build-containers icon indicating copy to clipboard operation
build-containers copied to clipboard
verified publisher icon godotengine

podman build fails with "cp: cannot access '/root/files/mono-6.12.0.147': Permission denied"

Open hhyyrylainen opened this issue 4 years ago • 1 comments

Trying to run

./build.sh 3.x mono-6.12.0.147

fails for me in trying to build this container:

STEP 1/4: FROM godot-fedora:3.x-mono-6.12.0.147
STEP 2/4: ARG mono_version
--> 29b0f1a0983
STEP 3/4: RUN if [ -z "${mono_version}" ]; then echo -e "\n\nargument mono-version is mandatory!\n\n"; exit 1; fi &&     dnf -y install --setopt=install_weak_deps=False       autoconf automake cmake gcc gcc-c++ gettext libtool perl python-unversioned-command &&     cp -a /root/files/${mono_version} /root &&     cd /root/${mono_version} &&     NOCONFIGURE=1 ./autogen.sh &&     ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/lib/mono --disable-boehm --host=x86_64-linux-gnu &&     make -j &&     make install &&     cd /root &&     rm -rf /root/${mono_version} &&     cert-sync /etc/pki/tls/certs/ca-bundle.crt &&     rpm -ivh --nodeps       https://download.mono-project.com/repo/centos8-preview/m/msbuild/msbuild-16.10.1+xamarinxplat.2021.05.26.14.00-0.xamarin.7.epel8.noarch.rpm       https://download.mono-project.com/repo/centos8-preview/m/msbuild/msbuild-sdkresolver-16.10.1+xamarinxplat.2021.05.26.14.00-0.xamarin.7.epel8.noarch.rpm       https://download.mono-project.com/repo/centos8-preview/m/msbuild-libhostfxr/msbuild-libhostfxr-3.0.0.2019.04.16.02.13-0.xamarin.4.epel8.x86_64.rpm       https://download.mono-project.com/repo/centos8-preview/n/nuget/nuget-5.6.0.6489.bin-0.xamarin.1.epel8.noarch.rpm

The first few containers seem to build fine:

COMMIT godot-fedora:3.x-mono-6.12.0.147
COMMIT godot-export:3.x-mono-6.12.0.147

This one failing container then in turn seems to cause all the rest of the containers to fail to build:

STEP 1/4: FROM godot-mono:3.x-mono-6.12.0.147
Resolving "godot-mono" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull registry.fedoraproject.org/godot-mono:3.x-mono-6.12.0.147...
Trying to pull registry.access.redhat.com/godot-mono:3.x-mono-6.12.0.147...
Trying to pull docker.io/library/godot-mono:3.x-mono-6.12.0.147...
Trying to pull quay.io/godot-mono:3.x-mono-6.12.0.147...
Error: error creating build container: 4 errors occurred while pulling:
 * initializing source docker://registry.fedoraproject.org/godot-mono:3.x-mono-6.12.0.147: reading manifest 3.x-mono-6.12.0.147 in registry.fedoraproject.org/godot-mono: manifest unknown: manifest unknown
 * initializing source docker://registry.access.redhat.com/godot-mono:3.x-mono-6.12.0.147: reading manifest 3.x-mono-6.12.0.147 in registry.access.redhat.com/godot-mono: name unknown: Repo not found
 * initializing source docker://godot-mono:3.x-mono-6.12.0.147: reading manifest 3.x-mono-6.12.0.147 in docker.io/library/godot-mono: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

Entire build log: log.txt

This is on Fedora 34 host, and just freshly pulled in Fedora 34 docker image.

Edit: running with selinux disabled temporarily (sudo setenforce 0) seems to allow the containers to be built correctly. Fedora has selinux on by default (I think, at least I've never voluntarily followed a guide to enable it) so this repo should be updated to work with it, or explicit instructions should be included in the readme for disabling it.

hhyyrylainen avatar Nov 05 '21 13:11 hhyyrylainen

I confirm, I had a pull request to add a note for this #75, but it wasn't merged.

See also #74.

Something like this can help to notify users about SELinux:

if [ -f /etc/selinux/config ] && [ $(getenforce) == "Enforcing" ]; then
  echo "Cannot build with SELinux status set to Enforcing."
  echo "Please set SELinux status to Permissive with:"
  echo "    sudo setenforce 0"
  exit 1
fi

Xrayez avatar Nov 05 '21 14:11 Xrayez