Fork me on GitHub
#babashka-sci-dev
<
2022-04-23
>
lispyclouds15:04:31

Looks like something happened with the Ubuntu release, will try to take a look tonight!

borkdude15:04:55

Thanks, no hurry

lispyclouds15:04:58

Does that run locally? If not try pinning to the older Ubuntu version maybe?

borkdude15:04:52

not sure what you mean with running locally

borkdude19:04:34

@rahul080327 I naively tried to update the remote docker version because I read somewhere that that may help

borkdude19:04:32

@rahul080327 That seems to have done the trick

lispyclouds20:04:46

ah nice! by locally i meant are you able to build the docker image on your local docker and by the looks of it that couldve pointed at the problem too 😄

lispyclouds20:04:54

trying to figure out what the problem was now

borkdude21:04:36

my theory for the babashka github release script 404-ing is: the first one seems to fail. then the rest of the jobs succeed and push their artifacts https://app.circleci.com/pipelines/github/clj-kondo/clj-kondo/4590/workflows/4f27d03c-2c9b-4558-937b-4c58efc418ab/jobs/18780 This is why it always happens on a release too since then a new github release is created

lispyclouds21:04:56

also https://ubuntu.com/blog/ubuntu-22-04-lts-released got released so was thinking does that have something to do as the error seems to be some broken packages

lispyclouds21:04:23

not sure how updating docker fixes this

borkdude21:04:47

I read something about old docker versions, ubuntu and gpg, upgrading fixed it, so let's just leave it there

lispyclouds21:04:55

interesting, can you send the link? docker versions being tied to what the images are running seems quite weird

lispyclouds21:04:31

quite weird would be a big understatement

borkdude21:04:34

I read it on stack overfloew

lispyclouds21:04:13

issue in glibc which is manifested via a new feature in apt using the seccomp syscalls... oof 🤯 from the bug tracker:

it this seems to be an issue that there is new functionality in apt/apt-key e.g. security hardening that docker prohibits in its containers. Running this manually works only in an --privileged container.
loads of TIL, that this is even possible

lispyclouds21:04:48

2 leanings: • static link musl ftw • how does does one apply the clojure non breaking things we try to follow all the way down to the kernel?

lispyclouds21:04:07

so i guess the machine where the remote docker was running in circle updated its OS and we ran into this?

lispyclouds21:04:37

this is too much for my little head to comprehend

borkdude21:04:14

well, upgrading fixed it, I'm a happy customer, and was able to release a new clj-kondo ;)

lispyclouds21:04:24

yeah that definitely was the correct fix, what just worries me is that there's no intuitive way for me to figure this out. well another experience then 😅

🙏 1
borkdude21:04:04

I think those docker settings were from pretty much the initial commits in clj-kondo

borkdude21:04:16

I'm surprised we had macos support from the early beginnings, https://github.com/clj-kondo/clj-kondo/commit/6a253cd6129f7dc06a4f2485af9121b6ffcf09bf I thought you had to have a special circleci support for that, perhaps @marc-omorain enabled that

borkdude21:04:53

not sure why, no issue number ;)

borkdude21:04:53

maybe there's something in our private chats on 2020 October 1st about this

borkdude21:04:24

(since using alpine as the default lead to many questions)

borkdude21:04:09

that's all I could find, not sure why we used a fixed version on that date

lispyclouds21:04:08

i suppose we looking at an example at the time and that wouldve been the version

lispyclouds21:04:25

ive gotten to a pattern of only using raw machine executors and have it all contained in that, not depend on too much external factors

borkdude21:04:53

before the commit there was no version at all, using the default

borkdude21:04:05

I just read they default to 17 or so now

lispyclouds21:04:10

also these are the reasons tooling like https://github.com/GoogleContainerTools/kaniko were made, do docker image builds in a container in userspace and not do the fancy machine hopping

lispyclouds21:04:49

ah so that version was an upgrade

borkdude21:04:17

the version I committed today was an upgrade. but the version I committed on October 1st 2022 was pinning the version instead of using the default and I have no idea what the default was at the time

lispyclouds21:04:43

probably 17 or earlier, if thats still the default now