Page MenuHomePhabricator
Create Task
Maniphest T352089

Error from using ASP v0.1.3; attempted `apt-get update` in 'step_script' fails
Closed, ResolvedPublic
Actions

Description

Behaviour before, on v0.1.2:

Updated submodules
Entering 'function-schemata'
Entering 'function-schemata'
Downloading artifacts
00:01
Downloading artifacts for build-coverage-report (165312)...
Downloading artifacts from coordinator... ok        host=gitlab.wikimedia.org id=165312 responseStatus=200 OK token=64_mgisq
Executing "step_script" stage of the job script
00:13
$ # check if alternative tool options were specified calling gitlab-ci.yml file # collapsed multi-line command
go: downloading github.com/google/osv-scanner v1.4.3
…

Behaviour now, on v0.1.3:

Updated submodules
Entering 'function-schemata'
Entering 'function-schemata'
Downloading artifacts
00:01
Downloading artifacts for build-coverage-report (169444)...
Downloading artifacts from coordinator... ok        host=gitlab.wikimedia.org id=169444 responseStatus=200 OK token=64_kWhb3
Executing "step_script" stage of the job script
00:00
$ apt-get update -yqq && apt-get install -yqq ca-certificates curl git
E: List directory /var/lib/apt/lists/partial is missing. - Acquire (13: Permission denied)
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:5 and /etc/apt/sources.list.d/bullseye-backports.list:1
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:5 and /etc/apt/sources.list.d/bullseye-backports.list:1
W: Target Packages (contrib/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:5 and /etc/apt/sources.list.d/bullseye-backports.list:1
W: Target Packages (contrib/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:5 and /etc/apt/sources.list.d/bullseye-backports.list:1
$ # check if alternative tool options were specified calling gitlab-ci.yml file # collapsed multi-line command
$ # install go (1.21) # collapsed multi-line command
/scripts-1284-169451/step_script: line 161: curl: command not found

This particular one looks like it was added in af06eb20bc81894a7878183832e2eb0c1982d314 but the general apt-get came from this refactor where previously the nodejs ones didn't run this?

Related Objects

Event Timeline

Jdforrester-WMF created this task.Nov 27 2023, 7:55 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 27 2023, 7:55 PM
Jdforrester-WMF updated the task description. (Show Details)Nov 27 2023, 7:58 PM
Jdforrester-WMF added a comment.Nov 27 2023, 8:00 PM

Alternatively, is there something we need to add to our CI config to make blubber OK with the apt-get? Something like insecure: true in one of the YAML files, IIRC?

sbassett changed the task status from Open to In Progress.EditedNov 27 2023, 8:54 PM
sbassett claimed this task.
sbassett triaged this task as High priority.
sbassett added projects: Security-Team, SecTeam-Processed.
sbassett moved this task from Incoming to In Progress on the Security-Team board.
sbassett added a project: user-sbassett.
sbassett moved this task from Backlog to In Progress on the user-sbassett board.

As discussed within Slack, it looks like this was due to the Security-Team's somewhat-clandestine design change to prefer more basic debian images for these CI includes, e.g. bookworm:*.

sbassett mentioned this in T351263: Pin OSV to v1.4.2 (not v1.4.3) until v1.5.0 comes out?.Nov 27 2023, 10:06 PM
Jdforrester-WMF added a comment.Nov 28 2023, 2:44 PM

Thanks! Not sure who else is using, and if any docs need updating, but happy to declare this Resolved from our POV.

sbassett added a comment.Nov 28 2023, 6:12 PM
In T352089#9363648, @Jdforrester-WMF wrote:

Thanks! Not sure who else is using, and if any docs need updating, but happy to declare this Resolved from our POV.

Great. We have doc updates as tracked milestones for this quarter, which I'm hopeful can be completed soon. And at the end of this quarter, we'll likely tag a 0.1.4 release.

sbassett closed this task as Resolved.Dec 6 2023, 4:14 PM
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.
sbassett moved this task from In Progress to Done on the user-sbassett board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL