Skip to content

Commit

Permalink
docker: Don't use ssh-agent, instead mount ~/.ssh
Browse files Browse the repository at this point in the history
Building on a mac will result in this failure:
```
docker: Error response from daemon: error while creating mount source path '/host_mnt/private/tmp/com.apple.launchd.lINaqsIhwG/Listeners': mkdir /host_mnt/private/tmp/com.apple.launchd.lINaqsIhwG/Listeners: operation not supported.

```
This is failing because Apple doesn't support passing a unix socket across a hypervisor.
This happens when trying to use SSH_AUTH_SOCK to mount the ssh-agent (unix) socket for
authentication.

Instead, mount the user's ~/.ssh directory so that ssh has access to the user's private keys
during the docker container instance running the build.
  • Loading branch information
ringlej authored and jjcarstens committed May 23, 2024
1 parent 5eb6953 commit edabcc7
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions lib/nerves/artifact/build_runners/docker.ex
Original file line number Diff line number Diff line change
Expand Up @@ -135,11 +135,11 @@ defmodule Nerves.Artifact.BuildRunners.Docker do
{_, image} = config(pkg)

mounts = Enum.join(mounts(pkg), " ")
ssh_agent = Enum.join(ssh_agent(), " ")
ssh_mount = Enum.join(ssh_mount(), " ")
env_vars = Enum.join(env(), " ")

shell =
"docker run --rm -it -w #{@working_dir} #{env_vars} #{mounts} #{ssh_agent} #{image} /bin/bash"
"docker run --rm -it -w #{@working_dir} #{env_vars} #{mounts} #{ssh_mount} #{image} /bin/bash"

set_volume_permissions(pkg)

Expand Down Expand Up @@ -244,7 +244,7 @@ defmodule Nerves.Artifact.BuildRunners.Docker do
"stdout",
"-a",
"stderr"
] ++ env() ++ mounts(pkg) ++ ssh_agent() ++ [image | cmd]
] ++ env() ++ mounts(pkg) ++ ssh_mount() ++ [image | cmd]

case Mix.Nerves.Utils.shell("docker", args, stream: stream) do
{_result, 0} ->
Expand Down Expand Up @@ -333,9 +333,9 @@ defmodule Nerves.Artifact.BuildRunners.Docker do
["--mount", "type=volume,src=#{build_volume},target=#{@working_dir}" | mounts]
end

defp ssh_agent() do
ssh_auth_sock = System.get_env("SSH_AUTH_SOCK")
["-v", "#{ssh_auth_sock}:/ssh-agent", "-e", "SSH_AUTH_SOCK=/ssh-agent"]
defp ssh_mount() do
ssh_path = Path.expand("~/.ssh")
["--mount", "type=bind,src=#{ssh_path},target=/home/nerves/.ssh,readonly"]
end

defp build_paths(pkg) do
Expand Down

0 comments on commit edabcc7

Please sign in to comment.