meta-raspberrypi icon indicating copy to clipboard operation
meta-raspberrypi copied to clipboard
verified publisher icon agherzan

ci: Update build container images to Ubuntu 24.04

Open agherzan opened this issue 8 months ago • 4 comments

This fixes the latest Python version requirement.

agherzan avatar Apr 01 '25 22:04 agherzan

we might need to tweak the system apparmor policy see

https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056555

here is what worked for me on 24.04

   sudo tee /etc/apparmor.d/bitbake > /dev/null <<'EOF'
   abi <abi/4.0>,
   include <tunables/global>
   profile bitbake /**/bitbake/bin/bitbake flags=(unconfined) {
           userns,
   }
   EOF

then apply it

   # Reload AppArmor Profile
   sudo apparmor_parser -R /etc/apparmor.d/bitbake

Sometimes this may not be enough. Then do below it will compromise apparmor defaults a bit more.

   sudo apparmor_parser -R /etc/apparmor.d/unprivileged_userns

kraj avatar Apr 01 '25 22:04 kraj

@kraj It doesn't look like it broke due to AppArmor. What do you think of the logs?

agherzan avatar Apr 05 '25 21:04 agherzan

@kraj It doesn't look like it broke due to AppArmor. What do you think of the logs?

interesting, maybe your install does not enable it, but in anycase if thats not being flagged then I am ok with this patch

kraj avatar Apr 05 '25 21:04 kraj

@kraj It doesn't look like it broke due to AppArmor. What do you think of the logs?

We are not mounting any persistent directory inside the docker right ? since the UID has changed it might be an issue secondly, I usually use

umask 0022

and launch the docker with --ulimit "nofile=1024:1048576" to overcome file handle issues when building bigger components like chromium

kraj avatar Apr 18 '25 23:04 kraj

Partially superseeded by https://github.com/agherzan/meta-raspberrypi/pull/1458. An upgrade to 24.04 can be deferred for now.

agherzan avatar Aug 18 '25 08:08 agherzan