dockerfile: build fails due to missing agt_public_key file

[slawr]

Summary

Dockerfile fails to build due to missing agt_public_key file.

Source: https://github.com/w3c/automotive-viss2/blob/852b779dfd8ff552f8e2b5cc96cac4472ba85fe4/Dockerfile#L82

Example failure:

~/genivi/cdsp/cdsp/docker$ sudo docker compose -f docker-compose-waii-iotdb.yml build vissv2server
[sudo] password for steve: 
[+] Building 101.2s (34/34) FINISHED                                                            docker:default
 => [vissv2server internal] load build definition from Dockerfile                                         0.0s
 => => transferring dockerfile: 3.09kB                                                                    0.0s
 => [vissv2server internal] load .dockerignore                                                            0.0s
 => => transferring context: 2B                                                                           0.0s
 => [vissv2server internal] load metadata for docker.io/library/golang:latest                             0.8s
 => [vissv2server internal] load metadata for docker.io/library/golang:1.21-bookworm                      0.8s
 => [vissv2server builder  1/18] FROM docker.io/library/golang:latest@sha256:58e14a93348a3515c2becc54ebd  0.0s
 => => resolve docker.io/library/golang:latest@sha256:58e14a93348a3515c2becc54ebd35302128225169d166b7c68  0.0s
 => [vissv2server internal] load build context                                                            0.0s
 => => transferring context: 31.63kB                                                                      0.0s
 => [vissv2server vissv2server  1/11] FROM docker.io/library/golang:1.21-bookworm@sha256:a6b787c7f9046e  38.1s
 => => resolve docker.io/library/golang:1.21-bookworm@sha256:a6b787c7f9046e3fdaa97bca1f76fd23ff4108f612d  0.0s
 => => sha256:a6b787c7f9046e3fdaa97bca1f76fd23ff4108f612de885e1af87e0dccc02f99 1.86kB / 1.86kB            0.0s
 => => sha256:262779cc8c42b29f60fc29fe2f5ae7db88824ac478972a49a7133695edad9475 7.22kB / 7.22kB            0.0s
 => => sha256:d3a767d1d12e57724b9f254794e359f3b04d4d5ad966006e5b5cda78cc382762 64.13MB / 64.13MB         10.0s
 => => sha256:c485c19781bc450b984ab7d961f364560ce2942f1905ca8cb99031a0bc84283b 1.58kB / 1.58kB            0.0s
 => => sha256:90e5e7d8b87a34877f61c2b86d053db1c4f440b9054cf49573e3be5d6a674a47 49.58MB / 49.58MB         27.0s
 => => sha256:27e1a8ca91d35598fbae8dee7f1c211f0f93cec529f6804a60e9301c53a604d0 24.05MB / 24.05MB         19.6s
 => => sha256:863cc4143efa80b93b0667c8315f58718c7bcf46d150db44c6569b20c3519924 92.33MB / 92.33MB         32.6s
 => => sha256:955ef18cc5e988d3d418e57fef589790d408db5c4d211701dc550e0c649a73b6 66.98MB / 66.98MB         33.9s
 => => extracting sha256:90e5e7d8b87a34877f61c2b86d053db1c4f440b9054cf49573e3be5d6a674a47                 1.8s
 => => sha256:9f24b9e9063a9b809b92bca3a8b28f9824ee9637360c42dd1f3261b6790ce904 155B / 155B               27.3s
 => => extracting sha256:27e1a8ca91d35598fbae8dee7f1c211f0f93cec529f6804a60e9301c53a604d0                 0.6s
 => => extracting sha256:d3a767d1d12e57724b9f254794e359f3b04d4d5ad966006e5b5cda78cc382762                 2.4s
 => => extracting sha256:863cc4143efa80b93b0667c8315f58718c7bcf46d150db44c6569b20c3519924                 2.3s
 => => extracting sha256:955ef18cc5e988d3d418e57fef589790d408db5c4d211701dc550e0c649a73b6                 2.9s
 => => extracting sha256:9f24b9e9063a9b809b92bca3a8b28f9824ee9637360c42dd1f3261b6790ce904                 0.0s
 => [vissv2server builder  2/18] WORKDIR /build                                                           0.4s
 => [vissv2server vissv2server  2/11] RUN mkdir transport_sec                                             0.7s
 => [vissv2server builder  3/18] RUN mkdir bin                                                            0.3s
 => [vissv2server builder  4/18] COPY testCredGen/cicso-umbrella/cisco.crt /usr/local/share/ca-certifica  0.1s
 => [vissv2server vissv2server  3/11] WORKDIR /app                                                        0.1s
 => [vissv2server builder  5/18] RUN update-ca-certificates                                               1.0s
 => [vissv2server vissv2server  4/11] RUN mkdir /app/atServer                                             0.5s
 => [vissv2server builder  6/18] COPY redis/redis.conf ./etc/                                             0.0s
 => [vissv2server builder  7/18] COPY client/ ./client                                                    0.1s
 => [vissv2server builder  8/18] COPY feeder/ ./feeder                                                    0.0s
 => [vissv2server builder  9/18] COPY server/ ./server                                                    0.1s
 => [vissv2server builder 10/18] COPY grpc_pb/ ./grpc_pb                                                  0.0s
 => [vissv2server builder 11/18] COPY protobuf/ ./protobuf                                                0.0s
 => [vissv2server builder 12/18] COPY utils ./utils                                                       0.0s
 => [vissv2server builder 13/18] COPY go.mod go.sum ./                                                    0.1s
 => [vissv2server builder 14/18] RUN ls -a etc/                                                           0.2s
 => [vissv2server builder 15/18] COPY testCredGen/ca transport_sec/ca                                     0.1s
 => [vissv2server builder 16/18] COPY testCredGen/server transport_sec/server                             0.0s
 => [vissv2server builder 17/18] COPY testCredGen/client transport_sec/client                             0.0s
 => [vissv2server builder 18/18] RUN go build -v -o ./bin ./...                                          59.5s
 => CACHED [vissv2server vissv2server  5/11] COPY --from=builder /build/bin/vissv2server .                0.0s
 => CACHED [vissv2server vissv2server  6/11] COPY --from=builder /build/server/transport_sec/transportSe  0.0s
 => CACHED [vissv2server vissv2server  7/11] COPY --from=builder /build/server/vissv2server/atServer/pur  0.0s
 => CACHED [vissv2server vissv2server  8/11] COPY --from=builder /build/server/vissv2server/atServer/sco  0.0s
 => CACHED [vissv2server vissv2server  9/11] COPY --from=builder /build/server/vissv2server/feeder-regis  0.0s
 => CACHED [vissv2server vissv2server 10/11] COPY --from=builder /build/server/vissv2server/vss_vissv2.b  0.0s
 => ERROR [vissv2server vissv2server 11/11] COPY --from=builder /build/server/agt_server/agt_public_key.  0.0s
------
 > [vissv2server vissv2server 11/11] COPY --from=builder /build/server/agt_server/agt_public_key.rsa .:
------
failed to solve: failed to compute cache key: failed to calculate checksum of ref 7584edbc-789e-4320-913c-77201ba22a22::ten76rtk3emqreckqkw9svr0j: "/build/server/agt_server/agt_public_key.rsa": not found

Notes

Search of source https://github.com/search?q=repo%3Aw3c%2Fautomotive-viss2%20agt_public_key&type=code results in some references to directory in which it resides and the following tutorial note: https://github.com/w3c/automotive-viss2/blob/852b779dfd8ff552f8e2b5cc96cac4472ba85fe4/tutorial/content/peripheral-components/_index.md?plain=1#L25

Have not found documentation for generating it in a Docker build context or how to do it manually as a workaround.

[UlfBj]

@petervolvowinz can you have a look at this?

[petervolvowinz]

Should already be fixed. Skickat från min iPhone

10 dec. 2023 kl. 4:33 em skrev Ulf Björkengren @.***>:



@petervolvowinzhttps://github.com/petervolvowinz can you have a look at this?

— Reply to this email directly, view it on GitHubhttps://github.com/w3c/automotive-viss2/issues/88#issuecomment-1848997564, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANIH3STLEBUAZXHHE6LQLCTYIXI57AVCNFSM6AAAAABANDX6AKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBYHE4TONJWGQ. You are receiving this because you were mentioned.Message ID: @.***>

[petervolvowinz]

Ok, will add documentation. The Access Token server is depending on the generated AGT servers public key. These are generated by the AGT application if not present. The file is "manually" copied to the viss servers' docker build. I will make a note of this for now.

[petervolvowinz]

OK, close this one.

[slawr]

Hi, great turnaround time on the issues I raised Friday. Thanks.

Phase 1 for the Playground is to create a PoC to allow the participants to understand the components and to build better in follow on phases. So looking at #91 and the readme description of AGT stating its role in offboard access control it seems in the short term at least the way to go would be to fork the WAII Dockerfile and comment out the key copy. Would you agree?

I see this issue has been closed. How will we track the task to fix the key generation for docker deployment or am I missing something in #91 that addresses it?

[petervolvowinz]

Yes, I agree.

I am currently doing an investigation on Access control and will be running this with Docker on a piece of hw in-vehicle, so I have been adding stuff just to get it running. Access control should come as a next step, like “ btw if you do this you can have a role based access control, do this…blab la ”. To get people interested I think it just complicate things. . Br Peter W

From: Stephen Lawrence @.> Date: Monday, December 11, 2023 at 12:46 PM To: w3c/automotive-viss2 @.> Cc: Winzell, Peter @.>, State change @.> Subject: Re: [w3c/automotive-viss2] dockerfile: build fails due to missing agt_public_key file (Issue #88)

Hi, great turnaround time on the issues I raised Friday.

Phase 1 for the Playgroundhttps://wiki.covesa.global/display/WIK4/Central+Data+Service+Playground?src=sidebar is to create a PoC to allow the participants to understand the components and to build better in follow on phases. So looking at #91https://github.com/w3c/automotive-viss2/pull/91 and the readme description of AGT stating its role in offboard access control it seems in the short term at least the way to go would be to fork the WAII Dockerfile and comment out the key copy. Would you agree?

I see this issue has been closed. How will we track the task to fix the key generation for docker deployment or am I missing something in #91https://github.com/w3c/automotive-viss2/pull/91 that addresses it?

— Reply to this email directly, view it on GitHubhttps://github.com/w3c/automotive-viss2/issues/88#issuecomment-1849909233, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANIH3SSETISMXCZBNBBEHDTYI3XA3AVCNFSM6AAAAABANDX6AKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBZHEYDSMRTGM. You are receiving this because you modified the open/close state.Message ID: @.***>

[slawr]

Yeah I was tempted to fudge the keys but then started to wonder if it might quickly become a barrier if people were trying to connect clients in a simple way early on and were getting access issues. Hence my thought about disabling.

OK I'll do that then. I'll comment out the key copy in the Dockerfile in the short term. That's an easy rebase if the upstream changes.

Just my opinion, but if this ticket remains closed I would suggest adding something to the task backlog (github issue or whatever the project is using for proj mgt) to address making that part of the Dockerfile optional. In part because the current default leads to a build error. I would be happy to try and contribute to that in the new year. I would have done something here but I'm time constrained this week and I don't fully understand the implementation picture it should fit into. Docker profiles could be used for example to control it.

Anyway thanks for the help in keeping me moving.