Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install fails for aarch64 in docker #5258

Closed
mmlb opened this issue Sep 15, 2021 · 3 comments
Closed

Install fails for aarch64 in docker #5258

mmlb opened this issue Sep 15, 2021 · 3 comments
Labels
bug

Comments

@mmlb
Copy link

mmlb commented Sep 15, 2021
edited
Loading

Describe the bug

I'm trying to build a https://github.com/NixOS/docker like container for aarch64 using buildx's qemu soft emulation support, but am always getting a failure message of error: while setting up the build environment: unable to load seccomp BPF program: Invalid argument

Steps To Reproduce

Local/harder to setup:

  1. Clone: https://github.com/mmlb/docker
  2. Setup docker buildx multi-arch support via qemu (see buildx/buildkit docs)
  3. Build with docker buildx build --platform linux/arm64 .
  4. See error

Easier:

  1. Fork: https://github.com/mmlb/docker
  2. Commit and push debug code and see GHA try and build
  3. See error

Expected behavior

Installing nix in aarch64 docker container works.

nix-env --version output

Additional context

Searching for bpf errors leads me to #2651 (comment) which looks pretty similar but the workaround there doesn't help me. The Dockerfile is already setting sandbox = false in /etc/nix/nix.conf and I duplicated in /root/.nix/nix.conf too which no luck.

I'm not sure if @edolstra's comment #2651 (comment) would help here as I don't think its a username space issue. The same Dockerfile works in x86_64 mode.
@mmlb mmlb added the bug label Sep 15, 2021
@matthewbauer
Copy link
Member

Might be a bug in docker? I see this issue from searching for "seccomp_load invalid argument":

opencontainers/runc#2865

But you can turn off seccomp in Nix with filter-syscalls = false.

@mmlb
Copy link
Author

mmlb commented Sep 16, 2021

awesome filter-syscalls = false works. Should I open up a separate feature request to make note of #2651 (comment)?

@mmlb mmlb closed this as completed Sep 16, 2021
pipex added a commit to 30block/sweet-home that referenced this issue Mar 13, 2022
@pipex
Turn of seccomp in nix build
5e4ab94 
This should allow emulated builds to succeed as per NixOS/nix#5258

Change-type: patch
@gaganyaan2 gaganyaan2 mentioned this issue Sep 14, 2022
Merged
@hansl hansl mentioned this issue Sep 15, 2022
Closed
@mikeland73 mikeland73 mentioned this issue Sep 23, 2022
Closed
@nixos-discourse
Copy link

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/cross-compilation-failing-with-nix-and-docker-on-macos/22169/4

This was referenced Nov 17, 2022
Closed
Open
@lucernae lucernae mentioned this issue Feb 6, 2023
Closed
@AmitKumarDas AmitKumarDas mentioned this issue Apr 11, 2023
Closed
@geonnave geonnave mentioned this issue Apr 25, 2023
Closed
This was referenced Apr 27, 2023
Closed
Merged
cameronraysmith added a commit to cameronraysmith/nixpod that referenced this issue Sep 11, 2023
@cameronraysmith
fix: experiment with filter-syscalls = false
293e502 
- arm64 build fails with docker/build-push-action@v4
- NixOS/nix#5258
- LnL7/nix-docker#41
cameronraysmith added a commit to cameronraysmith/nixpod that referenced this issue Sep 11, 2023
@cameronraysmith
fix: experiment with filter-syscalls = false
b4e60ea 
- arm64 build fails with docker/build-push-action@v4
- NixOS/nix#5258
- LnL7/nix-docker#41
@michalrus michalrus mentioned this issue Oct 19, 2023
Closed
michalrus added a commit to michalrus/cardano-rosetta that referenced this issue Oct 19, 2023
@michalrus
fix: turn off seccomp which fails on some Apple Silicon machines
4059d53 
Context:
* <NixOS/nix#5258>
* <https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-filter-syscalls>
@i10416 i10416 mentioned this issue Jan 12, 2024
Open
@lostbean lostbean mentioned this issue Feb 12, 2024
Merged
github-merge-queue bot pushed a commit to kurtosis-tech/kurtosis that referenced this issue Feb 15, 2024
@lostbean
fix: Core image builds for arm64 under CI (#2149)
807ddae 
## Description:
Attempt to fix [this
error](https://app.circleci.com/pipelines/github/kurtosis-tech/kurtosis/11230/workflows/88eae5e6-f3fd-4895-9af0-2685895b59d3/jobs/162867)
possible linked to NixOS/nix#5258.

## Is this change user facing?
NO
@lostbean lostbean mentioned this issue Feb 15, 2024
Merged
github-merge-queue bot pushed a commit to kurtosis-tech/kurtosis that referenced this issue Feb 15, 2024
@lostbean
fix: replace nix installer (#2163)
8f68547 
## Description:
Fix the cross platform docker images that are trying to install nix by
replacing the installer and passing extra config params.

## Is this change user facing?
NO

## References (if applicable):
- DeterminateSystems/nix-installer#324
- NixOS/nix#5258
vincentbernat added a commit to akvorado/akvorado that referenced this issue Apr 8, 2024
@vincentbernat
docker: disable syscall filtering when building image
0bfb35e 
This seems to break arm64 images. I don't know why this worked in the
past. See NixOS/nix#5258.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@matthewbauer @mmlb @nixos-discourse