babashka-sci-dev

borkdude 2022-11-12T15:23:04.835609Z

Anyone here care to check what's going on with the docker build on CI?

Bob B 2022-11-12T18:44:29.996849Z

initial analysis: it appears that some change (best I have at the moment) between alpine 3.15 and 3.16 broke the build... I pulled out just the RUN apk... line from Dockerfile.alpine, and that builds from alpine 3.15, but bombs with the same error when built from 3.16 - currently looking for 3.16 release notes to determine if the separate glibc install can be removed, or if there's some extra admin needed

🙏 1
Bob B 2022-11-12T19:11:48.835129Z

I'm not amazing with linux/docker, but... it appears that alpine 3.15 doesn't have an /etc/nsswitch.conf file in its base layout, but 3.16 does, and the glibc apk install tries to overwrite that file, which fails because the file is 'owned' by the base layout (the error in the build log). Presumably a short-term "get stuff working again" fix would be to tweak Dockerfile.alpine to build from apline:3.15. I'm still kind of digging around for how to actually address the apk install failure.

Bob B 2022-11-12T19:35:06.412469Z

from what I can find, seems like sort of a trade-off decision at the moment: <https://github.com/sgerrand/alpine-pkg-glibc/issues/185> leans toward allowing the file overwrite, so the choices I'm aware of atm: • build from alpine 3.15 - puts the build behind the latest version of alpine, keeps the build 'clean' • use force overwite in apk install - error becomes a warning, slight security risk (if the glibc package were compromised it could overwrite other system files) I would sort of doubt that alpine will get rid of the nsswitch file in the near future, so I think using the force overwrite probably has the better chance of being undoable if the glibc package gets updated to not include the nsswitch file in a future release (at which point, the build would be back to 'clean' and current)

borkdude 2022-11-12T19:36:09.905429Z

I haven't looked into this but what is the reason that something changed in our docker image - do we have something unversioned?

Bob B 2022-11-12T19:39:06.688349Z

Dockerfile.alpine builds from "alpine:3", which appears to be "the latest minor under the 3 major", so when 3.16 was released, "alpine:3" became 3.16 instead of 3.15, so it's 'semi-versioned'™️

borkdude 2022-11-12T19:40:13.201749Z

let's go with --force-overwrite

borkdude 2022-11-12T19:40:24.804369Z

cc @rahul080327

Bob B 2022-11-12T19:51:48.836519Z

I have some weirdness building the docker setup (I think because of running docker in a WSL VM), so I'll submit the PR in a few minutes here, but I'm currently unable to really fully test it out (shameless disclaimer) 🙂

borkdude 2022-11-12T19:58:55.738669Z

Thanks a lot!

borkdude 2022-11-12T19:59:01.800799Z

I merged it, we'll see how it goes :)

🤞 1
Bob B 2022-11-12T20:17:24.657249Z

it looks like the build succeeded - would you like me to open a tracking issue for updates to the glibc package or anything? e.g. if a newer alpine glibc pkg gets released without the problematic file, we could test out updating the pkg and removing the overwrite flag

borkdude 2022-11-12T20:21:04.191789Z

maybe just add a comment to the docker file

👍 1
lispyclouds 2022-11-13T07:19:34.291909Z

interesting and unfortunate error! thanks a lot @highpressurecarsalesm! yeah i think this solution is better but also would add a TODO with the issue link to remove it at some point. not sure if the overwrite causes some issues down the line?

lispyclouds 2022-11-13T07:20:44.079189Z

id like to stick to specific versions of alpine but would also like to keep up with updates like this big openssl bug recently

lispyclouds 2022-11-13T07:26:41.460859Z

@borkdude i have subscribed to the issue on the glibc repo and would address it when its resolved. i'd really like to add a TODO on the docker file, should i do it directly on master with a [skip ci] ?

borkdude 2022-11-13T07:50:39.216369Z

Yes please :)

🙏🏼 1
lispyclouds 2022-11-13T07:54:25.356089Z

done

Bob B 2022-11-13T15:36:14.863589Z

thank you for adding the comment - I wasn't shirking it, but I was working on some add'l lib tests to make the PR worth borkdude's time (didn't want to do a PR just for a comment) 🙂

lispyclouds 2022-11-14T06:49:18.853639Z

Yep, pretty much why I wanted to commit directly on master as well 😄