cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon docker

`docker run` throws error if an env var contains whitespace

Open guzman-raphael opened this issue 1 year ago • 2 comments

Description

Encountered an inconsistency in one of my projects. Perhaps it could be user error or a misunderstanding but it is related to how docker run behaves compared to docker compose run.

Left a minimal example below but happy to provide more info if it is not clear enough.

Please let me know if this is the appropriate tracker to file this under.

Reproduce

  1. Create a test.env using a multiline variable like so: 
    SECRET_SETTING="
[config 1]
key1=val1
key2=val2
"
  2. Then try pass it in to a container and display using docker run: 
    docker run --rm --env-file test.env alpine:latest sh -c 'echo "$SECRET_SETTING"'
  3. Returns: 
    docker: poorly formatted environment: variable '[config 1] ' contains whitespaces.
See 'docker run --help'.

However, the following works as expected using the same test.env from above.

  1. Create a docker-compose.yaml file like so: 
    version: "3"
services:
  app:
    image: alpine:latest
    command: sh -c 'echo "$SECRET_SETTING"'
  2. Then try pass it in to a container and display using docker compose run: 
    docker compose --env-file test.env run --rm app
  3. Returns with: 
    
[config 1]
key1=val1
key2=val2

Expected behavior

Expected docker run and docker compose run to behave similarly in these cases.

docker version

Client: Docker Engine - Community
 Version:           24.0.6
 API version:       1.43
 Go version:        go1.20.7
 Git commit:        ed223bc
 Built:             Mon Sep  4 12:31:44 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.6
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.7
  Git commit:       1a79695
  Built:            Mon Sep  4 12:31:44 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.24
  GitCommit:        61f9fd88f79f081d64d6fa3bb1a0dc71ec870523
 runc:
  Version:          1.1.9
  GitCommit:        v1.1.9-0-gccaecfc
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    24.0.6
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.21.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 212
 Server Version: 24.0.6
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 61f9fd88f79f081d64d6fa3bb1a0dc71ec870523
 runc version: v1.1.9-0-gccaecfc
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.4.6-76060406-generic
 Operating System: Pop!_OS 22.04 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 31.05GiB
 Name: zion
 ID: 05ddc1be-aa38-4fc3-9a42-62f16d31a74d
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

This is a simplified example of a larger use case where I am setting some sensitive settings in GitHub Secrets and was trying to avoid an extra step of base64 encoding since it makes it less readable. A space is required in the spec for the setting.

Normally, I'd proceed with docker compose run version, however, I am not calling it directly. VSCode+DevContainer is calling docker run during the creation of the environment.

Alternative suggestions welcome.

Related to docker/compose#6951 though using docker compose worked fine for me.

guzman-raphael avatar May 05 '24 04:05 guzman-raphael

This looks similar to / related to https://github.com/docker/cli/issues/4665#issuecomment-1821862464

The format used for files specified by --env-file are expected to be line-delimited (name[=<value>]) and doesn't support multi-line values or quoting. Note that the --env-file option on docker run / docker create is not the equivalent of .env files (as used by compose).

thaJeztah avatar May 06 '24 08:05 thaJeztah

It appears compose uses WithEnv(env ...string) while the cli uses parseKeyValueFile(filename string, emptyFn func(string) for parsing environment variables.

I'm a new contributor, but if you want I can push a pr for a test case of using a bad header with a space such as [config 1] in order to document this is expected behavior. If in the future it is decided to allow environment headers with spaces the test case can be updated.

MicahKimel avatar May 17 '24 01:05 MicahKimel