bubblewrap on Ubuntu 16.04

[hcarty]

bubblewrap is not available in Ubuntu 16.04's package repository. What is the right approach to fixing/addressing this for users?

[rjbou]

It seems that it will be available in xenial backports. Meanwhile, there is an available PPA (cf. main issue).
You can also try to compile it from sources.
Last option would be to disable sandboxing (cf. FAQ entry), but it's strongly not recommended.

[mseri]

I don't have root access, so I ended up taking the actual bubblewrap binary from the artful deb that seems to work fine

[hcarty]

Thank you @rjbou and @mseri.

[duxinxiao]

I have to say, it's really difficult to start OCaml project.
First of all, I just want to use tezos-client to 'Delegate' my token, I found there are no way but build by myself. Okay, so I install opam, ocaml etc, then I found vesion is not compatible. There almost no document tell me how to upgrade opam or ocaml. So I download it from github release page.
After that, I found I need bubblewrap, okay bubblewrap, when I enter into its github page, I can't see any installation guide. Thanks god I saw this issues, I don't want enter into OCaml world anymore, cause it's hard to find document or any other guide

[duxinxiao]

I notice this PPA is out of date, it still cant work

[rjbou]

@duxinxiao We are sorry that you had trouble installing this toolstack. The documentation is available on the appropriate websites, though:

• Install ocaml
• Install/upgrade opam1.2
• Install/upgrade opam2.0
• Also some frequently asked questions: opam1.2 and opam2.0.

If you only want to upgrade your system ocaml version, you can build another compiler version from source.
If you prefer to use opam, you can have multiple ocaml version installed, using what is called switch: 1.2 doc and 2.0 doc.

I notice this PPA is out of date, it still cant work

Bubblewrap unvalaibality on some distribution is a known problem. Did you tried @mseri proposal?

I just want to use tezos-client to 'Delegate' my token

You can also find in this tutorial, how to build a betanet node, and specifically, the opam setup for some tezos code.

[duxinxiao]

@rjbou Thanks for your patiently reply, I just read it and know the hole things. My OCaml environment is on the way, glad to enter into new world. Thanks again!

[xavierleroy]

The bwrap version from the PPA (version 0.1.2) lacks the --new-session option, causing the creation of the initial switch to fail:

#=== ERROR while compiling ocaml-system.4.02.3 ================================#
# context     2.0.0 | linux/x86_64 |  | https://opam.ocaml.org#b09e8324
# path        ~/.opam/default/.opam-switch/build/ocaml-system.4.02.3
# command     ~/.opam/opam-init/hooks/sandbox.sh build ocaml gen_ocaml_config.ml
# exit-code   1
# env-file    /tmp/opam-xleroy-648/ocaml-system-648-b76d46.env
# output-file /tmp/opam-xleroy-648/ocaml-system-648-b76d46.out
### output ###
# Unknown option --new-session

That plus the choice of requiring bwrap by default (rather than use it if it is there) make OPAM 2.0 largely unusable on Ubutu 16.04.

[xavierleroy]

opam init --disable-sandboxing stops early and doesn't install any switch.
opam switch 4.07.0 fails with "The 'bwrap' command was not found".
Commenting out the wrap-*-commands lines in .opam/config and doing opam switch 4.07.0 still fails with "The 'bwrap' command was not found".
The explanations in the FAQ are wrong, and I still can't get OPAM 2.0 to work on my Ubuntu 16.04 system. Good thing I made a backup of the OPAM 1.2 installation.

[AltGr]

Sorry for the trouble. The documentation is not very explicit on the subject, but --disable-sandboxing only works for a first initialisation, not if the opam root is already present. We'll fix it to at least tell when it did nothing. I guess that first removing the ~/.opam directory would have given the results you expected (had the bwrap command be completely absent, the directory wouldn't have been created, but here the initial checks passed).

Your next step was the right one, however, and removing all three wrap-*-commands: from the config file should definitely bypass any kind of sandboxing. I'll check to see if anything could have gone wrong there, but there are no references to that tool in the code except for the initial checks and configuration that appears there.

As for making use of bwrap the default... it's indeed a fairly new tool, but making security features optional is always a very hard choice to make.
Thanks for reporting.

[boulme]

Hello,

I have just succeed in installing caml.4.07+coq.8.8.2 thanks to opam 2.0 on my Ubuntu 16.04.5 LTS (Xenial Xerus). In order to install bubblewrap, I have simply followed @mseri's hint. More precisely, I have

• downloaded bubblewrap_0.2.0-1_amd64.deb from Ubuntu artful (17.10).

• then, installed it with

      sudo dpkg -i bubblewrap_0.2.0-1_amd64.deb
  

Then, everything worked well with opam 2.0

[maroneze]

I am trying to run opam 2 on an Ubuntu 16.04 docker (prepared by someone else), and after following @boulme's instructions, it fails, maybe because the docker VM was setup with the root user by default.

Anyway, here's the error I got:

+ /root/.opam/opam-init/hooks/sandbox.sh "build" "./configure" "-prefix" "/root/.opam/default" "-with-debug-runtime" (CWD=/root/.opam/default/.opam-switch/build/ocaml-base-compiler.4.07.1)
- bwrap: Creating new namespace failed: Operation not permitted
[ERROR] The compilation of ocaml-base-compiler failed at "/root/.opam/opam-init/hooks/sandbox.sh build ./configure -prefix /root/.opam/default -with-debug-runtime".

#=== ERROR while compiling ocaml-base-compiler.4.07.1 =========================#
# context     2.0.1 | linux/x86_64 |  | https://opam.ocaml.org#d1f125cf
# path        ~/.opam/default/.opam-switch/build/ocaml-base-compiler.4.07.1
# command     ~/.opam/opam-init/hooks/sandbox.sh build ./configure -prefix /root/.opam/default -with-debug-runtime
# exit-code   1
# env-file    /tmp/opam-xxx-4493/ocaml-base-compiler-4493-f0f09f.env
# output-file /tmp/opam-xxx-4493/ocaml-base-compiler-4493-f0f09f.out
### output ###
# bwrap: Creating new namespace failed: Operation not permitted

Since it's just a VM and root is already the default user, I just did opam init --disable-sandboxing anyway. Note that after the initial failure, opam init --disable-sandboxing seems to do nothing, but it's not entirely clear to the user. I manually did a rm -rf ~/.opam and then init again to make it work.

[mseri]

You need to do opam init --disable-sandboxing --reinit, see #3634
I agree, these things are a bit obscure to find. You have to go through the whole opam init --help unless you know about them. It would be useful to have a cookbook with the common usecases... somewhat like the tldr-man thing

[abhcs]

After installing bwrap 0.3.1 from source, opam init --comp=4.05.0 fails with bwrap: Can't mkdir /home/uname/.ccache: No such file or directory. Any ideas on what may be causing this error? I have verified that the dir /home/uname/.ccache exists.

[rduplain]

I'm new to bwrap but found it very straightforward to install and use for opam v2.0.0+ tooling. I installed all tools within my $HOME directory, without needing sudo. I couldn't immediately find installation instructions in the bubblewrap project, but the .travis.yml provides direct hints. I tested this on both Ubuntu trusty and xenial.

sudo apt-get install automake autotools-dev libcap-dev
git clone https://github.com/projectatomic/bubblewrap.git
cd bubblewrap/
git checkout v0.3.1
env NOCONFIGURE=1 ./autogen.sh
mkdir build
cd build
../configure --prefix=$HOME
make
install -c bwrap $HOME/bin

The build is very fast, resulting in the bwrap binary that you need. Note that the instructions above use install directly on the binary. (If you instead call make install, you'll hit an error by which make install attempts to install bash-completion system-wide, and without sudo, this will have permissions errors. But it will have installed bwrap to $HOME/bin.)

I already have $HOME/bin in my PATH. Add it, via .bashrc, if it's not already there (starting a new shell after adding this line):

export PATH=$HOME/bin:"$PATH"

Then, you are all set to use opam with sandboxing.

[dwayne]

I was able to get bwrap installed in the following way:

• Download bubblewrap_0.2.1-1ubuntu0.1_i386.deb from Ubuntu 18.04 LTS (Bionic) at https://packages.ubuntu.com/bionic/bubblewrap.
• Then install with sudo dpkg -i bubblewrap_0.2.1-1ubuntu0.1_i386.deb.

This worked for me with opam 2.0.3 on Ubuntu 16.04 LTS (Xenial).

[loscil06]

I'm new to bwrap but found it very straightforward to install and use for opam v2.0.0+ tooling. I installed all tools within my $HOME directory, without needing sudo. I couldn't immediately find installation instructions in the bubblewrap project, but the .travis.yml provides direct hints. I tested this on both Ubuntu trusty and xenial.

sudo apt-get install automake autotools-dev libcap-dev
git clone https://github.com/projectatomic/bubblewrap.git
cd bubblewrap/
git checkout v0.3.1
env NOCONFIGURE=1 ./autogen.sh
mkdir build
cd build
../configure --prefix=$HOME
make
install -c bwrap $HOME/bin

The build is very fast, resulting in the bwrap binary that you need. Note that the instructions above use install directly on the binary. (If you instead call make install, you'll hit an error by which make install attempts to install bash-completion system-wide, and without sudo, this will have permissions errors. But it will have installed bwrap to $HOME/bin.)

I already have $HOME/bin in my PATH. Add it, via .bashrc, if it's not already there (starting a new shell after adding this line):

export PATH=$HOME/bin:"$PATH"

Then, you are all set to use opam with sandboxing.

You also need to have installed pkg-config, or else the step env NOCONFIGURE=1 ./autogen.sh will fail.

[AnonimousX1]

I'm new to bwrap but found it very straightforward to install and use for opam v2.0.0+ tooling. I installed all tools within my $HOME directory, without needing sudo. I couldn't immediately find installation instructions in the bubblewrap project, but the .travis.yml provides direct hints. I tested this on both Ubuntu trusty and xenial.

sudo apt-get install automake autotools-dev libcap-dev
git clone https://github.com/projectatomic/bubblewrap.git
cd bubblewrap/
git checkout v0.3.1
env NOCONFIGURE=1 ./autogen.sh
mkdir build
cd build
../configure --prefix=$HOME
make
install -c bwrap $HOME/bin

The build is very fast, resulting in the bwrap binary that you need. Note that the instructions above use install directly on the binary. (If you instead call make install, you'll hit an error by which make install attempts to install bash-completion system-wide, and without sudo, this will have permissions errors. But it will have installed bwrap to $HOME/bin.)
I already have $HOME/bin in my PATH. Add it, via .bashrc, if it's not already there (starting a new shell after adding this line):

export PATH=$HOME/bin:"$PATH"

Then, you are all set to use opam with sandboxing.

You also need to have installed pkg-config, or else the step env NOCONFIGURE=1 ./autogen.sh will fail.

'root@localhost:~/bubblewrap# env NOCONFIGURE=1 ./autogen.sh
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force 
autoreconf: configure.ac: tracing
autoreconf: configure.ac: creating directory build-aux
autoreconf: configure.ac: not using Libtool
autoreconf: running: /usr/bin/autoconf --force
autoreconf: running: /usr/bin/autoheader --force
autoreconf: running: automake --add-missing --copy --force-missing
configure.ac:7: installing 'build-aux/compile'
configure.ac:9: installing 'build-aux/install-sh'
configure.ac:9: installing 'build-aux/missing'
configure.ac:120: installing 'build-aux/tap-driver.sh'

> **Makefile-bwrap.am:2: warning: source file '$(bwrap_srcpath)/bubblewrap.c' is in a subdirectory,
> Makefile-bwrap.am:2: but option 'subdir-objects' is disabled
> Makefile.am:22:   'Makefile-bwrap.am' included from here
> automake: warning: possible forward-incompatibility.
> automake: At least a source file is in a subdirectory, but the 'subdir-objects'
> automake: automake option hasn't been enabled.  For now, the corresponding output
> automake: object file(s) will be placed in the top-level directory.  However,
> automake: this behaviour will change in future Automake versions: they will
> automake: unconditionally cause object files to be placed in the same subdirectory
> automake: of the corresponding sources.
> automake: You are advised to start using 'subdir-objects' option throughout your
> automake: project, to avoid future incompatibilities.
> Makefile-bwrap.am:2: warning: source file '$(bwrap_srcpath)/bind-mount.c' is in a subdirectory,
> Makefile-bwrap.am:2: but option 'subdir-objects' is disabled
> Makefile.am:22:   'Makefile-bwrap.am' included from here
> Makefile-bwrap.am:2: warning: source file '$(bwrap_srcpath)/network.c' is in a subdirectory,
> Makefile-bwrap.am:2: but option 'subdir-objects' is disabled
> Makefile.am:22:   'Makefile-bwrap.am' included from here
> Makefile-bwrap.am:2: warning: source file '$(bwrap_srcpath)/utils.c' is in a subdirectory,
> Makefile-bwrap.am:2: but option 'subdir-objects' is disabled
> Makefile.am:22:   'Makefile-bwrap.am' included from here
> Makefile.am:32: warning: deprecated feature: target 'test-bwrap' overrides 'test-bwrap$(EXEEXT)'
> Makefile.am:32: change your target to read 'test-bwrap$(EXEEXT)'
> /usr/share/automake-1.16/am/program.am: target 'test-bwrap$(EXEEXT)' was defined here
> Makefile.am:30:   while processing program 'test-bwrap'
> Makefile.am: installing 'build-aux/depcomp'
> parallel-tests: installing 'build-aux/test-driver'
> autoreconf: Leaving directory

 `.'

**
how do I resolve these issues?

[rjbou]

@AnonimousX1 This is a bubblewrap issue, please refer to their bug report tracker, unless @loscil06 or @dwayne have a hint?
I'm closing this issue as it is no more directly opam related.

[Lechatelia]

I was able to get bwrap installed in the following way:

• Download bubblewrap_0.2.1-1ubuntu0.1_i386.deb from Ubuntu 18.04 LTS (Bionic) at https://packages.ubuntu.com/bionic/bubblewrap.
• Then install with sudo dpkg -i bubblewrap_0.2.1-1ubuntu0.1_i386.deb.

This worked for me with opam 2.0.3 on Ubuntu 16.04 LTS (Xenial).

maybe should download bubblewrap_0.2.1-1ubuntu0.1_amd64.deb which can be installed without errors for amd64 system