zoukankan      html  css  js  c++  java
  • gvisor 编译

    https://pkg.go.dev/gvisor.dev/gvisor@v0.0.0-20201222062610-620de250a48a?tab=versions

    https://cloud-atlas.readthedocs.io/zh_CN/latest/kubernetes/virtual/gvisor/gvisor_quickstart.html

    执行make

    Removing intermediate container 3dcdb63a9f6d
     ---> 903876c5fb4a
    Step 4/10 : RUN pip install --no-cache-dir pycparser
     ---> Running in 41ec3173068f
    WARNING: Running pip install with root privileges is generally not a good idea. Try `pip install --user` instead.
    Collecting pycparser
      WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0xffff86941790>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/pycparser/
      WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0xffff868f6c90>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/pycparser/
      WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0xffff868f6ed0>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/pycparser/
      WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0xffff868ac050>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/pycparser/
      WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0xffff868ac110>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/pycparser/
      ERROR: Could not find a version that satisfies the requirement pycparser (from versions: none)
    ERROR: No matching distribution found for pycparser
    The command '/bin/sh -c pip install --no-cache-dir pycparser' returned a non-zero code: 1
    --- BUILD -c opt //runsc
    Error: No such container: gvisor-bazel-3328c4e9-aarch64
    root@cloud:~/gvisor# 
    vi images/default/Dockerfile +6
    FROM fedora:31
    
    # Install bazel.
    RUN dnf install -y dnf-plugins-core && dnf copr enable -y vbatts/bazel
    RUN dnf install -y git gcc make golang gcc-c++ glibc-devel python3 which python3-pip python3-devel libffi-devel openssl-devel pkg-config glibc-static libstdc++-static patch diffutils
    RUN pip install --no-cache-dir pycparser -i http://pypi.douban.com/simple --trusted-host pypi.douban.com
    RUN dnf install -y bazel3

     添加pip代理

    root@cloud:~/gvisor# pip install --no-cache-dir pycparser
    Collecting pycparser
      Downloading https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl (112kB)
        100% |████████████████████████████████| 112kB 2.9MB/s 
    Installing collected packages: pycparser
    Successfully installed pycparser-2.20
    root@cloud:~/gvisor# make -j $(nproc)

     

    Total download size: 30 M
    Installed size: 149 M
    Downloading Packages:
    docker-ce-cli-20.10.1-3.fc31.aarch64.rpm        5.6 MB/s |  30 MB     00:05    
    --------------------------------------------------------------------------------
    Total                                           5.6 MB/s |  30 MB     00:05     
    warning: /var/cache/dnf/docker-ce-stable-5216070ebe39d4d5/packages/docker-ce-cli-20.10.1-3.fc31.aarch64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
    Docker CE Stable - aarch64                      0.0  B/s |   0  B     00:00    
    Curl error (35): SSL connect error for https://download.docker.com/linux/fedora/gpg [OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to download.docker.com:443 ]
    The downloaded packages were saved in cache until the next successful transaction.
    You can remove cached packages by executing 'dnf clean packages'.
    The command '/bin/sh -c dnf install -y docker-ce-cli' returned a non-zero code: 1
    --- BUILD -c opt //runsc
    Error: No such container:

    下载bazel手动编译

    root@cloud:~/gvisor# ../bazel/bazel-3.7.2-linux-arm64   build runsc
    Extracting Bazel installation...
    Starting local Bazel server and connecting to it...
    DEBUG: /root/.cache/bazel/_bazel_root/b4a6b971b553ff6e5ffe7760c9348cdd/external/bazel_toolchains/rules/rbe_repo/version_check.bzl:68:14: 
    Current running Bazel is ahead of bazel-toolchains repo. Please update your pin to bazel-toolchains repo in your WORKSPACE file.
    DEBUG: /root/.cache/bazel/_bazel_root/b4a6b971b553ff6e5ffe7760c9348cdd/external/bazel_toolchains/rules/rbe_repo/checked_in.bzl:125:14: rbe_default not using checked in configs; Bazel version 3.7.2 was picked/selected but no checked in config was found in map {"0.20.0": ["8.0.0"], "0.21.0": ["8.0.0"], "0.22.0": ["8.0.0", "9.0.0"], "0.23.0": ["8.0.0", "9.0.0"], "0.23.1": ["8.0.0", "9.0.0"], "0.23.2": ["9.0.0"], "0.24.0": ["9.0.0"], "0.24.1": ["9.0.0"], "0.25.0": ["9.0.0"], "0.25.1": ["9.0.0"], "0.25.2": ["9.0.0"], "0.26.0": ["9.0.0"], "0.26.1": ["9.0.0"], "0.27.0": ["9.0.0"], "0.27.1": ["9.0.0"], "0.28.0": ["9.0.0"], "0.28.1": ["9.0.0"], "0.29.0": ["9.0.0"], "0.29.1": ["9.0.0", "10.0.0"], "1.0.0": ["9.0.0", "10.0.0"], "1.0.1": ["10.0.0"], "1.1.0": ["10.0.0"], "1.2.0": ["10.0.0"], "1.2.1": ["10.0.0"], "2.0.0": ["10.0.0"], "2.1.0": ["10.0.0"], "2.1.1": ["10.0.0", "11.0.0"], "2.2.0": ["11.0.0"], "3.0.0": ["11.0.0"], "3.1.0": ["11.0.0"]}
    INFO: Repository com_github_google_subcommands instantiated at:
      /root/gvisor/WORKSPACE:221:14: in <toplevel>
    Repository rule go_repository defined at:
      /root/.cache/bazel/_bazel_root/b4a6b971b553ff6e5ffe7760c9348cdd/external/bazel_gazelle/internal/go_repository.bzl:194:32: in <toplevel>
    ERROR: An error occurred during the fetch of repository 'com_github_google_subcommands':
       Traceback (most recent call last):
            File "/root/.cache/bazel/_bazel_root/b4a6b971b553ff6e5ffe7760c9348cdd/external/bazel_gazelle/internal/go_repository.bzl", line 129, column 17, in _go_repository_impl
                    fail("failed to fetch %s: %s" % (ctx.name, result.stderr))
    Error in fail: failed to fetch com_github_google_subcommands: fetch_repo: github.com/google/subcommands@v1.0.2-0.20190508160503-636abe8753b8: Get "https://proxy.golang.org/github.com/google/subcommands/@v/v1.0.2-0.20190508160503-636abe8753b8.info": dial tcp 172.217.160.113:443: i/o timeout
    ERROR: /root/gvisor/runsc/cli/BUILD:5:11: //runsc/cli:cli depends on @com_github_google_subcommands//:go_default_library in repository @com_github_google_subcommands which failed to fetch. no such package '@com_github_google_subcommands//': failed to fetch com_github_google_subcommands: fetch_repo: github.com/google/subcommands@v1.0.2-0.20190508160503-636abe8753b8: Get "https://proxy.golang.org/github.com/google/subcommands/@v/v1.0.2-0.20190508160503-636abe8753b8.info": dial tcp 172.217.160.113:443: i/o timeout
    ERROR: Analysis of target '//runsc:runsc' failed; build aborted: Analysis failed
    INFO: Elapsed time: 91.042s
    INFO: 0 processes.
    FAILED: Build did NOT complete successfully (47 packages loaded, 6941 targets configured)
    root@cloud:~/gvisor# 
    root@cloud:~/gvisor# cat WORKSPACE  | grep com_github_google_subcommands
        name = "com_github_google_subcommands",
    root@cloud:~/gvisor# 

     

    usermod -G docker ubuntu,

    To create the docker group and add your user:

    1. Create the docker group.

      $ sudo groupadd docker
      
    2. Add your user to the docker group.

      $ sudo usermod -aG docker $USER
      
    3. Log out and log back in so that your group membership is re-evaluated.

      If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect.

      On a desktop Linux environment such as X Windows, log out of your session completely and then log back in.

      On Linux, you can also run the following command to activate the changes to groups:

      $ newgrp docker 
      
    4. Verify that you can run docker commands without sudo.

      $ docker run hello-world

    然后另外打开一个终端执行

     

     

    ubuntu@cloud:/gvisor$ make build -j $(nproc)
    --- TAG default
    --- DOCKER BUILD
    sha256:1c0ac5ad3d08348cc1f2f9f8f3e13d221fb5cc3d4ecd5fce90021f282cc380d6
    --- DOCKER RUN
    1af161bfb76a3823e7b7f96837902fa9b6f75ed0ee7c04e15a5ae265c0cca14f
    --- BUILD
    tee: /proc/self/fd/2: Permission denied
    ubuntu@cloud:/gvisor$ 
     echo TEST > /proc/self/fd/2

    查看 ubuntu

    参考

    https://github.com/thecodingmachine/docker-images-php/issues/133

    root 用户

    root@cloud:/# chmod 777 /dev/pts/0
    root@cloud:/# 

    github.com/google/gvisor/pkg/sentry/platform

    root@cloud:/gvisor# go get gvisor.dev/gvisor/runsc@go
    go: found gvisor.dev/gvisor/runsc in gvisor.dev/gvisor v0.0.0-20201228220549-5c21c7c3bd15
    # gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_empty.go:121:14: pudEntry.SetSuper undefined (type *PTE has no field or method SetSuper)
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_empty.go:132:22: pudEntry.IsSuper undefined (type *PTE has no field or method IsSuper)
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_empty.go:138:24: pmdEntries[index].SetSuper undefined (type PTE has no field or method SetSuper)
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_empty.go:175:15: pmdEntry.SetSuper undefined (type *PTE has no field or method SetSuper)
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_empty.go:186:23: pmdEntry.IsSuper undefined (type *PTE has no field or method IsSuper)
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:121:14: pudEntry.SetSuper undefined (type *PTE has no field or method SetSuper)
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:132:22: pudEntry.IsSuper undefined (type *PTE has no field or method IsSuper)
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:138:24: pmdEntries[index].SetSuper undefined (type PTE has no field or method SetSuper)
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:175:15: pmdEntry.SetSuper undefined (type *PTE has no field or method SetSuper)
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:186:23: pmdEntry.IsSuper undefined (type *PTE has no field or method IsSuper)
    /opt/gopath15.6/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:186:23: too many errors
    root@cloud:/gvisor# go get github.com/google/gvisor/pkg/sentry/platform

    介绍

    gVisor是用Go实现的用户空间内核。包括OCI运行时runsc,隔离应用和主机内核。

    容器并不是沙箱。尽管容器改变了我们开发、打包和部署应用的方式,但共享一个内核带来性能和效率的同时,也让容器逃离成为可能。

    gVisor是容器的用户态内核,限制应用访问内核接口的同时允许应用获得需要的特性。

    适用场景:

    • 小容器,快速启动,高密度(如:FaaS?)

    不适用场景:

    • 可信镜像
    • 系统调用频繁
    • 直接访问硬件

    隔离机制

    容器现有的安全隔离手段包括:用户/组、Capabilities、Cgroup和名字空间。

    除此之外,还有其它增强容器隔离性的手段,包括虚拟化、基于规则的安全策略和沙箱。

    虚拟化

    通过VMM将虚拟硬件暴露给虚拟机内核,容器运行在虚拟机中可以获得更好的隔离性和兼容性,但通常需要额外的代理和更多的资源。如KVM、Xen。

    基于规则

    为应用或容器制定专门的安全策略,让暴露面尽量小,但不能在新的应用上通用。如seccomp、SELinux和AppArmor。

    gVisor

    原理

    架构

    gVisor解析应用的系统调用,并进行相应的处理,而不是简单的转发给主机内核。gVisor实现了内核中大部分的基础组件(primitives),包括信号、文件系统、管道、内存管理、futexes等,并在此基础上实现列完整的系统调用处理方法。

    gVisor容器运行时分为2个独立进程,Sentry进程负责执行用户代码,处理系统调用,而文件系统相关的操作则由Gofer进程处理,它们之间通过9P连接。

    文件系统

    Gofer作为文件系统代理,按应用的需求打开主机文件。Sentry在空用户名字空间运行,gVisor的系统调用会经过seccomp filters限制,实现深度防御(defense-in-depth)。

    网络

    Sentry实现了自己的网络栈(netstack),负责TCP连接状态、控制消息和包组装等工作,实现了与主机网络栈的隔离。数据链路层的包会直接写入优Docker或Kubernetes创建的网络名字空间虚拟设备上。

    同时也支持网络透传模式,但这样会降低隔离性。

    平台

    Sentry需要平台(platform)实现基本的上下文切换和内存映射功能。目前支持两种平台:

    • Ptrace,使用SYSEMU功能执行用户代码,无需执行主机系统调用。
    • KVM,Sentry同时充当虚拟机OS和VMM,之间无缝切换。沙箱还是进程模型,没有虚拟硬件层,只是利用了现代处理器的虚拟化扩展提高隔离性和地址空间切换性能。

    UML

    User-Mode Linux

    附录

    快速试用

    1. 环境要求
      • linux 3.17+
      • docker 17.09+
      • git/Bazel/Python
    2. 安装bazel工具
    $ wget https://github.com/bazelbuild/bazel/releases/download/0.13.0/bazel-0.13.0-installer-linux-x86_64.sh
    $ chmod +x ./bazel-0.13.0-installer-linux-x86_64.sh
    $ mkdir ~/bin
    $ ./bazel-0.13.0-installer-linux-x86_64.sh --user
    
    1. 下载编译安装gvisor
    $ git clone https://gvisor.googlesource.com/gvisor gvisor
    $ cd gvisor
    $ bazel build runsc
    INFO: Analysed target //runsc:runsc (170 packages loaded).
    INFO: Found 1 target...
    Target //runsc:runsc up-to-date:
      bazel-bin/runsc/linux_amd64_pure_stripped/runsc
    INFO: Elapsed time: 24.098s, Critical Path: 16.44s
    INFO: 156 processes, linux-sandbox.
    INFO: Build completed successfully, 157 total actions
    $ sudo cp ./bazel-bin/runsc/linux_amd64_pure_stripped/runsc /usr/bin/
    
    1. 配置docker
      $ cat /etc/docker/daemon.json
      {
       "runtimes": {
           "runsc": {
               "path": "/usr/bin/runsc"
               "runtimeArgs": [
                   "--debug-log-dir=/tmp/runsc",
                   "--debug",
                   "--strace",
                   "--platform=ptrace"
               ]
           }
       }
      }
      $ sudo systemctl restart docker
      
    2. 验证 ``` $ sudo docker run –runtime=runsc hello-world Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps:
    3. The Docker client contacted the Docker daemon.
    4. The Docker daemon pulled the “hello-world” image from the Docker Hub. (amd64)
    5. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading.
    6. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. ```

    注:由于网络问题,无法访问golang.org导致编译失败,需要修改依赖的路径

    diff --git a/WORKSPACE b/WORKSPACE
    index 5ce2245..655cec6 100644
    --- a/WORKSPACE
    +++ b/WORKSPACE
    @@ -56,12 +56,16 @@ go_repository(
     go_repository(
         name = "org_golang_x_net",
         importpath = "golang.org/x/net",
    +    remote = "https://github.com/golang/net.git",
    +    vcs = "git",
         commit = "b3c676e531a6dc479fa1b35ac961c13f5e2b4d2e",
     )
     go_repository(
         name = "org_golang_x_sys",
         importpath = "golang.org/x/sys",
    +    remote = "https://github.com/golang/sys.git",
    +    vcs = "git",
         commit = "0dd5e194bbf5eb84a39666eb4c98a4d007e4203a",
     )

    #go_repository(
    #    name = "org_golang_x_sys",
    #    importpath = "golang.org/x/sys",
    #    sum = "h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=",
    #    version = "v0.0.0-20200323222414-85ca7c5b95cd",
    #)
    go_repository(
        name = "org_golang_x_sys",
        importpath = "golang.org/x/sys",
        remote = "https://github.com/golang/sys.git",
        vcs = "git",
        commit="0d417f6369309be088e227ead8736fb722d759d3"
    )

    WORKSPACE文件允许用户的目标依赖其他文件系统的目标或者从网上下载的目标。WORKSPACE文件的语法和BUILD文件一致,不过会用到一些特定的内置rule,细节参考下一个章节的内容。

    一共有三种外部依赖的主要类型:

    1、依赖于其他Bazel工程

    根据这个Bazel工程所处的位置不同,调用不同的内置rule来获得:

    • local_repository:本地
    • git_repository:git仓库
    • http_archive:网络下载

    假如现在有个工程my-project/,需要依赖与另一个工程coworkers-project/。这两个都是Bazel工程,那么需要在my_project/WORKSPACE下添加:

    local_repository(
    name = “coworkers_project”,
    path = “/path/to/coworkers-project”,
    )

     

    go get gvisor.dev/gvisor/runsc@go
    go: cannot use path@version syntax in GOPATH mode

     

    root@cloud:~# go build -o /usr/local/bin/runsc gvisor.dev/gvisor/runsc
    can't load package: package gvisor.dev/gvisor/runsc: cannot find package "gvisor.dev/gvisor/runsc" in any of:
            /usr/local/go/src/gvisor.dev/gvisor/runsc (from $GOROOT)
            /opt/gopath/src/gvisor.dev/gvisor/runsc (from $GOPATH)
    root@cloud:~# cd /gvisor/
    root@cloud:/gvisor# go build -o /usr/local/bin/runsc gvisor.dev/gvisor/runsc
    # gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_empty.go:121:14: pudEntry.SetSuper undefined (type *PTE has no field or method SetSuper)
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_empty.go:132:22: pudEntry.IsSuper undefined (type *PTE has no field or method IsSuper)
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_empty.go:138:24: pmdEntries[index].SetSuper undefined (type PTE has no field or method SetSuper)
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_empty.go:175:15: pmdEntry.SetSuper undefined (type *PTE has no field or method SetSuper)
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_empty.go:186:23: pmdEntry.IsSuper undefined (type *PTE has no field or method IsSuper)
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:121:14: pudEntry.SetSuper undefined (type *PTE has no field or method SetSuper)
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:132:22: pudEntry.IsSuper undefined (type *PTE has no field or method IsSuper)
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:138:24: pmdEntries[index].SetSuper undefined (type PTE has no field or method SetSuper)
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:175:15: pmdEntry.SetSuper undefined (type *PTE has no field or method SetSuper)
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:186:23: pmdEntry.IsSuper undefined (type *PTE has no field or method IsSuper)
    /opt/gopath/pkg/mod/gvisor.dev/gvisor@v0.0.0-20201228220549-5c21c7c3bd15/pkg/sentry/platform/ring0/pagetables/walker_lookup.go:186:23: too many errors
    note: module requires Go 1.15
    root@cloud:/gvisor# 

    go1.15

    root@cloud:/gvisor# export GOPROXY=https://mirrors.aliyun.com/goproxy/
    root@cloud:/gvisor# go get gvisor.dev/gvisor/runsc@go
    go get gvisor.dev/gvisor/runsc@go: gvisor.dev/gvisor/runsc@go: invalid version: reading https://mirrors.aliyun.com/goproxy/gvisor.dev/gvisor/runsc/@v/go.info: 404 Not Found
    root@cloud:/gvisor# unset GOPROXY
    root@cloud:/gvisor# go get gvisor.dev/gvisor/runsc@go
    ^C
    root@cloud:/gvisor# go version
    go version go1.15 linux/arm64
    root@cloud:/gvisor# go get gvisor.dev/gvisor/runsc@go

    从go安装

     

     

    参考

    root@cloud:/gvisor# bazel build runsc
    DEBUG: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_toolchains/rules/rbe_repo/version_check.bzl:68:14: 
    Current running Bazel is ahead of bazel-toolchains repo. Please update your pin to bazel-toolchains repo in your WORKSPACE file.
    DEBUG: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_toolchains/rules/rbe_repo/checked_in.bzl:125:14: rbe_default not using checked in configs; Bazel version 3.7.1 was picked/selected but no checked in config was found in map {"0.20.0": ["8.0.0"], "0.21.0": ["8.0.0"], "0.22.0": ["8.0.0", "9.0.0"], "0.23.0": ["8.0.0", "9.0.0"], "0.23.1": ["8.0.0", "9.0.0"], "0.23.2": ["9.0.0"], "0.24.0": ["9.0.0"], "0.24.1": ["9.0.0"], "0.25.0": ["9.0.0"], "0.25.1": ["9.0.0"], "0.25.2": ["9.0.0"], "0.26.0": ["9.0.0"], "0.26.1": ["9.0.0"], "0.27.0": ["9.0.0"], "0.27.1": ["9.0.0"], "0.28.0": ["9.0.0"], "0.28.1": ["9.0.0"], "0.29.0": ["9.0.0"], "0.29.1": ["9.0.0", "10.0.0"], "1.0.0": ["9.0.0", "10.0.0"], "1.0.1": ["10.0.0"], "1.1.0": ["10.0.0"], "1.2.0": ["10.0.0"], "1.2.1": ["10.0.0"], "2.0.0": ["10.0.0"], "2.1.0": ["10.0.0"], "2.1.1": ["10.0.0", "11.0.0"], "2.2.0": ["11.0.0"], "3.0.0": ["11.0.0"], "3.1.0": ["11.0.0"]}
    INFO: Repository org_golang_x_sys instantiated at:
      /gvisor/WORKSPACE:74:14: in <toplevel>
    Repository rule go_repository defined at:
      /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_gazelle/internal/go_repository.bzl:194:32: in <toplevel>
    ERROR: An error occurred during the fetch of repository 'org_golang_x_sys':
       Traceback (most recent call last):
            File "/root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_gazelle/internal/go_repository.bzl", line 129, column 17, in _go_repository_impl
                    fail("failed to fetch %s: %s" % (ctx.name, result.stderr))
    Error in fail: failed to fetch org_golang_x_sys: # cd .; git clone https://github.com/golang/sys.git /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/org_golang_x_sys
    Cloning into '/root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/org_golang_x_sys'...
    error: RPC failed; curl 56 GnuTLS recv error (-54): Error in the pull function.
    fatal: The remote end hung up unexpectedly
    fatal: early EOF
    fatal: index-pack failed
    fetch_repo: exit status 128
    ERROR: /gvisor/runsc/specutils/BUILD:5:11: //runsc/specutils:specutils depends on @org_golang_x_sys//unix:go_default_library in repository @org_golang_x_sys which failed to fetch. no such package '@org_golang_x_sys//unix': failed to fetch org_golang_x_sys: # cd .; git clone https://github.com/golang/sys.git /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/org_golang_x_sys
    Cloning into '/root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/org_golang_x_sys'...
    error: RPC failed; curl 56 GnuTLS recv error (-54): Error in the pull function.
    fatal: The remote end hung up unexpectedly
    fatal: early EOF
    fatal: index-pack failed
    fetch_repo: exit status 128
    ERROR: Analysis of target '//runsc:runsc' failed; build aborted: Analysis failed
    INFO: Elapsed time: 1216.888s
    INFO: 0 processes.
    FAILED: Build did NOT complete successfully (241 packages loaded, 9325 targets configured)

    手动下载

    root@cloud:~/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external# git clone https://github.com/golang/sys.git
    Cloning into 'sys'...
    remote: Enumerating objects: 51, done.
    remote: Counting objects: 100% (51/51), done.
    remote: Compressing objects: 100% (38/38), done.
    remote: Total 10776 (delta 27), reused 31 (delta 13), pack-reused 10725
    Receiving objects: 100% (10776/10776), 9.09 MiB | 33.00 KiB/s, done.
    Resolving deltas: 100% (9248/9248), done.
    root@cloud:~/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external# 

    手动下载后没有这个问题了

    root@cloud:/gvisor# bazel build runsc
    DEBUG: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_toolchains/rules/rbe_repo/version_check.bzl:68:14: 
    Current running Bazel is ahead of bazel-toolchains repo. Please update your pin to bazel-toolchains repo in your WORKSPACE file.
    DEBUG: /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/external/bazel_toolchains/rules/rbe_repo/checked_in.bzl:125:14: rbe_default not using checked in configs; Bazel version 3.7.1 was picked/selected but no checked in config was found in map {"0.20.0": ["8.0.0"], "0.21.0": ["8.0.0"], "0.22.0": ["8.0.0", "9.0.0"], "0.23.0": ["8.0.0", "9.0.0"], "0.23.1": ["8.0.0", "9.0.0"], "0.23.2": ["9.0.0"], "0.24.0": ["9.0.0"], "0.24.1": ["9.0.0"], "0.25.0": ["9.0.0"], "0.25.1": ["9.0.0"], "0.25.2": ["9.0.0"], "0.26.0": ["9.0.0"], "0.26.1": ["9.0.0"], "0.27.0": ["9.0.0"], "0.27.1": ["9.0.0"], "0.28.0": ["9.0.0"], "0.28.1": ["9.0.0"], "0.29.0": ["9.0.0"], "0.29.1": ["9.0.0", "10.0.0"], "1.0.0": ["9.0.0", "10.0.0"], "1.0.1": ["10.0.0"], "1.1.0": ["10.0.0"], "1.2.0": ["10.0.0"], "1.2.1": ["10.0.0"], "2.0.0": ["10.0.0"], "2.1.0": ["10.0.0"], "2.1.1": ["10.0.0", "11.0.0"], "2.2.0": ["11.0.0"], "3.0.0": ["11.0.0"], "3.1.0": ["11.0.0"]}
    INFO: Analyzed target //runsc:runsc (88 packages loaded, 2268 targets configured).
    INFO: Found 1 target...
    ERROR: /gvisor/runsc/cmd/BUILD:5:11: GoCompilePkg runsc/cmd/cmd.a failed (Exit 1): builder failed: error executing command bazel-out/host/bin/external/go_sdk/builder compilepkg -sdk external/go_sdk -installsuffix linux_arm64 -src runsc/cmd/boot.go -src runsc/cmd/capability.go -src runsc/cmd/checkpoint.go -src ... (remaining 119 argument(s) skipped)
    
    Use --sandbox_debug to see verbose messages from the sandbox builder failed: error executing command bazel-out/host/bin/external/go_sdk/builder compilepkg -sdk external/go_sdk -installsuffix linux_arm64 -src runsc/cmd/boot.go -src runsc/cmd/capability.go -src runsc/cmd/checkpoint.go -src ... (remaining 119 argument(s) skipped)
    
    Use --sandbox_debug to see verbose messages from the sandbox
    compilepkg: missing strict dependencies:
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/boot.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/checkpoint.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/create.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/debug.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/delete.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/do.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/error.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/events.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/exec.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/gofer.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/help.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/install.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/kill.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/list.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/pause.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/ps.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/restore.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/resume.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/run.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/spec.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/start.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/state.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/statefile.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/symbolize.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/syscalls.go: import of "github.com/google/subcommands"
            /root/.cache/bazel/_bazel_root/5c091e64dca9ad5afc61f8dabe991a85/sandbox/linux-sandbox/1614/execroot/__main__/runsc/cmd/wait.go: import of "github.com/google/subcommands"
    No dependencies were provided.
    Check that imports in Go sources match importpath attributes in deps.
    Target //runsc:runsc failed to build
    Use --verbose_failures to see the command lines of failed build steps.
    INFO: Elapsed time: 265.492s, Critical Path: 40.69s
    INFO: 1650 processes: 37 internal, 1613 linux-sandbox.
    FAILED: Build did NOT complete successfully
    root@cloud:/gvisor# 
  • 相关阅读:
    对日期和时间的处理 NSCalendar
    常用的预处理器指令
    NSString常用方法
    UINavigationBar导航栏相关设置
    Xcode和github入门详细教程
    IOS项目集成ShareSDK实现第三方登录、分享、关注等功能
    ios设备 分辨率(转)
    iOS本地推送
    cunix的opencv学习经验
    mpeg压缩输入格式---打包模式和平面模式
  • 原文地址:https://www.cnblogs.com/dream397/p/14186019.html
Copyright © 2011-2022 走看看