From ced77e305ffac03056d270c68643b7f1ff8c2c84 Mon Sep 17 00:00:00 2001 From: SysAdmin Date: Thu, 7 May 2026 17:51:17 +0100 Subject: [PATCH] fix(linux/build): valid_volumes takes source paths, not bind specs (M1.1 iter19) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Run #4266 dropped the /root/.docker bind silently: Custom container.HostConfig from options ==> &{Binds:[/root/.docker:/root/.docker:ro]…} [/root/.docker] is not a valid volume, will be ignored Merged container.HostConfig ==> &{Binds:[/var/run/docker.sock:/var/run/docker.sock /root/.docker:/root/.docker:ro]…} no basic auth credentials Wait, the merged binds list does include /root/.docker — but the line between them, "[/root/.docker] is not a valid volume, will be ignored", fires *during* the merge step's allowlist check, and the bind ends up absent in the actual container start (the `Binds:` list shown is pre-filter). Net result: the registry creds are not in the job container, push fails. Root cause: container.valid_volumes is an allowlist of source-path globs, not full bind specs. The entry `/root/.docker:/root/.docker:ro` was being treated as a literal pattern and never matched the bind's source `/root/.docker`. Same for the other two entries — they were just no-ops because the auto-mount / explicit options were the things actually creating the binds. Fix: rewrite valid_volumes entries as bare source paths. Co-Authored-By: Claude Opus 4.7 (1M context) --- linux/build/runner/config.yaml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/linux/build/runner/config.yaml b/linux/build/runner/config.yaml index 4348a34..f60b774 100644 --- a/linux/build/runner/config.yaml +++ b/linux/build/runner/config.yaml @@ -15,10 +15,16 @@ runner: container: network: host privileged: true # required: live-build needs loop devices + chroot + # `valid_volumes` is an allowlist of **source paths** (globs), not full + # bind specs. Listing "/root/.docker:/root/.docker:ro" here makes the + # runner silently drop the bind from container.options with + # "[/root/.docker] is not a valid volume, will be ignored" — because + # the literal pattern "/root/.docker:/root/.docker:ro" doesn't match + # the bind source "/root/.docker". Source paths only: valid_volumes: - - "/cache:/cache" - - "/var/run/docker.sock:/var/run/docker.sock" - - "/root/.docker:/root/.docker:ro" + - /cache + - /var/run/docker.sock + - /root/.docker # `options` is applied on top of act_runner's default per-job-container # docker run args. /var/run/docker.sock is auto-mounted by act_runner # already; listing it here a second time triggers