Skip to content

UID of besu changed from 1000 to 1001 in 23.10.3 Docker image #6358

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#6360
Closed
UID of besu changed from 1000 to 1001 in 23.10.3 Docker image#6358
#6360
Labels
P4Low (ex: Node doesn't start up when the configuration file has unexpected "end-of-line" character)dev experienceThe build system, things that enable easier development etc.dockermainnet
@h4l

Description

@h4l
h4l
opened on Jan 6, 2024

Description

As an operator running Besu's official container image, I want the container's besu user UID to remain the same so that it can read & write persistent files after updating to a new container image.

Acceptance Criteria

  • Container image's besu user UID should remain the same in every version

Steps to Reproduce (Bug)

  1. Run id in current and past versions of Besu's container to see the UID of the besu user:
$ docker container run --rm --entrypoint id hyperledger/besu:23.10.2-openjdk-latest
uid=1000(besu) gid=1000(besu) groups=1000(besu)

$ docker container run --rm --entrypoint id hyperledger/besu:23.10.3-openjdk-latest
uid=1001(besu) gid=1001(besu) groups=1001(besu),100(users)

See that besu used to use UID 1000, but in 23.10.3 it uses 1001.

Expected behavior: The besu user should have UID 1000 in 23.10.3

Actual behavior: The besu user actually has UID 1001

Frequency: 100%

Logs (if a bug)

With its data files from a past version owned by uid 1000, the 23.10.3 container will fail to start with non-obvious error message:

2024-01-06 17:32:38.521+00:00 | main | INFO  | Besu | Security Module: localfile
2024-01-06 17:32:38.549+00:00 | main | INFO  | Besu | Using the native implementation of alt bn128
2024-01-06 17:32:38.573+00:00 | main | INFO  | Besu | Using the native implementation of modexp
2024-01-06 17:32:38.574+00:00 | main | INFO  | Besu | Using the native implementation of the signature algorithm
2024-01-06 17:32:38.577+00:00 | main | INFO  | Besu | Using the native implementation of the blake2bf algorithm
2024-01-06 17:32:38.663+00:00 | main | INFO  | Besu | 0 Bootnodes configured
2024-01-06 17:32:38.753+00:00 | main | INFO  | KeyPairUtil | Attempting to load public key from /var/lib/besu/data/key
2024-01-06 17:32:38.753+00:00 | main | ERROR | Besu | Failed to start Besu
picocli.CommandLine$ExecutionException: Supplied file does not contain valid keyPair pair.
        at org.hyperledger.besu.cli.BesuCommand.buildController(BesuCommand.java:2167)
        at org.hyperledger.besu.cli.BesuCommand.initController(BesuCommand.java:2153)
        at org.hyperledger.besu.cli.BesuCommand.run(BesuCommand.java:1463)
        at picocli.CommandLine.executeUserObject(CommandLine.java:2026)
        at picocli.CommandLine.access$1500(CommandLine.java:148)
        at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2461)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2453)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2415)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2273)
        at picocli.CommandLine$RunLast.execute(CommandLine.java:2417)
        at picocli.CommandLine.execute(CommandLine.java:2170)
        at org.hyperledger.besu.cli.util.ConfigOptionSearchAndRunHandler.handle(ConfigOptionSearchAndRunHandler.java:62)
        at org.hyperledger.besu.cli.util.ConfigOptionSearchAndRunHandler.handle(ConfigOptionSearchAndRunHandler.java:33)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2273)
        at picocli.CommandLine$RunLast.execute(CommandLine.java:2417)
        at picocli.CommandLine.execute(CommandLine.java:2170)
        at org.hyperledger.besu.cli.BesuCommand.parse(BesuCommand.java:1628)
        at org.hyperledger.besu.cli.BesuCommand.parse(BesuCommand.java:1423)
        at org.hyperledger.besu.Besu.main(Besu.java:39)
Caused by: java.lang.IllegalArgumentException: Supplied file does not contain valid keyPair pair.
        at org.hyperledger.besu.crypto.KeyPairUtil.loadPrivateKey(KeyPairUtil.java:163)
        at org.hyperledger.besu.crypto.KeyPairUtil.load(KeyPairUtil.java:146)
        at org.hyperledger.besu.crypto.KeyPairUtil.loadKeyPair(KeyPairUtil.java:88)
        at org.hyperledger.besu.cli.BesuCommand.loadKeyPair(BesuCommand.java:1608)
        at org.hyperledger.besu.cli.BesuCommand.defaultSecurityModule(BesuCommand.java:1596)
        at com.google.common.base.Suppliers$NonSerializableMemoizingSupplier.get(Suppliers.java:183)
        at org.hyperledger.besu.cli.BesuCommand.securityModule(BesuCommand.java:3179)
        at org.hyperledger.besu.cli.BesuCommand.getControllerBuilder(BesuCommand.java:2189)
        at org.hyperledger.besu.cli.BesuCommand.buildController(BesuCommand.java:2165)
        ... 18 more
Supplied file does not contain valid keyPair pair.
To display full help:
besu [COMMAND] --help

Versions (Add all that apply)

  • Besu 23.10.3

Additional Information (Add any of the following or anything else that may be relevant)

Changing file ownership fixes this, but ideally the container user UID should not change between versions, because it means updates require manual intervention to change file permissions.

Edit: I updated this to follow the template, was in a bit of a rush when reporting this yesterday, sorry!

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    P4Low (ex: Node doesn't start up when the configuration file has unexpected "end-of-line" character)dev experienceThe build system, things that enable easier development etc.dockermainnet

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions