buildkit WCOW cannot seemingly run `RUN powershell ...`, while vanilla dockerd can

Question

buildkit WCOW cannot seemingly run `RUN powershell ...`, while vanilla dockerd can

Opened this issue 4 months ago · 5 comments

Dockerfile:

FROM mcr.microsoft.com/windows/servercore:ltsc2022
# example: install chocolatey
RUN powershell -NoProfile -ExecutionPolicy Bypass -Command "[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))"

This errors with "is not a command" on buildkit / containerd (latest), runs fine in dockerd.

Answer 1 · 2024-05-06T13:51:05.000Z

To provide a bit more context:

The following works:

FROM mcr.microsoft.com/windows/servercore:ltsc2022
RUN C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe write-host Hello

# Outputs: Hello

While this doesn't:

FROM mcr.microsoft.com/windows/servercore:ltsc2022
RUN powershell.exe write-host Hello

# Error: 'powershell.exe' is not recognized as an internal or external command,
# operable program or batch file.

Seems that it doesn't load the PATH correctly. Docker/nerdctl works fine:

nerdctl.exe run --rm -it mcr.microsoft.com/windows/servercore:ltsc2022 powershell hello

# Outputs: hello

Additionally, buildkit seems to persist the PATH issue to the generated image:

# Default servercore
nerdctl run --rm mcr.microsoft.com/windows/servercore:ltsc2022 cmd /c echo %PATH%
# C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\ContainerAdministrator\AppData\Local\Microsoft\WindowsApps

# image built with buildkit based on servercore
nerdctl run --rm -it my-buildkit-image:latest cmd /c echo %PATH%
# c:\Windows\System32;c:\Windows

Versions:
containerd v1.7.16
buildkitd v0.13.2

Answer 2 · 2024-05-07T17:15:34.000Z

ref #4895 #3158

Answer 3 · 2024-05-13T04:51:37.000Z

Sure, we're picking up this discussion from #3158 // For the time-being, a work-around will be adding this at the beginning:

SHELL ["C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell"]

Answer 4 · 2024-05-13T04:53:14.000Z

/cc. @danielGithinji

Answer 5 · 2024-06-13T05:53:59.000Z

Another workaround that should help solve this issue is by changing the PATH environment variable. This can be done by using the ENV dockerfile command i.e:

ENV PATH="C\yourPath

By using docker you can also grab the container path and use the ENV command to modify the path in your dockerfile as shown above. That way any executable in the path will be accessible.

A docker command to grab the path is as follows:

docker run -it mcr.microsoft.com/windows/servercore:ltsc2022 cmd /S /C set path