Opened 10 months ago

Closed 8 months ago

Last modified 7 months ago

#32240 closed defect (fixed)

Tor Travis: Make chutney work on Xenial and Bionic images

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-ci, chutney, 043-should, 029-backport, 035-backport, 040-backport, 041-backport, 042-backport
Cc: nickm Actual Points: 0.2
Parent ID: Points: 1
Reviewer: nickm Sponsor:

Description

We get weird permissions errors like this:

FAIL: basic-min
Detail: chutney/tools/warnings.sh /home/travis/build/teor2345/tor/chutney/net/nodes.1571845015
Warning: Can't create/check datadirectory /home/travis/build/teor2345/tor/chutney/net/nodes/002r Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/000a/key-pinning-journal" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/001a/key-pinning-journal" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-certs": Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-consensus" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-descriptors" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-extrainfo" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-microdesc-consensus" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-microdescs" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-microdescs.new": Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/unverified-consensus" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/unverified-microdesc-consensus" for mmap(): Permission denied Number: 1
Warning: Directory /home/travis/build/teor2345/tor/chutney/net/nodes/002r cannot be read: Permission denied Number: 1
Warning: Error initializing keys; exiting Number: 1
Warning: Error loading key-pinning journal: Permission denied Number: 2

Child Tickets

TicketStatusOwnerSummaryComponent
#32630closedteorChutney Travis: Make chutney work on Bionic imagesCore Tor/Chutney
#32721closedteorAllow chutney users to disable tor's sandbox at runtimeCore Tor/Chutney

Change History (14)

comment:1 Changed 9 months ago by teor

This might be as simple as setting CHUTNEY_NET_DIR to the build directory?

comment:2 Changed 9 months ago by teor

Summary: Travis: Make chutney work on Xenial and Bionic imagesTor Travis: Make chutney work on Xenial and Bionic images

comment:3 Changed 9 months ago by teor

This is the failing build:
https://travis-ci.org/teor2345/tor/builds/601798967

It appears that chutney may only fail when run in tor's CI, see #32630.

comment:5 Changed 8 months ago by teor

I checked the permissions on those directories, and they seemed fine. Here's what I'd like to try next:

  • try a different directory
  • disable the sandbox in the build, in chutney's torrcs, or just for this CI job
  • turn off mmap() to see if that's the issue

comment:6 Changed 8 months ago by teor

Cc: nickm added
Status: newneeds_information

It looks like it's the sandbox.

A --disable-seccomp build succeeds:
https://travis-ci.org/teor2345/tor/jobs/622543371?utm_medium=notification&utm_source=github_status

But a build with CHUTNEY_NET_DIR=/tmp fails:
https://travis-ci.org/teor2345/tor/jobs/622543706

Nick, do you want to turn off sandbox in master, upgrade chutney to bionic, and then merge the OpenSSL 1.1 PR?

Or do you want to try and debug the sandbox?

comment:7 Changed 8 months ago by nickm

IMO the right solution is to change the chutney default to Sandbox 0 for now, and try to debug the sandbox independently.

The sandbox issue is probably glibc-dependent, and those are hard to track down. If that's what's going on, we shouldn't let CI be broken because of it.

(Long-term, we should revise the sandbox code to depend less on syscall details, but that's a bigger project.)

comment:8 Changed 8 months ago by teor

Once #32721 merges, we can fix this tor CI issue by:

  • setting CHUTNEY_TOR_SANDBOX=0 in the travis env vars
  • removing the travis image line from the chutney job

comment:9 Changed 8 months ago by teor

Status: needs_informationnew

comment:10 Changed 8 months ago by teor

Actual Points: 0.2
Reviewer: nickm
Status: newneeds_review

See my combined PRs for #32240 and #32242:

comment:11 Changed 8 months ago by nickm

Status: needs_reviewmerge_ready

LGTM; I think this should be mergeable.

comment:12 Changed 8 months ago by teor

I'm going to block merge on #32630, there's some difference between the tor and chutney CIs that's causing some failures, and I'd like to know what it is.

comment:13 Changed 8 months ago by teor

Resolution: fixed
Status: merge_readyclosed

#32630 is sorted, merged to 0.2.9 and later.

comment:14 Changed 7 months ago by teor

Milestone: Tor: 0.4.3.x-finalTor: 0.2.9.x-final
Note: See TracTickets for help on using tickets.