Skip to content

setting/modifying environment variables in dockerfile unclear #13289

New issue
New issue
Open
Open
setting/modifying environment variables in dockerfile unclear#13289

Description

@solstice333

solstice333
openedon Mar 8, 2023

  • I have tried with the latest version of Docker Desktop
  • I have tried disabling enabled experimental features
  • I have uploaded Diagnostics
  • Diagnostics ID: BA40D1ED-7C70-4762-99A6-12AB3F8468D0/20230308224739

Actual behavior, expected behavior, reproduction

ENV is discouraged in windows-docker for prepending/appending environment variables. Using RUN instruction, with SHELL ["powershell", "-Command"], as a way to set/modify environment variables leads to unclear or undocumented behavior:

# Actual: prepends and appends C:\bar to User PATH. Also appends C:\bar to 
# Process PATH. 
# Expected: set User PATH to literally "C:\bar;%PATH%". Since this is
# exec-array form, there is nothing to expand %PATH% 
RUN ["setx", "PATH", "C:\\bar;%PATH%"]

# Actual: docker-build succeeds, but docker-run fails with corrupt PATH
# Expected: set Machine/System PATH to literally "C:\bar;%PATH%". Since this is
# exec-array form, there is nothing to expand %PATH% 
RUN ["setx", "/m", "PATH", "C:\\bar;%PATH%"]

# Actual: docker-build fails with "Invalid syntax. Default option is not 
# allowed more than '2' time(s)." I suspect the escaped/literal double quotes 
# are being pruned by docker-engine for some reason. 
# Expected: `User Path = C:\bar + Process PATH`. %PATH% should expand since 
# `cmd` is the first argument in the exec array. The entire array probably 
# would be stringified and forwarded to `CreateProcess()`
RUN ["cmd", "/s", "/c", "setx PATH \"C:\\bar;%PATH%\""]

# Actual: same as above without /m
# Expected: `Machine/System Path = C:\bar + Process PATH`. %PATH% should expand 
# since `cmd` is the first argument in the exec array. The entire array 
# probably would be stringified and forwarded to `CreateProcess()`
RUN ["cmd", "/s", "/c", "setx /m PATH \"C:\\bar;%PATH%\""]

The only reliable approaches to set/modify environment variables in this context are the following:

# Actual: `User PATH = C:\bar + User PATH`
# Expected: This fine. Same as Actual. Seems like when 
# `Process PATH = Machine/System PATH + User PATH` is done, what actually
# occurs is that each path in User PATH is appended only if it is unique
RUN setx PATH \"C:\\bar;$([System.Environment]::GetEnvironmentVariable('PATH', [System.EnvironmentVariableTarget]::User))\"

# Actual: Machine/System PATH = C:\bar + Machine/System PATH
# Expected: This fine. Same as Actual. Seems like when 
# `Process PATH = Machine/System PATH + User PATH` is done, what actually
# occurs is that each path in User PATH is appended only if it is unique
RUN setx /m PATH \"C:\\bar;$([System.Environment]::GetEnvironmentVariable('PATH', [System.EnvironmentVariableTarget]::Machine))\"

but neither are officially documented AFAIK.

All of the reproduction steps and actual/expected behavior are documented/implemented here. Clone the project and follow the steps in the readme.

Information

  • Windows Version: see docker-info below
  • Docker Desktop Version: 4.17.0 (99724)
  • WSL2 or Hyper-V backend? see docker-info below
  • Are you running inside a virtualized Windows e.g. on a cloud server or a VM: no
  • docker-info:
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.10.3)
  compose: Docker Compose (Docker Inc., v2.15.1)
  dev: Docker Dev Environments (Docker Inc., v0.1.0)
  extension: Manages Docker extensions (Docker Inc., v0.2.18)
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
  scan: Docker Scan (Docker Inc., v0.25.0)
  scout: Command line tool for Docker Scout (Docker Inc., v0.6.0)

Server:
 Containers: 14
  Running: 1
  Paused: 0
  Stopped: 13
 Images: 53
 Server Version: 20.10.23
 Storage Driver: windowsfilter
  Windows:
 Logging Driver: json-file
 Plugins:
  Volume: local
  Network: ics internal l2bridge l2tunnel nat null overlay private transparent
  Log: awslogs etwlogs fluentd gcplogs gelf json-file local logentries splunk syslog
 Swarm: inactive
 Default Isolation: hyperv
 Kernel Version: 10.0 18362 (18362.1.amd64fre.19h1_release.190318-1202)
 Operating System: Windows 10 Pro Version 1903 (OS Build 18362.1256)
 OSType: windows
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.86GiB
 Name: NSC-KNAVERO
 ID: UDSU:HFTF:BBTJ:LDGU:VT2J:SGT4:GMCY:6UCY:SVGR:J7NS:URVG:SU6Q
 Docker Root Dir: C:\ProgramData\Docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

Output of & "C:\Program Files\Docker\Docker\resources\com.docker.diagnose.exe" check

[2023-03-08T22:35:55.775999600Z][com.docker.diagnose.exe][W] Windows version might not be up-to-date: The system cannot find the file specified.
[2023-03-08T22:35:55.798776300Z][com.docker.diagnose.exe][I] set path configuration to OnHost
Starting diagnostics

[PASS] DD0027: is there available disk space on the host?
[PASS] DD0028: is there available VM disk space?
[PASS] DD0002: does the bootloader have virtualization enabled?
[SKIP] DD0018: does the host support virtualization?
[PASS] DD0001: is the application running?
[PASS] DD0017: can a VM be started?
[PASS] DD0016: is the LinuxKit VM running?
[PASS] DD0011: are the LinuxKit services running?
[PASS] DD0023: is the Containers Windows Feature enabled?
[PASS] DD0004: is the Docker engine running?
[PASS] DD0015: are the binary symlinks installed?
[PASS] DD0031: does the Docker API work?
[PASS] DD0013: is the $PATH ok?
[PASS] DD0003: is the Docker CLI working?
[PASS] DD0005: is the user in the docker-users group?
[PASS] DD0038: is the connection to Docker working?
[PASS] DD0014: are the backend processes running?
[PASS] DD0007: is the backend responding?
[PASS] DD0008: is the native API responding?
[PASS] DD0009: is the vpnkit API responding?
[PASS] DD0010: is the Docker API proxy responding?
[PASS] DD0006: is the Docker Desktop Service responding?
[SKIP] DD0030: is the image access management authorized?
[PASS] DD0033: does the host have Internet access?
[PASS] DD0002: does the bootloader have virtualization enabled?
[PASS] DD0018: does the host support virtualization?
[PASS] DD0001: is the application running?
[PASS] DD0017: can a VM be started?
[PASS] DD0016: is the LinuxKit VM running?
[PASS] DD0011: are the LinuxKit services running?
[PASS] DD0023: is the Containers Windows Feature enabled?
[PASS] DD0004: is the Docker engine running?
[PASS] DD0015: are the binary symlinks installed?
[PASS] DD0031: does the Docker API work?
[WARN] DD0032: do Docker networks overlap with host IPs? network bridge has subnet 172.17.0.0/16 which overlaps with host IP 172.17.245.97

Please note the following 1 warning:

1 : The check: do Docker networks overlap with host IPs?
    Produced the following warning: network bridge has subnet 172.17.0.0/16 which overlaps with host IP 172.17.245.97

If the subnet used by a Docker network overlaps with an IP used by the host, then containers
won't be able to contact the overlapping IP addresses.

Try configuring the IP address range used by networks: in your docker-compose.yml.
See https://docs.docker.com/compose/compose-file/compose-file-v2/#ipv4_address-ipv6_address

No fatal errors detected.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    lifecycle/staleversion/10.0 18362

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions