apko icon indicating copy to clipboard operation
apko copied to clipboard

Published 20 hours ago verified publisher icon chainguard-dev

Build seems to fail when recursive path contains symlinks.

Open Wulfre opened this issue 2 years ago • 7 comments 

     _      ____    _  __   ___
    / \    |  _ \  | |/ /  / _ \
   / _ \   | |_) | | ' /  | | | |
  / ___ \  |  __/  | . \  | |_| |
 /_/   \_\ |_|     |_|\_\  \___/
apko

GitVersion:    v0.5.0-136-g51ec859
GitCommit:     51ec859d4c8bf8cc64994a3755ce17a1a72ab70d
GitTreeState:  clean
BuildDate:     '1970-01-01T00:00:00Z'
GoVersion:     go1.19.1
Compiler:      gc
Platform:      linux/amd64

contents:
  repositories:
    - https://dl-cdn.alpinelinux.org/alpine/edge/main
  packages:
    - alpine-baselayout
    - nginx

accounts:
  groups:
    - groupname: nginx
      gid: 10000
  users:
    - username: nginx
      uid: 10000

paths:
  - path: /run/nginx
    type: directory
    uid: 10000
    gid: 10000
    permissions: 0o755
  - path: /var/lib/nginx
    type: directory
    uid: 10000
    gid: 10000
    permissions: 0o755
    recursive: true

entrypoint:
  type: service-bundle
  services:
    nginx: /usr/sbin/nginx -g "daemon off;"

Error: failed to build layer image: failed to mutate paths: chmod /tmp/apko-235336285/var/lib/nginx/logs: no such file or directory
2022/09/29 03:26:58 error during command execution: failed to build layer image: failed to mutate paths: chmod /tmp/apko-235336285/var/lib/nginx/logs: no such file or directory

Build is successful when the recursive tag is removed from the /var/lib/nginx path.

The directory in question looks like this when the image is loaded and inspected:

ab9bfa5d4136:/# ls /var/lib/nginx -Al
total 8
drwxr-xr-x    2 root     root          4096 Jan  1  1970 html
lrwxrwxrwx    1 root     root            14 Jan  1  1970 logs -> /var/log/nginx
lrwxrwxrwx    1 root     root            22 Jan  1  1970 modules -> /usr/lib/nginx/modules
lrwxrwxrwx    1 root     root            10 Jan  1  1970 run -> /run/nginx
drwx------    2 193      194           4096 Jan  1  1970 tmp

This leads me to believe that the error is occurring once the builder hits the first symlink in the directory.

Wulfre avatar Sep 29 '22 03:09 Wulfre

I was just trying another use case that involves symlinks and I got the same error, so it definitely seems like something is wrong with symlinks in some capacity.

contents:
    repositories:
        - https://dl-cdn.alpinelinux.org/alpine/edge/main
        - https://dl-cdn.alpinelinux.org/alpine/edge/community
    packages:
        - alpine-baselayout
        - ca-certificates-bundle
        - php8
        - php8-phar

paths:
    - path: /usr/bin/php
      type: symlink
      source: /usr/bin/php8

Error: failed to build layer image: failed to mutate paths: chmod /tmp/apko-4048355998/usr/bin/php: no such file or directory
2022/09/29 14:31:35 error during command execution: failed to build layer image: failed to mutate paths: chmod /tmp/apko-4048355998/usr/bin/php: no such file or directory

Wulfre avatar Sep 29 '22 14:09 Wulfre

In the latter case, it might be because php8 is not actually in /usr/bin? Try inspecting the image without the symlink and see if everything lines up as it should.

Though in any case, symlinks are always 0777 permissions themselves, so trying to chmod them seems wrong.

kaniini avatar Sep 29 '22 15:09 kaniini 

d1e63bcccc7b:/usr/bin# ls -al | grep php
-rwxr-xr-x    1 root     root       8399048 Jan  1  1970 php8

It does look like php8 is where I was expecting it to be, so I think there is an issue in both cases.

Wulfre avatar Sep 29 '22 17:09 Wulfre

I'm not able to get symlinks to work at all:

contents:
  repositories:
    - https://packages.wolfi.dev/os
    - '@local /work/packages'
  packages:
    - wolfi-baselayout
    - tzdata
    - glibc
    - busybox
    - strace
accounts:
  groups:
    - groupname: nonroot
      gid: 65532
  users:
    - username: nonroot
      uid: 65532
  run-as: 65532
paths:
  - path: /etc/localtime
    type: symlink
    source: /usr/share/zoneinfo/GMT
    uid: 0
    gid: 0
    permissions: 0o777

...
Jan 25 22:34:51.964[36m [INFO] [arch:x86_64] [0mcreating user 65532(nonroot)
Jan 25 22:34:51.964[33m [WARNING] [arch:x86_64] [0mguessing unset GID for user {nonroot 65532 0}
Jan 25 22:34:51.964[36m [INFO] [arch:x86_64] [0mcreating group 65532(nonroot)
Error: failed to build layer image: failed to mutate paths: chmod /tmp/apko-1508917688/etc/localtime: no such file or directory
2023/01/25 22:34:51 error during command execution: failed to build layer image: failed to mutate paths: chmod /tmp/apko-1508917688/etc/localtime: no such file or directory

troyfolger avatar Jan 25 '23 22:01 troyfolger

As previously stated, symlinks themselves are always 777. In this case, it is probably because the path mutations are done from outside the container image FS. We should fix that.

kaniini avatar Jan 25 '23 23:01 kaniini

Yeah, I saw your comment. However, for me it fails with or without the permissions: line.

troyfolger avatar Jan 26 '23 22:01 troyfolger