Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Published Docker image version 1.3.6 cannot run curl #32450

Open
craigmiskell-gitlab opened this issue Jan 3, 2023 · 4 comments
Open

Published Docker image version 1.3.6 cannot run curl #32450

craigmiskell-gitlab opened this issue Jan 3, 2023 · 4 comments
Labels
bug new new issue not yet triaged

Comments

@craigmiskell-gitlab
Copy link

Terraform Version

1.3.6

Terraform Configuration Files

N/A

Debug Output

$ docker run --entrypoint /bin/sh -it hashicorp/terraform:1.3.6
/ # ls -l /usr/lib/libcurl*
lrwxrwxrwx    1 root     root            16 Nov 30 20:58 /usr/lib/libcurl.so.4 -> libcurl.so.4.8.0
-rwxr-xr-x    1 root     root        521904 Oct 26 10:35 /usr/lib/libcurl.so.4.8.0
/ # strings /usr/lib/libcurl.so.4.8.0|grep CLIENT
CLIENT libcurl 7.86.0
CLIENT libcurl 7.86.0
CLIENT libcurl 7.86.0
RTSP_CLIENT_CSEQ
/ # apk add curl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
(1/1) Installing curl (7.87.0-r0)
Executing busybox-1.35.0-r29.trigger
OK: 23 MiB in 33 packages
/ # curl http://example.com/
curl: (48) An unknown option was passed in to libcurl
/ # curl --version
curl 7.87.0 (x86_64-alpine-linux-musl) libcurl/7.86.0 OpenSSL/3.0.7 zlib/1.2.13 brotli/1.0.9 nghttp2/1.51.0
Release-Date: 2022-12-21
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets
WARNING: curl and libcurl versions do not match. Functionality may be affected.

The warning is important. Compared to say 1.3.5:

$ docker run --entrypoint /bin/sh -it hashicorp/terraform:1.3.5
/ # ls -l /usr/lib/libcurl*
lrwxrwxrwx    1 root     root            16 Nov 17 20:03 /usr/lib/libcurl.so.4 -> libcurl.so.4.8.0
-rwxr-xr-x    1 root     root        505304 Oct 26 10:34 /usr/lib/libcurl.so.4.8.0
/ # strings /usr/lib/libcurl.so.4.8.0|grep CLIENT
CLIENT libcurl 7.83.1
CLIENT libcurl 7.83.1
CLIENT libcurl 7.83.1
RTSP_CLIENT_CSEQ
/ # apk add curl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
(1/1) Installing curl (7.83.1-r5)
Executing busybox-1.35.0-r17.trigger
OK: 26 MiB in 32 packages
/ # curl --version
curl 7.83.1 (x86_64-alpine-linux-musl) libcurl/7.83.1 OpenSSL/1.1.1s zlib/1.2.12 brotli/1.0.9 nghttp2/1.47.0
Release-Date: 2022-05-11
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets
/ # curl http://example.com/
<!doctype html>
<html>
...

Expected Behavior

Adding curl and using it in the terraform 1.3.6 image should work (e.g. to add tflint)

Actual Behavior

curl fails, in an obscure way.

Steps to Reproduce

  1. docker run --entrypoint /bin/sh -it hashicorp/terraform:1.3.6
  2. apk add curl
  3. curl http://example.com/

Additional Context

Probably just needs a rebuild of 1.3.6 from the upstream alpine 3.17 so that the libcurl (that gets installed by https://github.com/hashicorp/terraform/blob/main/Dockerfile#L13) is up to date with what apk will later add.

References

No response
@craigmiskell-gitlab craigmiskell-gitlab added bug new new issue not yet triaged labels Jan 3, 2023
@crw
Copy link
Collaborator

crw commented Jan 6, 2023

Thanks for this report. Do you also experience this issue in the 1.3.7 image?

@craigmiskell-gitlab
Copy link
Author

Thanks for this report. Do you also experience this issue in the 1.3.7 image?

I do not; that version works fine.

@b-quentin
Copy link

Curl version does not match with libcurl.

curl --version
curl 7.87.0 (x86_64-alpine-linux-musl) libcurl/7.86.0 OpenSSL/3.0.7 zlib/1.2.13 brotli/1.0.9 nghttp2/1.51.0


apk upgrade
(1/7) Upgrading ca-certificates-bundle (20220614-r2 -> 20220614-r3)
(2/7) Upgrading libcrypto3 (3.0.7-r0 -> 3.0.7-r2)
(3/7) Upgrading libssl3 (3.0.7-r0 -> 3.0.7-r2)
(4/7) Upgrading ca-certificates (20220614-r2 -> 20220614-r3)
(5/7) Upgrading libcurl (7.86.0-r1 -> 7.87.0-r0)
(6/7) Upgrading pcre2 (10.40-r0 -> 10.42-r0)
(7/7) Upgrading git (2.38.1-r0 -> 2.38.2-r0)
Executing busybox-1.35.0-r29.trigger
Executing ca-certificates-20220614-r3.trigger
OK: 23 MiB in 33 packages

So you have the versions that are in agreement

curl --version
curl 7.87.0 (x86_64-alpine-linux-musl) libcurl/7.87.0 OpenSSL/3.0.7 zlib/1.2.13 brotli/1.0.9 nghttp2/1.51.0
Release-Date: 2022-12-21
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets

And test:

curl www.google.com

Two solutions are possible: rebuild the image, or modify the Dockerfile as follows:


FROM docker.mirror.hashicorp.services/golang:alpine
LABEL maintainer="HashiCorp Terraform Team <terraform@hashicorp.com>"

RUN apk update && \
apk upgrade && \
apk add --no-cache git bash openssh

ENV TF_DEV=true
ENV TF_RELEASE=1

WORKDIR $GOPATH/src/github.com/hashicorp/terraform
COPY . .
RUN /bin/bash ./scripts/build.sh

WORKDIR $GOPATH
ENTRYPOINT ["terraform"]

@rnelson0
Copy link

FYI this issue arose on hashicorp/terraform:1.3.3 sometime between 4/9 and 4/26 of this year, when it started serving curl 8.0.1-r0 but libcurl 7.88.1. On 4/9 it was still serving curl 7.83.1-r6.

curl 8.0.1 (x86_64-alpine-linux-musl) libcurl/7.83.1 OpenSSL/1.1.1q zlib/1.2.12 brotli/1.0.9 nghttp2/1.47.0 Release-Date: 2023-03-20 Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets WARNING: curl and libcurl versions do not match. Functionality may be affected.

When this started happening, curl would output null regardless of the destination; only curl -V output any non-empty string.

Moving to hashicorp/terraform:1.4.5 resolved the issue for us, though fair warning it still has a mismatch, just not one that breaks curl's basic functionality:

curl 8.0.1 (x86_64-alpine-linux-musl) libcurl/7.88.1 OpenSSL/3.0.8 zlib/1.2.13 brotli/1.0.9 nghttp2/1.51.0 Release-Date: 2023-03-20 Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets WARNING: curl and libcurl versions do not match. Functionality may be affected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug new new issue not yet triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@crw @rnelson0 @b-quentin @craigmiskell-gitlab