Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Null fields in docker config cause build-enclave to fail #591

Closed
jalil-salame opened this issue Mar 5, 2024 · 5 comments
Closed

Null fields in docker config cause build-enclave to fail #591

jalil-salame opened this issue Mar 5, 2024 · 5 comments

Comments

@jalil-salame
Copy link

I use dockerTools.buildLayeredImage to build docker images. It sets Env, Entrypoint, and Cmd to null if not set, this causes nitro-cli build-enclave to fail:

I think the panic is because of a logic bug:

aws-nitro-enclaves-cli/enclave_build/src/docker.rs

Lines 328 to 337 in bc9c0b8

match self.docker.images().get(&self.docker_image).inspect().await {
Ok(image) => Ok((
image.config.entrypoint.unwrap(),
image.config.env.ok_or_else(Vec::<String>::new).unwrap(),
)),
Err(e) => {
error!("{:?}", e);
Err(DockerError::InspectError)
}
}

Should instead be:

match self.docker.images().get(&self.docker_image).inspect().await {
    Ok(image) => Ok((
        image.config.entrypoint.unwrap(),
        image.config.env.unwrap_or_else(Vec::<String>::new), // <-- here
    )),
    Err(e) => {
        error!("{:?}", e);
        Err(DockerError::InspectError)
    }
}

I don't know how docker handles it, but my assumption is:

  • If Entrypoint is null, then use Cmd
  • If Cmd is null, then use Entrypoint

I have tested the images directly with docker and they work as expected.
@jalil-salame
Copy link
Author

jalil-salame commented Mar 7, 2024
edited
Loading

I am having other issues with images created by dockerTools which can be attributed to shiplift (the docker library used). Shiplift hasn't been updated in 3 years and assumes things that are no longer true, I suggest migrating away from it in favor of bollard which is more up to date.

Specifically shiplift expects the virtual_size field to be present, but it is not guaranteed to be:

virtual_size:
Total size of the image including all layers it is composed of. Deprecated: this field is omitted in API v1.44, but kept for backward compatibility. Use Size instead

@jalil-salame
Copy link
Author

For anyone coming across this issue, you can temporarily fix it by rolling back docker (sudo dnf downgrade docker) to version 24 which still sends the deprecated field.

@jplock
Copy link

jplock commented Mar 15, 2024

Thank you! Downgrading to Docker 24.0.5 fixed my issue

@meerd
Copy link
Contributor

meerd commented Apr 5, 2024
edited
Loading

#595 will fix the issue.

@jalil-salame
Copy link
Author

#595 has been merged!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jplock @meerd @jalil-salame