search

laverdet / isolated-vm

Secure & isolated JS environments for nodejs
ISC License
2.2k stars 154 forks source link

Problems working with Redhat Enterprise Linux #395

Closed markstickley closed 1 year ago

markstickley commented 1 year ago

Hello! I'm using RHEL (UBI9) and I'm struggling to get isolated-vm running. It's unclear which set of requirements in the README I should be following - I don't think RedHat stems from any of the distros mentioned.

I do know that I'm installing python3, gcc and gcc-c++ which seem like fairly likely requirements.

Here's a dockerfile that replicates the problem:

FROM registry.access.redhat.com/ubi9/nodejs-18@sha256:585fa37bb2090cf54a79f9d3e75fbe5f67e1ffeae1420a76d4dfe1a3a162b842

USER root

RUN useradd -Ur -s /sbin/nologin -d /opt/app-root/src -M myuser \
    && yum update -y \
    && yum install -y gcc gcc-c++ brotli-devel \
    && yum clean all \
    && npm install -g yarn \
    && npm cache clean --force \
    && yarn add isolated-vm@4.6.0 \
    && dnf remove -y npm \
    && chown -R myuser:myuser /opt/app-root/src \
    && chmod 0750 /opt/app-root/src

USER myuser:myuser

WORKDIR /opt/app-root/src

Output is as follows:

 % docker image build . -f packages/backend/Dockerfile.vm --tag backstage
[+] Building 31.1s (5/6)
 => [internal] load build definition from Dockerfile.vm                                                                                                                                                                                         0.0s
 => => transferring dockerfile: 592B                                                                                                                                                                                                            0.0s
 => [internal] load .dockerignore                                                                                                                                                                                                               0.0s
 => => transferring context: 111B                                                                                                                                                                                                               0.0s
 => [internal] load metadata for registry.access.redhat.com/ubi9/nodejs-18@sha256:585fa37bb2090cf54a79f9d3e75fbe5f67e1ffeae1420a76d4dfe1a3a162b842                                                                                              0.5s
 => CACHED [1/3] FROM registry.access.redhat.com/ubi9/nodejs-18@sha256:585fa37bb2090cf54a79f9d3e75fbe5f67e1ffeae1420a76d4dfe1a3a162b842                                                                                                         0.0s
 => ERROR [2/3] RUN useradd -Ur -s /sbin/nologin -d /opt/app-root/src -M myuser     && yum update -y     && yum install -y gcc gcc-c++ brotli-devel     && yum clean all     && npm install -g yarn     && npm cache clean --force     && yar  30.6s
------
 > [2/3] RUN useradd -Ur -s /sbin/nologin -d /opt/app-root/src -M myuser     && yum update -y     && yum install -y gcc gcc-c++ brotli-devel     && yum clean all     && npm install -g yarn     && npm cache clean --force     && yarn add isolated-vm@4.6.0     && dnf remove -y npm     && chown -R myuser:myuser /opt/app-root/src     && chmod 0750 /opt/app-root/src:
#0 0.445 Updating Subscription Management repositories.
#0 0.445 Unable to read consumer identity
#0 0.446 Subscription Manager is operating in container mode.
#0 0.449
#0 0.449 This system is not registered with an entitlement server. You can use subscription-manager to register.
#0 0.449
#0 2.046 Red Hat Universal Base Image 9 (RPMs) - BaseOS  274 kB/s | 415 kB     00:01
#0 3.524 Red Hat Universal Base Image 9 (RPMs) - AppStre 1.0 MB/s | 1.5 MB     00:01
#0 5.198 Red Hat Universal Base Image 9 (RPMs) - CodeRea  77 kB/s | 113 kB     00:01
#0 5.286 Dependencies resolved.
#0 5.286 Nothing to do.
#0 5.286 Complete!
#0 5.464 Updating Subscription Management repositories.
#0 5.464 Unable to read consumer identity
#0 5.465 Subscription Manager is operating in container mode.
#0 5.466
#0 5.466 This system is not registered with an entitlement server. You can use subscription-manager to register.
#0 5.466
#0 5.521 Package gcc-11.3.1-4.3.el9.aarch64 is already installed.
#0 5.521 Package gcc-c++-11.3.1-4.3.el9.aarch64 is already installed.
#0 5.527 Dependencies resolved.
#0 5.527 ================================================================================
#0 5.527  Package          Arch        Version            Repository                Size
#0 5.527 ================================================================================
#0 5.527 Installing:
#0 5.527  brotli-devel     aarch64     1.0.9-6.el9        ubi-9-appstream-rpms      36 k
#0 5.527 Installing dependencies:
#0 5.527  brotli           aarch64     1.0.9-6.el9        ubi-9-appstream-rpms     314 k
#0 5.527
#0 5.527 Transaction Summary
#0 5.527 ================================================================================
#0 5.527 Install  2 Packages
#0 5.527
#0 5.527 Total download size: 350 k
#0 5.527 Installed size: 765 k
#0 5.528 Downloading Packages:
#0 5.632 (1/2): brotli-devel-1.0.9-6.el9.aarch64.rpm     345 kB/s |  36 kB     00:00
#0 5.641 (2/2): brotli-1.0.9-6.el9.aarch64.rpm           2.7 MB/s | 314 kB     00:00
#0 5.643 --------------------------------------------------------------------------------
#0 5.643 Total                                           3.0 MB/s | 350 kB     00:00
#0 5.661 Running transaction check
#0 5.664 Transaction check succeeded.
#0 5.664 Running transaction test
#0 5.695 Transaction test succeeded.
#0 5.695 Running transaction
#0 5.805   Preparing        :                                                        1/1
#0 5.842   Installing       : brotli-1.0.9-6.el9.aarch64                             1/2
#0 5.848   Installing       : brotli-devel-1.0.9-6.el9.aarch64                       2/2
#0 5.856   Running scriptlet: brotli-devel-1.0.9-6.el9.aarch64                       2/2
#0 5.937   Verifying        : brotli-1.0.9-6.el9.aarch64                             1/2
#0 5.937   Verifying        : brotli-devel-1.0.9-6.el9.aarch64                       2/2
#0 5.976 Installed products updated.
#0 6.012
#0 6.012 Installed:
#0 6.012   brotli-1.0.9-6.el9.aarch64          brotli-devel-1.0.9-6.el9.aarch64
#0 6.012
#0 6.012 Complete!
#0 6.205 Updating Subscription Management repositories.
#0 6.205 Unable to read consumer identity
#0 6.205 Subscription Manager is operating in container mode.
#0 6.207
#0 6.207 This system is not registered with an entitlement server. You can use subscription-manager to register.
#0 6.207
#0 6.214 25 files removed
#0 7.168
#0 7.168 added 1 package in 652ms
#0 7.168 npm notice
#0 7.168 npm notice New major version of npm available! 9.5.1 -> 10.0.0
#0 7.169 npm notice Changelog: <https://github.com/npm/cli/releases/tag/v10.0.0>
#0 7.169 npm notice Run `npm install -g npm@10.0.0` to update!
#0 7.169 npm notice
#0 7.409 npm WARN using --force Recommended protections disabled.
#0 7.606 yarn add v1.22.19
#0 7.617 info No lockfile found.
#0 7.630 [1/4] Resolving packages...
#0 9.202 [2/4] Fetching packages...
#0 9.656 [3/4] Linking dependencies...
#0 9.800 [4/4] Building fresh packages...
#0 30.24 info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.
#0 30.24 error /opt/app-root/src/node_modules/isolated-vm: Command failed.
#0 30.24 Exit code: 1
#0 30.24 Command: prebuild-install || (node-gyp rebuild --release -j 4 && node-gyp clean)
#0 30.24 Arguments:
#0 30.24 Directory: /opt/app-root/src/node_modules/isolated-vm
#0 30.24 Output:
#0 30.24 prebuild-install warn install No prebuilt binaries found (target=18.16.1 runtime=node arch=arm64 libc= platform=linux)
#0 30.24 gyp info it worked if it ends with ok
#0 30.24 gyp info using node-gyp@9.3.1
#0 30.24 gyp info using node@18.16.1 | linux | arm64
#0 30.24 gyp info find Python using Python version 3.9.16 found at "/usr/bin/python3"
#0 30.24 gyp http GET https://nodejs.org/download/release/v18.16.1/node-v18.16.1-headers.tar.gz
#0 30.24 gyp http 200 https://nodejs.org/download/release/v18.16.1/node-v18.16.1-headers.tar.gz
#0 30.24 gyp http GET https://nodejs.org/download/release/v18.16.1/SHASUMS256.txt
#0 30.24 gyp http 200 https://nodejs.org/download/release/v18.16.1/SHASUMS256.txt
#0 30.24 gyp info spawn /usr/bin/python3
#0 30.24 gyp info spawn args [
#0 30.24 gyp info spawn args   '/usr/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py',
#0 30.24 gyp info spawn args   'binding.gyp',
#0 30.24 gyp info spawn args   '-f',
#0 30.24 gyp info spawn args   'make',
#0 30.24 gyp info spawn args   '-I',
#0 30.24 gyp info spawn args   '/opt/app-root/src/node_modules/isolated-vm/build/config.gypi',
#0 30.24 gyp info spawn args   '-I',
#0 30.24 gyp info spawn args   '/usr/lib/node_modules/npm/node_modules/node-gyp/addon.gypi',
#0 30.24 gyp info spawn args   '-I',
#0 30.24 gyp info spawn args   '/opt/app-root/src/.cache/node-gyp/18.16.1/include/node/common.gypi',
#0 30.24 gyp info spawn args   '-Dlibrary=shared_library',
#0 30.24 gyp info spawn args   '-Dvisibility=default',
#0 30.24 gyp info spawn args   '-Dnode_root_dir=/opt/app-root/src/.cache/node-gyp/18.16.1',
#0 30.24 gyp info spawn args   '-Dnode_gyp_dir=/usr/lib/node_modules/npm/node_modules/node-gyp',
#0 30.24 gyp info spawn args   '-Dnode_lib_file=/opt/app-root/src/.cache/node-gyp/18.16.1/<(target_arch)/node.lib',
#0 30.24 gyp info spawn args   '-Dmodule_root_dir=/opt/app-root/src/node_modules/isolated-vm',
#0 30.24 gyp info spawn args   '-Dnode_engine=v8',
#0 30.24 gyp info spawn args   '--depth=.',
#0 30.24 gyp info spawn args   '--no-parallel',
#0 30.24 gyp info spawn args   '--generator-output',
#0 30.24 gyp info spawn args   'build',
#0 30.24 gyp info spawn args   '-Goutput_dir=.'
#0 30.24 gyp info spawn args ]
#0 30.24 gyp info spawn make
#0 30.24 gyp info spawn args [ 'BUILDTYPE=Release', '-C', 'build', '--jobs', 4 ]
#0 30.24 make: Entering directory '/opt/app-root/src/node_modules/isolated-vm/build'
#0 30.24   CXX(target) Release/obj.target/nortti/src/external_copy/serializer_nortti.o
#0 30.24   CXX(target) Release/obj.target/nortti/src/isolate/allocator_nortti.o
#0 30.24 rm -f Release/obj.target/nortti.a Release/obj.target/nortti.a.ar-file-list; mkdir -p `dirname Release/obj.target/nortti.a`
#0 30.24 ar crs Release/obj.target/nortti.a @Release/obj.target/nortti.a.ar-file-list
#0 30.24   COPY Release/nortti.a
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/external_copy/external_copy.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/external_copy/serializer.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/external_copy/string.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/isolate/environment.o
#0 30.24 ../src/isolate/environment.cc:58: warning: "_GNU_SOURCE" redefined
#0 30.24    58 | #define _GNU_SOURCE
#0 30.24       |
#0 30.24 <command-line>: note: this is the location of the previous definition
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/isolate/cpu_profile_manager.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/isolate/executor.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/isolate/holder.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/isolate/inspector.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/isolate/platform_delegate.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/isolate/scheduler.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/isolate/stack_trace.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/isolate/three_phase_task.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/lib/thread_pool.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/lib/timer.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/callback.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/context_handle.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/evaluation.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/external_copy_handle.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/isolate.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/isolate_handle.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/lib_handle.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/module_handle.o
#0 30.24 ../src/module/lib_handle.cc: In member function 'v8::Local<v8::Value> ivm::LibHandle::PrivateSymbol(v8::MaybeLocal<v8::String>)':
#0 30.24 ../src/module/lib_handle.cc:58:17: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
#0 30.24    58 |         return *reinterpret_cast<Local<Value>*>(&symbol);
#0 30.24       |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#0 30.24 ../src/module/lib_handle.cc:58:17: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/native_module_handle.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/reference_handle.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/script_handle.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/session_handle.o
#0 30.24   CXX(target) Release/obj.target/isolated_vm/src/module/transferable.o
#0 30.24   SOLINK_MODULE(target) Release/obj.target/isolated_vm.node
#0 30.24 /usr/bin/ld: cannot find -lz
#0 30.24 collect2: error: ld returned 1 exit status
#0 30.24 make: *** [isolated_vm.target.mk:218: Release/obj.target/isolated_vm.node] Error 1
#0 30.24 make: Leaving directory '/opt/app-root/src/node_modules/isolated-vm/build'
#0 30.24 gyp ERR! build error
#0 30.24 gyp ERR! stack Error: `make` failed with exit code: 2
#0 30.24 gyp ERR! stack     at ChildProcess.onExit (/usr/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:203:23)
#0 30.24 gyp ERR! stack     at ChildProcess.emit (node:events:513:28)
#0 30.24 gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:291:12)
#0 30.24 gyp ERR! System Linux 5.15.49-linuxkit-pr
#0 30.24 gyp ERR! command "/usr/bin/node" "/usr/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild" "--release" "-j" "4"
#0 30.24 gyp ERR! cwd /opt/app-root/src/node_modules/isolated-vm
#0 30.24 gyp ERR! node -v v18.16.1
#0 30.24 gyp ERR! node-gyp -v v9.3.1
#0 30.24 gyp ERR! not ok
------
Dockerfile.vm:5
--------------------
   4 |
   5 | >>> RUN useradd -Ur -s /sbin/nologin -d /opt/app-root/src -M myuser \
   6 | >>>     && yum update -y \
   7 | >>>     && yum install -y gcc gcc-c++ brotli-devel \
   8 | >>>     && yum clean all \
   9 | >>>     && npm install -g yarn \
  10 | >>>     && npm cache clean --force \
  11 | >>>     && yarn add isolated-vm@4.6.0 \
  12 | >>>     && dnf remove -y npm \
  13 | >>>     && chown -R myuser:myuser /opt/app-root/src \
  14 | >>>     && chmod 0750 /opt/app-root/src
  15 |
--------------------
ERROR: failed to solve: process "/bin/sh -c useradd -Ur -s /sbin/nologin -d /opt/app-root/src -M myuser     && yum update -y     && yum install -y gcc gcc-c++ brotli-devel     && yum clean all     && npm install -g yarn     && npm cache clean --force     && yarn add isolated-vm@4.6.0     && dnf remove -y npm     && chown -R myuser:myuser /opt/app-root/src     && chmod 0750 /opt/app-root/src" did not complete successfully: exit code: 1

Hopefully I'm just making a rookie mistake! Many thanks

laverdet commented 1 year ago

You can google this part "cannot find lz" (remove the - from -lz or Google will exclude it) and look for instructions.

markstickley commented 1 year ago

Thanks @laverdet, I found a thread that helped with that advice.

For me, installing zlib-devel fixed the issue on Redhat. Don't know if it's worth adding that one to the README? Cheers :)