Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker Container and Newer Git Enforce Safe Directory Checks #1600

Closed
aj-stein-nist opened this issue Jan 5, 2023 · 0 comments · Fixed by #1598
Closed

Docker Container and Newer Git Enforce Safe Directory Checks #1600

aj-stein-nist opened this issue Jan 5, 2023 · 0 comments · Fixed by #1598
Assignees
@aj-stein-nist
Labels
bug

Comments

@aj-stein-nist
Copy link
Contributor

Describe the bug

When doing local development, any script script in the that runs in the docker container or one built and run from said Dockerfile will often have differing file ownership on the host relative to inside the container. This will lead to errors like those in the replication section.

To work around this, you would need to re-run that command within the container every recreation of a container instance from an image, so it would be best to patch that in the Dockerfile itself. Because of how volume mounts work, and a volume mount is always owned by root, this is inevitable and ought to be fixed as this feature of git is now in all stable releases for a little bit. We will trust the volume mount.

More info and context on StackOverflow and other blogs, I cannot find an official man page source from git that I can link to from an Internet-routable URL unforunately.

Who is the bug affecting

NIST OSCAL developers who intend to make use of our public Dockerfile spec.

What is affected by this bug

CI/CD, Tooling & API

How do we replicate this issue

  1. Check out the repo.
  2. `pushd /path/to/repo/oscal/
  3. pushd docs
  4. docker compose up -d docs

Observe the error below when the run-server.sh or other scripts would run, a similar error would occurs.

$ docker run -it -p 1313:1313 -v $(pwd):/oscal docs-docs
root@a711f12a02f5:/oscal# /oscal/docs/run-server.sh 

Generating XML and JSON Model Documentation
===========================================
fatal: detected dubious ownership in repository at '/oscal'
To add an exception for this directory, call:

        git config --global --add safe.directory /oscal
fatal: detected dubious ownership in repository at '/oscal'
To add an exception for this directory, call:

        git config --global --add safe.directory /oscal
BRANCH(initial)=''
fatal: detected dubious ownership in repository at '/oscal'
To add an exception for this directory, call:

        git config --global --add safe.directory /oscal
Name and URL for remote not detected, using default
Unrecognized branch: 
BRANCH=''
VERSION='develop'
REVISION='develop'
TYPE='branch'
Generating index page failed for revision 'develop' on branch ''.
ERROR 2023/01/05 19:48:28 Failed to read Git log: fatal: detected dubious ownership in repository at '/oscal'
To add an exception for this directory, call:

        git config --global --add safe.directory /oscal
Error: logged 1 error(s)

Expected behavior (i.e. solution)

The entrypoint executes without error.

Other comments

No response
@aj-stein-nist aj-stein-nist self-assigned this Jan 5, 2023
@aj-stein-nist aj-stein-nist mentioned this issue Jan 5, 2023
Merged
5 tasks
aj-stein-nist added a commit to aj-stein-nist/OSCAL-forked that referenced this issue Jan 5, 2023
@aj-stein-nist
Fix directory safety for doctor, closes usnistgov#1600.
ca5434f
@aj-stein-nist aj-stein-nist moved this from Todo to Under Review in NIST OSCAL Work Board Jan 5, 2023
david-waltermire pushed a commit that referenced this issue Jan 9, 2023
@aj-stein-nist
Fix Docker container build for local dev and debugging (#1598)
eff9ce3 
* Fix Dockerfile multi-stage builds, closes #1597.

* Add maven.restlet.org workaround.

If the TLS cert is bad, it will break local build just like
maven building Java deps in GHA.

* Fix directory safety for doctor, closes #1600.

* Somehow, docs/run-server.sh set to non-executable again.
aj-stein-nist added a commit to aj-stein-nist/OSCAL-forked that referenced this issue Jan 10, 2023
@aj-stein-nist
Fix Docker container build for local dev and debugging (usnistgov#1598)
dd6486a 
* Fix Dockerfile multi-stage builds, closes usnistgov#1597.

* Add maven.restlet.org workaround.

If the TLS cert is bad, it will break local build just like
maven building Java deps in GHA.

* Fix directory safety for doctor, closes usnistgov#1600.

* Somehow, docs/run-server.sh set to non-executable again.
@david-waltermire david-waltermire linked a pull request Jan 12, 2023 that will close this issue
Fix Docker container build for local dev and debugging #1598
Merged
5 tasks
@github-project-automation github-project-automation bot moved this from Under Review to Done in NIST OSCAL Work Board Jan 12, 2023
aj-stein-nist added a commit to aj-stein-nist/OSCAL-forked that referenced this issue Feb 6, 2023
@aj-stein-nist
Fix Docker container build for local dev and debugging (usnistgov#1598)
4e4db52 
* Fix Dockerfile multi-stage builds, closes usnistgov#1597.

* Add maven.restlet.org workaround.

If the TLS cert is bad, it will break local build just like
maven building Java deps in GHA.

* Fix directory safety for doctor, closes usnistgov#1600.

* Somehow, docs/run-server.sh set to non-executable again.
aj-stein-nist added a commit to aj-stein-nist/OSCAL that referenced this issue Jun 29, 2023
@aj-stein-nist
Fix Docker container build for local dev and debugging (#1598)
c5cd927 
* Fix Dockerfile multi-stage builds, closes #1597.

* Add maven.restlet.org workaround.

If the TLS cert is bad, it will break local build just like
maven building Java deps in GHA.

* Fix directory safety for doctor, closes usnistgov/OSCAL#1600.

* Somehow, docs/run-server.sh set to non-executable again.
aj-stein-nist added a commit to aj-stein-nist/OSCAL that referenced this issue Jun 29, 2023
@aj-stein-nist
Fix Docker container build for local dev and debugging (#1598)
f3f6ba8 
* Fix Dockerfile multi-stage builds, closes #1597.

* Add maven.restlet.org workaround.

If the TLS cert is bad, it will break local build just like
maven building Java deps in GHA.

* Fix directory safety for doctor, closes usnistgov/OSCAL#1600.

* Somehow, docs/run-server.sh set to non-executable again.
aj-stein-nist added a commit to aj-stein-nist/OSCAL-forked that referenced this issue Jul 10, 2023
@aj-stein-nist
Fix Docker container build for local dev and debugging (usnistgov#1598)
fb8a083 
* Fix Dockerfile multi-stage builds, closes usnistgov#1597.

* Add maven.restlet.org workaround.

If the TLS cert is bad, it will break local build just like
maven building Java deps in GHA.

* Fix directory safety for doctor, closes usnistgov#1600.

* Somehow, docs/run-server.sh set to non-executable again.
aj-stein-nist added a commit to galtm/OSCAL that referenced this issue Sep 28, 2023
@aj-stein-nist
Fix Docker container build for local dev and debugging (usnistgov#1598)
b8fa7f3 
* Fix Dockerfile multi-stage builds, closes usnistgov#1597.

* Add maven.restlet.org workaround.

If the TLS cert is bad, it will break local build just like
maven building Java deps in GHA.

* Fix directory safety for doctor, closes usnistgov#1600.

* Somehow, docs/run-server.sh set to non-executable again.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aj-stein-nist aj-stein-nist

Labels
bug
Projects
NIST OSCAL Work Board
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Docker container build for local dev and debugging aj-stein-nist/OSCAL-forked
2 participants
@david-waltermire @aj-stein-nist