cli
cli copied to clipboard
blue-build
Installation of an rpm from gitlab fails on DNS resolution error
Current Behavior
I am not able to install https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm, the build fails with:
g.i/t/workstaton:latest => Downloading https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm...failed
g.i/t/workstaton:latest => error: Handling argument https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm: error sending request for url (https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm): client error (Connect): dns error: failed to lookup address information: Temporary failure in name resolution: failed to lookup address information: Temporary failure in name resolution
Expected Behavior
Building works. On the same machine I can curl the file just well:
❯ curl -I https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm
HTTP/2 200
date: Wed, 26 Mar 2025 23:51:12 GMT
content-type: application/octet-stream
content-length: 1276259
cf-ray: 926a8dfc69d0246f-PRG
cf-cache-status: HIT
accept-ranges: bytes
age: 3
cache-control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
content-disposition: attachment
etag: "9dc1867bcb6e96cecd2db0c3d1affb17"
strict-transport-security: max-age=31536000
vary: Accept
content-security-policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/ https://gitlab.com/-/speedscope/index.html https://gitlab.com/-/sandbox/ 'self' https://gitlab.com/assets/ blob: data:; connect-src 'self' https://gitlab.com wss://gitlab.com https://sentry.gitlab.net https://new-sentry.gitlab.net https://customers.gitlab.com https://snowplow.trx.gitlab.net https://sourcegraph.com https://collector.prd-278964.gl-product-analytics.com snowplowprd.trx.gitlab.net; default-src 'self'; font-src 'self'; form-action 'self' https: http:; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.zuora.com/apps/PublicHostedPageLite.do https://gitlab.com/admin/ https://gitlab.com/assets/ https://gitlab.com/-/speedscope/index.html https://gitlab.com/-/sandbox/; img-src 'self' data: blob: http: https:; manifest-src 'self'; media-src 'self' data: blob: http: https:; object-src 'none'; report-uri https://new-sentry.gitlab.net/api/4/security/?sentry_key=f5573e26de8f4293b285e556c35dfd6e&sentry_environment=gprd; script-src 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ https://apis.google.com https://*.zuora.com/apps/PublicHostedPageLite.do 'nonce-oXC3UYpSY7ThNeG+6m/Omg=='; style-src 'self' 'unsafe-inline'; worker-src 'self' https://gitlab.com/assets/ blob: data:
gitlab-lb: haproxy-main-56-lb-gprd
gitlab-sv: web-gke-us-east1-c
permissions-policy: interest-cohort=()
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-gitlab-meta: {"correlation_id":"01JQABXPFNPH5XMGYFAFRZ30S3","version":"1"}
x-permitted-cross-domain-policies: none
x-request-id: 01JQABXPFNPH5XMGYFAFRZ30S3
x-runtime: 0.132015
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vZ4nqpCPftLm%2BhhyixSDklOJKCCDAPo2i7fBhNHG4XAuSwa6tw32US8HGoHs6ZoL0eI22mWo3UevrP62c1SDZYsHHsp06cjkukt41p8meDPvX0yEWUC%2BeZwHc21STNI0CFwR1BhrSHo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
set-cookie: _cfuvid=sGbEmM7jVCb.uEbwO9a2JHUNejtk6CTUm98vGVLxhcU-1743033072086-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
server: cloudflare
Additional context/Screenshots
I wanted to enable --network=host but no idea how to do it.
Possible Solution
N/A
Environment
- Blue Build Version: 0.9.8
- Operating system: Fedora 41.0.0
- Branch/Tag: (v0.9.8)
- Git Commit Hash: 6a5f54b2fd863c99ba599b7a9e36bced29cbb38f
Shell
- Name: bash
- Version: GNU bash, version 5.2.37(1)-release (x86_64-pc-linux-gnu) Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
- Terminal emulator:
Rust
- Rust Version: rustc 1.82.0 (f6e511eec 2024-10-15)
- Rust channel: release
- Build Time: 2025-02-12 19:16:40 +00:00
Recipe:
name: workstaton
description: Thrix's workstation
base_image: ghcr.io/ublue-os/sericea-main
image_version: latest
modules:
- type: rpm-ostree
install:
- fontawesome-fonts-all
- mate-polkit
- nautilus
- https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm
- https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
optfix:
- google
- smfp-common
- type: bling
install:
- rpmfusion
- '1password'
- type: files
files:
- source: system
destination: /
- type: script
snippets:
- update-ca-trust
- rm -f /usr/share/wireplumber/scripts/node/suspend-node.lua
- type: systemd
system:
enabled:
- systemd-timesyncd
mmkay, seems I am able to reproduce the problem directly via a generated containerfile:
⬢ [nix] ❯ bluebuild generate > Containerfile
podman buildINFO => Recipe ./recipes/recipe.yml is valid
INFO => Templating for recipe at ./recipes/recipe.yml
INFO => Retrieving OS version from ghcr.io/ublue-os/sericea-main:latest
workstation on move-to-blue-build [✘»!+?] took 7s
⬢ [nix] ❯ podman build -f Containerfile .
[1/4] STEP 1/2: FROM scratch AS stage-files
[1/4] STEP 2/2: COPY ./files /files
--> Using cache f2946a178d9668bbf9e9ca7e028cef3f9fa1f45252aedb748abf2a09300d532c
--> f2946a178d96
[2/4] STEP 1/3: FROM scratch AS stage-bins
[2/4] STEP 2/3: COPY --from=ghcr.io/sigstore/cosign/cosign:v2.4.2 /ko-app/cosign /bins/cosign
--> Using cache 68c79a4650eec5784849082e4ae90b59ced16d52a663dbf786e79b7e14ac5250
--> 68c79a4650ee
[2/4] STEP 3/3: COPY --from=ghcr.io/blue-build/cli:latest-installer /out/bluebuild /bins/bluebuild
--> Using cache d11226df3c2dea3f8c035898a9ac816d201b6d1a51fda2005215bd9a88edb32a
--> d11226df3c2d
[3/4] STEP 1/2: FROM scratch AS stage-keys
[3/4] STEP 2/2: COPY cosign.pub /keys/workstaton.pub
--> Using cache 51db4901b1da9419eba6583774f21a3e9479dcbfc1584e36c151e07a4a90cc41
--> 51db4901b1da
[4/4] STEP 1/25: FROM ghcr.io/ublue-os/sericea-main@sha256:bce60c243bcc152e7a8d96c6f0177f9eed2911d2a0d0cf52e400088dbfe30796 AS workstaton
[4/4] STEP 2/25: ARG RECIPE=./recipes/recipe.yml
--> Using cache 6001b0065ad9ed7f59cdb96bf4656a4c723d89b33dfae13e76a0a44b158e4d3b
--> 6001b0065ad9
[4/4] STEP 3/25: ARG IMAGE_REGISTRY=localhost
--> Using cache 4aa75dd00150da48701b23304faaa46b0ffdd4df3bc191793fa2a7b207c50ba2
--> 4aa75dd00150
[4/4] STEP 4/25: ARG CONFIG_DIRECTORY="/tmp/files"
--> Using cache f7a324b8c96981872d0757cc5af7b44226b5dea2e7a37ff501e93f40a994ce43
--> f7a324b8c969
[4/4] STEP 5/25: ARG MODULE_DIRECTORY="/tmp/modules"
--> Using cache da7ca7a9a5cf10a2b1d4f0d8a418b8dd42c030b12d2c47c5602e6c959c8dfa25
--> da7ca7a9a5cf
[4/4] STEP 6/25: ARG IMAGE_NAME="workstaton"
--> Using cache cd43afa8d0f7730fcc871641bb1278bf880ce1ea825eded415747dee6c673ce9
--> cd43afa8d0f7
[4/4] STEP 7/25: ARG BASE_IMAGE="ghcr.io/ublue-os/sericea-main"
--> Using cache 2357e852936f71d21f7b1893b3e557a80c3002a567424bbffaa92473f3d23f97
--> 2357e852936f
[4/4] STEP 8/25: RUN --mount=type=bind,from=stage-keys,src=/keys,dst=/tmp/keys mkdir -p /etc/pki/containers/ && cp /tmp/keys/* /etc/pki/containers/ && ostree container commit
--> 79f470feaadd
[4/4] STEP 9/25: RUN --mount=type=bind,from=stage-bins,src=/bins,dst=/tmp/bins mkdir -p /usr/bin/ && cp /tmp/bins/* /usr/bin/ && ostree container commit
--> b83d39ac25bc
[4/4] STEP 10/25: RUN --mount=type=bind,from=ghcr.io/blue-build/nushell-image:default,src=/nu,dst=/tmp/nu mkdir -p /usr/libexec/bluebuild/nu && cp -r /tmp/nu/* /usr/libexec/bluebuild/nu/ && ostree container commit
--> e1e4df7d4cc5
[4/4] STEP 11/25: RUN --mount=type=bind,from=ghcr.io/blue-build/cli/build-scripts:6a5f54b2fd863c99ba599b7a9e36bced29cbb38f,src=/scripts/,dst=/scripts/ /scripts/pre_build.sh
--> a740ae37ad9a
[4/4] STEP 12/25: RUN --mount=type=bind,from=stage-files,src=/files,dst=/tmp/files,rw --mount=type=bind,from=ghcr.io/blue-build/modules/rpm-ostree:latest,src=/modules,dst=/tmp/modules,rw --mount=type=bind,from=ghcr.io/blue-build/cli/build-scripts:6a5f54b2fd863c99ba599b7a9e36bced29cbb38f,src=/scripts/,dst=/tmp/scripts/ --mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-workstaton-latest,sharing=locked --mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-workstaton-latest,sharing=locked /tmp/scripts/run_module.sh 'rpm-ostree' '{"type":"rpm-ostree","install":["fontawesome-fonts-all","mate-polkit","nautilus","https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm","https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm"],"optfix":["google","smfp-common"]}'
========================== Start 'rpm-ostree' Module ==========================
Created symlink '/etc/systemd/system/default.target.wants/bluebuild-optfix.service' → '/etc/systemd/system/bluebuild-optfix.service'.
Creating symlinks to fix packages that install to /opt
Created symlinks for google
Created symlinks for smfp-common
Installing RPMs
Installing: fontawesome-fonts-all mate-polkit nautilus
Installing package(s) directly from URL: https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
Downloading https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm...failed
error: Handling argument https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm: error sending request for url (https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm): client error (Connect): dns error: failed to lookup address information: Temporary failure in name resolution: failed to lookup address information: Temporary failure in name resolution
========================== Failed 'rpm-ostree' Module ==========================
Error: building at STEP "RUN --mount=type=bind,from=stage-files,src=/files,dst=/tmp/files,rw --mount=type=bind,from=ghcr.io/blue-build/modules/rpm-ostree:latest,src=/modules,dst=/tmp/modules,rw --mount=type=bind,from=ghcr.io/blue-build/cli/build-scripts:6a5f54b2fd863c99ba599b7a9e36bced29cbb38f,src=/scripts/,dst=/tmp/scripts/ --mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-workstaton-latest,sharing=locked --mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-workstaton-latest,sharing=locked /tmp/scripts/run_module.sh 'rpm-ostree' '{"type":"rpm-ostree","install":["fontawesome-fonts-all","mate-polkit","nautilus","https://gitlab.com/mvadkert/xerox-3020/-/raw/main/xerox-3020-1.0.0-1.x86_64.rpm","https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm"],"optfix":["google","smfp-common"]}'": while running runtime: exit status 1
with --network=host it just works. Is there a possibility to force host networking when using blue-build ?
mmkay this stinks:
⬢ [nix] ❯ podman run --rm -it ghcr.io/ublue-os/sericea-main@sha256:bce60c243bcc152e7a8d96c6f0177f9eed2911d2a0d0cf52e400088dbfe30796 curl -I gitlab.com
curl: (6) Could not resolve host: gitlab.com
workstation on move-to-blue-build [✘»!+?]
⬢ [nix] ❯ podman run --rm -it ghcr.io/ublue-os/sericea-main@sha256:bce60c243bcc152e7a8d96c6f0177f9eed2911d2a0d0cf52e400088dbfe30796 cat /etc/resolv.conf
search localdomain
nameserver 169.254.1.1
nameserver 192.168.1.1
ok, I guess nothing to do with blue-build anyway:
⬢ [nix] ❯ podman run --rm -it quay.io/fedora/fedora-sway-atomic cat /etc/resolv.conf
search localdomain
nameserver 169.254.1.1
nameserver 192.168.1.1
workstation on move-to-blue-build [✘»!+?]
⬢ [nix] ❯ podman run --rm -it --network=host quay.io/fedora/fedora-sway-atomic cat /etc/resolv.conf
search localdomain
nameserver 127.0.0.53
options edns0 trust-ad
That is my problem