search

rimerosolutions / entrusted

Sanitize documents to safe PDFs, for active content removal
GNU General Public License v3.0
26 stars 0 forks source link

Live-CD Build Error #65

Closed stef204 closed 1 year ago

stef204 commented 1 year ago

From entrusted/ci_cd/live_cd, running the build.sh script gives this error:

Error: copying system image from manifest list: writing blob: adding layer with blob "sha256:xxxxxxxxxxxxxxa02d4eb6bb": processing tar file(potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /etc/gshadow: invalid argument): exit status 1
+ retVal=125
+ '[' 125 '!=' 0 ']'
+ echo 'Could not build entrusted-cli and entrusted-webserver'
Could not build entrusted-cli and entrusted-webserver

Building from entrusted/ci_cd gives:

ERRO[0000] cannot find UID/GID for user $USER: no subuid ranges found for user $USER in /etc/subuid - check rootless mode in man pages. 
WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user 
Trying to pull docker.io/uycyjnzgntrn/rust-windows:1.67.0...
Getting image source signatures
Copying blob 7139ad4c9de2 done  
Error: writing blob: adding layer with blob "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcf9702c6ae68b8c": processing tar file(potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /etc/gshadow: invalid argument): exit status 1
WARN[0271] Failed to add pause process to systemd sandbox cgroup: Process org.freedesktop.systemd1 exited with status 1 
+ retVal=125
+ '[' 125 -ne 0 ']'
+ echo 'Failure to build Windows binaries'
Failure to build Windows binaries
+ exit 1
+ retVal=1
+ '[' 1 -ne 0 ']'
+ echo 'Windows build failure'
Windows build failure
+ exit 1

This is on branch main . Linux x86_64

Any ideas how to debug?

yveszoundi commented 1 year ago

Recommendation

I suggest trying the following prior the build

echo entrusted:100000:65536 | sudo tee -a /etc/subuid
echo entrusted:100000:65536 | sudo tee -a /etc/subgid

Reason

The problem is likely that when users are added to the system, some UIDs are not registered to /etc/subuid and /etc/subgid. On some Linux distributions, I believe that the above is done sometimes automatically when adding new users to the systems (some versions of Ubuntu at least and few other distributions, if I recall correctly).

Notes

I only ever build the Live CD on Ubuntu 22.04. I've tested builds under other distributions, but that was a while ago and there were probably few local configuration differences. It's possible that I followed the recommended solution myself a while ago and forgot to add it in build scripts.

stef204 commented 1 year ago

Thanks for the quick turnaround on this issue. You're correct, I found this and have applied the fix. Rebuilding now, let's see.

stef204 commented 1 year ago

Do I need to actually create user AND group entrusted on my box? (in addition to applying the fix above, I mean.)

stef204 commented 1 year ago

Still showing this error when building from entrusted/ci_cd.

Getting image source signatures
Copying blob 7139ad4c9de2 done  
Error: writing blob: adding layer with blob "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx37a9c6bcf9702c6ae68b8c": processing tar file(potentially insufficient UIDs or GIDs available in user namespace (requested 0:42 for /etc/gshadow): Check /etc/subuid and /etc/subgid if configured locally and run "podman system migrate": lchown /etc/gshadow: invalid argument): exit status 1
+ retVal=125
+ '[' 125 -ne 0 ']'
+ echo 'Failure to build Windows binaries'
Failure to build Windows binaries
+ exit 1
+ retVal=1
+ '[' 1 -ne 0 ']'
+ echo 'Windows build failure'
Windows build failure
+ exit 1

Must be related to podman and its configuration on my box?

yveszoundi commented 1 year ago

I occasionally had to run "podman system migrate" but that was when testing on Alpine. I suggest running manually podman system migrate and then restarting the build.

Also, which Linux distribution are you using?

I've built yesterday-today the Live CD and main binaries (Linux, Windows, Mac OS) from GitHub actions successfully -> Ubuntu Linux virtual machines with logic similar to the local build.

Build results from the develop branch (Live CD and other binaries) gh-screenshot

yveszoundi commented 1 year ago

Please let me know if running podman system migrate helps.

I answered your more specific question in the other issue https://github.com/rimerosolutions/entrusted/discussions/67

stef204 commented 1 year ago

Please let me know if running podman system migrate helps.

I've already run podman system migrate a few times, no changes.

Let's focus on #67 at the moment since that fails as well and it is more basic. We can come back to this issue here #65 once #67 is resolved perhaps.

stef204 commented 1 year ago

Also, which Linux distribution are you using?

Archlinux x86_64

yveszoundi commented 1 year ago

Closing this issue in favor of #79