[Drone Cloud] Build failures with recent armhf containers


First of all, thanks for Drone and Drone Cloud! :slight_smile:

We have some issues building using recent armhf containers (e.g. Debian 11 Bullseye or Ubuntu 20.04 Focal), supposedly because the new containers try to use new syscalls the host doesn’t know about:

Unfortunately the solution involves upgrading the host itself:

To bring this back around to a close, this is an issue with the host, specifically either/both of not quite new enough Docker and/or not quite new enough libseccomp. Specifically:

  • Docker version 19.03.9 or newer
  • libseccomp version 2.4.2 or newer

The latter is probably newer than most host distribution’s stable channels have available, although in many cases available via alternative channels (such as Debian’s backports).

(via https:/ /github.com/debuerreotype/docker-debian-artifacts/issues/97#issuecomment-733088337)

The good news is that as far as I can see, the up-to-date libseccomp is available in Ubuntu 16.04 too (which I take is the one used on the armhf fleet).

I made a simple testcase, results are here: https:/ /cloud.drone.io/g7/drone-cloud-testcase/12

Current Debian stable and Ubuntu 18.04 work fine, while Debian testing and Ubuntu 20.04 don’t (apt fails at getting the time and thus fails validating the gpg signatures).

Apologies if this section is not the right one (and for messing with links, but otherwise Discourse wouldn’t send this message…)

Thanks in advance!

Same here…

See also: osrf/ubuntu_armhf:focal fails to run on native ARM hardware · Issue #38 · osrf/multiarch-docker-image-generation · GitHub and Seccomp blocks install of "libc6" in Ubuntu 20.04 "focal" image on armhf (arm32v7) · Issue #40734 · moby/moby · GitHub

Seems that this might be a question of updating the host software (?)

The correct solution would be to update the host, yes.

We workarounded that by patching glibc itself, but it would obviously be an issue if you rely on third party docker images.

Thanks for good input!

Yes, we are using 3-rd party images. I guess it would be possible to derive a new image from it, update glibc, push and eventually use the derived image for a transition time. Lot’s of work, but…

… for now we just use circleci instead, which allows for a complete VM and thus works around the problem