rpm: build a repo and use it #4815
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: ssbarnea The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@edsantiago @NevilleC @cevich -- interestingly this uncovers a bug related to centos-8 where rhel8 where yum decides to install the distro version instead of our code. The same bug does not happen with centos-7 and fedora-30. This makes me believe we have another spec issue. Advise would be welcomed.
|
Makefile
Outdated
| package-install: package ## Install rpm packages | ||
| sudo ${PKG_MANAGER} -y install ${HOME}/rpmbuild/RPMS/*/*.rpm | ||
| package-install: package build/podman.repo ## Install rpm packages | ||
| #sudo ${PKG_MANAGER} -y install ${HOME}/rpmbuild/RPMS/*/*.rpm |
contrib/build_rpm.sh
Outdated
| @@ -58,6 +58,8 @@ fi | |||
| export extra_arg="--without doc --without debug" | |||
|
|
|||
| echo ${PKGS[*]} | |||
| # we disable podman repo because that can become invalid during builds and is | |||
| # not needed for dependencies. | |||
There was a problem hiding this comment.
Please remove comment: it's misleading (a holdover from previous PR, perahps).
contrib/build_rpm.sh
Outdated
|
|
||
| # builds build/podman.repo which should be ready to install locally | ||
| mkdir -p build/buildset | ||
| rm -rf build/buildset/* |
There was a problem hiding this comment.
A better option is to reorder:
rm -rf build/buildset
mkdir -p build/buildset
Makefile
Outdated
| package-install: package build/podman.repo ## Install rpm packages | ||
| #sudo ${PKG_MANAGER} -y install ${HOME}/rpmbuild/RPMS/*/*.rpm | ||
| sudo cp -f build/podman.repo /etc/yum.repos.d/podman.repo | ||
| sudo ${PKG_MANAGER} -y --enablerepo podman install podman podman-remote |
There was a problem hiding this comment.
This approach (repo disabled by default) is much better -- but the logical extension is to remove the cp entirely and use --repofrompath instead; this way the system isn't left in an unmaintainable state. Could you look into using that, esp. seeing if it works with yum?
contrib/build_rpm.sh
Outdated
| cp -l ~/rpmbuild/RPMS/*/*.rpm . | ||
| createrepo . | ||
| popd | ||
| cat <<EOF >build/podman.repo |
There was a problem hiding this comment.
This is probably not absolutely critical, but the correct way to create files is to make a tempfile and rename it on success:
cat <<EOF >build/podman.repo.tmp.$$ && mv build/podman.repo.tmp.$$ build/podman.repo
With this form, if build/podman.repo exists it is guaranteed to be correct; without a tmp-rename, it is possible for an error (typically out-of-space but also possibly i/o error) to leave a corrupt file in place. This is a good habit to get into.
Makefile
Outdated
| package-install: package build/podman.repo ## Install rpm packages | ||
| #sudo ${PKG_MANAGER} -y install ${HOME}/rpmbuild/RPMS/*/*.rpm | ||
| sudo cp -f build/podman.repo /etc/yum.repos.d/podman.repo | ||
| sudo ${PKG_MANAGER} -y --enablerepo podman install podman podman-remote |
There was a problem hiding this comment.
Using sudo in a makefile leaves me slightly uncomfortable as it assumes a lot. For example, if this target is running inside a container as root, it will fail if sudo isn't installed (perhaps for security reasons, perhaps just to keep the image small). Would it make sense to leave out the sudo and just rely on the user running sudo make package-install when required?
There was a problem hiding this comment.
Yes I agree, I don't think sudo should be in the Makefile.
There was a problem hiding this comment.
I will address all comments receives so far, but before implementing these changes I need help addresing the issue i mentioned at #4815 (comment) -- so far in 2/4 platforms yum/dnf is unable to find the rpms from the builder repo.
There was a problem hiding this comment.
@rhatdan Calling make with sudo would break a huge number of things, think about temp files created as root.
While is technically easy to detect root and fail if you did not call it as root, it would create a never ending list of problems as all make targets run as root will produce artifacts with wrong user. I really do not with to create any file owned by root in a non-root user home directory.
The jobs we run on rdo now are expecting to find a repository on project_root/build/builset and I would prefer not to have to alter them to look in different location.
Look inside the makefile and you will see that package-install target depends-on package for good reasons. This means that if user calls it with sudo, both targets will run as root. build_rpm.sh is also calling copr makefile which produces the source rpms innside build/ folder, so it would introduce root owned files to current project_root folder.
I am ok to remove sudo from makefile if we find a way to avoid messing build when someone runs sudo make <random-target> by mistake. I personally find more annoying the messed file ownership that the feature of not calling sudo exactly where is needed.
Maybe we should add a protection for each target and prevent it from running other than how is inteded (like some kind of ensure-root and ensure-non-root checks)?
|
If I may ask everyone to take a step back for a moment: what problem are we trying to solve? Podman is an open-source project, not a Fedora-RHEL one. The little I understand of this PR is that it's intended for a narrow niche testing environment. Does this code really belong in the podman repo? Might there be a better place for it, more tightly integrated with the niche environment it's intended for? |
|
@edsantiago @rhatdan @cevich I guess none of you tried to run even the most based Based on this I would say that other things need to be addressed before we can remove sudo from inside the makefile. |
Using a repository improves testing of podman installation instead of using the bare rpm install method by using the likely installation method used on production.
| @@ -70,3 +69,16 @@ if [ -d ~/rpmbuild/BUILD ]; then | |||
| fi | |||
|
|
|||
| rpmbuild --rebuild ${extra_arg:-} podman-*.src.rpm | |||
| createrepo -v ~/rpmbuild/RPMS/x86_64 | |||
There was a problem hiding this comment.
For consistency with line 75, could we make this /${HOME}/rpmbuild/RPMS/x86_64 ?
There was a problem hiding this comment.
IIRC, rpmbuild checks an env. var. for the preferred location. The script should probably reference that instead of hard-coding. Otherwise this build could break in unexpected ways.
|
Any chance of building and incuding a new slirp4netns rpm? It seems that rootless containers do not want to run on centos 7.7 with the default supplied version. |
|
My understanding is that rootless containers aren't fully supported on 7, but I cannot be sure of my memory of the reason. I want to say it has/had something to do with a user-namespace something or other feature in the kernel. |
|
Correct rootless containers on RHEL7 will not be fully supported until RHEL7.8 release. |
|
☔ The latest upstream changes (presumably #4951) made this pull request unmergeable. Please resolve the merge conflicts. |
openshift-ci-robot
added
the
needs-rebase
|
@ssbarnea: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
A friendly reminder that this PR had no activity for 30 days. |
|
@ssbarnea Still working on this? |
|
Friendly ping. |
|
Going to close. Please reopen if the PR is still desired. |
github-actions
bot
added
the
locked - please file new issue/PR
Using a repository improves testing of podman installation instead of
using the bare rpm install method by using the likely installation
method used on production.
Depends-On: https://review.rdoproject.org/r/#/c/27527/