Opened 7 weeks ago

Last modified 16 hours ago

#32240 new defect

Tor Travis: Make chutney work on Xenial and Bionic images

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: 0.4.3.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-ci, chutney, 043-should, 029-backport, 035-backport, 040-backport, 041-backport, 042-backport
Cc: nickm Actual Points:
Parent ID: Points: 1
Reviewer: Sponsor:

Description

We get weird permissions errors like this:

FAIL: basic-min
Detail: chutney/tools/warnings.sh /home/travis/build/teor2345/tor/chutney/net/nodes.1571845015
Warning: Can't create/check datadirectory /home/travis/build/teor2345/tor/chutney/net/nodes/002r Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/000a/key-pinning-journal" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/001a/key-pinning-journal" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-certs": Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-consensus" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-descriptors" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-extrainfo" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-microdesc-consensus" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-microdescs" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/cached-microdescs.new": Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/unverified-consensus" for mmap(): Permission denied Number: 1
Warning: Could not open "/home/travis/build/teor2345/tor/chutney/net/nodes/003c/unverified-microdesc-consensus" for mmap(): Permission denied Number: 1
Warning: Directory /home/travis/build/teor2345/tor/chutney/net/nodes/002r cannot be read: Permission denied Number: 1
Warning: Error initializing keys; exiting Number: 1
Warning: Error loading key-pinning journal: Permission denied Number: 2

Child Tickets

TicketStatusOwnerSummaryComponent
#32242newTravis: Enable zstdCore Tor/Tor
#32630newChutney Travis: Make chutney work on Bionic imagesCore Tor/Tor
#32721needs_reviewteorAllow chutney users to disable tor's sandbox at runtimeCore Tor/Chutney
#32722newMake the seccomp sandbox work with Ubuntu Xenial and BionicCore Tor/Tor

Change History (9)

comment:1 Changed 2 weeks ago by teor

This might be as simple as setting CHUTNEY_NET_DIR to the build directory?

comment:2 Changed 2 weeks ago by teor

Summary: Travis: Make chutney work on Xenial and Bionic imagesTor Travis: Make chutney work on Xenial and Bionic images

comment:3 Changed 13 days ago by teor

This is the failing build:
https://travis-ci.org/teor2345/tor/builds/601798967

It appears that chutney may only fail when run in tor's CI, see #32630.

comment:5 Changed 3 days ago by teor

I checked the permissions on those directories, and they seemed fine. Here's what I'd like to try next:

  • try a different directory
  • disable the sandbox in the build, in chutney's torrcs, or just for this CI job
  • turn off mmap() to see if that's the issue

comment:6 Changed 2 days ago by teor

Cc: nickm added
Status: newneeds_information

It looks like it's the sandbox.

A --disable-seccomp build succeeds:
https://travis-ci.org/teor2345/tor/jobs/622543371?utm_medium=notification&utm_source=github_status

But a build with CHUTNEY_NET_DIR=/tmp fails:
https://travis-ci.org/teor2345/tor/jobs/622543706

Nick, do you want to turn off sandbox in master, upgrade chutney to bionic, and then merge the OpenSSL 1.1 PR?

Or do you want to try and debug the sandbox?

comment:7 Changed 2 days ago by nickm

IMO the right solution is to change the chutney default to Sandbox 0 for now, and try to debug the sandbox independently.

The sandbox issue is probably glibc-dependent, and those are hard to track down. If that's what's going on, we shouldn't let CI be broken because of it.

(Long-term, we should revise the sandbox code to depend less on syscall details, but that's a bigger project.)

comment:8 Changed 16 hours ago by teor

Once #32721 merges, we can fix this tor CI issue by:

  • setting CHUTNEY_TOR_SANDBOX=0 in the travis env vars
  • removing the travis image line from the chutney job

comment:9 Changed 16 hours ago by teor

Status: needs_informationnew
Note: See TracTickets for help on using tickets.