[PATCH] Dockerfile.isar: Pull qemu-user-static from buster-backports

[PATCH] Dockerfile.isar: Pull qemu-user-static from buster-backports

[Jan Kiszka]

From: Jan Kiszka <jan.kiszka@siemens.com>

This is needed for running fakeroot from bullseye and sid which triggers
an unimplemented syscall with the current version.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 Dockerfile.isar | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Dockerfile.isar b/Dockerfile.isar
index 6b325f3..739dfab 100644
--- a/Dockerfile.isar
+++ b/Dockerfile.isar
@@ -3,7 +3,9 @@
 FROM kasproject/kas:latest
 
 ENV LC_ALL=en_US.UTF-8
-RUN apt-get update && \
+RUN echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list && \
+    echo "Package: qemu-user-static binfmt-support\nPin: release n=buster-backports\nPin-Priority: 501\n\nPackage: *\nPin: release n=buster-backports\nPin-Priority: -1" > /etc/apt/preferences.d/qemu-user-static && \
+    apt-get update && \
     apt-get install -y -f --no-install-recommends \
             autoconf automake gdisk libtool bash-completion \
             sudo grub2 grub-efi-amd64-bin grub-efi-ia32-bin \
-- 
2.26.2

Re: [PATCH] Dockerfile.isar: Pull qemu-user-static from buster-backports

[Jan Kiszka]

On 23.09.20 09:56, [ext] Jan Kiszka wrote:
> From: Jan Kiszka <jan.kiszka@siemens.com>
> 
> This is needed for running fakeroot from bullseye and sid which triggers
> an unimplemented syscall with the current version.
> 
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
>   Dockerfile.isar | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/Dockerfile.isar b/Dockerfile.isar
> index 6b325f3..739dfab 100644
> --- a/Dockerfile.isar
> +++ b/Dockerfile.isar
> @@ -3,7 +3,9 @@
>   FROM kasproject/kas:latest
>   
>   ENV LC_ALL=en_US.UTF-8
> -RUN apt-get update && \
> +RUN echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list && \
> +    echo "Package: qemu-user-static binfmt-support\nPin: release n=buster-backports\nPin-Priority: 501\n\nPackage: *\nPin: release n=buster-backports\nPin-Priority: -1" > /etc/apt/preferences.d/qemu-user-static && \
> +    apt-get update && \
>       apt-get install -y -f --no-install-recommends \
>               autoconf automake gdisk libtool bash-completion \
>               sudo grub2 grub-efi-amd64-bin grub-efi-ia32-bin \
> 

This one triggers in a strange way an very strange issue: Running 
debootstrap (even directly, without Isar) in this new container will 
make the container's /proc and possibly other mounts disappear.

I tried to dig down to this from the changes above but failed. I'm now 
analyzing what happens in debootstrap, and why it picks the host mounts, 
rather than that of the new rootfs. Any ideas welcome.

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux

[PATCH v2] Dockerfile.isar: Pull qemu-user-static from buster-backports

[Jan Kiszka]

From: Jan Kiszka <jan.kiszka@siemens.com>

This is needed for running fakeroot from bullseye and sid which triggers
an unimplemented syscall with the current version.

Due to changes in the new qemu-user-static package, the current approach
to activate its binfmt settings no longer works. Instead, switch to an
explicit call of the binfmt-support in init script.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---

Changes in v2:
 - fix binfmt activation
 - drop unneeded (and effectless) listing of binfmt-support for
   buster-backports

OK, this was a nice one:
 - debootstrap (of buster) creates the rootfs initially with a link of
   $target/proc -> /proc
 - later, it tries to umount $target/proc (and then sets up a proper 
   mounting via chroot) - I consider this a bug of debootstrap
 - for us, umount $target/proc, which is effectively umount /proc,
   because /proc/sys/fs/binfmt_misc is mounted
 - debootstrap ignores this error
 - but due to the issue in v1, binfmt_misc wasn't mounted, and the
   problem started...

 Dockerfile.isar | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Dockerfile.isar b/Dockerfile.isar
index 6b325f3..cde63b0 100644
--- a/Dockerfile.isar
+++ b/Dockerfile.isar
@@ -3,7 +3,9 @@
 FROM kasproject/kas:latest
 
 ENV LC_ALL=en_US.UTF-8
-RUN apt-get update && \
+RUN echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list && \
+    echo "Package: qemu-user-static\nPin: release n=buster-backports\nPin-Priority: 501\n\nPackage: *\nPin: release n=buster-backports\nPin-Priority: -1" > /etc/apt/preferences.d/qemu-user-static && \
+    apt-get update && \
     apt-get install -y -f --no-install-recommends \
             autoconf automake gdisk libtool bash-completion \
             sudo grub2 grub-efi-amd64-bin grub-efi-ia32-bin \
@@ -18,4 +20,4 @@ RUN echo "builder ALL=NOPASSWD: ALL" > /etc/sudoers.d/builder-nopasswd && \
 RUN echo "Defaults env_keep += \"ftp_proxy http_proxy https_proxy no_proxy\"" \
     > /etc/sudoers.d/env_keep && chmod 660 /etc/sudoers.d/env_keep
 
-RUN sed -i 's|#!/bin/bash|\0\n\ndpkg-reconfigure qemu-user-static 2>\&1 \| grep -v "already enabled in kernel"|' /kas/docker-entrypoint
+RUN sed -i 's|#!/bin/bash|\0\n\n/etc/init.d/binfmt-support start|' /kas/docker-entrypoint
-- 
2.26.2

Re: [PATCH v2] Dockerfile.isar: Pull qemu-user-static from buster-backports

[Henning Schild]

On Thu, 24 Sep 2020 13:12:35 +0200
"[ext] Jan Kiszka" <jan.kiszka@siemens.com> wrote:

> From: Jan Kiszka <jan.kiszka@siemens.com>
> 
> This is needed for running fakeroot from bullseye and sid which
> triggers an unimplemented syscall with the current version.
> 
> Due to changes in the new qemu-user-static package, the current
> approach to activate its binfmt settings no longer works. Instead,
> switch to an explicit call of the binfmt-support in init script.
> 
> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> ---
> 
> Changes in v2:
>  - fix binfmt activation
>  - drop unneeded (and effectless) listing of binfmt-support for
>    buster-backports
> 
> OK, this was a nice one:
>  - debootstrap (of buster) creates the rootfs initially with a link of
>    $target/proc -> /proc
>  - later, it tries to umount $target/proc (and then sets up a proper 
>    mounting via chroot) - I consider this a bug of debootstrap

Did you report that bug or are planning to do something about it?

Henning

>  - for us, umount $target/proc, which is effectively umount /proc,
>    because /proc/sys/fs/binfmt_misc is mounted
>  - debootstrap ignores this error
>  - but due to the issue in v1, binfmt_misc wasn't mounted, and the
>    problem started...
> 
>  Dockerfile.isar | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/Dockerfile.isar b/Dockerfile.isar
> index 6b325f3..cde63b0 100644
> --- a/Dockerfile.isar
> +++ b/Dockerfile.isar
> @@ -3,7 +3,9 @@
>  FROM kasproject/kas:latest
>  
>  ENV LC_ALL=en_US.UTF-8
> -RUN apt-get update && \
> +RUN echo 'deb http://deb.debian.org/debian buster-backports main' >
> /etc/apt/sources.list.d/buster-backports.list && \
> +    echo "Package: qemu-user-static\nPin: release
> n=buster-backports\nPin-Priority: 501\n\nPackage: *\nPin: release
> n=buster-backports\nPin-Priority: -1" >
> /etc/apt/preferences.d/qemu-user-static && \
> +    apt-get update && \
>      apt-get install -y -f --no-install-recommends \
>              autoconf automake gdisk libtool bash-completion \
>              sudo grub2 grub-efi-amd64-bin grub-efi-ia32-bin \
> @@ -18,4 +20,4 @@ RUN echo "builder ALL=NOPASSWD: ALL" >
> /etc/sudoers.d/builder-nopasswd && \ RUN echo "Defaults env_keep +=
> \"ftp_proxy http_proxy https_proxy no_proxy\"" \
>      > /etc/sudoers.d/env_keep && chmod 660 /etc/sudoers.d/env_keep  
>  
> -RUN sed -i 's|#!/bin/bash|\0\n\ndpkg-reconfigure qemu-user-static
> 2>\&1 \| grep -v "already enabled in kernel"|' /kas/docker-entrypoint
> 2>+RUN sed -i 's|#!/bin/bash|\0\n\n/etc/init.d/binfmt-support start|'
> 2>/kas/docker-entrypoint

Re: [PATCH v2] Dockerfile.isar: Pull qemu-user-static from buster-backports

[Jan Kiszka]

On 24.09.20 13:52, Henning Schild wrote:
> On Thu, 24 Sep 2020 13:12:35 +0200
> "[ext] Jan Kiszka" <jan.kiszka@siemens.com> wrote:
> 
>> From: Jan Kiszka <jan.kiszka@siemens.com>
>>
>> This is needed for running fakeroot from bullseye and sid which
>> triggers an unimplemented syscall with the current version.
>>
>> Due to changes in the new qemu-user-static package, the current
>> approach to activate its binfmt settings no longer works. Instead,
>> switch to an explicit call of the binfmt-support in init script.
>>
>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
>> ---
>>
>> Changes in v2:
>>   - fix binfmt activation
>>   - drop unneeded (and effectless) listing of binfmt-support for
>>     buster-backports
>>
>> OK, this was a nice one:
>>   - debootstrap (of buster) creates the rootfs initially with a link of
>>     $target/proc -> /proc
>>   - later, it tries to umount $target/proc (and then sets up a proper
>>     mounting via chroot) - I consider this a bug of debootstrap
> 
> Did you report that bug or are planning to do something about it?
> 

I've just replied to 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968927 - that fixes 
the issue, in fact.

Jan

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux