Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

zypper-docker entrypoint confuses program arguments #158

Open
grisu48 opened this issue Nov 24, 2021 · 3 comments
Open

zypper-docker entrypoint confuses program arguments #158

grisu48 opened this issue Nov 24, 2021 · 3 comments

Comments

@grisu48
Copy link

grisu48 commented Nov 24, 2021

As requested in bsc#1192941 I post the bug report here as well:

When creating an image with zypper-docker, the entrypoint changes from null to /bin/sh -c, which breaks usage of custom commands with program parameters

# docker inspect 1c2413ae82f1             # sles12sp3
"Entrypoint": null,

# docker inspect zypper_docker_derived    # dervied image created with zypper-docker
            "Entrypoint": [
                "/bin/sh",
                "-c"
            ],

Example

The problem is that the usage of a container with custom commands is broken/behaving differently than with the original container. See the following example using zypper ls:

# docker run --rm -ti registry.suse.com/suse/sles12sp5 zypper ls
...
# | Alias                      | Name                       | Enabled | GPG Check | Refresh | Type  
--+----------------------------+----------------------------+---------+-----------+---------+-------
1 | container-suseconnect-zypp | container-suseconnect-zypp | Yes     | ----      | Yes     | plugin

A derived imaged, created by zypper-docker, however does not work properly like this:

# zypper-docker up registry.suse.com/suse/sles12sp5 willie                                      # Create derived image "willie"
# docker run --rm -ti willie zypper ls                                                          # Same command ignores the "ls" parameter for zypper
  Usage:
    zypper [--global-options] <command> [--command-options] [arguments]
  ...


# docker run --rm -ti --entrypoint '' willie zypper ls                                          # setting entrypoint to null restores the expected behaviour
# | Alias                      | Name                       | Enabled | GPG Check | Refresh | Type  
--+----------------------------+----------------------------+---------+-----------+---------+-------
1 | container-suseconnect-zypp | container-suseconnect-zypp | Yes     | ----      | Yes     | plugin
# docker run --rm -ti willie -- zypper ls
... shows zypper usage

Expected behaviour

My expectation would be, that zypper-docker does not modify the behaviour of the original image and can be used in the same way.

All SLE images variants are affected (images sles12sp3 - sle15:15.3). I tested this on a SLES15-SP3 machine with zypper-docker 2.0.0
@grisu48
Copy link
Author

grisu48 commented Jan 6, 2022

I've been doing a little bit of digging here.

IMHO the issue is, that we set the ENTRYPOINT to [] here and this makes docker use the system default entrypoint. Inspecting the current state of the SLES images, this would be the valid entrypoint:

$ docker inspect registry.suse.com/suse/sle15
...
        "Cmd": [
            "/bin/bash"
        ],
        "Image": "",
        "Volumes": null,
        "WorkingDir": "",
        "Entrypoint": null,

We pass the following changes to the /commit path:

  CHANGES:
    USER 0:0
    ENTRYPOINT []
    CMD ["/bin/bash"]

And end then up with having the wrong Entrypoint in the resulting end image:

            "Cmd": [
            "/bin/bash"
        ],
        "Image": "",
        "Volumes": null,
        "WorkingDir": "",
        "Entrypoint": [
            "/bin/sh",
            "-c"
        ],

@grisu48
Copy link
Author

grisu48 commented Jan 6, 2022

The passed values for "Entrypoint" are being accepted, however they are being added after ["/bin/sh","-c"]. e.g. If I set "ENTRYPOINT /bin/sl", manually, I end up with the following image:

        "Entrypoint": [
            "/bin/sh",
            "-c",
            "/bin/sl"
        ],

@grisu48
Copy link
Author

grisu48 commented Jan 6, 2022
edited
Loading

I believe I got it.

The entrypoint is set for the update container here to []string{"/bin/sh", "-c"}. Later on the ENTRYPOINT gets set to [] here. However, this value is ignored by /commit. I could reproduce this behaviour locally:

$ docker inspect 16d5b8eeeabd
....
        "Entrypoint": [
            "/bin/sh",
            "-c"
        ],
....
$ docker commit --change='ENTRYPOINT' 16d5b8eeeabd pazuzu && docker inspect pazuzu
....
    "Entrypoint": [
            "/bin/sh",
            "-c"
        ],
....
$ docker commit --change='ENTRYPOINT []' 16d5b8eeeabd pazuzu && docker inspect pazuzu
....
    "Entrypoint": [
            "/bin/sh",
            "-c"
        ],
....

However, setting a specific ENTRYPOINT is supported:

$ docker commit --change='ENTRYPOINT ["/bin/bash"]' 16d5b8eeeabd pazuzu && docker inspect pazuzu
....
        "Entrypoint": [
            "/bin/bash"
        ],
....

So, as far as I can see, the issue is not within zypper-docker but that docker commit does not allow to change an ENTRYPOINT to be null.

Running Docker version 20.10.11-ce, build 847da184ad50 on openSUSE Tumbleweed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@grisu48