[PATCH 1/1] travis: Fix Fedora

[PATCH 1/1] travis: Fix Fedora

[Petr Vorel]

Fedora recently got 2.33, which requires on Travis CI to use podman.

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Hi Mimi,

Tested [1].

Previously Fedora fails on autoconf issue [2], which is caused by
faccessat2 incompatibility on glibc 2.33:

/usr/bin/autoconf: This script requires a shell more modern than all
/usr/bin/autoconf: the shells that I found on your system.
/usr/bin/autoconf: Please tell bug-autoconf@gnu.org about your system,
/usr/bin/autoconf: including any error possibly output before this
/usr/bin/autoconf: message. Then install a modern shell, or manually run
/usr/bin/autoconf: the script under such a shell if you do have one.
autoreconf: /usr/bin/autoconf failed with exit status: 1

[1] https://travis-ci.org/github/pevik/ima-evm-utils/builds/768789641
[2] https://travis-ci.org/github/pevik/ima-evm-utils/jobs/767259578

 .travis.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index fde774e..fa3cbae 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -32,7 +32,7 @@ matrix:
 
         # glibc (gcc/clang)
         - os: linux
-          env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host"
+          env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman
           compiler: clang
 
         - os: linux
@@ -48,7 +48,7 @@ matrix:
           compiler: clang
 
         - os: linux
-          env: DISTRO=fedora:latest TSS=ibmtss
+          env: DISTRO=fedora:latest TSS=ibmtss CONTAINER=podman
           compiler: clang
 
         - os: linux
@@ -68,11 +68,12 @@ matrix:
           compiler: gcc
 
 before_install:
-    # Tumbleweed requires podman and newest runc due docker incompatible with glibc 2.33 (faccessat2)
     - CONTAINER="${CONTAINER:-docker}"
+    # distros with glibc >=2.33 require podman and newest runc due docker faccessat2 incompatibility
     - >
         if [ "$CONTAINER" = "podman" ]; then
             # podman
+            CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host"
             . /etc/os-release
             sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
             wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- | sudo apt-key add -
-- 
2.31.1

Re: [PATCH 1/1] travis: Fix Fedora

[Mimi Zohar]

Hi Petr,

On Thu, 2021-04-29 at 07:39 +0200, Petr Vorel wrote:
> Fedora recently got 2.33, which requires on Travis CI to use podman.
> 
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> Hi Mimi,
> 
> Tested [1].
> 
> Previously Fedora fails on autoconf issue [2], which is caused by
> faccessat2 incompatibility on glibc 2.33:
> 
> /usr/bin/autoconf: This script requires a shell more modern than all
> /usr/bin/autoconf: the shells that I found on your system.
> /usr/bin/autoconf: Please tell bug-autoconf@gnu.org about your system,
> /usr/bin/autoconf: including any error possibly output before this
> /usr/bin/autoconf: message. Then install a modern shell, or manually run
> /usr/bin/autoconf: the script under such a shell if you do have one.
> autoreconf: /usr/bin/autoconf failed with exit status: 1
> 
> [1] https://travis-ci.org/github/pevik/ima-evm-utils/builds/768789641
> [2] https://travis-ci.org/github/pevik/ima-evm-utils/jobs/767259578

The "boot_aggregate" test should succeed, but for some reason is now
being skipped.

PASS: ima_hash.test
PASS: sign_verify.test
SKIP: boot_aggregate.test

I tested with/without this patch on our internal travis.   I was seeing
the Tumbleweed problem, but am not seeing this problem with Fedora
latest yet.  Both with/without the patch, Fedora latest works properly
on our internal travis.

Mimi

Re: [PATCH 1/1] travis: Fix Fedora

[Petr Vorel]

Hi Mimi,

> Hi Petr,

> On Thu, 2021-04-29 at 07:39 +0200, Petr Vorel wrote:
> > Fedora recently got 2.33, which requires on Travis CI to use podman.

> > Signed-off-by: Petr Vorel <pvorel@suse.cz>
> > ---
> > Hi Mimi,

> > Tested [1].

> > Previously Fedora fails on autoconf issue [2], which is caused by
> > faccessat2 incompatibility on glibc 2.33:

> > /usr/bin/autoconf: This script requires a shell more modern than all
> > /usr/bin/autoconf: the shells that I found on your system.
> > /usr/bin/autoconf: Please tell bug-autoconf@gnu.org about your system,
> > /usr/bin/autoconf: including any error possibly output before this
> > /usr/bin/autoconf: message. Then install a modern shell, or manually run
> > /usr/bin/autoconf: the script under such a shell if you do have one.
> > autoreconf: /usr/bin/autoconf failed with exit status: 1

> > [1] https://travis-ci.org/github/pevik/ima-evm-utils/builds/768789641
> > [2] https://travis-ci.org/github/pevik/ima-evm-utils/jobs/767259578

> The "boot_aggregate" test should succeed, but for some reason is now
> being skipped.

> PASS: ima_hash.test
> PASS: sign_verify.test
> SKIP: boot_aggregate.test
Not sure why, I'll try to have look. Maybe missing dependencies?
I suppose this is not related to the patch at all.

> I tested with/without this patch on our internal travis.   I was seeing
> the Tumbleweed problem, but am not seeing this problem with Fedora
> latest yet.  Both with/without the patch, Fedora latest works properly
"not yet" => if you check glibc package update for the version. I bet it's still
2.32. Thanks for testing it.
> on our internal travis.

> Mimi

Kind regards,
Petr

Re: [PATCH 1/1] travis: Fix Fedora

[Mimi Zohar]

[Cc'ing Stefan]

Hi Petr,

On Fri, 2021-04-30 at 15:24 +0200, Petr Vorel wrote:
> > On Thu, 2021-04-29 at 07:39 +0200, Petr Vorel wrote:
> > > Fedora recently got 2.33, which requires on Travis CI to use podman.
> 
> > > Signed-off-by: Petr Vorel <pvorel@suse.cz>
> > > ---
> > > Hi Mimi,
> 
> > > Tested [1].
> 
> > > Previously Fedora fails on autoconf issue [2], which is caused by
> > > faccessat2 incompatibility on glibc 2.33:
> 
> > > /usr/bin/autoconf: This script requires a shell more modern than all
> > > /usr/bin/autoconf: the shells that I found on your system.
> > > /usr/bin/autoconf: Please tell bug-autoconf@gnu.org about your system,
> > > /usr/bin/autoconf: including any error possibly output before this
> > > /usr/bin/autoconf: message. Then install a modern shell, or manually run
> > > /usr/bin/autoconf: the script under such a shell if you do have one.
> > > autoreconf: /usr/bin/autoconf failed with exit status: 1
> 
> > > [1] https://travis-ci.org/github/pevik/ima-evm-utils/builds/768789641
> > > [2] https://travis-ci.org/github/pevik/ima-evm-utils/jobs/767259578
> 
> > The "boot_aggregate" test should succeed, but for some reason is now
> > being skipped.
> 
> > PASS: ima_hash.test
> > PASS: sign_verify.test
> > SKIP: boot_aggregate.test
> Not sure why, I'll try to have look. Maybe missing dependencies?
> I suppose this is not related to the patch at all.

The boot_aggregate test has a dependency on a software TPM.  From the
end of the log, there's problems communicating with the swtpm.

which: no tpm_server in (../src:/root/ima-evm-utils-install/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
INFO: Starting software TPM: /usr/bin/swtpm
INFO: Sending software TPM startup
TSS_Socket_Open: Error on connect to localhost:2321
TSS_Socket_Open: client connect: error 111 Connection refused
startup: failed, rc 000b0008
TSS_RC_NO_CONNECTION - Failure connecting to lower layer
INFO: Retry sending software TPM startup
TSS_Socket_Open: Error on connect to localhost:2321
TSS_Socket_Open: client connect: error 111 Connection refused
startup: failed, rc 000b0008
TSS_RC_NO_CONNECTION - Failure connecting to lower layer
INFO: Software TPM startup failed

> 
> > I tested with/without this patch on our internal travis.   I was seeing
> > the Tumbleweed problem, but am not seeing this problem with Fedora
> > latest yet.  Both with/without the patch, Fedora latest works properly
> "not yet" => if you check glibc package update for the version. I bet it's still
> 2.32. Thanks for testing it.

From the local raw log:
  glibc-devel-2.33-
5.fc34.x86_64                                                
  glibc-headers-x86-2.33-5.fc34.noarch

thanks,

Mimi

> > on our internal travis.

Re: [PATCH 1/1] travis: Fix Fedora

[Petr Vorel]

> [Cc'ing Stefan]

> Hi Petr,

> On Fri, 2021-04-30 at 15:24 +0200, Petr Vorel wrote:
> > > On Thu, 2021-04-29 at 07:39 +0200, Petr Vorel wrote:
> > > > Fedora recently got 2.33, which requires on Travis CI to use podman.

> > > > Signed-off-by: Petr Vorel <pvorel@suse.cz>
> > > > ---
> > > > Hi Mimi,

> > > > Tested [1].

> > > > Previously Fedora fails on autoconf issue [2], which is caused by
> > > > faccessat2 incompatibility on glibc 2.33:

> > > > /usr/bin/autoconf: This script requires a shell more modern than all
> > > > /usr/bin/autoconf: the shells that I found on your system.
> > > > /usr/bin/autoconf: Please tell bug-autoconf@gnu.org about your system,
> > > > /usr/bin/autoconf: including any error possibly output before this
> > > > /usr/bin/autoconf: message. Then install a modern shell, or manually run
> > > > /usr/bin/autoconf: the script under such a shell if you do have one.
> > > > autoreconf: /usr/bin/autoconf failed with exit status: 1

> > > > [1] https://travis-ci.org/github/pevik/ima-evm-utils/builds/768789641
> > > > [2] https://travis-ci.org/github/pevik/ima-evm-utils/jobs/767259578

> > > The "boot_aggregate" test should succeed, but for some reason is now
> > > being skipped.

> > > PASS: ima_hash.test
> > > PASS: sign_verify.test
> > > SKIP: boot_aggregate.test
> > Not sure why, I'll try to have look. Maybe missing dependencies?
> > I suppose this is not related to the patch at all.

> The boot_aggregate test has a dependency on a software TPM.  From the
> end of the log, there's problems communicating with the swtpm.

> which: no tpm_server in (../src:/root/ima-evm-utils-install/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
> INFO: Starting software TPM: /usr/bin/swtpm
> INFO: Sending software TPM startup
> TSS_Socket_Open: Error on connect to localhost:2321
> TSS_Socket_Open: client connect: error 111 Connection refused
> startup: failed, rc 000b0008
> TSS_RC_NO_CONNECTION - Failure connecting to lower layer
> INFO: Retry sending software TPM startup
> TSS_Socket_Open: Error on connect to localhost:2321
> TSS_Socket_Open: client connect: error 111 Connection refused
> startup: failed, rc 000b0008
> TSS_RC_NO_CONNECTION - Failure connecting to lower layer
> INFO: Software TPM startup failed
Hm, testing if sudo is needed for podman to be able to the container run swtpm.

> > > I tested with/without this patch on our internal travis.   I was seeing
> > > the Tumbleweed problem, but am not seeing this problem with Fedora
> > > latest yet.  Both with/without the patch, Fedora latest works properly
> > "not yet" => if you check glibc package update for the version. I bet it's still
> > 2.32. Thanks for testing it.

> From the local raw log:
>   glibc-devel-2.33-
> 5.fc34.x86_64
>   glibc-headers-x86-2.33-5.fc34.noarch

OK, if your internal travis is working with 2.33 maybe the rest of the setup is
different (different docker and/or runc), because this patch is really needed on
public Travis.

Kind regards,
Petr

> thanks,

> Mimi

> > > on our internal travis.

Re: [PATCH 1/1] travis: Fix Fedora

[Petr Vorel]

Hi Mimi,

> > [Cc'ing Stefan]

> > Hi Petr,

> > On Fri, 2021-04-30 at 15:24 +0200, Petr Vorel wrote:
> > > > On Thu, 2021-04-29 at 07:39 +0200, Petr Vorel wrote:
> > > > > Fedora recently got 2.33, which requires on Travis CI to use podman.

> > > > > Signed-off-by: Petr Vorel <pvorel@suse.cz>
> > > > > ---
> > > > > Hi Mimi,

> > > > > Tested [1].

> > > > > Previously Fedora fails on autoconf issue [2], which is caused by
> > > > > faccessat2 incompatibility on glibc 2.33:

> > > > > /usr/bin/autoconf: This script requires a shell more modern than all
> > > > > /usr/bin/autoconf: the shells that I found on your system.
> > > > > /usr/bin/autoconf: Please tell bug-autoconf@gnu.org about your system,
> > > > > /usr/bin/autoconf: including any error possibly output before this
> > > > > /usr/bin/autoconf: message. Then install a modern shell, or manually run
> > > > > /usr/bin/autoconf: the script under such a shell if you do have one.
> > > > > autoreconf: /usr/bin/autoconf failed with exit status: 1

> > > > > [1] https://travis-ci.org/github/pevik/ima-evm-utils/builds/768789641
> > > > > [2] https://travis-ci.org/github/pevik/ima-evm-utils/jobs/767259578

> > > > The "boot_aggregate" test should succeed, but for some reason is now
> > > > being skipped.

> > > > PASS: ima_hash.test
> > > > PASS: sign_verify.test
> > > > SKIP: boot_aggregate.test
> > > Not sure why, I'll try to have look. Maybe missing dependencies?
> > > I suppose this is not related to the patch at all.

> > The boot_aggregate test has a dependency on a software TPM.  From the
> > end of the log, there's problems communicating with the swtpm.

> > which: no tpm_server in (../src:/root/ima-evm-utils-install/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
> > INFO: Starting software TPM: /usr/bin/swtpm
> > INFO: Sending software TPM startup
> > TSS_Socket_Open: Error on connect to localhost:2321
> > TSS_Socket_Open: client connect: error 111 Connection refused
> > startup: failed, rc 000b0008
> > TSS_RC_NO_CONNECTION - Failure connecting to lower layer
> > INFO: Retry sending software TPM startup
> > TSS_Socket_Open: Error on connect to localhost:2321
> > TSS_Socket_Open: client connect: error 111 Connection refused
> > startup: failed, rc 000b0008
> > TSS_RC_NO_CONNECTION - Failure connecting to lower layer
> > INFO: Software TPM startup failed
> Hm, testing if sudo is needed for podman to be able to the container run swtpm.
OK, sudo didn't help:
https://travis-ci.org/github/pevik/ima-evm-utils/jobs/769054065

I have no idea what's wrong.

Kind regards,
Petr

> > > > I tested with/without this patch on our internal travis.   I was seeing
> > > > the Tumbleweed problem, but am not seeing this problem with Fedora
> > > > latest yet.  Both with/without the patch, Fedora latest works properly
> > > "not yet" => if you check glibc package update for the version. I bet it's still
> > > 2.32. Thanks for testing it.

> > From the local raw log:
> >   glibc-devel-2.33-
> > 5.fc34.x86_64
> >   glibc-headers-x86-2.33-5.fc34.noarch

> OK, if your internal travis is working with 2.33 maybe the rest of the setup is
> different (different docker and/or runc), because this patch is really needed on
> public Travis.

> Kind regards,
> Petr

> > thanks,

> > Mimi

> > > > on our internal travis.