search

coreos / rpm-ostree

⚛📦 Hybrid image/package system with atomic upgrades and package layering
https://coreos.github.io/rpm-ostree
Other
860 stars 195 forks source link

Failed to install falco rpm #5125

Open fengz63 opened 1 week ago

fengz63 commented 1 week ago

Describe the bug

Falco installation on FCOS failed using the instructions provided at https://falco.org/docs/install-operate/installation/#centos-rhel.

Reproduction steps

  1. Add falco repo: curl -s -o /etc/yum.repos.d/falcosecurity.repo https://falco.org/repo/falcosecurity-rpm.repo
  2. rpm-ostree install falco

Expected behavior

Falco installation complete.

Actual behavior

Updating metadata for 'fedora-cisco-openh264'... done Updating metadata for 'updates'... done Updating metadata for 'fedora'... done Updating metadata for 'falcosecurity-rpm'... done Updating metadata for 'updates-archive'... done Importing rpm-md... done rpm-md repo 'fedora-cisco-openh264'; generated: 2024-03-12T11:45:42Z solvables: 3 rpm-md repo 'updates'; generated: 2024-09-19T02:22:52Z solvables: 26877 rpm-md repo 'fedora'; generated: 2024-04-14T18:51:11Z solvables: 74881 rpm-md repo 'falcosecurity-rpm'; generated: 2024-08-19T13:23:11Z solvables: 53 rpm-md repo 'updates-archive'; generated: 2024-09-19T03:05:49Z solvables: 40749 Resolving dependencies... done Will download: 85 packages (131.6 MB) Downloading from 'fedora'... done Downloading from 'updates-archive'... done Downloading from 'falcosecurity-rpm'... done Downloading from 'updates'... done ⠐ Importing packages 0% [░░░░░░░░░░░░░░░░░░░░] (0s) Importing packages... done Checking out packages... done Running pre scripts... done Running post scripts... done error: Running %post for falco: bwrap(/bin/sh): Child process killed by signal 1; run journalctl -t 'rpm-ostree(falco.post)' for more information

System details

QEMU 40.20240825.3.0 (CoreOS)

Additional information

No response

fengz63 commented 1 week ago

related issue: https://github.com/coreos/fedora-coreos-tracker/issues/1800

bshephar commented 1 week ago

Seems to come from:

Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7917]: [POST-INSTALL] Call 'falcoctl driver install for kmod:
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]: 2024-10-09 11:08:20 INFO  Running falcoctl driver install
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]:                       ├ driver version: 7.3.0+driver
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]:                       ├ driver type: kmod
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]:                       ├ driver name: falco
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]:                       ├ compile: true
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]:                       ├ download: false
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]:                       ├ target: fedora
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]:                       ├ arch: x86_64
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]:                       ├ kernel release: 6.12.0-0.rc2.24.fc42.x86_64
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]:                       └ kernel version: #1 SMP PREEMPT_DYNAMIC Mon Oct  7 16:24:30 UTC 2024
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]: 2024-10-09 11:08:20 INFO  Check if kernel module is still loaded.
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]: 2024-10-09 11:08:20 INFO  OK! There is no module loaded.
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]: 2024-10-09 11:08:20 INFO  Check all versions of kernel module in dkms.
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]: 2024-10-09 11:08:20 INFO  OK! There are no module versions in dkms.
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]: 2024-10-09 11:08:20 INFO  Trying to compile the requested driver
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]: 2024-10-09 11:08:20 INFO  Trying to load a pre existent system module, if present.
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]: 2024-10-09 11:08:20 WARN  Consider compiling your own driver and loading it or getting in touch with the Falco community.
Oct 09 21:08:20 fedora-work.bne-home.net rpm-ostree(falco.post)[7980]: 2024-10-09 11:08:20 ERROR failed: user: Current requires cgo or $USER, $HOME set in environment

This comes from:

❯ rpm -qp --scripts falco-0.39.1-x86_64.rpm | sed -n '120,136p'
warning: falco-0.39.1-x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 14cb7a8d: NOKEY
# If needed, try to load/compile the driver through falcoctl
case "$chosen_driver" in
    "kmod")
      # Only compile for kmod, in this way we use dkms
      echo "[POST-INSTALL] Call 'falcoctl driver install for kmod:"
      falcoctl driver install --download=false
      chosen_unit="kmod"
      ;;
    "ebpf")
      echo "[POST-INSTALL] Call 'falcoctl driver install for ebpf':"
      falcoctl driver install
      chosen_unit="bpf"
      ;;
    "modern_ebpf")
      chosen_unit="modern-bpf"
      ;;
esac

Specifically, this one:

      echo "[POST-INSTALL] Call 'falcoctl driver install for kmod:"
      falcoctl driver install --download=false
      chosen_unit="kmod"

So that error we're seeing is coming from the falcoctl driver install command, which seems to be making some assumptions about environment variables that aren't correct for rpm-ostree environments. Do you have more information about what that command is executing?

bshephar commented 1 week ago

Ah, I see you linked a CoreOS issue too, I missed that. Yeah, I agree with this comment: https://github.com/coreos/fedora-coreos-tracker/issues/1800#issuecomment-2383050895

Seems like a lot to load into post scripts to begin with. It would be better handled with something like a systemd service so that less stuff is happening during the RPM installation. Just install the binary and systemd service file, then offload the rest of the work onto systemd where you can control the environment and all variables that will be available during the command execution.

I don't think there is any bug with rpm-ostree here.

fengz63 commented 1 week ago

It would be better handled with something like a systemd service so that less stuff is happening during the RPM installation. Just install the binary and systemd service file, then offload the rest of the work onto systemd where you can control the environment and all variables that will be available during the command execution.

I understand that. But with this method, I need to maintain the falco package myself.