Oryx icon indicating copy to clipboard operation
Oryx copied to clipboard
verified publisher icon microsoft

Azure Web Apps deployment pre-build command apt install permission problem

Open lkmbb opened this issue 3 years ago • 8 comments

Bug Report

  • At what date and time did you most recently experience the problem? Problem is occuring on every run.

  • Where did you experience the problem? E.g. Azure Web Apps, Azure Functions, Azure Container Registry, or offline use. Azure Web Apps.

  • If your repo is publicly available please share its URL: My repo is private.

  • What happened? I've used appsvc.yaml with pre-build: apt install curl and it failed with permission denied error.

  • What did you expect or want to happen? I want to install curl in pre-build stage.

  • How can we reproduce it?

  1. Create file appsvc.yaml in root directory with pre-build command apt install curl
  2. Deploy
  3. Get an error
  • Do you have log output? Please include between the backticks:
Command: oryx build /home/site/repository -o /home/site/wwwroot --platform php --platform-version 7.4 -i /tmp/8da80f374d7bbe7 --log-file /tmp/build-debug.log  | tee /tmp/oryx-build.log
Operation performed by Microsoft Oryx, https://github.com/Microsoft/Oryx
You can report issues at https://github.com/Microsoft/Oryx/issues

Oryx Version: 0.2.20220308.4, Commit: c92fa6a2d6fc14dc9646f80e2bb2e393a5cdc258, ReleaseTagName: 20220308.4

Build Operation ID: |dTfVkmBzUw4=.d32c6399_
Repository Commit : cc47cdecb11e88cdfb33e1a5801cb1d4bde82297

Detecting platforms...
Detected following platforms:
  nodejs: 14.19.1
  php: 7.4.30

Found BuildConfigurationFile
Overriding the pre-build commands with the BuildConfigurationFile section
	apt install curl;
Overriding the post-build commands with the BuildConfigurationFile section
	echo finished;

Using intermediate directory '/tmp/8da80f374d7bbe7'.

Copying files to the intermediate directory...
Done in 2 sec(s).

Source directory     : /tmp/8da80f374d7bbe7
Destination directory: /home/site/wwwroot

Executing pre-build command...

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.\n\nE: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?\n/bin/bash -c "oryx build /home/site/repository -o /home/site/wwwroot --platform php --platform-version 7.4 -i /tmp/8da80f374d7bbe7 --log-file /tmp/build-debug.log  | tee /tmp/oryx-build.log ; exit $PIPESTATUS "

lkmbb avatar Aug 18 '22 08:08 lkmbb

Hi @lkmbb, thank you for reaching out! Could we try a couple things:

  1. sudo in front of apt command: sudo apt install curl
  2. whoami in front of apt command: whoami; apt install curl

Please share logs for these, thank you!

william-msft avatar Aug 24 '22 17:08 william-msft

Hi @william-msft thanks for help!

  1. I've tried that before and 'sudo' is not valid command
Command: oryx build /home/site/repository -o /home/site/wwwroot --platform php --platform-version 7.4 -i /tmp/8da86570ee90367 --log-file /tmp/build-debug.log  | tee /tmp/oryx-build.log
Operation performed by Microsoft Oryx, https://github.com/Microsoft/Oryx
You can report issues at https://github.com/Microsoft/Oryx/issues

Oryx Version: 0.2.20220308.4, Commit: c92fa6a2d6fc14dc9646f80e2bb2e393a5cdc258, ReleaseTagName: 20220308.4

Build Operation ID: |GuHKAefvHyY=.9f723d97_
Repository Commit : 9aba33e2d5161609987926feb2d81d9142b1ca43

Detecting platforms...
Detected following platforms:
  nodejs: 14.19.1
  php: 7.4.30

Found BuildConfigurationFile
Overriding the pre-build commands with the BuildConfigurationFile section
	sudo apt install curl;
Overriding the post-build commands with the BuildConfigurationFile section
	echo finished;

Using intermediate directory '/tmp/8da86570ee90367'.

Copying files to the intermediate directory...
Done in 2 sec(s).

Source directory     : /tmp/8da86570ee90367
Destination directory: /home/site/wwwroot

Executing pre-build command...
/tmp/BuildScriptGenerator/04d1960896f64af5a274d957e34714fc/build.sh: line 92: sudo: command not found
/tmp/BuildScriptGenerator/04d1960896f64af5a274d957e34714fc/build.sh: line 92: sudo: command not found\n/bin/bash -c "oryx build /home/site/repository -o /home/site/wwwroot --platform php --platform-version 7.4 -i /tmp/8da86570ee90367 --log-file /tmp/build-debug.log  | tee /tmp/oryx-build.log ; exit $PIPESTATUS "
  1. It seems that user name is 19437b5e0c45cd232d213322
Command: oryx build /home/site/repository -o /home/site/wwwroot --platform php --platform-version 7.4 -i /tmp/8da8657d40bd6c4 --log-file /tmp/build-debug.log  | tee /tmp/oryx-build.log
Operation performed by Microsoft Oryx, https://github.com/Microsoft/Oryx
You can report issues at https://github.com/Microsoft/Oryx/issues

Oryx Version: 0.2.20220308.4, Commit: c92fa6a2d6fc14dc9646f80e2bb2e393a5cdc258, ReleaseTagName: 20220308.4

Build Operation ID: |tb6EdvdSDKc=.9abfa515_
Repository Commit : 01c9708eb7da6463529d70454e691f8b117db93c

Detecting platforms...
Detected following platforms:
  nodejs: 14.19.1
  php: 7.4.30

Found BuildConfigurationFile
Overriding the pre-build commands with the BuildConfigurationFile section
	whoami; apt install curl;
Overriding the post-build commands with the BuildConfigurationFile section
	echo finished;

Using intermediate directory '/tmp/8da8657d40bd6c4'.

Copying files to the intermediate directory...
Done in 1 sec(s).

Source directory     : /tmp/8da8657d40bd6c4
Destination directory: /home/site/wwwroot

Executing pre-build command...
19437b5e0c45cd232d213322

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.\n\nE: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?\n/bin/bash -c "oryx build /home/site/repository -o /home/site/wwwroot --platform php --platform-version 7.4 -i /tmp/8da8657d40bd6c4 --log-file /tmp/build-debug.log  | tee /tmp/oryx-build.log ; exit $PIPESTATUS "

I've also tried cat /etc/passwd and here is log output

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/bin/false
messagebus:x:101:102::/var/run/dbus:/bin/false
sshd:x:102:65534::/run/sshd:/usr/sbin/nologin
systemd-timesync:x:103:104:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:104:105:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:105:106:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:106:107:systemd Bus Proxy,,,:/run/systemd:/bin/false
19437b5e0c45cd232d213322:x:1005:1007::/home/19437b5e0c45cd232d213322:
kudu_ssh_user:x:3636:1007::/home:/bin/bash

lkmbb avatar Aug 25 '22 05:08 lkmbb

Thank you @lkmbb for the extra logs!

@anthonychu do you know if WebApps' custom pre-build commands always run as non-root? If so, we'll have to pre-cache curl in container for users.

william-msft avatar Aug 29 '22 18:08 william-msft

Hi

I meet same problem. If there is any solution for that ?

lhascilo avatar Sep 12 '22 08:09 lhascilo

Hi Team, as of now Oryx does not support running apt-get commands as root. This is something that we plan on looking into but don't expect support soon. However we may be able to accommodate specific modules. Would curl be a module that your team needs?

william-msft avatar Sep 14 '22 19:09 william-msft

Hi @william-msft thank you for your respond! My team needs cron to run some schedule jobs inside container. I'm not sure if this will work.

lkmbb avatar Sep 15 '22 05:09 lkmbb

some update in this issue?

olmerg avatar Nov 11 '22 20:11 olmerg 

/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by my-server)
/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by my-server)

Any idea on how I can get GLIBC installed on Azure Web App?

https://stackoverflow.com/questions/78438843

rochapablo avatar May 07 '24 11:05 rochapablo