It appears that yum's dependency resolution behaves differently depending on whether it is invoked from the RUN statement of a Dockerfile, or from docker run. Consider this Dockerfile: The docker build fails on the last command. The full output is included below, but basically yum selects packages for both i386 and x86_64. But running the same commands from docker run

yum dependency resolution behaves differently in docker build vs docker run

It appears that yum’s dependency resolution behaves differently depending on whether it is invoked from the RUN statement of a Dockerfile, or from docker run.

Consider this Dockerfile:

FROM themattrix/centos5-vault-i386
RUN rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm
RUN yum update -y

JavaScript
​x
 
FROM themattrix/centos5-vault-i386RUN rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpmRUN yum update -y​

The docker build fails on the last command. The full output is included below, but basically yum selects packages for both i386 and x86_64.

But running the same commands from docker run works! No packages for x86_64 are selected.

docker run --rm themattrix/centos5-vault-i386 sh -c "
    rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm &&
    yum update -y"

JavaScript
 
docker run --rm themattrix/centos5-vault-i386 sh -c "    rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm &&    yum update -y"​

What could explain this strange behaviour?

And how to get the Dockerfile to build?

Environment

$ uname -srmp
Darwin 17.7.0 x86_64 i386

$ docker -v
Docker version 18.09.2, build 6247962

JavaScript
 
$ uname -srmpDarwin 17.7.0 x86_64 i386​$ docker -vDocker version 18.09.2, build 6247962​

Output from docker build

$ docker build .
Sending build context to Docker daemon  6.656kB
Step 1/3 : FROM themattrix/centos5-vault-i386
 ---> 5706f03d3346
Step 2/3 : RUN rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm
 ---> Using cache
 ---> ee89f27432c1
Step 3/3 : RUN yum update -y
 ---> Running in 19e822b9dccc
Loaded plugins: fastestmirror
Determining fastest mirrors
 * epel: ftp-stud.hs-esslingen.de
Reducing CentOS-5 - libselinux to included packages only
Finished
Setting up Update Process
Resolving Dependencies
--> Running transaction check
--> Processing Dependency: libselinux = 1.33.4-5.7.el5 for package: libselinux-python
--> Processing Dependency: libselinux = 1.33.4-5.7.el5 for package: libselinux-utils
---> Package libselinux.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package libselinux-devel.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package tuxad-release.noarch 0:5-7 set to be updated
--> Running transaction check
---> Package libselinux.x86_64 0:1.33.4-5.7.el5 set to be updated
--> Processing Dependency: libc.so.6(GLIBC_2.2.5)(64bit) for package: libselinux
--> Processing Dependency: ld-linux-x86-64.so.2(GLIBC_2.3)(64bit) for package: libselinux
--> Processing Dependency: ld-linux-x86-64.so.2()(64bit) for package: libselinux
--> Processing Dependency: libc.so.6(GLIBC_2.3)(64bit) for package: libselinux
--> Processing Dependency: libc.so.6(GLIBC_2.4)(64bit) for package: libselinux
--> Processing Dependency: libc.so.6(GLIBC_2.3.4)(64bit) for package: libselinux
--> Processing Dependency: libdl.so.2()(64bit) for package: libselinux
--> Processing Dependency: libc.so.6()(64bit) for package: libselinux
--> Processing Dependency: libsepol.so.1()(64bit) for package: libselinux
--> Running transaction check
---> Package glibc.x86_64 0:2.5-123.el5_11.3 set to be updated
---> Package libsepol.x86_64 0:1.15.2-3.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package              Arch       Version                   Repository      Size
================================================================================
Updating:
 libselinux           i386       1.33.4-5.7.el5.centos     libselinux      77 k
 libselinux-devel     i386       1.33.4-5.7.el5.centos     libselinux     144 k
 tuxad-release        noarch     5-7                       tuxad           13 k
Installing for dependencies:
 glibc                x86_64     2.5-123.el5_11.3          updates        4.8 M
 libselinux           x86_64     1.33.4-5.7.el5            base            78 k
 libsepol             x86_64     1.15.2-3.el5              base           131 k

Transaction Summary
================================================================================
Install       3 Package(s)
Upgrade       3 Package(s)

Total download size: 5.2 M
Downloading Packages:
--------------------------------------------------------------------------------
Total                                           925 kB/s | 5.2 MB     00:05
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID a95f6f37
Importing GPG key 0xA95F6F37 "Frank W. Bergmann (tuxad.com) <gpg20160322@tuxad.com>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-TUXAD-A95F6F37
Running rpm_check_debug
ERROR with rpm_check_debug vs depsolve:
libselinux is needed by (installed) libselinux-utils-1.33.4-5.7.el5.i386
libselinux is needed by (installed) libselinux-python-1.33.4-5.7.el5.i386
Complete!
(1, [u'Please report this error in http://bugs.centos.org/yum5bug'])
The command '/bin/sh -c yum update -y' returned a non-zero code: 1

JavaScript
 
$ docker build .Sending build context to Docker daemon  6.656kBStep 1/3 : FROM themattrix/centos5-vault-i386 ---> 5706f03d3346Step 2/3 : RUN rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm ---> Using cache ---> ee89f27432c1Step 3/3 : RUN yum update -y ---> Running in 19e822b9dcccLoaded plugins: fastestmirrorDetermining fastest mirrors * epel: ftp-stud.hs-esslingen.deReducing CentOS-5 - libselinux to included packages onlyFinishedSetting up Update ProcessResolving Dependencies--> Running transaction check--> Processing Dependency: libselinux = 1.33.4-5.7.el5 for package: libselinux-python--> Processing Dependency: libselinux = 1.33.4-5.7.el5 for package: libselinux-utils---> Package libselinux.i386 0:1.33.4-5.7.el5.centos set to be updated---> Package libselinux-devel.i386 0:1.33.4-5.7.el5.centos set to be updated---> Package tuxad-release.noarch 0:5-7 set to be updated--> Running transaction check---> Package libselinux.x86_64 0:1.33.4-5.7.el5 set to be updated--> Processing Dependency: libc.so.6(GLIBC_2.2.5)(64bit) for package: libselinux--> Processing Dependency: ld-linux-x86-64.so.2(GLIBC_2.3)(64bit) for package: libselinux--> Processing Dependency: ld-linux-x86-64.so.2()(64bit) for package: libselinux--> Processing Dependency: libc.so.6(GLIBC_2.3)(64bit) for package: libselinux--> Processing Dependency: libc.so.6(GLIBC_2.4)(64bit) for package: libselinux--> Processing Dependency: libc.so.6(GLIBC_2.3.4)(64bit) for package: libselinux--> Processing Dependency: libdl.so.2()(64bit) for package: libselinux--> Processing Dependency: libc.so.6()(64bit) for package: libselinux--> Processing Dependency: libsepol.so.1()(64bit) for package: libselinux--> Running transaction check---> Package glibc.x86_64 0:2.5-123.el5_11.3 set to be updated---> Package libsepol.x86_64 0:1.15.2-3.el5 set to be updated--> Finished Dependency Resolution​Dependencies Resolved​================================================================================ Package              Arch       Version                   Repository      Size================================================================================Updating: libselinux           i386       1.33.4-5.7.el5.centos     libselinux      77 k libselinux-devel     i386       1.33.4-5.7.el5.centos     libselinux     144 k tuxad-release        noarch     5-7                       tuxad           13 kInstalling for dependencies: glibc                x86_64     2.5-123.el5_11.3          updates        4.8 M libselinux           x86_64     1.33.4-5.7.el5            base            78 k libsepol             x86_64     1.15.2-3.el5              base           131 k​Transaction Summary================================================================================Install       3 Package(s)Upgrade       3 Package(s)​Total download size: 5.2 MDownloading Packages:--------------------------------------------------------------------------------Total                                           925 kB/s | 5.2 MB     00:05warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID a95f6f37Importing GPG key 0xA95F6F37 "Frank W. Bergmann (tuxad.com) <gpg20160322@tuxad.com>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-TUXAD-A95F6F37Running rpm_check_debugERROR with rpm_check_debug vs depsolve:libselinux is needed by (installed) libselinux-utils-1.33.4-5.7.el5.i386libselinux is needed by (installed) libselinux-python-1.33.4-5.7.el5.i386Complete!(1, [u'Please report this error in http://bugs.centos.org/yum5bug'])The command '/bin/sh -c yum update -y' returned a non-zero code: 1​

Output from docker run

$ docker run --rm themattrix/centos5-vault-i386 sh -c "rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm && yum update -y"
warning: /var/tmp/rpm-xfer.ZSEYyZ: Header V3 DSA signature: NOKEY, key ID a95f6f37
Loaded plugins: fastestmirror
Determining fastest mirrors
 * epel: ftp-stud.hs-esslingen.de
Reducing CentOS-5 - libselinux to included packages only
Finished
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package curl.i386 0:7.15.5-17.el5_11.1 set to be updated
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.1) for package: curl
--> Processing Dependency: libssl.so.10 for package: curl
--> Processing Dependency: libcrypto.so.10(libcrypto.so.10) for package: curl
--> Processing Dependency: libcrypto.so.10 for package: curl
--> Processing Dependency: libssl.so.10(libssl.so.10) for package: curl
---> Package kernel-headers.i386 0:2.6.18-419.el5 set to be updated
---> Package libselinux.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package libselinux-devel.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package libselinux-python.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package libselinux-utils.i386 0:1.33.4-5.7.el5.centos set to be updated
---> Package openldap.i386 0:2.3.43-29.el5_11.openssl1 set to be updated
---> Package openssl.i686 0:0.9.8e-40.el5_11.1 set to be updated
---> Package openssl-devel.i386 0:0.9.8e-40.el5_11.1 set to be updated
---> Package tuxad-release.noarch 0:5-7 set to be updated
---> Package tzdata.i386 0:2017b-1.el5 set to be updated
---> Package wget.i386 0:1.11.4-3.el5_11.2.1 set to be updated
--> Running transaction check
---> Package openssl1.i686 0:1.0.1e-57.1.el5_11 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package             Arch     Version                        Repository    Size
================================================================================
Updating:
 curl                i386     7.15.5-17.el5_11.1             tuxad        893 k
 kernel-headers      i386     2.6.18-419.el5                 updates      1.5 M
 libselinux          i386     1.33.4-5.7.el5.centos          libselinux    77 k
 libselinux-devel    i386     1.33.4-5.7.el5.centos          libselinux   144 k
 libselinux-python   i386     1.33.4-5.7.el5.centos          libselinux    73 k
 libselinux-utils    i386     1.33.4-5.7.el5.centos          libselinux    55 k
 openldap            i386     2.3.43-29.el5_11.openssl1      tuxad        717 k
 openssl             i686     0.9.8e-40.el5_11.1             tuxad        2.9 M
 openssl-devel       i386     0.9.8e-40.el5_11.1             tuxad        1.9 M
 tuxad-release       noarch   5-7                            tuxad         13 k
 tzdata              i386     2017b-1.el5                    updates      757 k
 wget                i386     1.11.4-3.el5_11.2.1            tuxad        593 k
Installing for dependencies:
 openssl1            i686     1.0.1e-57.1.el5_11             tuxad        3.5 M

Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade      12 Package(s)

Total download size: 13 M
Downloading Packages:
--------------------------------------------------------------------------------
Total                                           1.4 MB/s |  13 MB     00:09
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID a95f6f37
Importing GPG key 0xA95F6F37 "Frank W. Bergmann (tuxad.com) <gpg20160322@tuxad.com>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-TUXAD-A95F6F37
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : openssl                                                 1/25
  Updating       : libselinux                                              2/25
  Updating       : libselinux-devel                                        3/25
  Updating       : openssl-devel                                           4/25
  Updating       : tzdata                                                  5/25
  Updating       : kernel-headers                                          6/25
  Updating       : tuxad-release                                           7/25
  Installing     : openssl1                                                8/25
  Updating       : openldap                                                9/25
  Updating       : curl                                                   10/25
  Updating       : wget                                                   11/25
  Updating       : libselinux-utils                                       12/25
  Updating       : libselinux-python                                      13/25
  Cleanup        : libselinux                                             14/25
  Cleanup        : tuxad-release                                          15/25
  Cleanup        : wget                                                   16/25
  Cleanup        : libselinux-devel                                       17/25
  Cleanup        : openssl-devel                                          18/25
  Cleanup        : kernel-headers                                         19/25
  Cleanup        : tzdata                                                 20/25
  Cleanup        : libselinux-utils                                       21/25
  Cleanup        : openldap                                               22/25
  Cleanup        : curl                                                   23/25
  Cleanup        : libselinux-python                                      24/25
  Cleanup        : openssl                                                25/25

Dependency Installed:
  openssl1.i686 0:1.0.1e-57.1.el5_11

Updated:
  curl.i386 0:7.15.5-17.el5_11.1
  kernel-headers.i386 0:2.6.18-419.el5
  libselinux.i386 0:1.33.4-5.7.el5.centos
  libselinux-devel.i386 0:1.33.4-5.7.el5.centos
  libselinux-python.i386 0:1.33.4-5.7.el5.centos
  libselinux-utils.i386 0:1.33.4-5.7.el5.centos
  openldap.i386 0:2.3.43-29.el5_11.openssl1
  openssl.i686 0:0.9.8e-40.el5_11.1
  openssl-devel.i386 0:0.9.8e-40.el5_11.1
  tuxad-release.noarch 0:5-7
  tzdata.i386 0:2017b-1.el5
  wget.i386 0:1.11.4-3.el5_11.2.1

Complete!

JavaScript
 
$ docker run --rm themattrix/centos5-vault-i386 sh -c "rpm -i http://www.tuxad.com/rpms/tuxad-release-5-1.noarch.rpm && yum update -y"warning: /var/tmp/rpm-xfer.ZSEYyZ: Header V3 DSA signature: NOKEY, key ID a95f6f37Loaded plugins: fastestmirrorDetermining fastest mirrors * epel: ftp-stud.hs-esslingen.deReducing CentOS-5 - libselinux to included packages onlyFinishedSetting up Update ProcessResolving Dependencies--> Running transaction check---> Package curl.i386 0:7.15.5-17.el5_11.1 set to be updated--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.1) for package: curl--> Processing Dependency: libssl.so.10 for package: curl--> Processing Dependency: libcrypto.so.10(libcrypto.so.10) for package: curl--> Processing Dependency: libcrypto.so.10 for package: curl--> Processing Dependency: libssl.so.10(libssl.so.10) for package: curl---> Package kernel-headers.i386 0:2.6.18-419.el5 set to be updated---> Package libselinux.i386 0:1.33.4-5.7.el5.centos set to be updated---> Package libselinux-devel.i386 0:1.33.4-5.7.el5.centos set to be updated---> Package libselinux-python.i386 0:1.33.4-5.7.el5.centos set to be updated---> Package libselinux-utils.i386 0:1.33.4-5.7.el5.centos set to be updated---> Package openldap.i386 0:2.3.43-29.el5_11.openssl1 set to be updated---> Package openssl.i686 0:0.9.8e-40.el5_11.1 set to be updated---> Package openssl-devel.i386 0:0.9.8e-40.el5_11.1 set to be updated---> Package tuxad-release.noarch 0:5-7 set to be updated---> Package tzdata.i386 0:2017b-1.el5 set to be updated---> Package wget.i386 0:1.11.4-3.el5_11.2.1 set to be updated--> Running transaction check---> Package openssl1.i686 0:1.0.1e-57.1.el5_11 set to be updated--> Finished Dependency Resolution​Dependencies Resolved​================================================================================ Package             Arch     Version                        Repository    Size================================================================================Updating: curl                i386     7.15.5-17.el5_11.1             tuxad        893 k kernel-headers      i386     2.6.18-419.el5                 updates      1.5 M libselinux          i386     1.33.4-5.7.el5.centos          libselinux    77 k libselinux-devel    i386     1.33.4-5.7.el5.centos          libselinux   144 k libselinux-python   i386     1.33.4-5.7.el5.centos          libselinux    73 k libselinux-utils    i386     1.33.4-5.7.el5.centos          libselinux    55 k openldap            i386     2.3.43-29.el5_11.openssl1      tuxad        717 k openssl             i686     0.9.8e-40.el5_11.1             tuxad        2.9 M openssl-devel       i386     0.9.8e-40.el5_11.1             tuxad        1.9 M tuxad-release       noarch   5-7                            tuxad         13 k tzdata              i386     2017b-1.el5                    updates      757 k wget                i386     1.11.4-3.el5_11.2.1            tuxad        593 kInstalling for dependencies: openssl1            i686     1.0.1e-57.1.el5_11             tuxad        3.5 M​Transaction Summary================================================================================Install       1 Package(s)Upgrade      12 Package(s)​Total download size: 13 MDownloading Packages:--------------------------------------------------------------------------------Total                                           1.4 MB/s |  13 MB     00:09warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID a95f6f37Importing GPG key 0xA95F6F37 "Frank W. Bergmann (tuxad.com) <gpg20160322@tuxad.com>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-TUXAD-A95F6F37Running rpm_check_debugRunning Transaction TestFinished Transaction TestTransaction Test SucceededRunning Transaction  Updating       : openssl                                                 1/25  Updating       : libselinux                                              2/25  Updating       : libselinux-devel                                        3/25  Updating       : openssl-devel                                           4/25  Updating       : tzdata                                                  5/25  Updating       : kernel-headers                                          6/25  Updating       : tuxad-release                                           7/25  Installing     : openssl1                                                8/25  Updating       : openldap                                                9/25  Updating       : curl                                                   10/25  Updating       : wget                                                   11/25  Updating       : libselinux-utils                                       12/25  Updating       : libselinux-python                                      13/25  Cleanup        : libselinux                                             14/25  Cleanup        : tuxad-release                                          15/25  Cleanup        : wget                                                   16/25  Cleanup        : libselinux-devel                                       17/25  Cleanup        : openssl-devel                                          18/25  Cleanup        : kernel-headers                                         19/25  Cleanup        : tzdata                                                 20/25  Cleanup        : libselinux-utils                                       21/25  Cleanup        : openldap                                               22/25  Cleanup        : curl                                                   23/25  Cleanup        : libselinux-python                                      24/25  Cleanup        : openssl                                                25/25​Dependency Installed:  openssl1.i686 0:1.0.1e-57.1.el5_11​Updated:  curl.i386 0:7.15.5-17.el5_11.1  kernel-headers.i386 0:2.6.18-419.el5  libselinux.i386 0:1.33.4-5.7.el5.centos  libselinux-devel.i386 0:1.33.4-5.7.el5.centos  libselinux-python.i386 0:1.33.4-5.7.el5.centos  libselinux-utils.i386 0:1.33.4-5.7.el5.centos  openldap.i386 0:2.3.43-29.el5_11.openssl1  openssl.i686 0:0.9.8e-40.el5_11.1  openssl-devel.i386 0:0.9.8e-40.el5_11.1  tuxad-release.noarch 0:5-7  tzdata.i386 0:2017b-1.el5  wget.i386 0:1.11.4-3.el5_11.2.1​Complete!​

Answer

The reason is that the package manager relies on the information provided by the kernel (via uname(2)) to decide which versions of packages (for which target architecture) should it install. Though your base image has i386 environment inside, you still run the build on x86_64 kernel, so things become a bit tricky.

When you run the container using docker run, you pass through the entrypoint linux32 – a small program which asks the kernel to pretend that it runs on i386 hardware. However, when you run docker build, the entrypoint is not used by RUNs, so yum sees that it runs on x86_64 kernel, hence the mess with platforms. You may check this answer for more detailed explanation; the issue is pretty similar.

To build your image correctly (installing only i386 packages), run yum and other architecture-sensitive commands in RUNs under linux32, e.g.:

RUN linux32 yum update -y

JavaScript
 
RUN linux32 yum update -y​

Advertisement

Answer