very high UID prevents download in rootless podman

Question

very high UID prevents download in rootless podman

Closed this issue a year ago · 4 comments

When downloading the current latest tag, podman pull fails with

Error: writing blob: adding layer with blob "sha256:aea670ed7311c721f74cb6c9984ac17a3f09f100c8ecb92bcc17ddbef7fb6444":
 processing tar file(potentially insufficient UIDs or GIDs available in user namespace
 (requested 1516583083:0 for /app/node_modules/content-type/HISTORY.md):

Since /etc/subuid generally only sets aside a namespace of 65536 uids for each user, the very high UID (31 bits) falls way outside this range. It seems like a fluke and unnecessary problem to me.

As a workaround, I told podman to ignore chown errors - this only affects files in the image with UID > 65536 (in my case). Put the following in ~/.config/containers/storage.conf:

[storage]
  driver = "overlay"
  [storage.options]
    ignore_chown_errors = "1"

Answer 1 · 2023-04-24T16:21:35.000Z

Not sure I understand. What does this have to do with this project reveal-md?

Answer 2 · 2023-04-26T08:25:24.000Z

It affects the container published as docker.io/webpronl/reveal-md

I haven't checked where the code for building the container actually is, I just assumed it was related to this project...

Answer 3 · 2024-01-02T18:28:37.000Z

Here's how the containers are published: https://github.com/webpro/reveal-md/blob/main/.github/workflows/publish-container.yaml

Not sure how I can do something about the issue as described, so I'm going to close this issue.

Answer 4 · 2024-01-02T22:16:44.000Z

ok, the problem probably came from the upstream image then? or perhaps the npm binary?

in any case, the current latest image no longer has the problem, so closing is correct :)