archlinux-docker issueshttps://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues2024-02-22T22:48:07Zhttps://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/101latest image hasn't been updated in 8 weeks?2024-02-22T22:48:07ZBrianlatest image hasn't been updated in 8 weeks?I thought it was meant to be updated every week?I thought it was meant to be updated every week?https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/100base-devel and multilib-devel should extend from base2024-02-22T22:47:57Zhashworkshashworks@archlinux.orgbase-devel and multilib-devel should extend from baseCurrently, we provide a rootfs tar file for every image group: `base`, `base-devel` and `multilib-devel`. This was done under the assumption that all tags of official DockerHub Library Images need to be reproducible. According to [a comm...Currently, we provide a rootfs tar file for every image group: `base`, `base-devel` and `multilib-devel`. This was done under the assumption that all tags of official DockerHub Library Images need to be reproducible. According to [a comment](https://github.com/docker-library/official-images/pull/15751#issuecomment-1832845573) of a docker-library maintainer this isn't the case (only the base image needs to be reproducible), and they decline any current merges due to the size of the weekly tags.
To reduce the load on the official library and end-users only `base` should be built with a rootfs tar file, all other image groups should extend from that (`FROM archlinux:base`).
To implement this, we need to adjust the process as follows (simplified):
* Build and release only one rootfs artifact, `base.tar.zst`
* Replace `Dockerfile.base-devel` and `Dockerfile.multilib-devel` in the [releases Branch](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/tree/releases) with the following:
* `Dockerfile.gitlab.base-devel`
* `Dockerfile.gitlab.multilib-devel`
* `Dockerfile.dockerhub.base-devel`
* `Dockerfile.dockerhub.multilib-devel`
* `Dockerfile.dockerhub-official.base-devel`
* `Dockerfile.dockerhub-official.multilib-devel`
* `Dockerfile.quay.base-devel`
* `Dockerfile.quay.multilib-devel`
* `Dockerfile.ghcr.base-devel`
* `Dockerfile.ghcr.multilib-devel`
* Adjust the official-dockerhub template Dockerfile paths
* Build the various `base-devel` and `multilib-devel` images for gitlab, dockerhub, quay and ghcr (this should benefit from the build cache)
We need two Dockerfiles for every registry, since the `FROM` line differs (`FROM quay.io/archlinux/archlinux:base-20231231.0.203775`). They can be created from the following templates:
```Dockerfile
FROM TEMPLATE_BASE_IMAGE
# Labels included in base are inherited, only the title changes
LABEL org.opencontainers.image.title="TEMPLATE_TITLE"
RUN pacman -Syu --noconfirm base-devel
```
```Dockerfile
FROM TEMPLATE_BASE_IMAGE
# Labels included in base are inherited, only the title changes
LABEL org.opencontainers.image.title="TEMPLATE_TITLE"
RUN <<EOR
echo "
#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist
[multilib]
Include = /etc/pacman.d/mirrorlist
" >> /etc/pacman.conf
EOR
RUN pacman -Syu --noconfirm multilib-devel
```hashworkshashworks@archlinux.orghashworkshashworks@archlinux.orghttps://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/99Regression with latest glibc update2023-09-08T15:40:36ZEmil VelikovRegression with latest glibc updateSeems like a recent glibc 2.37 -> 2.38 update has broken the build.
Comparing the last [successful run](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/jobs/168745) and the first [failing one](https://gitlab.archlinux.org/arch...Seems like a recent glibc 2.37 -> 2.38 update has broken the build.
Comparing the last [successful run](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/jobs/168745) and the first [failing one](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/jobs/168977) shows
```
fakechroot -- fakeroot -- chroot /builds/archlinux/[MASKED]/build /usr/bin/systemd-sysusers --root "/"
Assertion 'path_is_absolute(p)' failed at src/basic/chase.c:566, function chase(). Aborting.
```
Although the issue is most likely caused by the following packages:
Good:
```
extra/fakechroot 2.20.1-2 0.15 MiB 0.05 MiB
core/fakeroot 1.32.1-1 0.13 MiB 0.07 MiB
core/glibc 2.37-3 47.20 MiB 9.91 MiB
core/systemd 253.7-1 28.74 MiB 7.29 MiB
```
Bad:
```
extra/fakechroot 2.20.1-2 0.15 MiB 0.05 MiB
core/fakeroot 1.32.1-1 0.13 MiB 0.07 MiB
core/glibc 2.37-3 2.38-2 1.84 MiB 9.92 MiB
core/systemd 253.7-1 254-1 0.89 MiB 7.61 MiB
```https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/98Pacman hooks not run in unpriviledged containers.2023-09-08T16:00:09ZSimon N.N.Pacman hooks not run in unpriviledged containers.I'm running a `archlinux:base-devel`-derived test in gitlab-ci with docker-based ci-runners that builds a LaTeX-document.
The config roughly looks like this:
```
archlinuxRolling:
image: archlinux:base-devel
extends:
- .buildth...I'm running a `archlinux:base-devel`-derived test in gitlab-ci with docker-based ci-runners that builds a LaTeX-document.
The config roughly looks like this:
```
archlinuxRolling:
image: archlinux:base-devel
extends:
- .buildthesis
before_script:
- >
pacman -Syy && \
pacman -Syu --noconfirm && \
pacman -S --noconfirm \
texlive-meta \
texlive-lang \
biber \
perl-clone
# Ensure that biber is in PATH from now on
- source /etc/profile
# The hooks do not reliably trigger as chroot is not supported in gitlabci
# Use subshells to scope the cd /
- (cd / && /usr/share/libalpm/scripts/mktexlsr)
- (cd / && /usr/share/libalpm/scripts/texlive-language)
- (cd / && /usr/share/libalpm/scripts/texlive-fmtutil)
- (cd / && /usr/share/libalpm/scripts/texlive-updmap)
```
However, the texlive-related hooks do not work:
```
:: Running post-transaction hooks...
( 1/13) Creating system user accounts...
could not change the root directory (Operation not permitted)
( 2/13) Reloading system manager configuration...
error: command failed to execute correctly
could not change the root directory (Operation not permitted)
error: command failed to execute correctly
( 3/13) Arming ConditionNeedsUpdate...
could not change the root directory (Operation not permitted)
error: command failed to execute correctly
( 4/13) Updating the MIME type database...
could not change the root directory (Operation not permitted)
( 5/13) Updating fontconfig configuration...
error: command failed to execute correctly
could not change the root directory (Operation not permitted)
error: command failed to execute correctly
( 6/13) Updating TeXLive filename database...
could not change the root directory (Operation not permitted)
( 7/13) Updating TeXLive language files...
error: command failed to execute correctly
could not change the root directory (Operation not permitted)
( 8/13) Updating TeXLive format files...
error: command failed to execute correctly
could not change the root directory (Operation not permitted)
( 9/13) Updating TeXLive font maps...
error: command failed to execute correctly
could not change the root directory (Operation not permitted)
(10/13) Reloading system bus configuration...
error: command failed to execute correctly
could not change the root directory (Operation not permitted)
error: command failed to execute correctly
(11/13) Warn about old perl modules
could not change the root directory (Operation not permitted)
error: command failed to execute correctly
(12/13) Updating fontconfig cache...
could not change the root directory (Operation not permitted)
error: command failed to execute correctly
(13/13) Probing GDK-Pixbuf loader modules...
could not change the root directory (Operation not permitted)
error: command failed to execute correctly
```
This also happens spuriously on certain package installs:
```
installing perl-xml-sax...
could not change the root directory (Operation not permitted)
error: command failed to execute correctly
```
Full CI-Log excerpt is [attached](/uploads/1c70a3392a738ede0b627f01b655a485/buildlog)
As can be seen in the CI-job configuration, the error actually prevents hook execution, so to get a working texlive installation, I have to manually trigger the pacman hook scripts (last four lines of the CI configuration), which is quite unsatisfactory.
By cursory browsing of pacmans code, this seems to fit:
Hooks are run via [`_alpm_hook_run_hook`](https://gitlab.archlinux.org/pacman/pacman/-/blob/master/lib/libalpm/hook.c#L507), which uses `_alpm_run_chroot` to actually run hook commands, errorcodes from chroot then lead to an early exit of hook execution [here](https://gitlab.archlinux.org/pacman/pacman/-/blob/master/lib/libalpm/util.c#L657).
The calls seem unconditional, so I do not believe that there is a commandline option or similar to skip the chroot...
Other information in case this is helpful: This is running on my universities CI-runners, which run via the `gitlab-runner` packages provided from `https://packages.gitlab.com/runner/gitlab-runner/debian bullseye/main` on debian bullseye (currently version 16.2.0), running the debian-bullseye version of docker, CI-runners run as unpriveledged containers. But as this bug concerns chroot and this is a rather established systemcall, I'd assume that this is not docker-version related.
There is #56 which is vagualy related, but as the discussion there centers around `faccessat2` and friends, I opted for creating a new issue.
Thank you for reading this far and maintaining the dockercontainer in the first place :D
~ Simonhttps://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/81Force-push to existing open Docker Library MRs instead of opening new ones2023-06-26T22:06:56Zhashworkshashworks@archlinux.orgForce-push to existing open Docker Library MRs instead of opening new onesRecently I opened three concurrent MRs on the Docker Library repository and wasn't able to close them myself:
* https://github.com/docker-library/official-images/pull/14883
* https://github.com/docker-library/official-images/pull/14890
*...Recently I opened three concurrent MRs on the Docker Library repository and wasn't able to close them myself:
* https://github.com/docker-library/official-images/pull/14883
* https://github.com/docker-library/official-images/pull/14890
* https://github.com/docker-library/official-images/pull/14891
tianon / yosifkit asked if we could force push to the existing MR instead.
For this, we would need to adjust the branch name (currently contains the build date / id) and check for an existing MR.
Alternatively, the bot user could close the old MR?https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/80perl-image-exiftool not in path2023-11-25T17:24:23ZThomasperl-image-exiftool not in pathAs reported in https://bugs.archlinux.org/task/78789, perl-image-exiftool is not the path when installed in the Docker image.As reported in https://bugs.archlinux.org/task/78789, perl-image-exiftool is not the path when installed in the Docker image.https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/79Dependency Dashboard2023-12-09T22:23:36ZrenovateDependency DashboardThis issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no open or pending branches.
## Detect...This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no open or pending branches.
## Detected dependencies
<details><summary>dockerfile</summary>
<blockquote>
<details><summary>Dockerfile.template</summary>
- `alpine 3.19`
</details>
</blockquote>
</details>
<details><summary>gitlabci</summary>
<blockquote>
<details><summary>.gitlab-ci.yml</summary>
</details>
</blockquote>
</details>https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/78Dependency Dashboard2023-06-20T10:39:40ZrenovateDependency DashboardThis issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no open or pending branches.
## Detect...This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no open or pending branches.
## Detected dependencies
<details><summary>dockerfile</summary>
<blockquote>
<details><summary>Dockerfile.template</summary>
- `alpine 3.18`
</details>
</blockquote>
</details>
<details><summary>gitlabci</summary>
<blockquote>
<details><summary>.gitlab-ci.yml</summary>
</details>
</blockquote>
</details>https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/77Sign our container image with cosign2023-09-16T14:04:12ZKristian KlausenSign our container image with cosignThe ecosystem seems to be moving towards sigstore/cosign for signing artifacts. We should consider signing our container image with cosign.The ecosystem seems to be moving towards sigstore/cosign for signing artifacts. We should consider signing our container image with cosign.https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/76problem with geo.mirror.pkgbuild.com mirror2023-06-14T12:11:13ZSohrab Behdaniproblem with geo.mirror.pkgbuild.com mirrorHi
we are using Arch Linux docker image to build our distribution with GitHub actions
but recently we have this problem:
```
error: failed retrieving file 'libtirpc-1.3.3-2-x86_64.pkg.tar.zst.sig' from geo.mirror.pkgbuild.com :
error: f...Hi
we are using Arch Linux docker image to build our distribution with GitHub actions
but recently we have this problem:
```
error: failed retrieving file 'libtirpc-1.3.3-2-x86_64.pkg.tar.zst.sig' from geo.mirror.pkgbuild.com :
error: failed retrieving file 'gobject-introspection-runtime-1.76.1-3-x86_64.pkg.tar.zst' from geo.mirror.pkgbuild.com :
error: failed retrieving file 'qt5-sensors-5.15.9-1-x86_64.pkg.tar.zst.sig' from geo.mirror.pkgbuild.com :
warning: too many errors from geo.mirror.pkgbuild.com, skipping for the remainder of this transaction
```https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/75Consider adding labels with source, version etc.2023-06-08T18:45:11ZKristian KlausenConsider adding labels with source, version etc.https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#labelling-container-images and https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keyshttps://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#labelling-container-images and https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keyshttps://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/74Building fails with coreutils 9.22023-04-04T19:05:42ZKristian KlausenBuilding fails with coreutils 9.2The builds has been failing since upgrading to coreutils 9.2 (e.g. [139752](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/jobs/139752)) with:
```
cp: cannot create regular file '/builds/archlinux/archlinux-docker/build/etc/pa...The builds has been failing since upgrading to coreutils 9.2 (e.g. [139752](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/jobs/139752)) with:
```
cp: cannot create regular file '/builds/archlinux/archlinux-docker/build/etc/pacman.d/mirrorlist': File exists
```
This is a bug in coreutils which I have reported upstream [here](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=62607).https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/73Push official images to more registries (Quay, GitHub Packages)2023-09-24T17:38:22ZKristian KlausenPush official images to more registries (Quay, GitHub Packages)With the recent [Docker Hub drama](https://www.docker.com/blog/no-longer-sunsetting-the-free-team-plan/) I think it is time for some diversification and not keeping all eggs in one basket.
We should evaluate whatever it make sense to pu...With the recent [Docker Hub drama](https://www.docker.com/blog/no-longer-sunsetting-the-free-team-plan/) I think it is time for some diversification and not keeping all eggs in one basket.
We should evaluate whatever it make sense to publish to more registries like [Quay](https://quay.io/), [GitHub Packages](https://github.com/features/packages) and/or our own registry with proper tags.https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/72Is it possible to get japanese locale working inside of the docker image?2023-05-07T06:23:37Zno thanksIs it possible to get japanese locale working inside of the docker image?I need japanese locale support inside of my docker image. I found this issue from before saying that it isn't supported by the image: https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/59 which says that in order to keep th...I need japanese locale support inside of my docker image. I found this issue from before saying that it isn't supported by the image: https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/59 which says that in order to keep things small its been removed. would it be possible for you guys to ship a full arch docker image where all locales are supported? in the mean time is there anything that i can do or install to add japanese locale support?https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/71Switch from kaniko to podman2023-06-15T17:08:45Zhashworkshashworks@archlinux.orgSwitch from kaniko to podman(#70/!68) wasn't the first time kaniko created problems with the build. We should switch to podman instead.
```yaml
podman-build:
image:
name: quay.io/podman/stable
script:
- podman login -u "$CI_REGISTRY_USER" -p "$CI_REGI...(#70/!68) wasn't the first time kaniko created problems with the build. We should switch to podman instead.
```yaml
podman-build:
image:
name: quay.io/podman/stable
script:
- podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
- podman build -t "$CI_REGISTRY_IMAGE:podman" .
- podman push "$CI_REGISTRY_IMAGE:podman"
```
While we are at it - let's rename the Dockerfiles to Containerfiles.https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/70/usr/bin/passwd setuid bit got dropped in archlinux/archlinux docker image2023-06-15T14:34:34ZFlorent Thiery/usr/bin/passwd setuid bit got dropped in archlinux/archlinux docker imageI discovered that recently i had been unable to change non-root user passwords anymore in the archlinux/archlinux docker image:
```
$ docker run --rm -it archlinux/archlinux ls -l /usr/bin/passwd
-rwxr-xr-x 1 root root 51464 Jul 21 09:0...I discovered that recently i had been unable to change non-root user passwords anymore in the archlinux/archlinux docker image:
```
$ docker run --rm -it archlinux/archlinux ls -l /usr/bin/passwd
-rwxr-xr-x 1 root root 51464 Jul 21 09:07 /usr/bin/passwd
$ docker run --rm -it archlinux:latest ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 51464 Jan 27 13:47 /usr/bin/passwd
```
Trying to change the password as non-root results in the following error:
```
$ passwd
Changing password for myuser.
Current password:
passwd: Authentication service cannot retrieve authentication info
passwd: password unchanged
```https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/69Dependency Dashboard2023-06-16T10:08:29ZrenovateDependency DashboardThis issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no open or pending branches.
## Detect...This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
This repository currently has no open or pending branches.
## Detected dependencies
<details><summary>dockerfile</summary>
<blockquote>
<details><summary>Dockerfile.template</summary>
- `alpine 3.18`
</details>
</blockquote>
</details>
<details><summary>gitlabci</summary>
<blockquote>
<details><summary>.gitlab-ci.yml</summary>
- `gcr.io/kaniko-project/executor v1.11.0-debug`
</details>
</blockquote>
</details>https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/68In `os-release` set `VERSION_ID` to the build date2022-06-16T15:23:28ZMorten Linderudfoxboron@archlinux.orgIn `os-release` set `VERSION_ID` to the build dateMost distribution has a `VERSION_ID` in their containers, either being the upstream release (like Fedora 37). But I see opensuse tumbleweed has `VERSION_ID` set as the build date. I wonder if this make sense for us?
<pre>
λ ~ » podman r...Most distribution has a `VERSION_ID` in their containers, either being the upstream release (like Fedora 37). But I see opensuse tumbleweed has `VERSION_ID` set as the build date. I wonder if this make sense for us?
<pre>
λ ~ » podman run -it opensuse/tumbleweed bash
7559de5516ab:/ # cat /etc/os-release
NAME="openSUSE Tumbleweed"
# VERSION="20220413"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20220413"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:tumbleweed:20220413"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
DOCUMENTATION_URL="https://en.opensuse.org/Portal:Tumbleweed"
LOGO="distributor-logo-Tumbleweed"
</pre>https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/67pacman: error: failed to initialize alpm library2022-05-31T11:40:42Zsolo turnpacman: error: failed to initialize alpm libraryto install git and paru into an arch linux docker image, i followed https://gist.github.com/lbrame/84d445fae17ad98cd6969b30b0f118e8 to set up rootless containers, installed podman and then:
```
> podman run -it --entrypoint=bash archlin...to install git and paru into an arch linux docker image, i followed https://gist.github.com/lbrame/84d445fae17ad98cd6969b30b0f118e8 to set up rootless containers, installed podman and then:
```
> podman run -it --entrypoint=bash archlinux:base-devel
WARN[0000] Failed to decode the keys ["storage.options.override_kernel_check" "storage.options.thinpool.ostree_repo" "storage.options.thinpool.skip_mount_home"] from "/etc/containers/storage.conf".
Resolved "archlinux" as an alias (/etc/containers/registries.conf.d/00-shortnames.conf)
Trying to pull docker.io/archlinux/archlinux:base-devel...
Getting image source signatures
Copying blob e9492d1d75a7 done
Copying blob ab62f34b645b done
Copying config 7078031912 done
Writing manifest to image destination
Storing signatures
[root@868657af4ff2 /]#
[root@868657af4ff2 /]#
[root@868657af4ff2 /]# pacman
error: failed to initialize alpm library:
(root: /, dbpath: /var/lib/pacman/)
could not find or read directory
```https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/66Tags should be removed from along with the rootfs2022-04-13T16:12:15Zhashworkshashworks@archlinux.orgTags should be removed from along with the rootfsIn !57 @klausenbusk added a cleanup job for the package registry: rootfs older than 60 days are removed. We should do that for the tags as well, currently we store over 500 tags without a reason to do so.In !57 @klausenbusk added a cleanup job for the package registry: rootfs older than 60 days are removed. We should do that for the tags as well, currently we store over 500 tags without a reason to do so.