Give a pointer to solution if bubblewrap runner cannot use user names…

…pace. Users of melange on ubuntu will have issues on their first attempt to use melange as a result of 24.04 changes to availability of user namespaces. Before this change is applied, an attempt to 'make package/foo' in wolfi-dev/os would result in error messages like this: bwrap: setting up uid map: Permission denied ERROR: failed to build package. the build environment has been preserved: workspace dir: /tmp/melange-workspace-4104388352 guest dir: /tmp/melange-guest-1722197694 failed to build package: unable to start pod: exit status 1 It doesn't give the user much info on how to fix. This change turns that failure to look like: ERRO failed to build package: unable to start pod: Unable to execute 'bwrap --unshare-user true'. Command failed with: bwrap: setting up uid map: Permission denied See #1508 for fix See #1508 Signed-off-by: Scott Moser <smoser@brickies.net>
chainguard-dev · Nov 8, 2024 · b796b80 · b796b80
1 parent c072b03
commit b796b80
Showing 1 changed file with 35 additions and 2 deletions.
diff --git a/pkg/container/bubblewrap_runner.go b/pkg/container/bubblewrap_runner.go
@@ -16,6 +16,7 @@ package container
 
 import (
 	"archive/tar"
+	"bytes"
 	"context"
 	"fmt"
 	"io"
@@ -40,12 +41,13 @@ const (
 )
 
 type bubblewrap struct {
-	remove bool // if true, clean up temp dirs on close.
+	remove         bool // if true, clean up temp dirs on close.
+	canUnshareUser int
 }
 
 // BubblewrapRunner returns a Bubblewrap Runner implementation.
 func BubblewrapRunner(remove bool) Runner {
-	return &bubblewrap{remove: remove}
+	return &bubblewrap{remove: remove, canUnshareUser: -1}
 }
 
 func (bw *bubblewrap) Close() error {
@@ -72,6 +74,32 @@ func (bw *bubblewrap) Run(ctx context.Context, cfg *Config, envOverride map[stri
 	return execCmd.Run()
 }
 
+func (bw *bubblewrap) assertUnshareUser(ctx context.Context) error {
+	if bw.canUnshareUser >= 0 {
+		return nil
+	}
+	execCmd := exec.CommandContext(ctx, "bwrap", "--unshare-user", "true")
+	execCmd.Env = append(os.Environ(), "LANG=C")
+	out, err := execCmd.CombinedOutput()
+	if err == nil {
+		bw.canUnshareUser = 1
+		return nil
+	}
+
+	bw.canUnshareUser = 0
+	if !bytes.Contains(out, []byte("setting up uid map")) {
+		return nil
+	}
+
+	return fmt.Errorf("%s\n",
+		strings.Join([]string{
+			"Unable to execute 'bwrap --unshare-user true'.",
+			"Command failed with: ",
+			"  " + string(out),
+			"See https://github.com/chainguard-dev/melange/issues/1508 for fix",
+		}, "\n"))
+}
+
 func (bw *bubblewrap) cmd(ctx context.Context, cfg *Config, debug bool, envOverride map[string]string, args ...string) *exec.Cmd {
 	baseargs := []string{}
 
@@ -130,6 +158,7 @@ func (bw *bubblewrap) cmd(ctx context.Context, cfg *Config, debug bool, envOverr
 }
 
 func (bw *bubblewrap) Debug(ctx context.Context, cfg *Config, envOverride map[string]string, args ...string) error {
+
 	execCmd := bw.cmd(ctx, cfg, true, envOverride, args...)
 
 	execCmd.Stdout = os.Stdout
@@ -167,6 +196,10 @@ func (bw *bubblewrap) StartPod(ctx context.Context, cfg *Config) error {
 	ctx, span := otel.Tracer("melange").Start(ctx, "bubblewrap.StartPod")
 	defer span.End()
 
+	if err := bw.assertUnshareUser(ctx); err != nil {
+		return err
+	}
+
 	script := "[ -x /sbin/ldconfig ] && /sbin/ldconfig /lib || true"
 	return bw.Run(ctx, cfg, nil, "/bin/sh", "-c", script)
 }