a common task i do is open bash
in a container to inspect the file system….
but what happens when there is no shell at all in the image?
for example
FROM scratch
WORKDIR src
COPY README.md .
Code language: CSS (css)
and if i run docker build . -t minimal-image
to build the image, how would i confirm the contents were indeed copied over?
if i run docker run minimal-image:latest bash
, i get
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "bash": executable file not found in $PATH: unknown.
this makes sense because the scratch image doesn’t actually contain anything. it’s not shipped with a bash interpreter.
so what to do…
the workaround is to use the docker export
command. this requires a container, so first build the container
docker create --name minimal-container minimal-image:latest echo "hello world"
and then we can finally export this to a .tar
file
docker export minimal-container -o out.tar
now lets unzip/decompress the tar into a directory called tmp
. if i don’t specify a destination directory, the contents will get unzipped directly into my current directory, which includes my host files! don’t want that 🙂
mkdir tmp && tar -x
zf out.tar -C tmp
this gives me, with ls tmp
dev
etc
proc
src
sys
now before i had my WORKDIR image instruction to set the working directory to src
right before my COPY
instruction, and that is indeed where i find the file i copied.
anyway that’s how you inspect contents of an image without a shell!