Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1598987 - Unable to change mock config in COPR
Summary: Unable to change mock config in COPR
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: copr-backend
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: clime
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-07 15:12 UTC by Tomasz Tomasik
Modified: 2018-07-07 21:01 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-07-07 21:01:03 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1594397 None CLOSED Unable to use mlock() when building 2019-04-13 19:59:13 UTC

Description Tomasz Tomasik 2018-07-07 15:12:24 UTC
Description of problem:
CoreCLR uses mlock during startup and fails if mlock fails with EPERM. Generally, that's not a problem. However, many Linux distributions (including Fedora) are starting to use systemd-nspawn for building code and this creates a chroot where programs have restricted capabilities. Unfortunately, systemd-nspawn in F28 doesn't allow mlock() syscall to be called inside the container.
It is possible to change mock config locally:
config_opts['nspawn_args'] = ['--capability=CAP_IPC_LOCK']
However, there is no such option in COPR.


Version-Release number of selected component (if applicable):
current COPR: https://copr.fedorainfracloud.org/


How reproducible:
always


Steps to Reproduce:
1. Create a very simple RPM package with dotnet 2.1. You can use https://dotnetcli.blob.core.windows.net/dotnet/beta/Binaries/Latest/dotnet-dev-centos-x64.latest.tar.gz (as Source0) or rh-dotnet20-dotnet-host package (as part of BuildRequires).
2. Run this in %prep, %build or %install section: dotnet --version
3. Try build using COPR.


Actual results:
Failed to initialize CoreCLR, HRESULT: 0x8007001F

with strace:
mlock(0x7f29b8c7b000, 4096)             = -1 EPERM (Operation not permitted)


Expected results:
2.1.105

with strace:
mlock(0x7fad0f699000, 4096)             = 0


Additional info:
https://github.com/dotnet/coreclr/issues/18634
https://github.com/rpm-software-management/mock/issues/186#issuecomment-392833446
https://bugzilla.redhat.com/show_bug.cgi?id=1594397#c2

Comment 1 clime 2018-07-07 16:52:33 UTC
I've deployed a fix for this https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=fac83ee9d9f0b9a800e3a9d54cb53b37f9d197a9. It might take several hours to take effect though. New builder with the modified config need to be spawned first.

Comment 2 Tomasz Tomasik 2018-07-07 21:01:03 UTC
Thank you. I can confirm that it works:

+ ./dotnet --version
2.1.105


Note You need to log in before you can comment on or make changes to this bug.