RichardKnop / go-oauth2-server

A standalone, specification-compliant, OAuth2 server written in Golang.
Mozilla Public License 2.0
2.12k stars 315 forks source link

docker build -t go-oauth2-server:latest SECURITY ERROR #78

Open paulomcnally opened 2 years ago

paulomcnally commented 2 years ago

docker build -t go-oauth2-server:latest .

docker build -t go-oauth2-server:latest .

Sending build context to Docker daemon  27.63MB
Step 1/14 : FROM golang
 ---> 260de46bdc85
Step 2/14 : MAINTAINER Richard Knop <risoknop@gmail.com>
 ---> Using cache
 ---> 609cb5e9632e
Step 3/14 : ENV PATH /go/bin:$PATH
 ---> Using cache
 ---> 54d9a5108814
Step 4/14 : RUN useradd --user-group --shell /bin/false app
 ---> Using cache
 ---> 0f813b75ffb7
Step 5/14 : WORKDIR /go/src/github.com/RichardKnop/go-oauth2-server
 ---> Using cache
 ---> 85e3cfda91e6
Step 6/14 : ADD . /go/src/github.com/RichardKnop/go-oauth2-server
 ---> Using cache
 ---> 7807613831a6
Step 7/14 : ENV GO111MODULE on
 ---> Using cache
 ---> 2092be8fad2d
Step 8/14 : RUN chown -R app:app /go/src/github.com/RichardKnop/go-oauth2-server/
 ---> Using cache
 ---> d407f812c5e2
Step 9/14 : RUN mkdir -p /home/app
 ---> Using cache
 ---> 3fc08458b50d
Step 10/14 : RUN chown app /home/app
 ---> Using cache
 ---> be49b7b211fd
Step 11/14 : USER app
 ---> Using cache
 ---> d3a24a326a67
Step 12/14 : RUN go install github.com/RichardKnop/go-oauth2-server
 ---> Running in 1ea57eedb658
go: downloading github.com/urfave/cli v0.0.0-20180106191048-75104e932ac2
go: downloading github.com/RichardKnop/go-fixtures v0.0.0-20181101035649-15577dcaa372
go: downloading github.com/gorilla/mux v1.7.0
go: downloading github.com/jinzhu/gorm v1.9.2
go: downloading github.com/phyber/negroni-gzip v0.0.0-20180113114010-ef6356a5d029
go: downloading github.com/urfave/negroni v1.0.0
go: downloading gopkg.in/tylerb/graceful.v1 v1.2.15
go: downloading gopkg.in/yaml.v2 v2.2.2
go: downloading github.com/coreos/etcd v3.3.12+incompatible
verifying github.com/coreos/etcd@v3.3.12+incompatible: checksum mismatch
    downloaded: h1:pAWNwdf7QiT1zfaWyqCtNZQWCLByQyA3JrSQyuYAqnQ=
    go.sum:     h1:5k8nkcBSvltjOO5RLflnXevOJXndlKIMbvVnMTX+cUU=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.
The command '/bin/sh -c go install github.com/RichardKnop/go-oauth2-server' returned a non-zero code: 1

github/paulomcnally/go-oauth2-server  master ✔  3.0.1
bartsimp commented 2 years ago

edit Dockerfile by adding a new line RUN go mod tidy just before lines # Install the api program RUN go install github.com/RichardKnop/go-oauth2-server

paulomcnally commented 2 years ago

@bartsimp

github/oauth2/go-oauth2-server  master ✗  3.0.1                                                                              1y149d ⚑
▶ docker-compose up
[+] Running 7/9
 ⠿ etcd Pulled                                                                                                                     7.3s
   ⠿ ff3a5c916c92 Pull complete                                                                                                    3.1s
   ⠿ 96b0e24539ea Pull complete                                                                                                    3.4s
   ⠿ d1eca4d01894 Pull complete                                                                                                    3.6s
   ⠿ ad732d7a61c2 Pull complete                                                                                                    3.6s
   ⠿ 8bc526247b5c Pull complete                                                                                                    3.7s
   ⠿ 5f56944bb51c Pull complete                                                                                                    5.0s
 ⠿ app Error                                                                                                                       2.2s
 ⠿ app_testdata Error                                                                                                              2.2s
Sending build context to Docker daemon   26.9MB
Step 1/15 : FROM golang
latest: Pulling from library/golang
e4d61adff207: Pull complete
4ff1945c672b: Pull complete
ff5b10aec998: Pull complete
12de8c754e45: Pull complete
8c86ff77a317: Pull complete
f81903f94b12: Pull complete
7a5cad44dc37: Pull complete
Digest: sha256:b5a9ae5907066849cbb2b47af93713b1f030e3eb6b36d84f2ae5f354b25c80d4
Status: Downloaded newer image for golang:latest
 ---> e76246e054d0
Step 2/15 : MAINTAINER Richard Knop <risoknop@gmail.com>
 ---> Running in 620b731cdb79
Removing intermediate container 620b731cdb79
 ---> 14ee257e8746
Step 3/15 : ENV PATH /go/bin:$PATH
 ---> Running in 7a20e2abaf1b
Removing intermediate container 7a20e2abaf1b
 ---> 0944cc096e3c
Step 4/15 : RUN useradd --user-group --shell /bin/false app
 ---> Running in be573bf5c8ae
Removing intermediate container be573bf5c8ae
 ---> 441d1b002824
Step 5/15 : WORKDIR /go/src/github.com/RichardKnop/go-oauth2-server
 ---> Running in df04bf2cd668
Removing intermediate container df04bf2cd668
 ---> ac19f05f0f08
Step 6/15 : ADD . /go/src/github.com/RichardKnop/go-oauth2-server
 ---> a8a2dcde1198
Step 7/15 : ENV GO111MODULE on
 ---> Running in 2f9a4145858d
Removing intermediate container 2f9a4145858d
 ---> 2da5aec7968d
Step 8/15 : RUN chown -R app:app /go/src/github.com/RichardKnop/go-oauth2-server/
 ---> Running in acefbc9ec75a
Removing intermediate container acefbc9ec75a
 ---> dda13402f048
Step 9/15 : RUN mkdir -p /home/app
 ---> Running in c5d28c4df106
Removing intermediate container c5d28c4df106
 ---> fbf60ad58317
Step 10/15 : RUN chown app /home/app
 ---> Running in 21f433e15121
Removing intermediate container 21f433e15121
 ---> e927d5c44eeb
Step 11/15 : USER app
 ---> Running in 9d8b43555e1d
Removing intermediate container 9d8b43555e1d
 ---> f1ed7310dfab
Step 12/15 : RUN go mod tidy
 ---> Running in 81ae9e25b1c8
go: downloading github.com/RichardKnop/go-fixtures v0.0.0-20181101035649-15577dcaa372
go: downloading github.com/gorilla/mux v1.7.0
go: downloading github.com/jinzhu/gorm v1.9.2
go: downloading github.com/phyber/negroni-gzip v0.0.0-20180113114010-ef6356a5d029
go: downloading github.com/urfave/negroni v1.0.0
go: downloading gopkg.in/tylerb/graceful.v1 v1.2.15
go: downloading github.com/urfave/cli v0.0.0-20180106191048-75104e932ac2
go: downloading github.com/coreos/etcd v3.3.12+incompatible
go: downloading github.com/lib/pq v1.0.0
verifying github.com/coreos/etcd@v3.3.12+incompatible: checksum mismatch
    downloaded: h1:pAWNwdf7QiT1zfaWyqCtNZQWCLByQyA3JrSQyuYAqnQ=
    go.sum:     h1:5k8nkcBSvltjOO5RLflnXevOJXndlKIMbvVnMTX+cUU=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.
Sending build context to Docker daemon   26.9MB
Step 1/3 : FROM quay.io/coreos/etcd
 ---> 61ad63875109
Step 2/3 : COPY ./docker-etcd-config-entrypoint.sh /
 ---> c3597ecd01c4
Step 3/3 : ENTRYPOINT ["/docker-etcd-config-entrypoint.sh"]
 ---> Running in 2ebfa648cd6e
Removing intermediate container 2ebfa648cd6e
 ---> e085b63adfcf
Successfully built e085b63adfcf
Successfully tagged go-oauth2-server_etcd_config:latest
1 error occurred:
    * Status: The command '/bin/sh -c go mod tidy' returned a non-zero code: 1, Code: 1

github/oauth2/go-oauth2-server  master ✗  3.0.
nozim commented 2 years ago

https://github.com/RichardKnop/go-oauth2-server/pull/81