5

When building a Singularity/Apptainer image from a definition file, is there a portable way to make a SSH key of the host system available during the build?

To give some context:

I have a definition file where in the %post section I'm cloning a private git repository using SSH, i.e.:

git clone git@github.com:luator/private_repo.git

This fails because the SSH keys of the host system are not available in the container during the build.

I could probably copy the key in the container and delete it from there at the end of the build process. However, for this, I would need to hard-code the path to the key in the definition file, which is bad when using the same definition file on another machine where the path is different. Is there a more portable way of making the git clone work during the build?

luator
  • 4,769
  • 3
  • 30
  • 51

1 Answers1

0

You can try using docker Buildkit, export DOCKER_BUILDKIT=1 to enable this feature:

And afterwards just generate your ssh keys (ssh-keygen and be sure that your public key - id_rsa.pub file content is in your github/gitlab/bitbucket)

Simple usage in a Dockerfile:

# use you base image
FROM centos AS build
  
RUM yum install -y git

RUN mkdir -m 700 /root/.ssh; \
    touch -m 600 /root/.ssh/known_hosts; \
    ssh-keyscan github.com > /root/.ssh/known_hosts

# update with tour repo
RUN --mount=type=ssh,id=github git clone git@github.com:<USER>/<REPO>.git

And then build the image RUN --mount=type=ssh,id=github git clone git@github.com:<USER>/<REPO>.git

dejanualex
  • 3,872
  • 6
  • 22
  • 37
  • 1
    So your suggestion is to use a Dockerfile and build this with Singularity? While this might work, it is unfortunately not an option in my case as my image is based on another, already existing Singularity image (which I assume is not supported with a Dockerfile). – luator Dec 11 '20 at 14:39