Skip to content

Instantly share code, notes, and snippets.

@fredr

fredr/BUILD Secret

Last active January 17, 2022 13:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fredr/dd0e5c3639fa109df82471292d6bc8c3 to your computer and use it in GitHub Desktop.
Save fredr/dd0e5c3639fa109df82471292d6bc8c3 to your computer and use it in GitHub Desktop.
Download ZIP
podman segfault repro
Raw
README.md

env

$ podman --version
podman version 3.4.4

$ bazel --version
bazel 4.2.2

$ uname -a
Linux runner 5.15.12-1-MANJARO #1 SMP PREEMPT Wed Dec 29 18:08:07 UTC 2021 x86_64 GNU/Linux

run output

see generated bazel-out/k8-fastbuild/bin/xkcd_python_pkgs.sh for script that fails

$ bazel build //... --sandbox_writable_path=${XDG_RUNTIME_DIR} --sandbox_writable_path=${HOME}/.local/share/containers/storage
INFO: Analyzed 3 targets (0 packages loaded, 0 targets configured).
INFO: Found 3 targets...
ERROR: /home/fredr/projects/repros/bazel-podman/BUILD:5:14: Action xkcd_python_pkgs.tar failed: (Exit 2): xkcd_python_pkgs.sh failed: error executing command bazel-out/k8-fastbuild/bin/xkcd_python_pkgs.sh

Use --sandbox_debug to see verbose messages from the sandbox
time="2022-01-14T09:25:40+01:00" level=warning msg="\"/\" is not a shared mount, this could cause issues or missing mounts with rootless containers"
cannot setresgid: Invalid argument
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x557e3105594d]

goroutine 1 [running]:
github.com/containers/common/libimage.(*Runtime).Load(0x0, {0x557e31ddcaf8, 0xc000042028}, {0x7fffe5543de7, 0x50}, 0xc00058bb38)
	github.com/containers/common@v0.44.4/libimage/load.go:27 +0xed
github.com/containers/podman/v3/pkg/domain/infra/abi.(*ImageEngine).Load(0x7fffe5543de7, {0x557e31ddcaf8, 0xc000042028}, {{0x7fffe5543de7, 0x41}, 0x0, {0x0, 0x0}})
	github.com/containers/podman/v3/pkg/domain/infra/abi/images.go:362 +0xff
github.com/containers/podman/v3/cmd/podman/images.load(0x557e329443a0, {0xc0002d9000, 0x0, 0x2})
	github.com/containers/podman/v3/cmd/podman/images/load.go:92 +0x358
github.com/spf13/cobra.(*Command).execute(0x557e329443a0, {0xc00003c0a0, 0x2, 0x2})
	github.com/spf13/cobra@v1.2.1/command.go:856 +0x60e
github.com/spf13/cobra.(*Command).ExecuteC(0x557e32955e20)
	github.com/spf13/cobra@v1.2.1/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
	github.com/spf13/cobra@v1.2.1/command.go:902
github.com/spf13/cobra.(*Command).ExecuteContext(...)
	github.com/spf13/cobra@v1.2.1/command.go:895
main.Execute()
	github.com/containers/podman/v3/cmd/podman/root.go:91 +0xbe
main.main()
	github.com/containers/podman/v3/cmd/podman/main.go:39 +0x74
INFO: Elapsed time: 0.242s, Critical Path: 0.11s
INFO: 2 processes: 2 internal.
FAILED: Build did NOT complete successfully
Raw
BUILD
load("@io_bazel_rules_docker//docker/package_managers:download_pkgs.bzl", "download_pkgs")
download_pkgs(
name = "xkcd_python_pkgs",
image_tar = "@python38_slim//image",
packages = [
"fonts-humor-sans",
],
)
Raw
generated:xkcd_python_pkgs.sh
#!/usr/bin/env bash
set -e
function guess_runfiles() {
if [ -d ${BASH_SOURCE[0]}.runfiles ]; then
# Runfiles are adjacent to the current script.
echo "$( cd ${BASH_SOURCE[0]}.runfiles && pwd )"
else
# The current script is within some other script's runfiles.
mydir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
echo $mydir | sed -e 's|\(.*\.runfiles\)/.*|\1|'
fi
}
RUNFILES="${PYTHON_RUNFILES:-$(guess_runfiles)}"
# Resolve the docker tool path
DOCKER="/usr/bin/docker"
DOCKER_FLAGS=""
if [[ -z "$DOCKER" ]]; then
echo >&2 "error: docker not found; do you need to manually configure the docker toolchain?"
exit 1
fi
# Load the image and remember its name
image_id=$(bazel-out/host/bin/external/io_bazel_rules_docker/contrib/extract_image_id bazel-out/k8-fastbuild/bin/external/python38_slim/image/image.tar)
$DOCKER $DOCKER_FLAGS load -i bazel-out/k8-fastbuild/bin/external/python38_slim/image/image.tar
# Run the builder image.
cid=$($DOCKER $DOCKER_FLAGS run -w="/" -d --privileged $image_id sh -c $'#!/usr/bin/env bash
set -e
printf "" >> /etc/apt/sources.list.d/xkcd_python_pkgs_repos.list
# Remove /var/lib/apt/lists/* in the base image. apt-get update -y command will create them.
rm -rf /var/lib/apt/lists/*
# Fetch Index
apt-get update -y -qq
# Make partial dir
mkdir -p /tmp/install/./partial
# Install command
apt-get install --no-install-recommends -y -qq -o Dir::Cache="/tmp/install" -o Dir::Cache::archives="." fonts-humor-sans --download-only
items=$(ls /tmp/install/*.deb)
if [ -z "$items" ]; then
echo "Did not find the .deb files for debian packages fonts-humor-sans in /tmp/install. Did apt-get actually succeed?" && false
fi
# Generate csv listing the name & versions of the debian packages.
# Example contents of a metadata CSV with debian packages gcc 8.1 & clang 9.1:
# Name,Version
# gcc,7.1
# clang,9.1
echo Name,Version > xkcd_python_pkgs_metadata.csv
dpkg_deb_path=$(which dpkg-deb)
for item in $items; do
pkg_name=$($dpkg_deb_path -f $item Package)
if [ $pkg_name = "" ]; then
echo "Failed to get name of the package for $item" && false
fi
pkg_version=$($dpkg_deb_path -f $item Version)
if [ $pkg_version = "" ]; then
echo "Failed to get the version of the package for $item" && false
fi
echo -n "$pkg_name," >> xkcd_python_pkgs_metadata.csv
echo $pkg_version >> xkcd_python_pkgs_metadata.csv
done;
# Tar command to only include all the *.deb files and ignore other directories placed in the cache dir.
tar -cpf xkcd_python_pkgs_packages.tar --mtime='1970-01-01' --directory /tmp/install/. `cd /tmp/install/. && ls *.deb`')
$DOCKER $DOCKER_FLAGS attach $cid
$DOCKER $DOCKER_FLAGS cp $cid:xkcd_python_pkgs_packages.tar bazel-out/k8-fastbuild/bin/xkcd_python_pkgs.tar
$DOCKER $DOCKER_FLAGS cp $cid:xkcd_python_pkgs_metadata.csv bazel-out/k8-fastbuild/bin/xkcd_python_pkgs_metadata.csv
# Cleanup
$DOCKER $DOCKER_FLAGS rm $cid
Raw
WORKSPACE
workspace(name = "test")
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "io_bazel_rules_docker",
sha256 = "59d5b42ac315e7eadffa944e86e90c2990110a1c8075f1cd145f487e999d22b3",
strip_prefix = "rules_docker-0.17.0",
urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.17.0/rules_docker-v0.17.0.tar.gz"],
)
http_archive(
name = "io_bazel_rules_go",
sha256 = "2b1641428dff9018f9e85c0384f03ec6c10660d935b750e3fa1492a281a53b0f",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.29.0/rules_go-v0.29.0.zip",
"https://github.com/bazelbuild/rules_go/releases/download/v0.29.0/rules_go-v0.29.0.zip",
],
)
http_archive(
name = "bazel_gazelle",
sha256 = "de69a09dc70417580aabf20a28619bb3ef60d038470c7cf8442fafcf627c21cb",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.24.0/bazel-gazelle-v0.24.0.tar.gz",
"https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.24.0/bazel-gazelle-v0.24.0.tar.gz",
],
)
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")
go_rules_dependencies()
go_register_toolchains(version = "1.17.2")
gazelle_dependencies()
load("@io_bazel_rules_docker//repositories:repositories.bzl", container_repositories = "repositories")
container_repositories()
load("@io_bazel_rules_docker//repositories:deps.bzl", container_deps = "deps")
container_deps()
load("@io_bazel_rules_docker//container:container.bzl", "container_pull")
container_pull(
name = "python38_slim",
digest = "sha256:06f2b34e0a84cf236c68c11c302b7a5a6a4a89db09ba30284223b82fb6428a2a",
registry = "index.docker.io",
repository = "python",
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment