search

CollaboraOnline / online

Collabora Online is a collaborative online office suite based on LibreOffice technology. This is also the source for the Collabora Office apps for iOS and Android.
https://collaboraonline.com
Other
1.78k stars 681 forks source link

Compiling docker images, not functional "FTL Failed to initialize COOLWSD: Cannot load default CA bundle| wsd/COOLWSD.hpp:530" #9554

Closed BigTwoProduction closed 1 month ago

BigTwoProduction commented 2 months ago

Hello,

I compile a docker container quite often in order to appreciate the evolutions and improvements thanks to your wonderful work. Many thanks for that.

The compilation I'm doing concerns the following branches:

Online: distro/collabora/co-24.04 https://github.com/CollaboraOnline/online/tree/distro/collabora/co-24.04 Core: distro/collabora/co-24.04 https://git.libreoffice.org/core/+/refs/heads/distro/collabora/co-24.04

However, since commit 4346c2fdd307b6d38c6c2b533a4358c9024d7466

The docker container is no longer functional. I think the error concerns the verification of the self-signed certificate. Even if you specify “--o:ssl.ssl_verification=false”

When I launch my container, here are the parameters. sudo docker run -t -d -p 9980:9980 -e “domain=xxxx.aaaa.fr” -e “extra_params=--o:user_interface.mode=notebookbar --o:net.proto=IPv4 --o:ssl.ssl_verification=false” -e “username=admin” -e “password=xxxxxxx” -v /etc/localtime:/etc/localtime -v /etc/timezone:/etc/timezone --restart always --name code_test --cap-add MKNOD --privileged id_image

The error is as follows

`Failed to initialize COOLWSD: Cannot load default CA bundle wsd-00001-00001 2024-07-19 17:11:42.078905 +0200 [ coolwsd ] INF hardware threads: 8| wsd/Admin.cpp:583 wsd-00001-00001 2024-07-19 17:11:42.078955 +0200 [ coolwsd ] TRC Initialize StorageBase| wsd/COOLWSD.cpp:2946 wsd-00001-00001 2024-07-19 17:11:42.084439 +0200 [ coolwsd ] FTL Failed to initialize COOLWSD: Cannot load default CA bundle| wsd/COOLWSD.hpp:530 Cannot load default CA bundle wsd-00001-00001 2024-07-19 17:11:42.084701 +0200 [ coolwsd ] INF ~Admin dtor.| wsd/Admin.cpp:588 wsd-00001-00001 2024-07-19 17:11:42.084715 +0200 [ coolwsd ] TRC History: { "documents" : [], "expiredDocuments" : []} | wsd/AdminModel.cpp:206 wsd-00001-00001 2024-07-19 17:11:42.084725 +0200 [ coolwsd ] INF AdminModel dtor.| wsd/AdminModel.cpp:207 wsd-00001-00001 2024-07-19 17:11:42.084734 +0200 [ coolwsd ] TRC ~SocketPoll [admin] destroying. Joining thread now.| net/Socket.cpp:250

-00001 2024-07-19 17:11:42.088280 +0200 [ coolwsd ] SIG Fatal signal received: SIGABRT code: 18446744073709551610 for address: 0x3e800000001 Recent activity: Backtrace 1 - wsd 24.04.5.2 14610dafc1: /usr/bin/coolwsd(_ZN7SigUtil13dumpBacktraceEv+0x7e)[0x555f0139e30e] /usr/bin/coolwsd(+0x3f671d)[0x555f0139e71d] /lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7fae72467520] /lib/x86_64-linux-gnu/libc.so.6(pthread_kill+0x12c)[0x7fae724bb9fc] /lib/x86_64-linux-gnu/libc.so.6(raise+0x16)[0x7fae72467476] /lib/x86_64-linux-gnu/libc.so.6(abort+0xd3)[0x7fae7244d7f3] /usr/bin/coolwsd(+0x1df955)[0x555f01187955] /lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7fae72467520] [0x555f040585c0]` This error is at this commit state but since commit 4346c2fdd307b6d38c6c2b533a4358c9024d7466: Online : 14610dafc1b0b267008c8812674c226390d72b62 Core : ef433cc3ac2b30e3504b9f623624fa93eb3fc49f Even if I launch the image in entrypoint , then run the .sh I get the same error. With for exemple `docker run -it --entrypoint sh id_image_docker` However configure.ac specify: /etc/coolwsd/cert.pem /etc/coolwsd/key.pem /etc/coolwsd/ca-chain.cert.pem Self-signed cert is located in docker images here: These files exist and are well generated after execut ./new.sh i my docker images. ![image](https://github.com/user-attachments/assets/5caca5a9-294e-4638-86c4-fdadf5eaae7e) By not changing any parameters, I manage to get a working docker image on the next commit (based on the evolution of the configure.ac file). dadebb1d468321021898a4cddef1246ac408dc36 and 3e771856a424befa59e5a880b073b371c96ad848 To do that an `git reset --hard dadebb1` In this case, my docker image is fully functional. How can I get a working docker image after commit 4346c2fdd307b6d38c6c2b533a4358c9024d7466 when previously the images produced did not have the error described in this issue. This error occurs even if you add --enable-experimental to ONLINE_EXTRA_BUILD_OPTIONS. I remain available for testing, Best regards, Jordan.
BigTwoProduction commented 2 months ago

Hello,

I found the problem, after the commit 4346c2fdd307b6d38c6c2b533a4358c9024d7466 it is necessary to have the following file /etc/ssl/certs/ca-certificates.crt in the produced image.

So you need to install ca-certificates. You need to add a package to this file /docker/from-source/Ubuntu file, and modify the line

RUN apt-get update && \ apt-get -y install libpng16-16 fontconfig adduser cpio tzdata \ findutils nano \ libcap2-bin openssl openssh-client inotify-tools procps \ libxcb-shm0 libxcb-render0 libxrender1 libxext6 \ fonts-wqy-zenhei fonts-wqy-microhei fonts-droid-fallback \ fonts-noto-cjk libnss3

libnss3 was added by myself.

By

RUN apt-get update && \ apt-get -y install libpng16-16 fontconfig adduser cpio tzdata \ findutils nano \ libcap2-bin openssl openssh-client inotify-tools procps \ libxcb-shm0 libxcb-render0 libxrender1 libxext6 \ fonts-wqy-zenhei fonts-wqy-microhei fonts-droid-fallback \ fonts-noto-cjk libnss3 ca-certificates

Once added, the image produced is functional. Am I right, or have I fixed the problem in a sneaky way?

Still available if needed. Best Regards, Jordan.

timur-g commented 1 month ago

https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile lists ca-certificates. Seems this can be closed, as there is not issue.

BigTwoProduction commented 1 month ago

ca-certificates is present in your file ok but i not make docker images from packages !

I'm surprised that this exit is closed, although I'd put effort into it and even found a solution to the problem, which proves that there is one. Did you read all the elements of my issue correctly?

When you make docker images from source, it seems logical to rely on the file as Ubuntu in the folder “from-source”. https://github.com/CollaboraOnline/online/blob/master/docker/from-source/Ubuntu not “from-package” https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile

I assure you that if you take the sources and compile them, As it's possible to do here, https://github.com/CollaboraOnline/online/blob/master/docker/from-source/build.sh you won't get a non-functional docker image. in https://github.com/CollaboraOnline/online/blob/master/docker/from-source/Ubuntu There is no ca-certificates.

Two different things, but I'm not going to go any further than that.