Balena can't get correct container image

astew · March 27, 2022, 11:22pm

I have a Dockerfile that starts with:

FROM pihole/pihole:v5.8.1

When I issue balena push <id>.local to build the containers in my compose script, I get an error:

Some services failed to build:
        pihole1: failed to get destination image "sha256:7c5d96503a8e2a5398356b024415fd6caf18ea08b3ce07b81034f14ce87196fa": image with reference sha256:7c5d96503a8e2a5398356b024415fd6caf18ea08b3ce07b81034f14ce87196fa was found but does not match the specified platform: wanted linux/arm64/v8, actual: linux/amd64

But the image it’s looking for is right here.

What’s up with that?

I tried explicitly telling it the platform:

FROM --platform=linux/arm64/v8 pihole/pihole:v5.8.1

But Balena complains that that’s a syntax error (why? Nothing I’ve found in the Docker documentation, Balena documentation or Google indicates this should be a syntax error. )

Okay… so I tried specifying platform in the compose script… again, Balena whines that there’s a problem with the compose script. Fine, whatever, it clearly knew the correct platform anyway. I’m just annoyed that specifying the platform doesn’t work even though as best I can tell it should.

Anyway, moving on.

So I SSH into my RaspberryPi4 that I was trying to push to, and I run:

root@<id>:~# balena pull --platform linux/arm64/v8 pihole/pihole:v5.8.1
v5.8.1: Pulling from pihole/pihole
62adb93deb28: Pull complete
e848e22cf95b: Pull complete
e66b05c8f94b: Pull complete
bfcae7e0347e: Pull complete
35abc933bb43: Pull complete
62e5796f84c2: Pull complete
8b560abe847e: Pull complete
58db3e14c2d4: Pull complete
Total:  [==================================================>]  184.1MB/184.1MB
Digest: sha256:b51628bfa49b71ce4af4831b34e276693a6d647b82037151d8eb0d34da504432
Status: Downloaded newer image for pihole/pihole:v5.8.1
docker.io/pihole/pihole:v5.8.1
root@<id>:~#

Okay, so apparently is is able to find the correct image… except… wait… the sha256 is wrong.

hub.docker.com: sha256:1c02cda06ba1b997d10e0c12743002e845ed87bf010fca0ad838c3dba6ac6c58

As best I can tell, there are no pihole images with a sha256 matching the one that was pulled.

What the heck is going on here? Is it not using the Docker image repository? Is it secretly modifying the images it downloads behind the scenes? Why is it failing to find it for the correct architecture when I try to build the container?

(The build takes place on the device)

cywang117 · April 8, 2022, 1:03am

Hi,

When you initially run balena push <id>.local , is it to a Raspberry Pi 4 in local mode? I found this CLI issue which for the issue with FROM --platform: Push to local device (IP address) fails with `FROM --platform` · Issue #1889 · balena-io/balena-cli · GitHub

Hopefully this issue will be resolved as part of the work towards better multi-arch support. Additionally, in that issue, it explains that pushing to balenaCloud will function correctly. Have you confirmed this to be the case?

As another workaround, you could specify the sha256 explicitly in the FROM directive like so: FROM pihole/pihole@sha256:1c02cda06ba1b997d10e0c12743002e845ed87bf010fca0ad838c3dba6ac6c58. You can then verify that the correct image digest was pulled to your device with balena images --digests.

As for why balena pull returns a different digest than any of the digests for the different architectures, here’s a GitHub comment which may explain why: Digests on Dockerhub and those fetched by docker pull do not match · Issue #1925 · docker/hub-feedback · GitHub

TLDR; this is an upstream quirk of running balena|docker pull.

Finally, I see that you’re trying to develop on pihole. What’s your objection to using GitHub - klutchell/balena-pihole: Pi-hole is a Linux network-level advertisement and Internet tracker blocking application.? It sets everything up to be balena-compatible for you for minimal trouble.

Thanks,
Christina