podman icon indicating copy to clipboard operation
podman copied to clipboard
verified publisher icon containers

Unconsumed build args warning when using base image with ONBUILD instructions

Open nightlark opened this issue 1 year ago • 5 comments

Issue Description

When I build a docker image that uses a base docker image that specifies ONBUILD ARG, this warning gets printed: [Warning] one or more build args were not consumed: [my_arg]

In the earlier output for building the container, I see these lines printed, which makes me think that it is "running" the ARG line that is specified in the base image while building the container, but maybe isn't getting added to some internal list of ARGs that have been consumed:

STEP 2/6: ARG my_arg
--> 5a62b292ce50

In my derived image, as soon as I add a ARG my_arg line the error goes away... but then there are two steps during the build output doing the above ARG my_arg.

Steps to reproduce the issue

Steps to reproduce the issue

  1. Create a Dockerfile for the base image with these lines: 
    FROM python:3.11.7-slim
ONBUILD ARG my_arg
WORKDIR /build
ONBUILD RUN echo "my_arg=$my_arg"
  2. Build the base Docker image with: BUILDAH_FORMAT=docker podman build . -t custom-image-base:latest
  3. Create a Dockerfile named test-Dockerfile that uses that image with these lines: 
    FROM custom-image-base:latest
  4. Build that image using with podman build --no-cache --build-arg="my_arg=thevalue" -f test-Dockerfile and see the warning printed.
  5. Add an ARG my_arg line to the test-Dockerfile, and the warning goes away.

Describe the results you received

I got a warning about an unconsumed build arg, that is consumed: [Warning] one or more build args were not consumed: [my_arg]

Describe the results you expected

I expected no warning to be printed, because the build-arg is consumed.

podman info output

host:
  arch: arm64
  buildahVersion: 1.35.0
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.10-1.fc39.aarch64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: '
  cpuUtilization:
    idlePercent: 98.57
    systemPercent: 0.62
    userPercent: 0.81
  cpus: 6
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: coreos
    version: "39"
  eventLogger: journald
  freeLocks: 2048
  hostname: localhost.localdomain
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 25435
      size: 1
    - container_id: 1
      host_id: 100000
      size: 1000000
    uidmap:
    - container_id: 0
      host_id: 25435
      size: 1
    - container_id: 1
      host_id: 100000
      size: 1000000
  kernel: 6.7.7-200.fc39.aarch64
  linkmode: dynamic
  logDriver: journald
  memFree: 1279500288
  memTotal: 2047729664
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.10.0-1.20240312103946045036.main.18.g8377c0a.fc39.aarch64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.11.0-dev
    package: netavark-1.10.1-1.20240319111419242122.main.46.gcc3f35d.fc39.aarch64
    path: /usr/libexec/podman/netavark
    version: netavark 1.11.0-dev
  ociRuntime:
    name: crun
    package: crun-1.14.4-1.20240302220834691516.main.10.g64ee22c.fc39.aarch64
    path: /usr/bin/crun
    version: |-
      crun version UNKNOWN
      commit: feb70bc2ab11944a6443e4f5d2eb96a22f186b80
      rundir: /run/user/25435/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20240220.g1e6f92b-1.fc39.aarch64
    version: |
      pasta 0^20240220.g1e6f92b-1.fc39.aarch64-pasta
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/user/25435/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-1.fc39.aarch64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 0
  swapTotal: 0
  uptime: 0h 2m 57.00s
  variant: v8
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /var/home/core/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/core/.local/share/containers/storage
  graphRootAllocated: 106769133568
  graphRootUsed: 3187171328
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 12
  runRoot: /run/user/25435/containers
  transientStore: false
  volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
  APIVersion: 5.0.0-dev-8a643c243
  Built: 1710720000
  BuiltTime: Sun Mar 17 17:00:00 2024
  GitCommit: ""
  GoVersion: go1.21.8
  Os: linux
  OsArch: linux/arm64
  Version: 5.0.0-dev-8a643c243

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

macOS M2 Max host, running Sonoma 14.2.1, installed podman via brew

Additional information

No response

nightlark avatar Mar 28 '24 17:03 nightlark

Digging around some, it looks like imagebuildah/executor.go in buildah is where an unusedArgs variable keeps track of the --build-arg options that haven't been consumed yet, and then it goes through the provided Dockerfile and removes entries from the list if there is an ARG command.

I'm not familiar with how ONBUILD steps given in a FROM are processed, but it seems likely there isn't any code taking ARG commands out of the unused argument list for these cases.

nightlark avatar Mar 28 '24 18:03 nightlark

Does the problem go away if you do

podman build --format docker ...

rhatdan avatar Mar 28 '24 20:03 rhatdan

No, it doesn't go away -- a cursory search for refs to unusedArgs in buildah didn't turn up anything that looked like it would be affected by the format either.

nightlark avatar Mar 28 '24 21:03 nightlark

I suspect this is a separate issue (aside from also being an potential issue with ONBUILD directives in FROM images not behaving as if they are in the Dockerfile being processed), but I also just tried adding an instruction ONBUILD COPY --from=builder /build/dist/ /root/dist to a Dockerfile for a "base image", with the idea that I could then make a Dockerfile that does FROM my-builder:latest as builder, followed by a FROM my-base-image:latest that runs the ONBUILD COPY from the builder. The result is it tries to look for "builder" in a public Docker registry...

Resolving "builder" using unqualified-search registries (/etc/containers/registries.conf.d/999-podman-machine.conf)
Trying to pull docker.io/library/builder:latest...

If it behaves as expected in the "official" Docker, I'll open a separate issue for this... (edit: Docker didn't behave as expected either, but failed in what appears to be a completely different way).

nightlark avatar Mar 28 '24 23:03 nightlark

A friendly reminder that this issue had no activity for 30 days.

github-actions[bot] avatar Apr 29 '24 00:04 github-actions[bot]