gramineproject
GSC signing fails with syntax error for OpenSUSE distro
Description of the problem and the error: All the workloads fails during gsc signing with syntax error with the commit 057184ca055ec385f6dde253ea12dddbcd821856
**[91m/bin/sh: -c: line 0: syntax error near unexpected token `&&'**
**/bin/sh: -c: line 0: `export PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}$(find /gramine/meson_build_output/lib64 -type d -path '*/site-packages')" && && gramine-sgx-sign --key /gramine/app_files/gsc-signer-key.pem --manifest /gramine/app_files/entrypoint.manifest --output /gramine/app_files/entrypoint.manifest.sgx ${passphrase:+--passphrase "$passphrase"}'
[0m**
Steps to reproduce: As per the steps mentioned in the url (https://github.com/gramineproject/gsc/tree/master/test), try to run any sample workload on suse distro, it fails after the gsc build and performing the gsc sign (./gsc sign-image ubuntu24.04-bash enclave-key.pem) with the above reported error.
Expected results: No errors should be thrown and we should be able to to do the build and sign the image properly.
Actual result:
+ ./gsc sign-image --remove-gramine-deps python-test enclave-key.pem
Signing graminized Docker image `gsc-python-test-unsigned` -> `gsc-python-test`...
Step 1/12 : FROM gsc-python-test-unsigned as unsigned_image
---> 57e7da88ec58
Step 2/12 : ARG BUILD_ID
---> Running in e31220615265
---> Removed intermediate container e31220615265
---> 770e48d153a9
Step 3/12 : LABEL build_id=$BUILD_ID
---> Running in fe04956e314f
---> Removed intermediate container fe04956e314f
---> 8482ed8b8db4
Step 4/12 : COPY gsc-signer-key.pem /gramine/app_files/gsc-signer-key.pem
---> 2ee60ca3a936
Step 5/12 : ARG passphrase
---> Running in bc49a8f8b3b1
---> Removed intermediate container bc49a8f8b3b1
---> dc44b97870bd
Step 6/12 : RUN export PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}$(find /gramine/meson_build_output/lib64 -type d -path '*/site-packages')" && && gramine-sgx-sign --key /gramine/app_files/gsc-signer-key.pem --manifest /gramine/app_files/entrypoint.manifest --output /gramine/app_files/entrypoint.manifest.sgx ${passphrase:+--passphrase "$passphrase"}
---> Running in 1b7e7e3fd6b3
[91m/bin/sh: -c: line 0: syntax error near unexpected token `&&'
/bin/sh: -c: line 0: `export PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}$(find /gramine/meson_build_output/lib64 -type d -path '*/site-packages')" && && gramine-sgx-sign --key /gramine/app_files/gsc-signer-key.pem --manifest /gramine/app_files/entrypoint.manifest --output /gramine/app_files/entrypoint.manifest.sgx ${passphrase:+--passphrase "$passphrase"}'
[0m
---> Removed intermediate container 1b7e7e3fd6b3
Failed to build a signed graminized Docker image `gsc-python-test`.
@KiranSukhavasi: Thanks for reporting this issue!
@DukeDavis12: I think you might have missed updating this line: https://github.com/gramineproject/gsc/blob/67d82355821a427610dada4109ff25c7d7e97f45/templates/suse/Dockerfile.sign.template#L15 I'm curious why our internal CI didn't catch this. Shouldn't it validate all distros? cc @anjalirai-intel
I'm curious why our internal CI didn't catch this. Shouldn't it validate all distros? cc @anjalirai-intel
Since this PR was going through multiple changes, we were only running ubuntu/debian distro tests.
@KiranSukhavasi: Have you had a chance to validate https://github.com/gramineproject/gsc/pull/237? Does it resolve your issue?
@DukeDavis12, @jinengandhi-intel: Have we tested the fix internally w/ a SUSE setup?