From 0fb920687399980d3b662b0ea76217b41b49eb8b Mon Sep 17 00:00:00 2001 From: per1234 Date: Sun, 10 Nov 2024 21:54:41 -0800 Subject: [PATCH 1/2] Use Debian 11 in `Linux_ARMv6` release build task `DistTasks.yml` contains the tasks used to produce the release builds of the project for each of the host targets. The builds are produced in Docker containers. A regression was introduced in the `Linux_ARMv6` task at the time the project's Go version was bumped to 1.21.5. This task must use a specific version of Debian in the container, which is defined via the image tag. Previously, Debian 10 was used, and a tag of the Go 1.18.3 image was available for this Debian version. However, the maintainers of the image did not produce a Debian 10 variant of the Go 1.21.5 image, so the use of that tag caused the task to fail: ``` Unable to find image 'docker.elastic.co/beats-dev/golang-crossbuild:1.21.5-armel-debian10' locally docker: Error response from daemon: manifest for docker.elastic.co/beats-dev/golang-crossbuild:1.21.5-armel-debian10 not found: manifest unknown: manifest unknown. See 'docker run --help'. task: Failed to run task "dist:Linux_ARMv6": exit status 125 ``` A Debian 11 variant of the image is available, and this version of Debian is also suitable for release builds. So the solution is to update the image tag referenced in the task to the Debian 11 tag. --- DistTasks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DistTasks.yml b/DistTasks.yml index 89585e6..51e7edd 100644 --- a/DistTasks.yml +++ b/DistTasks.yml @@ -172,7 +172,7 @@ tasks: # # Until there is a fix released we must use a recent gcc for Linux_ARMv6 build, so for this # build we select the debian10 based container. - CONTAINER_TAG: "{{.GO_VERSION}}-armel-debian10" + CONTAINER_TAG: "{{.GO_VERSION}}-armel-debian11" PACKAGE_PLATFORM: "Linux_ARMv6" PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.tar.gz" From a14dd9390f3f16c92472a9fd2f7de427392d05cc Mon Sep 17 00:00:00 2001 From: per1234 Date: Sun, 10 Nov 2024 21:59:05 -0800 Subject: [PATCH 2/2] Configure repository for compatibility with modern Git versions in release build containers `DistTasks.yml` contains the tasks used to produce the release builds of the project for each of the host targets. The builds are produced in Docker containers. A regression was introduced in several of the tasks at the time the project's Go version was bumped to 1.21.5. As a security measure (see CVE-2022-24765), starting from 2.30.3 Git requires the repository folder to be owned by the operating system user's account. Due to it having been checked out outside the container, the repository does not meet this requirement inside the container. An older version of Git was installed in the Go 1.18.3 Docker image, so this was not a problem before the bump, but a newer version is used in the Go 1.21.5 containers, which causes some tasks to fail: ``` error obtaining VCS status: exit status 128 Use -buildvcs=false to disable VCS stamping. Error: failed building for linux/armv6: exit status 1 failed building for linux/armv6: exit status 1 task: Failed to run task "dist:Linux_ARMv6": exit status 1 ``` The solution is to configure Git to allow the use of the repository, despite the "dubious ownership" of its folder. This is done via the `safe.directory` Git configuration variable. --- DistTasks.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/DistTasks.yml b/DistTasks.yml index 51e7edd..d7a99db 100644 --- a/DistTasks.yml +++ b/DistTasks.yml @@ -131,11 +131,12 @@ tasks: desc: Builds Linux ARMv6 binaries dir: "{{.DIST_DIR}}" cmds: + # "git config safe.directory" is required until this is fixed https://github.com/elastic/golang-crossbuild/issues/232 - | docker run -v `pwd`/..:/home/build -w /home/build \ -e CGO_ENABLED=1 \ {{.CONTAINER}}:{{.CONTAINER_TAG}} \ - --build-cmd "{{.BUILD_COMMAND}}" \ + --build-cmd "git config --global --add safe.directory /home/build && {{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} @@ -201,11 +202,12 @@ tasks: desc: Builds Mac OS X 64 bit binaries dir: "{{.DIST_DIR}}" cmds: + # "git config safe.directory" is required until this is fixed https://github.com/elastic/golang-crossbuild/issues/232 - | docker run -v `pwd`/..:/home/build -w /home/build \ -e CGO_ENABLED=1 \ {{.CONTAINER}}:{{.CONTAINER_TAG}} \ - --build-cmd "{{.BUILD_COMMAND}}" \ + --build-cmd "git config --global --add safe.directory /home/build && {{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} @@ -235,11 +237,12 @@ tasks: desc: Builds Mac OS X ARM64 binaries dir: "{{.DIST_DIR}}" cmds: + # "git config safe.directory" is required until this is fixed https://github.com/elastic/golang-crossbuild/issues/232 - | docker run -v `pwd`/..:/home/build -w /home/build \ -e CGO_ENABLED=1 \ {{.CONTAINER}}:{{.CONTAINER_TAG}} \ - --build-cmd "{{.BUILD_COMMAND}}" \ + --build-cmd "git config --global --add safe.directory /home/build && {{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}}