docker 本地注册表 "exec: \"htpasswd\": 在 $PATH 中找不到可执行文件"
docker local registry "exec: \"htpasswd\": executable file not found in $PATH"
直到最近这一切都很好
docker run --entrypoint htpasswd registry:2 -Bbn myuser mypwd > /my/registry2/reg/hub/auth/htpasswd
现在出错了
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"htpasswd\": executable file not found in $PATH": unknown.
这是 Ubuntu 18.04 和 20.04 docker
docker version
Client: Docker Engine - Community
Version: 19.03.11
API version: 1.40
Go version: go1.13.10
Git commit: 42e35e61f3
Built: Mon Jun 1 09:12:22 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.11
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 42e35e61f3
Built: Mon Jun 1 09:10:54 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
如果您将本地 docker 注册表固定到
,它将继续工作
registry:2.7.0
而不是仅使用 registry:2 来获取最新的版本 2,但遗憾的是它已损坏
详情见https://github.com/docker/distribution-library-image/commit/ab00e8dae12d4515ed259015eab771ec92e92dd4 (they removed package apache2-utils) and https://github.com/GoogleContainerTools/jib/pull/2538/commits/f816c837e34eb389c2cdee1bc9a2918c5d2e33e3 and https://github.com/GoogleContainerTools/jib/pull/2539 as referenced in https://github.com/docker/distribution-library-image/issues/106
或者,您可以使用
安装二进制 htpasswd,而不是从内部执行 htpasswd registry:2
apt-get install apache2-utils # thankfully this is NOT the apache server
并使用语法
htpasswd -Bbn myuser mypwd > /my/registry2/reg/hub/auth/htpasswd
在 Ubuntu 18.04 或 20.04
PS 这里是来自包 apache2-utils 的所有文件...只是一些实用程序而不是任何服务器
dpkg -L apache2-utils
/.
/usr
/usr/bin
/usr/bin/ab
/usr/bin/checkgid
/usr/bin/fcgistarter
/usr/bin/htcacheclean
/usr/bin/htdbm
/usr/bin/htdigest
/usr/bin/htpasswd
/usr/bin/logresolve
/usr/bin/rotatelogs
/usr/sbin
/usr/sbin/check_forensic
/usr/sbin/httxt2dbm
/usr/sbin/split-logfile
/usr/share
/usr/share/doc
/usr/share/doc/apache2-utils
/usr/share/doc/apache2-utils/changelog.Debian.gz
/usr/share/doc/apache2-utils/copyright
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/ab.1.gz
/usr/share/man/man1/htdbm.1.gz
/usr/share/man/man1/htdigest.1.gz
/usr/share/man/man1/htpasswd.1.gz
/usr/share/man/man1/httxt2dbm.1.gz
/usr/share/man/man1/logresolve.1.gz
/usr/share/man/man8
/usr/share/man/man8/check_forensic.8.gz
/usr/share/man/man8/checkgid.8.gz
/usr/share/man/man8/fcgistarter.8.gz
/usr/share/man/man8/htcacheclean.8.gz
/usr/share/man/man8/rotatelogs.8.gz
/usr/share/man/man8/split-logfile.8.gz
好在我订了 docker 这张 https://github.com/docker/docker.github.io/issues/11060
的票
有一个未解决的问题 Docker registry with native basic auth not working。由于某些 CVE,他们似乎删除了 htpasswd,因此安装二进制文件可能会降低您的容器的安全性。您可能希望跟踪此问题,直到他们提出更好的解决方案。
您可以使用 pearl crypt 函数生成加密密码:
perl -le 'print crypt("my-password", "my-salt")'
这将输出加密的密码字符串。将加密字符串复制并粘贴到 /path/.htpasswd 文件中,这样
username:encrypted-password
您还可以使用 apache2-utils 个软件包中的 htpasswd -B。
示例:htpasswd -B -b passwordfile username password
Docker requires the password to be hashed using the bcrypt algorithm,
which is why we pass the -B parameter. The bcrypt algorithm is a
password hashing function based on Blowfish block cipher, with a work
factor parameter, which specifies how expensive the hash function will
be.
我在 Dockerfile 中添加了以下内容,现在一切正常了。
RUN apk add --no-cache apache2-utils
所以我的 Dockerfile 现在看起来如下。
FROM registry
RUN apk add --no-cache apache2-utils
RUN mkdir /auth \
&& htpasswd -bnB admin admin > /auth/htpasswd
当前Docker documentation描述了一种使用htpasswd生成密码的简单方法:
mkdir auth
docker run \
--entrypoint htpasswd \
httpd:2 -Bbn testuser testpassword > auth/htpasswd
新生成的文件auth/htpasswd以后可以在注册表镜像中使用:
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
直到最近这一切都很好
docker run --entrypoint htpasswd registry:2 -Bbn myuser mypwd > /my/registry2/reg/hub/auth/htpasswd
现在出错了
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"htpasswd\": executable file not found in $PATH": unknown.
这是 Ubuntu 18.04 和 20.04 docker
docker version
Client: Docker Engine - Community
Version: 19.03.11
API version: 1.40
Go version: go1.13.10
Git commit: 42e35e61f3
Built: Mon Jun 1 09:12:22 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.11
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 42e35e61f3
Built: Mon Jun 1 09:10:54 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
如果您将本地 docker 注册表固定到
,它将继续工作registry:2.7.0
而不是仅使用 registry:2 来获取最新的版本 2,但遗憾的是它已损坏
详情见https://github.com/docker/distribution-library-image/commit/ab00e8dae12d4515ed259015eab771ec92e92dd4 (they removed package apache2-utils) and https://github.com/GoogleContainerTools/jib/pull/2538/commits/f816c837e34eb389c2cdee1bc9a2918c5d2e33e3 and https://github.com/GoogleContainerTools/jib/pull/2539 as referenced in https://github.com/docker/distribution-library-image/issues/106
或者,您可以使用
安装二进制 htpasswd,而不是从内部执行 htpasswd registry:2apt-get install apache2-utils # thankfully this is NOT the apache server
并使用语法
htpasswd -Bbn myuser mypwd > /my/registry2/reg/hub/auth/htpasswd
在 Ubuntu 18.04 或 20.04
PS 这里是来自包 apache2-utils 的所有文件...只是一些实用程序而不是任何服务器
dpkg -L apache2-utils
/.
/usr
/usr/bin
/usr/bin/ab
/usr/bin/checkgid
/usr/bin/fcgistarter
/usr/bin/htcacheclean
/usr/bin/htdbm
/usr/bin/htdigest
/usr/bin/htpasswd
/usr/bin/logresolve
/usr/bin/rotatelogs
/usr/sbin
/usr/sbin/check_forensic
/usr/sbin/httxt2dbm
/usr/sbin/split-logfile
/usr/share
/usr/share/doc
/usr/share/doc/apache2-utils
/usr/share/doc/apache2-utils/changelog.Debian.gz
/usr/share/doc/apache2-utils/copyright
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/ab.1.gz
/usr/share/man/man1/htdbm.1.gz
/usr/share/man/man1/htdigest.1.gz
/usr/share/man/man1/htpasswd.1.gz
/usr/share/man/man1/httxt2dbm.1.gz
/usr/share/man/man1/logresolve.1.gz
/usr/share/man/man8
/usr/share/man/man8/check_forensic.8.gz
/usr/share/man/man8/checkgid.8.gz
/usr/share/man/man8/fcgistarter.8.gz
/usr/share/man/man8/htcacheclean.8.gz
/usr/share/man/man8/rotatelogs.8.gz
/usr/share/man/man8/split-logfile.8.gz
好在我订了 docker 这张 https://github.com/docker/docker.github.io/issues/11060
的票有一个未解决的问题 Docker registry with native basic auth not working。由于某些 CVE,他们似乎删除了 htpasswd,因此安装二进制文件可能会降低您的容器的安全性。您可能希望跟踪此问题,直到他们提出更好的解决方案。
您可以使用 pearl crypt 函数生成加密密码:
perl -le 'print crypt("my-password", "my-salt")'
这将输出加密的密码字符串。将加密字符串复制并粘贴到 /path/.htpasswd 文件中,这样
username:encrypted-password
您还可以使用 apache2-utils 个软件包中的 htpasswd -B。
示例:htpasswd -B -b passwordfile username password
Docker requires the password to be hashed using the bcrypt algorithm, which is why we pass the -B parameter. The bcrypt algorithm is a password hashing function based on Blowfish block cipher, with a work factor parameter, which specifies how expensive the hash function will be.
我在 Dockerfile 中添加了以下内容,现在一切正常了。
RUN apk add --no-cache apache2-utils
所以我的 Dockerfile 现在看起来如下。
FROM registry
RUN apk add --no-cache apache2-utils
RUN mkdir /auth \
&& htpasswd -bnB admin admin > /auth/htpasswd
当前Docker documentation描述了一种使用htpasswd生成密码的简单方法:
mkdir auth
docker run \
--entrypoint htpasswd \
httpd:2 -Bbn testuser testpassword > auth/htpasswd
新生成的文件auth/htpasswd以后可以在注册表镜像中使用:
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \