Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Slim with --include-exe doesn't preserve the executable #724

Open
duncanmmacleod opened this issue Oct 17, 2024 · 8 comments
Open

Slim with --include-exe doesn't preserve the executable #724

duncanmmacleod opened this issue Oct 17, 2024 · 8 comments

Comments

@duncanmmacleod
Copy link

Expected Behavior

--include-exe=mkdir results in a slim image that includes mkdir without needing to specify any other --include-* options or --exec.

I'm sorry if this is 'user error' because I didn't read the manual properly.

Actual Behavior

--include-exe=mkdir seems to have no impact at all and creates an image that does not include mkdir.

Slim container contents (from docker export) 
.dockerenv
bin
dev/
dev/console
dev/pts/
dev/shm/
etc/
etc/host.conf
etc/hostname
etc/hosts
etc/mtab
etc/nsswitch.conf
etc/passwd
etc/pki/
etc/pki/ca-trust/
etc/pki/ca-trust/extracted/
etc/pki/ca-trust/extracted/openssl/
etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
etc/pki/ca-trust/extracted/pem/
etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
etc/pki/java/
etc/pki/java/cacerts
etc/pki/tls/
etc/pki/tls/cert.pem
etc/pki/tls/certs/
etc/pki/tls/certs/ca-bundle.crt
etc/pki/tls/certs/ca-bundle.trust.crt
etc/resolv.conf
etc/ssl/
etc/ssl/cert.pem
etc/ssl/certs/
etc/ssl/certs/ca-bundle.crt
lib
lib64
proc/
run/
sys/
tmp/
usr/
usr/bin/
usr/bin/bash
usr/bin/ld.so
usr/bin/sh
usr/lib/
usr/lib/.build-id/
usr/lib/.build-id/46/
usr/lib/.build-id/46/d8c77d92436bbcafcf16f6737ab9d6a16f3a38
usr/lib/.build-id/7a/
usr/lib/.build-id/7a/cbb41bf6f1b7d977f1b44675bf3ed213776835
usr/lib64/
usr/lib64/ld-linux-x86-64.so.2
usr/lib64/libc.so.6
usr/lib64/libnss_dns.so.2
usr/lib64/libnss_files.so.2
usr/lib64/libresolv.so.2
usr/lib64/libtinfo.so.6.2

Steps to Reproduce the Problem

The following bash script should reproduce things (based on Debian under WSL2):

#!/bin/bash
cat > Dockerfile << DOCKERFILE
FROM rockylinux:9
RUN dnf -qy install /usr/bin/mkdir
DOCKERFILE
docker run --rm \
  -v $(pwd):/code \
  -v /var/run/docker.sock:/var/run/docker.sock dslim/slim:1.40.11 \
  --crt-api-version 1.25 \
  build \
  --dockerfile Dockerfile \
  --dockerfile-context /code \
  --http-probe-off \
  --include-exe=mkdir \
  --tag test:slim

docker run --rm -it test:slim mkdir -pv /tmp/tmp/tmp

Specifications

  • Version: 1.40.11
  • Platform: Linux WR189341E94201 5.15.153.1-microsoft-standard-WSL2 #1 SMP Fri Mar 29 23:14:13 UTC 2024 x86_64 GNU/Linux (Docker version 27.2.0, build 3ab4256)
@kcq
Copy link
Member

kcq commented Oct 25, 2024

Maybe this could be Rockylinux-related... Still need to repro (hope to do it soon). In the meantime, you can use this test command to keep mkdir in ubuntu:22.04: mint slim --http-probe-off --include-shell --include-exe=mkdir ubuntu:22.04 and then you can verify that it's there with docker run -it ubuntu.slim mkdir -pv /tmp/tmp/tmp or you can docker run -it --rm ubuntu.slim bash and once inside you can use mkdir. Note that you probably want the --include-shell flag too. It's also good to use the latest release

@kcq
Copy link
Member

kcq commented Oct 25, 2024

It does appear to be rockylinux related :-) investigating...

@duncanmmacleod
Copy link
Author

It's also good to use the latest release

I thought I was, looking here. But I see that mint is a subtly different project. Can you explain (or point me at the explanation of) the relationship between slimtoolkit/slim and mintoolkit/mint?

@duncanmmacleod
Copy link
Author

duncanmmacleod commented Oct 25, 2024
edited
Loading

I confirm that in a debian:stable image, I do not see the same behaviour.

@duncanmmacleod
Copy link
Author

Note that if I do patch the bash script in the description to use mintoolkit/mint:1.41.7 I get the following error:

cmd=slim info=build.error status='standard.image.build.error' value='missing output stream'

This does not happen with 1.41.6. Happy to repost that as a separate issue over on the mint project if appropriate.

@duncanmmacleod
Copy link
Author

It does appear to be rockylinux related :-) investigating...

In case it helps I have reproduced the problem on all of the following

  • rockylinux:8
  • rockylinux:9
  • almalinux:8
  • almalinux:9
  • quay.io/centos/centos:stream9

so this seems to span all RHEL derivatives. I have not been able to reproduce on alpine:latest, archlinux:latest, or debian:stable.

@kcq
Copy link
Member

kcq commented Oct 25, 2024

thanks a lot for the extra info @duncanmmacleod !

@kcq
Copy link
Member

kcq commented Oct 25, 2024

Turns out the problem there is that on Rocky mkdir is not a binary executable. it's a wrapper shell script that points to an actual binary (#!/usr/bin/coreutils --coreutils-prog-shebang=mkdir).

A quick workaround there is to use these flags: --include-path=/usr/bin/mkdir, --include-bin=/usr/bin/coreutils

--include-shell tries to include ls (in addition to a few other shell commands), which is also a wrapper for /usr/bin/coreutils, so it's not kept for the same reason.

Hope to have an enhancement for this in the next version where it'll handle the wrapper scripts when binary files are expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kcq @duncanmmacleod and others