systemd-resolved not functioning in Bookworm containers
twrightsman opened this issue · comments
@ximion I don't think the workaround in 222dadb for #26 works for using debos
in Debian Bookworm containers:
$ debspawn create bookworm
$ debspawn run --allow=kvm,read-kmods --cachekey=bookworm-resolved --external-command --init-command=prepare_container.sh --build-dir="$PWD" --artifacts-out="$PWD" bookworm build_image.sh
I get the following error while preparing the container:
┌─────────────────────────────┐
│ Preparing container │
└─────────────────────────────┘
Ign:1 http://deb.debian.org/debian bookworm InRelease
Ign:1 http://deb.debian.org/debian bookworm InRelease
Ign:1 http://deb.debian.org/debian bookworm InRelease
Err:1 http://deb.debian.org/debian bookworm InRelease
Temporary failure resolving 'deb.debian.org'
Reading package lists...
W: Download is performed unsandboxed as root as file '/var/lib/apt/lists/partial/deb.debian.org_debian_dists_bookworm_InRelease' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
E: Failed to fetch http://deb.debian.org/debian/dists/bookworm/InRelease Temporary failure resolving 'deb.debian.org'
E: Some index files failed to download. They have been ignored, or old ones used instead.
Command `apt-get -uyq -o Dpkg::Options::="--force-confnew" update` failed.
ERROR: Container setup failed.
I was able to get the container to build by following the suggestion in #26 and removing /etc/resolv.conf
at the end of prepare_container.sh
.
prepare_container.sh
#!/bin/sh
set \
-o errexit \
-o nounset
export DEBIAN_FRONTEND=noninteractive
apt-get install --yes --quiet \
debos \
kmod \
udev \
parted \
cryptsetup \
binfmt-support \
systemd-resolved \
ca-certificates
build_image.sh
#!/bin/bash
set \
-o errexit \
-o nounset \
-o pipefail
debos \
--fakemachine-backend=kvm \
rootfs.yml
rootfs.yml
architecture: amd64
actions:
- action: debootstrap
suite: bookworm
components:
- main
mirror: https://deb.debian.org
Just to be sure: Which OS is debspawn running on, and what version of it are you running (debspawn --version
)?
D'oh! Sorry about that.
debspawn --version
is 0.6.2
, with Debian Bookworm as the host OS.
Can you try the Git master version? There was an odd DNS issue with containers of this type (bookworm-on-bookworm) where /etc/hosts was missing but required. That could cause the issue you are seeing.
Unfortunately, the error is the same using the Git master branch.
Side note: ./debspawn.py ls
doesn't seem to find any container base images even though I ran ./debspawn.py create bookworm
. Neither does the system-installed debspawn
.
Side note:
./debspawn.py ls
doesn't seem to find any container base images even though I ran./debspawn.py create bookworm
. Neither does the system-installeddebspawn
.
That can't be, something must be wrong with your system... You would have to recreate the image for the changes in master to work, so using update --recreate
or just create
was right.
What does ls /var/lib/debspawn/images/
and cat /etc/debspawn/global.toml
give you? Is there anything unusual about the setup?
In my test I made sure to delete then create a bookworm image using the Git master version before trying ./debspawn.py run
.
$ ./debspawn.py create bookworm
$ sudo ls -alh /var/lib/debspawn/images
total 158M
drwxr-x--- 3 root root 4.0K Jul 12 21:45 .
drwxr-x--- 5 root root 4.0K Oct 14 2022 ..
-rw-r----- 1 root root 202 Jul 12 21:45 bookworm-buildd-amd64.json
-rw-r----- 1 root root 158M Jul 12 21:45 bookworm-buildd-amd64.tar.zst
drwxr-x--- 2 root root 4.0K Jul 12 21:41 dcache
$ ./debspawn.py list
No container base images have been found!
$ sudo cat /etc/debspawn/global.toml
AllowUnsafePermissions=true
As for something wrong/unusual with my system/setup? Maybe. The umask 027
in my bashrc tends to cause package building surprises. Maybe debspawn list
doesn't find anything because without gaining root it doesn't have permission to read the image directory.
Odd... I thought I really fixed it with e455894 and can't reproduce it here anymore - I will leave this bug open though, and conduct a bit more edge-case and automated testing, especially since there are a few other issues that also have to be dealt with.