1

So I'm building a rpm package with some pre-loaded docker image, and I want to load the image to the system and delete the image tar file after installation.

I've already achieved this in a debian package by simply adding these 2 lines in postinst file:

docker load -i <path>/image.tar
rm <some_path>/image.tar

However I got some troubles doing this in RPM package and here's the .spec file roughly looks like:

%prep

%build

%install
mkdir -p %{buildroot}/etc/my_app/

cp app %{buildroot}/etc/my_app/app
cp image.tar %{buildroot}/etc/my_app/image.tar

%post
docker load -i /etc/my_app/image.tar
rm /etc/my_app/image.tar

%files
/etc/my_app/app
/etc/my_app/image.tar

%changelog

The first problem is that when installing the package, I got /bin/docker: Permission denied error when running the %post scriptlets. (hence the image wasn't successfully loaded).

The second one is that when uninstalling the package, I got the warning: file /etc/edgexpert/image.tar: remove failed: No such file or directory. I guess this is because I put the image.tar file under $file.

So my questions would be :

  1. how to make the docker command runnable?
  2. where to put my image.tar file so that it can be used during %post scriptlets and won't be checked in %file

Thanks for the help.

Edited:

[vagrant@localhost ~]$ ls -l /bin/docker
-rwxr-xr-x. 1 root root 84956288 Jun  1 09:14 /bin/docker
Chris Hung
  • 33
  • 1
  • 6
  • Welcome to StackOverflow. What does `ls -l /bin/docker` give you? Please append this info to your question. – chicks Nov 23 '20 at 20:38
  • update the requested info – Chris Hung Nov 24 '20 at 03:28
  • The `.` at the end of the permissions indicates an selinux ACL. That is making docker fail on permissions despite the permissions looking right. https://stackoverflow.com/a/30595081/2002471 You might want to try to disable selinux or see if https://bugzilla.redhat.com/show_bug.cgi?id=1382997 helps. – chicks Nov 24 '20 at 15:52
  • I was able to load the docker image successfully only if I disable SELinux and add `sudo` privilege (`sudo docker load -i /etc/my_app/image.tar` in %post scriptlet), is this acceptable? Also how do I handle such intermediate(temporary) file like image.tar ? putting it in %install and %file will cause WARNING when uninstalling package. – Chris Hung Nov 25 '20 at 06:17
  • What you're doing with your `image.tar` looks ok to me. Disabling selinux is not great for security, but getting selinux to cooperate often takes extra work. There's plenty of posts on getting docker to work with selinux out there if you're interested in fixing that part. – chicks Nov 25 '20 at 14:58
  • I was worrying about using `sudo` in post scriptlet will cause any problem; SELinux seems like a little off-topic here so I think I'm okay with current solution (disable it while installing package). Thanks for your help. – Chris Hung Nov 26 '20 at 03:46

0 Answers0