* [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io
@ 2021-11-02 23:17 Mimi Zohar
2021-11-02 23:23 ` Vitaly Chikunov
0 siblings, 1 reply; 5+ messages in thread
From: Mimi Zohar @ 2021-11-02 23:17 UTC (permalink / raw)
To: linux-integrity; +Cc: Mimi Zohar, Petr Vorel, Vitaly Chikunov
Instead of returning an image, it prompts for a response. Hardcode
to use docker.io.
Please select an image:
▸ docker.io/library/alt:sisyphus
quay.io/alt:sisyphus
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
.travis.yml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 42853e16bfee..3836befe0bae 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -68,7 +68,7 @@ matrix:
compiler: gcc
- os: linux
- env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host"
+ env: REPO="docker.io/library" DISTRO=${REPO}/alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host"
compiler: gcc
before_install:
@@ -92,6 +92,7 @@ before_install:
- $CONTAINER build $CONTAINER_ARGS -t ima-evm-utils .
script:
- - INSTALL="${DISTRO%%:*}"
+ - INSTALL="${DISTRO#${REPO}/}"
+ - INSTALL="${INSTALL%%:*}"
- INSTALL="${INSTALL%%/*}"
- $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" ./tests/install-openssl3.sh; fi && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || if which tssstartup; then ./tests/install-swtpm.sh; fi; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh"
--
2.27.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io
2021-11-02 23:17 [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io Mimi Zohar
@ 2021-11-02 23:23 ` Vitaly Chikunov
2021-11-03 0:32 ` Mimi Zohar
0 siblings, 1 reply; 5+ messages in thread
From: Vitaly Chikunov @ 2021-11-02 23:23 UTC (permalink / raw)
To: Mimi Zohar; +Cc: linux-integrity, Petr Vorel
Mimi,
On Tue, Nov 02, 2021 at 07:17:42PM -0400, Mimi Zohar wrote:
> Instead of returning an image, it prompts for a response. Hardcode
> to use docker.io.
>
> Please select an image:
> ▸ docker.io/library/alt:sisyphus
> quay.io/alt:sisyphus
>
> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> ---
> .travis.yml | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/.travis.yml b/.travis.yml
> index 42853e16bfee..3836befe0bae 100644
> --- a/.travis.yml
> +++ b/.travis.yml
> @@ -68,7 +68,7 @@ matrix:
> compiler: gcc
>
> - os: linux
> - env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host"
> + env: REPO="docker.io/library" DISTRO=${REPO}/alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host"
I wonder why podman is used in this case.
Thanks,
> compiler: gcc
>
> before_install:
> @@ -92,6 +92,7 @@ before_install:
> - $CONTAINER build $CONTAINER_ARGS -t ima-evm-utils .
>
> script:
> - - INSTALL="${DISTRO%%:*}"
> + - INSTALL="${DISTRO#${REPO}/}"
> + - INSTALL="${INSTALL%%:*}"
> - INSTALL="${INSTALL%%/*}"
> - $CONTAINER run $CONTAINER_ARGS -t ima-evm-utils /bin/sh -c "if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./ci/$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./ci/$INSTALL.sh && if [ "$COMPILE_SSL" ]; then COMPILE_SSL="$COMPILE_SSL" ./tests/install-openssl3.sh; fi && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || if which tssstartup; then ./tests/install-swtpm.sh; fi; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ./build.sh"
> --
> 2.27.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io
2021-11-02 23:23 ` Vitaly Chikunov
@ 2021-11-03 0:32 ` Mimi Zohar
2021-11-03 1:09 ` Mimi Zohar
2021-11-03 15:03 ` Vitaly Chikunov
0 siblings, 2 replies; 5+ messages in thread
From: Mimi Zohar @ 2021-11-03 0:32 UTC (permalink / raw)
To: Vitaly Chikunov; +Cc: linux-integrity, Petr Vorel
On Wed, 2021-11-03 at 02:23 +0300, Vitaly Chikunov wrote:
> Mimi,
>
> On Tue, Nov 02, 2021 at 07:17:42PM -0400, Mimi Zohar wrote:
> > Instead of returning an image, it prompts for a response. Hardcode
> > to use docker.io.
> >
> > Please select an image:
> > ▸ docker.io/library/alt:sisyphus
> > quay.io/alt:sisyphus
> >
> > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > ---
> > .travis.yml | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/.travis.yml b/.travis.yml
> > index 42853e16bfee..3836befe0bae 100644
> > --- a/.travis.yml
> > +++ b/.travis.yml
> > @@ -68,7 +68,7 @@ matrix:
> > compiler: gcc
> >
> > - os: linux
> > - env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host"
> > + env: REPO="docker.io/library" DISTRO=${REPO}/alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host"
>
> I wonder why podman is used in this case.
We were seeing issues on Alpine, Fedora, and Alt. Changing to podman
fixed them. For example on Alt, we started seeing the following, but
openssl-gost was installed. [1]
+ control openssl-gost
control: No such facility: openssl-gost
I've reverted the commit, but I don't have access to the public travis.
I've asked Stefan to trigger travis and am waiting for the results.
Mimi
[1]
https://app.travis-ci.com/github/stefanberger/ima-evm-utils/jobs/545999661
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io
2021-11-03 0:32 ` Mimi Zohar
@ 2021-11-03 1:09 ` Mimi Zohar
2021-11-03 15:03 ` Vitaly Chikunov
1 sibling, 0 replies; 5+ messages in thread
From: Mimi Zohar @ 2021-11-03 1:09 UTC (permalink / raw)
To: Vitaly Chikunov; +Cc: linux-integrity, Petr Vorel
Hi Vitaly,
On Tue, 2021-11-02 at 20:32 -0400, Mimi Zohar wrote:
> On Wed, 2021-11-03 at 02:23 +0300, Vitaly Chikunov wrote:
> > Mimi,
> >
> > On Tue, Nov 02, 2021 at 07:17:42PM -0400, Mimi Zohar wrote:
> > > Instead of returning an image, it prompts for a response. Hardcode
> > > to use docker.io.
> > >
> > > Please select an image:
> > > ▸ docker.io/library/alt:sisyphus
> > > quay.io/alt:sisyphus
> > >
> > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > > ---
> > > .travis.yml | 5 +++--
> > > 1 file changed, 3 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/.travis.yml b/.travis.yml
> > > index 42853e16bfee..3836befe0bae 100644
> > > --- a/.travis.yml
> > > +++ b/.travis.yml
> > > @@ -68,7 +68,7 @@ matrix:
> > > compiler: gcc
> > >
> > > - os: linux
> > > - env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host"
> > > + env: REPO="docker.io/library" DISTRO=${REPO}/alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host"
> >
> > I wonder why podman is used in this case.
>
> We were seeing issues on Alpine, Fedora, and Alt. Changing to podman
> fixed them. For example on Alt, we started seeing the following, but
> openssl-gost was installed. [1]
>
> + control openssl-gost
> control: No such facility: openssl-gost
>
> I've reverted the commit, but I don't have access to the public travis.
> I've asked Stefan to trigger travis and am waiting for the results.
All three are still failing, but differently than before [2].
Mimi
>
> [1]
> https://app.travis-ci.com/github/stefanberger/ima-evm-utils/jobs/545999661
[2]
https://app.travis-ci.com/github/stefanberger/ima-evm-utils/builds/241072887
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io
2021-11-03 0:32 ` Mimi Zohar
2021-11-03 1:09 ` Mimi Zohar
@ 2021-11-03 15:03 ` Vitaly Chikunov
1 sibling, 0 replies; 5+ messages in thread
From: Vitaly Chikunov @ 2021-11-03 15:03 UTC (permalink / raw)
To: Mimi Zohar; +Cc: linux-integrity, Dmitry V. Levin
Mimi,
On Tue, Nov 02, 2021 at 08:32:30PM -0400, Mimi Zohar wrote:
> On Wed, 2021-11-03 at 02:23 +0300, Vitaly Chikunov wrote:
> > On Tue, Nov 02, 2021 at 07:17:42PM -0400, Mimi Zohar wrote:
> > > Instead of returning an image, it prompts for a response. Hardcode
> > > to use docker.io.
> > >
> > > Please select an image:
> > > ▸ docker.io/library/alt:sisyphus
> > > quay.io/alt:sisyphus
> > >
> > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
> > > ---
> > > .travis.yml | 5 +++--
> > > 1 file changed, 3 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/.travis.yml b/.travis.yml
> > > index 42853e16bfee..3836befe0bae 100644
> > > --- a/.travis.yml
> > > +++ b/.travis.yml
> > > @@ -68,7 +68,7 @@ matrix:
> > > compiler: gcc
> > >
> > > - os: linux
> > > - env: DISTRO=alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host"
> > > + env: REPO="docker.io/library" DISTRO=${REPO}/alt:sisyphus TSS=libtpm2-tss-devel CONTAINER=podman CONTAINER_ARGS="--runtime=/usr/bin/crun --network=host"
> >
> > I wonder why podman is used in this case.
>
> We were seeing issues on Alpine, Fedora, and Alt. Changing to podman
> fixed them. For example on Alt, we started seeing the following, but
> openssl-gost was installed. [1]
>
> + control openssl-gost
> control: No such facility: openssl-gost
Now I realize that podman is used to workaround incorrect seccomp
filtering of faccessat2 syscall in old Docker (with EPERM instead of
ENOSYS). This problem is still not fixed in bionic Travis instances,
causing "control: No such facility" errors.
Thanks,
>
> I've reverted the commit, but I don't have access to the public travis.
> I've asked Stefan to trigger travis and am waiting for the results.
>
> Mimi
>
> [1]
> https://app.travis-ci.com/github/stefanberger/ima-evm-utils/jobs/545999661
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-11-03 15:03 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-02 23:17 [PATCH ima-evm-utils] travis: use alt:sisyphus from docker.io Mimi Zohar
2021-11-02 23:23 ` Vitaly Chikunov
2021-11-03 0:32 ` Mimi Zohar
2021-11-03 1:09 ` Mimi Zohar
2021-11-03 15:03 ` Vitaly Chikunov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox