freebsd_docker_centos7

This is my(@ksmakoto) troubleshooting memo for an issue of Bug 211041 sysutils/docker-freebsd: Repository not found when pulling image.

Next is an excerpt from /var/log/docker.log ,

time="2017-08-09T22:25:25.125486814+09:00" level=debug msg="Downloaded f3b88ddaed1649ab85c7627d3ffdf2b3235d6dcbab5a5f6d9134088b18dfb598 to tempfile /usr/docker/tmp/GetV2ImageBlob942183358" 
time="2017-08-09T22:25:25.130992111+09:00" level=debug msg="Downloaded 8b7794bcb4f92334f9a4fa386715d6c6ecacb5f8e3caadcdb9ec44c449d05f80 to tempfile /usr/docker/tmp/GetV2ImageBlob491235744" 
time="2017-08-09T22:26:20.528819892+09:00" level=debug msg="Downloaded d9cdac769794238d9dfb143600a2ac4d8555eb2a72a6f47aa89ed70adc6b3cb8 to tempfile /usr/docker/tmp/GetV2ImageBlob143115781" 
time="2017-08-09T22:26:20.529116643+09:00" level=debug msg="[zfs] zfs destroy -r zroot/docker/d9cdac769794238d9dfb143600a2ac4d8555eb2a72a6f47aa89ed70adc6b3cb8" 
time="2017-08-09T22:26:20.536360404+09:00" level=debug msg="[zfs] zfs create -o mountpoint=legacy zroot/docker/d9cdac769794238d9dfb143600a2ac4d8555eb2a72a6f47aa89ed70adc6b3cb8" 
time="2017-08-09T22:26:20.955105243+09:00" level=debug msg="[zfs] zfs get -Hp all zroot/docker/d9cdac769794238d9dfb143600a2ac4d8555eb2a72a6f47aa89ed70adc6b3cb8" 
time="2017-08-09T22:26:20.969135171+09:00" level=debug msg="[zfs] mount(\"zroot/docker/d9cdac769794238d9dfb143600a2ac4d8555eb2a72a6f47aa89ed70adc6b3cb8\", \"/usr/docker/zfs/graph/d9cdac769794\", \"\")" 
time="2017-08-09T22:26:20.971874376+09:00" level=debug msg="Start untar layer" 
time="2017-08-09T22:26:22.172608099+09:00" level=debug msg="[zfs] unmount(\"/usr/docker/zfs/graph/d9cdac769794\")" 
time="2017-08-09T22:26:23.973636330+09:00" level=debug msg="[zfs] zfs destroy -r zroot/docker/d9cdac769794238d9dfb143600a2ac4d8555eb2a72a6f47aa89ed70adc6b3cb8" 
time="2017-08-09T22:26:24.057185247+09:00" level=error msg="Error from V2 registry: ApplyLayer exit status 1 stdout:  stderr: platform and architecture is not supported" 

time="2017-08-09T22:26:24.057262980+09:00" level=debug msg="image does not exist on v2 registry, falling back to v1" 

time="2017-08-09T22:26:24.057305023+09:00" level=debug msg="pulling v1 repository with local name \"centos\"" 
time="2017-08-09T22:26:24.057420399+09:00" level=debug msg="[registry] Calling GET https://index.docker.io/v1/repositories/library/centos/images" 
time="2017-08-09T22:26:24.057585641+09:00" level=debug msg="https://index.docker.io/v1/repositories/library/centos/images -- HEADERS: map[User-Agent:[docker/1.7.0-dev go/go1.8.3 git-commit/582db78 os/freebsd arch/amd64]]" 
time="2017-08-09T22:26:24.057692218+09:00" level=debug msg="hostDir: /etc/docker/certs.d/index.docker.io" 
time="2017-08-09T22:26:27.347391365+09:00" level=debug msg="Retrieving the tag list" 
time="2017-08-09T22:26:27.347715494+09:00" level=debug msg="https://registry-1.docker.io/v1/repositories/library/centos/tags -- HEADERS: map[User-Agent:[docker/1.7.0-dev go/go1.8.3 git-commit/582db78 os/freebsd arch/amd64]]" 
time="2017-08-09T22:26:27.347834292+09:00" level=debug msg="hostDir: /etc/docker/certs.d/registry-1.docker.io" 
time="2017-08-09T22:26:32.284101444+09:00" level=debug msg="Got status code 404 from https://registry-1.docker.io/v1/repositories/library/centos/tags" 
time="2017-08-09T22:26:32.284228065+09:00" level=error msg="unable to get remote tags: Repository not found" 

A message "platform and architecture is not supported" cames from untar process.

because ...

[ksmakoto@norikura ~/hoge]$ ls -l
total 70628
-rwxr-xr-x  1 ksmakoto  ksmakoto  72247497 Aug  9 22:26 GetV2ImageBlob143115781  # <== These are copy of downloaded files
-rwxr-xr-x  1 ksmakoto  ksmakoto        32 Aug  9 22:26 GetV2ImageBlob491235744
-rwxr-xr-x  1 ksmakoto  ksmakoto        32 Aug  9 22:26 GetV2ImageBlob942183358
[ksmakoto@norikura ~/hoge]$ tar tf GetV2ImageBlob143115781 > /dev/null
tar: Ignoring malformed pax extended attribute
tar: Ignoring malformed pax extended attribute
tar: Ignoring malformed pax extended attribute
tar: Error exit delayed from previous errors.
[ksmakoto@norikura ~/hoge]$ gzcat GetV2ImageBlob143115781 | strings | grep -B 1 -A 2 '^57 SCHILY\.xattr\.security\.capability='
0000000
57 SCHILY.xattr.security.capability=
usr/bin/ping
0100755
--
0000000
57 SCHILY.xattr.security.capability=
usr/sbin/arping
0100755
--
0000000
57 SCHILY.xattr.security.capability=
usr/sbin/clockdiff
0100755

This is a Docker base image file of Centos 7, and contains files with xattrs.

And because GNU tar form of xattrs, FreeBSD 10.3 basesystem tar (libarchive tar) considers it error, see also ...

• Add support for extracting SCHILY.xattr extended attributes by stefanberger · Pull Request #691 · libarchive/libarchive
• fails to parse gnu tar xattrs (CentOS Docker base image) · Issue #752 · libarchive/libarchive

Docker is extracting this file by github.com/docker/docker/pkg/archive.UnpackLayer

Following is backtrace of error (by my patched Docker).

github.com/docker/docker/pkg/archive.createTarFile
	/usr/ports/sysutils/docker-freebsd/work/docker-582db78/.gopath/src/github.com/docker/docker/pkg/archive/archive.go:348
github.com/docker/docker/pkg/archive.UnpackLayer
	/usr/ports/sysutils/docker-freebsd/work/docker-582db78/.gopath/src/github.com/docker/docker/pkg/archive/diff.go:127
github.com/docker/docker/pkg/chrootarchive.applyLayer
	/usr/ports/sysutils/docker-freebsd/work/docker-582db78/.gopath/src/github.com/docker/docker/pkg/chrootarchive/diff.go:39
github.com/docker/docker/pkg/reexec.Init
	/usr/ports/sysutils/docker-freebsd/work/docker-582db78/.gopath/src/github.com/docker/docker/pkg/reexec/reexec.go:26
main.main
	/usr/ports/sysutils/docker-freebsd/work/docker-582db78/docker/docker.go:29
runtime.main
	/usr/local/go/src/runtime/proc.go:185
runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:2197

Here is code (2 lines offset is by appended code for debugging patch),

   344		for key, value := range hdr.Xattrs {
   345			if err := system.Lsetxattr(path, key, []byte(value), 0); err != nil {
   346				return err
   347			}
   348		}

This system.Lsetxattr is github.com/docker/docker/pkg/system.Lsetxattr, and it is supported only Linux.

[ksmakoto@norikura /usr/ports/sysutils/docker-freebsd]$ ls -l work/docker-582db78/pkg/system/xattrs_*
-rw-r--r--  1 ksmakoto  wheel  1617 Jun  8  2015 work/docker-582db78/pkg/system/xattrs_linux.go
-rw-r--r--  1 ksmakoto  wheel   240 Jun  8  2015 work/docker-582db78/pkg/system/xattrs_unsupported.go
[ksmakoto@norikura /usr/ports/sysutils/docker-freebsd]$ cat work/docker-582db78/pkg/system/xattrs_unsupported.go
// +build !linux

package system

func Lgetxattr(path string, attr string) ([]byte, error) {
	return nil, ErrNotSupportedPlatform
}

func Lsetxattr(path string, attr string, data []byte, flags int) error {
	return ErrNotSupportedPlatform
}

This is an origin of "platform and architecture is not supported" error.

See also ...

• https://fedoraproject.org/wiki/Features/RemoveSETUID
• Bug 1416087 – [RFE] clockdiff, arping, ping, ping6 use File Capabilities

This is all, thanks.