我从各种各样的dockerfile文件中复制了这段代码,下面是我的:
FROM ubuntu
MAINTAINER Luke Crooks "luke@pumalo.org"
# Update aptitude with new repo
RUN apt-get update
# Install software
RUN apt-get install -y git python-virtualenv
# Make ssh dir
RUN mkdir /root/.ssh/
# Copy over private key, and set permissions
ADD id_rsa /root/.ssh/id_rsa
RUN chmod 700 /root/.ssh/id_rsa
RUN chown -R root:root /root/.ssh
# Create known_hosts
RUN touch /root/.ssh/known_hosts
# Remove host checking
RUN echo "Host bitbucket.org\n\tStrictHostKeyChecking no\n" >> /root/.ssh/config
# Clone the conf files into the docker container
RUN git clone git@bitbucket.org:Pumalo/docker-conf.git /home/docker-conf
这给了我一个错误
Step 10 : RUN git clone git@bitbucket.org:Pumalo/docker-conf.git /home/docker-conf
---> Running in 0d244d812a54
Cloning into '/home/docker-conf'...
Warning: Permanently added 'bitbucket.org,131.103.20.167' (RSA) to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
2014/04/30 16:07:28 The command [/bin/sh -c git clone git@bitbucket.org:Pumalo/docker-conf.git /home/docker-conf] returned a non-zero code: 128
这是我第一次使用dockerfile,但从我读到的(和从工作配置中获取的)我看不出为什么它不能工作。
我的id_rsa和我的dockerfile在同一个文件夹中,并且是我的本地密钥的副本,它可以复制这个存储库,没有问题。
编辑:
在我的dockerfile中,我可以添加:
RUN cat /root/.ssh/id_rsa
它会打印出正确的密钥,所以我知道它被正确复制了。
我也试着按照noah的建议去做,并运行:
RUN echo "Host bitbucket.org\n\tIdentityFile /root/.ssh/id_rsa\n\tStrictHostKeyChecking no" >> /etc/ssh/ssh_config
遗憾的是,这也不起作用。
发布于 2014-05-01 23:43:22
我的钥匙是受密码保护的,这是导致问题的原因,下面列出了一个工作文件(为了给未来的谷歌用户提供帮助)
FROM ubuntu
MAINTAINER Luke Crooks "luke@pumalo.org"
# Update aptitude with new repo
RUN apt-get update
# Install software
RUN apt-get install -y git
# Make ssh dir
RUN mkdir /root/.ssh/
# Copy over private key, and set permissions
# Warning! Anyone who gets their hands on this image will be able
# to retrieve this private key file from the corresponding image layer
ADD id_rsa /root/.ssh/id_rsa
# Create known_hosts
RUN touch /root/.ssh/known_hosts
# Add bitbuckets key
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts
# Clone the conf files into the docker container
RUN git clone git@bitbucket.org:User/repo.git
发布于 2018-10-01 05:24:04
另一种选择是使用多阶段docker构建,以确保SSH密钥不包含在最终映像中。
如我的post中所述,您可以准备包含所需依赖项的中间映像以进行git克隆,然后将所需的文件COPY
到最终映像中。
此外,如果我们LABEL
我们的中间层,我们甚至可以在完成后从机器中删除它们。
# Choose and name our temporary image.
FROM alpine as intermediate
# Add metadata identifying these images as our build containers (this will be useful later!)
LABEL stage=intermediate
# Take an SSH key as a build argument.
ARG SSH_KEY
# Install dependencies required to git clone.
RUN apk update && \
apk add --update git && \
apk add --update openssh
# 1. Create the SSH directory.
# 2. Populate the private key file.
# 3. Set the required permissions.
# 4. Add github to our list of known hosts for ssh.
RUN mkdir -p /root/.ssh/ && \
echo "$SSH_KEY" > /root/.ssh/id_rsa && \
chmod -R 600 /root/.ssh/ && \
ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
# Clone a repository (my website in this case)
RUN git clone git@github.com:janakerman/janakerman.git
# Choose the base image for our final image
FROM alpine
# Copy across the files from our `intermediate` container
RUN mkdir files
COPY --from=intermediate /janakerman/README.md /files/README.md
然后我们可以构建:
MY_KEY=$(cat ~/.ssh/id_rsa)
docker build --build-arg SSH_KEY="$MY_KEY" --tag clone-example .
证明我们的SSH密钥已经消失:
docker run -ti --rm clone-example cat /root/.ssh/id_rsa
从构建机器中清除中间镜像:
docker rmi -f $(docker images -q --filter label=stage=intermediate)
发布于 2017-03-01 17:26:59
对于bitbucket存储库,生成对存储库和项目具有读取访问权限的应用程序密码(Bitbucket设置->访问管理->应用程序密码,见下图)。
那么你应该使用的命令是:
git clone https://username:generated_password@bitbucket.org/reponame/projectname.git
https://stackoverflow.com/questions/23391839
复制相似问题