id mapping failures

[christian-rauch]

I am running the action in two different settings: 1) natively on Ubuntu 22.04 via GitHub's self-hosted runners, 2) via a privileged (--privileged) ubuntu:22.04 Docker image. In both cases, I encounter failures related to "ID mapping".

native:

Setup build environment
+ mmdebstrap --variant=buildd --include=apt,ccache,ca-certificates --customize-hook=chroot "$1" update-ccache-symlinks --components=main,universe jammy /home/$USER/.cache/sbuild/jammy-amd64.tar
I: automatically chosen mode: unshare
I: chroot architecture amd64 is equal to the host's architecture
I: automatically chosen format: tar
I: using /tmp/mmdebstrap.UY6WNwRzOa as tempdir
W: no entry in /etc/subuid for $USER
E: invalid idmap
Error: Process completed with exit code 25.

privileged docker:

Run sbuild
[...]
Building 1/3: src/src/[package]
  [...]
  ROS Distro index file associate with commit '3f9a7723dda85dea69cae17e8397495b3e9928e3'
  New ROS Distro index url: 'https://raw.githubusercontent.com/ros/rosdistro/3f9a7723dda85dea69cae17e8397495b3e9928e3/index-v4.yaml'
  [...]
  + sbuild --chroot-mode=unshare --no-clean-source --no-run-lintian --dpkg-source-opts=-Zgzip -z1 --format=1.0 -sn [...]
  dpkg-source: warning: --auto-commit is not a valid option for Dpkg::Source::Package::V1
  [...]
  dpkg-source: warning: --auto-commit is not a valid option for Dpkg::Source::Package::V1
  dpkg-source: warning: native package version may not have a revision
  [...]
  sbuild (Debian sbuild) 0.84.2~ubuntu2204+3 (28 December 2022) on 0dd514f28aaa

  +==================================================================================+
  | ros-humble-[...]                         (amd64) Wed, 08 Nov 2023 13:50:37 +0000 |
  +==================================================================================+

  Package: ros-humble-[...]
  Version: 0-2023.11.08.13.50
  Source Version: 0-2023.11.08.13.50
  Distribution: jammy
  Machine Architecture: amd64
  Host Architecture: amd64
  Build Architecture: amd64
  Build Type: binary

  Use of uninitialized value $nsid in concatenation (.) or string at /usr/share/perl5/Sbuild/Utility.pm line 401.
  Use of uninitialized value $range in concatenation (.) or string at /usr/share/perl5/Sbuild/Utility.pm line 401.
  Use of uninitialized value $nsid in concatenation (.) or string at /usr/share/perl5/Sbuild/Utility.pm line 404.
  Use of uninitialized value $range in concatenation (.) or string at /usr/share/perl5/Sbuild/Utility.pm line 404.
  Use of uninitialized value $nsid in concatenation (.) or string at /usr/share/perl5/Sbuild/Utility.pm line 401.
  Use of uninitialized value $nsid in concatenation (.) or string at /usr/share/perl5/Sbuild/Utility.pm line 404.
  ranges: 2 argc: 5
  newuidmap: Not enough arguments to form 2 mappings
  usage: newuidmap <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count> ] ... 
  newuidmap failed:  at -e line 1.
  child had a non-zero exit status: 256 at -e line 1.
  bad exit status (29): perl -e require 'syscall.ph';pipe my $rfh, my $wfh;my $ppid = $$;my $cpid = fork() // die "fork() failed: $!";if ($cpid == 0) {close $wfh;0 == sysread $rfh, my $c, 1 or die "read() did not receive EOF";0 == system "newuidmap $ppid  0 0 1 1  1" or die "newuidmap failed: $!";0 == system "newgidmap $ppid  0 0 1 1  1" or die "newgidmap failed: $!";exit 0;}0 == syscall &SYS_unshare, 268435456 or die "unshare() failed: $!";close $wfh;$cpid == waitpid $cpid, 0 or die "waitpid() failed: $!";if ($? != 0) {die "child had a non-zero exit status: $?";}0 == syscall &SYS_setgid, 0 or die "setgid failed: $!";0 == syscall &SYS_setuid, 0 or die "setuid failed: $!";0 == syscall &SYS_setgroups, 0, 0 or die "setgroups failed: $!";exec { $ARGV[0] } @ARGV or die "exec() failed: $!"; chown 1:1 /tmp/tmp.sbuild._vWIwNTDT6
  E: Error creating chroot session: skipping ros-humble-[...]

[jspricke]

Those are problems in your system configuration, not issues with this repo. If you use useradd or adduser your user will get added to /etc/subuid automatically.

[christian-rauch]

Those are problems in your system configuration, not issues with this repo. If you use useradd or adduser your user will get added to /etc/subuid automatically.

It's very likely that the native system is missing some configuration. In this case, I would still like to figure out why the action is not working and how this can be fixed, potentially adding this to the documentation.

However, for the Docker container pipeline, I guess that such configuration issues should not apply since the (official) Ubuntu Docker images should have the users (the root user in this case) in place.

[jspricke]

It's very likely that the native system is missing some configuration. In this case, I would still like to figure out why the action is not working and how this can be fixed, potentially adding this to the documentation.

Sounds like a good addition to the FAQ, yes. Can you send a PR?

However, for the Docker container pipeline, I guess that such configuration issues should not apply since the (official) Ubuntu Docker images should have the users (the root user in this case) in place.

The action will most likely not work, as far as I know Docker does not support the user namespaces used in the action.

[christian-rauch]

Sounds like a good addition to the FAQ, yes. Can you send a PR?

I can share my insights but I may not be able to send a PR with my affiliation. Sorry.

This seems to work with:

sudo usermod --add-subuids 100000-165535 --add-subgids 100000-165535 $USER

[christian-rauch]

I was also able to resolve the "id mapping" issue inside the privileged Docker container:

    container:
      image: ubuntu:22.04
      options: --privileged

by setting up the sub ids:

      - name: set up sub id mapping
        run: |
          usermod --add-subuids 100000-165535 --add-subgids 100000-165535 $(whoami)

It's important to use $(whoami) as env USER is not defined for the root user.

[jspricke]

Interesting, sounds like you give the build full root rights on your host system with that. I don't think we should advertise that as a solution.