in docker:git containers (Runtime platform arch=amd64 os=linux revision=79704081 version=16.0.1).

.gitlab-ci.yml

deploy:
    stage: deploy
    image: docker:git
    services: 
        - docker:dind
    before_script:
        - apk update
        - apk add openssh gettext ca-certificates

Resulting in:

$ apk add openssh gettext ca-certificates ERROR: unable to select packages: openssh-client-common-9.3_p1-r3: breaks: openssh-client-default-9.3_p2-r0[openssh-client-common=9.3_p2-r0]

The fix was to remove the openssh from apk add

I think the issue was related to this Alpine release with a security fix for OpenSSH. Noticing that openssh-client-default is already in Alpine, and is conflicting with the version that we are trying to add, made us realize that we can just remove the add.

Andre Theron
  • 31
  • 3
  • Ah I see! Actually, I also found out that the alpine:edge version (instead of alpine:latest) does not produce the error, so I've been using that since yesterday. But I will try your option too. Thanks! – Alex Jul 25 '23 at 14:49
0

The openssh-client (and it's dependency openssh-client-common) that is installed in an image is older then the one in package repository. When you are trying to install a newer openssh server package, the conflict with older common packages occurs. I think upgrading the packages on the image should fix the issue:

RUN apk update && apk --no-cache upgrade
# or, for smaller impact:
RUN apk update && apk --no-cache upgrade openssh-client

Or you can wait for newer alpine version to be released (should work already).

Outshined
  • 709
  • 7
  • 22