docker build silently fails to create layers if a Label is too long. #157
Description
- This is a bug report
- This is a feature request
- I searched existing issues before opening this one
Expected behavior
One of:
- Documentation that mentions the explicit max length for labels (65518 bytes) and exit non zero if a Label exceeds the max length
- Remove the arbitrary max length entirely.
Actual behavior
If a label in a dockerfile exceeds 65518 bytes in length, docker build will report having built successfully but will silently fail to handle the label or any further lines in the dockerfile.
This repros on both OSX and linux.
Note: If generating the image config json directly, without the use of docker build there is no length limit to a label (at least, I haven't found one).
Steps to reproduce the behavior
A dockerfile containing the following:
FROM docker-registry.REDACTED.com/jvm-deps:1e985c2bf99c3ed80af928bd6b71ae10ec9f4b69
RUN mkdir -p /data/app/noop-app/libs
COPY libs_list.txt /data/app/noop-app/libs_list.txt
LABEL test="label of length less than 65519 bytes"
COPY noop_libs.txt /data/app/noop-app/noop_libs.txt
If the length of the label is 65518 bytes or less, the output of docker build reads:
Step 1/5 : FROM docker-registry.REDACTED.com/jvm-deps:1e985c2bf99c3ed80af928bd6b71ae10ec9f4b69
---> ffd557d5a452
Step 2/5 : RUN mkdir -p /data/app/noop-app/libs
---> Using cache
---> 72cbbaa69bee
Step 3/5 : COPY libs_list.txt /data/app/noop-app/libs_list.txt
---> Using cache
---> 5ac7fae0cf0a
Step 4/5 : LABEL test "label of length less than 65519 bytes"
---> Using cache
---> 48e4b9a8edb1
Step 5/5 : COPY noop_libs.txt /data/app/noop-app/noop_libs.txt
---> 0f58eb87fb61
Removing intermediate container 035415978ba8
Successfully built 0f58eb87fb61
If we replace the label in the above dockerfile with a string 65519 bytes or longer (I used "a" * 65519) the output of docker build reads:
Step 1/5 : FROM docker-registry.REDACTED.com/jvm-deps:1e985c2bf99c3ed80af928bd6b71ae10ec9f4b69
---> ffd557d5a452
Step 2/3 : RUN mkdir -p /data/app/noop-app/libs
---> Using cache
---> 72cbbaa69bee
Step 3/3 : COPY libs_list.txt /data/app/noop-app/libs_list.txt
---> Using cache
---> 5ac7fae0cf0a
Successfully built 5ac7fae0cf0a
I suspect this issue lives somewhere in the line parser of the dockerfile. It is concerning to me that my CI is "successfully" building docker images that may be missing half their expected content.
It seems plausible that whatever parsing issue is happening on labels may also be affecting other commands, though I haven't tested that.
Output of docker version:
Client:
Version: 1.13.0
API version: 1.25
Go version: go1.7.3
Git commit: 49bf474
Built: Tue Jan 17 09:55:28 2017
OS/Arch: linux/amd64
Server:
Version: 1.13.0
API version: 1.25 (minimum version 1.12)
Go version: go1.7.3
Git commit: 49bf474
Built: Tue Jan 17 09:55:28 2017
OS/Arch: linux/amd64
Experimental: false
Output of docker info:
Containers: 106
Running: 7
Paused: 0
Stopped: 99
Images: 413
Server Version: 1.13.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 03e5862ec0d8d3b3f750e19fca3ee367e13c090e
runc version: 2f7393a47307a16f8cee44a37b262e8b81021e3e
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.4.28-1.el7.elrepo.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 60 GiB
Name: ezeq5.prod.foursquare.com
ID: 3SIC:LM5N:GYE3:HZPF:4WH5:ZCSR:Z4QE:LNTD:A4BV:RSUL:2EPR:P7OU
Docker Root Dir: /export/hdc3/appdata/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Additional environment details (AWS, VirtualBox, physical, etc.)
The above data is from an EC2 machine.
Below is data from a macbook pro:
Output of docker version:
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:40:09 2017
OS/Arch: darwin/amd64
Server:
Version: 17.09.0-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:45:38 2017
OS/Arch: linux/amd64
Experimental: true
Output of docker info:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 49
Server Version: 17.09.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.49-moby
Operating System: Alpine Linux v3.5
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.786GiB
Name: moby
ID: J4YC:IQYD:VDMK:O3MT:Y2SB:FWUB:3VYF:OAPM:QV5W:RI3X:RT5X:OJYV
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 18
Goroutines: 30
System Time: 2017-11-07T21:27:24.035724021Z
EventsListeners: 1
No Proxy: *.local, 169.254/16
Registry: https://index.docker.io/v1/
Experimental: true
Insecure Registries:
docker-registry.prod.foursquare.com
127.0.0.0/8
Live Restore Enabled: false