Noir docker image latest version error

[Nameisjohn247]

Describe the bug
I tried to run noir docker image in 2 different env's

1. Macbook m3
2. Giltab runner

All 2 gave me errors for the latest & main image,
In Macbook m3 below is the error:

1. docker run --platform=linux/amd64 -it ghcr.io/owasp-noir/noir:v0.18.3 noir -v -> version 0.18.3 worked
   0.18.3

2. docker run --platform=linux/amd64 -it ghcr.io/owasp-noir/noir:main noir -v -> main version throws below error

Error loading shared library libpcre2-8.so.0: No such file or directory (needed by /usr/local/bin/noir)
Error loading shared library libgc.so.1: No such file or directory (needed by /usr/local/bin/noir)
Error loading shared library libgcc_s.so.1: No such file or directory (needed by /usr/local/bin/noir)
Error relocating /usr/local/bin/noir: pcre2_get_ovector_count_8: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_GetRegionStart: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_SetGR: symbol not found
Error relocating /usr/local/bin/noir: pcre2_get_ovector_pointer_8: symbol not found
Error relocating /usr/local/bin/noir: pcre2_match_data_create_from_pattern_8: symbol not found
Error relocating /usr/local/bin/noir: GC_set_handle_fork: symbol not found
Error relocating /usr/local/bin/noir: GC_register_finalizer_ignore_self: symbol not found
Error relocating /usr/local/bin/noir: GC_realloc: symbol not found
Error relocating /usr/local/bin/noir: pcre2_jit_stack_assign_8: symbol not found
Error relocating /usr/local/bin/noir: pcre2_code_free_8: symbol not found
Error relocating /usr/local/bin/noir: GC_push_all_eager: symbol not found
Error relocating /usr/local/bin/noir: GC_set_warn_proc: symbol not found
Error relocating /usr/local/bin/noir: GC_malloc: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_GetLanguageSpecificData: symbol not found
Error relocating /usr/local/bin/noir: pcre2_match_context_create_8: symbol not found
Error relocating /usr/local/bin/noir: pcre2_jit_compile_8: symbol not found
Error relocating /usr/local/bin/noir: GC_get_my_stackbottom: symbol not found
Error relocating /usr/local/bin/noir: pcre2_compile_8: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_RaiseException: symbol not found
Error relocating /usr/local/bin/noir: pcre2_get_error_message_8: symbol not found
Error relocating /usr/local/bin/noir: pcre2_jit_stack_create_8: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_GetIP: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_Backtrace: symbol not found
Error relocating /usr/local/bin/noir: GC_set_start_callback: symbol not found
Error relocating /usr/local/bin/noir: GC_is_heap_ptr: symbol not found
Error relocating /usr/local/bin/noir: GC_set_push_other_roots: symbol not found
Error relocating /usr/local/bin/noir: GC_free: symbol not found
Error relocating /usr/local/bin/noir: GC_get_push_other_roots: symbol not found
Error relocating /usr/local/bin/noir: GC_init: symbol not found
Error relocating /usr/local/bin/noir: pcre2_match_8: symbol not found
Error relocating /usr/local/bin/noir: GC_general_register_disappearing_link: symbol not found
Error relocating /usr/local/bin/noir: GC_base: symbol not found
Error relocating /usr/local/bin/noir: pcre2_match_data_free_8: symbol not found
Error relocating /usr/local/bin/noir: GC_malloc_atomic: symbol not found
Error relocating /usr/local/bin/noir: pcre2_pattern_info_8: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_SetIP: symbol not found
Error relocating /usr/local/bin/noir: GC_set_stackbottom: symbol not found

3. docker run --platform=linux/amd64 -it ghcr.io/owasp-noir/noir:latest noir -v -> latest version throws error

Error loading shared library libpcre2-8.so.0: No such file or directory (needed by /usr/local/bin/noir)
Error loading shared library libgc.so.1: No such file or directory (needed by /usr/local/bin/noir)
Error loading shared library libgcc_s.so.1: No such file or directory (needed by /usr/local/bin/noir)
Error relocating /usr/local/bin/noir: pcre2_get_ovector_count_8: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_GetRegionStart: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_SetGR: symbol not found
Error relocating /usr/local/bin/noir: pcre2_get_ovector_pointer_8: symbol not found
Error relocating /usr/local/bin/noir: pcre2_match_data_create_from_pattern_8: symbol not found
Error relocating /usr/local/bin/noir: GC_set_handle_fork: symbol not found
Error relocating /usr/local/bin/noir: GC_register_finalizer_ignore_self: symbol not found
Error relocating /usr/local/bin/noir: GC_realloc: symbol not found
Error relocating /usr/local/bin/noir: pcre2_jit_stack_assign_8: symbol not found
Error relocating /usr/local/bin/noir: pcre2_code_free_8: symbol not found
Error relocating /usr/local/bin/noir: GC_push_all_eager: symbol not found
Error relocating /usr/local/bin/noir: GC_set_warn_proc: symbol not found
Error relocating /usr/local/bin/noir: GC_malloc: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_GetLanguageSpecificData: symbol not found
Error relocating /usr/local/bin/noir: pcre2_match_context_create_8: symbol not found
Error relocating /usr/local/bin/noir: pcre2_jit_compile_8: symbol not found
Error relocating /usr/local/bin/noir: GC_get_my_stackbottom: symbol not found
Error relocating /usr/local/bin/noir: pcre2_compile_8: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_RaiseException: symbol not found
Error relocating /usr/local/bin/noir: pcre2_get_error_message_8: symbol not found
Error relocating /usr/local/bin/noir: pcre2_jit_stack_create_8: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_GetIP: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_Backtrace: symbol not found
Error relocating /usr/local/bin/noir: GC_set_start_callback: symbol not found
Error relocating /usr/local/bin/noir: GC_is_heap_ptr: symbol not found
Error relocating /usr/local/bin/noir: GC_set_push_other_roots: symbol not found
Error relocating /usr/local/bin/noir: GC_free: symbol not found
Error relocating /usr/local/bin/noir: GC_get_push_other_roots: symbol not found
Error relocating /usr/local/bin/noir: GC_init: symbol not found
Error relocating /usr/local/bin/noir: pcre2_match_8: symbol not found
Error relocating /usr/local/bin/noir: GC_general_register_disappearing_link: symbol not found
Error relocating /usr/local/bin/noir: GC_base: symbol not found
Error relocating /usr/local/bin/noir: pcre2_match_data_free_8: symbol not found
Error relocating /usr/local/bin/noir: GC_malloc_atomic: symbol not found
Error relocating /usr/local/bin/noir: pcre2_pattern_info_8: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_SetIP: symbol not found
Error relocating /usr/local/bin/noir: GC_set_stackbottom: symbol not found

In gitlab runner for latest , main & v0.18.3 it throws different error:
Below is the simple gitlab-ci.yaml I used:

stages:

• noir

run_noir_job:
stage: noir
image: ghcr.io/owasp-noir/noir:v0.18.3 # Use the Noir Docker image
script:
- echo "Running Noir security analysis..."
- noir -v # Print Noir version

ERROR:
$ echo "Running Noir security analysis..."
Running Noir security analysis...
$ noir -v
/usr/local/bin/noir: line 1: syntax error: unexpected "("
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: command terminated with exit code 2

Ideally it should be working without any errors , might be due to the dependencies missed in the dockerfile in the latest versions

Requesting to please have it fixed.
Also if possible to have a noir gitlab ci integration (just a trail) so that we can run noir in the pipeline and use it to the fullest.

[hahwul]

@Nameisjohn247
First of all, thank you for reporting the issue. I'll check it right away!

cc @ksg97031

[hahwul]

@ksg97031
It seems that there is a problem with this v0.19.0 update.

$ docker run --platform=linux/amd64 -it ghcr.io/owasp-noir/noir:v0.19.0 noir -v
Unable to find image 'ghcr.io/owasp-noir/noir:v0.19.0' locally
v0.19.0: Pulling from owasp-noir/noir
1f3e46996e29: Already exists
36000712170a: Pull complete
5737e9cc02b1: Pull complete
Digest: sha256:8f5522593b578ce2b7476ab57da75c18e9dd88e2b1708638d1da62a7b287e1df
Status: Downloaded newer image for ghcr.io/owasp-noir/noir:v0.19.0
Error loading shared library libpcre2-8.so.0: No such file or directory (needed by /usr/local/bin/noir)
Error loading shared library libgc.so.1: No such file or directory (needed by /usr/local/bin/noir)
Error loading shared library libgcc_s.so.1: No such file or directory (needed by /usr/local/bin/noir)
Error relocating /usr/local/bin/noir: pcre2_get_ovector_count_8: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_GetRegionStart: symbol not found
Error relocating /usr/local/bin/noir: _Unwind_SetGR: symbol not found
Error relocating /usr/local/bin/noir: pcre2_get_ovector_pointer_8: symbol not found
...

[hahwul]

I found this commit (a9d4622) suspicious, so I tested it, and it turned out to be an issue. I'll fix it and proceed with the release right away!

left: 0.19.0, right: patched version

For reference, runtime dependencies were usually fine for macOS or Linux, but the situation is different for alpine images. I’ve re-enabled the --static flag¹.

Footnotes

1. https://crystal-lang.org/reference/1.15/guides/static_linking.html ↩

[hahwul]

@Nameisjohn247
Oh! It looks like the issue was automatically closed when the PR was merged. Would it be okay to test it once using the main image? I believe I’ve resolved the parts that seemed problematic, but since it’s difficult for me to test GitLab CI directly, I’m unable to confirm it myself. I’d really appreciate your help with this!

docker pull ghcr.io/owasp-noir/noir:main
docker run ghcr.io/owasp-noir/noir:main noir -v
# 0.19.0

[Nameisjohn247]

Let me check @hahwul

[Nameisjohn247]

Works in macbook local
docker run --platform=linux/amd64 -it ghcr.io/owasp-noir/noir:main noir -v
0.19.0

Error in gitlab runner

Below is the stage
`stages:

• noir

run_noir_job:
stage: noir
image: ghcr.io/owasp-noir/noir:main # Use the Noir Docker image
script:
- echo "Running Noir security analysis..."
- noir -v # Print Noir version
`

Error:
$ echo "Running Noir security analysis..."
Running Noir security analysis...
$ noir -v
/usr/local/bin/noir: line 1: �ELF����: not found
/usr/local/bin/noir: line 2: syntax error: unexpected ")"
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: command terminated with exit code 2

[hahwul]

Note

• linux/amd64
• linux/arm64

[ksg97031]

@hahwul
Works fine in GitLab Runner with the GHCR main Docker tag now.
https://gitlab.com/ksg97031/x/-/jobs/8945472845

[Nameisjohn247]

Hi @ksg97031
Is that possible to try with arm64 based linux runner?
Below is the error I get with image: ghcr.io/owasp-noir/noir:main

$ uname -a
Linux runner ***************.amzn2.aarch64 aarch64 Linux
$ echo "Checking available binaries:"
Checking available binaries:
$ which noir
/usr/local/bin/noir
$ noir -v
/usr/local/bin/noir: line 1: �ELF����: not found
/usr/local/bin/noir: line 2: syntax error: unexpected ")"
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: command terminated with exit code 2

[ksg97031]

Hi @Nameisjohn247,

Thanks for bringing this up.
I'll test it with an arm64-based Linux runner. Appreciate it!

[ksg97031]

@hahwul cc @Nameisjohn247
I'm not sure, but I pulled the arm64 image and checked the binary type. It appears to be x86-64, not aarch.

ksg97031@instance-20250124-161957:~$ sudo docker cp 31022102dd22:/usr/local/bin/noir .
Successfully copied 23.2MB to /home/ksg97031/.
ksg97031@instance-20250124-161957:~$ file noir
noir: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked,  BuildID[sha1]=50872383f70e9c2979d448913dd4f55133f69b6c, with debug_info, not stripped   <<< x86-64

And im trying to figure out what’s causing this, and it seems like the issue is that crystallang/crystal:latest-alpine doesn’t currently support arm64 platform.

ksg97031@instance-20250124-161957:~$ sudo docker run --platform linux/arm64 crystallang/crystal:latest-alpine
Unable to find image 'crystallang/crystal:latest-alpine' locally
latest-alpine: Pulling from crystallang/crystal
Digest: sha256:1a5e51210b0950b5a95217cf94815cce864da40db5d6dbce8475c9a28bc6eda9
Status: Image is up to date for crystallang/crystal:latest-alpine
docker: image with reference crystallang/crystal:latest-alpine was found but its platform (linux/amd64) does not match the specified platform (linux/arm64).
See 'docker run --help'.

Would it make sense to switch to a different builder image?

[hahwul]

@ksg97031
Thanks for testing it out! I understand the situation now, and I agree—switching the builder image seems like the right approach. This actually came up in a discussion last year, and it looks like using 84codes/crystal:latest-alpine as the builder image should resolve the issue.

Before I make the changes, I'd love to hear your thoughts on this approach. Do you think there’s anything else we should consider, or do you know of any potential issues with using 84codes/crystal:latest-alpine for multi-platform support? For reference, here's the related issue: #271. Appreciate your help!

# But.. 😭

#11 85.72 E: Error target noir failed to compile:
#11 85.72 /usr/lib/gcc/aarch64-alpine-linux-musl/14.2.0/../../../../aarch64-alpine-linux-musl/bin/ld: cannot find -lyaml (this usually means you need to install the development package for libyaml): No such file or directory
#11 85.72 collect2: error: ld returned 1 exit status
#11 85.72 Error: execution of command failed with exit status 1: cc "${@}" -o /noir/bin/noir  -rdynamic -static -L/usr/bin/../lib/crystal -lz `command -v pkg-config > /dev/null && pkg-config --libs --silence-errors libssl || printf %s '-lssl -lcrypto'` `command -v pkg-config > /dev/null && pkg-config --libs --silence-errors libcrypto || printf %s '-lcrypto'` -lyaml -lpcre2-8 -lgc

[ksg97031]

@hahwul,
I also believe that 84codes is a reliable community, and they’ve shared their deployment code here: https://github.com/84codes/crystal-container-images.

In my tests, the Alpine builder had a libyaml bug too, but there were no issues when using 84codes/crystal:latest-ubuntu-22.04 AS builder on local mac.

By the way, I don’t have the necessary permissions to delete these.
Could you please help remove the following packages?
https://github.com/owasp-noir/noir/pkgs/container/noir/343126686?tag=issue-511-set-platform-docker
https://github.com/owasp-noir/noir/pkgs/container/noir/343122333?tag=issue-511-add-cache-scope

[hahwul]

@ksg97031 I got it. deleted 😊

[hahwul]

@ksg97031
I've tested it in various ways, but no immediate solution has come up. It seems like it's more of an issue with building the Noir source code on Alpine rather than a problem with 84codes' images.

We might need to choose between two options. Could you please share your opinion?

• Switch to an image like Ubuntu or Debian, which doesn't have these issues. (However, this would change the OS, and some users might be affected.) / PR: refactor: Update Dockerfile to use Debian base images #520
• Find and resolve the cause:
  • The same issue occurs when building with images like alpine:edge.
  • When creating another app with the same dependencies using 84codes/crystal:latest-alpine, no errors occur during the build 🤔

Test

Debian image

file noir
# noir: ELF 64-bit LSB executable, ARM aarch64

alpine:edge

FROM alpine:edge AS builder
RUN apk add --update crystal shards yaml-dev musl-dev make

WORKDIR /noir
COPY . .

RUN shards install --production && \
    shards build --release --no-debug --production --static

##= RUNNER =##
FROM alpine:edge
....

84codes/alpine + simple app (same dependencies to noir)

No error

[ksg97031]

@hahwul

In my opinion, Debian seems to offer better compatibility, but it’s a bit heavier. For now, let’s use Debian and keep an eye on other options for the future!

[hahwul]

@ksg97031 OK!

[hahwul]

@Nameisjohn247
Hello again! Can you test again with the main branch version?

[Nameisjohn247]

Hi @hahwul
I tried with this image in arm64 based runner and it works now
linux/arm64:
ghcr.io/owasp-noir/noir:main@sha256:f86d45eb73112960388e8235c8f71e9423cfac1fd3944b935b33c06d60380cf0

Thanks