1

I try to install php in docker of w2orking project with header in Dockerfile :

FROM composer:1 AS composer
FROM php:7.4-fpm-alpine
COPY --from=composer /usr/bin/composer /usr/bin/composer
ENV PHPIZE_DEPS \
build-base \
...

I got errors:

checking if cc PIC flag -fPIC works... yes
checking if cc static flag -static works... yes
checking if cc supports -c -o file.o... yes
checking whether the cc linker (/usr/x86_64-alpine-linux-musl/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no

creating libtool
appending configuration tag "CXX" to libtool
configure: patching config.h.in
configure: creating ./config.status
config.status: creating config.h
running: make
/bin/sh /tmp/pear/temp/pear-build-defaultuserOFhDoe/imagick-3.4.3/libtool --mode=compile cc -I/usr/include/ImageMagick-7 -DMAGICKCORE_HDRI_ENABLE=1 -DMAGICKCORE_QUANTUM_DEPTH=16  -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-defaultuserOFhDoe/imagick-3.4.3/include -I/tmp/pear/temp/pear-build-defaultuserOFhDoe/imagick-3.4.3/main -I/tmp/pear/temp/imagick -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -I/usr/include/ImageMagick-7  -DHAVE_CONFIG_H  -g -O2   -c /tmp/pear/temp/imagick/imagick_file.c -o imagick_file.lo
make: /bin/sh: Operation not permitted
make: *** [Makefile:192: imagick_file.lo] Error 127
ERROR: `make' failed
ERROR: Service 'backapp' failed to build: The command '/bin/sh -c set -xe   && apk add --no-cache ${PERMANENT_DEPS}   && apk add --no-cache --virtual .build-deps ${PHPIZE_DEPS}   && apk add --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/community gnu-libiconv   && pecl install imagick-3.4.3   && docker-php-ext-enable imagick   && docker-php-ext-configure pdo_mysql   && docker-php-ext-configure bcmath --enable-bcmath   && docker-php-ext-configure pcntl --enable-pcntl   && docker-php-ext-configure intl --enable-intl   && docker-php-ext-configure sysvmsg   && docker-php-ext-configure sysvsem   && docker-php-ext-configure sysvshm   && docker-php-ext-install -j$(nproc)     pdo_mysql     sockets     gettext     bcmath     pcntl     intl     sysvmsg     sysvsem     sysvshm   && apk del .build-deps' returned a non-zero code: 1

Searching in net for decision I check cc/gcc in my system :

ProjectName$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/9/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:hsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 9.3.0-17ubuntu1~20.04' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,gm2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-9 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/gcc-9-HskZEa/gcc-9-9.3.0/debian/tmp-nvptx/usr,hsa --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)
ProjectName$ cc -v
Using built-in specs.
COLLECT_GCC=cc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/9/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:hsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 9.3.0-17ubuntu1~20.04' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,gm2 --prefix=/usr --with-gcc-major-version-only --program-suffix=-9 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none=/build/gcc-9-HskZEa/gcc-9-9.3.0/debian/tmp-nvptx/usr,hsa --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix

ProjectName$ uname -a
Linux master-laptop 5.11.0-37-generic #41~20.04.2-Ubuntu SMP Fri Sep 24 09:06:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
ProjectName$ composer -v
______
Composer version 2.1.8 2021-09-15 13:55:14

Also I installed build-essential, but checking its info I found error in its output. Could it be the issue, but how to fix bit ?

$ apt show build-essential — info -a
Package: build-essential
Version: 12.8ubuntu1.1
Priority: optional
Build-Essential: yes
Section: devel
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Matthias Klose <doko@debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 21,5 kB
Depends: libc6-dev | libc-dev, gcc (>= 4:9.2), g++ (>= 4:9.2), make, dpkg-dev (>= 1.17.11)
Task: ubuntu-mate-core, ubuntu-mate-desktop
Download-Size: 4 664 B
APT-Manual-Installed: yes
APT-Sources: http://ua.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
Description: Informational list of build-essential packages
 If you do not plan to build Debian packages, you don't need this
 package.  Starting with dpkg (>= 1.14.18) this package is required
 for building Debian packages.
 .
 This package contains an informational list of packages which are
 considered essential for building Debian packages.  This package also
 depends on the packages on that list, to make it easy to have the
 build-essential packages installed.
 .
 If you have this package installed, you only need to install whatever
 a package specifies as its build-time dependencies to build the
 package.  Conversely, if you are determining what your package needs
 to build-depend on, you can always leave out the packages this
 package depends on.
 .
 This package is NOT the definition of what packages are
 build-essential; the real definition is in the Debian Policy Manual.
 This package contains merely an informational list, which is all
 most people need.   However, if this package and the manual disagree,
 the manual is correct.

Package: build-essential
Version: 12.8ubuntu1
Priority: optional
Build-Essential: yes
Section: devel
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Matthias Klose <doko@debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 20,5 kB
Depends: libc6-dev | libc-dev, gcc (>= 4:9.2), g++ (>= 4:9.2), make, dpkg-dev (>= 1.17.11)
Task: ubuntu-mate-core, ubuntu-mate-desktop
Download-Size: 4 624 B
APT-Sources: http://ua.archive.ubuntu.com/ubuntu focal/main amd64 Packages
Description: Informational list of build-essential packages
 If you do not plan to build Debian packages, you don't need this
 package.  Starting with dpkg (>= 1.14.18) this package is required
 for building Debian packages.
 .
 This package contains an informational list of packages which are
 considered essential for building Debian packages.  This package also
 depends on the packages on that list, to make it easy to have the
 build-essential packages installed.
 .
 If you have this package installed, you only need to install whatever
 a package specifies as its build-time dependencies to build the
 package.  Conversely, if you are determining what your package needs
 to build-depend on, you can always leave out the packages this
 package depends on.
 .
 This package is NOT the definition of what packages are
 build-essential; the real definition is in the Debian Policy Manual.
 This package contains merely an informational list, which is all
 most people need.   However, if this package and the manual disagree,
 the manual is correct.

Package: info
Version: 6.7.0.dfsg.2-5
Priority: standard
Section: doc
Source: texinfo
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian TeX maintainers <debian-tex-maint@lists.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 831 kB
Provides: info-browser
Depends: libc6 (>= 2.15), libtinfo6 (>= 6), install-info
Breaks: texinfo-doc-nonfree
Replaces: texinfo (<< 4.7-2), texinfo-doc-nonfree
Homepage: https://www.gnu.org/software/texinfo/
Task: standard
Download-Size: 203 kB
APT-Manual-Installed: no
APT-Sources: http://ua.archive.ubuntu.com/ubuntu focal/main amd64 Packages
Description: Standalone GNU Info documentation browser
 The Info file format is an easily-parsable representation for online
 documents. This program allows you to view Info documents, like the
 ones stored in /usr/share/info.
 .
 Much of the software in Debian comes with its online documentation in
 the form of Info files, so it is most likely you will want to install it.

N: Unable to locate package —

How to fix this error ?

Modified BLOCK # 1: Searching in net I found hints that reason of this error can be that some apps are not in $PATH So I added line with build-essential path :

export PATH="/usr/share/build-essential:$PATH"

in file /home/master/.bashrc and run update command :

source ~/.bashrc

After that I check that all related apops in PATH :

master@master-laptop:ProjectName$ $PATH
bash: /usr/share/build-essential:/home/master/.composer/vendor/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin: No such file or directory
master@master-laptop:ProjectName$ whereis gcc
gcc: /usr/bin/gcc /usr/lib/gcc /usr/share/gcc /usr/share/man/man1/gcc.1.gz
master@master-laptop:ProjectName$ whereis cc
cc: /usr/bin/cc /usr/share/man/man1/cc.1.gz
master@master-laptop:ProjectName$ whereis build-essential
build-essential: /usr/share/build-essential

But anyway I got the same error :

...
make: /bin/sh: Operation not permitted
make: *** [Makefile:192: imagick_file.lo] Error 127

Thanks!

mstdmstd
  • 2,195
  • 17
  • 63
  • 140
  • Please, look at additive info in Modified BLOCK # 1 – mstdmstd Oct 16 '21 at 15:17
  • 2
    With respect to tracking down the specific operation that wasn't permitted, `strace` is your friend. Once you know the syscall that failed, you're in a better place to figure out _why_ -- it could be a missing `+x` bit on the executable itself, missing read permissions on a library it needs to link, a parent process that isn't allowed to spawn children at all... etc, etc; figure out the exact point of failure by using `strace -f` to log the individual syscalls and then you can work backwards to determine the "why". – Charles Duffy Oct 16 '21 at 15:20
  • I tryed and got : $ strace -f strace: must have PROG [ARGS] or -p PID What have I to do next ? – mstdmstd Oct 16 '21 at 16:12
  • `strace -f yourprogram`, where `yourprogram` is the thing whose execution you're trying to trace. If this is happening in a container, you'll want `strace` to be installed inside that container and run from within it. – Charles Duffy Oct 16 '21 at 16:35
  • (btw, I mention `strace` because it's installed everywhere and has been around for ages, but the performance hit from using it is really severe; if you want a similar tool that's designed for efficiency and can monitor things happening in containers from outside of them, you might look at [sysdig](https://github.com/draios/sysdig) instead). – Charles Duffy Oct 16 '21 at 16:37
  • I tried to run strace -f docker-compose and got endless rows of code which is far away from my understanding... The same with commands with strace -f gcc / strace -f cc – mstdmstd Oct 17 '21 at 08:01
  • The "code" is syscall parameters. You don't need to understand every single one of them; just find the last one with a permission failure before it tries to print the error at the end. (If it starts trying to find translation table entries to print the error message after the error occurs, obviously, any errors during that process don't matter she should be skipped) – Charles Duffy Oct 17 '21 at 11:13
  • That said, as I told you earlier, you should run `strace` _inside_ docker so you aren't trying to trace docker itself, as it does with the command you're running now. Right now there's a good chance you're only tracing communications with the docker daemon and not seeing anything that happens inside the container. – Charles Duffy Oct 17 '21 at 11:15
  • Anyhow -- if you're going to be working on UNIX, understanding the syscall layer is something you'll need to learn eventually. What better time than now? – Charles Duffy Oct 17 '21 at 11:18
  • How can I run strace inside docker if docker composer failed at the beginning of build command ? – mstdmstd Oct 17 '21 at 11:30
  • That command is inside a Dockerfile. You can modify that Dockerfile. Or you can modify the makefile it runs, to target things even more narrowly. – Charles Duffy Oct 17 '21 at 14:36
  • 1
    This issue on GitHub may provide some info: https://github.com/docker-library/php/issues/105 – Pierre B. Oct 21 '21 at 07:26

2 Answers2

0

It's difficult to provide an accurate answer without the whole Dockerfile, but I will try to point your problem.

Well, first of all you're using a multi-staged build, but you're not taking advantage from it. The whole point about the composer image isn't just the Composer PHAR, but that image already contains all the dependencies require to build your PHP dependencies.

Meanwhile you have something like this:

FROM composer:1 as composer
FROM php:7.4-fpm-alpine
ENV ...

[BUILD_PROCESS]
[EXTRA_PROCESS]

You should have something like this:

FROM composer:1 as vendor

WORKDIR /app

COPY database/ database/
COPY composer.json composer.json
COPY composer.lock composer.lock

[BUILD_PROCESS]

FROM php:7.4-fpm-alpine

WORKDIR /app
COPY --from=vendor /app/vendor/ ./vendor/
COPY . .

[EXTRA_PROCESS]

Basically: delegate the build of the dependencies to the Composer image and use your lightweight PHP Alpine just for the application.

Daniel Campos Olivares
  • 2,262
  • 1
  • 10
  • 17
0

Using multiple FROM clauses creates multiple images

I agree with @Daniel Campos however I will suggest looking at the resultant images. You should file multiple.

Have a look at this thread which explains some more details. Multiple FROMs - what it means

DeepakP
  • 30
  • 3