Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to build fedora-bootc tier-x image #752

Open
HuijingHei opened this issue Dec 11, 2024 · 4 comments
Open

Failed to build fedora-bootc tier-x image #752

HuijingHei opened this issue Dec 11, 2024 · 4 comments

Comments

@HuijingHei
Copy link

HuijingHei commented Dec 11, 2024
edited
Loading

Build fedora-bootc tire-x image (refer to https://gitlab.com/fedora/bootc/base-images#tiers), and run quay.io/centos-bootc/bootc-image-builder:latest to create disk failed.

git clone https://gitlab.com/fedora/bootc/base-images.git

cd base-images
# build tire-x image using default rawhide
sudo podman build --security-opt=label=disable --cap-add=all --build-arg=MANIFEST=fedora-tier-x.yaml --device /dev/fuse -t localhost/fedora-bootc .

# create disk
sudo podman run \
    --rm \
    -it \
    --privileged \
    --pull=newer \
    --security-opt label=type:unconfined_t \
    -v ./config.json:/config.json:ro \
    -v ./output:/output \
    -v /var/lib/containers/storage:/var/lib/containers/storage \
    quay.io/centos-bootc/bootc-image-builder:latest \
    --type qcow2 \
    --rootfs xfs \
    --local \
    localhost/fedora-bootc:latest
Generating manifest manifest-qcow2.json
DONE
Building manifest-qcow2.json
starting -Pipeline source org.osbuild.containers-storage: d5a2f6d2ecc308a2a3b2fb191a785810b8a622e0223d5699f0c902b522d21113
Build
  root: <host>
Pipeline build: cb8e30398b21cd99ce037145772e31ea2962798dcb10b9c7e5be31804366e8e0
Build
  root: <host>
  runner: org.osbuild.fedora38 (org.osbuild.fedora38)
org.osbuild.container-deploy: af0de204ef2df2f9b36c6ad823a853ce3fafa8a348b6431ce2022aa88f143968 {
  "remove-signatures": true
}
...
Writing manifest to image destination
a8ceb2fcb344f895c6e3deab6608a240779c0100de2baa0752b06bbc7eabc164
Untagged: docker.io/library/tmp-container-deploy-22929338394344:latest
Deleted: a8ceb2fcb344f895c6e3deab6608a240779c0100de2baa0752b06bbc7eabc164

⏱  Duration: 38s
org.osbuild.selinux: cb8e30398b21cd99ce037145772e31ea2962798dcb10b9c7e5be31804366e8e0 {
  "file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
  "exclude_paths": [
    "/sysroot"
  ],
  "labels": {
    "/usr/bin/mount": "system_u:object_r:install_exec_t:s0",
    "/usr/bin/ostree": "system_u:object_r:install_exec_t:s0",
    "/usr/bin/umount": "system_u:object_r:install_exec_t:s0"
  }
}
setfiles: /run/osbuild/tree/etc/selinux/targeted/contexts/files/file_contexts.bin:  line 1 error due to: Non-ASCII characters found
setfiles: /run/osbuild/tree/etc/selinux/targeted/contexts/files/file_contexts.homedirs.bin:  line 1 error due to: Non-ASCII characters found

⏱  Duration: 8s
Pipeline image: 8cf6f980e2fe66ccbce0a795d71ac8ec2d212445d202f27ed21e9963061d3a5d
Build
  root: cb8e30398b21cd99ce037145772e31ea2962798dcb10b9c7e5be31804366e8e0
  runner: org.osbuild.linux (org.osbuild.linux)
org.osbuild.truncate: a45ce8a1110d07123929f29bb4be397a187656920460b8ed713d55c66231e1ad {
  "filename": "disk.raw",
  "size": "10737418240"
}
bwrap: execvp /run/osbuild/runner/org.osbuild.linux: No such file or directory

⏱  Duration: 0s
manifest - failed
Failed
@HuijingHei
Copy link
Author

Also build tire-x image from quay.io/fedora/fedora:41, no setfiles: /run/osbuild/tree/etc/selinux/targeted/contexts/files/file_contexts.bin: line 1 error due to: Non-ASCII characters found error, get the same error bwrap: execvp /run/osbuild/runner/org.osbuild.linux: No such file or directory

sudo podman build \
--from quay.io/fedora/fedora:41 \
--security-opt=label=disable \
--cap-add=all \
--build-arg=MANIFEST=fedora-tier-x.yaml \
--device /dev/fuse \
-t localhost/fedora-bootc-x-f41 .


$ sudo podman run \
    --rm \
    -it \
    --privileged \
    --pull=newer \
    --security-opt label=type:unconfined_t \
    -v ./config.json:/config.json:ro \
    -v ./output:/output \
    -v /var/lib/containers/storage:/var/lib/containers/storage \
    quay.io/centos-bootc/bootc-image-builder:latest \
    --type qcow2 \
    --rootfs xfs \
    --local \
    localhost/fedora-bootc-x-f41:latest

...
⏱  Duration: 37s
org.osbuild.selinux: 2b5e4eef765ec7283a8b42bf3633612e95b2e8443fe7d2908ecebfd265e368ae {
  "file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
  "exclude_paths": [
    "/sysroot"
  ],
  "labels": {
    "/usr/bin/mount": "system_u:object_r:install_exec_t:s0",
    "/usr/bin/ostree": "system_u:object_r:install_exec_t:s0",
    "/usr/bin/umount": "system_u:object_r:install_exec_t:s0"
  }
}

⏱  Duration: 8s
Pipeline image: fda9312b156486f2c69b83932af7483f881623d3ef499afb5cda868ae15ffee8
Build
  root: 2b5e4eef765ec7283a8b42bf3633612e95b2e8443fe7d2908ecebfd265e368ae
  runner: org.osbuild.linux (org.osbuild.linux)
org.osbuild.truncate: c003dfdd9eb89ad0f3b74e3ebcf8cb42e13f77fa9c96ed82fa0fd12257be4a98 {
  "filename": "disk.raw",
  "size": "10737418240"
}
bwrap: execvp /run/osbuild/runner/org.osbuild.linux: No such file or directory

⏱  Duration: 0s
manifest - failed
Failed

@jlebon
Copy link

jlebon commented Dec 16, 2024

This is likely because tier-x doesn't ship Python. The way we work around this in cosa for example (because currently FCOS also doesn't ship Python) is to use cosa as the buildroot in the osbuild manifest: https://github.com/coreos/coreos-assembler/blob/17c1cc8ea2463a111074c06bb916fcfbfd0964ba/src/osbuild-manifests/coreos.osbuild.x86_64.mpp.yaml#L37-L46

I wouldn't be against adding Python to tier-x. Atomic Desktops and IoT both ship it, and in FCOS we agreed to no longer block Python.

BUT first, that doesn't help tier-0, and second, more generally it should really not be a requirement to have Python in the target image to be able to create disk images from it.

@HuijingHei
Copy link
Author

Thanks @jlebon for the pointer! I do not quite understand osbuild, does this mean should add Python to tier-x as workaround? But we still need bib to fix this if without Python, right?

Check on fedora-bootc which indeed has python3 as dependency of sos, but do not have python3 in tire-x image:

$ podman run --rm -it quay.io/fedora/fedora-bootc:41 rpm -q python3
python3-3.13.0-1.fc41.x86_64

$ sudo podman run --rm -it localhost/fedora-bootc-x-f41 rpm -q python3
package python3 is not installed

@cgwalters cgwalters changed the title Failed to build fedora-bootc tire-x image Failed to build fedora-bootc tier-x image Dec 18, 2024
@cgwalters
Copy link
Contributor

I wouldn't be against adding Python to tier-x. Atomic Desktops and IoT both ship it, and in FCOS we agreed to no longer block Python.

And RHEL 10 and 9.6 will definitely have python because dnf4 too.

In the short term I guess bib should detect this and temporarily install its build dependencies in the container?

It is probably also a good idea to dynamically install other external tools like mkfs.$x if needed, although those are tiny and really generally useful so not having those in the base image is at a pretty far extreme IMO.

more generally it should really not be a requirement to have Python in the target image to be able to create disk images from it.

Yes and to be clear this is an issue specific to bootc-image-builder/osbuild; in contrast e.g. bootc install to-filesystem|to-disk are all in Rust with just some external binaries from util-linux and mkfs.$fs required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cgwalters @jlebon @HuijingHei