Skip to content

osrf/ubuntu_armhf:focal fails to run on native ARM hardware #38

Description

@nuclearsandwich

armhf builds on ci.ros2.org currently fail in the Build Dockerfile step with an error like the following:

00:00:01.726 Step 13/58 : RUN apt-get update && apt-get install --no-install-recommends -y   lsb-release net-tools sudo   curl   gnupg2   apt-transport-https
00:00:01.865  ---> Running in eacf1551b457
00:00:02.777 Get:1 http://ports.ubuntu.com focal InRelease [265 kB]
00:00:03.149 Get:2 http://ports.ubuntu.com focal-updates InRelease [89.1 kB]
00:00:03.202 Err:1 http://ports.ubuntu.com focal InRelease
00:00:03.202   At least one invalid signature was encountered.
00:00:03.229 Get:3 http://ports.ubuntu.com focal-backports InRelease [89.2 kB]
00:00:03.289 Err:2 http://ports.ubuntu.com focal-updates InRelease
00:00:03.289   At least one invalid signature was encountered.
00:00:03.374 Err:3 http://ports.ubuntu.com focal-backports InRelease
00:00:03.374   At least one invalid signature was encountered.
00:00:03.380 Fetched 443 kB in 49710d 6h 26min 44s (0 B/s)
00:00:03.380 Reading package lists...
00:00:04.773 W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ports.ubuntu.com focal InRelease: At least one invalid signature was encountered.
00:00:04.773 W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ports.ubuntu.com focal-updates InRelease: At least one invalid signature was encountered.
00:00:04.773 W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ports.ubuntu.com focal-backports InRelease: At least one invalid signature was encountered.
00:00:04.773 W: Failed to fetch http://ports.ubuntu.com/dists/focal/InRelease  At least one invalid signature was encountered.
00:00:04.773 W: Failed to fetch http://ports.ubuntu.com/dists/focal-updates/InRelease  At least one invalid signature was encountered.
00:00:04.773 W: Failed to fetch http://ports.ubuntu.com/dists/focal-backports/InRelease  At least one invalid signature was encountered.
00:00:04.773 W: Some index files failed to download. They have been ignored, or old ones used instead.

When running the image on ARM hardware such as an EC2 a1.xlarge instance operations such as touch /tmp/foo would fail with:

touch: setting times of '/tmp/foo': Operation not permitted

Running the image on an amd64 host (which is possible with binfmt and the bundled qemu-arm-static binary present on the image) does not exhibit these issues.

Using my local workstation to run the image via qemu I created an additional layer which has strace installed

FROM osrf/ubuntu_armhf:focal
RUN apt update && apt install -y strace

I pushed that to a container registry to try on my ARM host and strace the issue:

docker run -ti --cap-add SYS_PTRACE nuclearsandwich/ubuntu_armhf:focal
#  strace touch /tmp/foo
execve("/usr/bin/touch", ["touch", "/tmp/foo"], 0xffc43564 /* 10 vars */) = 0
brk(NULL)                               = 0x266b000
uname({sysname="Linux", nodename="ea0637374bb7", ...}) = 0
access("/etc/ld.so.preload", R_OK)      = 0
openat(AT_FDCWD, "/etc/ld.so.preload", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=25, ...}) = 0
mmap2(NULL, 25, PROT_READ|PROT_WRITE, MAP_PRIVATE, 3, 0) = 0xf7b17000
close(3)                                = 0
openat(AT_FDCWD, "/opt/libpreload-semop.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\10\3\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=7116, ...}) = 0
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7b15000
mmap2(NULL, 69680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf7add000
mprotect(0xf7ade000, 61440, PROT_NONE)  = 0
mmap2(0xf7aed000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xf7aed000
close(3)                                = 0
munmap(0xf7b17000, 25)                  = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=14689, ...}) = 0
mmap2(NULL, 14689, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf7b11000
close(3)                                = 0
openat(AT_FDCWD, "/lib/arm-linux-gnueabihf/libc.so.6", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\331\252\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=972500, ...}) = 0
mmap2(NULL, 1038540, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf79df000
mprotect(0xf7ac7000, 65536, PROT_NONE)  = 0
mmap2(0xf7ad7000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe8000) = 0xf7ad7000
mmap2(0xf7adb000, 6348, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf7adb000
close(3)                                = 0
set_tls(0xf7b15f50)                     = 0
mprotect(0xf7ad7000, 8192, PROT_READ)   = 0
mprotect(0xf7aed000, 4096, PROT_READ)   = 0
mprotect(0xb14000, 4096, PROT_READ)     = 0
mprotect(0xf7b18000, 4096, PROT_READ)   = 0
munmap(0xf7b11000, 14689)               = 0
brk(NULL)                               = 0x266b000
brk(0x268c000)                          = 0x268c000
openat(AT_FDCWD, "/tmp/foo", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_LARGEFILE, 0666) = 3
dup2(3, 0)                              = 0
close(3)                                = 0
syscall_0x19c(0, 0, 0, 0, 0, 0)         = -1 EPERM (Operation not permitted)
close(0)                                = 0
write(2, "touch: ", 7touch: )                  = 7
write(2, "setting times of '/tmp/foo'", 27setting times of '/tmp/foo') = 27
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1
)                       = 1
close(1)                                = 0
close(2)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++

I have no idea what syscall_0x19c is supposed to be when it generates the EPERM.
using strace with apt-update gives a longer, similar issue but with syscall_0x193.

#37 recently introduced an ld preload wrapper to resolve a glibc/system call issue with qemu but I've built an image without that addition and the problem remains.

I've tried the image on an ARM host running 16.04 and 18.04 but not with 20.04 yet.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions