search

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
31.15k stars 4.21k forks source link

Native support for Apple Silicon M1 chip #10645

Closed ZevEisenberg closed 3 years ago

ZevEisenberg commented 3 years ago

Is your feature request related to a problem? Please describe. I have a project that depends on vault, and I have to use my Terminal in Intel translation mode ("Rosetta 2") when building the project on an ARM Mac.

Describe the solution you'd like vault should build natively on darwin/arm64 to support Macs with M1 chips in them.

Describe alternatives you've considered N/A

Explain any additional use-cases N/A

Additional context I tried fiddling with build.sh on my Intel Mac to force building for darwin/arm64, but was getting errors like this when I run make dev:

-->    darwin/arm64: github.com/hashicorp/vault

1 errors occurred:
--> darwin/arm64 error: exit status 2
Stderr: # github.com/hashicorp/vault
/usr/local/opt/go/libexec/pkg/tool/darwin_amd64/link: running clang failed: exit status 1
ld: warning: ignoring file /var/folders/97/5dzzw3210vx_p11c78cf354r0000gp/T/go-link-591320702/go.o, building for macOS-x86_64 but attempting to link with file built for unknown-arm64
Undefined symbols for architecture x86_64:
  "_main", referenced from:
     implicit entry/start for main executable
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)

My M1 Mac isn't set up yet (still migrating files), so I haven't been able to test there yet.

ZevEisenberg commented 3 years ago

Update: I got my M1 Mac working, and vault builds without needing to modify anything. This is actually kind of weird, given that darwin/arm64 doesn't appear in build.sh, but maybe it's not required?

However, brew install vault doesn't work because there's no bottle available:

$ brew install vault
Error: vault: no bottle available!
You can try to install from source with e.g.
  brew install --build-from-source vault
Please note building from source is unsupported. You will encounter build
failures with some formulae. If you experience any issues please create pull
requests instead of asking for help on Homebrew's GitHub, Twitter or any other
official channels.

And if I try to brew install --build-from-source vault, I get this error instead:

brew install --build-from-source vault                                                                          1 ↵
==> Downloading https://nodejs.org/dist/v10.23.1/node-v10.23.1.tar.xz
Already downloaded: /Users/igeek/Library/Caches/Homebrew/downloads/6933eea0a3dfd574acb259bd379e17b0d0d06086c5f61f57e72a72d84b03d287--node-v10.23.1.tar.xz
==> Downloading https://homebrew.bintray.com/bottles/node-15.5.1.arm64_big_sur.bottle.tar.gz
Already downloaded: /Users/igeek/Library/Caches/Homebrew/downloads/4e4d07bed36efd6f0b2a7509fbe32c2b8359f31071ad4f49599d3e304d18370f--node-15.5.1.arm64_big_sur.bottle.tar.gz
==> Downloading https://yarnpkg.com/downloads/1.22.10/yarn-v1.22.10.tar.gz
Already downloaded: /Users/igeek/Library/Caches/Homebrew/downloads/1ed0a9b4d5234a1301d4f37d98ad9866a1695d91581d6020ea551b5af4d1b888--yarn-v1.22.10.tar.gz
==> Cloning https://github.com/hashicorp/vault.git
Updating /Users/igeek/Library/Caches/Homebrew/vault--git
==> Checking out tag v1.6.1
HEAD is now at 6d2db3f say how many leases there are when threshold exceeded (#10567) (#10573)
HEAD is now at 6d2db3f say how many leases there are when threshold exceeded (#10567) (#10573)
Warning: A newer Command Line Tools release is available.
Update them from Software Update in System Preferences or run:
  softwareupdate --all --install --force

If that doesn't show you an update run:
  sudo rm -rf /Library/Developer/CommandLineTools
  sudo xcode-select --install

Alternatively, manually download them from:
  https://developer.apple.com/download/more/.

==> Installing dependencies for vault: node@10, node and yarn
==> Installing vault dependency: node@10
Warning: A newer Command Line Tools release is available.
Update them from Software Update in System Preferences or run:
  softwareupdate --all --install --force

If that doesn't show you an update run:
  sudo rm -rf /Library/Developer/CommandLineTools
  sudo xcode-select --install

Alternatively, manually download them from:
  https://developer.apple.com/download/more/.

==> ./configure --prefix=/opt/homebrew/Cellar/node@10/10.23.1 --with-intl=system-icu
==> make install
Last 15 lines from /Users/igeek/Library/Logs/Homebrew/node@10/02.make:
../deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c:86:27: note: expanded from macro 'mul_add'
                : "+m"(r),"+d"(high)    \
                          ^
../deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c:135:9: error: invalid output constraint '=a' in asm
        mul_add(rp[2], ap[2], w, c1);
        ^
../deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c:78:19: note: expanded from macro 'mul_add'
                : "=a"(low),"=d"(high)  \
                  ^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make[1]: *** [/private/tmp/node@10-20210104-32349-1nvpzkq/node-v10.23.1/out/Release/obj.target/openssl/deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.o] Error 1
make[1]: *** Waiting for unfinished jobs....
rm ea5e15d5e44860e80ed952ae4307190969e70d76.intermediate
make: *** [node] Error 2

Do not report this issue to Homebrew/brew or Homebrew/core!

Error: A newer Command Line Tools release is available.
Update them from Software Update in System Preferences or run:
  softwareupdate --all --install --force

If that doesn't show you an update run:
  sudo rm -rf /Library/Developer/CommandLineTools
  sudo xcode-select --install

Alternatively, manually download them from:
  https://developer.apple.com/download/more/.

Is node only used for install builds, not dev builds, or something like that? It seems to be the current bottleneck.

ZevEisenberg commented 3 years ago

One more note: brew install node works fine, but it installs node-15.5.1.arm64_big_sur.bottle.tar.gz as of this writing. It looks like vault may be using an old version, if I'm interpreting the meaning of node@10 from the above log correctly. Maybe that's the issue?

HridoyRoy commented 3 years ago

Hi @ZevEisenberg , thanks so much for filing this! We will almost certainly support building for arm64 sometime in the future!

paymog commented 3 years ago

@HridoyRoy will you also support docker images built for arm64 too?

0x91 commented 3 years ago

node 10 goes end of life in around 6 weeks so I think this is fairly urgent.

I tried building with node 14 (the latest LTS) but on an M1 Mac it throws a nasty exception:

yarn run v1.19.1
$ ember build -prod

<--- Last few GCs --->

[78863:0x128008000]      375 ms: Scavenge 22.3 (31.9) -> 15.7 (32.4) MB, 0.7 / 0.0 ms  (average mu = 1.000, current mu = 1.000) allocation failure 
[78863:0x128008000]      431 ms: Scavenge 24.4 (49.3) -> 18.6 (50.3) MB, 0.8 / 0.0 ms  (average mu = 1.000, current mu = 1.000) allocation failure 
[78863:0x128008000]      534 ms: Scavenge 36.5 (53.4) -> 27.0 (55.3) MB, 1.2 / 0.0 ms  (average mu = 1.000, current mu = 1.000) allocation failure 

<--- JS stacktrace --->

FATAL ERROR: wasm code commit Allocation failed - process out of memory
 1: 0x102d450cc node::Abort() [/opt/homebrew/Cellar/node@14/14.16.0_1/bin/node]

Reportedly this was fixed in node 15.x and hopefully https://github.com/nodejs/node/pull/35986 eventually get backported to the LTS. Building with node 15 does get further, but then we hit an error inside ember:

$ ember build -prod
Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db

  INFORMATION (ember-cli-pretender)
  ember-auto-import seems to be in your package dependencies.
  As a result, you don't need pretender to be wrapped anymore.
  You can install pretender and remove ember-cli-pretender.

WARNING: Node v15.11.0 is not tested against Ember CLI on your platform. We recommend that you use the most-recent "Active LTS" version of Node.js. See https://git.io/v7S5n for details.
WARNING: Option "nodeWorker" is deprecated since workerpool@5.0.0. Please use "workerType" instead.
WARNING: Option "nodeWorker" is deprecated since workerpool@5.0.0. Please use "workerType" instead.
WARNING: Option "nodeWorker" is deprecated since workerpool@5.0.0. Please use "workerType" instead.
Environment: production
⠦ building... [Babel: @ember/test-helpers > applyPatches]Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db
Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db
Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db
Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db
Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db
⠧ building... [Babel: @ember/test-helpers > applyPatches]Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db
Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db
⠴ building... [Babel: @ember/test-helpers > applyPatches]error: --------------------------------------------------------------------------
error: An uncaught YUIDoc error has occurred, stack trace given below
error: --------------------------------------------------------------------------
error: TypeError [ERR_INVALID_ARG_TYPE]: The "options" argument must be of type object. Received an instance of Array
    at ChildProcess.target.send (node:internal/child_process:716:7)
    at Array.forEach (<anonymous>)
    at dispatchQueuedRequests (/Users/charliestocker/code/oss/vault/ui/node_modules/ember-cli-test-loader/node_modules/workerpool/lib/WorkerHandler.js:174:21)
    at ChildProcess.<anonymous> (/Users/charliestocker/code/oss/vault/ui/node_modules/ember-cli-test-loader/node_modules/workerpool/lib/WorkerHandler.js:129:7)
    at ChildProcess.emit (node:events:378:20)
    at emit (node:internal/child_process:920:12)
    at processTicksAndRejections (node:internal/process/task_queues:82:21)
error: --------------------------------------------------------------------------
error: Node.js version: v15.11.0
error: YUI version: 3.18.1
error: YUIDoc version: 0.10.2
error: Please file all tickets here: http://github.com/yui/yuidoc/issues
error: --------------------------------------------------------------------------
cleaning up...

I hope this saves someone some time debugging this.

michaelarichard commented 3 years ago

Workaround for vault plugin, tested as working.

cloned the repo, checked out the tag, ran make build (with go installed and configured w/ brew install go), and then was able to:

mkdir -p ~/.terraform.d/plugins/registry.terraform.io/vault/2.19.0/darwin_arm64/
cp ~/go/bin/terraform-provider-vault ~/.terraform.d/plugins/registry.terraform.io/hashicorp/vault/2.19.0/darwin_arm64/terraform-provider-vault_v2.19.0
gabrielrinaldi commented 3 years ago

@michaelarichard which tag did you checked out? I am trying to build 1.7.0 and 1.6.3 and I get this error:

==> Building default package for GOOS=darwin GOARCH=arm64
jq: error (at <stdin>:1): Cannot iterate over null (null)
make[1]: *** [build] Error 5
make: *** [build] Error 2
hollow commented 3 years ago

please make darwin arm64 a first-class citizen. as of today it is still a major hassle for almost all hashicorp products 😢

mladlow commented 3 years ago

Hi folks,

For Vault 1.8+ we'll be providing darwin/arm64 binaries. There's a known issue with enterprise 1.8 arm64 binaries (https://www.vaultproject.io/docs/upgrading/upgrade-to-1.8.0#known-issues). We will address it in 1.8.1, so I'm going to close this.