gsc sign-image errors out with toml: Reserved escape sequence used

[asmprogrammer5]

Description of the problem

gsc sign-image command fails while doing gramin-sgx-sign

Some images work with gsc (example python), however some images have issues. Looked at this one which has similar error:
#44. But couldn't tell what the solution was and that issue is still open.

Steps to reproduce

Git commit: b7f0576

./gsc build --insecure-args gcr.io/k8s-minikube/kicbase:v0.0.35 test/generic.manifest
...
Successfully built 26719820b50d
Successfully tagged gsc-gcr.io/k8s-minikube/kicbase:v0.0.35-unsigned
Successfully built an unsigned graminized Docker image `gsc-gcr.io/k8s-minikube/kicbase:v0.0.35-unsigned` from original application image `gcr.io/k8s-minikube/kicbase:v0.0.35`.

./gsc sign-image gcr.io/k8s-minikube/kicbase:v0.0.35 ~/.config/gramine/enclave-key.pem

Actual results

./gsc sign-image gcr.io/k8s-minikube/kicbase:v0.0.35 ~/.config/gramine/enclave-key.pem
Signing graminized Docker image `gsc-gcr.io/k8s-minikube/kicbase:v0.0.35-unsigned` -> `gsc-gcr.io/k8s-minikube/kicbase:v0.0.35`...
Step 1/9 : FROM gsc-gcr.io/k8s-minikube/kicbase:v0.0.35-unsigned as unsigned_image

 ---> 26719820b50d
Step 2/9 : COPY gsc-signer-key.pem /gramine/app_files/gsc-signer-key.pem

 ---> 9f2ee808f0b5
Step 3/9 : ARG passphrase

 ---> Running in 34cf15b6f0fe
Removing intermediate container 34cf15b6f0fe
 ---> ed5c751e5e60
Step 4/9 : COPY sign.sh /gramine/app_files/sign.sh

 ---> 92692aa0cb11
Step 5/9 : RUN chmod +x /gramine/app_files/sign.sh

 ---> Running in 821233a47801
Removing intermediate container 821233a47801
 ---> 3052b70804c1
Step 6/9 : RUN export PYTHONPATH="${PYTHONPATH}:$(find /gramine/meson_build_output/lib -type d -path '*/site-packages')" && /gramine/app_files/sign.sh       /gramine/app_files/gsc-signer-key.pem       /gramine/app_files/entrypoint.manifest       /gramine/app_files/entrypoint.manifest.sgx       $passphrase

 ---> Running in 9db7da5563ad
spawn gramine-sgx-sign --key /gramine/app_files/gsc-signer-key.pem --manifest /gramine/app_files/entrypoint.manifest --output /gramine/app_files/entrypoint.manifest.sgx
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/toml/decoder.py", line 511, in loads
    ret = decoder.load_line(line, currentlevel, multikey,
  File "/usr/local/lib/python3.8/dist-packages/toml/decoder.py", line 778, in load_line
    value, vtype = self.load_value(pair[1], strictly_valid)
  File "/usr/local/lib/python3.8/dist-packages/toml/decoder.py", line 880, in load_value
    return (self.load_array(v), "array")
  File "/usr/local/lib/python3.8/dist-packages/toml/decoder.py", line 1026, in load_array
    nval, ntype = self.load_value(a[i])
  File "/usr/local/lib/python3.8/dist-packages/toml/decoder.py", line 866, in load_value
    raise ValueError("Reserved escape sequence used")
ValueError: Reserved escape sequence used

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/gramine/meson_build_output/bin/gramine-sgx-sign", line 74, in <module>
    main() # pylint: disable=no-value-for-parameter
  File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/gramine/meson_build_output/bin/gramine-sgx-sign", line 32, in main
    manifest = Manifest.load(manifest_file)
  File "/gramine/meson_build_output/lib/python3.6/site-packages/graminelibos/manifest.py", line 150, in load
    return cls.loads(f.read())
  File "/gramine/meson_build_output/lib/python3.6/site-packages/graminelibos/manifest.py", line 146, in loads
    return cls(s)
  File "/gramine/meson_build_output/lib/python3.6/site-packages/graminelibos/manifest.py", line 84, in __init__
    manifest = toml.loads(manifest_str)
  File "/usr/local/lib/python3.8/dist-packages/toml/decoder.py", line 514, in loads
    raise TomlDecodeError(str(err), original, pos)
toml.decoder.TomlDecodeError: Reserved escape sequence used (line 11 column 1 char 274)

[dimakuv]

Thanks for the very good report @asmprogrammer5 !

Let me try to reproduce it and look deeper. Definitely feels like the used Docker image contains some "weird" filenames that the TOML parser cannot understand.

[dimakuv]

Ok, debugged this. The root cause is this file in the original Docker image:
/usr/lib/systemd/system/system-systemd\x2dcryptsetup.slice

Note the \x2d snippet. This is an incorrect UTF-8 escape sequence (they should have the format \uXXXX for Unicode symbols, see https://toml.io/en/v1.0.0#string). I'm working on the patch to GSC fixing this.

By the way, the place where TOML Python parser fails is here: https://github.com/uiri/toml/blob/59d83d0d51a976f11a74991fa7d220fc630d8bae/toml/decoder.py#L866

[asmprogrammer5]

Thanks for the quick turnaround. Yes, that fixes the decoder issue. But as you have mentioned in #101, need to find a better solution. Maybe tomli is less buggy, but we need to confirm that it doesn't have issues such as this one.