Accessing Google Drive from Docker container

What is the problem you are having with rclone?

Cannot access Google Drive from Docker container

What is your rclone version (output from rclone version)

rclone v1.55.1

Which OS you are using and how many bits (eg Windows 7, 64 bit)

  • os/type: linux
  • os/arch: amd64
  • go/version: go1.16.3
  • go/linking: static
  • go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Google Drive

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone  lsd --drive-shared-with-me gdrive:shared_dir_name/

The rclone config contents with secrets removed.

[gdrive]
type = drive
scope = drive
token = {"access_token":"xxxxxxxxxxx","token_type":"Bearer","refresh_token":"xxxxxxx","expiry":"2021-06-20T01:18:25.883774499+10:00"}

A log from the command with the -vv flag

2021/06/19 14:46:27 DEBUG : Using config file from "/mswx/rclone.conf"
2021/06/19 14:46:27 DEBUG : rclone: Version "v1.55.1" starting with parameters ["./rclone" "-vv" "lsl" "--drive-shared-with-me" "gdrive:shared_dir_name/"]
2021/06/19 14:46:27 DEBUG : Creating backend with remote "gdrive:shared_dir_name/"
2021/06/19 14:46:27 DEBUG : gdrive: detected overridden config - adding "{ysOIc}" suffix to name
2021/06/19 14:46:27 Failed to create file system for "gdrive:shared_dir_name/": couldn't find root directory ID: Get "https://www.googleapis.com/drive/v3/files/root?alt=json&fields=id&prettyPrint=false&supportsAllDrives=true": x509: certificate signed by unknown authority

I have created a docker image with the latest rclone binary and my local config file already configured to access Google Drive. Although this works on my local machine, the same command fails on the Docker container with the described error message. I have followed the instructions in the topic "authentication-against-google-drive-on-a-headless-tiny-machine/4569" which advices: "You can also do the config on a computer that has a full web browser and copy over that section from the config file if you find that easier." However, there seems to be a missing step to make it work in my case.

Thanks for your help,
Pablo

That looks like your docker image is missing stock OS type certificates and nothing really with rclone. You may want to check the docker forums/google the error as someone can also chime in but I personally don't use dockers.

Thanks @Animosity022, I've tried different Docker base images but all seem to return the same error. I can see with Ubuntu:latest that the rclone command tries to update the certificate a few times but ends up failing (see verbose output below).

Please let me know if anyone can think of what the problem might be. Thanks

$ sudo docker run -it b4e837f50fba /bin/bash
root@8d94af760a53:/app# export RCLONE_CONFIG=/mswx/rclone.conf
root@8d94af760a53:/app# ./rclone  -vv lsl --drive-shared-with-me gdrive:shared_dir_name/
2021/06/19 22:34:30 DEBUG : Using config file from "/app/rclone.conf"
2021/06/19 22:34:30 DEBUG : rclone: Version "v1.55.1" starting with parameters ["./rclone" "-vv" "lsl" "--drive-shared-with-me" "gdrive:shared_dir_name/"]
2021/06/19 22:34:30 DEBUG : Creating backend with remote "gdrive:shared_dir_name/"
2021/06/19 22:34:30 DEBUG : gdrive: detected overridden config - adding "{ysOIc}" suffix to name
2021/06/19 22:34:30 DEBUG : gdrive{ysOIc}: Loaded invalid token from config file - ignoring
2021/06/19 22:34:31 DEBUG : gdrive{ysOIc}: Token refresh failed try 1/5: Post "https://oauth2.googleapis.com/token": x509: certificate signed by unknown authority
2021/06/19 22:34:32 DEBUG : gdrive{ysOIc}: Loaded invalid token from config file - ignoring
2021/06/19 22:34:32 DEBUG : gdrive{ysOIc}: Token refresh failed try 2/5: Post "https://oauth2.googleapis.com/token": x509: certificate signed by unknown authority
2021/06/19 22:34:33 DEBUG : gdrive{ysOIc}: Loaded invalid token from config file - ignoring
2021/06/19 22:34:33 DEBUG : gdrive{ysOIc}: Token refresh failed try 3/5: Post "https://oauth2.googleapis.com/token": x509: certificate signed by unknown authority
2021/06/19 22:34:34 DEBUG : gdrive{ysOIc}: Loaded invalid token from config file - ignoring
2021/06/19 22:34:34 DEBUG : gdrive{ysOIc}: Token refresh failed try 4/5: Post "https://oauth2.googleapis.com/token": x509: certificate signed by unknown authority
2021/06/19 22:34:35 DEBUG : gdrive{ysOIc}: Loaded invalid token from config file - ignoring
2021/06/19 22:34:36 DEBUG : gdrive{ysOIc}: Token refresh failed try 5/5: Post "https://oauth2.googleapis.com/token": x509: certificate signed by unknown authority
2021/06/19 22:34:37 Failed to create file system for "gdrive:shared_dir_name/": couldn't find root directory ID: Get "https://www.googleapis.com/drive/v3/files/root?alt=json&fields=id&prettyPrint=false&supportsAllDrives=true": couldn't fetch token - maybe it has expired? - refresh with "rclone config reconnect gdrive{ysOIc}:": Post "https://oauth2.googleapis.com/token": x509: certificate signed by unknown authority

Ok, after some more testing I have got to a solution that works but seems to be suboptimal looking at the info messages that rclone spits.

In case this is useful to anyone, this is the Dockerfile that I've used:

FROM alpine:3.14

# For testing purposes (remove once working)
RUN apk add --no-cache bash

RUN apk -U add ca-certificates fuse wget dcron tzdata \
  && rm -rf /var/cache/apk/*

# From here copy the rclone binary, config file and the rest of things you need