External Email - Use Caution
Hi Paul and all!
Hmm, I am not sure that's the case. As I indicated in my first message, if I start the container manually (e.g., docker run -it ... /bin/bash) and run recon-all inside it directly, the license is detected and validated correctly. So the license.txt file at /usr/local/freesurfer/license.txt itself appears to be valid. Sadly, there is no official freesurfer Docker image for version 5.3.0, and we cannot use newer versions because we would lose consistency on the already processed data. I guess it is not going to be deployed in the future, right?
Thanks!
On Fri, 10 Oct 2025 at 16:11, Wighton, Paul PWIGHTON@mgh.harvard.edu wrote:
Ah! FreeSurfer 5.3.0 is the reason. I think the license file format has changed at some point. I'm not sure how to get a 5.3.0 license file. Perhaps someone else on the list knows?
-Paul
From: Óscar Peña-Nogales opennog@gmail.com Sent: Friday, October 10, 2025 10:42 AM To: Freesurfer support list Subject: [Freesurfer] Re: recon-all fails with "Invalid FreeSurfer license key" when executed via Docker SDK but works interactively
External Email - Use CautionHello,
Thanks for your inputs, however, when inspecting the container environment in runtime I can see that the variables are properly set: 'FREESURFER_HOME': '/usr/local/freesurfer', 'FS_LICENSE': '/usr/local/freesurfer/license.txt', 'FREESURFER_SETUP': '/usr/local/freesurfer/SetUpFreeSurfer.sh', 'MINC_BIN_DIR': '/usr/local/freesurfer/mni/bin',
But I get this error when running right after the command recon-all
ERROR: Invalid FreeSurfer license key found in license file /usr/local/freesurfer/license.txt If you are outside the NMR-Martinos Center, go to http://secure-web.cisco.com/1a66PuVVu5iB-V5I9_hFfhjImHTNEqZ9WwWaI6RezgTLXcot...< http://secure-web.cisco.com/1UuxJ9PKT3fFdW0wXrNTOPTIiSy5-20crKGYhylPKuP_0Igq... to get a valid license file (it's free). If you are inside the NMR-Martinos Center, make sure to source the standard environment.
Then I don't think the SDK is modifying the environment, also the license.txt is found in the default location. I can even read it and print it at runtime. This is only happening for FreeSurfer 5.3.0 but not for later FreeSurfer versions (which are built using the same steps).
Any other suggestions?
Óscar
On Thu, 9 Oct 2025 at 14:33, Wighton, Paul <PWIGHTON@mgh.harvard.edu mailto:PWIGHTON@mgh.harvard.edu> wrote: Hi Oscar,
My guess is the FREESURFER_HOME environment variable is being cleared by the SDK. FreeSurfer will by default look for the license file at $FREESURFER_HOME/license.txt.
There is also the environment variable FS_LICENSE which can tell freesurfer where the license file is, but since in your case the file is in the standard location, I'm guessing that is not being used.
So setting FREESURFER_HOME=/usr/local/freesurfer
or FS_LICENSE=/usr/local/freesurfer/license.txt
should work.
-Paul
From: Óscar Peña-Nogales <opennog@gmail.commailto:opennog@gmail.com> Sent: Wednesday, October 8, 2025 5:04 AM To: Freesurfer support list Subject: [Freesurfer] recon-all fails with "Invalid FreeSurfer license key" when executed via Docker SDK but works interactively
External Email - Use CautionHi all,
I’m running recon-all inside a Docker container, but it fails with the following error when launched programmatically through an SDK:
ERROR: Invalid FreeSurfer license key found in license file /usr/local/freesurfer/license.txt If you are outside the NMR-Martinos Center, go to http://secure-web.cisco.com/1a66PuVVu5iB-V5I9_hFfhjImHTNEqZ9WwWaI6RezgTLXcot...< http://secure-web.cisco.com/1UuxJ9PKT3fFdW0wXrNTOPTIiSy5-20crKGYhylPKuP_0Igq...
<
http://secure-web.cisco.com/1caZqJPIIzERnX6myZfn7lHvJljbS0zsXzR6nmSo47CLhLQR... to get a valid license file (it's free). If you are inside the NMR-Martinos Center, make sure to source the standard environment.
The command used by the SDK looks like this: docker run -v /usr/local/lib/python3.10/dist-packages/xxxx/execution/communication.patch:/usr/local/lib/python3.11/dist-packages/xxxx/sdk/communication.py:ro \ --cap-drop=NET_RAW -dt --name analysis_1420668 --entrypoint /bin/bash \ --cpus=4 --memory=16384m \ europe-west3-docker.pkg.dev/xxxx/freesurfer_530:dev-1.0< http://secure-web.cisco.com/10bra9HdhlTj-ut3zc8LkwW4v3HqCNE8wUuAPOxTCAvs-W1p...
<
http://secure-web.cisco.com/1mwCEJkYKnfdfA22FPsDgHeg-XoCzA3_JkIyAVUiiiBYW-fx... \ /xxxx/entrypoint.sh --project 2289 --analysis 1420668 \ --token xxxx --url https://secure-web.cisco.com/1MWqwclSfbztHV6VxKjkHudNfmLaIwU08A1T9wXkRa9wcNt...< https://secure-web.cisco.com/1dwNyPHyZdF74N8CBbePYmDs_N5_8E-GU4rmVapLMhkXkNS...
<
https://secure-web.cisco.com/1_ZG55biN3BILRStBLxIfao5TAMons8aRRsmdYirMJ90OwD... \ --tool-path tool:run
However, when I start the container manually (e.g., docker run -it ... /bin/bash) and run recon-all inside it directly, the license is detected and validated correctly. So the license.txt file at /usr/local/freesurfer/license.txt itself appears to be valid. This suggests the issue is related to how the container is executed by the SDK or entrypoint, possibly involving the entrypoint script /xxx/entrypoint.sh altering the environment before recon-all starts.
The Docker container has: Ubuntu 22.04 Python 3.11
Has anyone seen a similar issue where FreeSurfer fails to validate the license only when invoked non-interactively?
Are there specific environment variables or checks that recon-all performs which might differ when running under /bin/bash -c or through an SDK wrapper?
Any insights or debugging suggestions would be greatly appreciated.
Thanks! _______________________________________________ Freesurfer mailing list -- freesurfer@nmr.mgh.harvard.edumailto: freesurfer@nmr.mgh.harvard.edu To unsubscribe send an email to freesurfer-leave@nmr.mgh.harvard.edu mailto:freesurfer-leave@nmr.mgh.harvard.edu
https://secure-web.cisco.com/13AAOUe6lOF8-oAxO5AHyZgB30lnGgLHUz77FWkRBm4E9pf... < https://secure-web.cisco.com/1azVNbHYfrpkN0ViChl6dOJcXJLtuSXYazp3wjXvAQIekhx...
The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine at https://secure-web.cisco.com/1aV2K88YtvfcLCBIDXqcuJQ-SgnG9CPnvw63EwhOKQJ3W9f...< https://secure-web.cisco.com/1mRJFOoGXgrrIRSmKfaRCNPfFodvN1HTrg_NnlvaIiJSkM2... <https://secure-web.cisco.com/1aV2K88YtvfcLCBIDXqcuJQ-SgnG9CPnvw63EwhOKQJ3W9f...< https://secure-web.cisco.com/1mRJFOoGXgrrIRSmKfaRCNPfFodvN1HTrg_NnlvaIiJSkM2... .
Freesurfer mailing list -- freesurfer@nmr.mgh.harvard.edu To unsubscribe send an email to freesurfer-leave@nmr.mgh.harvard.edu
https://secure-web.cisco.com/13AAOUe6lOF8-oAxO5AHyZgB30lnGgLHUz77FWkRBm4E9pf... The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Mass General Brigham Compliance HelpLine at https://secure-web.cisco.com/1aV2K88YtvfcLCBIDXqcuJQ-SgnG9CPnvw63EwhOKQJ3W9f... < https://secure-web.cisco.com/1aV2K88YtvfcLCBIDXqcuJQ-SgnG9CPnvw63EwhOKQJ3W9f... .