Closed TriplEight closed 4 years ago
Nope, it uses ptrace for trace instrumentation which due to it's nature needs the security lowering to allow it
and no way to avoid it with say, --no-run
and then generate reports based on artefacts in CARGO-TARGET-DIR
, which can be out of the container?
well if you don't run the tests you can't collect coverage on them... I suppose you could do no-run then copy the entire target directory out and tarpaulin might not have to rebuild the tests before running them. I haven't tried that, it's not really a "normal" workflow
currently tarpaulin
works better for me than grcov
. But I can't afford lowering security due to the open pipelines we have, so unfortunately will have to stick with the latter.
If you could use your CI without docker that might be an alternative option, but yeah unfortunately with docker there's no way without lowering the security policy
There should be something else. I'm trying to run in local docker and during the tests execution got some
/builds/target/debug/deps/<some dependency>: error while loading shared libraries: libtest-982f95e7e2b65d75.so: cannot open shared object file: No such file or directory
And
[DEBUG tarpaulin] Instrumentation address clash, ignoring 0x4962f0
And Error: "Test failed during run"
in the end.
The command to run docker: docker run -it --security-opt seccomp=unconfined paritytech/ink-ci-linux:tarpaulin
and inside:
git clone https://github.com/paritytech/ink .
docker run -it --security-opt seccomp=unconfined paritytech/ink-ci-linux:tarpaulin
OK, this is weird, but +nightly
saved my day, despite I have
# rustup default
nightly-2020-04-07-x86_64-unknown-linux-gnu (default)
hmm that might be solved by a new PR that was merged on develop otherwise I'm not really sure. Also I'm not fully sure what is in your tarpaulin tagged image anyway so couldn't be much help in that respect.
I just wanted to provide you with a way to reproduce.
Also I'm not fully sure what is in your tarpaulin tagged image
Here it is: https://github.com/paritytech/scripts/blob/tarpaulin/dockerfiles/ink-ci-linux/Dockerfile
I was researching a bit further and found that docker actually allows ptrace
on default seccomp profile since v19.03.8, on 4.8+ kernels.
But couldn't make tarpaulin
work with this. The error is still the same.
Also tried podman
and no luck so far.
cc https://github.com/xd009642/tarpaulin/issues/146
Ah so I was a bit imprecise in my wording. For ptrace to work I need to disable ASLR using the personality system call. As ASLR is a security measure implemented in the kernel that's what specifically needs the lowering
Thanks for the clarification. Then it can't be helped without altering the host or the way containers are run. What a pity!
Yeah it's a shame but it seems to be something that can't be solved. I'm going to close this issue but if you have anymore questions just let me know
This might just be useful to GitLab user passers by: https://www.collabora.com/news-and-blog/blog/2021/03/24/rust-integrating-llvm-source-base-code-coverage-with-gitlab/
Did you try cargo tarpaulin --engine
Llvm?
Exactly the same as in https://github.com/xd009642/tarpaulin/issues/146, getting this error in GitLab's docker runner. Is there a way to get the report in docker without lowering the security?