-
Notifications
You must be signed in to change notification settings - Fork 18.7k
Security warning appearing when building a Docker image from Windows against a non-Windows Docker host #20397
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
IIRC, this really has to do with Closing since this is not really an issue, but feel free to discuss here. |
That warning was added, because the Windows filesystem does not have an option to mark a file as 'executable'. Building a linux image from a Windows machine would therefore break the image if a file has to be marked executable. For that reason, files are marked executable by default when building from a windows client; the warning is there so that you are notified of that, and (if needed), modify the Dockerfile to change/remove the executable bit afterwards. |
Thank you @thaJeztah for your explanatory response. |
Is there a way to prevent this warning? Some kind of switch? |
no, there's currently no switch to turn off that warning |
There definitely NEEDS to be a switch. This helpful, and un-addressable message breaks the build when using automated build systems. If they see anything written to stderr or get a non-zero return code, that breaks the build. If you give an error message either: A) give me a way to correct it or B) give me a way to suppress it. This needs to be fixed, this is a showstopper for those using Jenkins, TeamCity, Octopus, etc for builds. Please re-open and address this. |
@thaJeztah Agreed - this is resolved in 17.04. thanks! |
Thanks for checking @RobSeder 👍 |
(1.5 years later) - this doesn't quite fix it for me as I fail my builds on warnings so this warning message breaks my build. I've done it this way in order to fail builds that introduce any standards violations or other Microsoft compile-time warnings. So my only solution is to allow builds through with warnings? @thaJeztah |
@bdzevel as of docker 17.04, the warning should be printed on stdout, not stderr (see my comment above) so you could check stderr for messages (or check the exit-code). |
does this warning have any impact on the access for docker during the run that happens after the build? for example when i build an image locally (that does output the warning mentioned above) and try to run a container off of that image, docker fails to detect some files that do actually exist, i was able to verify the files existence when i sh into that container. @thaJeztah |
No this warning is just to indicatie files will be copied with the executable bit set (when using a Windows client) If the command cannot be found and you're trying to execute a script, make sure the file has the correct line endings |
I too would like a way to suppress/acknowledge this "recommendation". It looks scary during public demos, and makes it seem like you're doing something wrong when in fact this message is just always printed regardless. |
Hey, I have been running into a similar problem, when I build a linux image it is showing that all the files only have permission to execute, however in the image that I am building one of the folders need write permission. Is it possible to modify the permission from only -x- to -rwx- or at least -wx- Thanks in advance for your help |
@thaJeztah, do you have any suggestions??? |
\n\nWaiting for the systems to be ready.. |
How about improving the ADD command to take unix umask parameters and setting them appropriately? Or is there such a possibility already? |
See #34819 |
Hi I have a doubt regarding the directory to which people copy the file. I have noticed some using opt directory, other's use var/www/ and quite few uses usr directory. @thaJeztah is there any reason behind this? Which one is the proper way? |
@sujithmp all depends on the base image you're using to build your image; there's no one answer to that, and it's definitely not related to this ticket. Please keep in mind that the GitHub issue tracker is not intended as a general support forum,
|
what about having a simple environment variable |
Hi @thaJeztah I develop in Python app in Windows, works local fine, but when I deploy to Azure, it errors out, can't find index.py and other automatic commands, for some reason it doens't want to read my startup command, which works locally, again, would you say it's related to the security warning pf this ticket? |
No the warning should have no impact on the actual image. If files are not found, double check if they're not excluded by a |
I agree with @c33s. There must be a switch to suppress the warning. We got the warnig. Message delivered, thanks. No need to say it again every time we run our docker-based autmated scripts. Also the warning message is ugly: it doesn't even align with 80-columns-are-enough rule. It makes the log look creepy... photo attached showing how a simple Also, got to mention that the message is distracting. Some times we have stuff to be printed to the log after |
@thaJeztah any comment on the multiple requests above for a way to disable this warning? :) |
Same as @Zero3. Would be useful @thaJeztah if we can consider this. |
|
@sujithh Linux produces odd error messages if a script has Windows ( Here's a script with linux ( echo -e '#!/bin/sh\necho hello' > linux.sh && chmod +x linux.sh
./linux.sh
# hello And here's a script with Windows ( echo -e '#!/bin/sh\r\necho hello' > windows.sh && chmod +x windows.sh
./windows.sh
# bash: ./windows.sh: /bin/sh^M: bad interpreter: No such file or directory |
@thaJeztah any thoughts on the DOCKER_SUPPRESS_WINDOWS_FILE_SECURITY_WARNING=TRUE suggestion above? We want no warnings and errors in our builds, but we need Windows agents to build our content. |
A common warning when your Jenkins service has the same port as the Imager you are trying to Build. For instance, if Jenkins is on port 8080 and the image has EXPOSE: 8080. Change the image port and the issue will be resolved. |
I am experimenting with building my own Docker image with the purpose of later building Jenkins and SonarQube dockers.
When I attempt to create a simple Dockerfile to experiment and install emacs to easily be able to edit files in bash I get the following output:
This is what my dockerfile contains:
What does this Security warning mean exactly and how can I avoid it?
More info, when I use the docker info command I get the following data:
The text was updated successfully, but these errors were encountered: