Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE-17382] Fix for "podman build --secrets with environment variables does not work on MacOS" #24271

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[ISSUE-17382] Fix for "podman build --secrets with environment variables does not work on MacOS" #24271

wants to merge 2 commits into from

Conversation

apcro
Copy link

@apcro apcro commented Oct 15, 2024
edited
Loading

Fixes: #17382

A fix for [Issue 17382](https://github.com/containers/podman/issues/17382) 

This PR specifically treats a passed `env=` directive to `--secrets` as if it 
were passed inside a `src` file, and returns the same content when referenced 
during the container `build` process.

Testing using a shell

Create a Dockerfile with the following content

FROM python:3.9-slim-bullseye
RUN --mount=type=secret,id=mysecret echo "Secret is" && cat /run/secrets/mysecret

Create a secrets.txt file with the following content

filebasedsecret

Add an environment variable
TEST_VAR=envvarsecret

Once you have these files, run the following in your terminal:

Using an ENV var
path/to/podman build --secret id=mysecret,env=TEST_VAR --no-cache .

Expected output

STEP 1/2: FROM python:3.9-slim-bullseye
STEP 2/2: RUN --mount=type=secret,id=mysecret echo "Secret is" && cat /run/secrets/mysecret
Secret is
envvarsecret

Using the secrets file
path/to/podman build --secret id=mysecret,src=secrets.txt --no-cache .

Expected output:

STEP 1/2: FROM python:3.9-slim-bullseye
STEP 2/2: RUN --mount=type=secret,id=mysecret echo "Secret is" && cat /run/secrets/mysecret
Secret is
filebasedsecret

@openshift-ci openshift-ci bot added release-note do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Oct 15, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Oct 15, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: apcro
Once this PR has been reviewed and has the lgtm label, please assign ygalblum for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@packit-as-a-service Packit-as-a-Service
Copy link

Ephemeral COPR build failed. @containers/packit-build please check.

@apcro
Fixes: containers#17382
10d3381 
A proposed fix for [Issue 17382](containers#17382)
This PR specifically treats a passed `env=` directive to `--secrets` as if it were pass inside a `src` file, and returns the same content when referenced during the container `build` process.

Signed-off-by: Tom Gordon <[email protected]>
@apcro apcro force-pushed the issues/issue-17382-secrets-with-env-not-working branch from fe401cb to 10d3381 Compare October 15, 2024 12:07
@apcro apcro marked this pull request as ready for review October 16, 2024 09:29
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 16, 2024
@apcro apcro force-pushed the issues/issue-17382-secrets-with-env-not-working branch from df17b57 to 91baeb3 Compare October 16, 2024 12:34
@apcro
Copy link
Author

apcro commented Oct 16, 2024
edited
Loading

I don't believe there are any new tests needed, however I can't check as the provided testing tools are failing.

> make localintegration FOCUS_FILE=secret_test.go
Makefile:152: invalid `override' directive
[...]
# github.com/containers/podman/v5/test/checkseccomp
test/checkseccomp/checkseccomp.go:13:17: undefined: unix.Prctl
test/checkseccomp/checkseccomp.go:13:28: undefined: unix.PR_GET_SECCOMP
test/checkseccomp/checkseccomp.go:15:18: undefined: unix.Prctl
test/checkseccomp/checkseccomp.go:15:29: undefined: unix.PR_SET_SECCOMP
test/checkseccomp/checkseccomp.go:15:50: undefined: unix.SECCOMP_MODE_FILTER
make: *** [test/checkseccomp/checkseccomp] Error 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: podman build --secrets with environment variables does not work on MacOS
1 participant
@apcro