Dockerfile fails with newer openssl version

Question

Dockerfile fails with newer openssl version

a-agmon opened this issue 6 months ago · 2 comments

The current openssl versions does not include 3.0.7 that ngx-sys was compiled against so I have added in the Dockerfile the latest version: ENV OPENSSL_VERSION 3.2.0

However, the dockerfile fails with an error that seems to be related to pgp validation in the build actions in ngx-sys:

=> ERROR [build 6/6] RUN --mount=type=cache,id=target,target=target     --mount=type=cache,id=cache,target=.cache     --mount=type=ca  1.8s 
------                                                                                                                                       
 > [build 6/6] RUN --mount=type=cache,id=target,target=target     --mount=type=cache,id=cache,target=.cache     --mount=type=cache,id=cargo,target=/usr/local/cargo/registry     mkdir -p /out &&     cargo build --release --package examples --examples &&     mv /project/target/release/examples/*.so /out:
0.603    Compiling nginx-sys v0.2.1 (/project/nginx-sys)
1.673 error: failed to run custom build command for `nginx-sys v0.2.1 (/project/nginx-sys)`
1.673 
1.673 Caused by:
1.674   process didn't exit successfully: `/project/target/release/build/nginx-sys-33f897259fe1683d/build-script-build` (exit status: 1)
1.674   --- stdout
1.674   Archive [zlib-1.3] already extracted to directory: /project/.cache/src/linux-x86_64/zlib-1.3
1.674   Archive [pcre2-10.42] already extracted to directory: /project/.cache/src/linux-x86_64/pcre2-10.42
1.674 
1.674   --- stderr
1.674   Error: Custom { kind: Other, error: "command [\"/usr/bin/gpg\", \"--homedir\", \"/project/.cache/.gnupg\", \"--verify\", \"/project/.cache/openssl-3.2.0.tar.gz.asc\", \"/project/.cache/openssl-3.2.0.tar.gz\"] exited with code 2" }
------
Dockerfile:32
--------------------
  31 |     
  32 | >>> RUN --mount=type=cache,id=target,target=target \
  33 | >>>     --mount=type=cache,id=cache,target=.cache \
  34 | >>>     --mount=type=cache,id=cargo,target=/usr/local/cargo/registry \
  35 | >>>     mkdir -p /out && \
  36 | >>>     cargo build --release --package examples --examples && \
  37 | >>>     mv /project/target/release/examples/*.so /out
  38 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c mkdir -p /out &&     cargo build --release --package examples --examples &&     mv /project/target/release/examples/*.so /out" did not complete successfully: exit code: 101

Answer 1 · 2024-03-03T06:07:53.000Z

from the above details log message I can see that it failed to verify openssl archive:

{ kind: Other, error: "command [\"/usr/bin/gpg\", \"--homedir\", \"/project/.cache/.gnupg\", \"--verify\", \"/project/.cache/openssl-3.2.0.tar.gz.asc\", \"/project/.cache/openssl-3.2.0.tar.gz\"] exited with code 2" }

As a quick fix, it can follow the #60 pattern and make OPENSSL_GPG_SERVER_AND_KEY_IDS configurable via env variables or simply add GPG key into
https://github.com/nginxinc/ngx-rust/blob/master/nginx-sys/build.rs#L27

cc: @dekobon

Answer 2 · 2024-03-05T22:42:48.000Z

This should be fixed in the latest commit. Would you mind verifying that it works for you?