substrate_builder.Dockerfile error ldd: not found and outdated ./docker/README.md #13071
Description
Is there an existing issue?
- I have searched the existing issues
Experiencing problems? Have you tried our Stack Exchange first?
- This is not a support question.
Description of bug
In Substrate's ./docker directory there's a README.
It doesn't mention how to build the image, but when you look through the files it's clear you just have to run ./build.sh, and then follow the rest of the instructions to run a container.
But when you run ./build.sh, it crashes with error /bin/sh: 1: ldd: not found.
The error is caused because on the previous line we're removing all the binaries for security (including ldd)
# unclutter and minimize the attack surface
rm -rf /usr/bin /usr/sbin && \
# Sanity checks
ldd /usr/local/bin/substrate && \
So I think the fix is just to reverse the order and do that sanity check with ldd before we remove all those binaries, because we don't need the binaries any later in the script, so it would change to:
# Sanity checks
ldd /usr/local/bin/substrate && \
# unclutter and minimize the attack surface
rm -rf /usr/bin /usr/sbin && \
Once you make that fix, if you follow the current ./docker/README.md instructions and run one of the example commands it results in an error as shown below:
$ docker run --rm -it parity/substrate substrate --version
Unable to find image 'parity/substrate:latest' locally
latest: Pulling from parity/substrate
846c0b181fff: Pull complete
a145563de091: Pull complete
Digest: sha256:06ec813df3a747c65d6f388ccead2cb7e1047db794187d83bafc741f13f4c3e9
Status: Downloaded newer image for parity/substrate:latest
error: The subcommand 'substrate' wasn't recognized
Usage: substrate [OPTIONS]
substrate <COMMAND>
This is because the ./docker/README.md assumes that the parity/substrate:latest image located at https://hub.docker.com/layers/paritytech/substrate/latest/images/sha256-d1be27ff2a93d7de49a5ef9449b4e7aa5f479d9d03f808ec34bf2e8cea89cdc4?context=explore is up to date, but it isn't.
Instead the pre-built image parity/substrate:latest uses substrate 3.0.0-dev-ea387c63471. The entrypoint it uses is ENTRYPOINT ["/usr/local/bin/substrate"] so it only supports running that old Substrate binary and to use the image you need to provide options to it in the Docker run command but without passing the Substrate binary (i.e. docker run --rm -it parity/substrate --version), so you can only use it to run the old Substrate binary but not other binaries it mentions. This differs from the examples in the ./docker/README.md where you need to specify the binary (i.e. substrate --version instead of just --version).
This CI dockerfile is similar https://github.com/paritytech/substrate/blob/master/scripts/ci/docker/substrate.Dockerfile#L45
Steps to reproduce
Run the following:
git clone https://github.com/paritytech/substrate
cd substrate/docker
./build.sh
View the output
...
Step 11/14 : RUN useradd -m -u 1000 -U -s /bin/sh -d /substrate substrate && mkdir -p /data /substrate/.local/share/substrate && chown -R substrate:substrate /data && ln -s /data /substrate/.local/share/substrate && rm -rf /usr/bin /usr/sbin && ldd /usr/local/bin/substrate && /usr/local/bin/substrate --version
---> Running in 8899e9cb0ee2
/bin/sh: 1: ldd: not found
If you skip running ./build.sh and run one of the example commands in the ./docker/README.md, it shows its using the old version that expects a substrate binary option argument rather than the substrate command itself.
$ docker run --rm -it parity/substrate substrate --version
Unable to find image 'parity/substrate:latest' locally
latest: Pulling from parity/substrate
846c0b181fff: Pull complete
a145563de091: Pull complete
Digest: sha256:06ec813df3a747c65d6f388ccead2cb7e1047db794187d83bafc741f13f4c3e9
Status: Downloaded newer image for parity/substrate:latest
error: The subcommand 'substrate' wasn't recognized
Usage: substrate [OPTIONS]
substrate <COMMAND>
$ docker run --rm -it parity/substrate --version
substrate 3.0.0-dev-ea387c63471
But if you run ./build.sh first, then when you run the command it works:
$ docker run --rm -it parity/substrate substrate --version
substrate 3.0.0-dev-unknown