docker build fail

[dustinxie]

What version of iotex-core are you using (ioctl version)?

commit 4c8543c caused docker build to fail

What operating system and processor architecture are you using?

What did you do? If possible, provide a recipe for reproducing the error.

What did you expect to see?

What did you see instead?

here's the docker build log:

#26 [stage-1 10/12] RUN touch /var/lib/logrotate.status
#26 sha256:4c14e46ba47bff0e636e9257baaec63985e2100bd8263e6a74049ff582e02d98
#26 DONE 0.6s
#27 [stage-1 11/12] RUN chmod -R u=rwX,go=rX /etc
#27 sha256:f3f1e4d3c2e41172e2ba9b7ae3bcd8c0ef7d798980034a53031b0e1b5cc7b571
#27 0.639 chmod: /etc/hosts: Read-only file system
#27 0.776 chmod: /etc/resolv.conf: Read-only file system
#27 ERROR: executor failed running [/bin/sh -c chmod -R u=rwX,go=rX /etc]: exit code: 1
------
> [stage-1 11/12] RUN chmod -R u=rwX,go=rX /etc:
------
error: failed to solve: rpc error: code = Unknown desc = executor failed running [/bin/sh -c chmod -R u=rwX,go=rX /etc]: exit code: 1
Build failed using Buildkit

[jrynkiew]

What version of Docker are you running, what operating system, and what OS architecture? Do you run it as a privileged user? I think it's a Buildkit issue, not directly related to Docker. I will check. How did you enable Buildkit? In the config files?

[jrynkiew]

I just checked, and I ran make docker on the latest iotex-core repository I forked from the main repo in the root project directory, and I got the result:

Step 20/21 : RUN chmod -R u=rwX,go=rX /etc
---> Running in e8cd7bf1deca
Removing intermediate container e8cd7bf1deca
---> ef938aa752da
Step 21/21 : RUN logrotate /etc/logrotate.d/iotex
---> Running in 8d1a8cd6500b
Removing intermediate container 8d1a8cd6500b
---> 89fd77b24d18
Successfully built 89fd77b24d18
Successfully tagged jeremi/iotex-core:latest

[jrynkiew]

I read more into it - there is a Docker BuildKit support thread here - moby/buildkit#1267

It appears that the issue is related to the base image we use for Docker. The root folders are not writeable.

I think the real problem is not RUN chmod -R u=rwX,go=rX /etc, since without it the build process without BuildKit will give this error:

Potentially dangerous mode on /etc/logrotate.d/iotex: 0664
error: Ignoring /etc/logrotate.d/iotex because it is writable by group or others.

The problem is that the error suggests that the whole section in the Dockerfile

# logrotate log file daily
RUN apk add logrotate
COPY logrotate.conf /etc/logrotate.d/iotex
RUN mkdir -p /var/lib/
RUN touch /var/lib/logrotate.status
RUN logrotate /etc/logrotate.d/iotex

becomes useless unless you specify RUN chmod -R u=rwX,go=rX /etc if you decide to use

docker:
	$(DOCKERCMD) build -t $(USER)/iotex-core:latest .

in your Makefile.

The real fix is to force BuildKit on the Makefile

docker:
	DOCKER_BUILDKIT=1 $(DOCKERCMD) build -t $(USER)/iotex-core:latest .

and then remove the

RUN chmod -R u=rwX,go=rX /etc

command from the Dockerfile

[Liuhaai]

The explaination in the post seems reasonable.