Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADD with https in URL treated as file #1590

Closed
balonik opened this issue Feb 23, 2021 · 7 comments · Fixed by #2563
Closed

ADD with https in URL treated as file #1590

balonik opened this issue Feb 23, 2021 · 7 comments · Fixed by #2563
Labels
area/dockerfile-command For all bugs related to dockerfile file commands differs-from-docker kind/friction needs-discussion Items which need more discussion before commitment priority/p2 High impact feature/bug. Will get a lot of users happy
Milestone
v1.12.0

Comments

@balonik
Copy link

balonik commented Feb 23, 2021
edited
Loading

Actual behavior

using ADD with https in URL is treated like file in context instead of URL.

error building image: error building stage: failed to get files used from context: failed to get fileinfo for /builds/images/alpine/https:/example.com/file.tar.gz: lstat /builds/images/alpine/https:/example.com/file.tar.gz: no such file or directory

Expected behavior

Using http in URL is working, https in URL should work the same way.

To Reproduce
Steps to reproduce the behavior:

  1. Create Dockerfile
FROM alpine:latest

ADD https://example.com/file.tar.gz
  1. try to build with kaniko

Additional Information

  • Kaniko Image (fully qualified with digest)
gcr.io/kaniko-project/executor@sha256:e00dfdd4a44097867c8ef671e5a7f3e31d94bd09406dbdfba8a13a63fc6b8060

Triage Notes for the Maintainers

Description Yes/No
Please check if this a new feature you are proposing
Please check if the build works in docker but not in kaniko
Please check if this error is seen when you use --cache flag
Please check if your dockerfile is a multistage dockerfile
@michbeck100
Copy link

Any updates on this?

@michbeck100
Copy link

Would be great if anyone of the project owners could comment on this. I think this a major issue.

@anhoder anhoder mentioned this issue Nov 30, 2021
Closed
@jmhbnz
Copy link

jmhbnz commented Dec 16, 2021

Ran into the same problem while trying to migrate a codebase to kaniko today so this is definitely still an issue.

@anguswilliams
Copy link
Contributor

I had a similar issue where adding a file from URL did not work for me. This is actually supported by kaniko, but the URL must be valid and accessible from where kaniko is running. Took me a while to find, but in my case the function below was burying an SSL validation error on the URL I was trying to add. Fixed by appending my custom CA to /kaniko/ssl/certs/ca-certificates.crt in the kaniko container.

kaniko/pkg/util/command_util.go

Line 285 in cf9a334

func IsSrcRemoteFileURL(rawurl string) bool {

@aaron-prindle aaron-prindle added kind/friction priority/p1 Basic need feature compatibility with docker build. we should be working on this next. differs-from-docker area/dockerfile-command For all bugs related to dockerfile file commands needs-discussion Items which need more discussion before commitment priority/p2 High impact feature/bug. Will get a lot of users happy and removed priority/p1 Basic need feature compatibility with docker build. we should be working on this next. labels Jun 12, 2023
@aaron-prindle
Copy link
Collaborator

aaron-prindle commented Jun 12, 2023
edited
Loading

Thanks for flagging this, can anyone in the thread here clarify if the workaround/fix @anguswilliams mentioned worked for them as well? Currently not clear if this is a kaniko bug requiring code change/fix or the use cases mentioned here are supported by kaniko but require additional documentation and/or better UX

@anguswilliams
Copy link
Contributor

@aaron-prindle it's a valid error, but it could be logged better. I think it could do with some UX improvement as it's hard to tell what's actually going on if you hit the specific scenario. Two options I can think of:

  1. Check the error return from here, and log the error
  2. Get rid of that http.Get entirely as I'm not sure it's necessary, in that case any get errors would get surfaced here

In my mind the second option is best, as it looks like that function is just trying to validate the source file is a URL or not. It's basically double handling that file. Happy to submit a PR to fix.

@aaron-prindle
Copy link
Collaborator

aaron-prindle commented Jun 12, 2023
edited
Loading

Ah I see, thank you for the additional context there @anguswilliams. +1, I think the second option looks best as well- that would be great if you could submit a PR with the fix!

anguswilliams added a commit to anguswilliams/kaniko that referenced this issue Jun 13, 2023
@anguswilliams
Refactors IsSrcRemoteFileURL to only validate the URL is valid
1e0ad79 
`IsSrcRemoteFileURL` was doing a `http.Get` call to make sure the URL was valid, but not surfacing any errors.
Because the error from the http.Get call is not handled, some useful information can be buried.
It also means kaniko will download the file twice during a build, once to validate, and once to actually add the file
to the image.
Removing the http.Get call and validating the URL is valid, and has the correct schema and hostname will stop
the double handling, and allow any errors to be surfaced through the error handing in the file download function.

Fixes GoogleContainerTools#1590

Signed-off-by: Angus Williams <anguswilliams@gmail.com>
@anguswilliams anguswilliams mentioned this issue Jun 13, 2023
Merged
4 tasks
anguswilliams added a commit to anguswilliams/kaniko that referenced this issue Jun 13, 2023
@anguswilliams
Refactors IsSrcRemoteFileURL to only validate the URL is valid
47d30c7 
`IsSrcRemoteFileURL` was doing a `http.Get` call to make sure the URL was valid, but not surfacing any errors.
Because the error from the http.Get call is not handled, some useful information can be buried.
It also means kaniko will download the file twice during a build, once to validate, and once to actually add the file
to the image.
Removing the http.Get call and validating the URL is valid, and has the correct schema and hostname will stop
the double handling, and allow any errors to be surfaced through the error handing in the file download function.

Fixes GoogleContainerTools#1590

Signed-off-by: Angus Williams <anguswilliams@gmail.com>
aaron-prindle pushed a commit that referenced this issue Jun 14, 2023
@anguswilliams
Refactors IsSrcRemoteFileURL to only validate the URL is valid (#2563)
de3032f 
`IsSrcRemoteFileURL` was doing a `http.Get` call to make sure the URL was valid, but not surfacing any errors.
Because the error from the http.Get call is not handled, some useful information can be buried.
It also means kaniko will download the file twice during a build, once to validate, and once to actually add the file
to the image.
Removing the http.Get call and validating the URL is valid, and has the correct schema and hostname will stop
the double handling, and allow any errors to be surfaced through the error handing in the file download function.

Fixes #1590

Signed-off-by: Angus Williams <anguswilliams@gmail.com>
@aaron-prindle aaron-prindle added this to the v1.12.0 milestone Jun 28, 2023
kylecarbs pushed a commit to coder/kaniko that referenced this issue Jul 12, 2023
@anguswilliams @kylecarbs
Refactors IsSrcRemoteFileURL to only validate the URL is valid (Googl…
75fcb56 
…eContainerTools#2563)

`IsSrcRemoteFileURL` was doing a `http.Get` call to make sure the URL was valid, but not surfacing any errors.
Because the error from the http.Get call is not handled, some useful information can be buried.
It also means kaniko will download the file twice during a build, once to validate, and once to actually add the file
to the image.
Removing the http.Get call and validating the URL is valid, and has the correct schema and hostname will stop
the double handling, and allow any errors to be surfaced through the error handing in the file download function.

Fixes GoogleContainerTools#1590

Signed-off-by: Angus Williams <anguswilliams@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/dockerfile-command For all bugs related to dockerfile file commands differs-from-docker kind/friction needs-discussion Items which need more discussion before commitment priority/p2 High impact feature/bug. Will get a lot of users happy
Projects
None yet
Milestone
v1.12.0
Development

Successfully merging a pull request may close this issue.

Refactors IsSrcRemoteFileURL to only validate the URL is valid anguswilliams/kaniko
5 participants
@aaron-prindle @michbeck100 @anguswilliams @balonik @jmhbnz