Build scripts are fragile (wrong arch in systemd-nspawn)

[rickysarraf]

Hello Simon,

The build scripts (install-build-deps.sh) seem to be using the wrong switch the determine the architecture, which results in build failure.

rrs@learner:~/rrs-home/Community/linux-upstream_GIT (master)$ uname -p
unknown
2017-01-06 / 20:41:36 ♒♒♒  ☺  

rrs@learner:~/rrs-home/Community/linux-upstream_GIT (master)$ uname -m
x86_64
2017-01-06 / 20:41:44 ♒♒♒  ☺  

libtool is already the newest version (2.4.6-2).
libtool set to manually installed.
liblz4-dev is already the newest version (0.0~r131-2).
make is already the newest version (4.1-9).
libssl-dev is already the newest version (1.1.0c-2).
liblzma-dev is already the newest version (5.2.2-1.2).
zsync is already the newest version (0.6.2-2).
git is already the newest version (1:2.11.0-2).
0 upgraded, 0 newly installed, 0 to remove and 192 not upgraded.
cp: cannot create regular file '/usr/lib/unknown-linux-gnu/pkgconfig/': No such file or directory

[probonopd]

Interesting. On my system (ubuntu-16.04-desktop-amd64.iso),

me@host:~$ uname -p
x86_64
me@host:~$ uname -m
x86_64

What is your system?

[rickysarraf]

It is Debian Sid/Unstable s3nt fr0m a $martph0ne, excuse typ0s

…

On 06-Jan-2017 21:05, "probonopd" ***@***.***> wrote: Interesting. On my system (ubuntu-16.04-desktop-amd64.iso), ***@***.***:~$ uname -p x86_64 ***@***.***:~$ uname -m x86_64 What is your system? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#325 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAD_yJxgit3zr9xCVBlBKTImGhw0YkTPks5rPl8ugaJpZM4LczJN> .

[rickysarraf]

I forgot to add that there are git cloning issues too. Can you please change them to plain git urls ?
Otherwise cloning anonymously doesn't work.

root@deb-template:/var/tmp/lxc/appimage# bash build.sh 
68b329da9893e34099c7d8ad5cb9c940  -
+++ readlink -f build.sh
++ dirname /var/tmp/lxc/appimage/build.sh
+ HERE=/var/tmp/lxc/appimage
+++ readlink -f build.sh
++ dirname /var/tmp/lxc/appimage/build.sh
+ HERE=/var/tmp/lxc/appimage
+ which git
+ git submodule init
+ git submodule update
Cloning into '/var/tmp/lxc/appimage/squashfs-tools'...
fatal: unable to access 'https://github.com/AppImage/squashfs-tools.git/': Problem with the SSL CA cert (path? access rights?)
fatal: clone of 'https://github.com/AppImage/squashfs-tools.git' into submodule path '/var/tmp/lxc/appimage/squashfs-tools' failed
Failed to clone 'squashfs-tools'. Retry scheduled
Cloning into '/var/tmp/lxc/appimage/squashfuse'...
fatal: unable to access 'https://github.com/vasi/squashfuse.git/': Problem with the SSL CA cert (path? access rights?)
fatal: clone of 'https://github.com/vasi/squashfuse.git' into submodule path '/var/tmp/lxc/appimage/squashfuse' failed
Failed to clone 'squashfuse'. Retry scheduled
Cloning into '/var/tmp/lxc/appimage/squashfs-tools'...
fatal: unable to access 'https://github.com/AppImage/squashfs-tools.git/': Problem with the SSL CA cert (path? access rights?)
fatal: clone of 'https://github.com/AppImage/squashfs-tools.git' into submodule path '/var/tmp/lxc/appimage/squashfs-tools' failed
Failed to clone 'squashfs-tools' a second time, aborting
root@deb-template:/var/tmp/lxc/appimage# 

[probonopd]

@rickysarraf looks like you are running this in a LXC container?

Could it be that your SSL CA certs are missing? And possibly LXC mixes up the uname output?

[rickysarraf]

Not LXC, but systemd-nspawn. The name got stuck because I was using lxc before nspawn came.

The uname output is from bare machine.

pi@pi:~$ uname -p
unknown
pi@pi:~$ uname -a
Linux pi 4.4.38-v7+ #938 SMP Thu Dec 15 15:22:21 GMT 2016 armv7l GNU/Linux


rrs@chutzpah:~/Community$ uname -p
unknown
14:48 ______   _    
rrs@chutzpah:~/Community$ uname -m
x86_64
14:48 ______   _    


rrs@drupal:~$ uname -p
unknown
rrs@drupal:~$ uname -a
Linux drupal 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux

My RPi, my cloud instance and my secondary machine; all have the same output. It could very well be that this is a bug in the Debian package, and something Ubuntu may have detected and fixed.

On the other hand, the manpage mentions a different story.

‘-p’
‘--processor’
     Print the processor type (sometimes called the instruction set
     architecture or ISA). Print ‘unknown’ if this information is not
     available.  Note this is non-portable (even across GNU/Linux
     distributions).

I think, when using https, github expects you to have an account configured. And that error may be misleading, because I get the same message over http too.

root@deb-template:/var/tmp/lxc/appimage# bash build.sh 
68b329da9893e34099c7d8ad5cb9c940  -
+++ readlink -f build.sh
++ dirname /var/tmp/lxc/appimage/build.sh
+ HERE=/var/tmp/lxc/appimage
+++ readlink -f build.sh
++ dirname /var/tmp/lxc/appimage/build.sh
+ HERE=/var/tmp/lxc/appimage
+ which git
+ git submodule init
Submodule 'squashfs-tools' (http://github.com/AppImage/squashfs-tools.git) registered for path 'squashfs-tools'
Submodule 'squashfuse' (http://github.com/vasi/squashfuse.git) registered for path 'squashfuse'
+ git submodule update
Cloning into '/var/tmp/lxc/appimage/squashfs-tools'...
fatal: unable to access 'https://github.com/AppImage/squashfs-tools.git/': Problem with the SSL CA cert (path? access rights?)
fatal: clone of 'http://github.com/AppImage/squashfs-tools.git' into submodule path '/var/tmp/lxc/appimage/squashfs-tools' failed
Failed to clone 'squashfs-tools'. Retry scheduled
Cloning into '/var/tmp/lxc/appimage/squashfuse'...
fatal: unable to access 'https://github.com/vasi/squashfuse.git/': Problem with the SSL CA cert (path? access rights?)
fatal: clone of 'http://github.com/vasi/squashfuse.git' into submodule path '/var/tmp/lxc/appimage/squashfuse' failed
Failed to clone 'squashfuse'. Retry scheduled
Cloning into '/var/tmp/lxc/appimage/squashfs-tools'...
fatal: unable to access 'https://github.com/AppImage/squashfs-tools.git/': Problem with the SSL CA cert (path? access rights?)
fatal: clone of 'http://github.com/AppImage/squashfs-tools.git' into submodule path '/var/tmp/lxc/appimage/squashfs-tools' failed
Failed to clone 'squashfs-tools' a second time, aborting
root@deb-template:/var/tmp/lxc/appimage# 

From a distribution packaging point of view, the current build will not work. It is mixing up sources from different locations. It expects that network is available, something which is disabled in build environments. Perhaps you should break out external sources (git submodules) into a separate automated script or document.

And let the main build script be restricted to a Makefile only, which should do the job of compiling the sources and installation of the binaries.

[probonopd]

What are you trying to achieve in the end?
As you may have guessed, I have no clue about how distribution packaging works, and yes, my build scripts fetch things from various places and assume that the build system is online. In which scenarios would that be a problem?

[rickysarraf]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

On Sat, 2017-01-07 at 02:19 -0800, probonopd wrote: What are you trying to achieve in the end?

This is feedback for your build scripts. That they are fragile. They work for one use case, which is the most common one. Perhaps the reason why it wasn't reported to you before.

As you may have guessed, I have no clue about how distribution packaging works, and yes, my build scripts fetch things from various places and assume that the build system is online. In which scenarios would that be a problem?

I can speak on what is the case in Debian. I'm not sure about other distributions. ON Debian, on the buildd infrastructure, network access is disabled. And there are good reasons to do that. Your git submodules are just defined as a git repository. It works right now because squashfs-tools is a forked one, which you control. And squashfuse is a similar repo. What happens when that repo diverges. But as a distribution, where point releases are preferred, this doesn't fit well. Not that we don't pick projects solely maintained in git, but in such cases, that is the only factor. Other dependencies are standardized. See, for example: https://tracker.debian.org/pkg/perf-tools-unstable for which, we pick the sources from: https://github.com/brendangregg/perf-tools who doesn't do releases either. Now in Debian, we already have squashfs-tools available. So, it makes no sense to carry another set of squashfs-tools sources. For one, it is duplication, but otherwise too, now there are 2 targets to track (for security). Note: I see you mention that squashfs-tools development stalled. In cases like this, it makes more sense to import those sources into your tool itself. Anyways, this was feedback from my initial interaction. I know the whole idea of the project is to provide an easier distribution mechanism but for the base tools (appimaged, appimagetool etc), having a better build and release structure will be better. - -- Ritesh Raj Sarraf RESEARCHUT - http://www.researchut.com "Necessity is the mother of invention." -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQCVDstmIVAB/Yn02pjpYo/LhdWkFAlhxLXQACgkQpjpYo/Lh dWk1dRAAp+LA2OHOg9m0jwieqz7CCJxsBhOUjXZLHPW2Tkb6KH8vO8zlni6ua6Jf qx5WKUSIMWct8qwNQYOMCPiuI2fRuT2G+H13UwiXzMTsjsOtKDpkqz5ckihdCag3 u+DHFYyevPE/79IYJCeIMt0sVh2ldfOokWldLukOgMELsasoqaItS8A1RVNH4PUU iNTKB1fYZt11Ma0IN5EiWhHmzIVJjH6suOn/vzUo23hfCs2H4QoHs6PVs2L/JzUS CdAhbKUGBA68rzCMXOSCxJT2yYidMn/F0Px2ubm8sofARWSKP2dv3vsizJDAzQBX EXW9Ud836PbIkoIsgVAGpY4HtU0MjGNcVOnmqRFCDVBoKZXRg+jw1DE0KFtv9U0R V3cf5K4rpKLnwRjHhLcpBaxJaCXOqXVrWXX20sRysT2ICB7RjdLJPtP8JD2E/Qhb /+ws2/LiGURMBhPmVwHf5HSUkjuJ1VJkltTypUELs626OgvwCYymN75oUhaP0q8e Wcwrnk4Cyn2VN2Que6OS7FmdFME2G/6aQakJ0wXSzNuMjrn/US7kKE0cuqogtSnw 16UqBxjp5beFp4rqyMwPKpKCvlEtpURpKlu04RykBw4RPsB/sBtHtO2MtDY09jqP hxeUY0CWQ3hMxpRBLeJwj18XYgFBwcSr9iVjEtM4UNB+eJi5n4w= =SLzN -----END PGP SIGNATURE-----

[probonopd]

Thanks for your feedback Ritesh. It is appreciated. Still learning these things.

[probonopd]

I can speak on what is the case in Debian. I'm not sure about other distributions. ON Debian, on the buildd infrastructure, network access is disabled. And there are good reasons to do that. Your git submodules are just defined as a git repository.

I have opened a separate issue about generating a native debian package for appimaged. @rickysarraf please join the discussion in https://github.com/probonopd/AppImageKit/issues/339.

[probonopd]

Also see the RPM spec file used for OBS: https://build.opensuse.org/package/view_file/OBS:AppImage/AppImageKit/appimagetool.spec?expand=1

[TheAssassin]

All this might be fixed when #408 is implemented. But don't expect that too soon, it's quite some work.

[TheAssassin]

We have a CMake build infrastructure, which provides reliable, incremental builds. There is no longer a need to use build.sh for average users, you can use CMake directly now as well.