search

wader / static-ffmpeg

Multi-arch docker image with ffmpeg/ffprobe binaries built as hardened static PIE binaries with no external dependencies
https://hub.docker.com/r/mwader/static-ffmpeg/
MIT License
255 stars 62 forks source link

/checkelf: not found #368

Closed danbo closed 9 months ago

danbo commented 10 months ago

After solving #367, I ran into this issue:

...
 => CACHED [builder 48/49] COPY checkelf /                                                                                                                                               0.0s
 => ERROR [builder 49/49] RUN   /checkelf /usr/local/bin/ffmpeg &&   /checkelf /usr/local/bin/ffprobe                                                                                    0.3s
------
 > [builder 49/49] RUN   /checkelf /usr/local/bin/ffmpeg &&   /checkelf /usr/local/bin/ffprobe:
0.282 /bin/sh: /checkelf: not found
------
Dockerfile:901
--------------------
 900 |     COPY checkelf /
 901 | >>> RUN \
 902 | >>>   /checkelf /usr/local/bin/ffmpeg && \
 903 | >>>   /checkelf /usr/local/bin/ffprobe
 904 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c /checkelf /usr/local/bin/ffmpeg &&   /checkelf /usr/local/bin/ffprobe" did not complete successfully: exit code: 127

I was able to solve this by dos2unix-ing the checkelf file and re-running the build:

$ dos2unix checkelf
...
 => CACHED [builder 48/49] COPY checkelf /                                                                                                                                               0.0s
 => [builder 49/49] RUN   /checkelf /usr/local/bin/ffmpeg &&   /checkelf /usr/local/bin/ffprobe                                                                                          0.4s
 => [final1 1/9] COPY --from=builder /versions.json /usr/local/bin/ffmpeg /usr/local/bin/ffprobe /                                                                                       0.9s
 => [final1 2/9] COPY --from=builder /usr/local/share/doc/ffmpeg/* /doc/                                                                                                                 0.1s
 => [final1 3/9] COPY --from=builder /etc/ssl/cert.pem /etc/ssl/cert.pem                                                                                                                 0.0s
 => [final1 4/9] RUN ["/ffmpeg", "-version"]                                                                                                                                             0.3s
 => [final1 5/9] RUN ["/ffprobe", "-version"]                                                                                                                                            0.3s
 => [final1 6/9] RUN ["/ffmpeg", "-hide_banner", "-buildconf"]                                                                                                                           0.3s
 => [final1 7/9] RUN ["/ffmpeg", "-f", "lavfi", "-i", "testsrc", "-c:v", "libsvtav1", "-t", "100ms", "-f", "null", "-"]                                                                  0.9s
 => [final1 8/9] RUN ["/ffprobe", "-i", "https://github.com/favicon.ico"]                                                                                                                0.6s
 => [final1 9/9] RUN ["/ffprobe", "-tls_verify", "1", "-ca_file", "/etc/ssl/cert.pem", "-i", "https://github.com/favicon.ico"]                                                           0.5s
 => [final2 1/1] COPY --from=final1 / /                                                                                                                                                  0.9s
 => exporting to image                                                                                                                                                                   1.0s
 => => exporting layers                                                                                                                                                                  1.0s
 => => writing image sha256:cb80d2f0dbc0ff79a6a93b71e3606b56777f0604e34b85fa9bd43accbf5902f0                                                                                             0.0s
 => => naming to docker.io/danbo/ffmpeg-static:6.1
wader commented 10 months ago

Huh the script for reason uses windows line ending? when i check it seems to use unix line ending "\n" (0xa):

$ hexdump -C checkelf | head -1
00000000  23 21 2f 62 69 6e 2f 73  68 0a 73 65 74 20 2d 65  |#!/bin/sh.set -e|

Could it be git playing tricks on us changing the line ending to windows?

danbo commented 9 months ago

hmm - this is on linux:

$ hexdump -C checkelf | head -1
00000000  23 21 2f 62 69 6e 2f 73  68 0d 0a 73 65 74 20 2d  |#!/bin/sh..set -|

https://git-scm.com/book/en/v2/Customizing-Git-Git-Configuration

$ git config --global core.autocrlf
true
$ git config core.autocrlf
true

What does your git config say?

wader commented 9 months ago

Hmm empty. This is on macOS, git version 2.42.1, i'm using docker desktop 4.23.0 (120376)

➜  static-ffmpeg git:(master) ✗ git config --global core.autocrlf
➜  static-ffmpeg git:(master) ✗ git config core.autocrlf

➜  static-ffmpeg git:(master) ✗ git ls-tree HEAD
040000 tree 29f55a374cb1a0ca551dd3741b6ce4606f0dbed7    .github
100644 blob 94143827ed065ca0d7d5be1b765d255c5c32cd9a    Bumpfile
100644 blob f3fc603f3f915f96e408152daea3fdf070329a2a    Dockerfile
100644 blob 7680014da05e351ef9f0ebb11d6c101a85f061db    LICENSE
100644 blob 7c2d796e1e164a1cbdc188d8ea65d4d102aa6885    README.md
100755 blob b0d5a0df2357ff5f1eb3e5134ce3cab7ed87d518    checkelf
100755 blob 0b81608e7e5dcca66ed0ac378ab7a5050e8a0a3a    hashupdate
➜  static-ffmpeg git:(master) ✗ git cat-file -p b0d5a0df2357ff5f1eb3e5134ce3cab7ed87d518 | hexdump -C| head -n 1
00000000  23 21 2f 62 69 6e 2f 73  68 0a 73 65 74 20 2d 65  |#!/bin/sh.set -e|

No idea what is going on. Could you hexdump checkelf from inside the container?

wader commented 9 months ago

Is it possible to reproduce this from an empty directory by creating a new dummy shells script and a Dockerfile with same base image with just COPY/RUN?

danbo commented 9 months ago

Looks like the issue is on my side, I'm not sure when/why my autocrlf was set to true, but for Mac and Linux it should be 'input' as per the GitHub docs

By default, it appears to be false: source 1, source 2

ps, this is how i verifed:

docker run --rm --name static-ffmpeg-test -it alpine:3.18.4 /bin/ash

then inside the container:

apk update
apk add git
echo autocrlf global: $(git config --global core.autocrlf)
cd tmp
git clone https://github.com/wader/static-ffmpeg.git
hexdump -C static-ffmpeg/checkelf | head -1
rm -rf static-ffmpeg
git config --global core.autocrlf true
git clone https://github.com/wader/static-ffmpeg.git
hexdump -C static-ffmpeg/checkelf | head -1

output:

/ # apk update
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/x86_64/APKINDEX.tar.gz

fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/x86_64/APKINDEX.tar.gz
v3.18.4-236-g33d1fef0e6f [https://dl-cdn.alpinelinux.org/alpine/v3.18/main]
v3.18.4-235-g6b65dd40013 [https://dl-cdn.alpinelinux.org/alpine/v3.18/community]
OK: 20076 distinct packages available
/ # apk add git
(1/9) Installing ca-certificates (20230506-r0)
(2/9) Installing brotli-libs (1.0.9-r14)
(3/9) Installing libunistring (1.1-r1)
(4/9) Installing libidn2 (2.3.4-r1)
(5/9) Installing nghttp2-libs (1.57.0-r0)
(6/9) Installing libcurl (8.4.0-r0)
(7/9) Installing libexpat (2.5.0-r1)
(8/9) Installing pcre2 (10.42-r1)
(9/9) Installing git (2.40.1-r0)
Executing busybox-1.36.1-r2.trigger
Executing ca-certificates-20230506-r0.trigger
OK: 18 MiB in 24 packages
/ # echo autocrlf global: $(git config --global core.autocrlf)
autocrlf global:
/ # cd tmp
/tmp # git clone https://github.com/wader/static-ffmpeg.git
Cloning into 'static-ffmpeg'...
remote: Enumerating objects: 1974, done.
remote: Counting objects: 100% (383/383), done.
remote: Compressing objects: 100% (219/219), done.
remote: Total 1974 (delta 214), reused 268 (delta 163), pack-reused 1591
Receiving objects: 100% (1974/1974), 469.97 KiB | 2.49 MiB/s, done.
Resolving deltas: 100% (1096/1096), done.
/tmp # hexdump -C static-ffmpeg/checkelf | head -1
00000000  23 21 2f 62 69 6e 2f 73  68 0a 73 65 74 20 2d 65  |#!/bin/sh.set -e|
/tmp # rm -rf static-ffmpeg
/tmp # git config --global core.autocrlf true
/tmp # git clone https://github.com/wader/static-ffmpeg.git
Cloning into 'static-ffmpeg'...
remote: Enumerating objects: 1974, done.
remote: Counting objects: 100% (383/383), done.
remote: Compressing objects: 100% (219/219), done.
remote: Total 1974 (delta 214), reused 268 (delta 163), pack-reused 1591
Receiving objects: 100% (1974/1974), 469.97 KiB | 3.59 MiB/s, done.
Resolving deltas: 100% (1096/1096), done.
/tmp # hexdump -C static-ffmpeg/checkelf | head -1
00000000  23 21 2f 62 69 6e 2f 73  68 0d 0a 73 65 74 20 2d  |#!/bin/sh..set -|
wader commented 9 months ago

👍 Part of the mystery solved at least. Been there done that also, i commited as author bot@github.com for a few days until i noticed it, think i had accidentally ran som CI script locally :)