Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-35384

build issues caused by the new golang-1.22

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • rhel-8.9.0.z, rhel-9.5, rhel-10.0.beta
    • buildah
    • None
    • None
    • Impediment
    • None
    • 4
    • rhel-sst-container-tools
    • None

      It seems buildah-1.35.3 doesn't build in c10s/RHEL-10. The log is here:

      https://centos.softwarefactory-project.io/zuul/t/centos/build/3ab996be8879413d99d8826a1d31e53e

      The error I see is:
      >
      > DEBUG: vendor/github.com/mattn/go-sqlite3/sqlite3.go:85:1: warning:
      > ‘_sqlite3_exec’ defined but not used [-Wunused-function]
      >
      > ...which, bizarrely, means "you need to disable devmapper". At
      > least that's what it means in podman-land; I see "exclude_...devicemapper"
      > in the logs here, so I don't know how to solve it. But maybe that
      > gives you something to debug further?
      >
      > Ed
      >
      > >
      > > Golang build logs are generally unreadable but this one is excelling in
      > > that matter, I'm failing to see any reason why it fails from the log? Can
      > > you help?
      > >
      > > Thanks,
      > > Jindrich
      >
      > –
      > Ed Santiago [he/him] Toolsmith santiago@redhat.com
      >
      > –
      >
      > Jhon Honce
      > Manager, Software Engineering
      > jhonce@redhat.com T: 650.254.4379 M: 602.705.3953 IM: jhonce

      That exact debug message sent me down a metaphorical blind alley last
      week. The error that actually breaks the build is further up in the
      log: there's an undefined reference to crypto/ecdsa.HashSign(), which is
      expected to be present when containers/libtrust (which we have as a
      bundled dependency) is built with the "libtrust_openssl" tag, which is a
      tag that we conditionally enable in RHEL.

      The complication is that that particular symbol is something we patch in
      to the standard library in our Go packages, and we only do that
      sometimes. Or, we used to.

      I'm CCing Miloslav, who's probably had to stare at this exact problem
      for a bit longer than the rest of us have. I think the relevant
      discussion is at https://github.com/containers/skopeo/pull/2297#issuecomment-2059524991,
      but I don't have a good picture of what's happened since then.


      On Tue, Apr 30, 2024 at 06:09:05PM -0400, Nalin Dahyabhai wrote:
      > I think Derek's suggestion was literally to switch libtrust to calling
      > ecdsa.HashSignECDSA where it currently calls ecdsa.HashSign.

      Turns out it was more involved than that (the new symbol is not patched
      into the standard library), and I spent too much time yesterday trying
      to figure out why the unit tests were crashing when run with the
      not-FIPS-enabled version of the compiler in Fedora.

      Anyhow, https://github.com/containers/libtrust/pull/8 has an attempt at
      what I think we need.

      HTH,

      Nalin

              rhn-engineering-nalin Nalin Dahyabhai
              rhn-support-jnovy Jindrich Novy
              Kirill Kolyshkin
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: