Skip to content
This repository has been archived by the owner before Nov 9, 2022. It is now read-only.

arm32v7/ubuntu:latest fails to update #183

Closed
ilg-ul opened this issue Jul 23, 2020 · 9 comments
Closed

arm32v7/ubuntu:latest fails to update #183

ilg-ul opened this issue Jul 23, 2020 · 9 comments

Comments

@ilg-ul
Copy link

ilg-ul commented Jul 23, 2020

I used this Docker image for quite a while in Travis tests, but now I see it failing to update:

arm32v7/ubuntu:latest
https://github.com/xpack-dev-tools/pre-releases/releases/download/test/
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal InRelease' is not signed.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease' is not signed.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease' is not signed.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-security InRelease' is not signed.
The command "DEBUG= bash tests/scripts/docker-test.sh --32 arm32v7/ubuntu:latest https://github.com/xpack-dev-tools/pre-releases/releases/download/test/ " exited with 100.
4.56s$ DEBUG= bash tests/scripts/docker-test.sh --32 arm32v7/ubuntu:rolling https://github.com/xpack-dev-tools/pre-releases/releases/download/test/ 
Linux travis-job-xpack-dev-tool-ninja-build-xp-711068358 5.3.0-42-generic #34~18.04.1-Ubuntu SMP Fri Feb 28 13:43:38 UTC 2020 aarch64 aarch64 aarch64 GNU/Linux
Unable to find image 'arm32v7/ubuntu:rolling' locally
rolling: Pulling from arm32v7/ubuntu
Digest: sha256:7ec8bcd4abd31f16afa768d99197777d68630dd04e36502b90211c30660fb2ed
Status: Downloaded newer image for arm32v7/ubuntu:rolling
arm32v7/ubuntu:rolling
https://github.com/xpack-dev-tools/pre-releases/releases/download/test/
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal InRelease' is not signed.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease' is not signed.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease' is not signed.
W: GPG error: http://ports.ubuntu.com/ubuntu-ports focal-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://ports.ubuntu.com/ubuntu-ports focal-security InRelease' is not signed.
The command "DEBUG= bash tests/scripts/docker-test.sh --32 arm32v7/ubuntu:rolling https://github.com/xpack-dev-tools/pre-releases/releases/download/test/ " exited with 100.

(the console is a bit out of order, but this shouldn't be a problem)

@tianon
Copy link
Owner

tianon commented Jul 23, 2020

I'm not able to reproduce, so I wonder if this is possibly related to debuerreotype/docker-debian-artifacts#97 / moby/moby#40739 ?

@tianon
Copy link
Owner

tianon commented Jul 23, 2020

Confirmed, I tested on an arm64 native box, and was able to reproduce, and after adding --security-opt seccomp:unconfined, it works, so it's definitely an instance of moby/moby#40739. 😞

@ilg-ul
Copy link
Author

ilg-ul commented Jul 23, 2020

I'm not familiar with that issue, but I used this Docker image in hundreds of Travis runs so far, without problems.

Was the image updated recently?

@tianon
Copy link
Owner

tianon commented Jul 23, 2020

Yes, the image is updated roughly every 30 days (it's :latest, after all...). The underlying issue is filed at moby/moby#40734, which was related to updating, but now that the base image is updated to include that libc6 change/update, you end up seeing related errors much sooner (and more widespread).

@ilg-ul
Copy link
Author

ilg-ul commented Jul 23, 2020

I understand that it is latest, but I hoped it is 'latest functional', not latest broken. :-(

Any idea when the image will be again functional? Should I remove it from the Travis test completely? (I use many 'latest' images, only this one failed).

@tianon
Copy link
Owner

tianon commented Jul 23, 2020

Well to be clear, latest here means "latest release" (and even more specifically, the Ubuntu image uses it to mean "latest LTS release").

As for whether it's functional, the image is functional, but your environment (Travis) has an outdated libseccomp (and potentially outdated Docker, since it needs Docker 19.03.9 or newer to have the fix) which is not familiar with the system calls this newer libc6 is trying to use, and thus (not unreasonably) blocks them.

To fix this, you'll need to make sure your Docker version is newer than 19.03.9, and that you have a libseccomp version of 2.4.2 or higher.

Alternatively, you can use --security-opt seccomp:unconfined when running your containers in order to remove the seccomp filtering entirely (which might be an acceptable trade-off on infrastructure like Travis where you don't need to worry as much about the security implications of doing so).

@tianon
Copy link
Owner

tianon commented Jul 23, 2020

(The next release of Debian is going to suffer from the same change -- see debuerreotype/docker-debian-artifacts#97.)

@ilg-ul
Copy link
Author

ilg-ul commented Jul 24, 2020

--security-opt seccomp:unconfined

I confirm, with this workaround the Travis test passed.

Thank you,

Liviu

@ilg-ul ilg-ul closed this as completed Jul 24, 2020
g7 added a commit to droidian-releng/docker-images that referenced this issue Oct 2, 2020
…until Docker on Travis CI is updated

See tianon/docker-brew-ubuntu-core#183 for more
details. We are running on a VM so it's definitely an acceptable trade-off.

Signed-off-by: Eugenio Paolantonio (g7) <me@medesimo.eu>
g7 added a commit to droidian-releng/docker-images that referenced this issue Oct 2, 2020
…until Docker on Travis CI is updated

See tianon/docker-brew-ubuntu-core#183 for more
details. We are running on a VM so it's definitely an acceptable trade-off.

Signed-off-by: Eugenio Paolantonio (g7) <me@medesimo.eu>
g7 added a commit to droidian-releng/docker-images that referenced this issue Oct 2, 2020
…until Docker on Travis CI is updated

See tianon/docker-brew-ubuntu-core#183 for more
details. We are running on a VM so it's definitely an acceptable trade-off.

Signed-off-by: Eugenio Paolantonio (g7) <me@medesimo.eu>
g7 added a commit to droidian-releng/docker-images that referenced this issue Oct 2, 2020
…until Docker on Travis CI is updated

See tianon/docker-brew-ubuntu-core#183 for more
details. We are running on a VM so it's definitely an acceptable trade-off.

Signed-off-by: Eugenio Paolantonio (g7) <me@medesimo.eu>
g7 added a commit to droidian-releng/docker-images that referenced this issue Oct 2, 2020
…until Docker on Travis CI is updated

See tianon/docker-brew-ubuntu-core#183 for more
details. We are running on a VM so it's definitely an acceptable trade-off.

Signed-off-by: Eugenio Paolantonio (g7) <me@medesimo.eu>
g7 added a commit to droidian-releng/docker-images that referenced this issue Oct 2, 2020
…distribution

32-bit containers on 64-bit hosts are broken if they have a somewhat recent
glibc release, see tianon/docker-brew-ubuntu-core#183
for more details.

Jobs declaring DOCKER_UPDATE = "yes" will get the newer docker version.

Signed-off-by: Eugenio Paolantonio (g7) <me@medesimo.eu>
g7 added a commit to droidian-releng/build-snippets that referenced this issue Oct 2, 2020
…dated

See tianon/docker-brew-ubuntu-core#183 for more
details. Docker in focal does not (yet) have the fix.

We are running in a VM anyways, so it's an acceptable trade-off.

Signed-off-by: Eugenio Paolantonio (g7) <me@medesimo.eu>
g7 added a commit to droidian-releng/build-snippets that referenced this issue Oct 2, 2020
…dated

See tianon/docker-brew-ubuntu-core#183 for more
details. Docker in focal does not (yet) have the fix.

We are running in a VM anyways, so it's an acceptable trade-off.

Signed-off-by: Eugenio Paolantonio (g7) <me@medesimo.eu>
@antoinetran
Copy link

antoinetran commented Sep 15, 2022

Hi, reproduced with CentOS 7.7 and libseccomp-2.3.1-3.el7.x86_64 . I did a OS update and apparently, the update to libseccomp-2.3.1-4.el7.x86_64 fixed the issue for info.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants