Docker - Cannot build multi-platform images with docker buildx

Question

I'm trying to build a multi-platform (amd64, arm64 and armv7) image using docker buildx. Since I'm using an amd64 machine running Ubuntu 18.04, I followed the instructions on the Docker website and installed qemu via:

sudo apt install qemu-user

However, a weird error appears when I execute the previous command. More specifically, there seems to be an issue with the binfmt-support service. Here's the full log:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
The following additional packages will be installed:
  binfmt-support qemu-user-binfmt
The following NEW packages will be installed:
  binfmt-support qemu-user qemu-user-binfmt
0 upgraded, 3 newly installed, 0 to remove and 1 not upgraded.
Need to get 0 B/7.409 kB of archives.
After this operation, 63,4 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Selecting previously unselected package binfmt-support.
(Reading database ... 245278 files and directories currently installed.)
Preparing to unpack .../binfmt-support_2.1.8-2_amd64.deb ...
Unpacking binfmt-support (2.1.8-2) ...
Selecting previously unselected package qemu-user.
Preparing to unpack .../qemu-user_1%3a2.11+dfsg-1ubuntu7.21_amd64.deb ...
Unpacking qemu-user (1:2.11+dfsg-1ubuntu7.21) ...
Selecting previously unselected package qemu-user-binfmt.
Preparing to unpack .../qemu-user-binfmt_1%3a2.11+dfsg-1ubuntu7.21_amd64.deb ...
Unpacking qemu-user-binfmt (1:2.11+dfsg-1ubuntu7.21) ...
Setting up binfmt-support (2.1.8-2) ...
Job for binfmt-support.service failed because the control process exited with error code.
See "systemctl status binfmt-support.service" and "journalctl -xe" for details.
invoke-rc.d: initscript binfmt-support, action "start" failed.
● binfmt-support.service - Enable support for additional executable binary formats
   Loaded: loaded (/lib/systemd/system/binfmt-support.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2020-02-05 17:20:29 CET; 4ms ago
     Docs: man:update-binfmts(8)
  Process: 7766 ExecStart=/usr/sbin/update-binfmts --enable (code=exited, status=2)
 Main PID: 7766 (code=exited, status=2)

feb 05 17:20:29 XPS-15-9570 systemd[1]: Starting Enable support for additional executable binary formats...
feb 05 17:20:29 XPS-15-9570 update-binfmts[7766]: update-binfmts: warning: unable to close /proc/sys/fs/binfmt_misc/register: No such file or directory
feb 05 17:20:29 XPS-15-9570 update-binfmts[7766]: update-binfmts: exiting due to previous errors
feb 05 17:20:29 XPS-15-9570 systemd[1]: binfmt-support.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
feb 05 17:20:29 XPS-15-9570 systemd[1]: binfmt-support.service: Failed with result 'exit-code'.
feb 05 17:20:29 XPS-15-9570 systemd[1]: Failed to start Enable support for additional executable binary formats.
Setting up qemu-user (1:2.11+dfsg-1ubuntu7.21) ...
Setting up qemu-user-binfmt (1:2.11+dfsg-1ubuntu7.21) ...
update-binfmts: warning: current package is qemu-user-binfmt, but binary format already installed by qemu-user-static
update-binfmts: exiting due to previous errors
dpkg: error processing package qemu-user-binfmt (--configure):
 installed qemu-user-binfmt package post-installation script subprocess returned error exit status 2
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for neon-settings (0.0+p18.04+git20191212.1343) ...
Processing triggers for systemd (237-3ubuntu10.33) ...
Errors were encountered while processing:
 qemu-user-binfmt
E: Sub-process /usr/bin/dpkg returned an error code (1)

Despite that, I tried to go on with the usual procedure, namely:

docker buildx create --name mybuilder
docker buildx use mybuilder
docker buildx inspect --bootstrap

Where the output of the last command is:

[+] Building 5.0s (1/1) FINISHED                                                                                                                                                             
 => [internal] booting buildkit                                                                                                                                                         5.0s
 => => pulling image moby/buildkit:buildx-stable-1                                                                                                                                      4.3s
 => => creating container buildx_buildkit_mybuilder0                                                                                                                                    0.7s
Name:   mybuilder
Driver: docker-container

Nodes:
Name:      mybuilder0
Endpoint:  unix:///var/run/docker.sock
Status:    running
Platforms: linux/amd64, linux/386

As you can see, "linux/amd64" and "linux/386" are listed as the only available platforms, however I would need to build the image for "linux/arm64" and "linux/arm/v7" platforms as well. I've been looking for a solution to this problem for hours, though I didn't find anything that worked

---

------------------------------------ EDIT ------------------------------------

Looks like I was able to solve part of the issue by running:

sudo apt purge --auto-remove qemu-user qemu-user-binfmt binfmt-support

And then reinstalling them. In fact, running again this command:

sudo apt install qemu-user

gives no error at all:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
The following additional packages will be installed:
  binfmt-support qemu-user-binfmt
The following NEW packages will be installed:
  binfmt-support qemu-user qemu-user-binfmt
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/7.409 kB of archives.
After this operation, 63,4 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Selecting previously unselected package binfmt-support.
(Reading database ... 245437 files and directories currently installed.)
Preparing to unpack .../binfmt-support_2.1.8-2_amd64.deb ...
Unpacking binfmt-support (2.1.8-2) ...
Selecting previously unselected package qemu-user.
Preparing to unpack .../qemu-user_1%3a2.11+dfsg-1ubuntu7.21_amd64.deb ...
Unpacking qemu-user (1:2.11+dfsg-1ubuntu7.21) ...
Selecting previously unselected package qemu-user-binfmt.
Preparing to unpack .../qemu-user-binfmt_1%3a2.11+dfsg-1ubuntu7.21_amd64.deb ...
Unpacking qemu-user-binfmt (1:2.11+dfsg-1ubuntu7.21) ...
Setting up binfmt-support (2.1.8-2) ...
Created symlink /etc/systemd/system/multi-user.target.wants/binfmt-support.service → /lib/systemd/system/binfmt-support.service.
Setting up qemu-user (1:2.11+dfsg-1ubuntu7.21) ...
Setting up qemu-user-binfmt (1:2.11+dfsg-1ubuntu7.21) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for neon-settings (0.0+p18.04+git20191212.1343) ...
Processing triggers for systemd (237-3ubuntu10.38) ...

Similarly, the output of systemctl status binfmt-support.service is as expected:

● binfmt-support.service - Enable support for additional executable binary formats
   Loaded: loaded (/lib/systemd/system/binfmt-support.service; enabled; vendor preset: enabled)
   Active: active (exited) since Mon 2020-02-10 11:42:23 CET; 1min 11s ago
     Docs: man:update-binfmts(8)
 Main PID: 7161 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/binfmt-support.service

feb 10 11:42:23 XPS-15-9570 systemd[1]: Starting Enable support for additional executable binary formats...
feb 10 11:42:23 XPS-15-9570 systemd[1]: Started Enable support for additional executable binary formats.

However, part of the issue is still there, as the output after running these three commands:

docker buildx create --name mybuilder
docker buildx use mybuilder
docker buildx inspect --bootstrap

is the same as before, namely:

[+] Building 2.6s (1/1) FINISHED                                                                                                                                                             
 => [internal] booting buildkit                                                                                                                                                         2.6s
 => => pulling image moby/buildkit:buildx-stable-1                                                                                                                                      2.0s
 => => creating container buildx_buildkit_mybuilder0                                                                                                                                    0.6s
Name:   mybuilder
Driver: docker-container

Nodes:
Name:      mybuilder0
Endpoint:  unix:///var/run/docker.sock
Status:    running
Platforms: linux/amd64, linux/386

Why is that? Why is it showing me linux/amd64 and linux/386 as the only available platforms?

---

EDIT #2 (concerning @LinPy's comment)

The output of docker context ls is:

NAME                DESCRIPTION                               DOCKER ENDPOINT               KUBERNETES ENDPOINT   ORCHESTRATOR
default *           Current DOCKER_HOST based configuration   unix:///var/run/docker.sock                         swarm

I've also tried to restart docker after qemu's installation, but to no success. Also, specifying the target platforms in the docker buildx command:

docker buildx build -t <mytag> --platform linux/amd64,linux/arm64,linux/arm/v7 --load .

results in this error:

[+] Building 0.6s (5/20)                                                                                                      
 => [internal] load .dockerignore                                                                                        0.0s
 => => transferring context: 2B                                                                                          0.0s
 => [internal] load build definition from Dockerfile                                                                     0.0s
 => => transferring dockerfile: 32B                                                                                      0.0s
 => [linux/arm/v7 internal] load metadata for docker.io/alegeno92/opencv_python3:3.4.2                                   0.6s
 => CANCELED [linux/arm64 internal] load metadata for docker.io/alegeno92/opencv_python3:3.4.2                           0.6s
 => CANCELED [linux/amd64 internal] load metadata for docker.io/alegeno92/opencv_python3:3.4.2                           0.6s
failed to solve: rpc error: code = Unknown desc = failed to solve with frontend dockerfile.v0: failed to load LLB: runtime execution on platform linux/arm/v7 not supported

By the way, my version of the kernel is 4.15.0-76-generic

Answer 1

There are multiple binfmt packages, and there's a configuration that I think was missed when this question was asked.

For the various packages, I would opt for qemu-user-static over qemu-user-binfmt to avoid any dynamic linking issues. The two packages are doing the same thing, so you'll need to pick one or the other.

The next part should be fixed in current releases, but I think you were stumbling on this before. That's the fix binary or F flag you'll see when catting the files in /proc/sys/fs/binfmt_misc, e.g. see the F flag here:

$ cat /proc/sys/fs/binfmt_misc/qemu-arm
enabled
interpreter /usr/libexec/qemu-binfmt/arm-binfmt-P
flags: POCF
offset 0
magic 7f454c4601010100000000000000000002002800
mask ffffffffffffff00fffffffffffffffffeffffff

Details on what the F flag means can be found on this kernel.org post but the short of it is container namespaces include a different filesystem namespace, and trying to access the interpreter from that namespace will fail (unless you do something like bind mount /usr/libexec/qemu-binfmt into your container). Newer versions of the qemu packages automatically set this flag, so if your flags section doesn't have the F defined, see these bug reports for the version you'll need to upgrade to:

• Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868030
• Ubuntu: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1815100

---

The easy button is to use the binaries from the multiarch image. This is good in CI if you have a dedicated VM (less ideal if you are modifying the host used by other builds). However if you reboot, it breaks until you run the container again. And it requires you to remember to update it for any upstream patches. So I wouldn't recommend it for a long running build host.

docker run --rm --privileged multiarch/qemu-user-static --reset -p yes

Answer 2

For github CI, add following plugin solve this for me

    - name: Set up QEMU
      id: qemu
      uses: docker/setup-qemu-action@v1
      with:
        image: tonistiigi/binfmt:latest
        platforms: all

Answer 3

Tagging on this answer in response to the first error. The commands have been updated per https://docs.docker.com/buildx/working-with-buildx/.

QEMU is a cross-platform emulator responsible for sourcing the binaries for different architectures (through the binfmt_misc handler).

Will save some people some time to start with this command first:

docker run --privileged --rm tonistiigi/binfmt --install all

Answer 4

Run the multiarch container first

docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
docker buildx rm builder
docker buildx create --name builder --driver docker-container --use
docker buildx inspect --bootstrap

And you should have your alternate architectures.