After reading the comments from this bug and the upstream discussions, I
tried to find an approach which would minimize the size of the patch we
would need to carry. I tested the following scenarios:

1) There is a docker upstream PR where tianon is trying to backport the
fix to the 20.10 branch (the one we currently have in the archive),
during the discussion, one of the upstream maintainers mentioned we
might need just a newer version of runc to fix the issue:

https://github.com/moby/moby/pull/42836#issuecomment-916422920

After inspecting the runc git repo I found the following commit which
seems to address the issue:

https://github.com/opencontainers/runc/commit/960182fdf03d99eb848c111ae791

I did backport this patch to the current runc package we have in Impish
and tried to run the test case @athos-ribeiro provided in comment #2,
using the docker.io package from the archive. But it did not work, the
failure was still reproducible.

2) Since in the comment of the docker upstream maintainer he said we
could need runc version 1.0.2 (in Impish we have 1.0.1), I imported this
new version to our runc package and ran the same test case using
docker.io from the archive. The issue was still there.

3) I kept the runc/1.0.2 installed in my VM and added tianon's patch
backporting the fix to the docker.io package:

https://github.com/moby/moby/pull/42836/files

With the patched docker.io and runc/1.0.2 I was still able to reproduce
the issue.

4) I removed all the custom packages from my VM and built the source
package present in the PPA @juliank linked in comment #9 targeting
Impish, and finally got the issue fixed (as others already mentioned).
However, I am not happy in adding a patch with 1800+ lines containing a
bunch of refactoring, the fix itself is less than 80 lines. I'd prefer
to wait until the PR backporting the fix is merged:

https://github.com/moby/moby/pull/42836


For libpod, Sergio helped me to investigate this issue and he noticed that in 
Fedora (with glibc 2.34) it is working fine. There we can find a newer version 
of it compared to what we have in Ubuntu. I did some investigation in its 
upstream git repo and I did not find any specific patch addressing this issue 
to backport. The other option would be to update libpod to the Fedora's version 
but then it'd likely require the update of some dependencies. I do not believe 
we have time to do that and we are also in the Feature Freeze. Moreover, 
Reinhard, who is the libpod maintainer, would not be happy if we release Impish 
with a broken package.

With all that said, I believe the easier and the least worse solution
would be to disable clone3 syscall from glibc. WDYT?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1943049

Title:
  Docker ubuntu:impish: Problem executing scripts DPkg::Post-Invoke 'rm
  -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb
  /var/cache/apt/*.bin || true'

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1943049/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to