[BUG] `request license token failed`
Benjamin-T opened this issue · comments
When running the example foo.py
pyarmor -d gen foo.py
I get a license token failed error.
Steps to recreate
Dockerfile
FROM python:3.11 AS builder
RUN pip install pyarmor
# RUN apt-get install -y iputils-ping
RUN mkdir pyarmor
WORKDIR pyarmor
COPY . /pyarmor
COPY pyarmor-device-regfile-xxxx.5.zip .
COPY pyarmor-regfile-xxxx.zip .
RUN echo "print('hello world')" > foo.py
# RUN pyarmor reg -g 2 .pyarmor/group/pyarmor-regfile-xxxx.zip
RUN pyarmor reg pyarmor-device-regfile-xxxx.5.zip
RUN pyarmor -v
docker-compose.yml
console
version: "3.4"
services:
pyarmor:
extra_hosts:
- host.docker.internal:host-gateway
build:
dockerfile: Dockerfile
command: bash -c "tail -f /dev/null"Run on WSL-host
(base) xxx@xxx-1:~/pyarmor_test$ pyarmor-auth -d pyarmor-device-regfile-xxxx.5.zip
2024-06-17 11:50:46,231: work path: /home/xxx/.pyarmor/docker
2024-06-17 11:50:46,232: register "pyarmor-device-regfile-xxxx.5.zip"
2024-06-17 11:50:46,240: extracting license.lic
2024-06-17 11:50:46,240: extracting .pyarmor_capsule.zip
2024-06-17 11:50:46,241: machine id in group license: m6c3094139aa13c7f5cc4d14f0acdd7e3
2024-06-17 11:50:46,242: got machine id: m6c3094139aa13c7f5cc4d14f0acdd7e3
2024-06-17 11:50:46,243: this machine id matchs group license
2024-06-17 11:50:46,243: extracting tokens/m6c3094139aa13c7f5cc4d14f0acdd7e3
2024-06-17 11:50:46,243: machine id: [b'm6c3094139aa13c7f5cc4d14f0acdd7e3', b'l6c3094139aa13c7f5cc4d14f0acdd7e3', b'i6c3094139aa13c7f5cc4d14f0acdd7e3', b'kccb6bde253a2da100d5dcefb3e92688c', b'gcf1f021a2751a9dc5bf1430d00e02746', b'b8f9551527b0784d526365c40298ea9bd']
2024-06-17 11:50:46,243: listen container auth request on 0.0.0.0:29092Run on docker container
The docker container build fails when the pyarmor-auth is not running.
When i try to obfuscate the example file:
# pyarmor reg pyarmor-device-regfile-xxxx.5.zip
INFO Python 3.12.4
INFO Pyarmor 8.5.9 (trial), 000000, non-profits
INFO Platform linux.x86_64
INFO register "pyarmor-device-regfile-xxxx.5.zip"
INFO machine id in group license: m6c3094139aa13c7f5cc4d14f0acdd7e3
INFO got machine id: m92ef362ecc46cb847cf1ea3a298c8f33
INFO got machine id: l92ef362ecc46cb847cf1ea3a298c8f33
INFO got machine id: i585caab66f8bdc29033d8fb7afcca2c1
INFO got machine id: k55f26f079185d1823d87ce50bcb499e2
INFO got machine id: g55f26f079185d1823d87ce50bcb499e2
INFO got machine id: b91364da15a0092b6777c0eeacb536b0f
INFO no machine id matchs this group license
INFO take this machine as docker container, and connect to docker host for authentication...
INFO got docker host machine id: m6c3094139aa13c7f5cc4d14f0acdd7e3
INFO got docker host machine id: l6c3094139aa13c7f5cc4d14f0acdd7e3
INFO got docker host machine id: i6c3094139aa13c7f5cc4d14f0acdd7e3
INFO got docker host machine id: kccb6bde253a2da100d5dcefb3e92688c
INFO got docker host machine id: gcf1f021a2751a9dc5bf1430d00e02746
INFO got docker host machine id: b8f9551527b0784d526365c40298ea9bd
INFO This license registration information:
License Type : pyarmor-group
License No. : pyarmor-vax-00xxxx
License To : xxx
License Product : xxx
BCC Mode : Yes
RFT Mode : Yes
Notes
* Offline obfuscation
# pyarmor -d gen --enable-rft foo.py
INFO Python 3.12.4
INFO Pyarmor 8.5.9 (trial), 000000, non-profits
INFO Platform linux.x86_64
DEBUG native platform linux.x86_64
DEBUG home path: /root/.pyarmor
DEBUG command options: {'no_runtime': False, 'enable_rft': True, 'inputs': ['foo.py']}
DEBUG install plugin: CodesignPlugin
DEBUG install plugin: DarwinUniversalPlugin
INFO search inputs ...
INFO find script foo.py
INFO find 1 top resources
DEBUG unknown error, please check pyarmor.error.log
ERROR request license token failed (5): ER:wrong use group licenseZVgBXLHRjz1eB5BWCW2Ul09bAsekf7BpoM0LlnGugXXckGsNOifkUH2bUVgVpsLgkj4Vf9kijSIIvRMJK-Dxbim4YkfpwmbGayj9Duvn9N4D-eMA75kfBkQU4u7HAcXq8zx_nEbYcidWULyY5txHbNIJj01KTXJAp237BkmYnSlMz3YXSo2VolC11Xw7PoLdI8n9CCpfLfzS-wvdh00IkqFaa-dX7_J3F2zez80OhxqRh5GYQ_cIeQ03PLFQwUYn4F_IYw5CZhSg829MywSQSQFuzS-PZY9bdLefvmzd_WictsOnDqKtjgTqVCkAWRtenSheLGPM0WRAw×tamp=1718877798&rev=1&token=0&machine=b91364da15a0092b6777c0eeacb536b0f
ERROR something is wrong
*=============================================================*
* Please check *
* https://pyarmor.readthedocs.io/en/latest/questions.html *
* or run `pyarmor man` to find solutions quickly *
* *
* It's recommand to report issue by `pyarmor man` in order *
* to provide necessary information, and avoid dupcliated *
* issues or unclear question. *
*=============================================================*on the pyarmor-auth server:
2024-06-17 12:00:42,260: receive request from ('127.0.0.1', 53666)
2024-06-17 12:00:42,260: request data (64): b'PADHxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
2024-06-17 12:00:42,261: send auth result to ('127.0.0.1', 53666)
2024-06-17 12:00:42,261: response data (204): b'm6c3094139aa13c7f5cc4d14f0acdd7e3\nl6c3094139aa13c7f5cc4d14f0acdd7e3\ni6c3094139aa13c7f5cc4d14f0acdd7e3\nkccb6bde253a2da100d5dcefb3e92688c\ngcf1f021a2751a9dc5bf1430d00e02746\nb8f9551527b0784d526365c40298ea9bd\x00'
2024-06-17 12:00:52,732: receive request from ('127.0.0.1', 45808)
2024-06-17 12:00:52,733: request data (64): b'PADHxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
2024-06-17 12:00:52,733: send auth result to ('127.0.0.1', 45808)
2024-06-17 12:00:52,733: response data (204): b'm6c3094139aa13c7f5cc4d14f0acdd7e3\nl6c3094139aa13c7f5cc4d14f0acdd7e3\ni6c3094139aa13c7f5cc4d14f0acdd7e3\nkccb6bde253a2da100d5dcefb3e92688c\ngcf1f021a2751a9dc5bf1430d00e02746\nb8f9551527b0784d526365c40298ea9bd\x00'
2024-06-17 12:00:59,671: receive request from ('127.0.0.1', 40422)
2024-06-17 12:00:59,671: request data (0): b''
2024-06-17 12:00:59,671: unknown packet b''Observations:
- The network setup is functioning properly, see the correct messages in the
pyarmor-authserver - The unknown packet when the actual pyarmor command is run
- note the weird machine id:
machine=b91364da15a0092b6777c0eeacb536b0fin the debug message
I just want to know 2 things:
-
what's the output of
ifconfigin the WSL (docker host)? -
what's the output of
ifconfigin the docker container?
Because there is strange line in the log of pyarmor-auth
2024-06-17 12:00:59,671: receive request from ('127.0.0.1', 40422)
Why docker container ip is 127.0.0.1?
I also upload test network tool
https://pyarmor.dashingsoft.com/downloads/tools/test_docker
Please run it in docker container and report the full output of this command
When I try to run it, it throws this error;
# sh test_docker -d
test_docker: 2: Syntax error: newline unexpected (expecting ")")As asked i've run ifconfig in container, with the following network:
services:
pyarmor:
extra_hosts:
- host.docker.internal:host-gateway
build:
dockerfile: Dockerfile
command: bash -c "tail -f /dev/null"# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.27.4.2 netmask 255.255.255.0 broadcast 172.27.4.255
ether 02:42:ac:1b:04:02 txqueuelen 0 (Ethernet)
RX packets 6772 bytes 10008121 (9.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1944 bytes 130147 (127.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 12 bytes 1026 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12 bytes 1026 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0And the (what I thought was) relevant part of the ipconfig on the windows host:
Ethernet adapter vEthernet (Default Switch):
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::bb30:606a:1bd6:1cb4%17
IPv4 Address. . . . . . . . . . . : 172.26.48.1
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
Ethernet adapter vEthernet (WSL (Hyper-V firewall)):
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::dbbf:be69:2b99:abf1%25
IPv4 Address. . . . . . . . . . . : 172.27.32.1
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :Alternative 'default' network setup:
services:
pyarmor:
build:
dockerfile: Dockerfile
command: bash -c "tail -f /dev/null"
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.27.5.2 netmask 255.255.255.0 broadcast 172.27.5.255
ether 02:42:ac:1b:05:02 txqueuelen 0 (Ethernet)
RX packets 9 bytes 1046 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Please run test_docker in the docker container directly
# ./test_docker
And also run pyarmor-auth .... in the docker host at the same time.
# ./test_docker
src addr is 2051bac
, dst addr is fe41a8c0
docker container netmask is ffffff, ret is 0and the associated output of pyarmor-auth
2024-06-20 13:03:36,268: receive request from ('127.0.0.1', 57101)
2024-06-20 13:03:36,269: unknown packet b''
Is there any network interface which ip address is 192.168.65.254?
Becuase test_docker connects to this ip, and it's not in the same network as docker container.
And if your docker container is using host network, for example, start docker with option --network=host, try to use default bridge network.
The key is that make sure ip addr listend by pyarmor-auth is same network as docker cointainer.
But the problem is that pyarmor -v actually works and shows correct license in the container and on the server. You can see in the auth server output that is shows correct authentication is happening. So the network seems to be fine.
...
2024-06-17 12:00:42,260: receive request from ('127.0.0.1', 53666)
2024-06-17 12:00:42,260: request data (64): b'PADHxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
...
But when actual job is run it it fails and auth server shows empty request data:
...
2024-06-17 12:00:59,671: receive request from ('127.0.0.1', 40422)
2024-06-17 12:00:59,671: request data (0): b''
2024-06-17 12:00:59,671: unknown packet b''
...
@jondy Did you already reproduce the issue with the docker-compose and dockerfile I supplied? I have the issue on wsl + docker as well as windows + docker. So curious about your experience and on what kind of platform you do get it to work.
Sorry, I did have not windows docker environments.
What I test is in Linux Docker Host.
The key is that pyarmor-auth and docker container must be in same network in the current Pyarmor version.
pyarmor reg xxxx.zip uses differnt method from pyarmor gen --enable-rft foo.py
pyarmor reg xxxx.zip doesn't check same network, but pyarmor gen will check.
From test_docker output, the docker container is connected to 192.168.65.254
I'm not sure, but if this command ./test_docker 127.0.0.1 in the docker container could return ret 1, then run docker with docker run --add-host docker.host.internal:127.0.0.1 ... should work.
Sorry, I did have not windows docker environments.
What I test is in Linux Docker Host.
The key is that pyarmor-auth and docker container must be in same network in the current Pyarmor version.
Okay, but I experience the same issue with WSL2 --> Linux container? That is as close to a linux docker host I can get?
From the output of test_docker, pyarmor is connecting to 192.168.65.254, but I can't see this IP in docker host, so it seems this report doesn't provide real information.
Anyway, the docker container must be run in the docker host and within same network. If docker container is running in other machines or in CI/CD pipeline, Pyarmor group license doesn't work for this case.
Please check docker network documentation to configure docker network, and use necessary options to start docker container.
In pyarmor side, pyarmor will connect to host.docker.internal, and someone else has been used Pyarmor Group license in Windows Docker Desktop.