You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@buildstream.apache.org by GitBox <gi...@apache.org> on 2022/06/22 18:31:45 UTC
[GitHub] [buildstream] nanonyme opened a new issue, #1660: ostree partially incompatible with new bst2 sandboxing
nanonyme opened a new issue, #1660:
URL: https://github.com/apache/buildstream/issues/1660
Noticed by @abderrahim
I can reproduce this using the latest version of [!7038](https://github.com/freedesktop-sdk/freedesktop-sdk/-/merge_requests/7038) by running make run-ostree-vm. I get the following error:
```
error: Writing content object: Setting xattrs: fsetxattr(user.checksum.sha256): Operation not supported
Command 'ostree pull-local "/buildstream/freedesktop-sdk/vm/minimal-ostree/image.bst/source-repo" freedesktop
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] gtristan commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
gtristan commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1169884373
Note also, when observing the pipeline and when trying to run `make run-ostree-vm` locally, I get the following:
```
project.conf [line 59 column 4]: project 'bst-plugins-experimental' referred to by junction 'plugins/bst-plugins-experimental.bst' does not declare any element plugin kind: 'collect_initial_scripts'
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] nanonyme commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
nanonyme commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1172881632
I think it would be nice if that xattr is allowed into sandbox. It allows more performant tooling for same-file checking
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] juergbi commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
juergbi commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1172868487
As I understand it, the error is from using `ostree` as CLI tool within the build sandbox, not from the ostree/ostree_mirror plugins.
buildbox-fuse does not currently support `setxattr`. It allows retrieving the built-in `user.checksum.sha256` xattr for CAS files, though. I'm wondering whether `ostree` also wants to set the `user.checksum.sha256` xattr on its own or whether it essentially wants to transfer the xattr from a CAS file in buildbox-fuse to a copy of the file.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] juergbi closed issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
juergbi closed issue #1660: ostree partially incompatible with new bst2 sandboxing
URL: https://github.com/apache/buildstream/issues/1660
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] juergbi commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
juergbi commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1172875218
For `EXT2_IOC_GETFLAGS` ostree has special error cases:
```c
int r = ioctl (fd, EXT2_IOC_GETFLAGS, &flags);
if (r == -1)
{
if (errno == EPERM)
g_atomic_int_set (&no_alter_immutable, 1);
else if (errno == EOPNOTSUPP || errno == ENOTTY)
;
else
return glnx_throw_errno_prefix (error, "ioctl(EXT2_IOC_GETFLAGS)");
}
```
I'll try to modify buildbox-fuse to return `EOPNOTSUPP` if that makes sense.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] juergbi commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
juergbi commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1172875002
It currently does return "Operation not supported" as per the error message in the first comment.
If I modify buildbox-fuse to not return the internal `user.checksum.sha256` in listxattr, I get past that error, although I get a new one:
```
error: ioctl(EXT2_IOC_GETFLAGS): Function not implemented
Command 'ostree admin deploy --os="freedesktop-sdk" \
--sysroot="/buildstream/freedesktop-sdk/vm/minimal-ostree/image.bst/sysroot" freedesktop-sdk-22.08beta-x86_64 \
--karg="rw" --karg=console=ttyS0' failed with exitcode 1
```
From a quick glance at ostree code I think this is the relevant code with regards to xattrs:
```c
xattrs = ostree_fs_get_all_xattrs (src_fd, cancellable, error);
if (!xattrs)
return FALSE;
if (!glnx_fd_set_all_xattrs (tmp_dest.fd, xattrs, cancellable, error))
return FALSE;
```
And I don't see any error being special cased in libglnx `glnx_fd_set_all_xattrs()`:
```c
if (TEMP_FAILURE_RETRY (fsetxattr (fd, (char*)name, (char*)value_data, value_len, 0)) < 0)
return glnx_throw_errno_prefix (error, "Setting xattrs: fsetxattr(%s)", name);
```
Dropping `user.checksum.sha256` from buildbox-fuse listxattr may be an acceptable solution.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] juergbi commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
juergbi commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1175940823
These changes have been merged into buildbox-fuse master.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] abderrahim commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
abderrahim commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1170835137
Updated the MR, should work now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] juergbi commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
juergbi commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1172883204
ostree currently just copies the xattr from buildbox-fuse when creating the repo and then attempts to replicate it as part of `pull-local`. I don't think there would be a performance benefit right now if setxattr was supported. Let's first get it working. If a xattr-related optimization is possible, we can consider this in a follow-up.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] gtristan commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
gtristan commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1169861949
Anything which you had permission to do when using bst 1, like setting `xattrs` (which will require root) should work equally with bst 2 *when executed in the same environment with the same privilidges*.
Maybe this usually works in CI under root user with bst1, but was tried as a regular user on a local workstation ?
Did this happen as a result of https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/abderrahim/bst2/elements/vm/minimal-ostree/image.bst#L35 ? or somewhere else ?
One thing I noticed is that this branch uses `ostree` from `bst-plugins-experimental` instead of from `buildstream-plugins`, which should be okay, but it also appears to use the `ostree_mirror` plugin, which simply does not exist anywhere:
```
- origin: junction
junction: plugins/bst-plugins-experimental.bst
elements:
- check_forbidden
- collect_initial_scripts
- collect_integration
- collect_manifest
- flatpak_image
- flatpak_repo
- makemaker
- modulebuild
- snap_image
sources:
- cpan
- git_tag
- git_module
- ostree
- ostree_mirror
- patch_queue
- pypi
- zip
```
I checked the ref at `plugins/bst-plugins-experimental.bst` which appears to be at the tip of master, but there is no such plugin.
Given that this non-existent plugin is used by the very same element: https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/abderrahim/bst2/elements/vm/minimal-ostree/image.bst#L102 it is hard to conceive of how the build got far enough to produce this error.
Can I get more information on how to reproduce this ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] abderrahim commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
abderrahim commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1172872423
I believe in this case it wants to transfer the xattr, but it also wants to set xattrs on its own. IIRC it tries to set the permissions using an xattr (I don't remember the details).
What makes it blow up though it that buildbox-fuse returns a "not implemented" error rather than "operation not supported". ostree has code to deal with filesystems that don't support xattrs, but the "not implemented" takes it off guard.
I would start by doing having an implementation that returns not supported and see how far that gets us.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] abderrahim commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
abderrahim commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1172876786
yeah, there is also ioctl which needs to be implemented. EOPNOTSUPP makes sense for both
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [buildstream] juergbi commented on issue #1660: ostree partially incompatible with new bst2 sandboxing
Posted by GitBox <gi...@apache.org>.
juergbi commented on issue #1660:
URL: https://github.com/apache/buildstream/issues/1660#issuecomment-1172901381
`make run-ostree-vm` works here with the following changes in buildbox-fuse:
* [listxattr: Don't advertise the checksum xattr](https://gitlab.com/BuildGrid/buildbox/buildbox-fuse/-/merge_requests/42)
* [Return ENOTTY for `ioctl`](https://gitlab.com/BuildGrid/buildbox/buildbox-fuse/-/merge_requests/40)
* [Add support for `RENAME_EXCHANGE` and `RENAME_NOREPLACE`](https://gitlab.com/BuildGrid/buildbox/buildbox-fuse/-/merge_requests/41)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@buildstream.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org