-
Notifications
You must be signed in to change notification settings - Fork 322
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates to nssdb will cause image build to fail. #60
Comments
The reason you likely are not experiencing this is that the use of 'squash' on the image prevents it from happening. Go into the 2.7 directory and build the image manually:
Then it will fail:
The problem then is that if people simply follow the example of what to do from the 'Dockerfile' and directory of files and ignores the 'Makefile' in the top directory which does the 'squash', they will have problems. Also, it made no difference that 'fix-permissions' is now used in assemble in place of the existing chmod.
As to why it doesn't fail when 'squash' is used, it appears to changes the ownership/permissions the 'nssdb' file as a side effect.
This isn't really a good situation as is guaranteed that people will not follow to the letter the model you set up for how to do an S2I builder. There probably should be a deliberate action to remove the '.pki' directory from the image using:
Now, what is the '.pki' directory for? And why does 'squash' change the ownership/permissions? |
Actually, this is really warped. Those permissions do show it as owned by that user, yet after 'USER 1001' is used in the 'Dockerfile', it becomes inaccessible. No idea why. Appears it just needs to be removed. |
And one reason why people would ignore the Makefile and build scripts, is that they will not work on older bash versions. First because of the 'test -v' option. Second because of assumptions of where per user directory is for Python.
They will not therefore work on MacOS X. |
@GrahamDumpleton the docker build should definitely work without squashing... if it is not, then it is a bug. |
I can still replicate this with current master. |
What is odd though is that if one doesn't use docker on local system, but have OpenShift build it as:
then when used to create an application using:
it all works fine. Does OpenShift do am implicit squash of images before they are put in the OpenShift registry? |
I was having this problem, too (for @GrahamDumpleton can you try replicating again with master? |
Will check when get a chance. BTW, I have come to the belief that I don't believe the My philosophy is that the |
@GrahamDumpleton I think that warrants a separate discussion (maybe as a mailing list discussion or issue against |
I know it will never change, so don't see a great reason to raise it further. Just wanted to record my opinion somewhere. :-) |
@GrahamDumpleton can you confirm that this is no longer an issue and close this? |
Closing this on the basis that have not seen the AUFS permission bug crop up with |
Within
/opt/app-root/src/.pki
there is a directorynssdb
which is a database for something, possibly related to:If when Python packages are installed they trigger some operation (network??) which causes that database to be updated, the ownership of the database directory is ending up as:
If that occurs, when the
assemble
script tries to do:it will fail with the following error as it doesn't have permission to change the ownership of the database as at that point it is running as the unprivileged
default
user.This error the causes the image build to fail due to use of
set -e
.I don't know what the database is for and whether it might best be setup to be placed somewhere not in that location, but a workaround is to use instead of the
chmod -R
:This presumes that a
.pki
file/directory isn't going to exist elsewhere in the users code which should be changed.The text was updated successfully, but these errors were encountered: