temurin-build
temurin-build copied to clipboard
adoptium
making build -D working with podman
This is resolving the small differences between podman and docker. In systems with both, it allows to select the concrete one.
Currenlty the build fails in the mk-ca-bundle.pl - https://github.com/adoptium/temurin-build/blob/master/security/mk-ca-bundle.pl#L615 . It prints just "Couldn't open file: " Can somebody please uncover a bit of mysteries of this file, especially around line 615?
moved on a bit
Completed configuring the version string parameter, config args are now: --with-vendor-name="Undefined Vendor" --with-vendor-url=file:///dev/null --with-vendor-bug-url=file:///dev/null --with-vendor-vm-bug-url=file:///dev/null --with-version-opt=202405091629 --with-version-pre=beta --with-version-build=2 --with-boot-jdk=/usr/lib/jvm/jdk11 --with-debug-level=release --with-native-debug-symbols=none --enable-ccache --with-alsa=/home/jvanek/git/temurin-build/workspace/./build//installedalsa --with-jvm-variants=server --with-cacerts-file=/openjdk/sbin/../security/cacerts --with-freetype=bundled --with-zlib=bundled
Configuring command and using the pre-built config params...
Should be in the openjdk build root directory, I'm at /home/jvanek/git/temurin-build/workspace/build/src
Currently at '/home/jvanek/git/temurin-build/workspace/build/src'
Running /home/jvanek/git/temurin-build/workspace/./build//src/configure with arguments 'bash /home/jvanek/git/temurin-build/workspace/./build//src/configure --verbose --with-vendor-name="Undefined Vendor" --with-vendor-url=file:///dev/null --with-vendor-bug-url=file:///dev/null --with-vendor-vm-bug-url=file:///dev/null --with-version-opt=202405091629 --with-version-pre=beta --with-version-build=2 --with-boot-jdk=/usr/lib/jvm/jdk11 --with-debug-level=release --with-native-debug-symbols=none --enable-ccache --with-alsa=/home/jvanek/git/temurin-build/workspace/./build//installedalsa --with-jvm-variants=server --with-cacerts-file=/openjdk/sbin/../security/cacerts --with-freetype=bundled --with-zlib=bundled'
/openjdk/sbin/build.sh: line 691: /home/jvanek/git/temurin-build/workspace/config/configure-and-build.sh: No such file or directory
Not sure what is going there on, because configure-and-build.sh is nowhere in container nor in the original FS.
Configuring command and using the pre-built config params...
/openjdk/sbin/build.sh: line 620: cd: /home/jvanek/git/temurin-build/workspace/./build//src: No such file or directory
It seems I'm on wrong track/
Configuring command and using the pre-built config params... /openjdk/sbin/build.sh: line 620: cd: /home/jvanek/git/temurin-build/workspace/./build//src: No such file or directoryIt seems I'm on wrong track/
@sxa hi!
Sorry for dummy question, but I have to be missing something. The docket build scripts, as I read it, nowhere clone/copy/mount the jdk sources. Do you recall how it was designed to obtain them? (the -l would need some if there, thats not part of this question) Thanx!
I added few more dirs.. but that is getting back to my weeird question;
./makejdk-any-platform.sh -c --podman jdk21u
...
Completed configuring the version string parameter, config args are now: --with-vendor-name="Undefined Vendor" --with-vendor-url=file:///dev/null --with-vendor-bug-url=file:///dev/null --with-vendor-vm-bug-url=file:///dev/null --with-version-opt=202405151419 --with-version-pre=beta
Building up the configure command...
Adjust configure for reproducible build
Configuring jvm variants if provided
Configure custom cacerts src security/certs
setting freetype dir to bundled
Completed configuring the version string parameter, config args are now: --with-vendor-name="Undefined Vendor" --with-vendor-url=file:///dev/null --with-vendor-bug-url=file:///dev/null --with-vendor-vm-bug-url=file:///dev/null --with-version-opt=202405151419 --with-version-pre=beta --with-boot-jdk=/usr/lib/jvm/jdk20 --with-debug-level=release --with-native-debug-symbols=none --with-alsa=/home/jvanek/git/temurin-build/workspace/./build//installedalsa --with-source-date=1715782781 --with-hotspot-build-time='2024-05-15 14:19:41' --disable-ccache --with-build-user=admin --with-extra-cflags='-fdebug-prefix-map=/home/jvanek/git/temurin-build/workspace/build/src/build/linux-x86_64-server-release/=' --with-extra-cxxflags='-fdebug-prefix-map=/home/jvanek/git/temurin-build/workspace/build/src/build/linux-x86_64-server-release/=' --with-jvm-variants=server --with-cacerts-src=/openjdk/sbin/../security/certs --with-freetype=bundled --with-zlib=bundled
Configuring command and using the pre-built config params...
Should be in the openjdk build root directory, I'm at /home/jvanek/git/temurin-build/workspace/build/src
Currently at '/home/jvanek/git/temurin-build/workspace/build/src'
Skipping configure because we're assembling an exploded image
Should be in the openjdk build root directory, I'm at /home/jvanek/git/temurin-build/workspace/build/src
Currently at '/home/jvanek/git/temurin-build/workspace/build/src'
Skipping configure because we're assembling an exploded image
make: *** No targets specified and no makefile found. Stop.
OpenJDK make failed, archiving make failed logs
/openjdk/sbin/build.sh: line 781: cd: build/*: No such file or directory
Archiving and compressing with gzip
real 0m0.006s
user 0m0.003s
sys 0m0.003s
Your archive was created as /home/jvanek/git/temurin-build/workspace/build/src/OpenJDK.tar.gz
Moving the artifact to location /home/jvanek/git/temurin-build/workspace/target//OpenJDK-makefailurelogs.tar.gz
archive done.
Failed to make the JDK, exiting
That it do not obtains sources...
Just a nit, exceptnot working, this PR is doing its job. Now both podman and docker are working/failing the same. Only the wrapper do not work as expected. Maybe for pretty long time. I may try to contineu, but I need to knwo if there is any interest in that.
@sxa @andrew-m-leonard @karianna
Skipping: Telekom Security SMIME ECC Root 2021
Parsing: Telekom Security TLS ECC Root 2020
Skipping: Telekom Security SMIME RSA Root 2023
Parsing: Telekom Security TLS RSA Root 2023
Done (147 CA certs processed, 24 skipped).
mk-ca-bundle.pl generates 147 certificates
Subject: CN=GlobalSign_Root_CA,OU=Root_CA,O=GlobalSign_nv-sa,C=BE
Generated alias: CN=GlobalSign_Root_CA,OU=Root_CA,O=GlobalSign_nv-sa,C=BE
Renaming certs/cert.crt to certs/cn_globalsign_root_ca,ou_root_ca,o_globalsign_nvsa,c_be
ERROR: Certificate alias file already exists certs/cn_globalsign_root_ca,ou_root_ca,o_globalsign_nvsa,c_be
security/mk-cacerts.sh needs ALIAS_FILENAME filter updating to make unique
Any idea?
Just a nit, exceptnot working, this PR is doing its job. Now both podman and docker are working/failing the same. Only the wrapper do not work as expected. Maybe for pretty long time. I may try to contineu, but I need to knwo if there is any interest in that.
I think it's useful to have that operational (especially since we mention this in the top level README.md in this repository), although perhaps we should just direct people to our docker images, such as adoptopenjdk/centos7_build_image now. I do feel that it's "nicer" to have a separate dockerfile, but I'm not sure how many people are trying to use it, and we haven't been actively keeping it tested and updated with anything that's needed.
Pls, note https://github.com/adoptium/temurin-build/issues/3855 for my continuous thoughts flow. If there is any better place where to put podman and fedora/rhel support, let me know.
Pls, note #3855 for my continuous thoughts flow. If there is any better place where to put podman and fedora/rhel support, let me know.
NO better suggestions - that issue LGTM.
Note for myself for tomorrow:
diff --git a/sbin/common/common.sh b/sbin/common/common.sh
index 6f544a8..c559944 100755
--- a/sbin/common/common.sh
+++ b/sbin/common/common.sh
@@ -233,7 +233,7 @@ createOpenJDKArchive()
function setBootJdk() {
# Stops setting the bootJDK on the host machine when running docker-build
- if [ "${BUILD_CONFIG[DOCKER]}" != "docker" ] || { [ "${BUILD_CONFIG[DOCKER]}" == "docker" ] && [ "${BUILD_CONFIG[DOCKER_FILE_PATH]}" != "" ]; } ; then
+ if [ "${BUILD_CONFIG[DOCKER]}" != "docker" -a "${BUILD_CONFIG[DOCKER]}" != "sudo docker" ] || { [ "${BUILD_CONFIG[DOCKER]}" == "docker" ] && [ "${BUILD_CONFIG[DOCKER_FILE_PATH]}" != "" ]; } ; then
if [ -z "${BUILD_CONFIG[JDK_BOOT_DIR]}" ] ; then
echo "Searching for JDK_BOOT_DIR"
Is missing ot make docker "pass" to die on
Skipping: Telekom Security SMIME RSA Root 2023
Parsing: Telekom Security TLS RSA Root 2023
Done (147 CA certs processed, 24 skipped).
Couldn't open file: No such file or directory at ./mk-ca-bundle.pl line 615.
Which was also resolve din this PR. I keep forgetting to add that condition. (as it changed in this pr)
both
sh makejdk-any-platform.sh -c --sudo --docker jdk21u
sh makejdk-any-platform.sh -c --custom-cacerts --podman jdk21u
are now passing on my docker (first) and podman (second) fedora40 vm \o/
Ok to rename and merge?-)
are now passing on my docker (first) and podman (second) fedora40 vm \o/
Ok to rename and merge?-)
Given that the naming was the only thing that Andrew had an issue with, I would say "yes" :-)
both
sh makejdk-any-platform.sh -c --sudo --docker jdk21u sh makejdk-any-platform.sh -c --custom-cacerts --podman jdk21uare now passing on my docker (first) and podman (second) fedora40 vm \o/
Ok to rename and merge?-)
Given that the naming was the only thing that Andrew had an issue with, I would say "yes" :-)
Thanx! Befor acting, highlighting: need of --custom-cacerts with podman is definitly making sme hidden issue visible. I hjad not yet figured why https://github.com/adoptium/temurin-build/pull/3796#issuecomment-2129582870 happens/ The --custom-cacerts is workarounding it, and it do not occure with docker.
Are we ok with CONTAINER_COMMAND/CONTAINER_AS_ROOT ?
BUILD_CONFIG[USE_DOCKER]-> BUILD_CONFIG[CONTAINER_COMMAND]
BUILD_CONFIG[DOCKER] -> BUILD_CONFIG[CONTAINER_AS_ROOT]
From https://github.com/adoptium/temurin-build/blob/27b8c5ce58ae74d2343866ef63d28262ce83b4b5/sbin/common/config_init.sh: BUILD_CONFIG[USE_DOCKER] values: false, podman, docker BUILD_CONFIG[DOCKER] values: sudo,empty string
I sometimes think, that correct naming of variables is depest view to programmers soul....
Thanx! Befor acting, highlighting: need of
--custom-cacertswith podman is definitly making sme hidden issue visible. I hjad not yet figured why #3796 (comment) happens/ The--custom-cacertsis workarounding it, and it do not occure with docker.
Hmmm are you saying that the ERROR: Certificate alias file already exists error only occurs when using podman and not docker? That seems very strange.
Are we ok with
CONTAINER_COMMAND/CONTAINER_AS_ROOT?
SGTM :-)
Thanx! Befor acting, highlighting: need of
--custom-cacertswith podman is definitly making sme hidden issue visible. I hjad not yet figured why #3796 (comment) happens/ The--custom-cacertsis workarounding it, and it do not occure with docker.Hmmm are you saying that the
ERROR: Certificate alias file already existserror only occurs when using podman and not docker? That seems very strange.
Yes:( I burned quite a few calories on that. it may be I openef to much shared folders, and some check is leaking from container. But to now, no luck. https://github.com/adoptium/temurin-build/pull/3796/files#diff-b59ca5f840d90f5199bdd3c8208d27d871445ceffa1ea59bf72a31bebd1bab44R83 and https://github.com/adoptium/temurin-build/pull/3796/files#diff-b59ca5f840d90f5199bdd3c8208d27d871445ceffa1ea59bf72a31bebd1bab44R234
i will try one more time once I'm back, but it may end with issue an fix later. Ok?
Are we ok with
CONTAINER_COMMAND/CONTAINER_AS_ROOT?SGTM :-)
ty!
Podman build (sh makejdk-any-platform.sh -c --custom-cacerts --podman jdk21u ) passed. Now trying 8, looks fine too.
Pure poor docker still runs (vm in vm in vm) But it is deep in build already.
Podman build (
sh makejdk-any-platform.sh -c --custom-cacerts --podman jdk21u) passed. Now trying 8, looks fine too. Pure poor docker still runs (vm in vm in vm) But it is deep in build already.
Also docker buld passed. Now trtying 8u too
hm. Both jdk8u builds failed in free type.
Podman, free type build passed, jdk configure:
configure: Found freetype include files at /home/jvanek/git/temurin-build/workspace/./build//installedfreetype/include using --with-freetype
checking for freetype includes... /home/jvanek/git/temurin-build/workspace/build/installedfreetype/include
checking for freetype libraries... /home/jvanek/git/temurin-build/workspace/build/installedfreetype/lib
checking if we can compile and link with freetype... no
configure: Could not compile and link with freetype. This might be a 32/64-bit mismatch.
configure: Using FREETYPE_CFLAGS=-I/home/jvanek/git/temurin-build/workspace/build/installedfreetype/include/freetype2 -I/home/jvanek/git/temurin-build/workspace/build/installedfreetype/include and FREETYPE_LIBS=-L/home/jvanek/git/temurin-build/workspace/build/installedfreetype/lib -lfreetype
configure: error: Can not continue without freetype. You might be able to fix this by running 'sudo yum install freetype-devel'.
No configurations found for /home/jvanek/git/temurin-build/workspace/build/src/! Please run configure to create a configuration.
Makefile:55: *** Cannot continue. Stop.
docker, cionfigure of freetype fails:
Cloning into 'freetype'...
Note: checking out '86bc8a95056c97a810986434a3f268cbe67f2902'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b <new-branch-name>
HEAD is now at 86bc8a950 * Version 2.9.1 released. =========================
./autogen.sh: line 102: aclocal: command not found
./autogen.sh: line 55: test: 1: unary operator expected
./autogen.sh: line 59: test: 1: unary operator expected
./autogen.sh: line 67: test: 10: unary operator expected
./autogen.sh: line 71: test: 10: unary operator expected
./autogen.sh: line 102: libtoolize: command not found
./autogen.sh: line 55: test: 2: unary operator expected
./autogen.sh: line 59: test: 2: unary operator expected
./autogen.sh: line 67: test: 2: unary operator expected
./autogen.sh: line 71: test: 2: unary operator expected
generating `configure.ac'
running `aclocal -I . --force'
./autogen.sh: line 15: aclocal: command not found
error while running `aclocal -I . --force'
However it seems, this happens also on master (verified). So the changeset seesm to not be guilty. The only "what?" is different failure in docker/podman.
test: 1: unary operator expected
Hmmm was that using the same OS image between podman and docker? That error looks to me like it was run with a bourne shell instead of base (for example Ubuntu's default sh which typically points to dash)
Indeed. I had not lookled into it more, as it fails both before and aftr this PR the same. But It remains on my todo: https://github.com/adoptium/temurin-build/issues/3863
Thanx! Befor acting, highlighting: need of
--custom-cacertswith podman is definitly making sme hidden issue visible. I hjad not yet figured why #3796 (comment) happens/ The--custom-cacertsis workarounding it, and it do not occure with docker.Hmmm are you saying that the
ERROR: Certificate alias file already existserror only occurs when using podman and not docker? That seems very strange.
Gosh. While trying all othjer jdks (11-22) where they all passed (both with cloning and with -l ) over night, I realised I forget to add --custom-cacerts to the cmdline... and they all passed.....