#sandstorm on 2022-06-04 — irc logs at libera.irclog.whitequark.org

2021-05-26 15:17 ChanServ changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things Sandstorm and Cap'n Proto. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev | Channel logs available at https://libera.irclog.whitequark.org/sandstorm

04:12 <torhex-pasmul[m]> Putting a bind mount to `/nix` in the chroot helps. Now `mongod` dies with `SIGABRT`, no obvious info on why.

05:11 <isd> Probably make-bundle.sh should be pulling in whatever it needs from /nix.

05:30 <torhex-pasmul[m]> well, it particularly needs zlib and libstdc++.so.6

05:36 <isd> There's a line in there that tries to use ldd to find all necessary shared libraries. So apparently this doesn't work on nix for some reason.

05:49 <torhex-pasmul[m]> right, nixos doesn't keep a global list of shared libs, each executable has rpath set to their locations

05:50 <torhex-pasmul[m]> further attempts indicate the `mongod` binary works fine when invoked outside of sandstorm's chroot, so it's something about the environment specifically

05:52 <isd> ldd doesn't consult a global list; it examines (actually runs) the ELF itself. `ldd $(which nix-shell)` seems to work as expected for me.

05:54 <torhex-pasmul[m]> Sure. But if you try it on the distributed `mongod` it links to zlib and libstdc++.so.6 without an absolute path and so it has to be added to rpath.

05:56 <isd> Does it not show up in ldd if you've done that?

05:57 <torhex-pasmul[m]> Yes after the executable is patched it shows up and runs fine

05:57 <torhex-pasmul[m]> here's my strace log of my latest attempt, this is mongodb failing to start https://gist.github.com/alteckclub/c5c2366ddccee07c8ab46f5595ecb410

06:01 <torhex-pasmul[m]> Next step is to manually set up a chroot like sandstorm does, i guess, and try again

06:01 <isd> That's bizarre. I don't see anything obvious.

06:02 <torhex-pasmul[m]> do you know if sandstorm is tied to this revision of mongodb?

06:03 <isd> As I mentioned on the issue, yes: https://github.com/garrison/sandstorm-nix/pull/2#issuecomment-1146510753

06:04 <torhex-pasmul[m]> Aah, good, so it's primarily a data compat issue rather than API.

06:04 <isd> the storage format is different on newer versions, so we'd have to script an upgrade for people's existing systems -- the mongo docs expect you to do an upgrade manually, which is a non-starter for sandstorm

06:04 <isd> But yeah, other than that it should work on newer mongo

06:05 <isd> I should get off the computer and start winding down for bed. Later.

06:05 <torhex-pasmul[m]> Thanks for your support.

12:57 larjona has quit [Ping timeout: 258 seconds]

13:55 <torhex-pasmul[m]> I believe I understand the mongo crash: bind-mounting `/dev/urandom` doesn't result in a device data can be read from.

13:56 <torhex-pasmul[m]> `/dev/zero` exhibits the same behavior.

14:41 <torhex-pasmul[m]> I'm going to try a patch to mount `/dev` instead of individual devices. Initial testing with `unshare` seems ok.

16:14 <isd> hm, but it seems to be working with the standard build?

16:15 <isd> There's a comment in there suggesting it's like that because bind mounting all of /dev wasn't working when in a UID namespace

18:29 <torhex-pasmul[m]> Well, for whatever reason it doesn't work on my system (testing manually with `unshare` shows the same behavior)

18:29 <torhex-pasmul[m]> Right now I'm facing the issue that meteor dependency fetching is definitely not deterministic

18:30 <torhex-pasmul[m]> it's either putting a random value or a hash in the directory names for downloaded packages

18:44 <isd> Does the standard build not work on your system?

18:44 <isd> re: meteor, can't say I'm surprised :(

19:38 larjona has joined #sandstorm

20:22 xet7 has quit [Read error: Connection reset by peer]

20:24 xet7 has joined #sandstorm