search

cerebrate-project / cerebrate

Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools.
https://www.cerebrate-project.org/
GNU Affero General Public License v3.0
82 stars 16 forks source link

Docker image v1.6 seems broken #100

Open remil1000 opened 2 years ago

remil1000 commented 2 years ago

When using published v1.6 ghcr.io/cerebrate-project/cerebrate:v1.6 can't get the homepage to load, I only get

Deprecated: Use of `BaseErrorHandler` and subclasses are deprecated. Upgrade to the new `ErrorTrap` and `ExceptionTrap` subsystem. See https://book.cakephp.org/4/en/appendices/4-4-migration-guide.html /var/www/html/config/bootstrap.php, line: 137 You can disable all deprecation warnings by setting `Error.errorLevel` to `E_ALL & ~E_USER_DEPRECATED`. Adding `config/bootstrap.php` to `Error.ignoredDeprecationPaths` in your `config/app.php` config will mute deprecations from that file only. in /var/www/html/vendor/cakephp/cakephp/src/Core/functions.php on line 321
Deprecated (16384) : Registering multiple methods with an event is deprecated. Assign a single method and call others from it. /var/www/html/vendor/cakephp/cakephp/src/Event/EventManager.php, line: 102 You can disable all deprecation warnings by setting `Error.errorLevel` to `E_ALL & ~E_USER_DEPRECATED`. Adding `vendor/cakephp/cakephp/src/Event/EventManager.php` to `Error.ignoredDeprecationPaths` in your `config/app.php` config will mute deprecations from that file only. [in /var/www/html/vendor/cakephp/cakephp/src/Core/functions.php, line 321]
Warning (512) : Unable to emit headers. Headers sent in file=/var/www/html/vendor/cakephp/cakephp/src/Core/functions.php line=321 [in /var/www/html/vendor/cakephp/cakephp/src/Http/ResponseEmitter.php, line 71]
Warning (2) : Cannot modify header information - headers already sent by (output started at /var/www/html/vendor/cakephp/cakephp/src/Core/functions.php:321) [in /var/www/html/vendor/cakephp/cakephp/src/Http/ResponseEmitter.php, line 168]
Warning (2) : Cannot modify header information - headers already sent by (output started at /var/www/html/vendor/cakephp/cakephp/src/Core/functions.php:321) [in /var/www/html/vendor/cakephp/cakephp/src/Http/ResponseEmitter.php, line 197]
Warning (2) : Cannot modify header information - headers already sent by (output started at /var/www/html/vendor/cakephp/cakephp/src/Core/functions.php:321) [in /var/www/html/vendor/cakephp/cakephp/src/Http/ResponseEmitter.php, line 197]
Warning (2) : Cannot modify header information - headers already sent by (output started at /var/www/html/vendor/cakephp/cakephp/src/Core/functions.php:321) [in /var/www/html/vendor/cakephp/cakephp/src/Http/ResponseEmitter.php, line 236]

but still with a 200 http status code

It seems this what introduced between v1.5 and v1.6

I tried to rebuild image v1.5 and v1.6 locally and got the same issue Fetched the v1.5 image composer.lock file and rebuilt images (v1.5 and v1.6) and problem is gone

I would advise to ship the composer.lock file in the repository to avoid future similar issue

Attached are the two composer.lock file, working, and not working one from image ghcr.io/cerebrate-project/cerebrate:v1.5 and the other from ghcr.io/cerebrate-project/cerebrate:v1.6

nok-composer.lock.txt ok-composer.lock.txt

iglocska commented 2 years ago

The issue comes from a deprecation in CakePHP 4.4:

https://book.cakephp.org/4.next/en/appendices/4-4-migration-guide.html#errorhandler-consoleerrorhandler

Since we don't pin the Cake version, the release of 4.4 started causing the warnings.

iglocska commented 2 years ago

Also, my guess is that debug mode is enabled, otherwise those messages shouldn't be emitted at all.

remil1000 commented 2 years ago

That's quite interesting

https://github.com/cerebrate-project/cerebrate/blob/main/composer.json#L12 - should be using version 4.3

However it's not honored in the v1.6 container

$ docker run --rm -it --entrypoint /bin/bash ghcr.io/cerebrate-project/cerebrate:v1.6
www-data@53fc193afece:~/html$ grep 'cake.*4.3' composer.json 
        "cakephp/cakephp": "^4.3",
www-data@53fc193afece:~/html$ grep 'cake.*4.4.0' composer.lock  
                "cakephp/cakephp": "^4.4.0",
iglocska commented 2 years ago

That's interesting o.O

remil1000 commented 2 years ago

actually it's per composer specification

https://getcomposer.org/doc/articles/versions.md#caret-version-range-

The ^ operator behaves very similarly, but it sticks closer to semantic versioning, and will always allow non-breaking updates. For example ^1.2.3 is equivalent to >=1.2.3 <2.0.0

iglocska commented 2 years ago

Interesting, though it makes sense. Either way, good idea for us to nip it in the bud as soon as possible and align with 4.4.

remil1000 commented 2 years ago

the following change in the composer.json made the trick

-        "cakephp/cakephp": "^4.3",
+        "cakephp/cakephp": ">=4.3.0 <4.4",

I'm not sure I understand the way ~ or ^ are working with composer

although shipping the composer.lock is ultimately the best way to proceed