Support for a v9 build-env

[ydirson]

No description provided.

[dinhngtu]

Many Alma 10 packages use the flat build directory structure, and so don't have the SPECS/SOURCES/etc. directories any more. Could you import detect spec file paths?

[ydirson]

Many Alma 10 packages use the flat build directory structure, and so don't have the SPECS/SOURCES/etc. directories any more. Could you import detect spec file paths?

Ah I had missed that one, looks like a good idea

[glehmann]

a comment on the commit description (not sure why github doesn't allow to put a comment on the description itself).
Originally-by doesn't seem to be a standard git trailer; Co-authored-by seems more appropriate

[ydirson]

Well that's more "started by one and continued by another", co-authoring to me rings more like pair-programming.

https://lore.kernel.org/git/[email protected]/ notes Based-on-patch-by and Original-patch-by and more used in the kernel. That's really free-text, and as I've been using that one a number of times already, I'm not sure changing now would bring much.

[glehmann]

Github recognized Co-authored-by and properly displays the authors. I don't think it recognizes any other. Gitlab also recognizes Co-authored-by, not sure for gitea. It's also mentioned in the git documentation, although at a trailer specific of the git project.

• https://git-scm.com/docs/SubmittingPatches
• https://docs.github.com/en/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-with-multiple-authors
• https://gitlab.com/gitlab-org/gitlab-foss/-/issues/31640

I don't think that's mandatory, but it's a good practice to acknowledge the authorship with the tools we have IMO

[ydirson]

Ah, OK

[ydirson]

Many Alma 10 packages use the flat build directory structure, and so don't have the SPECS/SOURCES/etc. directories any more. Could you import detect spec file paths?

Ah I had missed that one, looks like a good idea

Picked a slightly different logic for the flat-structure detection, separated support for source-fetching, and did the latter using Alma tools rather than the generic tool you used, which does not seem to properly support packages from Alma.

[ydirson]

I dropped the --ccache support for now. I did manage to get it running yesterday, but the thing seems awfully brittle and refuses to do its job this morning.

[dinhngtu]

Worked with my shim-unsigned and grub2 packages using docker. Maybe @fallen can also give his opinion since he uses podman.

[fallen]

I gave this a try with both docker and podman.
On docker it works well, I was able to generate the build image and then build @dinhngtu 's grub2 package.

On podman I was able to generate the build image, but I was not able to build grub2 package:

ysionneau@ysionneau-XPS-13-9350:~/dev/rpms/grub2$ XCPNG_OCI_RUNNER=podman ~/dev/xcp-ng-build-env/run.py -b 9.0 -l . -n --name grub2-9 -v ~/dev/sbkeys:/etc/pki/pesign-xcpng:ro --rm --enablerepo crb
Launching docker with args ['podman', 'run', '-i', '-t', '-u', 'builder', '--platform', 'linux/amd64/v2', '--userns=keep-id', '--rm=true', '-v', '/home/ysionneau/dev/rpms/grub2:/home/builder/rpmbuild', '-e', 'BUILD_LOCAL=1', '-e', 'NO_EXIT=1', '--name', 'grub2-9', '-v', '/home/ysionneau/dev/sbkeys:/etc/pki/pesign-xcpng:ro', '-e', 'ENABLEREPO=crb', '--ulimit', 'nofile=2048', 'xcp-ng/xcp-ng-build-env:9.0', '/usr/local/bin/init-container.sh']
WARNING: unknown release, not fetching user repo definitions
sudo: PAM account management error: Authentication service cannot retrieve authentication info
sudo: a password is required
sudo: PAM account management error: Authentication service cannot retrieve authentication info
sudo: a password is required
Found specfiles grub2.spec
INFO    : unifont-13.0.06.pcf.gz already exists and its checksum is correct
INFO    : theme.tar.bz2 already exists and its checksum is correct
INFO    : grub-2.12.tar.xz already exists and its checksum is correct
INFO    : gnulib-9f48fb992a3d7e96610c4ce8be969cff2d61a01b.tar.gz already exists and its checksum is correct
sudo: PAM account management error: Authentication service cannot retrieve authentication info
sudo: a password is required
Building target platforms: x86_64_v2
Building for target x86_64_v2
warning: Macro expanded in comment on line 167: %global legacy_target_cpu_name i386

warning: Macro expanded in comment on line 168: %global legacy_package_arch pc

warning: Macro expanded in comment on line 169: %global platform pc

warning: Macro expanded in comment on line 44: %{x86_64} aarch64 ppc64le

warning: Macro expanded in comment on line 45: %define sb_ca		%{Source1000}

warning: Macro expanded in comment on line 46: %define sb_cer		%{Source1001}

warning: Macro expanded in comment on line 55: %define pe_signing_token NSS Certificate DB

warning: Macro expanded in comment on line 56: %define pe_signing_cert /etc/pki/pesign-xcpng

setting SOURCE_DATE_EPOCH=1749513600
error: Failed build dependencies:
	autoconf is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	automake is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	bison is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	bzip2-devel is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	dejavu-sans-fonts is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	device-mapper-devel is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	flex is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	freetype-devel is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	fuse-devel is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	gettext-devel is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	help2man is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	ncurses-devel is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	pesign >= 0.99-8 is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	rpm-devel is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	squashfs-tools is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	texinfo is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2
	xz-devel is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2

RPM build warnings:
    Macro expanded in comment on line 167: %global legacy_target_cpu_name i386

    Macro expanded in comment on line 168: %global legacy_package_arch pc

    Macro expanded in comment on line 169: %global platform pc

    Macro expanded in comment on line 44: %{x86_64} aarch64 ppc64le

    Macro expanded in comment on line 45: %define sb_ca		%{Source1000}

    Macro expanded in comment on line 46: %define sb_cer		%{Source1001}

    Macro expanded in comment on line 55: %define pe_signing_token NSS Certificate DB

    Macro expanded in comment on line 56: %define pe_signing_cert /etc/pki/pesign-xcpng


real	0m0.201s
user	0m0.126s
sys	0m0.075s
[builder@08db6f1d34db ~]$ 
logout

[glehmann]

Suggested change

	CONTAINER_PREFIX = "xcp-ng/xcp-ng-build-env"
	CONTAINER_PREFIX = "localhost/xcp-ng/xcp-ng-build-env"

I had to do that to make podman not propose to interactively select a registry:

? Please select an image:
  ▸ registry.fedoraproject.org/xcp-ng/xcp-ng-build-env:9.0
    registry.access.redhat.com/xcp-ng/xcp-ng-build-env:9.0
    docker.io/xcp-ng/xcp-ng-build-env:9.0

it doesn't have that behavior without the --platform option

[glehmann]

It may be interesting to have the images pre-built in ghcr.io, and use ghcr.io in the image name, but I keep that for another PR :)

[ydirson]

I had to do that to make podman not propose to interactively select a registry:

I remember having to do that in one early test, but did not need to do that anymore recently 🤔

It may be interesting to have the images pre-built in ghcr.io, and use ghcr.io in the image name, but I keep that for another PR :)

IIRC @psafont mentionned he has plans for something like this :)

[psafont]

Yeah, it would be good to upload the images so they are accessible to mock and avoid reinstalling packages to set the base :)

[ydirson]

I had to do that to make podman not propose to interactively select a registry:

I remember having to do that in one early test, but did not need to do that anymore recently 🤔

@glehmann actually when I add localhost/, using podman 4.3.1, it fails in a very strange way, but that's apparently "just because" I omitted the --platform linux/amd64 workaround needed for that old version (podman < v5.5.1 has a bug where the container is not registed as linux/amd64/v2).

The thing is, when the localhost/ prefix is not used the error is pretty easy to link with the bug when one knows about it:

Error: short-name "xcp-ng/xcp-ng-build-env:9.0" did not resolve to an alias and no unqualified-search registries are defined in "/etc/containers/registries.conf"

But with the prefix:

...
WARN[0002] Failed, retrying in 1s ... (3/3). Error: initializing source docker://localhost/xcp-ng/xcp-ng-build-env:9.0: pinging container registry localhost: Get "https://localhost/v2/": dial tcp [::1]:443: connect: connection refused 
Error: initializing source docker://localhost/xcp-ng/xcp-ng-build-env:9.0: pinging container registry localhost: Get "https://localhost/v2/": dial tcp [::1]:443: connect: connection refused

We'll need to raise awareness of this behaviour, or some of us may get trapped :/

[ydirson]

I gave this a try with both docker and podman. On docker it works well, I was able to generate the build image and then build @dinhngtu 's grub2 package.

On podman I was able to generate the build image, but I was not able to build grub2 package:

error: Failed build dependencies:
	autoconf is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2

This is likely due to packages not in base, many packages have breq's in crb, you can pass --enablerepo=crb. I had not enabled it by default to get an idea of who needs it, but given the number of them it makes sense to enable that repo by default.

[fallen]

I gave this a try with both docker and podman. On docker it works well, I was able to generate the build image and then build @dinhngtu 's grub2 package.
On podman I was able to generate the build image, but I was not able to build grub2 package:

error: Failed build dependencies:
	autoconf is needed by grub2-1:2.12-20.xcpng8.99.alma.2.x86_64_v2

This is likely due to packages not in base, many packages have breq's in crb, you can pass --enablerepo=crb. I had not enabled it by default to get an idea of who needs it, but given the number of them it makes sense to enable that repo by default.

I used the same command line as for docker:

XCPNG_OCI_RUNNER=podman ~/dev/xcp-ng-build-env/run.py -b 9.0 -l . -n --name grub2-9 -v ~/dev/sbkeys:/etc/pki/pesign-xcpng:ro --rm --enablerepo crb

But it did not work.