Page MenuHomeVyOS Platform
Create Task
Maniphest T6264

ISO builder fails to build 1.4 because of sagitta-packages repo 403 error
Closed, WontfixPublic
Actions

Description

Already reported in https://vyos.dev/T6249 but closed there without any comment.
(I thought it was ok to report there because it was tagged for both 1.3 and 1.4, issues are different but similar - build depends on non-accessible remote repo.)
I have tried again, it still fails:

marekm@build:~/vyos-build$ git pull
Already up to date.
marekm@build:~/vyos-build$ sudo make clean
[2024-04-25 11:24:47] lb clean
P: Cleaning chroot
marekm@build:~/vyos-build$ sudo ./build-vyos-image iso --architecture amd64 --build-by "[email protected]"
I: Checking if packages required for VyOS image build are installed
build/config
I: Cleaning the build workspace
[2024-04-25 11:25:03] lb clean
P: Cleaning chroot
I: Setting up additional APT entries
I: Configuring live-build
[2024-04-25 11:25:03] lb config noauto --apt-indices false --apt-options --yes -oAPT::Get::allow-downgrades=true --apt-recommends false --architecture amd64 --archive-areas main contrib non-free --backports true --binary-image iso-hybrid --bootappend-live boot=live components hostname=vyos username=live nopersistence noautologin nonetworking union=overlay console=ttyS0,115200 console=tty0 net.ifnames=0 biosdevname=0 --bootappend-live-failsafe live components memtest noapic noapm nodma nomce nolapic nomodeset nosmp nosplash vga=normal console=ttyS0,115200 console=tty0 net.ifnames=0 biosdevname=0 --bootloaders syslinux,grub-efi --checksums sha256 md5 --chroot-squashfs-compression-type xz -Xbcj x86 -b 256k -always-use-fragments -no-recovery --debian-installer none --debootstrap-options --variant=minbase --exclude=isc-dhcp-client,isc-dhcp-common,ifupdown --include=apt-utils,ca-certificates,gnupg2 --distribution bookworm --firmware-binary false --firmware-chroot false --iso-application VyOS --iso-publisher [email protected] --iso-volume VyOS --linux-flavours amd64-vyos --linux-packages linux-image-6.6.28 --mirror-binary http://deb.debian.org/debian --mirror-binary-security http://deb.debian.org/debian-security --mirror-bootstrap http://deb.debian.org/debian --mirror-chroot http://deb.debian.org/debian --mirror-chroot-security http://deb.debian.org/debian-security --security true --updates true
P: Updating config tree for a debian/bookworm/amd64 system
P: Symlinking hooks...
I: Starting image build
[2024-04-25 11:25:03] lb build
P: live-build 20230502
P: Building for a debian/bookworm/amd64 system
[2024-04-25 11:25:03] lb bootstrap
P: Setting up clean exit handler
[2024-04-25 11:25:03] lb bootstrap_cache restore
P: Restoring bootstrap stage from cache...
[2024-04-25 11:25:03] lb bootstrap_debootstrap
P: Begin bootstrapping system...
W: Skipping bootstrap, already done
[2024-04-25 11:25:03] lb bootstrap_cache save
P: Saving bootstrap stage to cache...
[2024-04-25 11:25:04] lb chroot_prep install all-except-archives
[2024-04-25 11:25:04] lb chroot_devpts install
P: Begin mounting /dev/pts...
[2024-04-25 11:25:04] lb chroot_proc install
P: Begin mounting /proc...
[2024-04-25 11:25:04] lb chroot_selinuxfs install
[2024-04-25 11:25:04] lb chroot_sysfs install
P: Begin mounting /sys...
[2024-04-25 11:25:04] lb chroot_debianchroot install
P: Configuring file /etc/debian_chroot
[2024-04-25 11:25:04] lb chroot_dpkg install
P: Configuring file /sbin/start-stop-daemon
dpkg-divert: warning: diverting file '/sbin/start-stop-daemon' from an Essential package with rename is dangerous, use --no-rename
[2024-04-25 11:25:04] lb chroot_tmpfs install
[2024-04-25 11:25:04] lb chroot_sysv-rc install
P: Configuring file /usr/sbin/policy-rc.d
[2024-04-25 11:25:04] lb chroot_hosts install
P: Configuring file /etc/hosts
[2024-04-25 11:25:04] lb chroot_resolv install
P: Configuring file /etc/resolv.conf
[2024-04-25 11:25:04] lb chroot_hostname install
P: Configuring file /etc/hostname
P: Configuring file /bin/hostname
dpkg-divert: warning: diverting file '/bin/hostname' from an Essential package with rename is dangerous, use --no-rename
[2024-04-25 11:25:04] lb chroot_apt install
P: Configuring file /etc/apt/apt.conf
[2024-04-25 11:25:04] lb bootstrap_archives
P: Configuring file /etc/apt/sources.list
Get:1 http://security.debian.org/debian-security buster/updates InRelease [34.8 kB]
Hit:2 http://deb.debian.org/debian bookworm InRelease
Get:3 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:4 https://repo.saltproject.io/py3/debian/11/amd64/3005 bullseye InRelease [2853 B]
Get:5 http://security.debian.org/debian-security buster/updates/main amd64 Packages [596 kB]
Get:6 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:7 http://deb.debian.org/debian bookworm-backports InRelease [56.5 kB]
Get:8 http://deb.debian.org/debian buster InRelease [122 kB]
Get:10 http://security.debian.org/debian-security buster/updates/main Translation-en [322 kB]
Get:11 http://security.debian.org/debian-security buster/updates/non-free amd64 Packages [11.0 kB]
Get:12 http://security.debian.org/debian-security buster/updates/non-free Translation-en [24.8 kB]
Get:13 http://deb.debian.org/debian buster-updates InRelease [56.6 kB]
Get:14 http://deb.debian.org/debian trixie InRelease [158 kB]
Get:15 http://deb.debian.org/debian trixie-updates InRelease [45.1 kB]
Get:16 http://deb.debian.org/debian bookworm/main Sources [9489 kB]
Err:9 https://sagitta-packages.vyos.net sagitta InRelease
403 Forbidden [IP: 2606:4700::6812:1f4f 443]
Get:17 http://deb.debian.org/debian bookworm/main Translation-en [6109 kB]
Get:18 http://deb.debian.org/debian-security bookworm-security/main Sources [91.5 kB]
Get:19 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages [155 kB]
Get:20 http://deb.debian.org/debian-security bookworm-security/main Translation-en [94.3 kB]
Get:21 http://deb.debian.org/debian bookworm-updates/main Sources [17.9 kB]
Get:22 http://deb.debian.org/debian bookworm-updates/main amd64 Packages [13.8 kB]
Get:23 http://deb.debian.org/debian bookworm-updates/main Translation-en [16.0 kB]
Get:24 http://deb.debian.org/debian bookworm-backports/main Sources [204 kB]
Get:25 http://deb.debian.org/debian bookworm-backports/main amd64 Packages [192 kB]
Get:26 http://deb.debian.org/debian bookworm-backports/main Translation-en [161 kB]
Get:27 http://deb.debian.org/debian buster/main amd64 Packages [7909 kB]
Get:28 https://repo.saltproject.io/py3/debian/11/amd64/3005 bullseye/main amd64 Packages [2924 B]
Get:29 http://deb.debian.org/debian buster/main Translation-en [5969 kB]
Get:30 http://deb.debian.org/debian buster/non-free amd64 Packages [87.8 kB]
Get:31 http://deb.debian.org/debian buster/non-free Translation-en [88.9 kB]
Get:32 http://deb.debian.org/debian buster-updates/main amd64 Packages [8788 B]
Get:33 http://deb.debian.org/debian buster-updates/main Translation-en [6915 B]
Get:34 http://deb.debian.org/debian trixie/main amd64 Packages [8871 kB]
Get:35 http://deb.debian.org/debian trixie/main Translation-en [5999 kB]
Get:36 http://deb.debian.org/debian trixie/non-free amd64 Packages [98.3 kB]
Get:37 http://deb.debian.org/debian trixie/non-free Translation-en [67.7 kB]
Reading package lists... Done
E: Failed to fetch http://dev.packages.vyos.net/repositories/sagitta/dists/sagitta/InRelease 403 Forbidden [IP: 2606:4700::6812:1f4f 443]
E: The repository 'http://dev.packages.vyos.net/repositories/sagitta sagitta InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
N: Repository 'Debian bookworm' changed its 'non-free component' value from 'non-free' to 'non-free non-free-firmware'
N: More information about this can be found online in the Release notes at: https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.html#non-free-split
E: An unexpected failure occurred, exiting...
P: Begin unmounting filesystems...
P: Saving caches...
Reading package lists... Done
Building dependency tree... Done
marekm@build:~/vyos-build$

Details

Difficulty level
Unknown (require assessment)
Version
1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Infrastructure issue or change

Related Objects

Event Timeline

marekm triaged this task as Urgent! priority.Thu, Apr 25, 9:41 AM
marekm created this task.
marekm created this object in space S1 VyOS Public.
marekm mentioned this in T6249: ISO builder fails because of changed buster-backport repository.
syncer lowered the priority of this task from Urgent! to Normal.Thu, Apr 25, 9:44 AM
marekm added a comment.EditedThu, Apr 25, 10:04 AM

Sorry about the priority, but it may be quite serious for those who will lose access due to end of program "images for donations" on May 1, and would like to be able to build stable images from source.

pasik added a subscriber: pasik.Thu, Apr 25, 10:56 AM
Viacheslav closed this task as Invalid.Thu, Apr 25, 1:06 PM
Viacheslav added a subscriber: Viacheslav.

Stay tuned; check our blog post.

syncer changed the task status from Invalid to Wontfix.Thu, Apr 25, 1:12 PM
syncer added a subscriber: syncer.

When we say build from the source, we mean build from the source
see https://blog.vyos.io/community-contributors-userbase-and-lts-builds

marekm added a comment.EditedThu, Apr 25, 2:33 PM

OK, so where can I find the source (without the artwork) with the necessary patches and working build scripts (to build from the LTS, not rolling branch - just to be clear)? No problem to use my own CPU cycles and bandwidth and disk space, I can wait longer for the build to finish, sometimes (on sunny days) I even have some free electricity :) - in fact I would even prefer to build the binaries myself (of any packages not directly copied from Debian) rather than trust an external repo. And no problem, you've just got the 868th star from me, I simply didn't know this is something that matters. I have never distributed the LTS images to third parties, just using them internally. Yes, for some small scale production use (single-person business, running a very small local ISP for a few hundreds of customers) as a BGP router and PPPoE server (the latter replacing MikroTik because of their unfinished IPv6 support), not big enough to be able to afford a subscription.

syncer added a comment.Thu, Apr 25, 5:53 PM

Good.
So, all code is in github.
you need to spend bit of time and learn how to build packages and make them into repo
after you point vyos-build to that repo and good to go
it's time consuming, but once you have set it up, after it will not require that much time

marekm added a comment.Thu, Apr 25, 6:44 PM

If all of this would be done by the build script (download sources, apply patches, build binary packages and copy them to a local filesystem) there would be no problem.
I can't even see the list of packages in that 403 Forbidden repo - all of it blocked completely, not just access to binary packages.

Not all software in VyOS is GPL of course, but the GPL is fairly clear that "all code is in github" is not good enough:

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.

Also, some packages have "vyos" as part of their names, do they have to be renamed to avoid trademark issues? Not sure if there are still some with "vyatta" left, might be a good idea to rename them too.

Unknown Object (User) added a subscriber: Unknown Object (User).Fri, Apr 26, 8:49 AM

So if all packages needed are in fact the vyos-build/packages then this should be fairly simple to build and make your own APT repo off of.

It seems that not all automation however is not public, like how do you handle updating the apt repo, but that's minor hiccup.

GurliGebis added a subscriber: GurliGebis.Fri, Apr 26, 12:01 PM
marekm awarded a token.Mon, Apr 29, 5:22 PM