blockbook icon indicating copy to clipboard operation
blockbook copied to clipboard

Published 20 hours ago verified publisher icon trezor

Use --network=host when building with docker

Open dylanseago opened this issue 3 years ago • 5 comments

Fixes https://github.com/trezor/blockbook/issues/665

dylanseago avatar Aug 30 '21 21:08 dylanseago

The relevant issue is still a problem. Is anyone able to merge?

dylanseago avatar Jun 03 '22 21:06 dylanseago

@dylanseago Hi, do you know what exactly is the reason for https://github.com/trezor/blockbook/issues/665 in your configuration? We do not observe this problem. And in general, we are reluctant to accept PRs which change our production infrastructure (from our point of view) arbitrarily.

martinboehm avatar Jun 20 '22 16:06 martinboehm

@martinboehm The default docker network is the "bridge" network, which does not have access to the internet. As such the build fails because it cannot download the package list when running apt update in the Dockerfile. I'm pretty sure this won't affect running production infrastructure, this only grants access to the host internet during image builds. It doesn't apply to actually running these images in a container.

There may be another way to tackle this problem, such as manually configuring a build network that has a DNS to resolve the package domains. But this was the first and simplest fix that worked.

Alternatively, it could make sense to allow customizing build args using a shell variable that can be set to whatever args the build OS needs. For example, BLOCKBOOK_DOCKER_BUILD_ARGS='--network=host' make

If you build your images on dev machines (ie MacOS), you might not encounter this issue. I believe it may only affect building on a linux/debian host, but I haven't tested this theory.

More info can be found here in the docker docs:

https://docs.docker.com/network/#network-drivers

  • bridge: The default network driver. If you don’t specify a driver, this is the type of network you are creating. Bridge networks are usually used when your applications run in standalone containers that need to communicate.
  • host: For standalone containers, remove network isolation between the container and the Docker host, and use the host’s networking directly.

https://docs.docker.com/network/bridge/#enable-forwarding-from-docker-containers-to-the-outside-world

By default, traffic from containers connected to the default bridge network is not forwarded to the outside world.

dylanseago avatar Aug 02 '22 18:08 dylanseago

We are building many packages on our server and never experienced any issue with connection timing out or container not having internet access. Have you tried on a different system?

vdovhanych avatar Aug 03 '22 14:08 vdovhanych

I just tried to build deb packages on four different systems, and none of them had an issue.

vdovhanych avatar Aug 03 '22 15:08 vdovhanych