blockscout icon indicating copy to clipboard operation
blockscout copied to clipboard

Published 20 hours ago verified publisher icon blockscout

Docker non-root user: verifying doesn't work

Open mfolnovic opened this issue 3 years ago • 2 comments

If you run docker image as non-root user, multiple things happen:

  1. tzdata errors:
2022-04-27T21:07:19.192 [error] GenServer :tzdata_release_updater terminating
** (File.Error) could not write to file "/opt/app/_build/prod/lib/tzdata/priv/latest_remote_poll.txt": permission denied
  1. while verifying:
** (File.Error) could not open "/opt/app/_build/prod/lib/explorer/priv/solc_compilers/v0.8.13+commit.abaa5c0e-tmp.js": permission denied
    (elixir 1.12.3) lib/file.ex:1445: File.open!/2
    (explorer 0.0.1) lib/explorer/smart_contract/solc_downloader.ex:57: Explorer.SmartContract.SolcDownloader.handle_call/3

2022-04-27T20:48:58.397 [error] Task #PID<0.1601.0> started from #PID<0.1600.0> terminating
** (MatchError) no match of right hand side value: {:no_tmp, ["/tmp", "/opt/app/tmp"]}
    (explorer 0.0.1) lib/explorer/smart_contract/solidity/code_compiler.ex:280: Explorer.SmartContract.Solidity.CodeCompiler.create_source_file/1

I've tried to hotfix it by extending image with:

RUN chmod -R 777 /opt/app/_build/prod/lib
RUN chmod -R 777 /opt/app/deps/tzdata/priv
RUN chmod -R 777 /opt/app/apps/explorer/priv
RUN chmod -R 777 /tmp
RUN mkdir /opt/app/tmp && chmod -R 777 /opt/app/tmp

but last two commands don't help with last error while verifying.

Environment

  • Operating System: Docker, Kubernetes, non-root user
  • Blockscout Version/branch: 4.1.2

Steps to reproduce

Run docker image as non-root user.

Expected behaviour

While running docker image as non-root user, verifying contract should work.

Actual behaviour

Verifying contract gives errors.

mfolnovic avatar Apr 27 '22 21:04 mfolnovic

@vbaranov sorry for pinging you, just wanted to check if you'd be interested to receive PR on this issue?

mfolnovic avatar Jun 03 '22 14:06 mfolnovic

@mfolnovic yes, sure. Please, go ahead. We would love to review such PR.

vbaranov avatar Jun 06 '22 08:06 vbaranov

facing the same issue here! has this issue been solved?

found the following in the logs:

Sep 24 07:35:19 ip-172-31-22-179 mix[98572]: 2022-09-24T07:35:19.483 application=plug request_id=Fxe7qHJMT9EFyX4AB0mB [info] GET /api
Sep 24 07:35:19 ip-172-31-22-179 mix[98572]: 2022-09-24T07:35:19.486 application=plug request_id=Fxe7qHJMT9EFyX4AB0mB [info] Sent 200 in 3ms
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]: 2022-09-24T07:35:20.623 application=plug request_id=Fxe7qLZCMv2kbNoAB0oB [info] POST /api
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]: 2022-09-24T07:35:20.858 [error] GenServer Explorer.SmartContract.SolcDownloader terminating
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]: ** (File.Error) could not open "/usr/local/blockscout/_build/prod/lib/explorer/priv/solc_compilers/v0.8.4+commit.c7e474f2-tmp.js": no such file or directory
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (elixir 1.13.4) lib/file.ex:1445: File.open!/2
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (explorer 0.0.1) lib/explorer/smart_contract/solc_downloader.ex:57: Explorer.SmartContract.SolcDownloader.handle_call/3
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (stdlib 3.17) gen_server.erl:721: :gen_server.try_handle_call/4
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (stdlib 3.17) gen_server.erl:750: :gen_server.handle_msg/6
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (stdlib 3.17) proc_lib.erl:226: :proc_lib.init_p_do_apply/3
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]: Last message (from #PID<0.7654.4>): {:ensure_exists, "v0.8.4+commit.c7e474f2"}
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]: State: []
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]: Client #PID<0.7654.4> is alive
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (stdlib 3.17) gen.erl:233: :gen.do_call/4
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (elixir 1.13.4) lib/gen_server.ex:1027: GenServer.call/3
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (explorer 0.0.1) lib/explorer/smart_contract/solidity/code_compiler.ex:92: Explorer.SmartContract.Solidity.CodeCompiler.run/1
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (explorer 0.0.1) lib/explorer/smart_contract/solidity/verifier.ex:162: anonymous fn/12 in Explorer.SmartContract.Solidity.Verifier.verify/2
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (elixir 1.13.4) lib/enum.ex:4475: Enumerable.List.reduce/3
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (elixir 1.13.4) lib/enum.ex:2442: Enum.reduce_while/3
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (explorer 0.0.1) lib/explorer/smart_contract/solidity/verifier.ex:44: anonymous fn/4 in Explorer.SmartContract.Solidity.Verifier.evaluate_authenticity/2
Sep 24 07:35:20 ip-172-31-22-179 mix[98572]:     (elixir 1.13.4) lib/enum.ex:4475: Enumerable.List.reduce/3

jessepinkman9900 avatar Sep 24 '22 07:09 jessepinkman9900

Smart-contract verification is currently extracted into Rust microservice. You can read more about this and how integrate https://docs.blockscout.com/for-developers/information-and-settings/smart-contract-verification. And aslo we provide comprehensive docker-compose configs, which include all microservices https://github.com/blockscout/blockscout/tree/master/docker-compose#readme. I ma closing this for now. Please, let me know, if the issue still present.

vbaranov avatar Feb 09 '23 21:02 vbaranov