* [PATCH v3 1/2] travis: Fix openSUSE Tumbleweed
@ 2021-04-15 11:27 Petr Vorel
2021-04-15 11:27 ` [PATCH v3 2/2] tests/install-swtpm.sh: Add tar option --no-same-owner Petr Vorel
2021-04-15 15:10 ` [PATCH v3 1/2] travis: Fix openSUSE Tumbleweed Mimi Zohar
0 siblings, 2 replies; 4+ messages in thread
From: Petr Vorel @ 2021-04-15 11:27 UTC (permalink / raw)
To: linux-integrity; +Cc: Petr Vorel, Mimi Zohar
openSUSE Tumbleweed build fails due broken permission detection due
faccessat2() incompatibility in libseccomp/runc used in old docker with
old kernel on Ubuntu Focal on hosts in Travis CI together with guests
with the newest glibc 2.33.
Fixing Tumbleweed required switch to podman and downloading newest runc
release (v1.0.0-rc93) which contains the fix [1], because proposed glibc
fix [2] aren't going to merged to upstream [3] nor to Tumbleweed
downstream glibc [4].
Sooner or later it will be required for more distros (Fedora, Debian
Ubuntu), but don't waste build time until required.
[1] https://github.com/opencontainers/runc/pull/2750
[2] https://sourceware.org/pipermail/libc-alpha/2020-November/119955.html
[3] https://sourceware.org/pipermail/libc-alpha/2020-November/119978.html
[4] https://bugzilla.opensuse.org/1182451
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Changes v2->v3:
* remove sudo (replaced by --no-same-owner)
Whole patchset tested on Travis CI:
https://travis-ci.org/github/pevik/ima-evm-utils/builds/767144462
Kind regards,
Petr
.travis.yml | 27 +++++++++++++++++++++++----
1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index e73b24e..ac6b2a5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,4 +1,7 @@
+# Copyright (c) 2017-2021 Petr Vorel <pvorel@suse.cz>
+
dist: bionic
+sudo: required
language: C
services:
- docker
@@ -30,7 +33,7 @@ matrix:
# glibc (gcc/clang)
- os: linux
- env: DISTRO=opensuse/tumbleweed TSS=ibmtss
+ env: DISTRO=opensuse/tumbleweed TSS=ibmtss CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/runc --network=host"
compiler: clang
- os: linux
@@ -66,13 +69,29 @@ matrix:
compiler: gcc
before_install:
- - df -hT
+ # Tumbleweed requires podman and newest runc due docker incompatible with glibc 2.33 (faccessat2)
+ - CONTAINER="${CONTAINER:-docker}"
+ - >
+ if [ "$CONTAINER" = "podman" ]; then
+ # podman
+ . /etc/os-release
+ sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
+ wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- | sudo apt-key add -
+ sudo apt update
+ sudo apt -y install podman slirp4netns
+
+ # runc
+ sudo curl -L https://github.com/opencontainers/runc/releases/download/v1.0.0-rc93/runc.amd64 -o /usr/bin/runc
+ sudo chmod +x /usr/bin/runc
+ fi
+ - $CONTAINER info
+
- DIR="/usr/src/ima-evm-utils"
- printf "FROM $DISTRO\nRUN mkdir -p $DIR\nWORKDIR $DIR\nCOPY . $DIR\n" > Dockerfile
- cat Dockerfile
- - docker build -t ima-evm-utils .
+ - $CONTAINER build $CONTAINER_ARGS -t ima-evm-utils .
script:
- INSTALL="${DISTRO%%:*}"
- INSTALL="${INSTALL%%/*}"
- - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh"
+ - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh"
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v3 2/2] tests/install-swtpm.sh: Add tar option --no-same-owner
2021-04-15 11:27 [PATCH v3 1/2] travis: Fix openSUSE Tumbleweed Petr Vorel
@ 2021-04-15 11:27 ` Petr Vorel
2021-04-15 15:10 ` [PATCH v3 1/2] travis: Fix openSUSE Tumbleweed Mimi Zohar
1 sibling, 0 replies; 4+ messages in thread
From: Petr Vorel @ 2021-04-15 11:27 UTC (permalink / raw)
To: linux-integrity; +Cc: Petr Vorel, Mimi Zohar
to workaround running out of subuids/subgids when using podman:
tar: ./LICENSE: Cannot change ownership to uid 339315, gid 578953: Invalid argument
(run script under sudo would also work, but this does not require it)
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Changes v2->v3:
* new commit
Feel free to squash it to the previous commit.
Kind regards,
Petr
tests/install-swtpm.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/install-swtpm.sh b/tests/install-swtpm.sh
index 2d8293a..2666748 100755
--- a/tests/install-swtpm.sh
+++ b/tests/install-swtpm.sh
@@ -6,7 +6,7 @@ version=1637
wget --no-check-certificate https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${version}.tar.gz/download
mkdir ibmtpm$version
cd ibmtpm$version
-tar -xvzf ../download
+tar --no-same-owner -xvzf ../download
cd src
make -j$(nproc)
sudo cp tpm_server /usr/local/bin/
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v3 1/2] travis: Fix openSUSE Tumbleweed
2021-04-15 11:27 [PATCH v3 1/2] travis: Fix openSUSE Tumbleweed Petr Vorel
2021-04-15 11:27 ` [PATCH v3 2/2] tests/install-swtpm.sh: Add tar option --no-same-owner Petr Vorel
@ 2021-04-15 15:10 ` Mimi Zohar
2021-04-15 16:28 ` Petr Vorel
1 sibling, 1 reply; 4+ messages in thread
From: Mimi Zohar @ 2021-04-15 15:10 UTC (permalink / raw)
To: Petr Vorel, linux-integrity; +Cc: Mimi Zohar
Hi Petr,
On Thu, 2021-04-15 at 13:27 +0200, Petr Vorel wrote:
> openSUSE Tumbleweed build fails due broken permission detection due
> faccessat2() incompatibility in libseccomp/runc used in old docker with
> old kernel on Ubuntu Focal on hosts in Travis CI together with guests
> with the newest glibc 2.33.
>
> Fixing Tumbleweed required switch to podman and downloading newest runc
> release (v1.0.0-rc93) which contains the fix [1], because proposed glibc
> fix [2] aren't going to merged to upstream [3] nor to Tumbleweed
> downstream glibc [4].
>
> Sooner or later it will be required for more distros (Fedora, Debian
> Ubuntu), but don't waste build time until required.
>
> [1] https://github.com/opencontainers/runc/pull/2750
> [2] https://sourceware.org/pipermail/libc-alpha/2020-November/119955.html
> [3] https://sourceware.org/pipermail/libc-alpha/2020-November/119978.html
> [4] https://bugzilla.opensuse.org/1182451
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> Changes v2->v3:
> * remove sudo (replaced by --no-same-owner)
Thanks, Petr. Other than actually removing the "sudo", the patch
looks good and works properly on our internal travis too. Assuming you
don't object, I'll remove the "sudo".
thanks,
Mimi
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v3 1/2] travis: Fix openSUSE Tumbleweed
2021-04-15 15:10 ` [PATCH v3 1/2] travis: Fix openSUSE Tumbleweed Mimi Zohar
@ 2021-04-15 16:28 ` Petr Vorel
0 siblings, 0 replies; 4+ messages in thread
From: Petr Vorel @ 2021-04-15 16:28 UTC (permalink / raw)
To: Mimi Zohar; +Cc: linux-integrity, Mimi Zohar
Hi Mimi,
...
> > Changes v2->v3:
> > * remove sudo (replaced by --no-same-owner)
> Thanks, Petr. Other than actually removing the "sudo", the patch
> looks good and works properly on our internal travis too. Assuming you
> don't object, I'll remove the "sudo".
Yes, and sorry for leaving it there.
Kind regards,
Petr
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-04-15 16:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-15 11:27 [PATCH v3 1/2] travis: Fix openSUSE Tumbleweed Petr Vorel
2021-04-15 11:27 ` [PATCH v3 2/2] tests/install-swtpm.sh: Add tar option --no-same-owner Petr Vorel
2021-04-15 15:10 ` [PATCH v3 1/2] travis: Fix openSUSE Tumbleweed Mimi Zohar
2021-04-15 16:28 ` Petr Vorel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).