buildx 无法构建多平台 docker 图像,因为它尝试复制 xattrs(扩展文件属性)但失败了

buildx fail building multiplatform docker image, becuase it try to copy xattrs (Extended file attributes) and fail doing this

我使用 buildx 在 gitlab-ci 中构建多平台 docker 镜像。但是 ci 在构建 docker 图像时失败了,因为它试图复制 xattrs 但未能做到这一点:

> [linux/arm/v7 2/4] RUN set -xe     && apk add --no-cache ca-certificates                           ffmpeg                           openssl                           aria2                           youtube-dl:
------
Dockerfile:8
--------------------
   7 |     
   8 | >>> RUN set -xe \
   9 | >>>     && apk add --no-cache ca-certificates \
  10 | >>>                           ffmpeg \
  11 | >>>                           openssl \
  12 | >>>                           aria2 \
  13 | >>>                           youtube-dl
  14 |     
--------------------
error: failed to solve: rpc error: code = Unknown desc = executor failed running [/dev/.buildkit_qemu_emulator /bin/sh -c set -xe     && apk add --no-cache ca-certificates                           ffmpeg                           openssl                           aria2                           youtube-dl]: failed to copy xattrs: failed to set xattr "security.selinux" on /tmp/buildkit-qemu-emulator371955051/dev/.buildkit_qemu_emulator: operation not supported

https://gitlab.com/Lukas1818/docker-youtube-dl-cron/-/jobs/1176558386#L181

我正在使用以下 ci:

variables:
  DOCKER_DRIVER: overlay2
  DOCKER_HOST: tcp://docker:2375/

docker-build:
  # Use the docker image with buildx for multiplatform build.
  image: lukas1818/docker-with-buildx:latest
  stage: build
  services:
    - docker:dind
  before_script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  # Default branch leaves tag empty (= latest tag)
  # All other branches are tagged with the escaped branch name (commit ref slug)
  script:
    - |
      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
        tag=""
        echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'"
      else
        tag=":$CI_COMMIT_REF_SLUG"
        echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
      fi
    - docker buildx create --use
    - docker buildx build --push --platform linux/arm/v7,linux/arm64/v8,linux/amd64 --tag "$CI_REGISTRY_IMAGE${tag}" .
  # Run this job in a branch where a Dockerfile exists
  rules:
    - if: $CI_COMMIT_BRANCH
      exists:
        - Dockerfile

https://gitlab.com/Lukas1818/docker-youtube-dl-cron/-/blob/d12adf7779f7df71de6e9b46aa342e9ff41d5dfb/.gitlab-ci.yml

Dockerfile:

#
# Dockerfile for youtube-dl
#

FROM alpine
MAINTAINER kev <noreply@easypi.pro>

RUN set -xe \
    && apk add --no-cache ca-certificates \
                          ffmpeg \
                          openssl \
                          aria2 \
                          youtube-dl

# Try to run it so we know it works
RUN youtube-dl --version

WORKDIR /data

ENTRYPOINT ["youtube-dl"]
CMD ["--help"]

在我的本地机器上,使用 sudo docker buildx build --platform linux/arm/v7,linux/arm64/v8,linux/amd64 . 构建确实可以正常工作。

运行 下面的命令首先解决了这个问题:

docker run --rm --privileged multiarch/qemu-user-static --reset -p yes before docker buildx create --use

参见:https://github.com/docker/buildx/issues/584#issuecomment-827122004