You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The value of the --pull flag on the run command is not validated against expected values (missing, always, never), this is error prone and can cause unexpected behavior and ignore other flags. This is particularly true given docker build has a --pull flag too with a different syntax.
We've been hit by this using a command like docker run --pull --rm …, which is actually being parsed as --pull=--rm and therefore a) not behaving as expected (we'd expected it to behave like --pull=always, just like docker build --pull) and b) ignoring/eating the --rm flag
Steps to reproduce the issue:
docker run --pull --rm hello-world
This step alone should be enough to reproduce (but behavior depends on context), but you can add:
docker pull hello-world
docker run --pull --rm hello-world
docker rmi hello-world
docker rmi -f hello-workd
docker run --pull --rm hello-world
Describe the results you received:
docker: Error response from daemon: No such image: hello-world:latest.
See 'docker run --help'.
Had I have the image locally, it would have used it without pulling it, and would have not removed the container.
With the above additional steps:
pulls the image
prints the hello world (but does not remove the container afterwards)
fails:
$ docker rmi hello-world
Error response from daemon: conflict: unable to remove repository reference "hello-world" (must force) - container a2824695f764 is
using its referenced image feb5d9fea6a5
removes the image
fails with the error above (No such image: hello-world:latest)
Describe the results you expected:
I expected this to pull the hello-world image (actually behaving like --pull=always, as we later discovered through docker run --help), or to tell me --rm is not a valid value for --pull.
Additional information you deem important (e.g. issue happens only occasionally):
Output of docker version:
Client:
Version: 20.10.17
API version: 1.41
Go version: go1.18.3
Git commit: 100c70180f
Built: Sat Jun 11 23:27:28 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.18.3
Git commit: a89b84221c
Built: Sat Jun 11 23:27:14 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1.m
runc:
Version: 1.1.3
GitCommit:
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Information above is on my laptop. We actually noticed the unexpected behavior on our CI server, where the step worked once on our pre-merge build (because at the time the image we use was available on the machine, as it had been built recently by another job) but later failed during a weekly build (as the image had been pruned since then)
The text was updated successfully, but these errors were encountered:
Thanks for reporting; it looks indeed that because --rm is no longer a boolean (which allows the value to be optional), it will always swallow what comes after, so the "value is optional" bit is broken. Wondering how to resolve that 🤔
oh! I'm actually wrong; the --pull options does not have a default (I was mixing it up with another option / proposal where we went from a boolean flag to a boolean or value), so it's indeed just the missing validation
Description
The value of the
--pull
flag on therun
command is not validated against expected values (missing
,always
,never
), this is error prone and can cause unexpected behavior and ignore other flags. This is particularly true givendocker build
has a--pull
flag too with a different syntax.We've been hit by this using a command like
docker run --pull --rm …
, which is actually being parsed as--pull=--rm
and therefore a) not behaving as expected (we'd expected it to behave like--pull=always
, just likedocker build --pull
) and b) ignoring/eating the--rm
flagSteps to reproduce the issue:
docker run --pull --rm hello-world
This step alone should be enough to reproduce (but behavior depends on context), but you can add:
docker pull hello-world
docker run --pull --rm hello-world
docker rmi hello-world
docker rmi -f hello-workd
docker run --pull --rm hello-world
Describe the results you received:
Had I have the image locally, it would have used it without pulling it, and would have not removed the container.
With the above additional steps:
No such image: hello-world:latest
)Describe the results you expected:
I expected this to pull the
hello-world
image (actually behaving like--pull=always
, as we later discovered throughdocker run --help
), or to tell me--rm
is not a valid value for--pull
.Additional information you deem important (e.g. issue happens only occasionally):
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):
Information above is on my laptop. We actually noticed the unexpected behavior on our CI server, where the step worked once on our pre-merge build (because at the time the image we use was available on the machine, as it had been built recently by another job) but later failed during a weekly build (as the image had been pruned since then)
The text was updated successfully, but these errors were encountered: