-
Notifications
You must be signed in to change notification settings - Fork 734
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gaia's container has permissions issues with itself #843
Comments
Thanks for this @faddat The docker image is not intended for use. It isn't part of any build or testing approach, so it's 'deprecated' in its current form. The documentation doesn't yet reflect this. Though I think this would an important feature to manage eventually, it'd be good to understand what purpose(s) this image is intended to serve. To me, an ideal use of the image would be to serve gaia's different modes and integrate it with good security practices in a modular way. If you think we should remove the docker image for the time being, I'll accept that approach, but always open to suggestions. |
We should probably nuke the container if it isn't meant to be used. Here's one that is: FROM golang:1.16-alpine AS build-env
# Set up dependencies
ENV PACKAGES curl make git libc-dev bash gcc linux-headers eudev-dev python3 wget
# Set working directory for the build
WORKDIR /go/src/github.com/cosmos/gaia
# Add source files
COPY . .
RUN go version
# Install minimum necessary dependencies, build Cosmos SDK, remove packages
RUN apk add --no-cache $PACKAGES && \
make install
WORKDIR /
RUN wget https://github.com/cosmos/mainnet/raw/master/genesis.cosmoshub-4.json.gz && \
gzip -d genesis.cosmoshub-4.json.gz
# Final image
FROM alpine:edge
# Install ca-certificates
RUN apk add --update ca-certificates
# Copy over binaries from the build-env
COPY --from=build-env /go/bin/gaiad /usr/bin/gaiad
COPY --from=build-env /genesis.cosmoshub-4.json /root/.gaia/config/genesis.json.tmp
# Run gaiad by default, omit entrypoint to ease using container with gaiacli
CMD gaiad init instagaia$RANDOM && cp /root/.gaia/config/genesis.json.tmp /root/.gaia/config/genesis.json && gaiad start --p2p.seeds bf8328b66dceb4987e5cd94430af66045e59899f@public-seed.cosmos.vitwit.com:26656,cfd785a4224c7940e9a10f6c1ab24c343e923bec@164.68.107.188:26656,d72b3011ed46d783e369fdf8ae2055b99a1e5074@173.249.50.25:26656,ba3bacc714817218562f743178228f23678b2873@public-seed-node.cosmoshub.certus.one:26656,3c7cad4154967a294b3ba1cc752e40e8779640ad@84.201.128.115:26656,366ac852255c3ac8de17e11ae9ec814b8c68bddb@51.15.94.196:26656 --x-crisis-skip-assert-invariants One-liner gaia for mac, windows and linux :) PS: Yes, it is not highly efficient, but it saves N minutes times N engineers. |
btw the above is meant for |
This is because "gaia" group has no permission to write, you can delete the following line from original Dockerfile.
|
Multi-network testnet environments. The golang relayer's integration tests rely on the existence of a gaia image and there is active development on hermes using docker images to spin up a mesh network, see related pr I imagine some validators may use docker for their setup (if they are validating multiple chains on the same machine), but this is a less convincing argument for me |
I just updated the image and I'll PR it into contrib/ Additionally, it can appear front and center on readme.md as an instant way to set up a gaia node to have one to develop against locally. |
Summary of Bug
It is complaining about permissions inside the container because the user gaia doesn't have the privelige to read there.
This can be reproduced following the steps in the Dockerfile.
Version
4.2.1
Steps to Reproduce
docker run -it -p 46657:46657 -p 46656:46656 -v ~/.gaia:/gaia/.gaia tendermint/gaia gaiad init
For Admin Use
The text was updated successfully, but these errors were encountered: