Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix uid not unique error when using root #3430

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Fix uid not unique error when using root #3430

wants to merge 2 commits into from

Conversation

ESWZY
Copy link

@ESWZY ESWZY commented Jul 12, 2023

I was using Ubuntu 22.04 to build JDK17, but got error like this:

root@xxxxx:~/Projects/temurin-build# ./makejdk-any-platform.sh --docker --clean-docker-build --build-variant hotspot jdk17u
Starting ./makejdk-any-platform.sh to configure, build (Adoptium)OpenJDK binary
Parsing opt: --docker
Possible opt arg: --clean-docker-build
Parsing opt: --clean-docker-build
Possible opt arg: --build-variant
Parsing opt: --build-variant
Possible opt arg: hotspot
Working dir is ./build/
[debug] COPY_MACOSX_FREE_FONT_LIB_FOR_JDK_FLAG=false
[debug] COPY_MACOSX_FREE_FONT_LIB_FOR_JRE_FLAG=false
JDK Image folder name: jdk
JRE Image folder name: jre
Skipping setting boot JDK on docker host machine
Removing Dockerfile* from docker/jdk17/x86_64/ubuntu
Dockerfile created at docker/jdk17/x86_64/ubuntu/Dockerfile
Using Docker to build the JDK
Removing old volumes and containers
"docker rm" requires at least 1 argument.
See 'docker rm --help'.

Usage:  docker rm [OPTIONS] CONTAINER [CONTAINER...]

Remove one or more containers
openjdk-source-volume-jdk17u-hotspot
Creating tmp container
openjdk-source-volume-jdk17u-hotspot
No docker container for reuse was found, so creating 'openjdk_container' 
Building docker container
[+] Building 0.8s (16/18)                                                                                                                                                                                                                   
 => [internal] load build definition from Dockerfile                                                                                                                                                                                   0.0s
 => => transferring dockerfile: 2.65kB                                                                                                                                                                                                 0.0s
 => [internal] load .dockerignore                                                                                                                                                                                                      0.0s
 => => transferring context: 57B                                                                                                                                                                                                       0.0s
 => [internal] load metadata for docker.io/library/ubuntu:18.04                                                                                                                                                                        0.6s
 => [ 1/14] FROM docker.io/library/ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98                                                                                                                0.0s
 => [internal] load build context                                                                                                                                                                                                      0.0s
 => => transferring context: 4.11kB                                                                                                                                                                                                    0.0s
 => CACHED [ 2/14] RUN apt-get update   && apt-get install -qq -u --no-install-recommends     software-properties-common     dirmngr     gpg-agent     coreutils   && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-ke  0.0s
 => CACHED [ 3/14] RUN sh -c "mkdir -p /usr/lib/jvm/jdk16 && wget 'https://api.adoptium.net/v3/binary/latest/16/ga/linux/x64/jdk/hotspot/normal/adoptium?project=jdk' -O - | tar xzf - -C /usr/lib/jvm/jdk16 --strip-components=1"     0.0s
 => CACHED [ 4/14] RUN ln -sf /usr/lib/jvm/jdk16/bin/java /usr/bin/java                                                                                                                                                                0.0s
 => CACHED [ 5/14] RUN ln -sf /usr/lib/jvm/jdk16/bin/javac /usr/bin/javac                                                                                                                                                              0.0s
 => CACHED [ 6/14] RUN ln -sf /usr/lib/jvm/jdk16/bin/keytool /usr/bin/keytool                                                                                                                                                          0.0s
 => CACHED [ 7/14] RUN sh -c "mkdir -p /usr/lib/jvm/jdk8 && wget 'https://api.adoptium.net/v3/binary/latest/8/ga/linux/x64/jdk/hotspot/normal/adoptium?project=jdk' -O - | tar xzf - -C /usr/lib/jvm/jdk8 --strip-components=1"        0.0s
 => CACHED [ 8/14] RUN git clone https://github.com/adoptium/ci-jenkins-pipelines /openjdk/pipelines                                                                                                                                   0.0s
 => CACHED [ 9/14] COPY sbin /openjdk/sbin                                                                                                                                                                                             0.0s
 => CACHED [10/14] COPY security /openjdk/security                                                                                                                                                                                     0.0s
 => CACHED [11/14] COPY workspace/config /openjdk/config                                                                                                                                                                               0.0s
 => ERROR [12/14] RUN useradd -u 0 -ms /bin/bash build                                                                                                                                                                                 0.2s
------
 > [12/14] RUN useradd -u 0 -ms /bin/bash build:
#0 0.181 useradd: UID 0 is not unique
------
Dockerfile:79
--------------------
  77 |     ARG HostUID
  78 |     ENV HostUID=$HostUID
  79 | >>> RUN useradd -u $HostUID -ms /bin/bash build
  80 |     WORKDIR /openjdk/build
  81 |     RUN chown -R build /openjdk/
--------------------
ERROR: failed to solve: process "/bin/sh -c useradd -u $HostUID -ms /bin/bash build" did not complete successfully: exit code: 4

According to this error #0 0.181 useradd: UID 0 is not unique, I went to find the relevant parameters of useradd, and tried to pass the parameter -o --non-unique. Finally, the problem solved.

After this change:

root@xxxxx:~/Projects/temurin-build# ./makejdk-any-platform.sh --docker --clean-docker-build --build-variant hotspot jdk17u
Starting ./makejdk-any-platform.sh to configure, build (Adoptium)OpenJDK binary
Parsing opt: --docker
Possible opt arg: --clean-docker-build
Parsing opt: --clean-docker-build
Possible opt arg: --build-variant
Parsing opt: --build-variant
Possible opt arg: hotspot
Working dir is ./build/
[debug] COPY_MACOSX_FREE_FONT_LIB_FOR_JDK_FLAG=false
[debug] COPY_MACOSX_FREE_FONT_LIB_FOR_JRE_FLAG=false
JDK Image folder name: jdk
JRE Image folder name: jre
Skipping setting boot JDK on docker host machine
Removing Dockerfile* from docker/jdk17/x86_64/ubuntu
Dockerfile created at docker/jdk17/x86_64/ubuntu/Dockerfile
Using Docker to build the JDK
Removing old volumes and containers
No old container was found
openjdk-source-volume-jdk17u-hotspot
Creating tmp container
openjdk-source-volume-jdk17u-hotspot
No docker container for reuse was found, so creating 'openjdk_container' 
Building docker container
[+] Building 1.2s (20/20) FINISHED                                                                                                                                                                                                          
 => [internal] load build definition from Dockerfile                                                                                                                                                                                   0.0s
 => => transferring dockerfile: 2.66kB                                                                                                                                                                                                 0.0s
 => [internal] load .dockerignore                                                                                                                                                                                                      0.0s
 => => transferring context: 57B                                                                                                                                                                                                       0.0s
 => [internal] load metadata for docker.io/library/ubuntu:18.04                                                                                                                                                                        1.1s
 => [auth] library/ubuntu:pull token for registry-1.docker.io                                                                                                                                                                          0.0s
 => [ 1/14] FROM docker.io/library/ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98                                                                                                                0.0s
 => [internal] load build context                                                                                                                                                                                                      0.0s
 => => transferring context: 4.11kB                                                                                                                                                                                                    0.0s
 => CACHED [ 2/14] RUN apt-get update   && apt-get install -qq -u --no-install-recommends     software-properties-common     dirmngr     gpg-agent     coreutils   && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-ke  0.0s
 => CACHED [ 3/14] RUN sh -c "mkdir -p /usr/lib/jvm/jdk16 && wget 'https://api.adoptium.net/v3/binary/latest/16/ga/linux/x64/jdk/hotspot/normal/adoptium?project=jdk' -O - | tar xzf - -C /usr/lib/jvm/jdk16 --strip-components=1"     0.0s
 => CACHED [ 4/14] RUN ln -sf /usr/lib/jvm/jdk16/bin/java /usr/bin/java                                                                                                                                                                0.0s
 => CACHED [ 5/14] RUN ln -sf /usr/lib/jvm/jdk16/bin/javac /usr/bin/javac                                                                                                                                                              0.0s
 => CACHED [ 6/14] RUN ln -sf /usr/lib/jvm/jdk16/bin/keytool /usr/bin/keytool                                                                                                                                                          0.0s
 => CACHED [ 7/14] RUN sh -c "mkdir -p /usr/lib/jvm/jdk8 && wget 'https://api.adoptium.net/v3/binary/latest/8/ga/linux/x64/jdk/hotspot/normal/adoptium?project=jdk' -O - | tar xzf - -C /usr/lib/jvm/jdk8 --strip-components=1"        0.0s
 => CACHED [ 8/14] RUN git clone https://github.com/adoptium/ci-jenkins-pipelines /openjdk/pipelines                                                                                                                                   0.0s
 => CACHED [ 9/14] COPY sbin /openjdk/sbin                                                                                                                                                                                             0.0s
 => CACHED [10/14] COPY security /openjdk/security                                                                                                                                                                                     0.0s
 => CACHED [11/14] COPY workspace/config /openjdk/config                                                                                                                                                                               0.0s
 => CACHED [12/14] RUN useradd -o -u 0 -ms /bin/bash build                                                                                                                                                                             0.0s
 => CACHED [13/14] WORKDIR /openjdk/build                                                                                                                                                                                              0.0s
 => CACHED [14/14] RUN chown -R build /openjdk/                                                                                                                                                                                        0.0s
 => exporting to image                                                                                                                                                                                                                 0.0s
 => => exporting layers                                                                                                                                                                                                                0.0s
 => => writing image sha256:d605c13e8a4f1e8d6691bb6a7124abadbd1385804f2a4abfb42d8acf0b239666                                                                                                                                           0.0s
 => => naming to docker.io/library/openjdk_container                                                                                                                                                                                   0.0s
# ============================
# OPENJDK BUILD CONFIGURATION:
# ============================
BUILD_CONFIG[ADOPT_PATCHES]="true"
BUILD_CONFIG[ASSEMBLE_EXPLODED_IMAGE]="false"
BUILD_CONFIG[BRANCH]="master"

...

OpenJDK JDK path will be jdk-17.0.8+6. JRE path will be jdk-17.0.8+6-jre
OpenJDK test image path will be jdk-17.0.8+6-test-image.
Archiving and compressing with gzip

real    0m16.632s
user    0m16.546s
sys     0m0.083s
Your archive was created as /openjdk/build/src/build/linux-x86_64-server-release/images/OpenJDK.tar.gz
Moving the artifact to location /openjdk//target//OpenJDK-testimage.tar.gz
archive done.
OpenJDK static libs path will be jdk-17.0.8+6-static-libs.
OpenJDK static libs archive file name will be OpenJDK-static-libs-glibc.tar.gz.
Archiving and compressing with gzip

real    0m5.179s
user    0m5.156s
sys     0m0.020s
Your archive was created as /openjdk/build/src/build/linux-x86_64-server-release/images/OpenJDK.tar.gz
Moving the artifact to location /openjdk//target//OpenJDK-static-libs-glibc.tar.gz
archive done.
Archiving and compressing with gzip

real    0m26.241s
user    0m25.882s
sys     0m0.353s
Your archive was created as /openjdk/build/src/build/linux-x86_64-server-release/images/OpenJDK.tar.gz
Moving the artifact to location /openjdk//target//OpenJDK-jdk.tar.gz
archive done.
build.sh : 09:51:46 : All done!
The finished image can be found in /root/Projects/temurin-build/workspace/target on the host system
Removing container jdk17-hotspot
acf3243519d2

@github-actions
Copy link

Thank you for creating a pull request!
If you have not done so already, please familiarise yourself with our Contributing Guidelines and FAQ, even if you have contributed to the Adoptium project before. GitHub actions will now run a set of jobs against your PR that will lint and unit test your changes. Keep an eye out for the results from these on the latest commit you submitted. For more information, please see our testing documentation.

@github-actions github-actions bot added docker Issues related to our docker files and docker scripts jenkins Issues that enhance or fix our jenkins server macos Issues that affect or relate to the MAC OS testing Issues that enhance or fix our test suites labels Jul 12, 2023
@ESWZY ESWZY force-pushed the fix-uid-not-unique-when-root branch from f89aa4c to f4a4242 Compare July 12, 2023 11:24
@github-actions github-actions bot added jenkins Issues that enhance or fix our jenkins server macos Issues that affect or relate to the MAC OS testing Issues that enhance or fix our test suites and removed macos Issues that affect or relate to the MAC OS jenkins Issues that enhance or fix our jenkins server testing Issues that enhance or fix our test suites labels Jul 12, 2023
@karianna karianna assigned jerboaa and unassigned jerboaa Jul 13, 2023
@karianna karianna requested review from jerboaa, sxa and gdams July 13, 2023 00:33
karianna
karianna approved these changes Jul 13, 2023
View reviewed changes
Copy link
Contributor

@karianna karianna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable, but have tagged some other reviewers in case of any user/sec concerns that I'm missing.

jerboaa
jerboaa reviewed Jul 13, 2023
View reviewed changes
docker/dockerfile-generator.sh
@@ -324,7 +324,7 @@ printUserCreate(){
echo "
ARG HostUID
ENV HostUID=\$HostUID
RUN useradd -u \$HostUID -ms /bin/bash build
RUN useradd -o -u \$HostUID -ms /bin/bash build
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's a good idea to allow for non-unique IDs here. In particular, allowing UID=0 to be non-unique. The fix is to not build with as root.

@andrew-m-leonard
Copy link
Contributor

this has been stale for over a year, converting to "draft", if no longer needed please close.

@andrew-m-leonard andrew-m-leonard marked this pull request as draft April 3, 2024 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jerboaa jerboaa jerboaa left review comments

@karianna karianna karianna approved these changes

@sxa sxa Awaiting requested review from sxa

@gdams gdams Awaiting requested review from gdams

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
docker Issues related to our docker files and docker scripts jenkins Issues that enhance or fix our jenkins server macos Issues that affect or relate to the MAC OS testing Issues that enhance or fix our test suites
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ESWZY @andrew-m-leonard @karianna @jerboaa