search

canonical / rockcraft

Tool to create OCI Images using the language from Snapcraft and Charmcraft.
GNU General Public License v3.0
32 stars 40 forks source link

apt package is not installed in the image. #343

Open Abuelodelanada opened 1 year ago

Abuelodelanada commented 1 year ago

Bug Description

apt package is not installed in the image.

To Reproduce

  1. Pack the following rockcraft.yaml:

  2. Copy the oci-image to docker:

    skopeo --insecure-policy copy oci-archive:alertmanager_0.25.0_amd64.rock docker-daemon:am:0.25.0

  3. Run the container:

    docker run --rm am:0.25.0

  4. Verify that the command update-ca-certificates, that it is installed with the package ca-certificates in the stage-packages section, is not present in the container:

    docker exec -it [NAME] whereis update-ca-certificates 
update-ca-certificates:

But, with this modification in rockcraft.yaml:

@@ -31,8 +31,6 @@ parts:
     # Override until this issue is fixed: https://github.com/canonical/rockcraft/issues/21
     build-snaps:
       - go/1.18/stable
-    stage-packages:
-      - ca-certificates
     override-build: |
       set -x
       REVISION=$(git rev-parse --short HEAD)
@@ -57,3 +55,6 @@ parts:
       alertmanager.yml: etc/alertmanager/alertmanager.yml
     stage:
       - etc/alertmanager/alertmanager.yml
+  ca-certs:
+    plugin: nil
+    stage-packages: [ca-certificates]

The package is installed in the container:

docker exec -it [NAME] whereis update-ca-certificates 
update-ca-certificates: /usr/sbin/update-ca-certificates /usr/share/man/man8/update-ca-certificates.8.gz

Environment

Rockcraft:

$ snap info rockcraft                                                                                                                   
name:      rockcraft
summary:   A craft like experience to create ROCKS
publisher: Sergio Schvezov ⭐ (sergiusens)
store-url: https://snapcraft.io/rockcraft
license:   GPL-3.0
description: |
  Rockcraft aims to take the same primitives used in Charmcraft and Snapcraft
  to create OCI images.
commands:
  - rockcraft
snap-id:      3mPIBn6L9IYLyBAZsaqjlnMk7huEtqlv
tracking:     latest/edge
refresh-date: 7 days ago, at 21:22 -03
channels:
  latest/stable:    –                                   
  latest/candidate: –                                   
  latest/beta:      –                                   
  latest/edge:      0+git.b72aed8 2023-08-04 (975) 86MB classic
installed:          0+git.b72aed8            (975) 86MB classic

skopeo:

$ skopeo --version
skopeo version 1.4.1

OS:

$ cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Docker:

$ docker version
Client: Docker Engine - Community
 Version:           24.0.5
 API version:       1.41 (downgraded from 1.43)
 Go version:        go1.20.6
 Git commit:        ced0996
 Built:             Fri Jul 21 20:35:18 2023
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          20.10.24
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.20.4
  Git commit:       5d6db84
  Built:            Wed May 24 23:31:22 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.6.20
  GitCommit:        2806fc1057397dbaeefbea0e4e17bddfbd388f38
 runc:
  Version:          1.1.5
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

rockcraft.yaml

name: alertmanager
summary: Prometheus alertmanager in a ROCK.
description: Alertmanager handles alerts sent by client applications such as the Prometheus server.
version: "0.25.0"
base: ubuntu:20.04
license: Apache-2.0
# Replicate the tree structure of the original image
# https://github.com/prometheus/alertmanager/blob/main/Dockerfile

# /
# ├── bin
# │   ├── alertmanager
# │   └── amtool
# └── etc
#     └── alertmanager
#         └── alertmanager.yml

services:
  alertmanager:
    command: /bin/alertmanager --config.file=/etc/alertmanager/alertmanager.yml --storage.path=/alertmanager
    override: replace
    startup: enabled
platforms:
  amd64:
parts:
  alertmanager:
    plugin: go
    source: https://github.com/prometheus/alertmanager.git
    source-type: git
    source-tag: "v0.25.0"
    # Override until this issue is fixed: https://github.com/canonical/rockcraft/issues/21
    build-snaps:
      - go/1.18/stable
    stage-packages:
      - ca-certificates
    override-build: |
      set -x
      REVISION=$(git rev-parse --short HEAD)
      BRANCH=$(git rev-parse --abbrev-ref HEAD)
      go build \
        -ldflags="-X github.com/prometheus/common/version.Version=$(cat ./VERSION) -X github.com/prometheus/common/version.Revision=${REVISION} -X github.com/prometheus/common/version.Branch=${BRANCH} -X github.com/prometheus/common/version.BuildUser=$(whoami)@$(hostname) -X github.com/prometheus/common/version.BuildDate=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \
        -o bin/alertmanager \
        ./cmd/alertmanager
      go build \
        -ldflags="-X github.com/prometheus/common/version.Version=$(cat ./VERSION) -X github.com/prometheus/common/version.Revision=${REVISION} -X github.com/prometheus/common/version.Branch=${BRANCH} -X github.com/prometheus/common/version.BuildUser=$(whoami)@$(hostname) -X github.com/prometheus/common/version.BuildDate=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \
        -o bin/amtool \
        ./cmd/amtool
        install -D -m755 bin/alertmanager ${CRAFT_PART_INSTALL}/bin/alertmanager
        install -D -m755 bin/amtool ${CRAFT_PART_INSTALL}/bin/amtool
    stage:
      - bin/alertmanager
      - bin/amtool
  default-config:
    plugin: dump
    source: .
    organize:
      alertmanager.yml: etc/alertmanager/alertmanager.yml
    stage:
      - etc/alertmanager/alertmanager.yml

Relevant log output

.
sed-i commented 1 year ago

Observed same issue with traefik-rock.

sergiusens commented 1 year ago

it's because of

    stage:
      - bin/alertmanager
      - bin/amtool

this is filtering the part for only those two filepaths.

skatsaounis commented 6 months ago

@Abuelodelanada I found this while I was troubleshooting an issue with Traefik container. It seems that you also need to stage /etc/ssl/certs/. Otherwise, the soft links that the package creates are gone inside the container.

root@752f8cedaa20:/# apt install -y openssl
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  ca-certificates
The following NEW packages will be installed:
  openssl
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
...
Setting up openssl (3.0.2-0ubuntu1.14) ...

root@752f8cedaa20:/# ll /etc/ssl/certs/
total 8
drwxr-xr-x 2 root root 4096 May 18  2023 ./
drwxr-xr-x 1 root root 4096 Feb 15 16:21 ../

root@752f8cedaa20:/# apt install ca-certificates
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  ca-certificates
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 155 kB of archives.
After this operation, 399 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 ca-certificates all 20230311ubuntu0.22.04.1 [155 kB]
Fetched 155 kB in 1s (132 kB/s)           
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package ca-certificates.
(Reading database ... 4696 files and directories currently installed.)
Preparing to unpack .../ca-certificates_20230311ubuntu0.22.04.1_all.deb ...
Unpacking ca-certificates (20230311ubuntu0.22.04.1) ...
Setting up ca-certificates (20230311ubuntu0.22.04.1) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line
 78.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-li
nux-gnu/perl/5.34.0 /usr/local/share/perl/5.34.0 /usr/lib/x86_64-linux-gnu/perl5/5.34 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x8
6_64-linux-gnu/perl/5.34 /usr/share/perl/5.34 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Updating certificates in /etc/ssl/certs...
137 added, 0 removed; done.
Processing triggers for ca-certificates (20230311ubuntu0.22.04.1) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

root@752f8cedaa20:/# ll /etc/ssl/certs/
total 612
drwxr-xr-x 1 root root  20480 Feb 15 16:22  ./
drwxr-xr-x 1 root root   4096 Feb 15 16:21  ../
lrwxrwxrwx 1 root root     23 Feb 15 16:21  002c0b4f.0 -> GlobalSign_Root_R46.pem
...
syncronize-issues-to-jira[bot] commented 6 months ago

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/CRAFT-2498.

This message was autogenerated

Abuelodelanada commented 6 months ago

Thanks for the feedback @skatsaounis !