podman build --secret does not behave the same as docker

[rodrigc]

Description

podman build --secret does not behave the same way as docker.

I compared podman's behavior with Docker version 20.10.11, build dea9396.

I also looked at the Docker documentation here:

https://docs.docker.com/develop/develop-images/build_enhancements/
https://docs.docker.com/engine/reference/commandline/build/#options

Steps to reproduce the issue:

1. Use this Dockerfile:

FROM golang:1.17.5

RUN --mount=type=secret,id=rodrigc_token,target=/root/example.txt \
     cat /root/example.txt && \
     cp /root/example.txt /root/example2.txt

2. Use this Makefile:

DOCKER=docker
#DOCKER=podman

.PHONY: build-container
build-container:
	rm -f example.txt
	echo "EXAMPLE" > example.txt
	$(DOCKER) build --secret id=rodrigc_token,src=example.txt -t rodrigc6/example:tag1 .
	$(DOCKER) run --rm -t -i rodrigc6/example:tag1 cat /root/example2.txt

3. Build with docker:

make DOCKER=docker

The last line of output is:

EXAMPLE

4. Build with podman:

make DOCKER=podman

This results in an error:

cat: /root/example.txt: No such file or directory
Error: error building at STEP "RUN --mount=type=secret,id=rodrigc_token,target=/root/example.txt cat /root/example.txt &&      cp /root/example.txt /root/example2.txt": error while running runtime: exit status 1

make: *** [build-container] Error 125

Output of podman version if reporting a podman build issue:

podman version 3.4.4

Output of uname -a:

Darwin Craigs-MacBook-Pro-3.local 21.2.0 Darwin Kernel Version 21.2.0: Sun Nov 28 20:28:54 PST 2021; root:xnu-8019.61.5~1/RELEASE_X86_64 x86_64

MacOS Monterrey 12.1

[rhatdan]

@flouthoc PTAL

[rodrigc]

Thanks.

[rodrigc]

Also, in this blog post: https://pythonspeed.com/articles/docker-build-secrets/

There is an example of using the --secret flag with environment variables:

docker build --secret id=mysecret,env=MYSECRET .

I couldn't get that to work in podman either.

[flouthoc]

This a podman-remote use case hence I am moving this to podman.

[flouthoc]

@rodrigc I believe following is fixed with this PR for remote and mac users. Could you please check tests implemented in this following PR #12414

[rodrigc]

Looks like #12414 went into 85101f6 Which is tagged with v4.0.0-rc2 . I’m running podman 3.4.4

When will the Homebrew formula be updated to get this fix?

[mheon]

Release of v4.0.0 is expected sometime in February, with Homebrew probably lagging a week or so behind the upstream release to allow time for the virtual machine images we use to also update to v4.0.

[rodrigc]

I did the following:

brew uninstall podman
brew install --HEAD podman

That installed this:

podman version

Client:       Podman Engine
Version:      4.0.0-dev
API Version:  4.0.0-dev
Go Version:   go1.17.6
Git Commit:   b75d6baf074a61f2119b8619c86bd2fae1cb2833
Built:        Mon Jan 24 06:30:23 2022
OS/Arch:      darwin/amd64

Server:       Podman Engine
Version:      3.4.4
API Version:  3.4.4
Go Version:   go1.16.8

Built:      Wed Dec  8 13:45:07 2021
OS/Arch:    linux/amd64

podman-remote version

podman-remote version
Client:       Podman Engine
Version:      4.0.0-dev
API Version:  4.0.0-dev
Go Version:   go1.17.6
Git Commit:   b75d6baf074a61f2119b8619c86bd2fae1cb2833
Built:        Mon Jan 24 06:30:23 2022
OS/Arch:      darwin/amd64

Server:       Podman Engine
Version:      3.4.4
API Version:  3.4.4
Go Version:   go1.16.8

Built:      Wed Dec  8 13:45:07 2021
OS/Arch:    linux/amd64

I ran into the same problem with the testcase which I provided.

[rodrigc]

podman machine init installs a VM with podman 3.4.4 in it.
Is there a way I can install a VM with a newer podman, such as the podman from the master branch, in order to test this fix?

[rhatdan]

No, no VM has been created with that yet.