search

sonic-net / sonic-buildimage

Scripts which perform an installable binary image build for SONiC
Other
718 stars 1.38k forks source link

[Build] OpenSSH version conflict #16822

Open jusherma opened 11 months ago

jusherma commented 11 months ago

Description

Steps to reproduce the issue:

  1. Perform build of 202205 branch

Describe the results you received:

The final build stage (assembly of sonic.bin) fails with the following error:

+ sudo dpkg --root=./fsroot-cisco-8000 -i target/debs/bullseye/openssh-server_8.4p1-5+deb11u1_amd64.deb
dpkg: warning: downgrading openssh-server from 1:8.4p1-5+deb11u2 to 1:8.4p1-5+deb11u1
(Reading database ... 49575 files and directories currently installed.)
Preparing to unpack .../openssh-server_8.4p1-5+deb11u1_amd64.deb ...
Unpacking openssh-server (1:8.4p1-5+deb11u1) over (1:8.4p1-5+deb11u2) ...
dpkg: dependency problems prevent configuration of openssh-server:
 openssh-server depends on openssh-client (= 1:8.4p1-5+deb11u1); however:
  Version of openssh-client on system is 1:8.4p1-5+deb11u2.

Describe the results you expected:

Build to succeed

Additional information you deem important (e.g. issue happens only occasionally):

Looks like version 1:8.4p1-5+deb11u2 of openssh-server is installed in the fsroot, but an attempt to downgrade it to 1:8.4p1-5+deb11u1 is made. This downgrade attempt fails because then the version of openssh-client would not match the server version.

I am seeing this consistently using 6f18a233 of 202205. Last good build was ef7780d8. Tests are in progress to see if this issue now happens with previously good builds (suggesting a problem based on Debian Apt mirror) or not.

One change that may have caused this is the recent update to the pinned versions (#16698). It's also possible the recent release of OpenSSH 1:8.4p1-5+deb11u2 Debian package is the culprit.

I have tried rebuilding with SONIC_VERSION_CONTROL_COMPONENTS=py2,py3,web,git,docker MIRROR_SNAPSHOT=y and still see the same OpenSSH error. When rebuilding with SONIC_VERSION_CONTROL_COMPONENTS=py2,py3,web,git,docker,deb MIRROR_SNAPSHOT=y, I get a seemingly unrelated error much earlier in the build process.

coversheets commented 11 months ago

👍 same with 202305:

+ sudo dpkg --root=./fsroot-broadcom -i target/debs/bullseye/openssh-server_8.4p1-5+deb11u1_amd64.deb
dpkg: warning: downgrading openssh-server from 1:8.4p1-5+deb11u2 to 1:8.4p1-5+deb11u1
(Reading database ... 49306 files and directories currently installed.)
Preparing to unpack .../openssh-server_8.4p1-5+deb11u1_amd64.deb ...
Unpacking openssh-server (1:8.4p1-5+deb11u1) over (1:8.4p1-5+deb11u2) ...
dpkg: dependency problems prevent configuration of openssh-server:
 openssh-server depends on openssh-client (= 1:8.4p1-5+deb11u1); however:
  Version of openssh-client on system is 1:8.4p1-5+deb11u2.

dpkg: error processing package openssh-server (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 openssh-server
k-v1 commented 11 months ago

Debian 11.8 was released 3 days ago. I think need to update version in rules/openssh.mk file to deb11u2. But I haven't yet tested it.

jusherma commented 11 months ago

Debian 11.8 was released 3 days ago. I think need to update version in rules/openssh.mk file to deb11u2. But I haven't yet tested it.

That solved it, thanks! I imagine these references will need to be updated too, to work for folks using the SONIC_VERSION_CONTROL_COMPONENTS option

files/build/versions/dockers/sonic-slave-bullseye/versions-deb-bullseye:openssh-server==1:8.4p1-5+deb11u1
files/build/versions/host-image/versions-deb-bullseye:openssh-server==1:8.4p1-5+deb11u1+fips
files/build/versions/host-image/versions-deb-bullseye-armhf:openssh-server==1:8.4p1-5+deb11u1
vmittal-msft commented 11 months ago

@xumia, SSH build issue was already addressed by @saiarcot895 PR. So why build behaves different in PR build and nightly build. Please check.

aparkhomenko-xsight commented 10 months ago

Hi, it seems like build with 'SONIC_DPKG_CACHE_METHOD ?= rwcache' is broken after this commit

[baseimage]: Update openssh to 1:8.4p1-5+deb11u2 (#16826)

cached archive doesn't contain requied packages

aparkhomenko@ubuntu18-sonic-lx008:/local_disk/aparkhomenko/sonic-buildimage/temp$ tar xvzf openssh-server_8.4p1-5+deb11u2_amd64.deb-93cdb1e3219f60f52a20451-8de292ef87b5b6778bf49e3.tgz target/debs/bullseye/openssh-server_8.4p1-5+deb11u2_amd64.deb

cache misses this two packages

target/debs/bullseye/openssh-client_8.4p1-5+deb11u2_amd64.deb target/debs/bullseye/openssh-sftp-server_8.4p1-5+deb11u2_amd64.deb

but it can be easily fixed with this patch

diff --git a/rules/openssh.mk b/rules/openssh.mk
index b86fc79d6..5609bf34e 100644
--- a/rules/openssh.mk
+++ b/rules/openssh.mk
@@ -10,10 +10,10 @@ $(OPENSSH_SERVER)_DEPENDS +=  $(LIBNL3_DEV) $(LIBNL_ROUTE3_DEV)
 SONIC_MAKE_DEBS += $(OPENSSH_SERVER)

 OPENSSH_CLIENT = openssh-client_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
-#$(eval $(call add_derived_package,$(OPENSSH_SERVER),$(OPENSSH_CLIENT)))
+$(eval $(call add_derived_package,$(OPENSSH_SERVER),$(OPENSSH_CLIENT)))

 OPENSSH_SFTP_SERVER = openssh-sftp-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
-#$(eval $(call add_derived_package,$(OPENSSH_SERVER),$(OPENSSH_SFTP_SERVER)))
+$(eval $(call add_derived_package,$(OPENSSH_SERVER),$(OPENSSH_SFTP_SERVER)))

 # The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list}
 # are archived into debug one image to facilitate debugging.