Page MenuHomePhabricator
Create Task
Maniphest T273942

sbuild isn't behaving well in tools
Closed, ResolvedPublic
Actions

Description

Today, we noticed that the sbuild toolchain on tools-package-builder-02 seems to have developed some kind of bug. It cannot chown the chroot to <user>:sbuild. This is strange because the only place that doesn't work when done directly by hand is on an NFS dir, and the build dir should be on the instance disk.

For testing and comparison, I built a new tools-package-builder-03 using buster (and no NFS at all--so changing at least 10 variables in terms of build toolchain), and that seems to be happier except that the autotest/m4-based testsuite attached to toollabs completely fails. The latter may have been something silly I did as well, but you never know. I have not tried rebuilding the stretch version, partly because it was showing some odd issues like the pins no longer being valid (partly because the upstream module pins everything to stretch-backports).

Details

SubjectRepoBranchLines +/-
toolforge: wmcs-package-build.py: use sudo in the sbuild calloperations/puppetproduction+3 -1
Customize query in gerrit

Event Timeline

Bstorm triaged this task as Medium priority.Feb 5 2021, 12:56 AM
Bstorm created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 5 2021, 12:56 AM
Bstorm added a comment.Feb 5 2021, 12:56 AM

I've deployed the new version of toollabs (jobutils/miscutils) to toolsbeta using the debuild whatnot for now.

aborrero claimed this task.Feb 5 2021, 11:10 AM
aborrero moved this task from Inbox to Soon! on the cloud-services-team (Kanban) board.
aborrero added a comment.Apr 20 2021, 11:14 AM

The newer sbuild deployment (buster based) works well, but still shows the following:

  • when building a package via our script, it eventually fails in the final build step (dpkg-deb call) with a permissions error
  • I contacted some debian people and they think this is a bug. The schroot used by sbuild 'embeds' the uid/gid from the base system, but the base system uses LDAP, so there is something weird there
  • I was asked to submit a bug report, but when I was about to do it I noticed there are newer versions of sbuild in the debian archive (testing bullseye and also sid).

So next step would be for me to test the newer stack from testing bullseye (or even sid) and see if that solves the issue. If not, then submit a formal bug report to debian.

aborrero removed aborrero as the assignee of this task.Jul 21 2021, 3:46 PM
aborrero claimed this task.Sep 9 2021, 4:34 PM
aborrero raised the priority of this task from Medium to High.
aborrero moved this task from Soon! to Doing on the cloud-services-team (Kanban) board.
Stashbot added a comment.Sep 10 2021, 7:54 AM

Mentioned in SAL (#wikimedia-cloud) [2021-09-10T07:54:17Z] <arturo> created bullseye VM tools-package-builder-04 (T273942)

aborrero added a comment.Sep 10 2021, 9:59 AM

The sbuild version in bullseye shows the same error:

dpkg-deb: building package 'toollabs-webservice' in '../toollabs-webservice_0.76_all.deb'.
dpkg-deb: error: unable to create '../toollabs-webservice_0.76_all.deb': Permission denied
aborrero added a comment.Sep 10 2021, 10:51 AM

Submitted bug report to debian: https://bugs.debian.org/994034

gerritbot added a comment.Sep 10 2021, 11:42 AM

Change 720284 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] toolforge: wmcs-package-build.py: use sudo in the sbuild call

https://gerrit.wikimedia.org/r/720284

gerritbot added a project: Patch-For-Review.Sep 10 2021, 11:42 AM
aborrero added a comment.EditedSep 10 2021, 11:51 AM
In T273942#7344374, @gerritbot wrote:

Change 720284 had a related patch set uploaded (by Arturo Borrero Gonzalez; author: Arturo Borrero Gonzalez):

[operations/puppet@production] toolforge: wmcs-package-build.py: use sudo in the sbuild call

https://gerrit.wikimedia.org/r/720284

With this patch I can build a package!

arturo@endurance:~/git/wmf/operations/puppet$ modules/toolforge/files/wmcs-package-build.py --git-repo https://gerrit.wikimedia.org/r/operations/software/tools-webservice --build-dist stretch
[..]
+------------------------------------------------------------------------------+
| Summary                                                                      |
+------------------------------------------------------------------------------+

Build Architecture: amd64
Build Type: binary
Build-Space: 1288
Build-Time: 6
Distribution: stretch
Host Architecture: amd64
Install-Time: 45
Job: /tmp/wmcs-package-build-rjfpw/toollabs-webservice_0.76.dsc
Lintian: warn
Machine Architecture: amd64
Package: toollabs-webservice
Package-Time: 55
Source-Version: 0.76
Space: 1288
Status: successful
Version: 0.76
--------------------------------------------------------------------------------
Finished at 2021-09-10T11:49:46Z
Build needed 00:00:55, 1288k disk space
INFO: wmcs-package-build.py: Not copying .deb files because --aptly-dist was not set
INFO: wmcs-package-build.py: Not running aptly stage because --aptly-dist was not set
INFO: wmcs-package-build.py: Not running backup stage because --aptly-dist was not set

And in the newer VM:

arturo@endurance:~/git/wmf/operations/puppet$ modules/toolforge/files/wmcs-package-build.py --git-repo https://gerrit.wikimedia.org/r/operations/software/tools-webservice --build-dist stretch --build-host tools-package-builder-04.tools.eqiad1.wikimedia.cloud
[..]
+------------------------------------------------------------------------------+
| Summary                                                                      |
+------------------------------------------------------------------------------+

Build Architecture: amd64
Build Type: binary
Build-Space: 1300
Build-Time: 5
Distribution: stretch
Host Architecture: amd64
Install-Time: 42
Job: /tmp/wmcs-package-build-veqpg/toollabs-webservice_0.76.dsc
Lintian: warn
Machine Architecture: amd64
Package: toollabs-webservice
Package-Time: 49
Source-Version: 0.76
Space: 1300
Status: successful
Version: 0.76
--------------------------------------------------------------------------------
Finished at 2021-09-10T11:42:02Z
Build needed 00:00:49, 1300k disk space
INFO: wmcs-package-build.py: Not copying .deb files because --aptly-dist was not set
INFO: wmcs-package-build.py: Not running aptly stage because --aptly-dist was not set
INFO: wmcs-package-build.py: Not running backup stage because --aptly-dist was not set
gerritbot added a comment.Sep 10 2021, 11:53 AM

Change 720284 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] toolforge: wmcs-package-build.py: use sudo in the sbuild call

https://gerrit.wikimedia.org/r/720284

aborrero closed this task as Resolved.Sep 10 2021, 11:54 AM

I think we can live with our small sudo patch until they find a proper solution upstream. Closing this now (finally!!)

Maintenance_bot removed a project: Patch-For-Review.Sep 10 2021, 12:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL