Segmentation Violation during Build

genuinetools / img

Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.

https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/

MIT License

3.89k stars 230 forks source link

Segmentation Violation during Build #252

Closed sh0rez closed 5 years ago

sh0rez commented 5 years ago

Hello!

I am trying to build the following Dockerfile: https://gist.github.com/sh0rez/fc85f27e0fa4e818b36dfce62998d283#file-dockerfile

However, img crashes with the following error message. https://gist.github.com/sh0rez/fc85f27e0fa4e818b36dfce62998d283#file-img-log-L319-L326

I can reproduce this on my local machine and on a clean Digitalocean droplet

issue-label-bot[bot] commented 5 years ago

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.90. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

sh0rez commented 5 years ago

Okay, I have figured out what causes this:

If I change FROM golang:1.11.4-stretch to FROM golang:1.11.4-alpine it works out. This is only required for the final stage. So it looks like the stretch image is causing problems with img. This Dockerfile is building fine using DOCKER_BUILDKIT=1 docker build.

Any ideas?

Update: debian:stretch does not work either. My img is not even able to build this basic image:

FROM debian:stretch
RUN apt update; apt install -y git

debian:buster and debian:jessie and also ubuntu:bionic are not working either

sh0rez commented 5 years ago

When using this Dockerfile, it happens sometimes:

FROM golang:alpine
RUN printf "http://dl-cdn.alpinelinux.org/alpine/edge/main\nhttp://dl-cdn.alpinelinux.org/alpine/edge/community" > /etc/apk/repositories
RUN apk upgrade --update-cache --available; apk add bash coreutils

sh0rez commented 5 years ago

This continues to occur, even inside of CircleCI.

As soon as I add bash or coreutils to the image, this happens sometimes.

This is a show stopper and I wonder what causes this. Any ideas @AkihiroSuda @jessfraz ?

sh0rez commented 5 years ago

And note this seems to happen on saving the image, but only if it's the final one.

This works:

FROM debian:stretch
RUN apt update; apt install -y git

FROM scratch
COPY --from=0 /etc /etc

while this doesn't:

FROM debian:stretch
RUN apt update; apt install -y git

This does work though:

FROM debian:stretch

sh0rez commented 5 years ago

Okay, this is actually the same as #250

0.5.6 and master are working fine