Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

preBuild hook required in base-image #517

Open
ed-randall-blk opened this issue Mar 8, 2024 · 2 comments
Open

preBuild hook required in base-image #517

ed-randall-blk opened this issue Mar 8, 2024 · 2 comments

Comments

@ed-randall-blk
Copy link

ed-randall-blk commented Mar 8, 2024

Is your feature request related to a problem? Please describe.
pangeo/base-image Dockerfile contains a number of ONBUILD instructions to help the developer with standard installs of additional packages etc.
Unfortunately, none of these work in certain corporate environments where an SSL inspection proxy is used. We see errors from the ONBUILD steps like:

    RuntimeError: Download error (60) SSL peer certificate or SSH remote key was not OK [https://conda.anaconda.org/conda-forge/noarch/repodata.json]
    SSL certificate problem: self-signed certificate in certificate chain

Describe the solution you'd like
A preBuild step similar to the existing postBuild would be provide a useful point where we could configure the additional certs, proxy environment config, and anything else required before apt-get package installation can succeed.

Describe alternatives you've considered
As a workaround we have to forego the convenience of the provided ONBUILD steps and repeat the same logic in our own Dockerfile which builds FROM pangeo/base-image. We've considered forking pangeo/base-image into our own repo to make these changes possible.

Additional context
Possible code for the preBuild hook (untested):
(Insert at line 117 of https://github.com/pangeo-data/pangeo-docker-images/blob/master/base-image/Dockerfile between existing ONBUILD Checking for binder and Checking for apt.txt )

# If a preBuild file exists, run it
ONBUILD RUN echo "Checking for 'preBuild'..." \
        ; [ -d binder ] && cd binder \
        ; [ -d .binder ] && cd .binder \
        ; if test -f "preBuild" ; then \
        chmod +x preBuild \
        && ./preBuild \
        ; fi
@scottyhq
Copy link
Member

scottyhq commented Apr 2, 2024

pangeo/base-image Dockerfile contains a number of ONBUILD instructions to help the developer with standard installs of additional packages etc. Unfortunately, none of these work in certain corporate environments where an SSL inspection proxy is used.

We've never had a problem with this on JupyterHubs deployed by this project or by 2i2c. So I'm afraid it won't be a priority to add workarounds here, but pinging @consideRatio for awareness.

A preBuild step similar to the existing postBuild would be provide a useful point where we could configure the additional certs, proxy environment config, and anything else required before apt-get package installation can succeed.

Interesting idea, thanks for sharing. We have generally tried to stick to the standard repo2docker definition files https://repo2docker.readthedocs.io/en/latest/config_files.html. But of course one nice aspect of using the pangeo base-image instead of repo2docker's approach of dynamic docker image creation is that you can fork this repository and do all the ONBUILD or other docker command customizations you need!

@ed-randall-blk
Copy link
Author

ed-randall-blk commented Apr 3, 2024

Thankyou for the repo2docker info. It seems that they've never had an issue either, presumably because the standards authors have no experience of dealing with corporate firewalls either. Which is why I raised the issue. I'll go over there and raise the same about a preBuild hook.

The first ONBUILD step which handles apt.txt can never work because there's no way for me to pre-set the proxy env needed. Of course we can fork but that's always the solution of last resort.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants