Docker Alpine Update

2/12/2022by admin

Docker is available on all major operating systems: Windows, macOS, and Linux. See the official guide for instructions on how to install Docker on your system. Unless you have special needs, you can use the Docker Engine - Community version. Running Containers. Docker uses the concepts of images and containers. Use Liatrio’s Alpine-Jenkins image, which is specifically configured for using Docker in pipelines. To spin up the Alpine-Jenkins container and give it access to Docker, use docker run. If you are interested in how the image is configured, be sure to look at the liatrio/alpine-jenkins repository’s Dockerfile for an overview.

Error

Lightweight Docker image for running the Apache JMeter test tool (Container. Companies and users who have older Alpine Linux Docker images integrated inside (re)install scripts/routines should modify the Docker image to disable the root account or update to a newer Alpine.

Smaller base images with Alpine. You could replace the distroless base image with an Alpine based image. Alpine Linux is: a security-oriented, lightweight Linux distribution based on musl libc and busybox. In other words, a Linux distribution that is smaller in size and more secure. You shouldn't take their words for granted.

If you're reading this you're probably dealing with the hell I've just been through trying to get apps like Nextcloud, Redis and all sorts of other things in Docker to run on a Raspberry Pi4, which suddenly seemed to stop working overnight. The reason? These apps all use Alpine Linux as a common base image. However, Alpine made a move that caused some chaos for us. Their Alpine 3.13 variant is not compatible with Raspberry Pi 4 devices IF:

  • You are running a version of Docker prior to 19.04 (which is currently the case for stock Raspbian Repositories which has version 18 as the latest.
  • You are running an outdated libseccomp2 library.

Docker Alpine Update

Either one of, or both of these criteria will land you with incompatibilities and containers randomly crashing and refusing to start left/right/centre. The specifics for this issue are detailed (quite well to be fair) over at Alpine Linux's site - https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.13.0#time64_requirements

Docker Alpine Apk Update Temporary Error

There are a few ways you can fix this issue, but all of them were hacky and janky in ways that didn't appeal to me - notably, reducing the enforcement capabilities of Docker by adjusting the seccomp profile. Alternatively you could try downgrading container versions (e.g. Nextcloud 21 back down to 20). The problem is that can lead to database versions detecting them as incompatible. Etc. etc.

So, the solution I've come up with is two-fold. Update libseccomp2 to the 'latest' version and run ahead of Raspbian Mainline. Then do the same for their version of Docker. See below, I'm running Docker 20.10 on Kernel 5.10 just fine. Confusingly, libseccomp2 is in Buster BACKports, but that version is AHEAD of Raspbian Mainline.

The steps for libseccomp2 are well documented, as this has been a problem on multiple platforms (not just RPI4). You could do a 'oneshot' installation of a newer version, which can be found here https://github.com/itzg/docker-minecraft-server/issues/755#issuecomment-781615497

Personally I feel the better method is to install it from the Buster Backports repo, which is very safe to add. It also means any future updates to libseccomp will be applied to the Pi.

The solution for Docker is something I came up with to skip ahead Raspbian Mainline's slow update cycle. We step forward and use Debian Bullseye unstable repositories, and pinch their lovely Docker Engine binaries which they've got cached upstream for the Beta Testers. Note their are confusing names again. Buster is the current version of Debian, with Bullseye being the next iteration 'upstream'. Why choose two names beginning with B...?

Docker Alpine Update-ca-certificates Not Found

Here's how to do it...

First, we add Debian Bullseye as a repository which Raspbian can poll for software updates. We do this by creating the file /etc/apt/sources.list.d/bullseye-testing-docker.list and filling it with the contents below:

Then you ALSO NEED to put an Apt Preferences file into place, so that this new repository does not totally 'override' the normal Raspbian Buster one. Do not run apt-get upgrade just yet, or you'll magically transform your Pi into a Debian ARM build.

Create the Apt Preferences file /etc/apt/preferences.d/bullseye-docker.pref and populate it:

This file's meaning translates to 'Any packages found in this repository, set their priority to be lower than the default Raspbian Buster ones' (which have a priority of 500).

Now, we install Docker.io from Bullseye Upstream. Make sure to stop Docker first to avoid any potential nastiness (systemctl stop docker).

Docker Alpine Update

apt install docker.io/bullseye

Voila! You have Docker 20+, and an up to date LibSecComp. Restart the Docker Daemon and have fun.

You may be thinking - why not just install Docker from their website with the awful curl/bash script? This is because the script overwrites any custom config you have for Docker set up, and I have a lot. This was the most viable method for me in the end.

Docker Alpine Update-ca-certificates

Packages

Replacing your current base image with the Docker Alpine Linux image usually requires updating the package names to the corresponding ones in the Alpine Linux package index. We use the apk command to manage packages. It works similar to apt or yum.

An example installing the nginx package would be apk add --update-cache nginx. The --update-cache flag fetches the current package index before adding the package. We don't ship the image with a package index (since that can go stale fairly quickly).

Example

Here is a full example Dockerfile that installs the Python runtime and some build dependencies:

Disabling Cache

As of Alpine Linux 3.3 there exists a new --no-cache option for apk. It allows users to install packages with an index that is updated and used on-the-fly and not cached locally:

This avoids the need to use --update-cache and remove /var/cache/apk/* when done installing packages.

Docker Alpine Update 2020

Convenience Cleanup

The gliderlabs variant of this image contains a small unofficial wrapper script that assists in the cleanup of the package index after installing packages. However, this functionality is now available in the upstream apk utility as of Alpine version 3.2 (using apk --no-cache). This script may be removed from the gliderlabs/alpine images in the future.

Virtual Packages

Another great apk add feature for cleanup is the concept of virtual packages using the --virtual or -t switch. Packages added under this virtual name can then be removed as one group. An example use of this would be removing a group of build dependencies all at once:

Additional Information

Check out the Alpine Linux package management documentation for more information and usage of apk.

Comments are closed.