armhf builds on ci.ros2.org currently fail in the Build Dockerfile step with an error like the following:
00:00:01.726 Step 13/58 : RUN apt-get update && apt-get install --no-install-recommends -y lsb-release net-tools sudo curl gnupg2 apt-transport-https
00:00:01.865 ---> Running in eacf1551b457
00:00:02.777 Get:1 http://ports.ubuntu.com focal InRelease [265 kB]
00:00:03.149 Get:2 http://ports.ubuntu.com focal-updates InRelease [89.1 kB]
00:00:03.202 Err:1 http://ports.ubuntu.com focal InRelease
00:00:03.202 At least one invalid signature was encountered.
00:00:03.229 Get:3 http://ports.ubuntu.com focal-backports InRelease [89.2 kB]
00:00:03.289 Err:2 http://ports.ubuntu.com focal-updates InRelease
00:00:03.289 At least one invalid signature was encountered.
00:00:03.374 Err:3 http://ports.ubuntu.com focal-backports InRelease
00:00:03.374 At least one invalid signature was encountered.
00:00:03.380 Fetched 443 kB in 49710d 6h 26min 44s (0 B/s)
00:00:03.380 Reading package lists...
00:00:04.773 W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ports.ubuntu.com focal InRelease: At least one invalid signature was encountered.
00:00:04.773 W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ports.ubuntu.com focal-updates InRelease: At least one invalid signature was encountered.
00:00:04.773 W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ports.ubuntu.com focal-backports InRelease: At least one invalid signature was encountered.
00:00:04.773 W: Failed to fetch http://ports.ubuntu.com/dists/focal/InRelease At least one invalid signature was encountered.
00:00:04.773 W: Failed to fetch http://ports.ubuntu.com/dists/focal-updates/InRelease At least one invalid signature was encountered.
00:00:04.773 W: Failed to fetch http://ports.ubuntu.com/dists/focal-backports/InRelease At least one invalid signature was encountered.
00:00:04.773 W: Some index files failed to download. They have been ignored, or old ones used instead.
When running the image on ARM hardware such as an EC2 a1.xlarge instance operations such as touch /tmp/foo would fail with:
touch: setting times of '/tmp/foo': Operation not permitted
Running the image on an amd64 host (which is possible with binfmt and the bundled qemu-arm-static binary present on the image) does not exhibit these issues.
Using my local workstation to run the image via qemu I created an additional layer which has strace installed
FROM osrf/ubuntu_armhf:focal
RUN apt update && apt install -y strace
I pushed that to a container registry to try on my ARM host and strace the issue:
docker run -ti --cap-add SYS_PTRACE nuclearsandwich/ubuntu_armhf:focal
# strace touch /tmp/foo
execve("/usr/bin/touch", ["touch", "/tmp/foo"], 0xffc43564 /* 10 vars */) = 0
brk(NULL) = 0x266b000
uname({sysname="Linux", nodename="ea0637374bb7", ...}) = 0
access("/etc/ld.so.preload", R_OK) = 0
openat(AT_FDCWD, "/etc/ld.so.preload", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=25, ...}) = 0
mmap2(NULL, 25, PROT_READ|PROT_WRITE, MAP_PRIVATE, 3, 0) = 0xf7b17000
close(3) = 0
openat(AT_FDCWD, "/opt/libpreload-semop.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\10\3\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=7116, ...}) = 0
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7b15000
mmap2(NULL, 69680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf7add000
mprotect(0xf7ade000, 61440, PROT_NONE) = 0
mmap2(0xf7aed000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0xf7aed000
close(3) = 0
munmap(0xf7b17000, 25) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=14689, ...}) = 0
mmap2(NULL, 14689, PROT_READ, MAP_PRIVATE, 3, 0) = 0xf7b11000
close(3) = 0
openat(AT_FDCWD, "/lib/arm-linux-gnueabihf/libc.so.6", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\331\252\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=972500, ...}) = 0
mmap2(NULL, 1038540, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xf79df000
mprotect(0xf7ac7000, 65536, PROT_NONE) = 0
mmap2(0xf7ad7000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe8000) = 0xf7ad7000
mmap2(0xf7adb000, 6348, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xf7adb000
close(3) = 0
set_tls(0xf7b15f50) = 0
mprotect(0xf7ad7000, 8192, PROT_READ) = 0
mprotect(0xf7aed000, 4096, PROT_READ) = 0
mprotect(0xb14000, 4096, PROT_READ) = 0
mprotect(0xf7b18000, 4096, PROT_READ) = 0
munmap(0xf7b11000, 14689) = 0
brk(NULL) = 0x266b000
brk(0x268c000) = 0x268c000
openat(AT_FDCWD, "/tmp/foo", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_LARGEFILE, 0666) = 3
dup2(3, 0) = 0
close(3) = 0
syscall_0x19c(0, 0, 0, 0, 0, 0) = -1 EPERM (Operation not permitted)
close(0) = 0
write(2, "touch: ", 7touch: ) = 7
write(2, "setting times of '/tmp/foo'", 27setting times of '/tmp/foo') = 27
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1
) = 1
close(1) = 0
close(2) = 0
exit_group(1) = ?
+++ exited with 1 +++
I have no idea what syscall_0x19c is supposed to be when it generates the EPERM.
using strace with apt-update gives a longer, similar issue but with syscall_0x193.
I've tried the image on an ARM host running 16.04 and 18.04 but not with 20.04 yet.
armhf builds on ci.ros2.org currently fail in the Build Dockerfile step with an error like the following:
When running the image on ARM hardware such as an EC2 a1.xlarge instance operations such as
touch /tmp/foowould fail with:Running the image on an amd64 host (which is possible with binfmt and the bundled qemu-arm-static binary present on the image) does not exhibit these issues.
Using my local workstation to run the image via qemu I created an additional layer which has strace installed
I pushed that to a container registry to try on my ARM host and strace the issue:
I have no idea what syscall_0x19c is supposed to be when it generates the EPERM.
using strace with apt-update gives a longer, similar issue but with syscall_0x193.
#37 recently introduced an ld preload wrapper to resolve a glibc/system call issue with qemu but I've built an image without that addition and the problem remains.
I've tried the image on an ARM host running 16.04 and 18.04 but not with 20.04 yet.