Install ca-certificates in docker and use pipefail
#6208
Merged
+2
−2
Commits on Aug 19, 2024
-
Install
ca-certificatesin docker anduse pipefail A dockerfile using `ubuntu` instead of `python` as base image currently silently fails to install. ```dockerfile FROM ubuntu RUN apt-get update && apt-get install -y curl --no-install-recommends RUN curl -LsSf https://astral.sh/uv/install.sh | sh RUN uv --version ``` ```console $ docker buildx build --progress plain --no-cache . [...] #6 [3/4] RUN curl -LsSf https://astral.sh/uv/install.sh | sh #6 0.144 curl: (77) error setting certificate file: /etc/ssl/certs/ca-certificates.crt #6 DONE 0.2s #7 [4/4] RUN uv --version #7 0.113 /bin/sh: 1: uv: not found #7 ERROR: process "/bin/sh -c uv --version" did not complete successfully: exit code: 127 ``` There's two underlying problems: Pipefail, and missing `ca-certificates`. In most shells, the source of a pipe erroring doesn't fail the entire command, so `curl -LsSf https://astral.sh/uv/install.sh | sh` passes even if the curl part fails. In bash, you can prefix the command with `set -o pipefail &&` to change this behavior. But in the `ubuntu` docker container, dash is the default shell, not bash. dash doesn't have a pipefail option (in the version in ubuntu), so the [best practice](https://docs.docker.com/build/building/best-practices/#using-pipes) is `RUN ["/bin/bash", "-c", "set -o pipefail && curl -LsSf https://astral.sh/uv/install.sh | sh"]`. That's not very readable, so i'm going for `RUN curl -LsSf https://astral.sh/uv/install.sh > /tmp/uv-installer.sh && sh /tmp/uv-installer.sh && rm /tmp/uv-installer.sh` instead. ```dockerfile FROM ubuntu RUN apt-get update && apt-get install -y curl --no-install-recommends RUN curl -LsSf https://astral.sh/uv/install.sh > /tmp/uv-installer.sh && sh /tmp/uv-installer.sh && rm /tmp/uv-installer.sh \ RUN uv --version ``` ```console $ docker buildx build --progress plain --no-cache . [...] #6 [3/3] RUN curl -LsSf https://astral.sh/uv/install.sh > /tmp/uv-installer.sh && sh /tmp/uv-installer.sh && rm /tmp/uv-installer.sh RUN uv --version #6 0.179 curl: (77) error setting certificate file: /etc/ssl/certs/ca-certificates.crt #6 ERROR: process "/bin/sh -c curl -LsSf https://astral.sh/uv/install.sh > /tmp/uv-installer.sh && sh /tmp/uv-installer.sh && rm /tmp/uv-installer.sh RUN uv --version" did not complete successfully: exit code: 77 ``` The source for this error is `ca-certificates` missing, which is a recommended package. We need to drop `--no-install-recommends` and the installation passes again.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.