Dockerfile lock gets confused when installing pip package with an OS package manager #702
Comments
rnjudge
added a commit
to rnjudge/tern
that referenced
this issue
May 28, 2020
Since the addition of language package managers, the Dockerfile lock
functionality was getting confused when trying to pin packages that also
double as language package managers.
This commit does the following to resolve the issue:
1) In analyze.py, instead of comparing each of the packages in the
layer to see if they are installed in the RUN line, first gather
the list of packages being installed in the dockerfile RUN line
and then compare those against the packages installed in the layer.
This prevents unnecessary comparisons and duplicate pinnings.
2) Add a 'should_pin' method to dockerfile.py that checks whether the
package in the RUN line should be pinned or not. Use this function
in the existing 'expand_package' function in dockerfile.py to
determine if we should expand/pin the package or not.
3) Modify the way 'expand_package' in dockerfile.py actually pins the
package and version in the dockerfile object. Instead of using the
replace method, which was expanding non-exact matches of a package
name, we go word by word in the RUN line to determine if a package
should be pinned.
4) Make the command_lib dictionary global so we can access snippet
information in dockerfile.py
5) Modify the 'package_in_dockerfile' function to return the list of
packages being installed in a given RUN line instead of returning
true or false. Also change the name of the function to more
accurately reflect its purpose. The function is now called
'get_install_packages'.
Resolves tern-tools#702
Signed-off-by: Rose Judge <rjudge@vmware.com>
rnjudge
added a commit
to rnjudge/tern
that referenced
this issue
May 28, 2020
Since the addition of language package managers, the Dockerfile lock
functionality was getting confused when trying to pin packages that also
double as language package managers.
This commit does the following to resolve the issue:
1) In analyze.py, instead of comparing each of the packages in the
layer to see if they are installed in the RUN line, first gather
the list of packages being installed in the dockerfile RUN line
and then compare those against the packages installed in the layer.
This prevents unnecessary comparisons and duplicate pinnings.
2) Add a 'should_pin' method to dockerfile.py that checks whether the
package in the RUN line should be pinned or not. Use this function
in the existing 'expand_package' function in dockerfile.py to
determine if we should expand/pin the package or not.
3) Modify the way 'expand_package' in dockerfile.py actually pins the
package and version in the dockerfile object. Instead of using the
replace method, which was expanding non-exact matches of a package
name, we go word by word in the RUN line to determine if a package
should be pinned.
4) Modify the 'package_in_dockerfile' function to return the list of
packages being installed in a given RUN line instead of returning
true or false. Also change the name of the function to more
accurately reflect its purpose. The function is now called
'get_install_packages'.
Resolves tern-tools#702
Signed-off-by: Rose Judge <rjudge@vmware.com>
nishakm
pushed a commit
that referenced
this issue
May 28, 2020
Since the addition of language package managers, the Dockerfile lock
functionality was getting confused when trying to pin packages that also
double as language package managers.
This commit does the following to resolve the issue:
1) In analyze.py, instead of comparing each of the packages in the
layer to see if they are installed in the RUN line, first gather
the list of packages being installed in the dockerfile RUN line
and then compare those against the packages installed in the layer.
This prevents unnecessary comparisons and duplicate pinnings.
2) Add a 'should_pin' method to dockerfile.py that checks whether the
package in the RUN line should be pinned or not. Use this function
in the existing 'expand_package' function in dockerfile.py to
determine if we should expand/pin the package or not.
3) Modify the way 'expand_package' in dockerfile.py actually pins the
package and version in the dockerfile object. Instead of using the
replace method, which was expanding non-exact matches of a package
name, we go word by word in the RUN line to determine if a package
should be pinned.
4) Modify the 'package_in_dockerfile' function to return the list of
packages being installed in a given RUN line instead of returning
true or false. Also change the name of the function to more
accurately reflect its purpose. The function is now called
'get_install_packages'.
Resolves #702
Signed-off-by: Rose Judge <rjudge@vmware.com>
rnjudge
added a commit
to rnjudge/tern
that referenced
this issue
Jun 5, 2020
Since the addition of language package managers, the Dockerfile lock
functionality was getting confused when trying to pin packages that also
double as language package managers.
This commit does the following to resolve the issue:
1) In analyze.py, instead of comparing each of the packages in the
layer to see if they are installed in the RUN line, first gather
the list of packages being installed in the dockerfile RUN line
and then compare those against the packages installed in the layer.
This prevents unnecessary comparisons and duplicate pinnings.
2) Add a 'should_pin' method to dockerfile.py that checks whether the
package in the RUN line should be pinned or not. Use this function
in the existing 'expand_package' function in dockerfile.py to
determine if we should expand/pin the package or not.
3) Modify the way 'expand_package' in dockerfile.py actually pins the
package and version in the dockerfile object. Instead of using the
replace method, which was expanding non-exact matches of a package
name, we go word by word in the RUN line to determine if a package
should be pinned.
4) Modify the 'package_in_dockerfile' function to return the list of
packages being installed in a given RUN line instead of returning
true or false. Also change the name of the function to more
accurately reflect its purpose. The function is now called
'get_install_packages'.
Resolves tern-tools#702
Signed-off-by: Rose Judge <rjudge@vmware.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
In Tern's Dockerfile we apt-install the pip package like so:
To Reproduce
Steps to reproduce the behavior:
tern lock Dockerfileat the tip of master.Dockerfile.lockfile.Error in terminal
The resulting Dockerfile.lock incorrectly pins the python3-pip package like so: python3-pip==20.1.1==20.1.1-3.7.5-3.ph3
Expected behavior
The python3-pip package should be pinned properly.
The text was updated successfully, but these errors were encountered: