koji

Clone

#3568 kiwi: don't bind builders's /dev
Merged a year ago by tkopecek. Opened a year ago by tkopecek.
tkopecek/koji issue3567  into  master

file modified
+5 -1 
@@ -300,6 +300,10 @@ 
 

                  desc_url, desc_path, opts=None):
 

          self.opts = opts
 

          build_tag = target_info['build_tag']
 

+         if opts.get('bind_dev'):
 

+             bind_opts = {'dirs': {'/dev': '/dev'}}
 

+         else:
 

+             bind_opts = None
 

          broot = BuildRoot(self.session, self.options,
 

                            tag=build_tag,
 

                            arch=arch,
 
@@ -307,7 +311,7 @@ 
 

                            repo_id=repo_info['id'],
 

                            install_group='kiwi-build',
 

                            setup_dns=True,
 

-                           bind_opts={'dirs': {'/dev': '/dev', }})
 

+                           bind_opts=bind_opts)
 

          broot.workdir = self.workdir
 

  

          # create the mock chroot

file modified
+4 
@@ -30,6 +30,9 @@ 
 

      parser.add_option("--type", help="Override default build type from description")
 

      parser.add_option("--make-prep", action="store_true", default=False,
 

                        help="Run 'make prep' in checkout before starting the build")
 

+     parser.add_option("--bind-dev", action="store_true", default=False,
 

+                       help="e.g. images using device-mapper needs /dev mounted in kiwi env, "
 

+                            "while others can fail in such env.")
 

      parser.add_option("--can-fail", action="store", dest="optional_arches",
 

                        metavar="ARCH1,ARCH2,...", default="",
 

                        help="List of archs which are not blocking for build "
 
@@ -52,6 +55,7 @@ 
 

          'target': target,
 

          'desc_url': scm,
 

          'desc_path': path,
 

+         'bind_dev': options.bind_dev,
 

      }
 

      if options.scratch:
 

          kwargs['scratch'] = True

file modified
+3 -1 
@@ -17,7 +17,7 @@ 
 

  @export
 

  def kiwiBuild(target, arches, desc_url, desc_path, optional_arches=None, profile=None,
 

                scratch=False, priority=None, make_prep=False, repos=None, release=None,
 

-               type=None):
 

+               type=None, bind_dev=False):
 

      context.session.assertPerm('image')
 

      for i in [desc_url, desc_path, profile, release]:
 

          if i is not None:
 
@@ -52,6 +52,8 @@ 
 

          opts['release'] = release
 

      if optional_arches:
 

          opts['optional_arches'] = optional_arches
 

+     if bind_dev:
 

+         opts['bind_dev'] = bind_dev
 

      if repos:
 

          opts['repos'] = repos
 

      if make_prep:

:thumbsup:

Wait, what? How did we come to this conclusion?

Metadata Update from @tkopecek:
- Pull-request tagged with: testing-ready
a year ago

Metadata Update from @tkopecek:
- Pull-request untagged with: testing-ready
a year ago

I'm pretty sure this patch will break some classes of image builds. Especially ones that use device-mapper and such.

@ngompa This is what I get when I'm running it with bound /dev:

/var/lib/mock/hyperscale9s-spin_media-experimental-el9s-build-198-95/root/dev is pre-mounted and pre-populated. If a pre-mounted /dev is provided it needs to be an unpopulated file system.
mknod(/var/lib/mock/hyperscale9s-spin_media-experimental-el9s-build-198-95/root/dev/null) failed: File exists

Huh, okay. Well I guess try it without and if you can get a build to succeed, then we're good...

To be clear, I'm not sure why it happens in this case and what is different with this exact image. It is first time I was not able to build because of this.

Metadata Update from @tkopecek:
- Pull-request tagged with: testing-ready
a year ago 
DEBUG util.py:445:  [ INFO    ]: 07:04:25 | Creating raw disk image /builddir/result/image/gdc-c9s-Cloud.x86_64-0.0.1.raw
DEBUG util.py:445:  [ INFO    ]: 07:04:26 | --> creating root partition [with 0 clone(s)]
DEBUG util.py:445:  [ INFO    ]: 07:04:26 | --> setting active flag to primary boot partition
DEBUG util.py:445:  [ INFO    ]: 07:04:26 | --> setting start sector to: 2048
DEBUG util.py:443:  [ ERROR   ]: 07:04:26 | KiwiCommandError: kpartx: stderr: /dev/mapper/control: mknod failed: Operation not permitted
DEBUG util.py:443:  Failure to communicate with kernel device-mapper driver.
DEBUG util.py:443:  Check that device-mapper is available in the kernel.
DEBUG util.py:443:  Incompatible libdevmapper 1.02.185 (2022-05-18) and kernel driver (unknown version).
DEBUG util.py:443:  device mapper prerequisites not met
DEBUG util.py:443:  , stdout: (no output on stdout)

In our images: OCI image is possible to build only when /dev is unpopulated but installable image is possible to build when /dev is populated. So I thing we would need some knob… =(

1 new commit added

  • allow to set it by user
a year ago

rebased onto 65622ad08d32816aeb0cc1090665bff3a9c8d5b7
a year ago

In our images: OCI image is possible to build only when /dev is unpopulated but installable image is possible to build when /dev is populated. So I thing we would need some knob… =(

That would mean Koji would need to be aware of the types of images and decide based on that. I.e., only don't enable it when type is docker or oci.

Or... just let the user set it, I guess. That works too. And doesn't require us to go back and figure it out for more image types.
Edited a year ago by ngompa

I've started with CLI option (--bind-dev). I'm not sure if we can deterministically choose the right one without inspecting whole profile.

Yeah, that makes sense to me. Whether it's needed or not might be more determined by the underlying tools invoked.

rebased onto 50089f5
a year ago

Metadata Update from @mfilip:
- Pull-request tagged with: testing-done
a year ago

Commit 56cea9a fixes this pull-request

Pull-Request has been merged by tkopecek
a year ago
Metadata
None

testing-ready testing-done

Changes Summary 3
+5 -1
file changed
plugins/builder/kiwi.py
+4 -0
file changed
plugins/cli/kiwi.py
+3 -1
file changed
plugins/hub/kiwi.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.