Comments (15)
edannenberg
commented on June 19, 2024
Thanks for the report! Hmm at first glance, this seems to podman related, could you give it a try with Docker to narrow the issue down?
from kubler.
nikonakoneko
commented on June 19, 2024
It's also happening with docker, I didn't have it I freshly installed it and I'm using default configuration.
Now I just saw that it tries to build with userpriv usersandbox features enabled. There's another issue talking about that iirc. I tried with BOB_FEATURES and FEATURES in my kubler.conf to disable these features but it's not changing anything
from kubler.
nikonakoneko
commented on June 19, 2024
Confirmed. If I use interactive build mode and disable userpriv usersandbox in make.conf it works.
How can I disable them for every image build?
from kubler.
edannenberg
commented on June 19, 2024
Hmm odd, I'm planning to do the monthly rebuild this Friday, let's see if I can replicate this.
Modifying BOB_FEATURES should be enough to unset userpriv and usersandbox. See man make.conf for all possible options.
from kubler.
nikonakoneko
commented on June 19, 2024
I talked to fast. I tried again, I set -userpriv -usersandbox and it fails after doing kubler clean -N ; sudo rm -rf ~/.kubler ~/.local/share/containers ; kubler update && kubler build experiments/minimal with both docker and podman.... I try once again and send logs
from kubler.
nikonakoneko
commented on June 19, 2024
docker info:
Client:
Context: default
Debug Mode: false
Server:
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 21
Server Version: 20.10.12
Storage Driver: fuse-overlayfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc version: f46b6ba2c9314cfc8caae24a32ec5fe9ef1059fe
init version: de40ad007797e0dcd8b7126f27bb87401d224240
Security Options:
seccomp
Profile: default
Kernel Version: 5.10.76-gentoo-r1-x86_64
Operating System: Gentoo Linux
OSType: linux
Architecture: x86_64
CPUs: 20
Total Memory: 45.91GiB
Name: desktop
ID: 236Q:XUCG:2OPI:OPOI:QEFX:UOCA:5HRC:ANUE:5TMX:JNY2:3SJT:KIQX
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support
build.log
»»» jue 28 jul 2022 10:29:24 CEST »»» exec: run_image kubler/bob-musl:20220728 experiments/minimal false rootfs-builder-experiments-minimal-24563-10689
�]0;emerge�!!! It seems /run is not mounted. Process management may malfunction.
�]0;@experiments-minimal:/��]0;emerge�!!! It seems /run is not mounted. Process management may malfunction.
�]0;@experiments-minimal:/��]0;emerge�!!! It seems /run is not mounted. Process management may malfunction.
�[33;01m * IMPORTANT:�[39;49;00m 4 news items need reading for repository 'gentoo'.
�[33;01m *�[39;49;00m Use �[32;01meselect news read�[39;49;00m to view new items.
�[32mThese are the packages that would be merged, in order:�[39;49;00m
Calculating dependencies �� -�� |�� /�� \�� \�� \�� -�� \�� -�� \�� \�� /�� |�� \�� \�� |�� /�� /�� -�� /�� \�� |�� \�� \�� |�� |�� /�� \�� -�� -�� |�� /�� \��... done!
[�[32mebuild�[39;49;00m �[32;01mN�[39;49;00m ] �[32msys-libs/musl-1.2.3::gentoo�[39;49;00m �[32mto /emerge-root/�[39;49;00m USE="�[34;01m-headers-only�[39;49;00m �[34;01m-verify-sig�[39;49;00m" 1060 KiB
[�[32mebuild�[39;49;00m �[33;01mR�[39;49;00m ] �[32mvirtual/libcrypt-1-r1:0/1::gentoo�[39;49;00m USE="�[32;01mstatic-libs�[39;49;00m*" 0 KiB
[�[32mebuild�[39;49;00m �[32;01mN�[39;49;00m ] �[32mvirtual/libcrypt-1-r1:0/1::gentoo�[39;49;00m �[32mto /emerge-root/�[39;49;00m USE="�[31;01mstatic-libs�[39;49;00m" 0 KiB
[�[32;01mebuild�[39;49;00m �[32;01mN�[39;49;00m ] �[32;01msys-apps/busybox-1.34.1::gentoo�[39;49;00m �[32mto /emerge-root/�[39;49;00m USE="�[31;01mmake-symlinks�[39;49;00m �[31;01mstatic�[39;49;00m �[34;01m-debug�[39;49;00m �[34;01m-ipv6�[39;49;00m �[34;01m-livecd�[39;49;00m �[34;01m-math�[39;49;00m �[34;01m-mdev�[39;49;00m �[34;01m-pam�[39;49;00m �[34;01m-savedconfig�[39;49;00m (�[34;01m-selinux�[39;49;00m) �[34;01m-sep-usr�[39;49;00m �[34;01m-syslog�[39;49;00m (�[34;01m-systemd�[39;49;00m)" 2419 KiB
Total: 4 packages (3 new, 1 reinstall), Size of downloads: 3478 KiB
>>> Verifying ebuild manifests�E>>> Jobs: �[32m0�[39;49;00m of �[32m4�[39;49;00m complete Load avg: 25.0, 26.8, 25.8�]0;experiments-minimal: Jobs: 0 of 4 complete Load avg: 25.0, 26.8, 25.8�
�[K>>> Jobs: �[32m0�[39;49;00m of �[32m4�[39;49;00m complete, �[32m1�[39;49;00m running Load avg: 25.0, 26.8, 25.8�]0;experiments-minimal: Jobs: 0 of 4 complete, 1 running Load avg: 25.0, 26.8, 25.8�
�[K>>> Emerging (�[33;01m1�[39;49;00m of �[33;01m4�[39;49;00m) �[32msys-libs/musl-1.2.3::gentoo�[39;49;00m for /emerge-root/�E>>> Jobs: �[32m0�[39;49;00m of �[32m4�[39;49;00m complete, �[32m1�[39;49;00m running Load avg: 25.0, 26.8, 25.8�]0;experiments-minimal: Jobs: 0 of 4 complete, 1 running Load avg: 25.0, 26.8, 25.8�
�[K>>> �[31;01mFailed�[39;49;00m to emerge �[32msys-libs/musl-1.2.3�[39;49;00m for /emerge-root/, Log file:�E>>> Jobs: �[32m0�[39;49;00m of �[32m4�[39;49;00m complete, �[32m1�[39;49;00m running Load avg: 25.0, 26.8, 25.8�]0;experiments-minimal: Jobs: 0 of 4 complete, 1 running Load avg: 25.0, 26.8, 25.8�
�[K>>> '�[32m/var/tmp/portage/sys-libs/musl-1.2.3/temp/build.log�[39;49;00m'�E>>> Jobs: �[32m0�[39;49;00m of �[32m4�[39;49;00m complete, �[32m1�[39;49;00m running Load avg: 25.0, 26.8, 25.8�]0;experiments-minimal: Jobs: 0 of 4 complete, 1 running Load avg: 25.0, 26.8, 25.8�
�[K>>> Jobs: �[32m0�[39;49;00m of �[32m4�[39;49;00m complete, �[32m1�[39;49;00m running, �[32m1�[39;49;00m failed Load avg: 25.0, 26.8, 25.8�]0;experiments-minimal: Jobs: 0 of 4 complete, 1 running, 1 failed Load avg: 25.0, 26.8, 25.8�
�[K>>> Jobs: �[32m0�[39;49;00m of �[32m4�[39;49;00m complete, �[32m1�[39;49;00m failed Load avg: 25.0, 26.8, 25.8�]0;experiments-minimal: Jobs: 0 of 4 complete, 1 failed Load avg: 25.0, 26.8, 25.8��Ebash: line 1: /distfiles/.__portage_test_write__: Permission denied
!!! No write access to '/distfiles'
!!! No write access to '/distfiles'
!!! File .layout.conf.ftp.snt.utwente.nl isn't fetched but unable to get it.
!!! File musl-1.2.3.tar.gz isn't fetched but unable to get it.
�[31;01m * �[39;49;00mFetch failed for 'sys-libs/musl-1.2.3', Log file:
�[31;01m * �[39;49;00m '/var/tmp/portage/sys-libs/musl-1.2.3/temp/build.log'
�[32m * �[39;49;00mMessages for package �[32msys-libs/musl-1.2.3�[39;49;00m merged to /emerge-root/:
�[31;01m * �[39;49;00mFetch failed for 'sys-libs/musl-1.2.3', Log file:
�[31;01m * �[39;49;00m '/var/tmp/portage/sys-libs/musl-1.2.3/temp/build.log'
�]0;@experiments-minimal:/��[33m»[�[31m✘�[33m]»�(B�[m�[33m[�(B�[mexperiments/minimal�[33m]»�(B�[m fatal: Failed to run image kubler/bob-musl:20220728
�
Files in kubler's distfiles are owned by root:portage
from kubler.
edannenberg
commented on June 19, 2024
Did you revert the userpriv and usersandbox changes? My distfiles folder looks like this:
drwxrwxr-x 3 ed portage 132K Jun 28 18:16 distfiles
As it has write permissions for the group, portage has no issue downloading stuff. All files are owned by portage:portage in the folder. Can you double check the write permission for the folder?
from kubler.
nikonakoneko
commented on June 19, 2024
portage group has write permission to ~/.kubler/distfiles directory and files inside it. I didn't change features. I even have them twice unset
grep -H userpri /etc/kubler.conf experiments/images/minimal/build.sh /etc/kubler.conf:BOB_FEATURES="${BOB_FEATURES:--parallel-fetch nodoc noinfo noman binpkg-multi-instance -ipc-sandbox -network-sandbox -pid-sandbox -userpriv -usersandbox}"
experiments/images/minimal/build.sh: echo 'FEATURES="-userpriv -usersandbox"' >> /etc/portage/make.conf
from kubler.
edannenberg
commented on June 19, 2024
Ok, so portage should be running as root but can't write anyways. Do you have some extra hardening on the host that might prevent docker/podman from writing to a host mount?
from kubler.
nikonakoneko
commented on June 19, 2024
I'm using a gentoo hardened profile, but afaik i didnt change anything from defaults for security related config. SELinux is disabled, and I don't know what else I could have nor how i could debug it
from kubler.
edannenberg
commented on June 19, 2024
Hmm let's try to narrow it down:
docker run -it --rm -v /path/to/distfiles:/distfiles busybox
# echo test > /distfiles/foo.txt
If that fails there is most likely some host related issue.
from kubler.
nikonakoneko
commented on June 19, 2024
Hmm let's try to narrow it down:
docker run -it --rm -v /path/to/distfiles:/distfiles busybox # echo test > /distfiles/foo.txtIf that fails there is most likely some host related issue.
It's working fine
from kubler.
edannenberg
commented on June 19, 2024
Ok progess. :)
If I use interactive build mode and disable userpriv usersandbox in make.conf it works.
Let's check how the permissions for /distfiles look from inside the interactive build container.
from kubler.
nikonakoneko
commented on June 19, 2024
kubler clean -N ; sudo rm -rf ~/.kubler ~/.local/share/containers ; kubler update && kubler build -i experiments/minimal
kubler-bob-musl / # ls -la /distfiles/
total 174684
drwxrwxr-x+ 1 1000 portage 1052 Jul 28 15:57 .
drwxr-xr-x 24 root root 0 Jul 28 18:46 ..
-rw-rw-r--+ 1 root portage 45 Nov 5 2019 .layout.conf.ftp.snt.utwente.nl
-rw-rw-r--+ 1 root portage 119 Jul 28 07:22 .mirror-cache.json
-rw-rw-r--+ 1 root portage 158456 Mar 8 2017 UnicodeData-10.0.0.txt.xz
-rw-rw-r--+ 1 root portage 311004 Jul 25 2020 bash-completion-2.11.tar.xz
-rw-rw-r--+ 1 root portage 3539 May 25 2019 bashcomp-2.0.3.tar.gz
-rw-rw-r--+ 1 root portage 2105561 May 18 06:52 cython-0.29.30.gh.tar.gz
-rw-rw-r--+ 1 root portage 639864 Jun 4 09:58 eix-0.36.3.tar.xz
-rw-rw-r--+ 1 root portage 8543 Jan 13 2022 eselect-repository-12.tar.gz
-rw-rw-r--+ 1 root portage 16767 May 24 2013 flaggie-0.2.1.tar.bz2
-rw-rw-r--+ 1 root root 5 Jul 28 15:57 foo.txt
-rw-rw-r--+ 1 root portage 21508 Feb 10 2019 gentoo-bashcomp-20190211.tar.bz2
-rw-rw-r--+ 1 root portage 3203805 Mar 2 2021 gentoolkit-0.5.1.tar.gz
-rw-rw-r--+ 1 root portage 6874520 Jan 29 01:46 git-2.35.1.tar.xz
-rw-rw-r--+ 1 root portage 497284 Jan 29 01:46 git-manpages-2.35.1.tar.xz
-rw-rw-r--+ 1 root portage 125758119 Jul 23 2021 go-linux-amd64-bootstrap-1.16.6.tbz
-rw-rw-r--+ 1 root portage 22845866 Jul 12 19:40 go1.18.4.src.tar.gz
-rw-rw-r--+ 1 root portage 1181867 Nov 10 2020 jq-1.7_pre20201109.tar.gz
-rw-rw-r--+ 1 root portage 960663 Jul 2 05:52 lxml-4.9.1.gh.tar.gz
-rw-rw-r--+ 1 root portage 1585293 Nov 17 2010 miscfiles-1.5.tar.gz
-rw-rw-r--+ 1 root portage 944148 Apr 29 04:51 onig-6.9.8.tar.gz
-rw-rw-r--+ 1 root portage 1820282 Feb 23 11:37 openssh-8.9p1.tar.gz
-rw-rw-r--+ 1 root portage 9864061 Jul 5 10:09 openssl-1.1.1q.tar.gz
-rw-rw-r--+ 1 root portage 2839 Sep 7 2020 push-3.4.tar.gz
-rw-rw-r--+ 1 root portage 11128 Aug 9 2020 quoter-4.2.tar.gz
from kubler.
edannenberg
commented on June 19, 2024
Sorry for the delay, I hope you could resolve the issue, it looked liked something specific to your setup as I couldn't replicate the problem. Feel free to reopen if you still need help with this.
from kubler.
Related Issues (20)
- Here we go again: user eclasses have been updated again and causing trouble for Kubler HOT 2
- Apptainer/Singularity support? HOT 2
- flaggie-0.99.3 does not support --strict and --destructive-cleanup
- Use Dockerfile ARGs HOT 4
- bob-core Dockerfile template clobbered RUN command
- error when calling app-portage/flaggie HOT 7
- permission thing HOT 16
- Support proxied / restrictive environments HOT 2
- [BUG]: `POST_BUILD_HC=false` is not honoured HOT 2
- user eclasses updated again
- Example mytest/figlet fails without optional GPG keys HOT 3
- missing gfortran.so HOT 2
- kubler builds broken core image if xzcat not found HOT 1
- acct-user.eclass updated again breaking Kubler patches HOT 1
- FEATURES="-network-sandbox" being stripped from build dependencies
- What is the Glibc Iconv Encodings _iconv_from Feature HOT 2
- MIRROR fails with multiple elements HOT 1
- log file permissions when running as non-root HOT 2
- cannot build builders HOT 2
- ld.so.cache not updating properly for emerge-root HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubler.