Skip to content

Fix Windows packaging #414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
vvoland wants to merge 23 commits into
base: main
Choose a base branch
from
Draft

Fix Windows packaging #414

vvoland wants to merge 23 commits into from
+28 −4

Conversation

@vvoland
Copy link
Contributor

@vvoland vvoland commented Mar 18, 2025
edited
Loading

Adds the containerd path to safe directories to address the "dubious
ownership" error when building containerd in Windows container:

fatal: detected dubious ownership in repository at 'C:/gopath/src/github.com/containerd/containerd'

'C:/gopath/src/github.com/containerd/containerd' is owned by:

	NT AUTHORITY/SYSTEM (S-1-5-18)

but the current user is:

	User Manager/ContainerAdministrator (S-1-5-93-2-1)

vvoland added 3 commits March 18, 2025 16:25
@vvoland
dockerfiles/rpm: Test userspace arch instead of the kernel
df395ee 
`arch` tests the kernel, not the userspace (thanks Tianon!)

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
dockerfiles/rpm: Simplify binutils-gold condition
45f63bf 
Replace the Fedora version check with the actual check for the `ld.gold`
linker availability.
Go hardcoded workaround **always** forces the `ld.gold` linker on arm64.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
dockerfiles/deb: Install binutils-gold on arm64 if needed
61a83ca 
On Debian Trixie and newer versions, binutils-gold is no longer included
in the base binutils package and must be installed separately. Without
this component, the build fails on arm64 with "collect2: fatal error:
cannot find 'ld'" error.

Go has a hardcoded workaround where it forces usage of ld.gold on ARM64.
It was only needed for ld 2.40, and Trixie is already on 2.44 but the
workaround hasn't been removed from the upstream Go code yet.

We need to make sure that ld.gold is available when building for Trixie
on arm64.

This is the same case as with Fedora 41: b153483

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland vvoland self-assigned this Mar 18, 2025
@vvoland vvoland force-pushed the windows-git-safe branch 2 times, most recently from f5208ea to b31030e Compare March 18, 2025 15:42
@vvoland
Copy link
Contributor Author

vvoland commented Mar 18, 2025
edited
Loading

Note: I can't reproduce this on my local Windows machine.

Looks like the only difference is the Git version on the host:

CI

git version 2.44.0.windows.1

My system

git version 2.41.0.windows.1

EDIT: I tried with the same git version as the CI host and it still works fine

vvoland added 3 commits March 18, 2025 17:18
@vvoland
windows: fix git ownership error
e8a2c05 
Adds the all paths to safe directories to address the "dubious
ownership" error when building containerd in Windows container:

```
fatal: detected dubious ownership in repository at 'C:/gopath/src/github.com/containerd/containerd'

'C:/gopath/src/github.com/containerd/containerd' is owned by:

	NT AUTHORITY/SYSTEM (S-1-5-18)

but the current user is:

	User Manager/ContainerAdministrator (S-1-5-93-2-1)
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
debug; log git version
19b6f81 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
debug; jenkins jus windows
5fcb90e 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland vvoland force-pushed the windows-git-safe branch 3 times, most recently from 0e37fe8 to 4dc0d07 Compare March 18, 2025 16:21
@vvoland
windows: debug makefile
f715f96 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland vvoland force-pushed the windows-git-safe branch 2 times, most recently from e5a1457 to 54f49c8 Compare March 18, 2025 17:05
@vvoland
dir git
4523224 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
vvoland added 2 commits March 18, 2025 18:49
@vvoland
inline
1ccc2fb 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
spaces
4070ee6 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland vvoland changed the title windows: fix git ownership error windows: debugging Mar 18, 2025
vvoland added 2 commits March 18, 2025 19:05
@vvoland
asdf
ed96f06 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
pls send help
2eb1d01 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@thaJeztah
Copy link
Member

thaJeztah commented Mar 18, 2025

Was also trying; and then for some reason it doesn't find the repo to be a git repo in the bind mount? Could that be related to version differences between host and container? #413

@vvoland
Copy link
Contributor Author

vvoland commented Mar 18, 2025

Yeah I'm trying to see what the windows container sees in the workdir, but Windows still manages to outsmart me 🙈

@vvoland
Copy link
Contributor Author

vvoland commented Mar 18, 2025

I can't reproduce it on my local machine (I installed the same git version on the host as the CI system)

@vvoland
powershell?
eec515f 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
list on host
dde1d23 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
vvoland added 3 commits March 18, 2025 19:28
@vvoland
list dot git
b6c11f6 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
force
0e93366 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
list and make
088b35b 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
Copy link
Contributor Author

vvoland commented Mar 18, 2025

No idea, the .git directory is there on the container side:

docker run \
	--rm \
	-v "d:/jenkins/workspace/containerd-packaging_PR-414/src/:C:/gopath/src" \
	-v "d:/jenkins/workspace/containerd-packaging_PR-414/build/windows:C:/gopath/src/github.com/containerd/containerd/bin" \
	-w "C:/gopath/src/github.com/containerd/containerd" \
	dockereng/containerd-windows-builder \
	powershell.exe "Get-ChildItem -Force; make -d bin/containerd"
    Directory: C:\gopath\src\github.com\containerd\containerd
Mode                 LastWriteTime         Length Name                         
----                 -------------         ------ ----                         
d--h--         3/18/2025   6:37 PM                .git                         
d-----         3/18/2025   6:37 PM                .github                      
d-----         3/18/2025   6:37 PM                api                          
d-----         3/18/2025   6:37 PM                archive                      
d-----         3/18/2025   6:37 PM                bin                          
d-----         3/18/2025   6:37 PM                cio                          
d-----         3/18/2025   6:37 PM                cluster                      
d-----         3/18/2025   6:37 PM                cmd

But for some reason we get the not a git repository

CreateProcess(C:\git\usr\bin\sh.exe,C:/git/usr/bin/sh.exe -c "if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi",...)

warning: Not a git repository. Use --no-index to compare two paths outside a working tree

go build command also seems to fail due to git error:

go build  -gcflags=-trimpath=C/src  -o bin/containerd -ldflags '-X github.com/containerd/containerd/version.Version=05044ec -X github.com/containerd/containerd/version.Revision=05044ec0a9a75232cad458027ca83437aae3f4da.m -X github.com/containerd/containerd/version.Package=github.com/containerd/containerd -s -w ' -tags "urfave_cli_no_docs"  ./cmd/containerd

CreateProcess(C:\git\usr\bin\sh.exe,C:/git/usr/bin/sh.exe -c "go build  -gcflags=-trimpath=C/src  -o bin/containerd -ldflags '-X github.com/containerd/containerd/version.Version=05044ec -X github.com/containerd/containerd/version.Revision=05044ec0a9a75232cad458027ca83437aae3f4da.m -X github.com/containerd/containerd/version.Package=github.com/containerd/containerd -s -w ' -tags \"urfave_cli_no_docs\"  ./cmd/containerd",...)

Live child 0185ea28 (bin/containerd) PID 25569880 

error obtaining VCS status: exit status 128

	Use -buildvcs=false to disable VCS stamping.

@thaJeztah
Copy link
Member

thaJeztah commented Mar 18, 2025

Could it be either permissions on the git directory or different format of the git directory data? (I know work is in progress to switch to sha512; wondering if some of the data format changed?)

I'd expect it to still detect it to be a git repository though (and wouldn't expect got itself to be incompatible THAT much)

vvoland added 3 commits March 19, 2025 12:08
@vvoland
debug git status
5f002b2 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
escape?
1691820 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
escape2?
97f3bfe 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
Copy link
Contributor Author

vvoland commented Mar 19, 2025

Heh, the git status seems to work just fine:

docker run \

	--rm \

	-v "d:/jenkins/workspace/containerd-packaging_PR-414/src/:C:/gopath/src" \

	-v "d:/jenkins/workspace/containerd-packaging_PR-414/build/windows:C:/gopath/src/github.com/containerd/containerd/bin" \

	-w "C:/gopath/src/github.com/containerd/containerd" \

	dockereng/containerd-windows-builder \

	powershell.exe '$env:GIT_TRACE2 = "1"; git status'

11:52:57.872190 common-main.c:57                  version 2.48.1.windows.1

11:52:57.873183 common-main.c:58                  start git.exe status

11:52:57.881278 repository.c:241                  worktree C:/gopath/src/github.com/containerd/containerd

11:52:57.883569 git.c:477                         cmd_name status (status)

HEAD detached at FETCH_HEAD

nothing to commit, working tree clean

11:52:58.370804 git.c:745                         exit elapsed:0.561884 code:0

11:52:58.370804 trace2/tr2_tgt_normal.c:128       atexit elapsed:0.561940 code:0

vvoland added 3 commits March 19, 2025 12:56
@vvoland
add diff and make
6ed5f6a 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
set revision explicitly
580a84d 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@vvoland
bust build cache
c6c0c8c 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
@thaJeztah
Copy link
Member

thaJeztah commented Mar 19, 2025

Could it be either a permission issue, or some security software that's running on these machines that block access to files? 🤔

@vvoland
Copy link
Contributor Author

vvoland commented Mar 19, 2025

Not really, overall git works before running make, and in make SOME of git commands work while other don't.

Like:

CreateProcess(C:\git\cmd\git.exe,git describe --match v[0-9]* --dirty=.m --always,...)

12:18:19.908581 common-main.c:57                  version 2.48.1.windows.1

12:18:19.910582 common-main.c:58                  start git.exe describe --match 'v[0-9]*' --dirty=.m --always

12:18:19.921332 repository.c:241                  worktree C:/gopath/src/github.com/containerd/containerd

12:18:19.924221 git.c:477                         cmd_name describe (describe)

12:18:20.125554 git.c:745                         exit elapsed:0.263580 code:0

12:18:20.125554 trace2/tr2_tgt_normal.c:128       atexit elapsed:0.263638 code:0

works fine, but:

CreateProcess(C:\git\usr\bin\sh.exe,C:/git/usr/bin/sh.exe -c "if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi",...)

11:57:22.096457 common-main.c:57                  version 2.48.1.windows.1

11:57:22.097464 common-main.c:58                  start git.exe diff --no-ext-diff --quiet --exit-code

11:57:22.103295 git.c:477                         cmd_name diff (diff)

11:57:22.110970 usage.c:91                        error Not a git repository. Use --no-index to compare two paths outside a working tree

warning: Not a git repository. Use --no-index to compare two paths outside a working tree

usage: git diff --no-index [<options>] <path> <path>

does not (there's no debug message for working dir - somehow it doesn't execute in the correct directory?)

@vvoland vvoland mentioned this pull request Mar 20, 2025
Merged
@vvoland vvoland changed the title windows: debugging Fix Windows packaging Mar 24, 2025
@vvoland vvoland removed their assignment Mar 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vvoland @thaJeztah