AWS CodeBuild Project Failed - Missing Signature Key caused Docker Image failing to build and push?

0

I was in the process of creating and testing a CI/CD Pipeline in regards to the AWS Modern Application Workshop (https://github.com/aws-samples/aws-modern-application-workshop/tree/python/module-2), and upon attempting to test out a run for building the pipeline, I found that the process failed in the "Build" stage, wherein it generated a couple of errors, according to the build log generated by the run:

[Container] 2024/07/13 21:19:43.913007 Running on CodeBuild On-demand
[Container] 2024/07/13 21:19:43.913065 Waiting for agent ping
[Container] 2024/07/13 21:19:44.014072 Waiting for DOWNLOAD_SOURCE
[Container] 2024/07/13 21:19:44.178257 Phase is DOWNLOAD_SOURCE
[Container] 2024/07/13 21:19:44.179148 CODEBUILD_SRC_DIR=/codebuild/output/src511637147/src
[Container] 2024/07/13 21:19:44.179646 YAML location is /codebuild/output/src511637147/src/buildspec.yml
[Container] 2024/07/13 21:19:44.181354 Setting HTTP client timeout to higher timeout for S3 source
[Container] 2024/07/13 21:19:44.181514 Processing environment variables
[Container] 2024/07/13 21:19:44.202048 Moving to directory /codebuild/output/src511637147/src
[Container] 2024/07/13 21:19:44.203503 Unable to initialize cache download: no paths specified to be cached
[Container] 2024/07/13 21:19:44.203761 Registering with agent
[Container] 2024/07/13 21:19:44.236885 Phases found in YAML: 3
[Container] 2024/07/13 21:19:44.236901  PRE_BUILD: 2 commands
[Container] 2024/07/13 21:19:44.236904  BUILD: 4 commands
[Container] 2024/07/13 21:19:44.236907  POST_BUILD: 5 commands
[Container] 2024/07/13 21:19:44.237219 Phase complete: DOWNLOAD_SOURCE State: SUCCEEDED
[Container] 2024/07/13 21:19:44.237275 Phase context status code:  Message: 
[Container] 2024/07/13 21:19:44.310046 Entering phase INSTALL
[Container] 2024/07/13 21:19:44.311756 Phase complete: INSTALL State: SUCCEEDED
[Container] 2024/07/13 21:19:44.311772 Phase context status code:  Message: 
[Container] 2024/07/13 21:19:44.342989 Entering phase PRE_BUILD
[Container] 2024/07/13 21:19:44.343530 Running command echo Logging in to Amazon ECR...
Logging in to Amazon ECR...

[Container] 2024/07/13 21:19:44.347705 Running command $(aws ecr get-login --no-include-email --region $AWS_DEFAULT_REGION)
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded

[Container] 2024/07/13 21:19:45.515194 Phase complete: PRE_BUILD State: SUCCEEDED
[Container] 2024/07/13 21:19:45.515215 Phase context status code:  Message: 
[Container] 2024/07/13 21:19:45.548244 Entering phase BUILD
[Container] 2024/07/13 21:19:45.548782 Running command echo Build started on `date`
Build started on Sat Jul 13 21:19:45 UTC 2024

[Container] 2024/07/13 21:19:45.554232 Running command echo Building the Docker image...
Building the Docker image...

[Container] 2024/07/13 21:19:45.558126 Running command docker build -t mythicalmysfits/service:latest .
Sending build context to Docker daemon  14.85kB

Step 1/21 : FROM ubuntu:latest
missing signature key

[Container] 2024/07/13 21:19:46.457131 Command did not exit successfully docker build -t mythicalmysfits/service:latest . exit status 1
[Container] 2024/07/13 21:19:46.460454 Phase complete: BUILD State: FAILED
**[Container] 2024/07/13 21:19:46.460472 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: docker build -t mythicalmysfits/service:latest .. Reason: exit status 1**
[Container] 2024/07/13 21:19:46.495046 Entering phase POST_BUILD
[Container] 2024/07/13 21:19:46.495544 Running command echo Build completed on `date`
Build completed on Sat Jul 13 21:19:46 UTC 2024

[Container] 2024/07/13 21:19:46.500481 Running command echo Pushing the Docker image..
Pushing the Docker image..

[Container] 2024/07/13 21:19:46.504322 Running command docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/mythicalmysfits/service:latest
The push refers to a repository [AWS_ACCOUNT_ID.dkr.ecr.AWS_DEFAULT_REGION.amazonaws.com/mythicalmysfits/service]
An image does not exist locally with the tag: AWS_ACCOUNT_ID.dkr.ecr.AWS_DEFAULT_REGION.amazonaws.com/mythicalmysfits/service

[Container] 2024/07/13 21:19:46.518479 Command did not exit successfully docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/mythicalmysfits/service:latest exit status 1
[Container] 2024/07/13 21:19:46.521398 Phase complete: POST_BUILD State: FAILED
**[Container] 2024/07/13 21:19:46.521414 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/mythicalmysfits/service:latest. Reason: exit status 1**
[Container] 2024/07/13 21:19:46.599236 Expanding base directory path: .
[Container] 2024/07/13 21:19:46.600741 Assembling file list
[Container] 2024/07/13 21:19:46.600752 Expanding .
[Container] 2024/07/13 21:19:46.602266 Expanding file paths for base directory .
[Container] 2024/07/13 21:19:46.602276 Assembling file list
[Container] 2024/07/13 21:19:46.602279 Expanding imagedefinitions.json
[Container] 2024/07/13 21:19:46.603799 Skipping invalid file path imagedefinitions.json
[Container] 2024/07/13 21:19:46.604053 Phase complete: UPLOAD_ARTIFACTS State: FAILED
[Container] 2024/07/13 21:19:46.604064 Phase context status code: CLIENT_ERROR Message: no matching artifact paths found

I was trying to troubleshoot the particular issue that resulted in these errors coming up, to which I backtracked to the Dockerfile used to build the docker image, in which I applied a couple of changes to make the file successfully build the docker image:

FROM ubuntu:latest 
RUN echo Updating existing packages, installing and upgrading python and pip.
RUN apt update
RUN apt-get update -y
RUN apt-get upgrade -y
RUN apt-get install -y python3-pip python3-dev python3-venv python3-virtualenv build-essential
RUN apt install pipx wget -y
RUN pipx ensurepath
RUN pipx install pip 
RUN pipx upgrade-all
RUN apt install python3
RUN python3 -m venv ./venv
RUN . ./venv/bin/activate
RUN echo Copying the Mythical Mysfits Flask service into a service directory.
COPY ./service /MythicalMysfitsService
WORKDIR /MythicalMysfitsService
RUN echo Installing Python packages listed in requirements.txt
RUN pip3 install -r requirements.txt --break-system-packages
RUN echo Starting python and starting the Flask service...
ENTRYPOINT ["python3"]
CMD ["mythicalMysfitsService.py"]

ec2-user:~/environment/MythicalMysfitsService-Repository (master) $ docker build . -t my-account-id.dkr.ecr.us-west-2.amazonaws.com/mythicalmysfits/service:latest
[+] Building 0.7s (24/24) FINISHED                                                                                                                                                                                           docker:default
 => [internal] load build definition from Dockerfile                                                                                                                                                                                   0.0s
 => => transferring dockerfile: 908B                                                                                                                                                                                                   0.0s
 => [internal] load metadata for docker.io/library/ubuntu:latest                                                                                                                                                                       0.5s
 => [internal] load .dockerignore                                                                                                                                                                                                      0.0s
 => => transferring context: 2B                                                                                                                                                                                                        0.0s
 => [ 1/19] FROM docker.io/library/ubuntu:latest@sha256:2e863c44b718727c860746568e1d54afd13b2fa71b160f5cd9058fc436217b30                                                                                                               0.0s
 => [internal] load build context                                                                                                                                                                                                      0.0s
 => => transferring context: 7.00kB                                                                                                                                                                                                    0.0s
 => CACHED [ 2/19] RUN echo Updating existing packages, installing and upgrading python and pip.                                                                                                                                       0.0s
 => CACHED [ 3/19] RUN apt update                                                                                                                                                                                                      0.0s
 => CACHED [ 4/19] RUN apt-get update -y                                                                                                                                                                                               0.0s
 => CACHED [ 5/19] RUN apt-get upgrade -y                                                                                                                                                                                              0.0s
 => CACHED [ 6/19] RUN apt-get install -y python3-pip python3-dev python3-venv python3-virtualenv build-essential                                                                                                                      0.0s
 => CACHED [ 7/19] RUN apt install pipx wget -y                                                                                                                                                                                        0.0s
 => CACHED [ 8/19] RUN pipx ensurepath                                                                                                                                                                                                 0.0s
 => CACHED [ 9/19] RUN pipx install pip                                                                                                                                                                                                0.0s
 => CACHED [10/19] RUN pipx upgrade-all                                                                                                                                                                                                0.0s
 => CACHED [11/19] RUN apt install python3                                                                                                                                                                                             0.0s
 => CACHED [12/19] RUN python3 -m venv ./venv                                                                                                                                                                                          0.0s
 => CACHED [13/19] RUN . ./venv/bin/activate                                                                                                                                                                                           0.0s
 => CACHED [14/19] RUN echo Copying the Mythical Mysfits Flask service into a service directory.                                                                                                                                       0.0s
 => CACHED [15/19] COPY ./service /MythicalMysfitsService                                                                                                                                                                              0.0s
 => CACHED [16/19] WORKDIR /MythicalMysfitsService                                                                                                                                                                                     0.0s
 => CACHED [17/19] RUN echo Installing Python packages listed in requirements.txt                                                                                                                                                      0.0s
 => CACHED [18/19] RUN pip3 install -r requirements.txt --break-system-packages                                                                                                                                                        0.0s
 => CACHED [19/19] RUN echo Starting python and starting the Flask service...                                                                                                                                                          0.0s
 => exporting to image                                                                                                                                                                                                                 0.0s
 => => exporting layers                                                                                                                                                                                                                0.0s
 => => writing image sha256:b17179ee90f7bed286069b9e9c0a159096eff296f78eb76947c4618818b806e6                                                                                                                                           0.0s
 => => naming to AWS_ACCOUNT_ID.dkr.ecr.AWS_DEFAULT_REGION.amazonaws.com/mythicalmysfits/service:latest                                                                                                                                           0.0s

The Dockerfile itself was originally in this base configuration, where it encountered an error regarding an external managed environment being used:


FROM ubuntu:latest
RUN echo Updating existing packages, installing and upgrading python and pip.
RUN apt-get update -y
RUN apt-get install -y python3-pip python3-dev build-essential
RUN pip3 install --upgrade pip    <----- this created the error regarding an external environment being used
RUN echo Copying the Mythical Mysfits Flask service into a service directory.
COPY ./service /MythicalMysfitsService
WORKDIR /MythicalMysfitsService
RUN echo Installing Python packages listed in requirements.txt
RUN pip3 install -r ./requirements.txt
RUN echo Starting python and starting the Flask service...
ENTRYPOINT ["python3"]
CMD ["mythicalMysfitsService.py"]

Does anyone know where I went wrong with all of this? My suspicion is that something with the Dockerfile configuration resulted in the CodeBuild project failing, but I am unsure what caused it?

4 Answers
0

The error message missing signature key usually indicates that there is an issue with the Docker image signature verification. This can sometimes occur if there is an issue with the base image being pulled or if there is a misconfiguration in the Docker setup. Let's go through the steps to troubleshoot and resolve this issue.

Troubleshooting Steps Verify Base Image Availability:

Ensure that the base image (ubuntu:latest) is available and accessible from the build environment. Update the Dockerfile:

Simplify the Dockerfile to isolate the problem. Start with a minimal Dockerfile and gradually add commands to identify the problematic step. Updated Dockerfile Start with a simplified Dockerfile and add commands incrementally: Dockerfile:

FROM ubuntu:latest

# Update and install required packages
RUN apt-get update && apt-get install -y python3-pip python3-dev build-essential

# Copy application files
COPY ./service /MythicalMysfitsService

# Set working directory
WORKDIR /MythicalMysfitsService

# Install Python dependencies
RUN pip3 install -r requirements.txt

# Start the Flask service
ENTRYPOINT ["python3"]
CMD ["mythicalMysfitsService.py"]

Update buildspec.yml
Ensure your buildspec.yml is correctly set up to build and push the Docker image:

yaml:
version: 0.2

phases:
  pre_build:
    commands:
      - echo Logging in to Amazon ECR...
      - $(aws ecr get-login --no-include-email --region $AWS_DEFAULT_REGION)
  build:
    commands:
      - echo Build started on `date`
      - echo Building the Docker image...
      - docker build -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/mythicalmysfits/service:latest .
  post_build:
    commands:
      - echo Build completed on `date`
      - echo Pushing the Docker image...
      - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/mythicalmysfits/service:latest
artifacts:
  files:
    - imagedefinitions.json
  discard-paths: yes

Potential Solutions Check Docker Base Image:

Pull the base image manually to verify if it’s accessible. sh:

docker pull ubuntu:latest

Verify Docker Configuration:

Ensure Docker is configured correctly in your AWS CodeBuild environment. Check if there are any restrictions or proxy settings that might affect the image pull. Update CodeBuild Environment:

Ensure that the AWS CodeBuild environment is using a Docker-enabled image, such as the aws/codebuild/standard:5.0 or a similar image. Example Docker Build Command Ensure that the Docker build command in your local environment works as expected. This helps verify that there are no issues with the Dockerfile itself. sh:

docker build -t my-account-id.dkr.ecr.us-west-2.amazonaws.com/mythicalmysfits/service:latest .

Check IAM Permissions Ensure that the IAM role used by CodeBuild has the necessary permissions to pull images from Docker Hub and push images to Amazon ECR.

Final Notes If the issue persists, you can:

Check Docker Daemon Logs: Look into the Docker daemon logs for more detailed error messages. AWS Support: If all else fails, consider reaching out to AWS Support for assistance with the specific error message you are encountering. By following these steps, you should be able to troubleshoot and resolve the missing signature key issue in your Docker build process within AWS CodeBuild.

answered 2 months ago
  • Your point regarding the Docker image signature was what my mind was what I suspected too. I did a docker pull command that worked, so I figured that something with my Dockerfile configuration was either incorrect or having some misstep. When I started over on this (usinging your suggested code changes), building the Docker image (via your Dockerfile) seemed to encounter no issues and got successfully built inside my local environment.

    Yet, a second CodeBuild attempt led to the same issue I encountered the first time. Would I need to secure the docker image upon building it?

0

we faced the same issue recently and no solution.

[Container] 2024/08/08 08:53:43.882110 Running command docker build --build-arg AWS_REGION=$AWS_DEFAULT_REGION -t $ACCOUNT_DKR_URI/$IMAGE_NAME:latest -f codebuild/cb-build-deploy/Dockerfile .
Sending build context to Docker daemon  449.5MB
Step 1/28 : FROM amazonlinux:1
missing signature key
[Container] 2024/08/08 08:53:46.751075 Command did not exit successfully docker build --build-arg AWS_REGION=$AWS_DEFAULT_REGION -t $ACCOUNT_DKR_URI/$IMAGE_NAME:latest -f codebuild/cb-build-deploy/Dockerfile . exit status 1
[Container] 2024/08/08 08:53:46.754460 Phase complete: BUILD State: FAILED
[Container] 2024/08/08 08:53:46.754473 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: docker build --build-arg AWS_REGION=$AWS_DEFAULT_REGION -t $ACCOUNT_DKR_URI/$IMAGE_NAME:latest -f codebuild/cb-build-deploy/Dockerfile .. Reason: exit status 1
[Container] 2024/08/08 08:53:46.787816 Entering phase POST_BUILD
[Container] 2024/08/08 08:53:46.788663 Running command echo Build completed on `date`
Build completed on Thu Aug 8 08:53:46 UTC 2024

LiQun
answered a month ago
  • my issue is fixed after changing the image version from the CodeBuild for that project.

0

An update to my dilemma: So, I did a series of unanticipated steps that involved signing the docker image that was stored in my Amazon ECR private repository, downloading and installing pass, docker-credential-pass, docker-credential-helpers packages, and a couple of other steps. Of course, before doing all of this, I had to fulfill a few prerequisites which included downloading, installing, and verifying the container-signing tools of 1) AWS Signer plugin for Notation and 2) Notation, an open source supply chain security program. After that, I created an AWS Signer signing profile that uses the Notation-OCI-SHA384-ECDSA signing platform, followed by using AWS CLI to authenticate the Notation CLI to my Amazon ECR private registry. Once those procedures were done, I went through with the signing protocol by using Notation CLI to sign the container image, according to both the repository name and the SHA digest, all of which resulted in a positive message saying "Successfully signed aws-account-id.dkr.ecr.region.amazonaws.com/repository-name/service@sha256....." (removed confidential details).

ec2-user:~/environment $ git clone https://github.com/docker/docker-credential-helpers.git
Cloning into 'docker-credential-helpers'...
remote: Enumerating objects: 1732, done.
remote: Counting objects: 100% (584/584), done.
remote: Compressing objects: 100% (194/194), done.
remote: Total 1732 (delta 492), reused 390 (delta 390), pack-reused 1148
Receiving objects: 100% (1732/1732), 721.08 KiB | 5.42 MiB/s, done.
Resolving deltas: 100% (971/971), done.
ec2-user:~/environment $ git clone https://git.zx2c4.com/password-store
Cloning into 'password-store'...
remote: Enumerating objects: 2616, done.
remote: Total 2616 (delta 0), reused 0 (delta 0), pack-reused 2616 (from 1)
Receiving objects: 100% (2616/2616), 411.06 KiB | 674.00 KiB/s, done.
Resolving deltas: 100% (1512/1512), done.
ec2-user:~/environment $ cd password-store
ec2-user:~/environment/password-store (master) $ ls -a
.  ..  .git  .gitignore  COPYING  INSTALL  Makefile  README  contrib  man  src  tests
ec2-user:~/environment/password-store (master) $ sudo make install
'man/pass.1' -> '/usr/share/man/man1/pass.1'
'src/completion/pass.bash-completion' -> '/usr/share/bash-completion/completions/pass'
'src/completion/pass.zsh-completion' -> '/usr/share/zsh/site-functions/_pass'
install: creating directory '/usr/lib/password-store'
install: creating directory '/usr/lib/password-store/extensions'
'src/.pass' -> '/usr/bin/pass'

ec2-user:~/environment $ wget https://github.com/docker/docker-credential-helpers/releases/download/v0.6.0/docker-credential-pass-v0.6.0-amd64.tar.gz && tar -xf docker-credential-pass-v0.6.0-amd64.tar.gz && chmod +x docker-credential-pass && sudo mv docker-credential-pass /usr/local/bin/
--2024-07-14 21:53:15--  https://github.com/docker/docker-credential-helpers/releases/download/v0.6.0/docker-credential-pass-v0.6.0-amd64.tar.gz
Resolving github.com (github.com)... 140.82.116.3
Connecting to github.com (github.com)|140.82.116.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/51309425/c45e280a-8d93-11e7-956b-7c320236531b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240714%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240714T215315Z&X-Amz-Expires=300&X-Amz-Signature=9b20194d5cab0ccf39f23a40d354db8f02b9a75bd29719aa1728a8acf4dc1d4d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=51309425&response-content-disposition=attachment%3B%20filename%3Ddocker-credential-pass-v0.6.0-amd64.tar.gz&response-content-type=application%2Foctet-stream [following]
--2024-07-14 21:53:15--  https://objects.githubusercontent.com/github-production-release-asset-2e65be/51309425/c45e280a-8d93-11e7-956b-7c320236531b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240714%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240714T215315Z&X-Amz-Expires=300&X-Amz-Signature=9b20194d5cab0ccf39f23a40d354db8f02b9a75bd29719aa1728a8acf4dc1d4d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=51309425&response-content-disposition=attachment%3B%20filename%3Ddocker-credential-pass-v0.6.0-amd64.tar.gz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2539520 (2.4M) [application/octet-stream]
Saving to: ‘docker-credential-pass-v0.6.0-amd64.tar.gz’

docker-credential-pass-v0.6.0-amd64.tar.gz                100%[====================================================================================================================================>]   2.42M  --.-KB/s    in 0.07s

2024-07-14 21:53:16 (32.5 MB/s) - ‘docker-credential-pass-v0.6.0-amd64.tar.gz’ saved [2539520/2539520]

ec2-user:~/environment $ gpg2 --gen-key

GnuPG needs to construct a user ID to identify your key.

Real name: myname
Email address: your_email@address.com
You selected this USER-ID:
    "myname <your_email@address.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: revocation certificate stored as '/home/ec2-user/.gnupg/openpgp-revocs.d/key......rev'
public and secret key created and signed.

ec2-user:~/environment $ pass init myname
Password store initialized for myname
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2026-07-14
docker-credential-helpers/docker-pass-initialized-check: reencrypting to 111222333444555666
ec2-user:~/environment $ pass init A1B2C3D4E5F6G7H8I9J10
Password store initialized for A1B2C3D4E5F6G7H8I9J10
ec2-user:~/environment $ pass insert docker-credential-helpers/docker-pass-initialized-check
ec2-user:~/environment $ pass show docker-credential-helpers/docker-pass-initialized-check
pass is initialized
ec2-user:~/environment $ docker-credential-pass list
{}
ec2-user:~/environment $ aws ecr get-login-password --region REGION | docker login --username AWS --password-stdin AWS-ACCOUNT-ID.dkr.ecr.REGION.amazonaws.com
Login Succeeded
ec2-user:~/environment $ aws ecr get-login-password --region REGION | notation login --username AWS --password-stdin AWS-ACCOUNT-ID.dkr.ecr.REGION.amazonaws.com
Login Succeeded
ec2-user:~/environment/aws-modern-application-workshop/module-2/app (python) $ notation sign AWS-ACCOUNT-ID.dkr.ecr.REGION.amazonaws.com/repository-name@sha256:ca78e5f730f9a789ef8c63bb55275ac12dfb9e8099e6EXAMPLE --plugin "com.amazonaws.signer.notation.plugin" --id "arn:aws:signer:REGION:AWS-ACCOUNT-ID:/signing-profiles/ecrSigningProfileName"
Successfully signed AWS-ACCOUNT-ID.dkr.ecr.REGION.amazonaws.com/repository-name/service@sha256:a16ce7011918939a3383a94e7bc68a6f4113c05286a00af40a7518f7981c3260

Yet, even after doing all of this, and using the git add. git commit -m "I changed the age of one of the mysfits." git push commands to apply these changes, I still come up with the same issue that I encountered at the beginning, even after seeing the signed container image on the AWS console, so I'm honestly confused on what is going on here and why I'm still getting the same error?

answered 2 months ago
0

Quick Update:

So, unbeknownst to me all this time, I did not realize that the Docker version itself might be a factor into this. Upon having the CI/CD pipeline run docker info and docker version, based on the buildspec.yml, I ended up with these responses:

[Container] 2024/07/15 02:17:41.048777 Running command docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 17.09.0-ce
Storage Driver: overlay
 Backing Filesystem: xfs
 Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.14.291-218.527.amzn2.x86_64
Operating System: Ubuntu 14.04.5 LTS (containerized)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.644GiB
Name: 6c5b18c84c6b
ID: PKFE:D5BS:JM7G:U6EI:CH5R:3F5S:4MPU:WRKH:HEOU:6RTS:XNJE:KETV
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

[Container] 2024/07/15 02:17:41.067564 Running command docker --version
Docker version 17.09.0-ce, build afdb6d4

The Docker version that it brought out is outdated, since the Docker version used in my Amazon EC2 environment has the Docker version 25.0.3, build 4debf41 set:

$ docker info

Client:
 Version:    25.0.3
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.0.0+unknown
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx

Server:
 Containers: 5
  Running: 0
  Paused: 0
  Stopped: 5
 Images: 3
 Server Version: 25.0.3
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 64b8a811b07ba6288238eefc14d898ee0b5b99ba
 runc version: 4bccb38cc9cf198d52bebf2b3a90cd14e7af8c06
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.1.94-99.176.amzn2023.x86_64
 Operating System: Amazon Linux 2023.5.20240624
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 949.5MiB
 Name: ip-172-31-0-208.us-west-2.compute.internal
 ID: ae6963b0-cafe-4e13-9c70-90bd570ced23
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Would this likely relate to why I'm getting the error I'm encountering?

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions