Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dockerfile: clarify that checksum works with HTTPS #5064

Merged
merged 1 commit into from
Jul 1, 2024
Merged

dockerfile: clarify that checksum works with HTTPS #5064

merged 1 commit into from
Jul 1, 2024

Conversation

dvdksn
Copy link
Collaborator

@dvdksn dvdksn commented Jun 20, 2024

Docs and error message didn't indicate whether checksum was supported for HTTPS.

@dvdksn dvdksn requested a review from tonistiigi June 20, 2024 11:36
tonistiigi
tonistiigi reviewed Jun 20, 2024
View reviewed changes
Copy link
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe "checksum can be only specified for URL sources"?

@dvdksn
Copy link
Collaborator Author

dvdksn commented Jun 24, 2024

@tonistiigi yeah I thought about something like that, but it doesn't work with Git URLs afaict. I guess Git URLs could still use HTTP however so the current description isn't super clear about that either.

Actually, I checked the Git URL over HTTP case, and it seems there's a bug. Trying to do ADD --checksum of a git@ URL prints an error.

Dockerfile:5
--------------------
   3 |     FROM scratch
   4 | >>> ADD --checksum=sha256:1005882735b796c332de70ff8f210ddd77d1c31ae03e6b0949b4480ad3f12804 [email protected]:docker/buildx.git /
   5 |     
--------------------
ERROR: checksum can't be specified for non-HTTP sources

But changing that URL to https://github.com/docker/buildx.git doesn't print the error (but still doesn't do any checksum validation).

@tonistiigi
Copy link
Member

Yes, I didn't think about the Git case. You can't add checksum to Git even if it is HTTP git URL (you can set a commit sha that behaves like a checksum but that is part of the URL).

But changing that URL to https://github.com/docker/buildx.git doesn't print the error (but still doesn't do any checksum validation).

@AkihiroSuda Can you take a look? Looks like https://github.com/moby/buildkit/blob/v0.14.1/frontend/dockerfile/dockerfile2llb/convert.go#L1352-L1354 needs to do a Git URL check first.

@AkihiroSuda AkihiroSuda mentioned this pull request Jun 25, 2024
Merged
@AkihiroSuda
Copy link
Member

Yes, I didn't think about the Git case. You can't add checksum to Git even if it is HTTP git URL (you can set a commit sha that behaves like a checksum but that is part of the URL).

But changing that URL to https://github.com/docker/buildx.git doesn't print the error (but still doesn't do any checksum validation).

@AkihiroSuda Can you take a look? Looks like https://github.com/moby/buildkit/blob/v0.14.1/frontend/dockerfile/dockerfile2llb/convert.go#L1352-L1354 needs to do a Git URL check first.

@thompson-shaun thompson-shaun added this to the v0.15.0 milestone Jun 27, 2024
@thompson-shaun thompson-shaun assigned dvdksn and tonistiigi and unassigned dvdksn Jul 1, 2024
@tonistiigi tonistiigi merged commit fa867bc into moby:master Jul 1, 2024
76 checks passed
This was referenced Sep 18, 2024
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

Assignees

@tonistiigi tonistiigi

Labels
area/dockerfile kind/docs
Projects
None yet
Milestone
v0.15.0
Development

Successfully merging this pull request may close these issues.
4 participants
@dvdksn @tonistiigi @AkihiroSuda @thompson-shaun