iso: Support build on Fedora - aarch64 #22056
Description
Since we removed gluster, we don't need the legacy python2 dependency and we can support building on more modern distros like Fedora.
Building the aarch64 version on Fedora 42 and 43 has 2 issues:
selinux issue when running chown via a container
Error:
if ! grep -sq 'docker\|lxc' /proc/1/cgroup; then \
docker run --rm -v /home/nsoffer/minikube/out/buildroot/output-aarch64/build/cri-dockerd-aarch64-55d6e1a1d6f2ee58949e13a0c66afe7d779ac942/packaging/static/build/win:/v -w /v alpine sh -c 'apk update
&& apk add zip && zip -r cri-dockerd-0.4.1.win.amd64.zip cri-dockerd'; \
docker run --rm -v /home/nsoffer/minikube/out/buildroot/output-aarch64/build/cri-dockerd-aarch64-55d6e1a1d6f2ee58949e13a0c66afe7d779ac942/packaging/static:/v -w /v alpine chown -R 1000:1000 build; \
fi
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
014e56e61396: Pull complete
Digest: sha256:51183f2cfa6320055da30872f211093f9ff1d3cf06f39a0bdb212314c5dc7375
Status: Downloaded newer image for alpine:latest
v3.23.0_rc2-34-g319b82182d1 [https://dl-cdn.alpinelinux.org/alpine/v3.23/main]
v3.23.0-1-gbad45407d26 [https://dl-cdn.alpinelinux.org/alpine/v3.23/community]
OK: 27555 distinct packages available
(1/2) Installing unzip (6.0-r16)
(2/2) Installing zip (3.0-r13)
Executing busybox-1.37.0-r29.trigger
OK: 8 MiB in 18 packages
zip warning: name not matched: cri-dockerd
zip error: Nothing to do! (try: zip -r cri-dockerd-0.4.1.win.amd64.zip . -i cri-dockerd)
chown: build: Permission denied
make[4]: *** [Makefile:73: cross-win] Error 1
make[4]: Leaving directory '/home/nsoffer/minikube/out/buildroot/output-aarch64/build/cri-dockerd-aarch64-55d6e1a1d6f2ee58949e13a0c66afe7d779ac942/packaging/static'
make[3]: *** [Makefile:29: static] Error 1
make[3]: Leaving directory '/home/nsoffer/minikube/out/buildroot/output-aarch64/build/cri-dockerd-aarch64-55d6e1a1d6f2ee58949e13a0c66afe7d779ac942/packaging'
make[2]: *** [Makefile:42: static] Error 2
make[2]: Leaving directory '/home/nsoffer/minikube/out/buildroot/output-aarch64/build/cri-dockerd-aarch64-55d6e1a1d6f2ee58949e13a0c66afe7d779ac942'
make[1]: *** [package/pkg-generic.mk:273: /home/nsoffer/minikube/out/buildroot/output-aarch64/build/cri-dockerd-aarch64-55d6e1a1d6f2ee58949e13a0c66afe7d779ac942/.stamp_built] Error 2
make[1]: Leaving directory '/home/nsoffer/minikube/out/buildroot'
make: *** [Makefile:296: minikube-iso-aarch64] Error 2
rm deploy/iso/minikube-iso/board/minikube/aarch64/rootfs-overlay/usr/bin/auto-pause chown does not have permissions:
chown: build: Permission denied
The docker command is wrong, not using :Z for the mounts:
docker run \
--rm \
-v /home/nsoffer/minikube/out/buildroot/output-aarch64/build/cri-dockerd-aarch64-55d6e1a1d6f2ee58949e13a0c66afe7d779ac942/packaging/static:/v \
-w /v \
alpine chown -R 1000:1000 build
It should be:
docker run \
--rm \
-v /home/nsoffer/minikube/out/buildroot/output-aarch64/build/cri-dockerd-aarch64-55d6e1a1d6f2ee58949e13a0c66afe7d779ac942/packaging/static:/v:Z \
-w /v \
alpine chown -R 1000:1000 build
Running with selinux permissive mode works around this issue:
sudo setenforce 0
make minikube-iso-aarch64
This should be fixed in the cri-dockerd package - not sure if this is an issue in the buildroot package (minikube issue) or upstream issue.
The best way is to run the chown command directly on the host - there is no reason to use a container for running chown on a build machine. This is one reason why we cannot run the build in a container, since it depends on running docker in docker.
For now we can document that you need to use permissive mode to build the iso on Fedora. This is a reasonable limitation.
post-image script failure
With selinux issue fixed we fail in the post-image script:
>>> Executing post-image script /home/nsoffer/minikube/deploy/iso/minikube-iso/board/minikube/aarch64/post-image.sh
INFO: cmd: "mkdir -p "/home/nsoffer/minikube/out/buildroot/output-aarch64/build/genimage.tmp"" (stderr):
INFO: cmd: "rm -rf "/home/nsoffer/minikube/out/buildroot/output-aarch64/build/genimage.tmp"/*" (stderr):
INFO: cmd: "mkdir -p "/home/nsoffer/minikube/out/buildroot/output-aarch64/build/genimage.tmp"" (stderr):
INFO: cmd: "cp -a "/tmp/tmp.SFqt1c7qYu" "/home/nsoffer/minikube/out/buildroot/output-aarch64/build/genimage.tmp/root"" (stderr):
INFO: cmd: "mkdir -p "/home/nsoffer/minikube/out/buildroot/output-aarch64/images"" (stderr):
INFO: vfat(efiboot.img): cmd: "mkdosfs -n 'EFIBOOTISO' '/home/nsoffer/minikube/out/buildroot/output-aarch64/images/efiboot.img'" (stderr):
INFO: vfat(efiboot.img): adding file 'efi-part/EFI' as 'EFI' ...
INFO: vfat(efiboot.img): cmd: "MTOOLS_SKIP_CHECK=1 mcopy -sp -i '/home/nsoffer/minikube/out/buildroot/output-aarch64/images/efiboot.img' '/home/nsoffer/minikube/out/buildroot/output-aarch64/images/efi-part/EFI' '::EFI'" (stderr):
INFO: cmd: "rm -rf "/home/nsoffer/minikube/out/buildroot/output-aarch64/build/genimage.tmp/"" (stderr):
xorriso 1.5.6 : RockRidge filesystem manipulator, libburnia project.
Drive current: -outdev 'stdio:boot.iso'
Media current: stdio file, overwriteable
Media status : is blank
Media summary: 0 sessions, 0 data blocks, 0 data, 67.4g free
xorriso : FAILURE : -as genisofs: Unrecognized option '-eltorito-platform=efi'
xorriso : aborting : -abort_on 'FAILURE' encountered 'FAILURE'
make[1]: *** [Makefile:830: target-post-image] Error 5
make[1]: Leaving directory '/home/nsoffer/minikube/out/buildroot'
make: *** [Makefile:296: minikube-iso-aarch64] Error 2
rm deploy/iso/minikube-iso/board/minikube/aarch64/rootfs-overlay/usr/bin/auto-pauseThe error comes from this script:
We run mkisofs but the actual tool implementing it is xorriso, using the option
-as genisofs
When it emulates genisofs, it does not support the option:
'-eltorito-platform=efi'
Gemini suggests to switch the command to xorisso using this command:
xorriso \
-out boot.iso \
-joliet on \
-rockridge on \
-zisofs on \
-as_needed on \
-not_leaf 'EFI/BOOT' \
-volid 'EFIBOOTISO' \
-publisher 'EFI Boot ISO' \
-map root / \
-boot_image any platform=efi \
-boot_image any efi_path=EFI/BOOT/efiboot.img \
-boot_image any cat_path=/boot.cat
The command should work also on Ubuntu. I did not test it.
/kind improvement
/cc @ vtri950