github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-05-07 21:15:39 -05:00
Code Issues 266 Packages Projects Releases 82 Wiki Activity

[GH-ISSUE #3493] Use of FQIN in Dockerfile FROM instructions #10398

New Issue
Closed
opened 2026-04-20 13:50:20 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-04-20 13:50:20 -05:00
Owner
Copy Link

Originally created by @gitouche-sur-osm on GitHub (May 1, 2023).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3493

Subject of the issue

This is a request for the use of Fully Qualified Image Names (FQIN) in Dockerfile FROM instructions.
e.g. FROM alpine -> FROM docker.io/library/alpine

The use of short names is ambiguous as the registry it pulls from might depend on docker (or alternative build system) configuration. This is better explained in containers-registries.conf man page.

Docker uses hardcoded configuration in order to search for short names on docker.io registry :

echo $(docker info | grep -oP "(?<=Registry: ).*")
https://index.docker.io/v1/

But this behaviour might be different if registry-mirrors is set in docker daemon.json.

This would also improve support for docker alternatives as well (e.g. buildah, where the docker.io registry might not be the default registry), while staying 100% docker compatible.

File that needs changes : docker/Dockerfile.j2

See the changes in my fork : https://github.com/dani-garcia/vaultwarden/compare/main...gitouche-sur-osm:vaultwarden:main#diff-4331345734d1b2a2578682b272eae8952289a0cffb0b5b6dd118f40802a4d055

Would you consider a PR for this?
Thank you for considering this request.

Originally created by @gitouche-sur-osm on GitHub (May 1, 2023). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3493 <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue This is a request for the use of `Fully Qualified Image Names (FQIN)` in Dockerfile `FROM` instructions. e.g. `FROM alpine` -> `FROM docker.io/library/alpine` The use of short names is ambiguous as the registry it pulls from might depend on docker (or alternative build system) configuration. This is better explained in [containers-registries.conf man page](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#note-risk-of-using-unqualified-image-names). Docker uses hardcoded configuration in order to search for short names on docker.io registry : ``` echo $(docker info | grep -oP "(?<=Registry: ).*") https://index.docker.io/v1/ ``` But this behaviour might be different if `registry-mirrors` is set in docker `daemon.json`. This would also improve support for docker alternatives as well (e.g. buildah, where the docker.io registry might not be the default registry), while staying 100% docker compatible. File that needs changes : `docker/Dockerfile.j2` See the changes in my fork : https://github.com/dani-garcia/vaultwarden/compare/main...gitouche-sur-osm:vaultwarden:main#diff-4331345734d1b2a2578682b272eae8952289a0cffb0b5b6dd118f40802a4d055 Would you consider a PR for this? Thank you for considering this request.
GiteaMirror added the enhancementlow priority labels 2026-04-20 13:50:21 -05:00
GiteaMirror commented 2026-04-20 13:50:22 -05:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (May 1, 2023):

Well, what if someone wants to use a different registry as it's default? Then they need to either configure that it overrules there config? Or modify the Dockerfile?

Im not sure this would be a good change. But i haven't looked at it that well

<!-- gh-comment-id:1529788188 --> @BlackDex commented on GitHub (May 1, 2023): Well, what if someone wants to use a different registry as it's default? Then they need to either configure that it overrules there config? Or modify the Dockerfile? Im not sure this would be a good change. But i haven't looked at it that well
GiteaMirror commented 2026-04-20 13:50:23 -05:00
Author
Owner
Copy Link

@gitouche-sur-osm commented on GitHub (May 2, 2023):

Well, what if someone wants to use a different registry as it's default? Then they need to either configure that it overrules there config? Or modify the Dockerfile?

Im not sure this would be a good change. But i haven't looked at it that well

Thank you for taking the time to review this.

I have some corporate docker configuration where docker.io is not the default registry (corporate registry is used instead), and short names in Dockerfile cannot be computed correctly. It needs to know "alpine" is in fact at "docker.io/library/alpine", the only way to do that is to explicity use the fully qualified image name.

This makes building the image both safer (better explained in containers-registries.conf man page ) and more reliable, as it will work regardless of the local docker registry configuration.

PS : this is not about the registry where the image is pushed once built.

<!-- gh-comment-id:1532029037 --> @gitouche-sur-osm commented on GitHub (May 2, 2023): > Well, what if someone wants to use a different registry as it's default? Then they need to either configure that it overrules there config? Or modify the Dockerfile? > > Im not sure this would be a good change. But i haven't looked at it that well Thank you for taking the time to review this. I have some corporate docker configuration where docker.io is not the default registry (corporate registry is used instead), and short names in Dockerfile cannot be computed correctly. It needs to know "alpine" is in fact at "docker.io/library/alpine", the only way to do that is to explicity use the fully qualified image name. This makes building the image both safer (better explained in [containers-registries.conf man page](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#note-risk-of-using-unqualified-image-names) ) and more reliable, as it will work regardless of the local docker registry configuration. PS : this is not about the registry where the image is pushed once built.
GiteaMirror commented 2026-04-20 13:50:23 -05:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (May 2, 2023):

That seems logical. Thanks for the extra information and bringing this to our attention.

<!-- gh-comment-id:1532069417 --> @BlackDex commented on GitHub (May 2, 2023): That seems logical. Thanks for the extra information and bringing this to our attention.
GiteaMirror commented 2026-04-20 13:50:24 -05:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (May 3, 2023):

@gitouche-sur-osm If you rebase your changes on the current main, and create a PR, I'm going to approve that.

<!-- gh-comment-id:1533189205 --> @BlackDex commented on GitHub (May 3, 2023): @gitouche-sur-osm If you rebase your changes on the current main, and create a PR, I'm going to approve that.
GiteaMirror commented 2026-04-20 13:50:25 -05:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (May 8, 2023):

Resolved via #3505

<!-- gh-comment-id:1538906654 --> @BlackDex commented on GitHub (May 8, 2023): Resolved via #3505
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label enhancement low priority
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#10398
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?