caddy-builder broken on hosts where setcap is not supported

[ptxmac]

I'm running docker on my Synology NAS.

Synology have their own variant of linux, and they provide the docker installation which is a bit... wonky.

Among other things, setcap is not supported

So when trying to use the caddy:2.5.4-builder image docker fails with:

2023/04/11 21:32:04 [INFO] Setting capabilities (requires admin privileges): [setcap cap_net_bind_service=+ep ./caddy]
Failed to set capabilities on file './caddy': Not supported
2023/04/11 21:32:04 [ERROR] failed to setcap on the binary: exit status 1
The command '/bin/sh -c xcaddy build' returned a non-zero code: 1

Adding ENV XCADDY_SETCAP 0 to my Dockerfile solves the problem, but I had to look through commits and source code to discover that. It would be helpful if it was mentioned on https://hub.docker.com/_/caddy

Even better if support for setcap could be auto-detected, but I have no knowledge about that

[francislavoie]

😬

I didn't even know that could fail if the command existed. That's annoying.

I know nothing about Synology. Would you be able to find out why it doesn't work? I have no idea how to determine if setcap would fail.

Anyways, instructions for xcaddy are documented here https://github.com/caddyserver/xcaddy#environment-variables and we do link to there from https://hub.docker.com/_/caddy so I think that's sufficient.

I think using XCADDY_SETCAP=0 is the correct fix for this case, since we don't know currently why it fails or how to check ahead of time.

[ptxmac]

I think it's because synology still use aufs as the storage driver, and from what I can find setcap isn't supported on aufs: moby/moby#5650

[hairyhenderson]

Is this a build-only error? i.e. could you build the image elsewhere and pull it onto the NAS?

[ptxmac]

Hmm, that might work, though it doesn't fit well in my current setup to have this built in a different host.
For now just setting XCADDY_SETCAP=0 fixes my immediate problem

[hairyhenderson]

Ok, thanks for the feedback!