blaggacao
commented
4 years ago @Johannestegner have you observed similar behaviour? It happened with your arm64 builds from the gitlab registry...
Open blaggacao opened 4 years ago
blaggacao
commented
4 years ago @Johannestegner have you observed similar behaviour? It happened with your arm64 builds from the gitlab registry...
Johannestegner
commented
4 years ago Hi there! I have not tested the bot (nor image) on rpi3, but as soon as I have had breakfast and taken the kids to school I'll test it on my aarch64 server to see if I get the same result.
Is the rpi3 an aarch64 CPU and not a 32b arm version?
Johannestegner
commented
4 years ago Alright, I have checked my docker file and such and it seems like it have been failing in the build pipeline for quite a while. That is, it's probably a bit outdated. @blaggacao Have you tested with the latest version provided by Keybase?
blaggacao
commented
4 years ago @Johannestegner
I'm using Raspberry Pi 3 Model B V1.2 (writing on the circuit board) which according to here has a Quad Core 1.2GHz Broadcom BCM2837 64bit CPU which according to here is a quad-core ARM Cortex A53 (ARMv8) which according to here has AArch32 for full backward compatibility with Armv7 and AArch64 for 64-bit support and new architectural features.
I'm running on Rancher OS which distributes a 64bit version for Rpi.
Furthermore, I gloriously failed at cross-compiling, even with docker's buildx (it doesn't compile on the RPI itself due to resource constraints, I assume - curiously it seems to hang during a git clone command issued by go get.). That's when I discovered your images and gained trust in them. So no, I couldn't check with the latest keybase's versions, but I'm happy to help fixing/automating your build pipeline for having a reliable source of those docker images under such constraints.
ping to @ddworken to raise awareness that while building things oneself is a great educational strategy and thus benefits secure practices, in the event of trying to build a cheap RPi appliance with excellent glassbreak properties (just pull the plug), officially supported and published images based on @Johannestegner s work would be just about perfect.
Johannestegner
commented
4 years ago I'm very happy to hear that you like my images (i really love writing docker images and optimize them as much as possible, hehe), but my work would really be nothing without the software ;) It's a great echo-system! :D
I pushed new images based on the latest version of keybase-sshca about 2 hours ago, if the docker images is the way you wish to go, feel free to try the latest version and let me know if the issue persists. My latest image (before current) was badly outdated.
blaggacao
commented
4 years ago Yeah thanks! I just inferred you also run a weekly scheduled pipeline, I'll pull the new latest and check again and then report back. Thanks!
ddworken
commented
4 years ago Thanks for the tag @blaggacao! Having an official Keybase docker file is definitely something we're interested in/planning on doing long term, but getting everything set up such that it can be done securely (reproducible builds and using docker content trust) takes a bit of extra work. :)
And if the latest build from @Johannestegner doesn't work out, I can take a look and see whether I can reproduce and figure anything out.
blaggacao
commented
4 years ago @ddworken Yes please! have a look at this finding, :pray: https://github.com/keybase/bot-sshca/issues/91 (and the linked issues)
On arm64/aarch64, precisely on a Rpi3 B, just after sending a message to the team from the cli, the ca server segfaults with:
Message:
keybase chat send team.ssh.stage "This message kills the auth bot"Used image:
registry.gitlab.com/jitesoft/dockerfiles/keybase-sshca/alpine:latestIt is not consistent, after 5 test 4 in 5 messages killed the bot.