Bug #16868: Upgrade Vagrant box to Buster

Bug #16868

Upgrade Vagrant box to Buster

Added by intrigeri 2019-07-09 11:57:30 . Updated 2019-11-18 13:44:19 .

Status:

Resolved

Priority:

High

Assignee:

Category:

Build system

Target version:

Tails_4.1

Start date:

Due date:

% Done:

100%

Feature Branch:

feature/16868-buster-vagrant-box+force-all-tests

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Subtasks

Related issues

Related to Tails - ~~Bug #17005~~: Upgrade to po4a 0.55 in Tails itself, in the Vagrant build box, on {translate,www}.lizard, and on RM's systems	Resolved
Blocks Tails - Feature #16209: Core work: Foundations Team	Confirmed
Blocks Tails - ~~Feature #17165~~: Stop taking time-based APT snapshots of Stretch	Resolved

History

#1 Updated by intrigeri 2019-07-09 11:57:43

blocks Feature #16209: Core work: Foundations Team added

#2 Updated by intrigeri 2019-07-09 11:58:08

Feature Branch set to feature/16868-buster-vagrant-box

#3 Updated by intrigeri 2019-08-10 12:18:54

Category set to Build system
Status changed from In Progress to Confirmed
Assignee deleted (~~intrigeri~~)
Target version deleted (~~Tails_4.0~~)

The build aborts after debootstrap, which seems to be successful (judging from the output) but probably returned a non-zero exit code; or for some other reason the next step live-build does fails.

I don’t recall exactly why I started working on this. IIRC I was hoping this would solve another problem, such as the version mismatch issues we had with create-usb-image-from-iso. Anyway, I see no immediate need to finish this work ATM. Let’s come back to it whenever we have a good reason to.

#4 Updated by intrigeri 2019-08-11 22:03:45

Feature Branch changed from feature/16868-buster-vagrant-box to wip/feature/16868-buster-vagrant-box

#5 Updated by intrigeri 2019-10-19 06:10:59

blocks ~~Feature #17165~~: Stop taking time-based APT snapshots of Stretch added

#6 Updated by intrigeri 2019-10-19 06:15:56

intrigeri wrote:
> Anyway, I see no immediate need to finish this work ATM. Let’s come back to it whenever we have a good reason to.

Feature #17165 gives us a good reason to finish this work: our time-based APT snapshots have grown to an unprecedented size and it would be sweet if we could remove the last user of the Stretch ones, that is: our Vagrant box.

#7 Updated by intrigeri 2019-10-19 08:16:13

Status changed from Confirmed to In Progress

Applied in changeset commit:tails|2dcbbca5f35ae664e98c3bbb3a0a010553674785.

#8 Updated by intrigeri 2019-10-19 08:19:19

Status changed from In Progress to Needs Validation
Assignee set to intrigeri
Target version set to Tails_4.0
Feature Branch changed from wip/feature/16868-buster-vagrant-box to feature/16868-buster-vagrant-box+force-all-tests

Good news! I understood and fixed the problem that blocked me last time.

Next step: diffoscope images built with Buster vs. Stretch Vagrant boxes. If they’re identical or differ only in expected ways, this should be a no-brainer and we could merge this in time for zen and I to do ~~Feature #17165~~ on Oct 24.

#9 Updated by intrigeri 2019-10-19 11:47:37

Status changed from Needs Validation to In Progress

Applied in changeset commit:tails|79b987e9ba0f9efd7a3509e505125ffd7f1f2fe5.

#10 Updated by intrigeri 2019-10-19 11:49:41

Status changed from In Progress to Needs Validation

(I need to test reproducible builds.)

#11 Updated by intrigeri 2019-10-19 12:56:40

related to ~~Bug #17005~~: Upgrade to po4a 0.55 in Tails itself, in the Vagrant build box, on {translate,www}.lizard, and on RM's systems added

#12 Updated by intrigeri 2019-10-19 14:19:05

diffoscope’ing the ISO, here’s the list of not-entirely-expected differences in the SquashFS (diffoscope spotted no differences outside of it):

/dev/console was added to the SquashFS → seems harmless
some tails.mo files differ; msgunfmt says that it’s because POT-Creation-Date got removed → OK, fine
most translated pages in the included version of our website differ due to different versions of po4a → I’ve got a fix locally and need to wait for the next time-based snapshot of our custom APT repo to be taken, in a few hours, before I can test it
order or <script> stuff in the generated website differs, probably due to ikiwiki being updated → looks harmless

I’ve tried diffoscope’ing the USB images but “interestingly”, diffoscope (v113 and v126) does not manage to do any better than a byte-for-byte comparison with xxd, whose output is not terribly useful. That’s weird: IIRC it used to do better than this. Anyway, the only difference between our ISO and USB image should be the MBR, partition table, and FAT32 partition, which I can compare manually, so I’ll do that.

#13 Updated by intrigeri 2019-10-19 14:48:34

Priority changed from Normal to Elevated
Target version changed from Tails_4.0 to Tails_4.1

I see some syslinux-related differences between the USB images. I suspect that the changes we did in ~~Bug #16748~~ were incomplete: for example, even if we run chroot/usr/bin/syslinux, that binary will probably look for its data files (MBR and such) in / and not in chroot/, so there’s a change that we were still mixing up bits of Stretch (from the Vagrant box) with bits from Buster (from the chroot). If my hunch is right, then:

Short-term, upgrading the Vagrant box to Buster will fix this discrepancy, which is good and might fix some boot issues; OTOH it’s probably too late to merge this into 4.0, so ideally we would merge this immediately after the 4.0 release, to unblock sysadmins on ~~Feature #17165~~ ⇒ adjusting target version & priority accordingly.
Longer-term, instead of chroot/usr/bin/syslinux, we should probably run chroot chroot /usr/bin/syslinux, to ensure this binary only uses files that are in the chroot, with a matching version; this may require bind-mounting some stuff in the chroot first.

@segfault, does this make sense to you? If it does, I’ll file a ticket for that chroot/syslinux thing, unless you beat me to it.

Next (and hopefully last) things to do before I ask a review:

once po4a has reached our time-based APT snapshots: bump the corresponding snapshot used by the Vagrant build box, make it expire in a long while, and test my commit that installs that version of po4a: it should get rid of the differences in the translated pages of the included website, between testing and this branch → it does
~~test images on various bare metal machines~~ → boots fine on ThinkPad X200 (legacy BIOS) and HP EliteBook 840G1 (UEFI)
~~check test suite results (the build reproducibility check already passes)~~ → I’ve seen a full test suite run pass locally

#14 Updated by intrigeri 2019-10-20 14:32:22

Status changed from Needs Validation to In Progress

Applied in changeset commit:tails|75c1f2976f3f00c3beacd284aaef05472bb962b9.

#15 Updated by intrigeri 2019-10-20 15:21:12

Status changed from In Progress to Needs Validation
Priority changed from Elevated to High

(Due to the disk space situation.)

#16 Updated by intrigeri 2019-10-20 15:29:37

Assignee deleted (~~intrigeri~~)

#17 Updated by anonym 2019-10-23 14:31:45

Assignee set to anonym

#18 Updated by anonym 2019-10-23 15:06:53

Status changed from Needs Validation to Fix committed
% Done changed from 0 to 100

Applied in changeset commit:tails|82a68b7b9b897d80c028b5189fe730995fa5965f.

#19 Updated by anonym 2019-10-23 15:07:34

Assignee deleted (~~anonym~~)

Code looks great! Jenkins’ automated tests as well as my manual tests too! Merged!

intrigeri wrote:
> I see some syslinux-related differences between the USB images. I suspect that the changes we did in ~~Bug #16748~~ were incomplete: for example, even if we run chroot/usr/bin/syslinux, that binary will probably look for its data files (MBR and such) in / and not in chroot/, so there’s a change that we were still mixing up bits of Stretch (from the Vagrant box) with bits from Buster (from the chroot)

I initially wanted the chroot approach so I’m totally on board with this!

> If my hunch is right, then:

To verify this I guess we could just run the same commands under strace or similar to see which files are accessed.

> * Short-term, upgrading the Vagrant box to Buster will fix this discrepancy, which is good and might fix some boot issues; OTOH it’s probably too late to merge this into 4.0, so ideally we would merge this immediately after the 4.0 release, to unblock sysadmins on ~~Feature #17165~~ ⇒ adjusting target version & priority accordingly.

This is now done!

> * Longer-term, instead of chroot/usr/bin/syslinux, we should probably run chroot chroot /usr/bin/syslinux, to ensure this binary only uses files that are in the chroot, with a matching version; this may require bind-mounting some stuff in the chroot first.
>
> segfault, does this make sense to you? If it does, I’ll file a ticket for that chroot/syslinux thing, unless you beat me to it.

Filed as ~~Bug #17179~~.

#20 Updated by intrigeri 2019-11-18 13:44:19

Status changed from Fix committed to Resolved