Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unable to build tree in docker container in fedora 31 #1943

Open
vtolstov opened this issue Nov 22, 2019 · 9 comments
Open

unable to build tree in docker container in fedora 31 #1943

vtolstov opened this issue Nov 22, 2019 · 9 comments

Comments

@vtolstov
Copy link

vtolstov commented Nov 22, 2019
edited
Loading

after successful deploy fedora 31 from builded ostree repo (host fedora 29, container fedora 31)
now i can't build the same tree under fedora 31 host system (host fedora 31, container fedora 31)

before downloading packages i have some messages like

(rpm-ostree compose tree:213): librepo-WARNING **: 16:49:59.781: WARNING! Deprecated LRO_MIRRORLIST used

and it always stuck at Installing packages, percentage varies from 17 to 43 from one build to another. it can't be stopped by hitting ctrl+c.
I'm try to add unified core options, but it fails with:

⠁ Importing packages   0/840 [░░░░░░░░░░░░░░░░░░░░] (0s) 

(rpm-ostree compose tree:328): GLib-CRITICAL **: 17:21:17.680: g_variant_new_string: assertion 'string != NULL' failed

(rpm-ostree compose tree:328): GLib-CRITICAL **: 17:21:17.680: g_variant_new_variant: assertion 'value != NULL' failed

(rpm-ostree compose tree:328): GLib-CRITICAL **: 17:21:17.680: g_variant_get_type: assertion 'value != NULL' failed

(rpm-ostree compose tree:328): GLib-CRITICAL **: 17:21:17.680: g_variant_type_is_subtype_of: assertion 'g_variant_type_check (type)' fai
led

(rpm-ostree compose tree:328): GLib-CRITICAL **: 17:21:17.680: g_variant_builder_add_value: assertion '!GVSB(builder)->expected_type || 
g_variant_is_of_type (value, GVSB(builder)->expected_type)' failed

(rpm-ostree compose tree:328): GLib-CRITICAL **: 17:21:17.680: g_variant_builder_end: assertion 'GVSB(builder)->offset >= GVSB(builder)-
>min_items' failed

(rpm-ostree compose tree:328): GLib-CRITICAL **: 17:21:17.680: g_variant_get_type: assertion 'value != NULL' failed

(rpm-ostree compose tree:328): GLib-CRITICAL **: 17:21:17.680: g_variant_type_is_subtype_of: assertion 'g_variant_type_check (type)' fai
led

(rpm-ostree compose tree:328): GLib-CRITICAL **: 17:21:17.680: g_variant_builder_add_value: assertion '!GVSB(builder)->expected_type || 
Importing packages... done
error: Importing package 'alternatives': Writing tmpfiles mtree: Failed to look up SELinux label for '/'
@vtolstov
Copy link
Author

if i set selinux: false in treefile, this error not happens

@vtolstov
Copy link
Author

but happened another one

error: Loading pkgcache branch rpmostree/pkg/ModemManager-glib/1.10.6-2.fc31.x86__64: Failed to find metadata key rpmostree.sepolicy (si
gnature s)

@vtolstov
Copy link
Author

after doing rpm-ostree usroverlay and install docker-ce, i can build my tree again (without unified-core).
So where is breakage - in moby-engine or in rpm-ostree?

@plfiorini
Copy link

@vtolstov I had the same problem and managed to fix it with the following arguments to docker:

docker run --rm -ti --privileged --user root -v $(pwd):/work -w /work --tmpfs /tmp -v /var/tmp:/var/tmp --device /dev/fuse --security-opt label:disable dockerimage ./build

Where dockerimage is the name of an image derived from fedora:31 with the following RPMs installed: rpm-ostree rsync openssh-clients selinux-policy selinux-policy-targeted policycoreutils and ./build is a command that runs rpm-ostree compose with unified-core.

You might have to remove the cache directory before trying again.

@jlebon
Copy link
Member

jlebon commented Dec 18, 2019

The most frictionless way to run rpm-ostree in a container is via coreos-assembler. It's shipped as a container and is fully supported in rootless mode (but requires /dev/kvm).

But of course, running rpm-ostree directly is also still supported. It works fine for me in a podman container with --privileged.

@w4tsn
Copy link
Contributor

w4tsn commented Jan 18, 2021
edited
Loading

Hey there, I want to add my experiences here. I'm using F31 - F33 in my setup and it's a bit wild so please bare with me :)

It might be worth to open another issue on this, but I want to relate first since I'm seeing the same error messages.

My current situation is that I have a F33 based rpm-ostree container that reports error: Importing package 'alternatives': Writing tmpfiles mtree: Failed to look up SELinux label for '/' on a build on my local F33 Workstation (with --privileged). After installing the dependencies mentioned by @plfiorini I see error: Loading pkgcache branch rpmostree/pkg/ModemManager-glib/1.10.6-2.fc31.x86__64: Failed to find metadata key rpmostree.sepolicy (si gnature s).

I have another container, based on F32, which is running in a CI pipeline on a CentOS 7 host (also --privileged) that executes rpm-ostree builds just fine. This exact same container throws error: Loading pkgcache branch rpmostree/pkg/ModemManager-glib/1.10.6-2.fc31.x86__64: Failed to find metadata key rpmostree.sepolics on my local F33 Workstation.

I've then tested the F33-based rpm-ostree container on a CentOS 7 host (like the one working based on F32) and it fails there with SELinux errors as well. I'm using SELinux, so turning it off is not an option.

I'm using rpm-ostree with --unified-core if that makes a difference.

I then also have a EC2 autoscaler running the working F32 based container. On EC2 the F32 container also failed at first, while I was still using a standard ubuntu AMI. After switching over to an CentOS 7 AMI it worked.

So to warp it up, I'm currently having a F33 based rpm-ostree container with no extra dependencies installed that does not work on a CentOS 7 host, nor F33 Workstation.

I'm really confused and I don't really understand what's happening here. Of course I'll investigate this further, but maybe someone else can relate or even give a hint or something. Well, it's just a hell of different variables to test and compare here. I'll come back later with a more "structured" write up on this, after a bit more testing.

EDIT:

OK nvm.! The missing piece here was that I'm building against fedora-33 repos, but in the failing case didn't use fedora-33-updates which caused the error error: Loading pkgcache branch rpmostree/pkg/ModemManager-glib/1.10.6-2.fc31.x86__64: Failed to find metadata key rpmostree.sepolicy

@heyakyra
Copy link

heyakyra commented Apr 19, 2022
edited
Loading

I'm hitting this on the Silverblue F36 beta trying to update Zoom to the newest release:

$ rpm-ostree remove zoom --install ~/Downloads/zoom_x86_64.rpm
error: Importing package 'zoom': Writing tmpfiles mtree: Failed to look up SELinux label for '/'

This is on the host workstation, not within any toolbox or container.

@jlebon
Copy link
Member

jlebon commented Apr 19, 2022

@heyakyra This seems like a distinct issue. Can you file a separate ticket? Please include where you got the RPM, and the version of rpm-ostree (and rpm-ostree status).

@heyakyra
Copy link

heyakyra commented Apr 21, 2022
edited
Loading

Foolishly, this seems to be the result of me purging /etc/selinux, if you know how to recover from this, as chronicled in the forums: https://discussion.fedoraproject.org/t/silverblue-rawhide-2019-02-05-selinux-labels-missing/1080/12?u=kxra

Any help recovering from this much appreciated!

@travier travier mentioned this issue Jul 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@vtolstov @heyakyra @plfiorini @w4tsn @jlebon