Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: use hermetic tar #385

Merged
merged 3 commits into from
Apr 26, 2024
Merged

refactor: use hermetic tar #385

merged 3 commits into from
Apr 26, 2024

Conversation

alexeagle
Copy link
Collaborator

@alexeagle alexeagle commented Oct 4, 2023
edited
Loading

Note, this shouldn't land until bazel-lib 2.0 is stable (RC or ideally final)

@alexeagle alexeagle force-pushed the bazel-lib_tar branch 2 times, most recently from eb2ccf0 to e1a871e Compare October 4, 2023 14:56
@alexeagle
Copy link
Collaborator Author

hitting a bug in bazel-lib, sent bazel-contrib/bazel-lib#574

@alexeagle alexeagle mentioned this pull request Oct 4, 2023
Closed
@alexeagle alexeagle marked this pull request as ready for review October 4, 2023 20:03
thesayyn
thesayyn reviewed Oct 4, 2023
View reviewed changes
oci/private/tarball.sh.tpl Outdated Show resolved Hide resolved
@gergelyfabian
Copy link
Contributor

Thanks @alexeagle , I checked the latest version, works good for my usecase.

thesayyn
thesayyn reviewed Oct 4, 2023
View reviewed changes
oci/private/tarball.sh.tpl Outdated Show resolved Hide resolved
@gergelyfabian
Copy link
Contributor

Are there any automated tests that could be extended with checks for this new feature (e.g. gid, uid, time)?

@gergelyfabian gergelyfabian mentioned this pull request Oct 5, 2023
Closed
@wayve-ci wayve-ci mentioned this pull request Oct 5, 2023
Closed
@alexeagle alexeagle mentioned this pull request Oct 20, 2023
Merged
@mattyclarkson mattyclarkson mentioned this pull request Nov 3, 2023
Closed
@thesayyn thesayyn added this to the bazel-lib 2.0 milestone Dec 12, 2023
@rickvanprim
Copy link
Contributor

Looks like aspect_bazel_lib 2.0.0 released in Nov. Can this work move forward now?

@alexeagle
Copy link
Collaborator Author

Can this work move forward now?

Forcing users to upgrade to bazel-lib 2.0 is a breaking change, so we're planning to start a 2.x branch here where this can land.

@alexeagle alexeagle mentioned this pull request Jan 17, 2024
Closed
@thesayyn thesayyn mentioned this pull request Feb 22, 2024
Closed
@gergelyfabian
Copy link
Contributor

When using this branch, it fails with this kind of error:

ERROR: no such package '@@bsd_tar_linux_amd64//': java.io.IOException: Error downloading [http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.9.10+dfsg-5ubuntu0.20.04.6_amd64.deb] to /home/runner/.cache/bazel/_bazel_runner/58ee4e61d8db750f3d07d666f38331ba/external/bsd_tar_linux_amd64/temp225016408700132824/libxml2_2.9.10+dfsg-5ubuntu0.20.04.6_amd64.deb: GET returned 404 Not Found

It started happening just recently. It seems there is a new version for this deb...

And there is a newer version of bazel-lib (2.5.0), which makes it work.

@corhere corhere mentioned this pull request Mar 11, 2024
Open
@Strum355 Strum355 mentioned this pull request Mar 11, 2024
Merged
Strum355 added a commit to sourcegraph/sourcegraph-public-snapshot that referenced this pull request Mar 11, 2024
@Strum355
bazel: patch rules_oci to run tar with --no-xattrs (#61004)
463f11a 
Workaround for https://github.com/sourcegraph/devx-support/issues/622. This is portable between both bsdtar and gnutar. On gnutar, this is the default, so this changes nothing for CI builds. This only changes behaviour in macOS with bsdtar.

It is unclear to me where a final solution will exist:
- An issue was opened upstream in docker/moby, but the latest opinion is that this is an issue with rules_oci _technically_ emitting docker-compatible formats that are incompatible with docker (Im not 100% sure yet that docker itself cant create a tarball that would fail to `docker load`, but I dont want to subject Christoph to more experiments lol) moby/moby#47517
- A PR exists in rules_oci to use a hermetic BSD tar instead of system tar (doesnt work on nixos though coz dynamic libraries :sadge:). It uses `mtree` format to add files, I don't know yet if that works around xattr issue without also passing `--no-xattr` (my current belief is that it does not)  bazel-contrib/rules_oci#385

## Test plan

Had Christoph run `bazel run //cmd/batcheshelper:image_tarball`, which succeeded with this patch
honnix
honnix reviewed Mar 19, 2024
View reviewed changes
oci/private/tarball.sh.tpl Outdated Show resolved Hide resolved
@alexeagle
refactor: use hermetic tar
cff2ece 
Fixes #328

fix: supply mtree file for determinism

fix: set tar content times to beginning of this year

avoids some tools thinking that 1970 is 'too old'

refactor: extract function for mtree lines

refactor: cleanup STAGING_DIR

chore: bump to bazel-lib 2.0rc

chore: remove bazel 5 workaround

Bazel-lib 2.0 doesn't include this anymore

chore: upgrade stardoc to match bzlmod version

ci: test on bazel 7 rather than 5
@alexeagle alexeagle force-pushed the bazel-lib_tar branch 2 times, most recently from ebf4b0b to d204496 Compare April 25, 2024 23:33
@alexeagle alexeagle changed the base branch from main to 2.x April 25, 2024 23:34
thesayyn
thesayyn approved these changes Apr 26, 2024
View reviewed changes
oci/private/tarball.sh.tpl Outdated Show resolved Hide resolved
@alexeagle alexeagle merged commit 70658f9 into 2.x Apr 26, 2024
20 checks passed
@alexeagle alexeagle deleted the bazel-lib_tar branch April 26, 2024 03:33
@thesayyn thesayyn mentioned this pull request May 13, 2024
Closed
alexeagle added a commit that referenced this pull request May 16, 2024
@alexeagle
fix: don't include mac metadata
b344ebb 
Partial back-port of #385 from the 2.x branch
@alexeagle alexeagle mentioned this pull request May 16, 2024
Merged
alexeagle added a commit that referenced this pull request May 16, 2024
@alexeagle
fix(oci_tarball): add --no-attr
a902475 
Partial back-port of #385 from the 2.x branch
thesayyn pushed a commit that referenced this pull request May 30, 2024
@alexeagle @thesayyn
refactor: use hermetic tar (#385)
a925156
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@honnix honnix honnix left review comments

@gergelyfabian gergelyfabian gergelyfabian left review comments

@Strum355 Strum355 Strum355 left review comments

@thesayyn thesayyn thesayyn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0
Development

Successfully merging this pull request may close these issues.
6 participants
@alexeagle @gergelyfabian @rickvanprim @honnix @Strum355 @thesayyn