Pacman doesn't work in Docker image

EDIT3: This is now fixed, and glibc has been added to /etc/pacman.conf as a HoldPkg to prevent an official image from failing in the future.

EDIT2: Add this before & after running pacman anywhere inside the Dockerfile.

# TEMP-FIX for pacman issue
RUN patched_glibc=glibc-linux4-2.33-4-x86_64.pkg.tar.zst \
    && curl -LO "https://raw.githubusercontent.com/sickcodes/Docker-OSX/master/${patched_glibc}" \
    && bsdtar -C / -xvf "${patched_glibc}" || echo "Everything is fine."
# TEMP-FIX for pacman issue

I added it 4 times inside our Dockerfile: https://github.com/sickcodes/Docker-OSX/pull/159

EDIT: An unofficial patch is available, which we copied from: https://github.com/qutebrowser/qutebrowser/commit/478e4de7bd1f26bebdcdc166d5369b2b5142c3e2

# WORKAROUND for glibc 2.33 and old Docker
# See https://github.com/actions/virtual-environments/issues/2658
# Thanks to https://github.com/lxqt/lxqt-panel/pull/1562
RUN patched_glibc=glibc-linux4-2.33-4-x86_64.pkg.tar.zst && \
    curl -LO "https://repo.archlinuxcn.org/x86_64/$patched_glibc" && \
    bsdtar -C / -xvf "$patched_glibc"

ORIGINAL: This is a live bug, should be fixed (allegedly) this week.

https://bugs.archlinux.org/index.php?do=details&task_id=69563

The bug is due to backwards compatability of glibc 2.33, but almost every other distro will not build glibc 2.33 inside Docker.

If you build it on an Arch host, it will build.

It has to do with runc, which has actually already been patched, but we're waiting on one of two outcomes:

  • All of the other distros and building services catching up (don't hold your breath)
  • Or for this util-linux fix to be implemented: https://bugs.archlinux.org/index.php?do=details&task_id=69613

We have the exact same issue here preventing all hub.docker.com builds:

https://github.com/sickcodes/Docker-OSX/issues/144


As long as I understood it is because of privilege configuration with the Docker and running a container. When we login to the OS, it seems we are root but infact we do not have the right root permission. And here is a simple try:

root[0]docker:~# docker run -it archlinux:latest bash
[root@c565c90fdb7f /]# pacman
error: failed to initialize alpm library
(could not find or read directory: /var/lib/pacman/)
[root@c565c90fdb7f /]# exit
exit

but if we give the right root permission when we login to the container then it is okay.

root[0]docker:~# docker run -it --privileged=true archlinux:latest bash
[root@0d95575abec6 /]# dir
bin  boot  dev  etc  home  lib  lib64  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
[root@0d95575abec6 /]# pacman
warning: database file for 'core' does not exist (use '-Sy' to download)
warning: database file for 'extra' does not exist (use '-Sy' to download)
warning: database file for 'community' does not exist (use '-Sy' to download)
error: no operation specified (use -h for help)
[root@0d95575abec6 /]# pacman -Sy
:: Synchronizing package databases...
 core                                                                                                        131.2 KiB  10.7 MiB/s 00:00 [####################################################################################] 100%
 extra                                                                                                      1654.4 KiB   101 MiB/s 00:00 [####################################################################################] 100%
 community                                                                                                     5.4 MiB   270 MiB/s 00:00 [####################################################################################] 100%
[root@0d95575abec6 /]# exit
exit

So for login to Arch Linux this options --privileged=true should be used whereas for Debian , Alpine, Ubunut it seems we do not need it.


Has been tested on:

cat /etc/os-release

NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://www.archlinux.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://bugs.archlinux.org/"
LOGO=archlinux

and

 pacman -V

 .--.                  Pacman v5.2.2 - libalpm v12.0.2
/ _.-' .-.  .-.  .-.   Copyright (C) 2006-2020 Pacman Development Team
\  '-. '-'  '-'  '-'   Copyright (C) 2002-2006 Judd Vinet
 '--'
                       This program may be freely redistributed under
                       the terms of the GNU General Public License.

and Docker

docker -v
Docker version 19.03.6, build 369ce74a3c