deb: test deb package by piuparts

[kenhys]

No description provided.

[cosmo0920]

Due to this line:
https://github.com/fluent-plugins-nursery/td-agent-builder/blob/master/td-agent/apt/debian-buster/Dockerfile#L53
We need to execute apt update before installing package with apt.

[cosmo0920]

Oh, piuparts! I got it.

[kenhys]

Piuparts caught exception, exiting...
------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/sbin/piuparts", line 3260, in <module>
    main()
  File "/usr/sbin/piuparts", line 3252, in main
    process_packages(regular_packages_list)
  File "/usr/sbin/piuparts", line 3147, in process_packages
    chroot.create()
  File "/usr/sbin/piuparts", line 779, in create
    self.create_temp_dir()
  File "/usr/sbin/piuparts", line 770, in create_temp_dir
    self.name = tempfile.mkdtemp(dir=settings.tmpdir)
  File "/usr/lib/python2.7/tempfile.py", line 339, in mkdtemp
    _os.mkdir(file, 0700)
OSError: [Errno 30] Read-only file system: '/fluentd/td-agent/apt/repositories/debian/pool/buster/main/t/td-agent/tmpQSOYEP'
------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/sbin/piuparts", line 3274, in <module>
    panic(1)
  File "/usr/sbin/piuparts", line 490, in panic

fails.

[kenhys]

it may be succeed when not to use /fluentd/ (guess)

[cosmo0920]

Yep. piuparts can be started with this commit:1fb99a5

https://github.com/fluent-plugins-nursery/td-agent-builder/pull/164/checks?check_run_id=947401707#step:6:1687

[kenhys]

https://github.com/fluent-plugins-nursery/td-agent-builder/pull/164/checks?check_run_id=947531443

  E: Release signed by unknown key (key id 901F9177AB97ACBE)
     The specified keyring /usr/share/keyrings/debian-archive-keyring.gpg may be incorrect or out of date.
     You can find the latest Debian release key at https://ftp-master.debian.org/keys.html

[kenhys]

It may be caused by old keyring.
https://packages.ubuntu.com/search?suite=bionic&searchon=names&keywords=debian-archive-keyring bionic 2017.7ubuntu1: all
https://packages.debian.org/search?suite=buster&searchon=names&keywords=debian-archive-keyring buster 2019.1: all

[kenhys]

It may be caused by old keyring.
https://packages.ubuntu.com/search?suite=bionic&searchon=names&keywords=debian-archive-keyring bionic 2017.7ubuntu1: all
https://packages.debian.org/search?suite=buster&searchon=names&keywords=debian-archive-keyring buster 2019.1: all

1. fetch buster keyring package
2. --privileged mode?

[cosmo0920]

Really? 901F9177AB97ACBE should not be included debian keyring.
It is Treasure Data key.

% gpg --search-keys 901F9177AB97ACBE                                                     
gpg: data source: http://keys.gnupg.net:11371
(1)	Treasure Data, Inc (Treasure Agent Official Signing key) <support@trea
	  4096 bit RSA key 901F9177AB97ACBE, 作成: 2016-12-27
Keys 1-1 of 1 for "901F9177AB97ACBE".  番号(s)、N)次、またはQ)中止を入力してください > q
gpg: error searching keyserver: 操作がキャンセルされました

% gpg --recv-key 901F9177AB97ACBE
gpg: 鍵901F9177AB97ACBE: 公開鍵"Treasure Data, Inc (Treasure Agent Official Signing key) <support@treasure-data.com>"をインポートしました
gpg: 処理数の合計: 1
gpg:               インポート: 1

[kenhys]

Oh,

Really? 901F9177AB97ACBE should not be included debian keyring.
It is Treasure Data key.

I've overlooked it, thanks!

[kenhys]

So, I need to prepare Treasure Data key
https://docs.fluentd.org/installation/install-by-deb

[kenhys]

curl https://packages.treasuredata.com/GPG-KEY-td-agent

[kenhys]

NOTE: apt-key will be removed in the future release

apt (2.1.8) unstable; urgency=medium
    
     [ Julian Andres Klode ]
    * Fully deprecate apt-key, schedule removal for Q2/2022

buster is not affected, but bullseye (Debian 11), it will not available anymore.

[kenhys]

piuparts runnning with Treasure Data key, but it shoots eatmydata issue.

0m0.0s DEBUG: Starting command: ['debootstrap', '--variant=minbase', '--keyring=/usr/share/keyrings/td-agent-archive-keryring.gpg', '--include=eatmydata', '--no-merged-usr', '--components=buster,contrib', 'buster', '/tmp/tmp0W0uoB', 'http://packages.treasuredata.com/4/debian/buster/']
0m0.4s DUMP: 
  I: Target architecture can be executed
  I: Retrieving InRelease 
  I: Checking Release signature
  I: Valid Release signature (key id BEE682289B2217F45AF4CC3F901F9177AB97ACBE)
  I: Retrieving Packages 
  I: Validating Packages 
  I: Resolving dependencies of required packages...
  I: Resolving dependencies of base packages...
  I: Checking component contrib on http://packages.treasuredata.com/4/debian/buster...
  E: Couldn't find these debs: eatmydata apt
0m0.4s ERROR: Command failed (status=1): ['debootstrap', '--variant=minbase', '--keyring=/usr/share/keyrings/td-agent-archive-keryring.gpg', '--include=eatmydata', '--no-merged-usr', '--components=buster,contrib', 'buster', '/tmp/tmp0W0uoB', 'http://packages.treasuredata.com/4/debian/buster/']
  I: Target architecture can be executed
  I: Retrieving InRelease 

[kenhys]

It seems that official mirror is mising.

[kenhys]

Selecting previously unselected package libeatmydata1:amd64.
Preparing to unpack .../38-libeatmydata1_105-7_amd64.deb ...
Unpacking libeatmydata1:amd64 (105-7) ...
Selecting previously unselected package eatmydata.
Preparing to unpack .../39-eatmydata_105-7_all.deb ...
Unpacking eatmydata (105-7) ...

eatmydata is installed.

[kenhys]

piuparts(1) says: "Only the first mirror is used with debootstrap."

[kenhys]

0m41.3s DEBUG: Command ok: ['debootstrap', '--variant=minbase', '--keyring=/usr/share/keyrings/debian-archive-keyring.gpg', '--no-merged-usr', '--components=buster,main,main', 'buster', '/tmp/tmphFdPA0', 'http://deb.debian.org/debian']
0m41.3s DEBUG: Starting command: ['mount', '-t', 'proc', 'proc', '/tmp/tmphFdPA0/proc']
0m41.3s DUMP: 
  mount: /tmp/tmphFdPA0/proc: permission denied.
0m41.3s ERROR: Command failed (status=32): ['mount', '-t', 'proc', 'proc', '/tmp/tmphFdPA0/proc']
  mount: /tmp/tmphFdPA0/proc: permission denied.

found permission issue

[kenhys]

It requires --priviledged.

[kenhys]

piuparts works (even though it fails)

0m43.4s DEBUG: Starting command: ['umount', '/tmp/tmpikq4F6/dev/shm']
0m43.4s DEBUG: Command ok: ['umount', '/tmp/tmpikq4F6/dev/shm']
0m43.4s DEBUG: Starting command: ['umount', '/tmp/tmpikq4F6/dev/console']
0m43.4s DEBUG: Command ok: ['umount', '/tmp/tmpikq4F6/dev/console']
0m43.4s DEBUG: Starting command: ['umount', '/tmp/tmpikq4F6/dev/ptmx']
0m43.4s DEBUG: Command ok: ['umount', '/tmp/tmpikq4F6/dev/ptmx']
0m43.4s DEBUG: Starting command: ['umount', '/tmp/tmpikq4F6/dev/pts']
0m43.4s DEBUG: Command ok: ['umount', '/tmp/tmpikq4F6/dev/pts']
0m43.4s DEBUG: Starting command: ['umount', '/tmp/tmpikq4F6/proc']
0m43.4s DEBUG: Command ok: ['umount', '/tmp/tmpikq4F6/proc']
0m43.4s DEBUG: Starting command: ['rm', '-rf', '--one-file-system', '/tmp/tmpikq4F6']
0m43.6s DEBUG: Command ok: ['rm', '-rf', '--one-file-system', '/tmp/tmpikq4F6']
0m43.6s DEBUG: Removed directory tree at /tmp/tmpikq4F6
0m43.6s ERROR: piuparts run ends.
##[error]Process completed with exit code 1.

[kenhys]

Use /etc/apt/trusted.gpg.d/.

[kenhys]

To enable additional keyring, use debootstrap in advance.

[kenhys]

   
  The following packages have unmet dependencies:
   td-agent : Depends: libyaml-0-2 but it is not installable
  E: Unable to correct problems, you have held broken packages.
0m5.2s ERROR: Command failed (status=100): ['chroot', '/tmp/tmpTYY4wQ', 'apt-get', '-y', '--allow-downgrades', 'install', './tmp/td-agent-dbgsym_4.0.0-1_amd64.deb', './tmp/td-agent_4.0.0-1_amd64.deb']
  Reading package lists...
  Building dependency tree...
  Some packages could not be installed. This may mean that you have
  requested an impossible situation or if you are using the unstable
  distribution that some required packages have not yet been created
  or been moved out of Incoming.
  The following information may help to resolve the situation:
  
  The following packages have unmet dependencies:
   td-agent : Depends: libyaml-0-2 but it is not installable
  E: Unable to correct problems, you have held broken packages.

It seems that keyring issue was fixed.

[kenhys]

It will be fixed runtime dependency is installed in advance.

[kenhys]

It seems that chroot /var/lib/chroot/buster-root/ apt install -y libyaml-0-2 will work.

[kenhys]

2020-08-07T02:12:16.8293296Z 0m14.8s DEBUG: Starting command: ['chroot', '/tmp/tmpxGttLP', '/usr/sbin/logrotate', '/etc/logrotate.d/td-agent']
2020-08-07T02:12:16.8311096Z 0m14.8s DUMP: 
2020-08-07T02:12:16.8311800Z   error: stat of /var/log/td-agent/td-agent.log failed: No such file or directory

lotating failure.

[cosmo0920]

Ubuntu Focal jobs was stuck due to interactive selections:

debconf: falling back to frontend: Readline
Configuring tzdata
------------------

Please select the geographic area in which you live. Subsequent configuration
questions will narrow this down by presenting a list of cities, representing
the time zones in which they are located.

  1. Africa      4. Australia  7. Atlantic  10. Pacific  13. Etc
  2. America     5. Arctic     8. Europe    11. SystemV
  3. Antarctica  6. Asia       9. Indian    12. US
##[error]The operation was canceled.

ref: https://github.com/fluent-plugins-nursery/td-agent-builder/runs/956381796?check_suite_focus=true#step:6:1953

How can we solve this?

[kenhys]

0m15.2s ERROR: FAIL: Package purging left files on system:
  /etc/td-agent/	 owned by: td-agent
  /etc/td-agent/plugin/	 not owned
  /var/log/td-agent/	 not owned

above issue was fixed.

[kenhys]

0m17.7s ERROR: FAIL: After purging files have disappeared:
  /opt/	 owned by: td-agent

above error still happens. It is strage.

[kenhys]

mkdir -p /opt/ in postrm pass piuparts test , but I'm no willing to do it.

[kenhys]

2020-08-11T02:44:28.1562383Z + ls /var/lib/chroot/buster-root/
2020-08-11T02:44:28.1573877Z bin   dev  home  lib32	libx32	mnt  proc  run	 srv  tmp  var
2020-08-11T02:44:28.1577642Z boot  etc  lib	 lib64	media	opt  root  sbin  sys  usr
2020-08-11T02:44:28.1578501Z + piuparts --distribution=buster --existing-chroot=/var/lib/chroot/buster-root --keyring=/usr/share/keyrings/td-agent-archive-keyring.gpg '--mirror=http://packages.treasuredata.com/4/debian/buster/ buster contrib' --skip-logrotatefiles-test --warn-on-leftovers-after-purge /tmp/td-agent-dbgsym_4.0.0-1_amd64.deb /tmp/td-agent_4.0.0-1_amd64.deb

before runnning piuparts, opt is already created.

[kenhys]

• bionic debootstrap: security update is not applied?

[kenhys]

On bionic chroot, there is no security updates:

  # cat chroot/bionic-root/etc/apt/sources.list 
  deb http://archive.ubuntu.com/ubuntu bionic main

[kenhys]

suppress manual configuration via noninteractive when tzdata is installed.

[kenhys]

@ashie could you review this PR, please?