Update to python 3.7 (buster) and use build-args #2379

thaJeztah · 2019-07-12T16:56:20Z

The build arg can be used to either test different versions, but also makes it easier to "grep" when upgrading versions.

The output format of gpg2 --list-secret-keys changed in the version installed on Buster, so grep was replaced with awk to address the new output format;

Debian Jessie:

gpg2 --no-auto-check-trustdb --list-secret-keys
/root/.gnupg/secring.gpg
------------------------
sec   1024D/A7B21401 2018-04-25
uid                  Sakuya Izayoi <sakuya@gensokyo.jp>
ssb   1024g/C235E4CE 2018-04-25

Debian Buster:

gpg2 --no-auto-check-trustdb --list-secret-keys
/root/.gnupg/pubring.kbx
------------------------
sec   dsa1024 2018-04-25 [SCA]
      9781B87DAB042E6FD51388A5464ED987A7B21401
uid           [ultimate] Sakuya Izayoi <sakuya@gensokyo.jp>
ssb   elg1024 2018-04-25 [E]

~~Follow-up to #2377 and #2378 (first two commits are from those PR's)~~

thaJeztah · 2019-07-15T10:03:20Z

Removed the multi-stage commits; this now only bumps to Python 3.7 and adds the build-args

thaJeztah · 2019-07-15T10:45:58Z

credential-helper tests failing https://jenkins.dockerproject.org/job/docker/job/docker-py/job/PR-2379/2/execution/node/125/log/

Credentials store docker-credential-pass exited with "exit status 1: gpg: sec: skipped: No public key

10:13:16 =================================== FAILURES ===================================
10:13:16 _________________________ TestStore.test_store_and_get _________________________
10:13:16 tests/integration/credentials/store_test.py:42: in test_store_and_get
10:13:16     self.store.store(server=key, username='user', secret='pass')
10:13:16 docker/credentials/store.py:58: in store
10:13:16     return self._execute('store', data_input)
10:13:16 docker/credentials/store.py:93: in _execute
10:13:16     raise errors.process_store_error(e, self.program)
10:13:16 E   StoreError: Credentials store docker-credential-pass exited with "exit status 1: gpg: sec: skipped: No public key
10:13:16 E   gpg: [stdin]: encryption failed: No public key
10:13:16 E   Password encryption aborted.".
10:13:16 ________________________ TestStore.test_store_and_erase ________________________
10:13:16 tests/integration/credentials/store_test.py:57: in test_store_and_erase
10:13:16     self.store.store(server=key, username='user', secret='pass')
10:13:16 docker/credentials/store.py:58: in store
10:13:16     return self._execute('store', data_input)
10:13:16 docker/credentials/store.py:93: in _execute
10:13:16     raise errors.process_store_error(e, self.program)
10:13:16 E   StoreError: Credentials store docker-credential-pass exited with "exit status 1: gpg: sec: skipped: No public key
10:13:16 E   gpg: [stdin]: encryption failed: No public key
10:13:16 E   Password encryption aborted.".
10:13:16 ________________________ TestStore.test_unicode_strings ________________________
10:13:16 tests/integration/credentials/store_test.py:65: in test_unicode_strings
10:13:16     self.store.store(server=key, username='user', secret='pass')
10:13:16 docker/credentials/store.py:58: in store
10:13:16     return self._execute('store', data_input)
10:13:16 docker/credentials/store.py:93: in _execute
10:13:16     raise errors.process_store_error(e, self.program)
10:13:16 E   StoreError: Credentials store docker-credential-pass exited with "exit status 1: gpg: sec: skipped: No public key
10:13:16 E   gpg: [stdin]: encryption failed: No public key
10:13:16 E   Password encryption aborted.".
10:13:16 _____________________________ TestStore.test_list ______________________________
10:13:16 tests/integration/credentials/store_test.py:74: in test_list
10:13:16     self.store.store(names[0], username='sakuya', secret='izayoi')
10:13:16 docker/credentials/store.py:58: in store
10:13:16     return self._execute('store', data_input)
10:13:16 docker/credentials/store.py:93: in _execute
10:13:16     raise errors.process_store_error(e, self.program)
10:13:16 E   StoreError: Credentials store docker-credential-pass exited with "exit status 1: gpg: sec: skipped: No public key
10:13:16 E   gpg: [stdin]: encryption failed: No public key
10:13:16 E   Password encryption aborted.".

thaJeztah · 2019-07-15T11:04:03Z

Looking if the output format changed between Jessie and Buster

This is the output in Buster;

gpg2 --no-auto-check-trustdb --list-secret-keys
/root/.gnupg/pubring.kbx
------------------------
sec   dsa1024 2018-04-25 [SCA]
      9781B87DAB042E6FD51388A5464ED987A7B21401
uid           [ultimate] Sakuya Izayoi <sakuya@gensokyo.jp>
ssb   elg1024 2018-04-25 [E]

Which will produce this after grep'ing;

gpg2 --no-auto-check-trustdb --list-secret-keys | grep ^sec | cut -d/ -f2 | cut -d" " -f1
sec

Looks like that might be the problem

thaJeztah · 2019-07-15T11:10:12Z

On Jessie;

root@ea5239dd9cd7:/src# gpg2 --no-auto-check-trustdb --list-secret-keys
/root/.gnupg/secring.gpg
------------------------
sec   1024D/A7B21401 2018-04-25
uid                  Sakuya Izayoi <sakuya@gensokyo.jp>
ssb   1024g/C235E4CE 2018-04-25

It does the right thing;

gpg2 --no-auto-check-trustdb --list-secret-keys | grep ^sec | cut -d/ -f2 | cut -d" " -f1
A7B21401

So, yes, that looks to be the problem

thaJeztah · 2019-07-15T11:23:15Z

This looks to do the job; updating

gpg2 --no-auto-check-trustdb --list-secret-key | awk '/^sec/{getline; $1=$1; print}'
9781B87DAB042E6FD51388A5464ED987A7B21401

The build arg can be used to either test different versions, but also makes it easier to "grep" when upgrading versions. The output format of `gpg2 --list-secret-keys` changed in the version installed on Buster, so `grep` was replaced with `awk` to address the new output format; Debian Jessie: gpg2 --no-auto-check-trustdb --list-secret-keys /root/.gnupg/secring.gpg ------------------------ sec 1024D/A7B21401 2018-04-25 uid Sakuya Izayoi <sakuya@gensokyo.jp> ssb 1024g/C235E4CE 2018-04-25 Debian Buster: gpg2 --no-auto-check-trustdb --list-secret-keys /root/.gnupg/pubring.kbx ------------------------ sec dsa1024 2018-04-25 [SCA] 9781B87DAB042E6FD51388A5464ED987A7B21401 uid [ultimate] Sakuya Izayoi <sakuya@gensokyo.jp> ssb elg1024 2018-04-25 [E] Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

thaJeztah · 2019-07-15T11:36:35Z

Hm... now Jenkins didn't run 😞

thaJeztah · 2019-07-15T11:39:57Z

Triggered it manually 🤷‍♂

thaJeztah · 2019-07-15T11:52:12Z

Seeing two failures locally; looks like it may be a wrong assumption in the test;

=================================================================================================== FAILURES ====================================================================================================
_____________________________________________________________________________________ BuildTest.test_build_invalid_platform _____________________________________________________________________________________
tests/integration/api_build_test.py:451: in test_build_invalid_platform
    assert excinfo.value.status_code == 400
E   AssertionError: assert 500 == 400
E    +  where 500 = APIError(HTTPError('500 Server Error: Internal Server Error for url: http://dpy-dind-py3:2375/v1.35/build?q=False&nocache=False&rm=False&forcerm=False&pull=False&platform=foobar')).status_code
E    +    where APIError(HTTPError('500 Server Error: Internal Server Error for url: http://dpy-dind-py3:2375/v1.35/build?q=False&nocache=False&rm=False&forcerm=False&pull=False&platform=foobar')) = <ExceptionInfo APIError tblen=5>.value
___________________________________________________________________________________ PullImageTest.test_pull_invalid_platform ____________________________________________________________________________________
tests/integration/api_image_test.py:73: in test_pull_invalid_platform
    assert 'invalid platform' in excinfo.exconly()
E   AssertionError: assert 'invalid platform' in 'docker.errors.APIError: 500 Server Error: Internal Server Error (""foobar": unknown operating system or architecture: invalid argument")'
E    +  where 'docker.errors.APIError: 500 Server Error: Internal Server Error (""foobar": unknown operating system or architecture: invalid argument")' = <bound method ExceptionInfo.exconly of <ExceptionInfo APIError tblen=4>>()
E    +    where <bound method ExceptionInfo.exconly of <ExceptionInfo APIError tblen=4>> = <ExceptionInfo APIError tblen=4>.exconly

docker build --platform=foobar -<<EOF
FROM busybox
EOF
Error response from daemon: "foobar": unknown operating system or architecture: invalid argument

docker pull --platform=foobar hello-world:latest
Error response from daemon: "foobar": unknown operating system or architecture: invalid argument

Ok; looks like the 500 status is an issue in Docker 18.09;

On Docker 18.09.7

DEBU[2019-07-15T11:59:20.687268380Z] Calling POST /v1.39/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&platform=foobar&rm=1&session=jko7kejjvs93judyfnq7shoda&shmsize=0&target=&ulimits=null&version=1 
DEBU[2019-07-15T11:59:20.687282279Z] Calling POST /session                        
INFO[2019-07-15T11:59:20.687761392Z] parsed scheme: ""                             module=grpc
INFO[2019-07-15T11:59:20.687833668Z] scheme "" not registered, fallback to default scheme  module=grpc
INFO[2019-07-15T11:59:20.688017578Z] ccResolverWrapper: sending new addresses to cc: [{ 0  <nil>}]  module=grpc
INFO[2019-07-15T11:59:20.688270160Z] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2019-07-15T11:59:20.688353083Z] pickfirstBalancer: HandleSubConnStateChange: 0xc4209b0630, CONNECTING  module=grpc
INFO[2019-07-15T11:59:20.688985698Z] pickfirstBalancer: HandleSubConnStateChange: 0xc4209b0630, READY  module=grpc
DEBU[2019-07-15T11:59:20.812700550Z] client is session enabled                    
DEBU[2019-07-15T11:59:20.813139288Z] FIXME: Got an API for which error does not match any expected type!!!: invalid argument
github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs.init
	/go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs/errors.go:40
github.com/docker/docker/vendor/github.com/containerd/containerd/content.init
	<autogenerated>:1
github.com/docker/docker/builder/builder-next.init
	<autogenerated>:1
github.com/docker/docker/api/server/backend/build.init
	<autogenerated>:1
main.init
	<autogenerated>:1
runtime.main
	/usr/local/go/src/runtime/proc.go:186
runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:2361  error_type="*errors.fundamental" module=api
ERRO[2019-07-15T11:59:20.813210677Z] Handler for POST /v1.39/build returned error: "foobar": unknown operating system or architecture: invalid argument 
DEBU[2019-07-15T11:59:20.813276737Z] FIXME: Got an API for which error does not match any expected type!!!: invalid argument
github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs.init
	/go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs/errors.go:40
github.com/docker/docker/vendor/github.com/containerd/containerd/content.init
	<autogenerated>:1
github.com/docker/docker/builder/builder-next.init
	<autogenerated>:1
github.com/docker/docker/api/server/backend/build.init
	<autogenerated>:1
main.init
	<autogenerated>:1
runtime.main
	/usr/local/go/src/runtime/proc.go:186
runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:2361  error_type="*errors.fundamental" module=api

DEBU[2019-07-15T12:00:18.812995330Z] Calling POST /v1.39/images/create?fromImage=hello-world&platform=foobar&tag=latest 
DEBU[2019-07-15T12:00:18.813229172Z] FIXME: Got an API for which error does not match any expected type!!!: invalid argument
github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs.init
	/go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs/errors.go:40
github.com/docker/docker/vendor/github.com/containerd/containerd/content.init
	<autogenerated>:1
github.com/docker/docker/builder/builder-next.init
	<autogenerated>:1
github.com/docker/docker/api/server/backend/build.init
	<autogenerated>:1
main.init
	<autogenerated>:1
runtime.main
	/usr/local/go/src/runtime/proc.go:186
runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:2361  error_type="*errors.fundamental" module=api
ERRO[2019-07-15T12:00:18.813365546Z] Handler for POST /v1.39/images/create returned error: "foobar": unknown operating system or architecture: invalid argument 
DEBU[2019-07-15T12:00:18.813461428Z] FIXME: Got an API for which error does not match any expected type!!!: invalid argument
github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs.init
	/go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs/errors.go:40
github.com/docker/docker/vendor/github.com/containerd/containerd/content.init
	<autogenerated>:1
github.com/docker/docker/builder/builder-next.init
	<autogenerated>:1
github.com/docker/docker/api/server/backend/build.init
	<autogenerated>:1
main.init
	<autogenerated>:1
runtime.main
	/usr/local/go/src/runtime/proc.go:186
runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:2361  error_type="*errors.fundamental" module=api

Actually; same issue on Docker 19.03.0-rc3;

DEBU[2019-07-15T12:10:47.477865189Z] FIXME: Got an API for which error does not match any expected type!!!: invalid argument
github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs.init.ializers
	/go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs/errors.go:40
runtime.main
	/usr/local/go/src/runtime/proc.go:188
runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:1337  error_type="*errors.fundamental" module=api
ERRO[2019-07-15T12:10:47.478374728Z] Handler for POST /v1.40/images/create returned error: "foobar": unknown operating system or architecture: invalid argument 
DEBU[2019-07-15T12:10:47.479054152Z] FIXME: Got an API for which error does not match any expected type!!!: invalid argument
github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs.init.ializers
	/go/src/github.com/docker/docker/vendor/github.com/containerd/containerd/errdefs/errors.go:40
runtime.main
	/usr/local/go/src/runtime/proc.go:188
runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:1337  error_type="*errors.fundamental" module=api

Looks like the containerd error isn't converted into the correct status code.
The error message to check for should still be updated though

thaJeztah · 2019-07-15T12:18:21Z

Docker 18.03 returns a different string, but also looks to be returning a 500 for the docker pull case;

DEBU[2019-07-15T12:16:08.744827612Z] Calling POST /v1.37/images/create?fromImage=hello-world&platform=foobar&tag=latest 
DEBU[2019-07-15T12:16:08.745594874Z] FIXME: Got an API for which error does not match any expected type!!!: invalid platform: invalid platform os "foobar"  error_type="*errors.errorString" module=api
ERRO[2019-07-15T12:16:08.745916686Z] Handler for POST /v1.37/images/create returned error: invalid platform: invalid platform os "foobar" 
DEBU[2019-07-15T12:16:08.746191172Z] FIXME: Got an API for which error does not match any expected type!!!: invalid platform: invalid platform os "foobar"  error_type="*errors.errorString" module=api

The docker build case properly returns a 400;

DEBU[2019-07-15T12:17:22.745511870Z] Calling GET /_ping                           
DEBU[2019-07-15T12:17:22.748224796Z] Calling POST /session                        
DEBU[2019-07-15T12:17:22.748692282Z] Calling POST /v1.37/build?buildargs=%7B%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&platform=foobar&rm=1&session=d7b6ceba9d8d0aed67a805528554feb5285781fe888a4bf4e0c15cb09bffd614&shmsize=0&target=&ulimits=null

thaJeztah · 2019-07-15T13:06:36Z

opened #2382 to address the "experimental" tests

ping @shin- @ulyssessouza PTAL

ulyssessouza

Just a little comment on Dockerfile's python tag

ulyssessouza · 2019-07-15T14:02:49Z

tests/Dockerfile

@@ -1,5 +1,6 @@
-ARG PYTHON_VERSION=3.6
-FROM python:$PYTHON_VERSION-jessie
+ARG PYTHON_VERSION=3.7


Shouldn't it be ARG PYTHON_VERSION=3.7-stretch to keep the same level of specificity in the TAG?
Or that removal was intentional?

They're aliases. Removing it allows overriding it with PYTHON_VERSION=3.6-jessie although that would now fail because of the gpg2 change.

Not sure if there was a specific reason to add the -jessie suffix; I couldn't find one directly

Hmmm.. checking here, It's not exactly the same image:

REPOSITORY TAG IMAGE ID CREATED SIZE python 3.7-stretch 71c6ddda7cab 2 days ago 941MB python 3.7 42d620af35be 2 days ago 918MB

I'm not against changing to 3.7 instead of 3.7-stretch.
My point is just that we have to know it's a different image.

Did you check the image's digest as well? Was your image cache out of date perhaps?

docker manifest inspect python:3.7 { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 2217, "digest": "sha256:11454cd111137f54f2c91a624ab16b88d6dd31092a6f7fa267dea5e21b9f0a77", "platform": { "architecture": "amd64", "os": "linux" } }, docker manifest inspect python:3.7-buster { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 2217, "digest": "sha256:11454cd111137f54f2c91a624ab16b88d6dd31092a6f7fa267dea5e21b9f0a77", "platform": { "architecture": "amd64", "os": "linux" } }, docker manifest inspect python:3.7.4 { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 2217, "digest": "sha256:11454cd111137f54f2c91a624ab16b88d6dd31092a6f7fa267dea5e21b9f0a77", "platform": { "architecture": "amd64", "os": "linux" } }, docker manifest inspect python:3.7.4-buster { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 2217, "digest": "sha256:11454cd111137f54f2c91a624ab16b88d6dd31092a6f7fa267dea5e21b9f0a77", "platform": { "architecture": "amd64", "os": "linux" } },

Just removed all my images and docker pull python:3.7 and docker pull python:3.7-stretch. By the way, I don't see python:3.7-stretch in your message.
My inspect on python:3.7-stretch results in:

$ docker manifest inspect python:3.7-stretch { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "size": 2218, "digest": "sha256:4cb0e5e9861fad660bbe72f0ae5a35e982daad0b7106612aa8ee4c9277faa7d6", "platform": { "architecture": "amd64", "os": "linux" } }, ...

oh! 🤦‍♂ now see you're comparing with -stretch, but 3.7 is equivalent to -buster (which is current stable)

Ahhh... Ok! I didn't know about buster (since it was released July 6th, 2019). In my head stretch was still the current stable. Sorry for that 🤦‍♂️
In this case, YES! You are right! I drop my charges 😅

ulyssessouza

LGTM

shin-

LGTM, thanks!

thaJeztah force-pushed the bump_python branch from 4cb326f to db5a9f0 Compare July 15, 2019 10:02

thaJeztah changed the title ~~Update to python 3.7 (stretch) and use build-args~~ Update to python 3.7 (buster) and use build-args Jul 15, 2019

thaJeztah force-pushed the bump_python branch from db5a9f0 to f5a36c2 Compare July 15, 2019 11:26

thaJeztah force-pushed the bump_python branch from f5a36c2 to 6f6572b Compare July 15, 2019 11:27

thaJeztah mentioned this pull request Jul 15, 2019

Bump docker-py to 4.0.2, and run tests from upstream repository moby/moby#39068

Merged

ulyssessouza reviewed Jul 15, 2019

View reviewed changes

ulyssessouza self-requested a review July 15, 2019 17:11

ulyssessouza approved these changes Jul 15, 2019

View reviewed changes

shin- approved these changes Jul 15, 2019

View reviewed changes

shin- merged commit 068ddf8 into docker:master Jul 15, 2019

thaJeztah deleted the bump_python branch July 15, 2019 20:32

Update to python 3.7 (buster) and use build-args #2379

Update to python 3.7 (buster) and use build-args #2379

Uh oh!

Conversation

thaJeztah commented Jul 12, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

thaJeztah commented Jul 15, 2019

Uh oh!

thaJeztah commented Jul 15, 2019

Uh oh!

thaJeztah commented Jul 15, 2019

Uh oh!

thaJeztah commented Jul 15, 2019

Uh oh!

thaJeztah commented Jul 15, 2019

Uh oh!

thaJeztah commented Jul 15, 2019

Uh oh!

thaJeztah commented Jul 15, 2019

Uh oh!

thaJeztah commented Jul 15, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

thaJeztah commented Jul 15, 2019

Uh oh!

thaJeztah commented Jul 15, 2019

Uh oh!

ulyssessouza left a comment

Choose a reason for hiding this comment

Uh oh!

ulyssessouza Jul 15, 2019

Choose a reason for hiding this comment

Uh oh!

thaJeztah Jul 15, 2019

Choose a reason for hiding this comment

Uh oh!

ulyssessouza Jul 15, 2019

Choose a reason for hiding this comment

Uh oh!

thaJeztah Jul 15, 2019

Choose a reason for hiding this comment

Uh oh!

ulyssessouza Jul 15, 2019

Choose a reason for hiding this comment

Uh oh!

thaJeztah Jul 15, 2019

Choose a reason for hiding this comment

Uh oh!

ulyssessouza Jul 15, 2019

Choose a reason for hiding this comment

Uh oh!

ulyssessouza left a comment

Choose a reason for hiding this comment

Uh oh!

shin- left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

thaJeztah commented Jul 12, 2019 •

edited

Loading

thaJeztah commented Jul 15, 2019 •

edited

Loading