Closed debarshiray closed 6 months ago
Build succeeded. https://softwarefactory-project.io/zuul/t/local/buildset/d4d7c02f4149490f8be84e81b8e6214b
:heavy_check_mark: unit-test SUCCESS in 6m 46s :heavy_check_mark: unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 08s :heavy_check_mark: unit-test-restricted SUCCESS in 5m 48s :heavy_check_mark: system-test-fedora-rawhide SUCCESS in 31m 18s :heavy_check_mark: system-test-fedora-39 SUCCESS in 29m 58s :heavy_check_mark: system-test-fedora-38 SUCCESS in 29m 44s
Build failed. https://softwarefactory-project.io/zuul/t/local/buildset/39dd11f1f2484e71bd2d32ec89912cb2
:heavy_check_mark: unit-test SUCCESS in 6m 51s :heavy_check_mark: unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 09s :heavy_check_mark: unit-test-restricted SUCCESS in 5m 53s :x: system-test-fedora-rawhide FAILURE in 28m 53s :x: system-test-fedora-39 FAILURE in 28m 41s :x: system-test-fedora-38 FAILURE in 29m 50s
Cool, the tests do fail if /etc/resolv.conf
inside the Toolbx container is not a symbolic link:
fedora-rawhide | not ok 195 network: /etc/resolv.conf inside the default container in 1724ms
fedora-rawhide | # (from function `assert_success' in file test/system/libs/bats-assert/src/assert.bash, line 114,
fedora-rawhide | # in test file test/system/203-network.bats, line 70)
fedora-rawhide | # `assert_success' failed
fedora-rawhide | #
fedora-rawhide | # -- command failed --
fedora-rawhide | # status : 1
fedora-rawhide | # output :
fedora-rawhide | # --
I had replaced /etc/resolv.conf
with /etc/bashrc
to test the tests. :P
Build succeeded. https://softwarefactory-project.io/zuul/t/local/buildset/958d94ccb32345f29b09a51292716648
:heavy_check_mark: unit-test SUCCESS in 7m 04s :heavy_check_mark: unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 17s :heavy_check_mark: unit-test-restricted SUCCESS in 6m 02s :heavy_check_mark: system-test-fedora-rawhide SUCCESS in 29m 17s :heavy_check_mark: system-test-fedora-39 SUCCESS in 27m 49s :heavy_check_mark: system-test-fedora-38 SUCCESS in 28m 07s
Build succeeded. https://softwarefactory-project.io/zuul/t/local/buildset/6c1757ec399b40dfb4f647622a5ef1f5
:heavy_check_mark: unit-test SUCCESS in 6m 51s :heavy_check_mark: unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 08s :heavy_check_mark: unit-test-restricted SUCCESS in 5m 55s :heavy_check_mark: system-test-fedora-rawhide SUCCESS in 33m 22s :heavy_check_mark: system-test-fedora-39 SUCCESS in 32m 17s :heavy_check_mark: system-test-fedora-38 SUCCESS in 31m 40s
On some Toolbx images with
systemd-resolved(8)
, like thefedora-toolbox
images for Fedora 39 onwards,/etc/resolv.conf
can end up being a symbolic link inside the container that expects the host operating system to also usesystemd-resolved(8)
:This happens because
systemd-resolved(8)
already makes/etc/resolv.conf
a symbolic link inside the image, and, hence, the container's entry point doesn't change it to point at the host's copy of the file at/run/host/etc/resolv.conf
. Instead, it's left pointing at the host's copy of the files maintained bysystemd-resolved(8)
under/run/systemd/resolve
, which happen to be also available inside the container [1].If the host OS doesn't use
systemd-resolved(8)
, like Red Hat Enterprise Linux 9, then this leads to a dangling symbolic link and breaks DNS queries.Note that the presence of
systemd-resolved(8)
in the recentfedora-toolbox
images is a regression caused by the ToolbxReleaseBlocker Change [2] for Fedora 39 where the image was rewritten in terms offedora-kickstarts
andpungi-fedora
instead of a Container/Dockerfile. By mistake,systemd
crept in as an RPM needed by the image [3], which in turn pulled in thesystemd-resolved
RPM as a weak dependency [4].Hopefully, that will get fixed. However, it's also not practical to keep track of all the Toolbx images out there in the wild, so it's wise to make
toolbox(1)
more resilient to such things.This will have the downside of overwriting some custom user-made modifications to the container's
/etc/resolv.conf
. While that's unfortunate, it's more important to have Toolbx images produce working containers on a wide range of host OSes. It will be better to come up with a more explicit way to support custom user-made modifications to the container's configuration. Perhaps with a persistent stamp file.[1] Commit af602c7d227617d2 https://github.com/containers/toolbox/commit/af602c7d227617d2 https://github.com/containers/toolbox/pull/707
[2] https://fedoraproject.org/wiki/Changes/ToolbxReleaseBlocker
[3] fedora-kickstarts commit 48e2c3b5598de32f https://pagure.io/fedora-kickstarts/c/48e2c3b5598de32f
[4] fedora-kickstarts commit 49306cb6eada8777 https://pagure.io/fedora-kickstarts/c/49306cb6eada8777
https://github.com/containers/toolbox/issues/1410