search

concourse / oci-build-task

a Concourse task for building OCI images
Apache License 2.0
74 stars 55 forks source link

Using ADD with XZ compressed tarball fails #55

Open vrga opened 3 years ago

vrga commented 3 years ago

Apologies for a potentially slim bug report, but it would appear that oci-build-task only supports uncompressed tarballs.

This has caused a few days of banging my head against the wall trying to figure out why it fails.

I was building an image from scratch:

FROM scratch as build

ADD "./built_roots/base/rootfs.tar.xz" /

RUN apt-get update && \
    apt install -y ca-certificates dumb-init && \
    apt-get clean autoclean && \
    apt-get autoremove --yes && \
    rm -rf /var/lib/apt/lists/*

FROM scratch as main
COPY --from=build / /

The error output from running a task configured as such:

      - task:       build-base
        privileged: true
        config:
          platform: linux
          image_resource:
            type: registry-image
            source:
              repository: vito/oci-build-task

          params:
            TARGET:                  main
            CONTEXT:                 git-resource/base_images/debian-base

          inputs:
            - name: git-resource
            - name: built_roots
              path: git-resource/base_images/debian-base/built_roots

          outputs:
            - name: image-base

          run:
            path: build

was a variant of this:

selected worker: work-03
#2 [internal] load build definition from Dockerfile
#2 transferring dockerfile: 402B done
#2 DONE 4.4s

#1 [internal] load .dockerignore
#1 transferring context: 2B done
#1 DONE 5.0s

#3 [internal] load build context
#3 transferring context: 30.13MB 0.2s done
#3 DONE 1.4s

#4 [build 1/2] ADD ./built_roots/base/rootfs.tar.xz /
#4 DONE 1.2s

#5 [build 2/2] RUN apt-get update &&     apt install -y ca-certificates dum...
#5 0.900 container_linux.go:345: starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory"
#5 ERROR: executor failed running [/bin/sh -c apt-get update &&     apt install -y ca-certificates dumb-init &&     apt-get clean autoclean &&     apt-get autoremove --yes &&     rm -rf /var/lib/apt/lists/* /etc/apt/apt.conf.d/01proxy]: buildkit-runc did not terminate sucessfully

------
 > [build 2/2] RUN apt-get update &&     apt install -y ca-certificates dumb-init &&     apt-get clean autoclean &&     apt-get autoremove --yes &&     rm -rf /var/lib/apt/lists/*:
------

error: failed to solve: rpc error: code = Unknown desc = failed to solve with frontend dockerfile.v0: failed to build LLB: executor failed running [/bin/sh -c apt-get update &&     apt install -y ca-certificates dumb-init &&     apt-get clean autoclean &&     apt-get autoremove --yes &&     rm -rf /var/lib/apt/lists/*]: buildkit-runc did not terminate sucessfully

FATA[0011] failed to build: build: exit status 1        
FATA[0011] failed to run task: exit status 1

Unpacking the xz-compressed rootfs was enough to get this to build correctly. This dockerfile worked just fine with normal docker build and buildctl build.

vito commented 3 years ago

Hmm, thanks for the report but I don't really know what I can do about it. 🤔 This is a pretty thin wrapper around Buildkit and I have no idea why xz wouldn't work (assuming gz and etc. work fine).

From a quick browse through the codebase, it looks like it just doesn't support it:

https://github.com/moby/buildkit/blob/58038e637152b0d3ca35f1f6949cf16085af1a7c/vendor/github.com/containerd/containerd/archive/compression/compression.go#L159-L197

I'll leave this open since it sounds like you tested with Buildkit directly, and maybe others will run into it too, but I don't anticipate changing anything on my end. :/

vrga commented 3 years ago

I'm not sure where this is coming from then. I'm gonna test out with buildkit on a clean debian10 vm without docker or any of its dependencies installed.

vrga commented 3 years ago

Okay, so i've ran this with buildkitd github.com/moby/buildkit v0.8.1-41-g9bb4fa53 9bb4fa53b1d52025fab5e3e9057acc50fee8ce76 and runc version spec: 1.0.2-dev (which is what's currently published with podman) and i'm genuinely unsure at this point what's going on, because the buildctl build with XZ compressed tarball works.

I also tried grabbing the runc that's packaged in my concourse and putting it into the vm so that buildkitd can use that as well, same result, build succeeds.