use debian bookworm in docker container #1311
Conversation
sandbox/gvisor/run.py
Outdated
| @@ -162,7 +168,7 @@ def preserve(*locations, short_failure=False): | |||
|
|
|||
| preserve("/usr/local/lib") | |||
| if os.path.exists('/lib64'): | |||
There was a problem hiding this comment.
Would it be clearer to add the condition and explanation directly here: if os.path.exists('/lib64') and not os.path.islink('/lib64')?
There was a problem hiding this comment.
Good idea, made that change.
This returns to an upgrade first attempted in: #1255 That upgrade ran into sandbox trouble, which eventually proved to be a small change in the layout of directories in bookworm relative to buster (`/lib64` became a symlink).
paulfitz
force-pushed
the
paulfitz/bookworm
branch
from
bf04b59 to
cfd8142
Compare
|
There is a deprecation warning on all calls to node now: I tried upgrading packages and it started looking a little messy, so I'm leaving it as separate work, with deprecation messages turned off in the container. Developers will see them all the time and it should be annoying enough to ensure we deal with it. The deprecation is for code that may be leaving node in future versions. |
|
Added some workflow steps to duplicate tests @jonathanperret did manually, to increate odds of catching sandbox breakage in future (at least at the point of updating docker images). Tested manually on repo fork. |
| pip2 install -r requirements.txt | ||
|
|
||
| pip2 install -r requirements.txt && \ | ||
| find /usr/lib -iname "libffi.so.6*" -exec cp {} /usr/local/lib \; |
There was a problem hiding this comment.
Could a comment be added about this? Like which piece/version needs it, and how to tell when some day it may no longer be needed.
This returns to an upgrade first attempted in:
#1255
That upgrade ran into sandbox trouble, which eventually proved to be a small change in the layout of directories in bookworm relative to buster (
/lib64became a symlink).Context
The base image used for Grist was getting quite old, along with the node version used.
Proposed solution
This applies the upgrade and simply skips exposing
/lib64in the sandbox if it is a symlink. If it is a symlink, then sandboxes will not survive being snapshotted and restored.Related issues
Has this been tested?
Tested manually, and with PYTHON_VERSION_ON_CREATION=2 and 3 following #1300