-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Buster builds broken on non-arm hosts #271
Comments
@XECDesign thanks for the heads-up. And congratulations on releasing the new RPI4 with Buster! Are you using this same |
I've just pushed the commits that we were using internally, but couldn't make public yet. Not sure how to approach non-arm host builds right now. |
Thanks a lot for that! Appreciated! |
It's looking more like a kernel issue, but discussions I've seen on the mailing list seem to have fizzled out a long time ago without any resolution. Maybe when Buster is more commonly used it will press the issue. |
Hopefully it gets more attention now that Buster is about to go live. |
* currently defaults to "stretch buster"
Sorry, not sure off the top of my head. |
No problem, will quickly setup a VM with 32-bits Debian and check it out, if it works, then we have a temporary solution for the moment until it's fixed. Will report back. Thanks again! |
Hi @XECDesign , so I can confirm now that this issue is specifically for hosts with 64 bits kernels no matter if arm or not. I made a testing VM with vanilla Debian To verify this I built a control "broken" Buster image with a 64 bits Debian host using Docker and I did get SSL problems with
Then I built another Buster image using a 32 bits Debian host and the Aside, I also noticed a minor issue with the Qemu version shipped with Debian Stretch, where the
This is a manifestation of the following bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891109 Fortunately this is resolved in the current Qemu version shipped with Debian Buster, therefore building with a Debian Buster host will not show any errors. I will send a PR to update the In summary, I wanted to let you know that this bug is not affecting 32 bits build hosts, no matter if they are arm or not (at least for me). For now you can use a 32 bits build host and Hope this is useful for future readers! |
Thanks for looking into it. Much appreciated. |
On a similar note, if you run buster in a chroot on Ubuntu 18.04 you will need to upgrade proot to 5.1.0-1.13 (if you use it) and qemu-user to something newer than 2.11 (3.1 works). This is because buster uses renameat2() and new features of getauxval(). These versions are available in Ubuntu 19.04 but not 18.04 LTS. In particular bootstrapping will not work in proot without both these upgrades because 'mv' command will not work, which completely borks the preinst and postinst scripts. This bug is an example of the kind of issue you'll see with too old qemu versions: |
Hi all, we were able to overcome the issue of SSL certs only by rehashing the ssl certs with c_rehash Specifically # Patch Issue with ssl certs as per https://github.com/RPi-Distro/pi-gen/issues/271
on_chroot << EOF
echo Patching certs...
c_rehash /etc/ssl/certs
EOF Credit to Keith Tate as well :) As indicated below by @hhromic its not a complete solution. |
@Chaser that is a workaround for the The problem affects any program using the It is unknown/unverified what other packages might be affected. Therefore the safest solution for now is to build using a 32-bits host (be ARM or non-ARM) as indicated before. |
Thanks @hhromic updated my comment to be clear its not a solution. Are there tests that should be done to confirm issues? I have just built an image on a EC2 ARM (64bit) instance (a1.2xlarge) running ubuntu 18.04 LTS. I would like to do some sanity checks on it. |
@hhromic @XECDesign - did you attempt to use a i386 container and see the results? I have heard reports it worked within our team. |
@Chaser I tested using a 32-bits Debian kernel inside a VM as explained on my comment here: #271 (comment) If you try it and you can confirm it works like I described in my comment, then it would be nice to know. Thanks! |
@hhromic - Clean execution of todays pi-gen mainline 1143530 As is pulls down qemu-user-static amd64
Changing to
The build completed successfully. Hopefully this helps. |
@Chaser be aware that a successful build is not sufficient proof as no errors during building doesn't imply that the system was built correctly. As explained in the original post, this is a silent bug therefore the build succeeds but the built image is broken. To verify your built image, burn it to an SD Card and boot a real RPI device with it. Then perform the simple test I explained in my comment: #271 (comment)
If you get an SSL error message, then it didn't work. If you get HTML content, then it worked. |
@hhromic - understood, |
@Chaser that is a very interesting result then and would mean that actually just Qemu needs to be in 32 bits, not the host kernel. That refiniment is indeed way better than using a 32 bits VM. Can you confirm you were using a 64 bits Docker host for this test? |
@hhromic - was using Codebuild docker image - https://github.com/aws/aws-codebuild-docker-images/blob/master/ubuntu/standard/2.0/Dockerfile
|
@hhromic I usually run my builds in a VM running Ubuntu 18.04. I don't use docker. I can confirm using the 64-bit 18.04 I will get the SSL error message. |
@Chaser @rkubes thanks for your input, really appreciated! I used the included
It is not clear at the moment how to test 100% reliably, however the SSL certificates test is a very good indicator as far as I can tell because it provides a tangible control case. I will send a PR to update the included EDIT: @ryanteck might be interested. You don't need to setup a VM nor a 32-bits kernel for your host build system, just make sure you are installing the |
Any update on this with Debian 11 Bullseye? |
I can build Bullseye without issue on Bullseye AMD Machine |
32 or 64 bit? |
I can build fine on AMD machine too (pop_os 21.04 and 21.10) both armhf and arm64 for buster or bullseye. |
Depending on the version of qemu and whether you're using docker, server images might not exhibit issues, but I still wouldn't recommend it until qemu is fixed. There has been some good progress upstream. One of the issues has been fixed and another has a fix in the pipeline (https://gitlab.com/qemu-project/qemu/-/issues/633). Not sure how long it will be before there's an official release with both fixes. EDIT: I should mention that the fixes only make it work with i686 qemu. amd64 still won't work, but that seems to be a glibc and/or kernel issue that might not be fixable. I'm not sure what the current state of that is. |
* Autmagically use 1386/debian:buster when running on 64-bit host to prevent error RPi-Distro#271
* Autmagically use 1386/debian:buster when running on 64-bit host to prevent error RPi-Distro#271
* Autmagically use 1386/debian:buster when running on 64-bit host to prevent error RPi-Distro#271
* Autmagically use 1386/debian:buster when running on 64-bit host to prevent error RPi-Distro#271 (cherry picked from commit dd96ca1)
The qemu inside the Docker image seems to be irrelevant, you need qemu installed on the host (running a Docker build, I got errors about wrong architecture until I installed qemu-user-static on the host). And then I hit this bitness error (invalid SSL certificates etc). I tried installing qemu-user-static:i386 on the host, but this makes GPG fail in the chroot, so apt can't verify signatures and it fails even earlier. Is there any valid workaround nowadays? |
* Autmagically use 1386/debian:buster when running on 64-bit host to prevent error RPi-Distro#271 (cherry picked from commit dd96ca1)
I need some clarification - it was mentioned in this thread that any binary using the Was it meant that any binary using the |
It has been a while since I've looked at this so I can't give full details. It's likely that you're thinking of this, while the issue is with this. If the actual syscall is involved, a particular arm binary doesn't have to call it itself. It could be something qemu does, depending on the architecture it's built for and the paths it takes. Not sure. Either way, the issue seems to be resolved in Bullseye, at least. |
Just an update for someone getting here: I confirm that I just built an arm64 bullseye lite (stage2) image using |
* Autmagically use 1386/debian:buster when running on 64-bit host to prevent error RPi-Distro#271 (cherry picked from commit dd96ca1)
* Autmagically use 1386/debian:buster when running on 64-bit host to prevent error RPi-Distro#271 (cherry picked from commit dd96ca1)
* Autmagically use 1386/debian:buster when running on 64-bit host to prevent error RPi-Distro#271
I think this hasn't been an issue for a while, so it's probably time to close it. Thanks all |
Tried to do this on bullseye and I've hit an annoying error.
I've added the keys with |
I don't think bullseye has the necessary fixes. https://gitlab.com/qemu-project/qemu/-/issues/633 Edit: Actually, ignore what I said. What you're seeing seems like a different issue. |
It may be worth opening a new issue with all of the necessary information to reproduce the behaviour you're seeing. However, support will be limited since now we just say you should build on an arm machine. qemu introduces too many things that can go wrong. |
I'll see if I can test with an arm machine as I currently don't have one, if I can't then I might open an issue. I'd tested with bookworm earlier and got stuck with this error; install: cannot create regular file '/home/guest/pi-gen/work/Sugar-RPi-Test/stage0/rootfs/etc/apt/': No such file or directory I couldn't figure out why that was happening. |
Any information about the build environment? |
Debian12 running in a vm with config;
My changes are focused on stage3 and this is what #!/bin/bash
set -e
# install git if not present
[ ! -e /usr/bin/git ] && apt install -y git
# make place to put sources
#C=cache.sugar/usr/src
#mkdir -p $C
cd /usr/src/
# clone the sugar modules
#for x in sugar{-datastore,-artwork,-toolkit-gtk3,} gwebsockets; do
# git clone --depth 2 https://github.com/sugarlabs/$x $P
#done
# prepare for activities
mkdir -p $C/sugar-activities
function clone {
#P=$C/sugar-activities/$2
P=/usr/src/sugar-activities/$2
if [ ! -e $P ]; then
git clone --depth 2 $1 $P
fi
}
# clone demonstration activities, the fructose set
#clone https://github.com/sugarlabs/browse-activity Browse.activity
#clone https://github.com/sugarlabs/sugarlabs-calculate Calculate.activity
#clone https://github.com/sugarlabs/chat Chat.activity
#clone https://github.com/sugarlabs/imageviewer-activity ImageViewer.activity
#clone https://github.com/sugarlabs/jukebox-activity Jukebox.activity
#clone https://github.com/sugarlabs/log-activity Log.activity
#clone https://github.com/sugarlabs/Pippy Pippy.activity
#clone https://github.com/sugarlabs/read-activity Read.activity
#clone https://github.com/sugarlabs/terminal-activity Terminal.activity
#clone https://github.com/sugarlabs/turtleart-activity TurtleBlocks.activity
#clone https://github.com/sugarlabs/write-activity Write.activity
# clone assorted other activities, the honey set
#clone https://github.com/sugarlabs/memorize-activity Memorize.activity
dir="/usr/lib/python3.11"
if [ ! -e $dir ]; then
dir="/usr/lib/python3.12"
fi
echo $dir
# build - sugar-datastore
# build - sugar-artwork
cd /usr/src/sugar-artwork && (
echo "Building sugar-artwork"
./autogen.sh --prefix=/usr
make
make install
echo ok
) > /usr/src/install-sugar-artwork.log 2>&1
# build - sugar-toolkit-gtk3
cd /usr/src/sugar-toolkit-gtk3 && (
echo "Building sugar-toolkit-gtk3"
./autogen.sh --prefix /usr --with-python3
make
make install
rsync -r /usr/lib/python3.11/site-packages/sugar3 /usr/lib/python3/dist-packages/
git clean -dfx
./autogen.sh --prefix /usr --with-python2
make
make install
echo ok
) > /usr/src/install-sugar-toolkit-gtk3.log 2>&1
cd /usr/src/sugar-datastore && (
echo "Building sugar-datastore"
./autogen.sh --prefix /usr
make
make install
rsync -r /usr/lib/python3.11/site-packages/carquinyol /usr/lib/python3/dist-packages/
echo ok
) > /usr/src/install-sugar-datastore.log 2>&1
# build - sugar
cd /usr/src/sugar && (
echo "Building sugar"
./autogen.sh --prefix /usr
make
make install
mv /usr/lib/python3.11/site-packages/jarabe /usr/lib/python3/dist-packages/
echo ok
) > /usr/src/install-sugar.log 2>&1
# build - gwebsockets
cd /usr/src/gwebsockets && (
echo "Building gwebsockets"
git clean -dfx
python3 setup.py build
python3 setup.py install --prefix /usr
cp -pr gwebsockets /usr/lib/python3/dist-packages/
echo ok
) > /usr/src/install-gwebsockets.log 2>&1
# replace all installed activities with sugar activities from source
# side effect: debian package version mismatch
(
mkdir /usr/share/sugar/activities
cd /usr/src/sugar-activities
for ACTIVITY in *.activity; do
echo $ACTIVITY
rm -rf /usr/share/sugar/activities/$ACTIVITY
(cd /usr/share/sugar/activities &&
ln -s /usr/src/sugar-activities/$ACTIVITY) && echo ok
done
) > /usr/src/install-sugar-activities.log 2>&1 |
* Autmagically use 1386/debian:buster when running on 64-bit host to prevent error RPi-Distro#271
Opening this as a heads to anyone relying on pi-gen.
https://bugs.launchpad.net/qemu/+bug/1805913
Unless this bug is fixed by the time buster goes live, images built through
qemu-arm-static
are going to be broken in slightly subtle ways. Luckily, qemu devs are pretty good and the issue is likely to be resolved before then.pixbuf relies on the mime database, which silently fails to update and returns success. The result is that desktop is rendered without any icons.
Something similar happens with SSL certificates, breaking rpi-update and anything else that wants to use https.
Those are the known ways images break, but any binary that uses
readdir()
is not going to work.Internally, we've moved our builds to an arm build server to avoid going through qemu for now.
The text was updated successfully, but these errors were encountered: