Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: require Python >= 3.7, add requirements.txt #5

Merged
merged 5 commits into from
Feb 6, 2025
Merged

fix: require Python >= 3.7, add requirements.txt #5

merged 5 commits into from
Feb 6, 2025

Conversation

synackd
Copy link
Contributor

@synackd synackd commented Feb 5, 2025

Certain features like process.Popen()'s text= kwarg require Python >= 3.7. Add a runtime check for it.

Also, add a requirements.txt and instructions for using it to install all needed Python dependencies.

@synackd
fix: require Python >= 3.7, add requirements.txt
e566bc0 
Certain features like process.Popen()'s text= kwarg require Python >=
3.7.
@alexlovelltroy
Copy link
Member

Our current Dockerfiles for dnf-based builds use python 3.11 and we have instructions for using the prebuilt container rather than messing with python versions on the head node (examples/README.md).

Should we also amend our instructions to make the container usage the preferred usage while also adding a guard for python versions that are too old in the code itself?

@synackd
Copy link
Contributor Author

synackd commented Feb 5, 2025

Container usage can be the preferred way to run image-build and we should be clear in the instructions, but usage should not be limited to the container. For running bare-metal, I think we should have guards (and also instructions) since the code will definitely not run on any Python earlier than 3.7.

alexlovelltroy
alexlovelltroy approved these changes Feb 5, 2025
View reviewed changes
Copy link
Member

@alexlovelltroy alexlovelltroy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

It would be good to see an update to the README that encourages use of the container as part of this PR or as a new PR/Issue to follow quickly

@synackd
docs(README): add run/build instructions
8ea744d
@synackd
fix: docker files: remove 'bash -c'
8e9dda0 
Using `buildah unshare bash -c` requires the user to enclose the
image-build command in quotes when running the container, e.g:

docker run ghcr.io/openchami/image-build 'image-build --config ...'

Removing `bash -c` removes this requirement so that the above command
can be ran as:

docker run ghcr.io/openchami/image-build image-build --config ...

If running multiple commands is needed, you can:

docker run ghcr.io/openchami/image-build bash -c 'echo test; image-build --config ...'
@synackd
docs(README): add note about seccomp
c9a490e
@synackd
Copy link
Contributor Author

synackd commented Feb 6, 2025

While testing running the container, I found some peculiarities.

For instance, the entire image-build [OPTIONS command needed to be wrapped in quotes since the entrypoint had bash -c. Removing the bash -c fixes this. If multiple commands need to be run, the shell command can be specified on the command line.

I also noticed that, when running with Docker, I would get:

Error during unshare(CLONE_NEWUSER): Operation not permitted
time="2025-02-06T07:47:00Z" level=error msg="parsing PID \"\": strconv.Atoi: parsing \"\": invalid syntax"
time="2025-02-06T07:47:00Z" level=error msg="(Unable to determine exit status)"

Adding --security-opt seccomp=unconfined to the docker command seems to fix this.

I've pushed commits with these changes and would like to get them reviewed.

@synackd
Copy link
Contributor Author

synackd commented Feb 6, 2025

We've decided to use Podman as the officially supported way to run the container due to the nature of nested containers.

alexlovelltroy
alexlovelltroy approved these changes Feb 6, 2025
View reviewed changes
Copy link
Member

@alexlovelltroy alexlovelltroy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@synackd synackd merged commit 79a8a7c into main Feb 6, 2025
1 check passed
@synackd synackd deleted the synackd/build-fixes branch February 6, 2025 16:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexlovelltroy alexlovelltroy alexlovelltroy approved these changes

@travisbcotton travisbcotton Awaiting requested review from travisbcotton

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@synackd @alexlovelltroy