./bin/gbuild:25:in `sanitize_path': unsanitary string in https://git.gitorious.org/+bitcoin-stable-developers/bitcoin/bitcoind-stable.git (RuntimeError)

This is a regression (it worked until recent revisions)

Please check for failure when doing the sha256sum of the 'files'.

Possibly at https://github.com/devrandom/gitian-builder/blob/master/bin/gbuild#L183

Otherwise failure will happen anyway in the descriptor's script when it's trying to use them, but user will have spoiled the time to bring up a new image

Reported in #86 by @Michagogo. This slows down builds.

I was trying this to experiment with a newer build environment. But it looks like it fails on the kernel.

Fetched 15.1 MB in 1s (7794 kB/s)
Selecting previously unselected package linux-image-3.13.0-46-generic.
(Reading database ... 24121 files and directories currently installed.)
Preparing to unpack .../linux-image-3.13.0-46-generic_3.13.0-46.79_amd64.deb ...
Selecting previously unselected package linux-image-virtual.
Preparing to unpack .../linux-image-virtual_3.13.0.46.53_amd64.deb ...
Unpacking linux-image-virtual (3.13.0.46.53) ...
, stderr: grep: /proc/cpuinfo: No such file or directory
This kernel does not support a non-PAE CPU.
dpkg: error processing archive /var/cache/apt/archives/linux-image-3.13.0-46-generic_3.13.0-46.79_amd64.deb (--unpack):
 subprocess new pre-installation script returned error exit status 1
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 3.13.0-46-generic /boot/vmlinuz-3.13.0-46-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 3.13.0-46-generic /boot/vmlinuz-3.13.0-46-generic
Errors were encountered while processing:
 /var/cache/apt/archives/linux-image-3.13.0-46-generic_3.13.0-46.79_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Traceback (most recent call last):
  File "/usr/bin/vmbuilder", line 24, in <module>
    cli.main()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/contrib/cli.py", line 228, in main
    hypervisor.install_os()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/hypervisor.py", line 70, in install_os
    self.call_hooks('install_kernel', self.chroot_dir)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 67, in call_hooks
    call_hooks(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 159, in call_hooks
    getattr(plugin, func)(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/distro.py", line 190, in install_kernel
    self.suite.install_kernel(destdir)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/dapper.py", line 307, in install_kernel
    run_cmd('chroot', destdir, 'apt-get', '--force-yes', '-y', 'install', self.kernel_name(), env={ 'DEBIAN_FRONTEND' : 'noninteractive' })
  File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 120, in run_cmd
    raise VMBuilderException, "Process (%s) returned %d. stdout: %s, stderr: %s" % (args.__repr__(), status, mystdout.buf, mystderr.buf)
VMBuilder.exception.VMBuilderException: Process (['chroot', '/tmp/tmpD1Hg3m', 'apt-get', '--force-yes', '-y', 'install', 'linux-image-virtual']) returned 100. stdout: Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
  linux-image-3.13.0-46-generic
Suggested packages:
  fdutils linux-doc-3.13.0 linux-source-3.13.0 linux-tools
  linux-headers-3.13.0-46-generic
The following NEW packages will be installed:
  linux-image-3.13.0-46-generic linux-image-virtual
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 15.1 MB of archives.
After this operation, 42.2 MB of additional disk space will be used.
Get:1 http://127.0.0.1:3142/archive.ubuntu.com/ubuntu/ trusty-updates/main linux-image-3.13.0-46-generic amd64 3.13.0-46.79 [15.1 MB]
Get:2 http://127.0.0.1:3142/archive.ubuntu.com/ubuntu/ trusty-updates/main linux-image-virtual amd64 3.13.0.46.53 [2858 B]
Fetched 15.1 MB in 1s (7794 kB/s)
Selecting previously unselected package linux-image-3.13.0-46-generic.
(Reading database ... 24121 files and directories currently installed.)
Preparing to unpack .../linux-image-3.13.0-46-generic_3.13.0-46.79_amd64.deb ...
Selecting previously unselected package linux-image-virtual.
Preparing to unpack .../linux-image-virtual_3.13.0.46.53_amd64.deb ...
Unpacking linux-image-virtual (3.13.0.46.53) ...
, stderr: grep: /proc/cpuinfo: No such file or directory
This kernel does not support a non-PAE CPU.
dpkg: error processing archive /var/cache/apt/archives/linux-image-3.13.0-46-generic_3.13.0-46.79_amd64.deb (--unpack):
 subprocess new pre-installation script returned error exit status 1
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 3.13.0-46-generic /boot/vmlinuz-3.13.0-46-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 3.13.0-46-generic /boot/vmlinuz-3.13.0-46-generic
Errors were encountered while processing:
 /var/cache/apt/archives/linux-image-3.13.0-46-generic_3.13.0-46.79_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

I'm trying to create a package for Berkly DB5, but the preprocess_cmds are failing with:

sed -i.old 's/__atomic_compare_exchange/__atomic_compare_exchange_db/' src/dbinc/atomic.h
sed: can't read src/dbinc/atomic.h: No such file or directory
make: *** [/home/ubuntu/build/bitcoin/depends/work/build/x86_64-apple-darwin11/bdb/5.3.28-ee2ad065658/.stamp_preprocessed] Error 2
make: Leaving directory `/home/ubuntu/build/bitcoin/depends'

For example lets say I want to build a Bitcoin wallet using DB5.3 instead of DB4.8. I would modify the bdb.mk package as so to use version 5.3.28:

$(package)_version=5.3.28
$(package)_download_path=http://download.oracle.com/berkeley-db
$(package)_file_name=db-$($(package)_version).NC.tar.gz
$(package)_sha256_hash=76a25560d9e52a198d37a31440fd07632b5f1f8f9f2b6d5438f4bc3e7c9013ef

DB 5.3's directory structure is slightly different than DB 4.8:

ls -l db-5.3.28.NC/src/dbinc/{atomic.h,win_db.h}
-rw-r--r-- 1 debian debian 6612 Sep  9  2013 db-5.3.28.NC/src/dbinc/atomic.h
-rw-r--r-- 1 debian debian 3831 Sep  9  2013 db-5.3.28.NC/src/dbinc/win_db.h

I adjust the preprocess_cmds as needed and add an additional replacement for Windows:

define $(package)_preprocess_cmds
    sed -i.old 's/__atomic_compare_exchange/__atomic_compare_exchange_db/' src/dbinc/atomic.h
    sed -i.old 's/WinIoCtl\.h/winioctl\.h/g' src/dbinc/win_db.h
endef

What is wrong?

As per issue #53, it would be great if gitian-builder would clean up environment of all LC_* variables and set LANG=en_US.UTF-8

This should be relevant for both make-base-vm and gbuild

I'm using gitian in the following way:

    GBO='-j6 -m4000'
    URI=../bitcoin
    COMMIT=2014_11_branch_to_test
    bin/gbuild $GBO --url bitcoin=${URI} --commit bitcoin=${COMMIT} $DESCDIR/contrib/gitian-descriptors/gitian-linux.yml

However, starting with commit dcf28c8 (by @cfields), it appears that this no longer works. The specified branch is no longer fetched.

I've narrowed this down to the following change:

-  system!("cd inputs/#{dir} && git fetch --update-head-ok #{sanitize_path(remote["url"], remote["url"])} +refs/tags/*:refs/tags/* +refs/heads/*:refs/heads/*")
+  system!("cd inputs/#{dir} && git fetch -q #{sanitize_path(remote["url"], remote["url"])} +refs/tags/*:refs/remotes/tags/* +refs/heads/*:refs/remotes/heads/*")

I can work around this by providing the raw commit hash for COMMIT instead of the branch name, maybe that is how it's supposed to be used, but I thought I'd file an issue in case this is a regression.

and any other non-hash-breaking options that builders might want to set.

I'm having a problem building Bitcoin version 0.9 (using a precise VM in a VirtualBox VM with my Mac as host) that I didn't have building previous versions of Bitcoin (using lucid, also VirtualBox).

The "getting manifest" step is extremely slow because target-bin/grab-packages.sh:
dpkg-query -W -f '${Package}\n' | xargs -n 50 apt-get install --reinstall -y -d
... is re-downloading every package.

I can workaround the problem by just commenting that line out, but the puzzle is why it didn't cause problems for me before; I've never run apt-cacher on my Mac. But I don't know hardly nuthin about Linux packaging or how apt-get install --reinstall decides whether or not it needs to re-download things.

Makes it possible for github to subvert gitian build process.

When gbuilding, when trying to copy-from-host any files that already exist, the error mentioned above causes the build to fail (on Ubuntu 14.04 with LXC). This happened both with the source tarball on the second (amd64) build of Bitcoin Core v0.9.4 and with what looks like all of the cache when using the cache. It looks like the problem is that the -k option is used with tar in copy-from-host. What I can't figure out, though, is why this issue hasn't come up earlier.

I just tried to set up fresh target but when running through the sanity test mentioned in README.md I can't get on-target working.

It always asks me for a password (I know I can use "ubuntu":"ubuntu" but that's not how gitian should work?)

$ on-target -u ubuntu uptime
ubuntu@localhost's password: 
 10:51:41 up 1 min,  0 users,  load average: 0.00, 0.00, 0.00
$ ll var/id_dsa*
-rw-------. 1 marco marco 672 Nov 17 18:24 var/id_dsa
-rw-r--r--. 1 marco marco 635 Nov 17 18:24 var/id_dsa.pub

Some recent changes have to do with grub and/or upgrading the guest system before gbuilding. Not sure what's going on exactly, but I'm having a problem where the Upgrading system, may take a while section took a while, and then failed with this message: ./bin/gbuild:21:in 'system!': failed to run on-target -u root bash < target-bin/upgrade-system.sh > var/install.log 2>&1 (RuntimeError).

Editing upgrade-system.sh to remove the redirections to files and /dev/null reveals that the purge of grub works, and the dist-upgrade seems to proceed normally, until this happens: https://www.irccloud.com/pastebin/xLjCr9YR

The weird thing is that I used gbuild last night and it worked without a problem, so I don't know what changed between last night and now.

Right now I've removed the base container and am rerunning make-base-vm, hoping that then there won't be anything to upgrade and I'll skip over this issue, but that shouldn't be necessary. Also, I noticed that there was some stuff that looked weird in upgrade-system.sh -- there seems to be two different redirects, both to /dev/null and to a log file. What's up with that?

eg find out which sigs do match and display the largest group of matching sigs as OK instead of checking each against the first.

On debian i got errors complaining a missing ubuntu keyring.
Looking at https://github.com/devrandom/gitian-builder/blob/master/bin/make-base-vm makes me feel that gitian requires ubuntu.

It should fail fast instead.

I created base-vms for lucid and precice for both i386 and amd64 architectures.
But I can't use them:

vertoe@debian:~/gitian-builder$ make-clean-vm 
cp: cannot stat `base-lucid-amd64': No such file or directory
vertoe@debian:~/gitian-builder$ make-clean-vm --arch i386
cp: cannot stat `base-lucid-i386': No such file or directory
vertoe@debian:~/gitian-builder$ make-clean-vm --arch i386 --suite precise
cp: cannot stat `base-precise-i386': No such file or directory
vertoe@debian:~/gitian-builder$ make-clean-vm --arch amd64 --suite precise
cp: cannot stat `base-precise-amd64': No such file or directory
vertoe@debian:~/gitian-builder$ ls -lsha
total 2.9G
4.0K drwxr-xr-x 14 vertoe vertoe 4.0K May  6 13:26 .
4.0K drwxr-xr-x  7 vertoe vertoe 4.0K May  6 10:42 ..
649M -rw-r--r--  1 root   root   649M May  6 13:14 base-lucid-amd64.qcow2
589M -rw-r--r--  1 root   root   589M May  6 13:10 base-lucid-i386.qcow2
928M -rw-r--r--  1 root   root   928M May  6 13:26 base-precise-amd64.qcow2
783M -rw-r--r--  1 root   root   783M May  6 13:21 base-precise-i386.qcow2
4.0K drwxr-xr-x  2 vertoe vertoe 4.0K May  6 09:36 bin
4.0K drwxr-xr-x  2 vertoe vertoe 4.0K May  6 13:01 build
4.0K drwxr-xr-x  4 vertoe vertoe 4.0K May  6 11:06 cache
 36K -rw-r--r--  1 vertoe vertoe  35K May  6 09:36 COPYING
4.0K drwxr-xr-x  2 vertoe vertoe 4.0K May  6 09:36 doc
4.0K drwxr-xr-x  2 vertoe vertoe 4.0K May  6 09:36 etc
4.0K drwxr-xr-x  8 vertoe vertoe 4.0K May  6 13:01 .git
4.0K -rw-r--r--  1 vertoe vertoe  102 May  6 09:36 .gitignore
4.0K drwxr-xr-x  3 vertoe vertoe 4.0K May  6 11:29 inputs
4.0K drwxr-xr-x  2 vertoe vertoe 4.0K May  6 09:36 libexec
4.0K -rw-r--r--  1 vertoe vertoe  932 May  6 09:36 LICENSE
8.0K -rw-r--r--  1 vertoe vertoe 5.7K May  6 09:36 README.md
4.0K -rw-r--r--  1 vertoe vertoe  881 May  6 09:36 RELEASE_NOTES
4.0K drwxr-xr-x  2 vertoe vertoe 4.0K May  6 11:06 result
4.0K drwxr-xr-x  2 vertoe vertoe 4.0K May  6 09:36 share
4.0K drwxr-xr-x  2 vertoe vertoe 4.0K May  6 09:38 target-bin
4.0K -rw-r--r--  1 vertoe vertoe 1.3K May  6 09:36 Vagrantfile
4.0K drwxr-xr-x  2 vertoe vertoe 4.0K May  6 11:49 var
vertoe@debian:~/gitian-builder$ start-target 32 lucid-i386
vertoe@debian:~/gitian-builder$ on-target ls -lsha
lxc-start: No such file or directory - failed to get real path for '/home/vertoe/gitian-builder/target--'
lxc-start: failed to mount rootfs
lxc-start: failed to setup rootfs for 'gitian'
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'gitian'
lxc-start: Device or resource busy - failed to remove cgroup '/sys/fs/cgroup//lxc/gitian'

I created them using the following commands:
https://gist.github.com/vertoe/2121b0a9b15e06c0c49e

Any idea what I'm doing wrong?

Hi,

I recently decided to start using Gitian for a few projects i'm involved in. So I installed the needed dependencies, git cloned the repo, installed LXC and KVM (more on that later). I try to run make-base-vm and I get the following trace.

W: Failure trying to run: chroot /tmp/tmpjedtfg mount -t proc proc /proc
, stderr: 
Traceback (most recent call last):
  File "/usr/bin/vmbuilder", line 24, in <module>
    cli.main()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/contrib/cli.py", line 216, in main
    distro.build_chroot()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 83, in build_chroot
    self.call_hooks('bootstrap')
  File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 67, in call_hooks
    call_hooks(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 165, in call_hooks
    getattr(context, func, log_no_such_method)(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/distro.py", line 136, in bootstrap
    self.suite.debootstrap()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/dapper.py", line 276, in debootstrap
    run_cmd(*cmd, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 120, in run_cmd
    raise VMBuilderException, "Process (%s) returned %d. stdout: %s, stderr: %s" % (args.__repr__(), status, mystdout.buf, mystderr.buf)
VMBuilder.exception.VMBuilderException: Process (['/usr/sbin/debootstrap', '--arch=amd64', 'lucid', '/tmp/tmpjedtfg', 'http://127.0.0.1:3142/archive.ubuntu.com/ubuntu']) returned 1. stdout: I: Retrieving Release
I: Retrieving Release.gpg

I didn't modify anything within make-base-vm. I tried with LXC first, that didn't work out, so I tried KVM, but I get the same error..

Is this a well known error?
How could I boot a VM? :)

DISTRIB_DESCRIPTION="Ubuntu 12.04.2 LTS"

This is what I get with the latest version (Ubuntu 12)

bin/make-base-vm -arch i386
2012-09-12 11:36:23,989 INFO : Calling hook: preflight_check
2012-09-12 11:36:23,991 INFO : Calling hook: set_defaults
2012-09-12 11:36:23,992 INFO : Calling hook: bootstrap
2012-09-12 11:37:22,330 INFO : Calling hook: configure_os
Extracting templates from packages: 100%
2012-09-12 11:37:36,745 INFO : update-alternatives: error: no alternatives for rsh.
2012-09-12 11:37:36,821 INFO : update-alternatives: error: no alternatives for rlogin.
2012-09-12 11:37:36,898 INFO : update-alternatives: error: no alternatives for rcp.
2012-09-12 11:37:38,378 INFO : Creating SSH2 RSA key; this may take some time ...
2012-09-12 11:37:38,589 INFO : Creating SSH2 DSA key; this may take some time ...
2012-09-12 11:37:38,700 INFO :
2012-09-12 11:37:38,700 INFO : Warning: Fake initctl called, doing nothing
2012-09-12 11:37:38,701 INFO :
2012-09-12 11:37:38,701 INFO : Warning: Fake initctl called, doing nothing
2012-09-12 11:37:40,010 INFO :
2012-09-12 11:37:40,011 INFO : Current default time zone: 'Etc/UTC'
2012-09-12 11:37:40,014 INFO : Local time is now: Wed Sep 12 09:37:40 UTC 2012.
2012-09-12 11:37:40,014 INFO : Universal Time is now: Wed Sep 12 09:37:40 UTC 2012.
2012-09-12 11:37:40,014 INFO :
Extracting templates from packages: 100%
2012-09-12 11:37:50,708 INFO :
2012-09-12 11:37:50,709 INFO : Current default time zone: 'Etc/UTC'
2012-09-12 11:37:50,711 INFO : Local time is now: Wed Sep 12 09:37:50 UTC 2012.
2012-09-12 11:37:50,714 INFO : Universal Time is now: Wed Sep 12 09:37:50 UTC 2012.
2012-09-12 11:37:50,714 INFO : Run 'dpkg-reconfigure tzdata' if you wish to change it.
2012-09-12 11:37:50,714 INFO :
2012-09-12 11:37:56,718 INFO : Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate certificate ca-certificates.crt
2012-09-12 11:37:56,887 INFO : 0 added, 1 removed; done.
2012-09-12 11:37:56,888 INFO : Running hooks in /etc/ca-certificates/update.d....done.
2012-09-12 11:37:57,401 INFO : start: Unknown parameter: JOB
2012-09-12 11:37:58,116 INFO : restart: Unknown instance:
2012-09-12 11:37:59,146 INFO : umount: /tmp/tmpC0GpKl/dev: device is busy.
2012-09-12 11:37:59,146 INFO : (In some cases useful info about processes that use
2012-09-12 11:37:59,146 INFO : the device is found by lsof(8) or fuser(1))
2012-09-12 11:37:59,147 INFO : Cleaning up
2012-09-12 11:37:59,147 ERROR : Process (['umount', '/tmp/tmpC0GpKl/dev']) returned 1. stdout: , stderr: umount: /tmp/tmpC0GpKl/dev: device is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))

Traceback (most recent call last):
File "/usr/bin/vmbuilder", line 24, in
cli.main()
File "/usr/lib/python2.7/dist-packages/VMBuilder/contrib/cli.py", line 216, in main
distro.build_chroot()
File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 84, in build_chroot
self.call_hooks('configure_os')
File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 67, in call_hooks
call_hooks(self, _args, *_kwargs)
File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 165, in call_hooks
getattr(context, func, log_no_such_method)(_args, *_kwargs)
File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/distro.py", line 156, in configure_os
self.suite.unmount_dev()
File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/dapper.py", line 118, in unmount_dev
run_cmd('umount', '%s/dev' % self.context.chroot_dir)
File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 120, in run_cmd
raise VMBuilderException, "Process (%s) returned %d. stdout: %s, stderr: %s" % (args.repr(), status, mystdout.buf, mystderr.buf)
VMBuilder.exception.VMBuilderException: Process (['umount', '/tmp/tmpC0GpKl/dev']) returned 1. stdout: , stderr: umount: /tmp/tmpC0GpKl/dev: device is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))

solved the first, but here is the second :D

/home/ubuntu/build/blumedtoken/src/leveldb/libmemenv.a: could not read symbols: Archive has no index; run ranlib to add one
collect2: ld returned 1 exit status
make[1]: *** [release/blumedtoken-qt.exe] Error 1
make[1]: Leaving directory `/home/ubuntu/build/blumedtoken'
make: *** [release] Error 2

I think it comes from deps-win32.yml from line 42, i should add something like ==> RANLIB=$PATH/usr/bin/i686-w64-mingw32.static-ranlib \

but i don't know if it is the right thing to do.

I fail to create a base vm using the trusty suite.

vertoe@debian:~/gitian-builder$ sudo bin/make-base-vm --arch i386 --suite trusty
2015-05-06 13:26:23,216 INFO    : logging to file: /tmp/tmpTaXNB3
2015-05-06 13:26:23,444 INFO    : Calling hook: preflight_check
2015-05-06 13:26:23,456 INFO    : Calling hook: set_defaults
2015-05-06 13:26:23,457 INFO    : Calling hook: bootstrap
2015-05-06 13:26:23,730 INFO    : Cleaning up
2015-05-06 13:26:23,731 ERROR   : Process (['/usr/sbin/debootstrap', '--arch=i386', 'trusty', '/tmp/tmp5rw0Td', 'http://127.0.0.1:3142/archive.ubuntu.com/ubuntu']) returned 1. stdout: E: No such script: /usr/share/debootstrap/scripts/trusty
, stderr: 
Traceback (most recent call last):
  File "/usr/local/bin/vmbuilder", line 24, in <module>
    cli.main()
  File "/usr/local/lib/python2.7/dist-packages/VMBuilder/contrib/cli.py", line 221, in main
    distro.build_chroot()
  File "/usr/local/lib/python2.7/dist-packages/VMBuilder/distro.py", line 83, in build_chroot
    self.call_hooks('bootstrap')
  File "/usr/local/lib/python2.7/dist-packages/VMBuilder/distro.py", line 67, in call_hooks
    call_hooks(self, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/VMBuilder/util.py", line 170, in call_hooks
    getattr(context, func)(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/distro.py", line 137, in bootstrap
    self.suite.debootstrap()
  File "/usr/local/lib/python2.7/dist-packages/VMBuilder/plugins/ubuntu/dapper.py", line 273, in debootstrap
    run_cmd(*cmd, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/VMBuilder/util.py", line 120, in run_cmd
    raise VMBuilderException, "Process (%s) returned %d. stdout: %s, stderr: %s" % (args.__repr__(), status, mystdout.buf, mystderr.buf)
VMBuilder.exception.VMBuilderException: Process (['/usr/sbin/debootstrap', '--arch=i386', 'trusty', '/tmp/tmp5rw0Td', 'http://127.0.0.1:3142/archive.ubuntu.com/ubuntu']) returned 1. stdout: E: No such script: /usr/share/debootstrap/scripts/trusty
, stderr:

Architecture doesnt matter, and it fails with the same error with or without LXC.

Hello all,

Could I configure the gitian builder so that only 64 bits version of the program is compiled?

BR,
Terry

found a bug in the gitian builder that's been haunting me for maybe a week. in gitian-builder/bin/make-base-vm kpartx is used to configure a loopback device which allows us to copy a single raw partition into a build image for use with LXC. During cleanup, kpartx -d /dev/loop${loop} is used, but in multipath-tools 0.4.9 (which is on ubuntu 12.04.x) kpartx fails when using the /dev/loop${loop} syntax, it has to be given the file-side mapping. losetup -d /dev/loop${loop} will work, as will kpartx -d /path/to/image.raw. test results:

masheen 00:21:44 /v/soft/tbb/gitian-builder# kpartx -av $OUT.raw|sed -n '/loop.p1/{s/.*loop\(.\)p1.*/\1/;p}'
0
masheen 00:23:11 /v/soft/tbb/gitian-builder# losetup -a
/dev/loop0: [0811]:1667076 (base-precise-amd64.raw)
masheen 00:23:15 /v/soft/tbb/gitian-builder# kpartx -d /dev/loop0
masheen 00:23:27 /v/soft/tbb/gitian-builder# losetup -a
/dev/loop0: [0811]:1667076 (base-precise-amd64.raw)
masheen 00:23:34 /v/soft/tbb/gitian-builder# kpartx -d base-precise-amd64.raw 
loop deleted : /dev/loop0
masheen 00:23:42 /v/soft/tbb/gitian-builder# losetup -a
masheen 00:23:44 /v/soft/tbb/gitian-builder#

This means that multiple build runs will eventually fill loop devices, holding open old images (and thus eating disk space) and in particular _old builds will still hang around and potentially interfere with future builds because it's possible for on-target to execute against the old, failed-to-delete mapping_

On a recent version of gitian-builder:

bin/make-base-vm -arch i386
2012-05-14 13:26:14,827 INFO    : Calling hook: preflight_check
2012-05-14 13:26:14,827 INFO    : Cleaning up
2012-05-14 13:26:14,827 ERROR   : The path to the first-boot script is invalid: /home/pw/git/gitian-builder/target-bin/bootstrap-fixup. Make sure you are providing a full path.
Traceback (most recent call last):
  File "/usr/bin/vmbuilder", line 24, in <module>
    cli.main()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/contrib/cli.py", line 216, in main
    distro.build_chroot()
  File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 81, in build_chroot
    self.call_hooks('preflight_check')
  File "/usr/lib/python2.7/dist-packages/VMBuilder/distro.py", line 67, in call_hooks
    call_hooks(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/util.py", line 158, in call_hooks
    getattr(plugin, func, log_no_such_method)(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/VMBuilder/plugins/firstscripts/__init__.py", line 40, in preflight_check
    raise VMBuilderUserError('The path to the first-boot script is invalid: %s. Make sure you are providing a full path.' % firstboot)
VMBuilder.exception.VMBuilderUserError: The path to the first-boot script is invalid: /home/pw/git/gitian-builder/target-bin/bootstrap-fixup. Make sure you are providing a full path.

I was trying to bin/make-base-vm and it failed with loads of errors like

Failed to fetch http://127.0.0.1:3142/archive.ubuntu.com/ubuntu/pool/main/m/manpages/manpages_3.23-1_all.deb  Size mismatch

when in fact

$ wget http://127.0.0.1:3142/archive.ubuntu.com/ubuntu/pool/main/m/manpages/manpages_3.23-1_all.deb
$ dpkg-deb --show manpages_3.23-1_all.deb
openssh-client  1:5.3p1-3ubuntu7.1
$ wtf is this
Gee...  I don't know what this means...

this is because the cacher is fundamentally broken in ubuntu 13.10, responding wrong packages, for reasons unknown. i'll just leave this here so people runnin into it know see this and figure what went wrong, because i kinda wasted a lot of time not realizing what was causing this.
https://bugs.launchpad.net/ubuntu/+source/apt-cacher-ng/+bug/1234946

While gitian building on a fresh ubuntu 14.10 VM with current master i get:

2014-12-22 16:13 ERROR   : Process (['/usr/sbin/debootstrap', '--arch=amd64', 'precise', '/tmp/tmpDu7fAf', 'http://127.0.0.1:3142/archive.ubuntu.com/ubuntu']) returned 1. stdout: I: Retrieving Release 
I: Retrieving Release.gpg 
I: Checking Release signature
E: Error executing gpgv to check Release signature

any ideas?

(Originally posted here before I deleted the posts.)

Hello. The LXC push for issue #94 seemed to work. I'm seeing some different issues now, though. I figured I'd post them here in case I'm missing something.

Basically, I can't seem to get the sanity check to work. I'll post the error below. First, here are all the steps I'm following from scratch. Am I doing something wrong? I can post the command line output if you want it. (By the way, this is all done on Ubuntu 15.04, using KVM.)

sudo apt-get install git apache2 apt-cacher-ng python-vm-builder ruby qemu-utils
sudo apt-get install qemu-kvm
sudo bin/make-base-vm --suite trusty  # Seems to install w/o problems
sudo bin/make-base-vm --suite trusty --arch i386  # Seems to build w/o problems
PATH=$PATH:$(pwd)/libexec
make-clean-vm --suite trusty --arch i386
start-target 32 trusty-i386 &  # Error output below
on-target ls -la  # Error output below
stop

Here's the start-target output.

[1] 83064
droark@ubuntu:~/Projects/gitian-builder$ /home/droark/Projects/gitian-builder/libexec/start-target: 26: /home/droark/Projects/gitian-builder/libexec/start-target: cannot create var/target.pid: Permission denied
/home/droark/Projects/gitian-builder/libexec/start-target: 25: /home/droark/Projects/gitian-builder/libexec/start-target: cannot create var/target.log: Permission denied
rm: cannot remove ‘var/target.pid’: No such file or directory

Here's the on-target output.

ssh: connect to host localhost port 2223: Connection refused
[1]+  Exit 1                  start-target 32 trusty-i386

I'm pretty sure the "Exit 1" line is actually meant for "start-target" but it doesn't get triggered until you hit Enter. Either way, it looks like something isn't set up properly. Thoughts? I double-checked using LXC. Had similar results when trying to run the sanity check.

droark@ubuntu:~/Projects/gitian-builder$ make-clean-vm --suite trusty --arch i386
libexec/config-bootstrap-fixup: line 15: target-bin/bootstrap-fixup: Permission denied
droark@ubuntu:~/Projects/gitian-builder$ LXC_ARCH=i386 LXC_SUITE=lucid on-target ls -la
/home/droark/Projects/gitian-builder/libexec/config-lxc: line 13: var/lxc.config: Permission denied
lxc-execute: lxc_execute.c: main: 135 failed to read configuration file

Thanks for all your hard work. :)

here it is clearly:

nemgun@ubuntu:~/gitian-builder$ sudo bin/gbuild ..blumedtoken/contrib/gitian-descriptors/deps-win32.yml
/usr/lib/ruby/2.3.0/psych.rb:471:in initialize': No such file or directory @ rb_sysopen - ..blumedtoken/contrib/gitian-descriptors/deps-win32.yml (Errno::ENOENT) from /usr/lib/ruby/2.3.0/psych.rb:471:inopen'
from /usr/lib/ruby/2.3.0/psych.rb:471:in load_file' from bin/gbuild:201:in

There is an issue that appears to have been incorrectly reported as an issue with Bitcoin Core: bitcoin/bitcoin#5930. It really seems to be an issue with gitian-builder. As the linked issue states, someone is having an issue with LXC and precise. I am having the same issue with LXC and trusty. The error message is:

E: Unable to correct problems, you have held broken packages.

I am trying to build different software (Armory) and that is why I don't think this is a Bitcoin Core specific issue.

There is no indication that anything is wrong from the logs. Just this error message to the host's console.

I don't have this issue with KVM. I'm not sure about the person that originally reported the issue under the Bitcoin Core repo.

I've been playing around with Gitian using LXC. It's great, but I'm not a fan of the dependency on vmbuilder for LXC container creation. LXC already has a way of creating containers, and most distros don't ship with vmbuilder.

Would you accept a patch that adds the ability (through parameters) to use LXC templates, instead of vmbuilder?

build/out is wiped every time.

Would be awesome if that was not the case, if there was, for example, an output directory per descriptor (or make the cleaning optional, or make it possible to specify what output directory, ... everything would be better than this). This must be the most complained-about issue of gitian ever :) [1]

The latest are grabbed, instead of the currently installed.

Maybe a samba (KVM supports this builtin) or bind (LXC) mount from guest to host?

I was going to create a pull request or two, but I don't know enough about Vagrant/VirtualBox to fix all of these issues the right way.

So I'm going to do a bit of a brain dump, and include the Vagrantfile that worked-for-me to create a base VM to compile Bitcoin version 0.10.0, mostly to help anybody else running into similar issues, but, hopefully, to inspire somebody who is a Vagrant/VirtualBox expert to fix things the right way.

My setup: OSX 10.9, VirtualBox 4.3.20, homebrew-installed vagrant version 1.7.1

The issues I worked through, starting with most-obviously-a-problem-that-should-be-fixed:

1. 4GB was not enough memory to cross-compile Bitcoin. I don't remember which piece of Bitcoin or its dependencies failed, but suggest setting vb.memory = 8000 or more.

2. Single-CPU guest is slow to compile. I added vb.customize ["modifyvm", :id, "--cpus", "7"], would be really spiffy if make-base-vm Did The Right Thing (maybe add a --cpus=N option...).

3. The Vagrantfile installs too much stuff by default. In particular, installing libqt4-dev pulls in a bunch of dependencies and caused Bitcoin builds to be non-deterministic. It should only install the same stuff the other make-base-vm scripts install: openssh-server pciutils build-essential git-core subversion (is subversion really necessary???)

4. Vagrant 1.7 needs: config.ssh.insert_key = false ... to prevent it from generating a new ssh keypair. Unfortunately, older versions of Vagrant don't understand that option in the Vagrantfile.

Issues with things other than gitian-builder:

brew-installed vagrant + make-base-vm --vbox --suite precise + latest VirtualBox == problems with version of the "guest additions". An issue with the base Vagrant precise images, worked around by installing the vagrant-vbguest plugin:

brew install caskroom/cask/brew-cask
brew cask install vagrant
vagrant plugin install vagrant-vbguest

Maybe related to the vbguest plugins: Had to echo 'grub-pc hold' | dpkg --set-selections or make-base-vm failed trying to update grub-pc...

... which breaks target-bin/grab-packages.sh. I hacked a fix by adding --force-yes to the apt-get install in that script:

diff --git a/target-bin/grab-packages.sh b/target-bin/grab-packages.sh
index adf8e34..501bd89 100644
--- a/target-bin/grab-packages.sh
+++ b/target-bin/grab-packages.sh
@@ -8,5 +8,5 @@ cd /var/cache/apt/archives

 #apt-get clean

-dpkg-query -W -f '${Package}\n' | xargs -n 50 apt-get install --reinstall -y -d  > /dev/null
+dpkg-query -W -f '${Package}\n' | xargs -n 50 apt-get install --reinstall -y --force-yes -d  > /dev/null

My hacked-up Vagrantfile:

$script = <<SCRIPT
#!/bin/bash

set -eu

echo 'grub-pc hold' | dpkg --set-selections
sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt-get install -y openssh-server pciutils build-essential git-core subversion

# BITCOIN BUG:
sudo apt-get install -y lib32z1-dev

# Gavin optimization:
sudo apt-get install --download-only -y autoconf2.13 automake binutils-gold bsdmainutils cmake faketime g++ g++-mingw-w64 g++-multilib git-core libbz2-dev libc6:i386 libcap-dev libtool libz-dev mingw-w64 nsis pkg-config zip

echo "ok"

SCRIPT

archs = ["amd64", "i386"]
suites = ["precise", "quantal", "raring", "saucy", "trusty"]

if ARGV[0] == "up" and ARGV.length == 1
  puts "Specify a name of the form 'suite-architecture'"
  puts "  suites: " + suites.join(', ')
  puts "  architectures: " + archs.join(', ')
  Process.exit 1
end

Vagrant.configure("2") do |config|

  config.ssh.insert_key = false
  config.vm.provision "shell", inline: $script
  config.vm.network :forwarded_port, id: "ssh", guest: 22, host: 2223

  suites.each do |suite|
    archs.each do |arch|
      name = "#{suite}-#{arch}"

      config.vm.define name do |config|
        config.vm.box = name
        config.vm.box_url = "http://cloud-images.ubuntu.com/vagrant/#{suite}/current/#{suite}-server-cloudimg-#{arch}-vagrant-disk1.box"
        config.vm.provider :virtualbox do |vb|
          vb.name = "Gitian-#{name}"
        end
      end
    end
  end

  config.vm.provider :virtualbox do |vb|
    vb.memory = 16000
    vb.customize ["modifyvm", :id, "--cpus", "7"]
  end
end

After seeing af56f89#diff-9b8ef304d854efc8f914832500619631, I removed the automatic setting of the LXC_EXECUTE environment variable, assuming that gconfig would set it properly. However, that didn't happen and the issue from #63 seems to be back. Are you sure that comparison is in the correct direction?

The breaking change appears to have been made in commit ea24af1, by @theuni. It uses the Dir.exists? method on line 83 of bin/gbuild. This method seems to have been introduced in Ruby 1.9. Therefore, Ubuntu Precise fails to run.

When running inside a 32-bit LXC, uname still returns x86_64 when the outer host is 64-bit. This seems to confuse the Qt library build system, that adds an -m64 to gcc's command line flags, obviously causing failure.

Workaround:

USE_LXC=1 linux32 bin/gbuild -c bitcoin=commitid yamlfile ...

Need better detection of an old VM running. Possibly caused by pid file having been deleted.

When using LXC with the caching feature, the cache is correctly read/imported from cache/. However, when the cache is written/exported at the end of the build, it's written to cache/cache/. The package-named folders, however, are created in cache/, but they remain empty. This results in a tree that looks something like this: http://paste.ubuntu.com/9605543/

Show an explanatory message if br0 (for LXC) is not up, and such.

When creating a new image some users get warnings about host ID having changed.

I use kvm. When I try to run gbuild with the lxc package uninstalled (I am running Debian Jessie), I get a bunch of the following outputted in between the useful output:

/home/joseph/git/gitian-builder/libexec/gconfig: line 3: lxc-start: command not found
dpkg: error: --compare-versions takes three arguments: <version> <relation> <version>

Type dpkg --help for help about installing and deinstalling packages [*];
Use 'apt' or 'aptitude' for user-friendly package management;
Type dpkg -Dhelp for a list of dpkg debug flag values;
Type dpkg --force-help for a list of forcing options;
Type dpkg-deb --help for help about manipulating *.deb files;

Options marked [*] produce a lot of output - pipe it through 'less' or 'more' !

This is confusing behavior (because users see mention of lxc, but know that they are using kvm, and start checking their environment variables for USE_LXC, but become confused when they don't have it set). Installing lxc fixes the issue, but users shouldn't need to install lxc to fix this issue.

Note that while this issue doesn't appear to prevent the build from working (I am able to run gbuild to completion and get the expected output), it makes users think something is wrong.

This behavior has been confirmed by other users.

It seems like checking in gconfig for USE_LXC being set and skipping the LXC stuff if it isn't set would fix the issue, but I haven't tried doing that.

CC'ing @droark

As discussed in #53 and bitcoin/bitcoin#4265 I propose a (very low priority) feature request to support aside from the sha256sum of installed .deb packages a second list in a text file with one package per line, in format:

package-xyz=0.1.0
package-abc=0.3.0

Given that an Ubuntu image is always used to build, we could afterwards restore older version of packages by setting proper apt sources (archives.ubuntu.com) and the issuing:

apt-get install $(<such-list.txt)

This helps at increasing determinism/reproducibility in case the distro is changed upstream, although falls short in case package versions go completely missing upstream even from archives.

NOTE: downgrade is basically not supported by any package mantainer, thus it would be best to completely circumvent the problem of changed packages by using only an officially released Ubuntu ISO (and never issuing an apt-get update) and a set pool of necessary .deb package dependencies put directly in the apt-cacher-ng cache. Each project could then host their own APT archives source to support the reproducible build.

This would essentially solve #91.

I've successfully completed a couple of gitian builds for Dogecoin, but as of recently, I've been getting an error that Google shows affected the su command in a particular version of Debian. This occurred after I pulled a more recent version of gitian-builder, but the issue still persists after checking out older commits. I am running ubuntu server 14.04 on a fresh VM. Creating the base VM's for gitian appears to work fine. I'm using LXC and here is the output.

user@gitian:/gitian-builder$ ./bin/gbuild ../dogecoin/contrib/gitian-descriptors/deps-linux.yml
--- Building for precise i386 ---
Stopping target if it is up
Making a new image copy
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
root@gitian:# exit
Starting target
Checking if target is up
Preparing build environment
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.

ubuntu@gitian:~$ exit
tar: This does not look like a tar archive
tar: Exiting with failure status due to previous errors
lxc-start: The container failed to start.
lxc-start: Additional information can be obtained by setting the --logfile and --log-priority options.
./bin/gbuild:21:in system!': failed to run copy-to-target inputs/openssl-1.0.1h.tar.gz build/ (RuntimeError) from ./bin/gbuild:80:inblock in build_one_configuration'
from ./bin/gbuild:78:in each' from ./bin/gbuild:78:inbuild_one_configuration'
from ./bin/gbuild:235:in block (2 levels) in <main>' from ./bin/gbuild:230:ineach'
from ./bin/gbuild:230:in block in <main>' from ./bin/gbuild:228:ineach'
from ./bin/gbuild:228:in `

Latest gitian seems to setup a git clone under inputs/, but just fetches from the original repository it cloned from initially, rather than the one referenced by the YML. This causes problems when switching between Bitcoin master and stable branches (which are in another repository).

It shouldn't be hard to fix: instead of adding a remote, just specify the URI to git fetch every time.