subject:"Bug#960969\: sbuild\: fail to work in unshare mode"

Bug#960969: sbuild: fail to work in unshare mode

2020-07-09 Thread Johannes Schauer

Hi,

On Mon, 18 May 2020 23:29:49 +0200 Aurelien Jarno  wrote:
> I have tried to get sbuild working in unshare mode. Here are the steps I
> have followed, from what I understood they should be sufficient:
> 
> sudo sysctl kernel.unprivileged_userns_clone=1
> sbuild-createchroot --chroot-mode=unshare --make-sbuild-tarball 
> ~/.cache/sbuild/sid-amd64.tar.gz sid `mktemp -d` http://deb.debian.org/debian/
> sbuild -d sid hello
> 
> The last step is unsuccessful, it seems to fail to execute any comment.
> I have attached the output of the last command running with debug in
> case it could help.

this sounds very similar to what is described in #950684 which is now
(hopefully) fixed in git. I never got to reproduce #950684 on my own system and
similarly, I also am unable to reproduce your problem. Thus, it would be
helpful if you could clone the git repository and from the master branch
execute:

$ PERL5LIB=$(pwd)/lib bin/sbuild-createchroot --chroot-mode=unshare 
--make-sbuild-tarball ~/.cache/sbuild/sid-amd64.tar.gz sid `mktemp -d` 
http://deb.debian.org/debian/
$ PERL5LIB=$(pwd)/lib bin/sbuild --chroot-mode=unshare -d sid hello

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#960969: sbuild: fail to work in unshare mode

2020-05-19 Thread Aurelien Jarno

On 2020-05-18 23:29, Aurelien Jarno wrote:
> Package: sbuild
> Version: 0.79.1-1
> Severity: normal
> 
> Hi,
> 
> I have tried to get sbuild working in unshare mode. Here are the steps I
> have followed, from what I understood they should be sufficient:
> 
> sudo sysctl kernel.unprivileged_userns_clone=1
> sbuild-createchroot --chroot-mode=unshare --make-sbuild-tarball 
> ~/.cache/sbuild/sid-amd64.tar.gz sid `mktemp -d` http://deb.debian.org/debian/
> sbuild -d sid hello
> 
> The last step is unsuccessful, it seems to fail to execute any comment.
> I have attached the output of the last command running with debug in
> case it could help.

I realized I have forgotten the log. Please find it attached. 

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net
buildd@scratch:~$ sbuild -D -d sid hello
Selected distribution sid
D: Setting Config=Sbuild::ConfBase=HASH(0x561acae63650)
D: Setting ABORT=undef
D: Setting Job=hello
D: Setting Build Dir=
D: Setting Max Lock Trys=120
D: Setting Lock Interval=5
D: Setting Pkg Status=pending
D: Setting Pkg Status Trigger=undef
D: Setting Pkg Start Time=0
D: Setting Pkg End Time=0
D: Setting Pkg Fail Stage=init
D: Setting Build Start Time=0
D: Setting Build End Time=0
D: Setting Install Start Time=0
D: Setting Install End Time=0
D: Setting This Time=0
D: Setting This Space=0
D: Setting Sub Task=initialisation
D: Setting Config=Sbuild::ConfBase=HASH(0x561acae63650)
D: Setting Session ID=
D: Setting Chroot ID=/
D: Setting Defaults=HASH(0x561acc941e98)
D: Setting Split=1
D: Setting Split=0
D: Setting Host=Sbuild::ChrootRoot=HASH(0x561acc91f528)
D: Setting Priority=0
D: Setting Location=/
D: Setting Session Purged=0
D: Setting Session=undef
D: Setting Dependency Resolver=undef
D: Setting Log File=undef
D: Setting Log Stream=undef
D: Setting Summary Stats=HASH(0x561acae994a0)
D: Setting dpkg-buildpackage pid=undef
D: Setting Dpkg Version=undef
D: Setting DSC: hello
D: Setting DSC=hello
D: Setting Source Dir=.
D: Setting DSC Base=hello
D: DSC = hello
D: Source Dir = .
D: DSC Base = hello
D: Setting Package=hello
D: Setting Pkg Status Trigger=CODE(0x561acc8eff48)
D: Setting Pkg Status=building
D: Setting Pkg Start Time=1589819682
D: Setting Pkg End Time=1589819682
D: Setting Host Arch=amd64
D: Setting Build Arch=amd64
D: Setting Build Profiles=
D: Setting Build Type=binary
D: Setting FILTER_PREFIX=__SBUILD_FILTER_17161:
D: Setting COLOUR_PREFIX=__SBUILD_COLOUR_17161:
D: Setting Log File=/home/buildd/hello_amd64-2020-05-18T16:34:42Z.build
D: Setting Log Stream=GLOB(0x561acae63470)
sbuild (Debian sbuild) 0.79.1 (22 April 2020) on scratch.local

+==+
| hello (amd64)Mon, 18 May 2020 16:34:42 + |
+==+

Package: hello
Distribution: sid
Machine Architecture: amd64
Host Architecture: amd64
Build Architecture: amd64
Build Type: binary

D: Setting Config=Sbuild::ConfBase=HASH(0x561acae63650)
D: Setting Chroots=HASH(0x561acc959ed8)
D: Setting Chroots=HASH(0x561acc936a60)
D: Setting Config=Sbuild::ConfBase=HASH(0x561acae63650)
D: Setting Session ID=
D: Setting Chroot ID=chroot:sid-amd64
D: Setting Defaults=HASH(0x561acc9424b0)
D: Setting Chroots=Sbuild::ChrootInfoUnshare=HASH(0x561acc959ae8)
D: Setting Uid Gid Map=ARRAY(0x561acc4728a0)
running perl -e require 'syscall.ph';pipe my $rfh, my $wfh;my $ppid = $$;my 
$cpid = fork() // die "fork() failed: $!";if ($cpid == 0) {close $wfh;0 == 
sysread $rfh, my $c, 1 or die "read() did not receive EOF";0 == system 
"newuidmap $ppid  0 1
001 1 1 362144 1" or die "newuidmap failed: $!";0 == system "newgidmap $ppid  0 
1001 1 1 362144 1" or die "newgidmap failed: $!";exit 0;}0 == syscall 
_unshare, 268435456 or die "unshare() failed: $!";close $wfh;$cpid == 
waitpid $cpid, 0 or
 die "waitpid() failed: $!";if ($? != 0) {die "child had a non-zero exit 
status: $?";}0 == syscall _setgid, 0 or die "setgid failed: $!";0 == 
syscall _setuid, 0 or die "setuid failed: $!";0 == syscall _setgroups, 
0, 0 or die "setgr
oups failed: $!";exec { $ARGV[0] } @ARGV or die "exec() failed: $!"; chown 1:1 
/tmp/tmp.sbuild.N0MotTGkfZ
Unpacking /home/buildd/.cache/sbuild/sid-amd64.tar.gz to 
/tmp/tmp.sbuild.N0MotTGkfZ...
running perl -e require 'syscall.ph';pipe my $rfh, my $wfh;my $ppid = $$;my 
$cpid = fork() // die "fork() failed: $!";if ($cpid == 0) {close $wfh;0 == 
sysread $rfh, my $c, 1 or die "read() did not receive EOF";0 == system 
"newuidmap $ppid  0 3
62144 65536" or die "newuidmap failed: $!";0 == system "newgidmap $ppid  0 
362144 65536" or die "newgidmap failed: $!";exit 0;}0 == syscall _unshare, 
268435456 or die "unshare() failed: $!";close $wfh;$cpid == waitpid $cpid, 0 or 
die "wait
pid() failed: $!";if ($? != 0) {die "child had a non-zero exit status: $?";}0 
== syscall _setgid, 0 or die "setgid failed:

Bug#960969: sbuild: fail to work in unshare mode

2020-05-18 Thread Aurelien Jarno

Package: sbuild
Version: 0.79.1-1
Severity: normal

Hi,

I have tried to get sbuild working in unshare mode. Here are the steps I
have followed, from what I understood they should be sufficient:

sudo sysctl kernel.unprivileged_userns_clone=1
sbuild-createchroot --chroot-mode=unshare --make-sbuild-tarball 
~/.cache/sbuild/sid-amd64.tar.gz sid `mktemp -d` http://deb.debian.org/debian/
sbuild -d sid hello

The last step is unsuccessful, it seems to fail to execute any comment.
I have attached the output of the last command running with debug in
case it could help.

I have also tried to unpack the tarball and run the following command:
unshare -f -U -r -p -m --mount-proc -R sid

It works find, so it seems to show that the chroot creating is not
totally broken.

Thanks,
Aurelien

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.6.0-1-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#960969: sbuild: fail to work in unshare mode

Bug#960969: sbuild: fail to work in unshare mode

Bug#960969: sbuild: fail to work in unshare mode

3 matches

Site Navigation

Mail list logo

Footer information