Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Confirm validity of downloaded FTL binary when building #1643

Merged
merged 1 commit into from
Sep 11, 2024
Merged

Confirm validity of downloaded FTL binary when building #1643

merged 1 commit into from
Sep 11, 2024

Conversation

PromoFaux
Copy link
Member

What does this PR aim to accomplish?:

Addresses comment by @DL6ER here pi-hole/FTL#2035 (comment)

The Dockerfile had a readelf command to check the downloaded binary was a binary, but really we should be hard existing if it is invalid.

Adds some additional output to the build.sh to inform the user that something went wrong, or indeed that everything is OK.

Successful build 
adam@adam-pc:~/repos/docker-pi-hole$ ./build.sh
Executing command: docker buildx build src/. --tag pihole:local --load --no-cache
[+] Building 5.3s (19/19) FINISHED                                                                                                                                                 docker:default
 => [internal] load build definition from Dockerfile                                                                                                                                         0.0s
 => => transferring dockerfile: 4.09kB                                                                                                                                                       0.0s
 => resolve image config for docker-image://docker.io/docker/dockerfile:1                                                                                                                    0.6s
 => CACHED docker-image://docker.io/docker/dockerfile:1@sha256:865e5dd094beca432e8c0a1d5e1c465db5f998dca4e439981029b3b81fb39ed5                                                              0.0s
 => [internal] load metadata for docker.io/library/alpine:3.20                                                                                                                               0.5s
 => [internal] load .dockerignore                                                                                                                                                            0.0s
 => => transferring context: 82B                                                                                                                                                             0.0s
 => CACHED [base 1/9] FROM docker.io/library/alpine:3.20@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d                                                             0.0s
 => CACHED [base 3/9] ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db                                                                                                                 0.0s
 => [internal] load build context                                                                                                                                                            0.0s
 => => transferring context: 98B                                                                                                                                                             0.0s
 => CACHED [base 5/9] ADD --chmod=0755 https://raw.githubusercontent.com/pi-hole/PADD/development/padd.sh /usr/local/bin/padd                                                                0.0s
 => [base 2/9] RUN apk add --no-cache     bash     bind-tools     binutils     coreutils     curl     git     grep     iproute2-ss     jq     libcap     logrotate     ncurses     nmap-nca  1.2s
 => [base 3/9] ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db                                                                                                                        0.0s
 => [base 4/9] COPY crontab.txt /crontab.txt                                                                                                                                                 0.0s
 => [base 5/9] ADD --chmod=0755 https://raw.githubusercontent.com/pi-hole/PADD/development/padd.sh /usr/local/bin/padd                                                                       0.0s
 => [base 6/9] RUN git clone --depth 1 --single-branch --branch development https://github.com/pi-hole/web.git /var/www/html/admin &&     git clone --depth 1 --single-branch --branch deve  1.3s
 => [base 7/9] RUN cd /etc/.pihole &&     install -Dm755 -d /opt/pihole &&     install -Dm755 -t /opt/pihole gravity.sh &&     install -Dm755 -t /opt/pihole ./advanced/Scripts/*.sh &&      0.4s 
 => [base 8/9] COPY --chmod=0755 bash_functions.sh /usr/bin/bash_functions.sh                                                                                                                0.0s 
 => [base 9/9] COPY --chmod=0755 start.sh /usr/bin/start.sh                                                                                                                                  0.0s
 => [remote-ftl-install 1/1] RUN if   [ "linux/amd64" = "linux/amd64" ];    then FTLARCH=amd64;     elif [ "linux/amd64" = "linux/386" ];      then FTLARCH=386;     elif [ "linux/amd64" =  0.9s
 => exporting to image                                                                                                                                                                       0.2s
 => => exporting layers                                                                                                                                                                      0.2s
 => => writing image sha256:9c94987e2ed941acf41e9d14cc7c8b540861ca8ef17c71de5afb695c145c18f8                                                                                                 0.0s 
 => => naming to docker.io/library/pihole:local                                                                                                                                              0.0s 
                                                                                                                                                                                                  
Successfully built Docker image with tag 'pihole:local'                                                                                                                                           
REPOSITORY   TAG       IMAGE ID       CREATED                  SIZE
pihole       local     9c94987e2ed9   Less than a second ago   89.9MB
Unsuccessful build 
adam@adam-pc:~/repos/docker-pi-hole$ ./build.sh -f non-existant-ftl-branch
Executing command: docker buildx build src/. --tag pihole:local --load --no-cache --build-arg FTL_BRANCH=non-existant-ftl-branch
[+] Building 4.4s (18/18) FINISHED                                                                                                                                                 docker:default
 => [internal] load build definition from Dockerfile                                                                                                                                         0.0s
 => => transferring dockerfile: 4.09kB                                                                                                                                                       0.0s
 => resolve image config for docker-image://docker.io/docker/dockerfile:1                                                                                                                    0.4s
 => CACHED docker-image://docker.io/docker/dockerfile:1@sha256:865e5dd094beca432e8c0a1d5e1c465db5f998dca4e439981029b3b81fb39ed5                                                              0.0s
 => [internal] load metadata for docker.io/library/alpine:3.20                                                                                                                               0.3s
 => [internal] load .dockerignore                                                                                                                                                            0.0s
 => => transferring context: 82B                                                                                                                                                             0.0s
 => CACHED [base 1/9] FROM docker.io/library/alpine:3.20@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d                                                             0.0s
 => CACHED [base 3/9] ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db                                                                                                                 0.0s
 => [internal] load build context                                                                                                                                                            0.0s
 => => transferring context: 98B                                                                                                                                                             0.0s
 => CACHED [base 5/9] ADD --chmod=0755 https://raw.githubusercontent.com/pi-hole/PADD/development/padd.sh /usr/local/bin/padd                                                                0.0s
 => [base 2/9] RUN apk add --no-cache     bash     bind-tools     binutils     coreutils     curl     git     grep     iproute2-ss     jq     libcap     logrotate     ncurses     nmap-nca  1.2s
 => [base 3/9] ADD https://ftl.pi-hole.net/macvendor.db /macvendor.db                                                                                                                        0.0s 
 => [base 4/9] COPY crontab.txt /crontab.txt                                                                                                                                                 0.0s 
 => [base 5/9] ADD --chmod=0755 https://raw.githubusercontent.com/pi-hole/PADD/development/padd.sh /usr/local/bin/padd                                                                       0.0s 
 => [base 6/9] RUN git clone --depth 1 --single-branch --branch development https://github.com/pi-hole/web.git /var/www/html/admin &&     git clone --depth 1 --single-branch --branch deve  1.3s 
 => [base 7/9] RUN cd /etc/.pihole &&     install -Dm755 -d /opt/pihole &&     install -Dm755 -t /opt/pihole gravity.sh &&     install -Dm755 -t /opt/pihole ./advanced/Scripts/*.sh &&      0.4s 
 => [base 8/9] COPY --chmod=0755 bash_functions.sh /usr/bin/bash_functions.sh                                                                                                                0.0s 
 => [base 9/9] COPY --chmod=0755 start.sh /usr/bin/start.sh                                                                                                                                  0.0s
 => ERROR [remote-ftl-install 1/1] RUN if   [ "linux/amd64" = "linux/amd64" ];    then FTLARCH=amd64;     elif [ "linux/amd64" = "linux/386" ];      then FTLARCH=386;     elif [ "linux/am  0.6s
------                                                                                                                                                                                            
 > [remote-ftl-install 1/1] RUN if   [ "linux/amd64" = "linux/amd64" ];    then FTLARCH=amd64;     elif [ "linux/amd64" = "linux/386" ];      then FTLARCH=386;     elif [ "linux/amd64" = "linux/arm/v6" ];   then FTLARCH=armv6;     elif [ "linux/amd64" = "linux/arm/v7" ];   then FTLARCH=armv7;     elif [ "linux/amd64" = "linux/arm64" ];    then FTLARCH=arm64;     elif [ "linux/amd64" = "linux/riscv64" ];  then FTLARCH=riscv64;     else FTLARCH=amd64; fi     && echo "Arch: linux/amd64, FTLARCH: ${FTLARCH}"     && curl -sSL "https://ftl.pi-hole.net/non-existant-ftl-branch/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL     && chmod +x /usr/bin/pihole-FTL     && readelf -h /usr/bin/pihole-FTL || (cat /usr/bin/pihole-FTL && echo "Error with downloaded FTL binary" && exit 1):
0.525 Arch: linux/amd64, FTLARCH: amd64
0.544 readelf: Error: Not an ELF file - it has the wrong magic bytes at the start
0.545 <html>
0.545 <head><title>404 Not Found</title></head>
0.545 <body>
0.545 <center><h1>404 Not Found</h1></center>
0.545 <hr><center>nginx/1.25.0</center>
0.545 </body>
0.545 </html>
0.545 Error with downloaded FTL binary
------
Dockerfile:75
--------------------
  74 |     # Download the latest version of pihole-FTL for the correct architecture
  75 | >>> RUN if   [ "$TARGETPLATFORM" = "linux/amd64" ];    then FTLARCH=amd64; \
  76 | >>>     elif [ "$TARGETPLATFORM" = "linux/386" ];      then FTLARCH=386; \
  77 | >>>     elif [ "$TARGETPLATFORM" = "linux/arm/v6" ];   then FTLARCH=armv6; \
  78 | >>>     elif [ "$TARGETPLATFORM" = "linux/arm/v7" ];   then FTLARCH=armv7; \
  79 | >>>     # Note for the future, "linux/arm6/v8" is not a valid value for TARGETPLATFORM, despite the CI platform name being that.
  80 | >>>     elif [ "$TARGETPLATFORM" = "linux/arm64" ];    then FTLARCH=arm64; \
  81 | >>>     elif [ "$TARGETPLATFORM" = "linux/riscv64" ];  then FTLARCH=riscv64; \
  82 | >>>     else FTLARCH=amd64; fi \
  83 | >>>     && echo "Arch: ${TARGETPLATFORM}, FTLARCH: ${FTLARCH}" \
  84 | >>>     && curl -sSL "https://ftl.pi-hole.net/${FTL_BRANCH}/pihole-FTL-${FTLARCH}" -o /usr/bin/pihole-FTL \
  85 | >>>     && chmod +x /usr/bin/pihole-FTL \
  86 | >>>     && readelf -h /usr/bin/pihole-FTL || (cat /usr/bin/pihole-FTL && echo "Error with downloaded FTL binary" && exit 1)
  87 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c if   [ \"$TARGETPLATFORM\" = \"linux/amd64\" ];    then FTLARCH=amd64;     elif [ \"$TARGETPLATFORM\" = \"linux/386\" ];      then FTLARCH=386;     elif [ \"$TARGETPLATFORM\" = \"linux/arm/v6\" ];   then FTLARCH=armv6;     elif [ \"$TARGETPLATFORM\" = \"linux/arm/v7\" ];   then FTLARCH=armv7;     elif [ \"$TARGETPLATFORM\" = \"linux/arm64\" ];    then FTLARCH=arm64;     elif [ \"$TARGETPLATFORM\" = \"linux/riscv64\" ];  then FTLARCH=riscv64;     else FTLARCH=amd64; fi     && echo \"Arch: ${TARGETPLATFORM}, FTLARCH: ${FTLARCH}\"     && curl -sSL \"https://ftl.pi-hole.net/${FTL_BRANCH}/pihole-FTL-${FTLARCH}\" -o /usr/bin/pihole-FTL     && chmod +x /usr/bin/pihole-FTL     && readelf -h /usr/bin/pihole-FTL || (cat /usr/bin/pihole-FTL && echo \"Error with downloaded FTL binary\" && exit 1)" did not complete successfully: exit code: 1

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! ERROR: Docker build failed, please review logs above !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code and I have tested my changes.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)
  • I have read the above and my PR is ready for review. Check this box to confirm

@PromoFaux PromoFaux requested review from DL6ER and a team September 11, 2024 18:03
DL6ER
DL6ER reviewed Sep 11, 2024
View reviewed changes
src/Dockerfile Outdated Show resolved Hide resolved
@PromoFaux
Actually do something with the result of readelf in case of invalid…
e938d1a 
… FTL binary

Remove the `cat` of the pihole-FTL binary as it could lead to a very difficult to read logs
Add some more helpful output to the build script

Signed-off-by: Adam Warner <[email protected]>
rdwebdesign
rdwebdesign requested changes Sep 11, 2024
View reviewed changes
src/Dockerfile Outdated Show resolved Hide resolved
src/Dockerfile Outdated Show resolved Hide resolved
DL6ER
DL6ER reviewed Sep 11, 2024
View reviewed changes
src/Dockerfile Outdated Show resolved Hide resolved
yubiuser
yubiuser reviewed Sep 11, 2024
View reviewed changes
Copy link
Member

@yubiuser yubiuser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you change the TAG stuff?

@PromoFaux
Copy link
Member Author

Why did you change the TAG stuff?

For this part https://github.com/pi-hole/docker-pi-hole/pull/1643/files#diff-4d2a8eefdf2a9783512a35da4dc7676a66404b6f3826a8af9aad038722da6823R101-R105

rdwebdesign
rdwebdesign reviewed Sep 11, 2024
View reviewed changes
src/Dockerfile Show resolved Hide resolved
src/Dockerfile Show resolved Hide resolved
@PromoFaux PromoFaux merged commit 3454f65 into development Sep 11, 2024
6 checks passed
@PromoFaux PromoFaux deleted the sanity-check-downloaded-FTL branch September 11, 2024 20:11
@PromoFaux PromoFaux mentioned this pull request Sep 11, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yubiuser yubiuser yubiuser approved these changes

@DL6ER DL6ER DL6ER approved these changes

@rdwebdesign rdwebdesign rdwebdesign approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@PromoFaux @rdwebdesign @DL6ER @yubiuser