嘗試點子在DockerFile中安裝私有倉庫
[英]Trying to pip install a private repo in a DockerFile
問題描述
我正在嘗試安裝一個自定義Python程序包以在Flask Server中運行。 該服務器將在Docker映像中。 因此,我正在嘗試對RUN pip install git+ssh://git@bitbucket.org:teamName/reponame.git@dev#egg=packageName進行某種操作RUN pip install git+ssh://git@bitbucket.org:teamName/reponame.git@dev#egg=packageName但是,我嘗試過的任何方法都RUN pip install git+ssh://git@bitbucket.org:teamName/reponame.git@dev#egg=packageName 。
我嘗試了找到的兩種格式:
1) git+ssh://git@bitbucket.org:teamName/reponame.git@dev#egg=packageName
2) git+ssh://bitbucket.org/team/reponame.git@dev#egg=packageName
這兩種技術都給出類似的錯誤:
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
要么
ssh: Could not resolve hostname bitbucket.org:TeamName: Name does not resolve
fatal: Could not read from remote repository.
要么
root@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.
即使我的公鑰已在BitBucket中設置
這是Dockerfile:
Use an official Python runtime as a parent image
FROM python:3.6-alpine
#Preparation to pull from Github
ARG SSH_PRIVATE_KEY
RUN echo "Oh dang look at that ${SSH_PRIVATE_KEY}"
RUN apk update
RUN apk add --no-cache openssh \
git
RUN mkdir /root/.ssh/
RUN echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts
#install dependencies
RUN apk add --no-cache gcc \
bash \
tzdata \
g++ \
tiff-dev \
openssl \
poppler \
poppler-dev \
poppler-utils \
&& pip install --trusted-host pypi.python.org <THE_URL>
&& cp /usr/share/zoneinfo/America/that_place /etc/localtime \
&& echo "America/that_place" > /etc/timezone \
&& date
# Set the working directory to /app
WORKDIR ./my_dir
# Make port 5000 available to the world outside this container
EXPOSE 5000
#Remove SSH
RUN rm /root/.ssh/id_rsa
# Define environment variable
ENV NAME __main__
ENV FLASK_APP app/app.py
ENV FLASK_RUN_HOST 0.0.0.0
ENV GOOGLE_APPLICATION_CREDENTIALS ./resources/google/credentials.json
ENV GOOGLE_CLOUD_BUCKET_NAME bucket_name
# Run app.py when the container launches
CMD ["flask", "run"]
SSH密鑰作為參數傳遞給$(cat ./ssh/id_rsa)
1 個解決方案
解決方案1
1 已采納 2019-07-26 20:44:22
您不希望以這種方式傳遞SSH密鑰:它將最終出現在生成的映像中,因此有權訪問該映像的任何人都可以訪問您的SSH密鑰。
選項:
- 使用BuildKit,它具有內置的SSH代理轉發( https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds )。
- 我在這里描述的技術太復雜,無法涵蓋簡短的答案: https : //pythonspeed.com/articles/docker-build-secrets/
- 如果您不擔心泄漏私人SSH密鑰,請修復此設置。 我的猜測是您還需要
chmod 700 /root/.ssh。
Pip 在谷歌雲應用引擎中從私有 github repo 安裝 package
[英]Pip install package from private github repo in google cloud appengine
pip 從私有 github repo 安裝 package 與部署密鑰 Z05B6053C41A2130AFD6BDA3B
[英]pip install package from private github repo with deploy key in docker
Pip install with requirements.txt 從私人倉庫提示輸入密碼
[英]Pip install with requirements.txt from private repo prompting for password
pip 從私人倉庫安裝,但 PyPi 的要求僅安裝私人倉庫 package
[英]pip install from private repo but requirements from PyPi only installs private package
pip install --process-dependency-links app.whl不安裝私有存儲庫(分叉庫)
[英]pip install --process-dependency-links app.whl doesn't install private repo (forked library)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
從私有bitbucket回購tar.gz文件進行pip安裝
Pip 在谷歌雲應用引擎中從私有 github repo 安裝 package
來自私人 github repo 的 pip install wheel 版本
pip 從私有 github repo 安裝 package 與部署密鑰 Z05B6053C41A2130AFD6BDA3B
Pip install with requirements.txt 從私人倉庫提示輸入密碼
pip 從私人倉庫安裝,但來自 PyPi 的要求
pip 無法安裝包 - Dockerfile
pip 從私人倉庫安裝,但 PyPi 的要求僅安裝私人倉庫 package
pip install --process-dependency-links app.whl不安裝私有存儲庫(分叉庫)
pip安裝私有包
相關標簽