Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix yara-x build in QEMU #38328

Merged
merged 1 commit into from
Dec 25, 2024
Merged

Fix yara-x build in QEMU #38328

merged 1 commit into from
Dec 25, 2024

Conversation

egibs
Copy link
Member

@egibs egibs commented Dec 24, 2024

I noticed that running make package/yara-x would fail when using the QEMU runner.

This is due to cargo install cargo-c leveraging /tmp which is mounted as noexec in the QEMU runner:

mount -t tmpfs -o nodev,nosuid,noexec tmpfs /tmp

To comply with this restriction, this PR sets the installation root for cargo-c to $HOME/.cargo rather than /tmp.

@egibs egibs force-pushed the yara-x-qemu-friendly branch from 39a7da9 to 356be71 Compare December 24, 2024 23:10
@egibs egibs changed the title Fix yara-x build on QEMU Fix yara-x build in QEMU Dec 24, 2024
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Dec 24, 2024
@egibs egibs enabled auto-merge (squash) December 24, 2024 23:20
@egibs egibs merged commit f27e019 into wolfi-dev:main Dec 25, 2024
10 checks passed
egibs added a commit that referenced this pull request Dec 26, 2024
…imizations (#38392)

I had some local Melange changes that made #38328 appear valid when in
fact the build artifacts for `cargo-c` were still landing in `/tmp`.

This PR specifies `--target-dir` to redirect `cargo-c`'s build artifacts
to a non-`/tmp` directory to avoid running in to QEMU's `noexec` tmpfs.

Once this was fixed, the `cargo-c` install was OOM'ing with the default
`-m 4000000k` configuration so I added a memory requirement of `6Gi`
which allowed the build to succeed. Finally, I added `opt-level=3` to
build the `yara-x-capi` with all available optimizations.

---------

Signed-off-by: egibs <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants