search

aws / aws-nitro-enclaves-cli

Tooling for Nitro Enclave Management
Apache License 2.0
116 stars 78 forks source link

Failures when building images with newer versions of the docker API #537

Closed jalaziz closed 3 months ago

jalaziz commented 9 months ago

This project uses the shiplift crate to help access the Docker API in Rust. Unfortunately, the crate has not been updated to support newer versions of the Docker API. When attempting to build an enclave image using newer Docker API versions, the image build fails with:

[ E50 ] Docker image pull error. Such error appears when trying to build an EIF file, but pulling the corresponding docker image fails. In this case, the error backtrace provides detailed informatino on the failure reason.

I have traced this to shiplift not supporting the latest changes in the Docker API. This can be easily reproduced by testing with a newer version of Docker Desktop using the containerd image store.

Given that the shiplift crate has not been updated in some time, it may be best to replace the dependency.

gram-signal commented 5 months ago

Ran into this with the most recent released version of docker on Ubuntu 22.04 not being able to work with nitro-cli anymore. Prior to this, I was building my docker container in Ubuntu, then running nitro-cli within a container with -v /var/run/docker.sock:/var/run/docker.sock to expose the image for building. This no longer works, with the above error. Downgrading docker on Ubuntu to 5:23.0.0-1~ubuntu.22.04~jammy has allowed me to work around this for the moment. If you're like me and need to know how to do this, see the https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository instructions clicking the Specific version tab in step 2.

jplock commented 4 months ago

I'm consistently running into this with the latest version of Docker available on AmazonLinux2023

[ec2-user@i-xxxxxxx]$ docker version
Client:
 Version:           25.0.3
 API version:       1.44
 Go version:        go1.20.12
 Git commit:        4debf41
 Built:             Mon Feb 12 00:00:00 2024
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          25.0.3
  API version:      1.44 (minimum version 1.24)
  Go version:       go1.20.12
  Git commit:       f417435
  Built:            Mon Feb 12 00:00:00 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.11
  GitCommit:        64b8a811b07ba6288238eefc14d898ee0b5b99ba
 runc:
  Version:          1.1.11
  GitCommit:        4bccb38cc9cf198d52bebf2b3a90cd14e7af8c06
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
jplock commented 4 months ago

Confirmed that downgrading to Docker 24 (dnf downgrade docker), fixed the issue for me:

Client:
 Version:           24.0.5
 API version:       1.43
 Go version:        go1.20.10
 Git commit:        ced0996
 Built:             Tue Nov 14 00:00:00 2023
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          24.0.5
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.10
  Git commit:       a61e2b4
  Built:            Tue Nov 14 00:00:00 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.11
  GitCommit:        64b8a811b07ba6288238eefc14d898ee0b5b99ba
 runc:
  Version:          1.1.11
  GitCommit:        4bccb38cc9cf198d52bebf2b3a90cd14e7af8c06
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
meerd commented 4 months ago

We acknowledge this issue and will provide a fix soon. Currently, the only workaround is downgrading to Docker V24. @jalaziz

jalaziz commented 4 months ago

@meerd I've been working on a fix for this already. I've pushed it to #594. It's currently untested, but will be testing it soon.

meerd commented 3 months ago

@jalaziz Thank you for your valuable contribution to the project! It seems we were both working on the same issue concurrently, and I apologize for not noticing your submission earlier. 😊 I have reverted my changes and cherry-picked your commit into this pull request #595, with some minor modifications.

If you don't mind, I would like to continue working on my branch as I need to perform additional testing. Thank you again for your collaboration and understanding!

-Erdem

jalaziz commented 3 months ago

@jalaziz Thank you for your valuable contribution to the project! It seems we were both working on the same issue concurrently, and I apologize for not noticing your submission earlier. 😊 I have reverted my changes and cherry-picked your commit into this pull request #595, with some minor modifications.

If you don't mind, I would like to continue working on my branch as I need to perform additional testing. Thank you again for your collaboration and understanding!

-Erdem

I don't mind at all! Just wanted to help 🙏🏼

volphy commented 2 months ago

When will the RPM package in Amazon Linux 2023 be available?

volphy commented 2 months ago

It has been added to the latest AL 2023 release: https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes-2023.4.20240513.html#major-updates-2023.4.20240513

erickearns commented 2 months ago

It looks like the images on docker are several releases behind: https://hub.docker.com/_/amazonlinux