| Message ID | 20211102231742.191215-1-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [ima-evm-utils] travis: use alt:sisyphus from docker.io | expand |
Mimi, On Tue, Nov 02, 2021 at 07:17:42PM -0400, Mimi Zohar wrote: > Instead of returning an image, it prompts for a response. Hardcode > to use docker.io. > > Please select an image: > ▸ docker.io/library/alt:sisyphus > quay.io/alt:sisyphus > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > .travis.yml | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/.travis.yml b/.travis.yml > index 42853e16bfee..3836befe0bae 100644 > --- a/.travis.yml > +++ b/.travis.yml > @@ -68,7 +68,7 @@ matrix: > compiler: gcc > > - os: linux > - env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" > + env: REPO="docker.io/library" DISTRO=${REPO}/alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" I wonder why podman is used in this case. Thanks, > compiler: gcc > > before_install: > @@ -92,6 +92,7 @@ before_install: > - $CONTAINER build $CONTAINER_ARGS -t ima-evm-utils . > > script: > - - INSTALL="${DISTRO%%:*}" > + - INSTALL="${DISTRO#${REPO}/}" > + - INSTALL="${INSTALL%%:*}" > - INSTALL="${INSTALL%%/*}" > - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" ./tests/install-openssl3.sh; fi && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || if which tssstartup; then ./tests/install-swtpm.sh; fi; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh" > -- > 2.27.0
On Wed, 2021-11-03 at 02:23 +0300, Vitaly Chikunov wrote: > Mimi, > > On Tue, Nov 02, 2021 at 07:17:42PM -0400, Mimi Zohar wrote: > > Instead of returning an image, it prompts for a response. Hardcode > > to use docker.io. > > > > Please select an image: > > ▸ docker.io/library/alt:sisyphus > > quay.io/alt:sisyphus > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > --- > > .travis.yml | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/.travis.yml b/.travis.yml > > index 42853e16bfee..3836befe0bae 100644 > > --- a/.travis.yml > > +++ b/.travis.yml > > @@ -68,7 +68,7 @@ matrix: > > compiler: gcc > > > > - os: linux > > - env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" > > + env: REPO="docker.io/library" DISTRO=${REPO}/alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" > > I wonder why podman is used in this case. We were seeing issues on Alpine, Fedora, and Alt. Changing to podman fixed them. For example on Alt, we started seeing the following, but openssl-gost was installed. [1] + control openssl-gost control: No such facility: openssl-gost I've reverted the commit, but I don't have access to the public travis. I've asked Stefan to trigger travis and am waiting for the results. Mimi [1] https://app.travis-ci.com/github/stefanberger/ima-evm-utils/jobs/545999661
Hi Vitaly, On Tue, 2021-11-02 at 20:32 -0400, Mimi Zohar wrote: > On Wed, 2021-11-03 at 02:23 +0300, Vitaly Chikunov wrote: > > Mimi, > > > > On Tue, Nov 02, 2021 at 07:17:42PM -0400, Mimi Zohar wrote: > > > Instead of returning an image, it prompts for a response. Hardcode > > > to use docker.io. > > > > > > Please select an image: > > > ▸ docker.io/library/alt:sisyphus > > > quay.io/alt:sisyphus > > > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > > --- > > > .travis.yml | 5 +++-- > > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > > > diff --git a/.travis.yml b/.travis.yml > > > index 42853e16bfee..3836befe0bae 100644 > > > --- a/.travis.yml > > > +++ b/.travis.yml > > > @@ -68,7 +68,7 @@ matrix: > > > compiler: gcc > > > > > > - os: linux > > > - env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" > > > + env: REPO="docker.io/library" DISTRO=${REPO}/alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" > > > > I wonder why podman is used in this case. > > We were seeing issues on Alpine, Fedora, and Alt. Changing to podman > fixed them. For example on Alt, we started seeing the following, but > openssl-gost was installed. [1] > > + control openssl-gost > control: No such facility: openssl-gost > > I've reverted the commit, but I don't have access to the public travis. > I've asked Stefan to trigger travis and am waiting for the results. All three are still failing, but differently than before [2]. Mimi > > [1] > https://app.travis-ci.com/github/stefanberger/ima-evm-utils/jobs/545999661 [2] https://app.travis-ci.com/github/stefanberger/ima-evm-utils/builds/241072887
Mimi, On Tue, Nov 02, 2021 at 08:32:30PM -0400, Mimi Zohar wrote: > On Wed, 2021-11-03 at 02:23 +0300, Vitaly Chikunov wrote: > > On Tue, Nov 02, 2021 at 07:17:42PM -0400, Mimi Zohar wrote: > > > Instead of returning an image, it prompts for a response. Hardcode > > > to use docker.io. > > > > > > Please select an image: > > > ▸ docker.io/library/alt:sisyphus > > > quay.io/alt:sisyphus > > > > > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > > > --- > > > .travis.yml | 5 +++-- > > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > > > diff --git a/.travis.yml b/.travis.yml > > > index 42853e16bfee..3836befe0bae 100644 > > > --- a/.travis.yml > > > +++ b/.travis.yml > > > @@ -68,7 +68,7 @@ matrix: > > > compiler: gcc > > > > > > - os: linux > > > - env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" > > > + env: REPO="docker.io/library" DISTRO=${REPO}/alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" > > > > I wonder why podman is used in this case. > > We were seeing issues on Alpine, Fedora, and Alt. Changing to podman > fixed them. For example on Alt, we started seeing the following, but > openssl-gost was installed. [1] > > + control openssl-gost > control: No such facility: openssl-gost Now I realize that podman is used to workaround incorrect seccomp filtering of faccessat2 syscall in old Docker (with EPERM instead of ENOSYS). This problem is still not fixed in bionic Travis instances, causing "control: No such facility" errors. Thanks, > > I've reverted the commit, but I don't have access to the public travis. > I've asked Stefan to trigger travis and am waiting for the results. > > Mimi > > [1] > https://app.travis-ci.com/github/stefanberger/ima-evm-utils/jobs/545999661
diff --git a/.travis.yml b/.travis.yml index 42853e16bfee..3836befe0bae 100644 --- a/.travis.yml +++ b/.travis.yml @@ -68,7 +68,7 @@ matrix: compiler: gcc - os: linux - env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" + env: REPO="docker.io/library" DISTRO=${REPO}/alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host" compiler: gcc before_install: @@ -92,6 +92,7 @@ before_install: - $CONTAINER build $CONTAINER_ARGS -t ima-evm-utils . script: - - INSTALL="${DISTRO%%:*}" + - INSTALL="${DISTRO#${REPO}/}" + - INSTALL="${INSTALL%%:*}" - INSTALL="${INSTALL%%/*}" - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" ./tests/install-openssl3.sh; fi && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || if which tssstartup; then ./tests/install-swtpm.sh; fi; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh"
Instead of returning an image, it prompts for a response. Hardcode to use docker.io. Please select an image: ▸ docker.io/library/alt:sisyphus quay.io/alt:sisyphus Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- .travis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)