Anyone here care to check what's going on with the docker build on CI?
initial analysis: it appears that some change (best I have at the moment) between alpine 3.15 and 3.16 broke the build... I pulled out just the RUN apk... line from Dockerfile.alpine, and that builds from alpine 3.15, but bombs with the same error when built from 3.16 - currently looking for 3.16 release notes to determine if the separate glibc install can be removed, or if there's some extra admin needed
I'm not amazing with linux/docker, but... it appears that alpine 3.15 doesn't have an /etc/nsswitch.conf file in its base layout, but 3.16 does, and the glibc apk install tries to overwrite that file, which fails because the file is 'owned' by the base layout (the error in the build log).
Presumably a short-term "get stuff working again" fix would be to tweak Dockerfile.alpine to build from apline:3.15. I'm still kind of digging around for how to actually address the apk install failure.
from what I can find, seems like sort of a trade-off decision at the moment: <https://github.com/sgerrand/alpine-pkg-glibc/issues/185> leans toward allowing the file overwrite, so the choices I'm aware of atm: • build from alpine 3.15 - puts the build behind the latest version of alpine, keeps the build 'clean' • use force overwite in apk install - error becomes a warning, slight security risk (if the glibc package were compromised it could overwrite other system files) I would sort of doubt that alpine will get rid of the nsswitch file in the near future, so I think using the force overwrite probably has the better chance of being undoable if the glibc package gets updated to not include the nsswitch file in a future release (at which point, the build would be back to 'clean' and current)
I haven't looked into this but what is the reason that something changed in our docker image - do we have something unversioned?
Dockerfile.alpine builds from "alpine:3", which appears to be "the latest minor under the 3 major", so when 3.16 was released, "alpine:3" became 3.16 instead of 3.15, so it's 'semi-versioned'™️
let's go with --force-overwrite
cc @rahul080327
I have some weirdness building the docker setup (I think because of running docker in a WSL VM), so I'll submit the PR in a few minutes here, but I'm currently unable to really fully test it out (shameless disclaimer) 🙂
Thanks a lot!
I merged it, we'll see how it goes :)
it looks like the build succeeded - would you like me to open a tracking issue for updates to the glibc package or anything? e.g. if a newer alpine glibc pkg gets released without the problematic file, we could test out updating the pkg and removing the overwrite flag
maybe just add a comment to the docker file
interesting and unfortunate error! thanks a lot @highpressurecarsalesm! yeah i think this solution is better but also would add a TODO with the issue link to remove it at some point. not sure if the overwrite causes some issues down the line?
id like to stick to specific versions of alpine but would also like to keep up with updates like this big openssl bug recently
@borkdude i have subscribed to the issue on the glibc repo and would address it when its resolved. i'd really like to add a TODO on the docker file, should i do it directly on master with a [skip ci] ?
Yes please :)
done
thank you for adding the comment - I wasn't shirking it, but I was working on some add'l lib tests to make the PR worth borkdude's time (didn't want to do a PR just for a comment) 🙂
Yep, pretty much why I wanted to commit directly on master as well 😄