-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update fedora helix to 34 #483
Conversation
I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like there is a build failure that needs to be investigated too.
I see the OpenSSL warning in my local test runs @mthalman but the images is created successfully. Is there some extra check for the CI runs? This is fails in OpenSSL. |
Oh, I see. I thought it was just failing the Docker build but I see that it succeeds. It looks like the AzDO pipeline itself is interpreting the error output as a failure for some reason. That's strange. I'll have to dig into it. |
Thanks. I can hide the error if needed. Should I give it try? |
Yeah, let's try that first. |
I see your changes fixed the issue but the build for Fedora Rawhide is failing as well. This looks to be an external issue.
@omajid - Any ideas why this is happening? Looks to be doing a pretty basic |
yes, the deal was in passing
(and other ##vso tags) I would expect that the raw hide would not be impacted by my change unless I miss something |
BTW I'm not sure if we even need the |
may be some infrastructure issue. It builds for me locally
|
Interesting. The build agent can't even ping mirrors.fedoraproject.org.
|
@wfurt - For now, go ahead and comment out this section of the manifest to prevent Rawhide from building: dotnet-buildtools-prereqs-docker/manifest.json Lines 287 to 296 in ddfc481
|
I've logged #484 for the Rawhide build issue. |
libuuid-devel \ | ||
lttng-ust-devel \ | ||
openssl-devel \ | ||
uuid-devel \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's surprising that we need both libuuid-devel
and uuid-devel
. Is that intentional?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know. This is straight copy from existing 32. Also I don't know if we use it to actually build CoreCLR and others. It feels like we could go away with just Helix & runtime dependencies. But I did not want to fiddle with all.
I really wanted updated Quic. The upgrade to Fedora 34 is opportunistic.
|
||
# This is temporary until we have flow to packages.microsoft.com | ||
|
||
RUN dnf install -y dotnet gem lttng-tools perl-FindBin rpmdevtools ruby-devel && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI: this pulls down the Fedora build of .NET. Since you are adding the Microsoft packages repo to this container, I am not sure if it's intentional.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is ok. msquic only need global dotnet executable to install and run clog
. I'm hoping this section will go away in few weeks (e.g. before 6.0 ships)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay. Now that I think about it, what it pulls down might be non-deterministic. If it pulls down a mix of packages (some from Fedora, others from Microsoft) that might not work too well. You might want to verify that the SDK that gets installed into this container is working. See https://docs.microsoft.com/en-us/dotnet/core/install/linux-package-mixup for more details/fixes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems to be fine. The dotnet is removed immediately after build on line 32. So it should not interfere with Helix or anything else. Using the OS package seems most natural to me. I would do it for PowerShell as well but I could not find anything direclty from Fedora.
Yeah, the TLDR is glibc is broken in Fedora 35 for some containerized environments. https://bugzilla.redhat.com/show_bug.cgi?id=1985499 goes into a little bit more detail, but still misses the larger context. From what I can tell, glibc took a change to support certain new hardware security features (Intel CET) . When such a new glibc is running in a containerized environment, it needs additional fixes that need to be in the container engine itself (which is running the container that contains the updated glibc) otherwise glibc breaks, breaking everything else in the stack too. The fix needs to go into |
But that doesn't explain why the build agent is unable to even ping mirrors.fedoraproject.org. |
/azp run dotnet-buildtools-prereqs-docker-fedora |
Pull request contains merge conflicts. |
Even though the build failed due to infrastructure issues, the images were successfully published. The tags are:
|
Thanks for update @mthalman . I'll give them try. |
This is similar to existing image with following exception:
base os updated to Fedora 34
contributes to Drop support for Fedora 32 core#6431
(when I did work on add libmsquic to one helix image #474 I did not realized 32 is out of support)
we still don't have flow for Linux package of msquic.
Until we do, I updated the image to simple rebuild current dotnet/msquic and consume outcome directly.
This will allow us to stay on top of fixes for MsQuic.
contributes to [QUIC] update msquic package runtime#55746
cc: @CarnaViire @karelz