1343138 – Fedora container image does not contain /run/lock

Bug 1343138 - Fedora container image does not contain /run/lock

Summary: Fedora container image does not contain /run/lock

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	spin-kickstarts
Sub Component:
Version:	25
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Jeroen van Meeuwen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-06-06 15:23 UTC by Jan Pazdziora
Modified:	2017-12-11 13:42 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-12-11 13:42:33 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jan Pazdziora 2016-06-06 15:23:11 UTC

Description of problem:

Fedora container image does not contain /run/lock which causes packages that have content for /run/lock to fail to install. 

Version-Release number of selected component (if applicable):

fedora:23
fedora:rawhide

How reproducible:

Deterministic.

Steps to Reproduce:
1. $ docker run --rm -ti fedora:23 dnf install -y opencryptoki

Actual results:

Fedora 23 - x86_64                               58 MB/s |  43 MB     00:00    
Fedora 23 - x86_64 - Updates                     51 MB/s |  23 MB     00:00    
Last metadata expiration check performed 0:00:11 ago on Mon Jun  6 15:19:46 2016.
Dependencies resolved.
================================================================================
 Package                    Arch         Version            Repository     Size
================================================================================
Installing:
 opencryptoki               x86_64       3.4.1-1.fc23       updates       101 k
 opencryptoki-icsftok       x86_64       3.4.1-1.fc23       updates       228 k
 opencryptoki-libs          x86_64       3.4.1-1.fc23       updates        45 k

Transaction Summary
================================================================================
Install  3 Packages

Total download size: 373 k
Installed size: 1.0 M
Downloading Packages:
(1/3): opencryptoki-libs-3.4.1-1.fc23.x86_64.rp 326 kB/s |  45 kB     00:00    
(2/3): opencryptoki-3.4.1-1.fc23.x86_64.rpm     723 kB/s | 101 kB     00:00    
(3/3): opencryptoki-icsftok-3.4.1-1.fc23.x86_64 1.4 MB/s | 228 kB     00:00    
--------------------------------------------------------------------------------
Total                                           278 kB/s | 373 kB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : opencryptoki-libs-3.4.1-1.fc23.x86_64                       1/3 
  Installing  : opencryptoki-icsftok-3.4.1-1.fc23.x86_64                    2/3 
  Installing  : opencryptoki-3.4.1-1.fc23.x86_64                            3/3 
Error unpacking rpm package opencryptoki-3.4.1-1.fc23.x86_64
Error unpacking rpm package opencryptoki-3.4.1-1.fc23.x86_64
error: unpacking of archive failed on file /var/lock/opencryptoki: cpio: mkdir
opencryptoki-3.4.1-1.fc23.x86_64 was supposed to be installed but is not!
  Verifying   : opencryptoki-3.4.1-1.fc23.x86_64                            1/3 
  Verifying   : opencryptoki-libs-3.4.1-1.fc23.x86_64                       2/3 
  Verifying   : opencryptoki-icsftok-3.4.1-1.fc23.x86_64                    3/3 

Installed:
  opencryptoki-icsftok.x86_64 3.4.1-1.fc23                                      
  opencryptoki-libs.x86_64 3.4.1-1.fc23                                         

Failed:
  opencryptoki.x86_64 3.4.1-1.fc23                                              

Complete!

Expected results:

No errors, package opencryptoki installed.

Additional info:

This is primarily a packaging guidelines / policy issue. Either opencryptoki should not specify /run/lock/%{name}/ (but then https://fedoraproject.org/wiki/Packaging:Tmpfiles.d likely should be amended to be explicit about it) or the base image should contain the /run directories.

This was also brought to the devel mailing list https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/U2R34HF2IYWX7CVNONIW7HIKIQTYPBKN/ where it did not gather any ideas.

It was also filed as https://fedorahosted.org/fesco/ticket/1585.

This is a copy of https://fedorahosted.org/spin-kickstarts/ticket/62.

Comment 1 Kevin Fenzi 2016-06-06 22:05:04 UTC

Lets see what FPC says on this one...

Comment 2 Jan Pazdziora 2016-07-15 11:08:34 UTC

In https://fedorahosted.org/fpc/ticket/629#comment:9, we got:

   * Also ping the upstream container tools about fixing their tools for
     this issue.  (geppetto, 17:16:53)

Also, CentOS fixed their images via:

   https://github.com/CentOS/sig-cloud-instance-images/issues/46

Can Fedora images be fixed to container /run/lock (which will also make the dangling /var/lock symlink go away)?

Comment 3 Adam Miller 2016-07-22 21:00:25 UTC

https://pagure.io/fedora-kickstarts/pull-request/35

Comment 4 Adam Miller 2016-07-22 21:07:21 UTC

F23: https://pagure.io/fedora-kickstarts/pull-request/36
F24: https://pagure.io/fedora-kickstarts/pull-request/37

Comment 5 Jan Pazdziora 2016-08-01 07:25:22 UTC

I can see the pull requests merged.

When is the next respin of the Fedora base images expected?

Comment 6 Adam Miller 2016-08-11 19:44:57 UTC

They are available nightly with the compose, I'll get some images out though. I meant to do this before Flock but it just didn't happen.

I'll update the BZ with info once I get them pushed up to the Docker Hub.

Comment 7 Adam Miller 2016-08-15 16:00:37 UTC

https://github.com/docker-library/official-images/pull/2055

Comment 8 Jan Pazdziora 2016-08-22 06:58:14 UTC

I can see that

REPOSITORY       TAG     IMAGE ID            CREATED             SIZE
docker.io/fedora 24      11a5107645d4        6 days ago          204.4 MB

has the issue addressed:

$ docker run -ti fedora:24 ls -la /run/lock
total 0
drwxr-xr-x.  3 root root  20 Aug 15 05:19 .
drwxr-xr-x. 11 root root 160 Aug 22 06:51 ..
drwxr-xr-x.  2 root root   6 Aug 15 05:19 subsys
$ docker run --rm -ti fedora:24 dnf install -y opencryptoki
[...]
  Installing  : opencryptoki-libs-3.5-1.fc24.x86_64                         1/3 
  Installing  : opencryptoki-icsftok-3.5-1.fc24.x86_64                      2/3 
  Installing  : opencryptoki-3.5-1.fc24.x86_64                              3/3 
Failed to connect to bus: No such file or directory
  Verifying   : opencryptoki-3.5-1.fc24.x86_64                              1/3 
  Verifying   : opencryptoki-libs-3.5-1.fc24.x86_64                         2/3 
  Verifying   : opencryptoki-icsftok-3.5-1.fc24.x86_64                      3/3 

Installed:
  opencryptoki.x86_64 3.5-1.fc24        opencryptoki-icsftok.x86_64 3.5-1.fc24  
  opencryptoki-libs.x86_64 3.5-1.fc24  

Complete!

However, fedora:rawhide which seems to have been built on the same day, is still missing /run/lock:

REPOSITORY       TAG     IMAGE ID            CREATED             SIZE
docker.io/fedora rawhide 3bcdeb6ee43b        6 days ago          174 MB

$ docker run --rm -ti fedora:rawhide dnf install -y opencryptoki
[...]
  Installing  : opencryptoki-libs-3.5-1.fc25.x86_64                         1/3 
  Installing  : opencryptoki-icsftok-3.5-1.fc25.x86_64                      2/3 
  Installing  : opencryptoki-3.5-1.fc25.x86_64                              3/3 
Error unpacking rpm package opencryptoki-3.5-1.fc25.x86_64
Error unpacking rpm package opencryptoki-3.5-1.fc25.x86_64
error: unpacking of archive failed on file /var/lock/opencryptoki: cpio: mkdir
opencryptoki-3.5-1.fc25.x86_64 was supposed to be installed but is not!
  Verifying   : opencryptoki-3.5-1.fc25.x86_64                              1/3 
  Verifying   : opencryptoki-libs-3.5-1.fc25.x86_64                         2/3 
  Verifying   : opencryptoki-icsftok-3.5-1.fc25.x86_64                      3/3 

Installed:
  opencryptoki-icsftok.x86_64 3.5-1.fc25   opencryptoki-libs.x86_64 3.5-1.fc25  

Failed:
  opencryptoki.x86_64 3.5-1.fc25                                                

Complete!
$ docker run -ti fedora:rawhide ls -la /run/lock
ls: cannot access '/run/lock': No such file or directory

Any chance of getting the fix to fedora:rawhide image as well?

Comment 9 Jan Pazdziora 2016-09-15 17:11:29 UTC

Let me reopen this so that we don't lose the information that fix is still needed for fedora:rawhide image.

Comment 10 Fedora End Of Life 2016-11-25 09:13:39 UTC

This message is a reminder that Fedora 23 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 23. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '23'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 23 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 11 Jan Pazdziora 2016-11-25 13:52:36 UTC

So, situation with images pulled from registry as of today:

# for i in 23 24 25 rawhide ; do echo fedora:$i: ; docker run --rm -ti fedora:$i ls -la /run ; done
fedora:23:
total 0
drwxr-xr-x.  3 root root  21 Nov 25 13:52 .
drwxr-xr-x. 18 root root 260 Nov 25 13:52 ..
drwxr-xr-x.  2 root root   6 Nov 25 13:52 secrets
fedora:24:
total 4
drwxr-xr-x. 11 root root 160 Nov 25 13:52 .
drwxr-xr-x. 18 root root 260 Nov 25 13:52 ..
drwxr-xr-x.  2 root root   6 Aug 15 05:19 console
drwxr-xr-x.  2 root root   6 Aug 15 05:19 faillock
drwxr-xr-x.  3 root root  20 Aug 15 05:19 lock
drwxr-xr-x.  2 root root   6 Aug 15 05:19 log
-rw-r--r--.  1 root root  42 Aug 15 05:19 nologin
drwxr-xr-x.  2 root root   6 Nov 25 13:52 secrets
drwxr-xr-x.  2 root root   6 Aug 15 05:19 sepermit
drwxr-xr-x.  2 root root   6 Aug 15 05:19 setrans
drwxr-xr-x.  9 root root 113 Aug 15 05:19 systemd
drwxr-xr-x.  2 root root   6 Aug 15 05:19 user
-rw-rw-r--.  1 root utmp   0 Aug 15 05:19 utmp
fedora:25:
total 0
drwxr-xr-x.  3 root root  21 Nov 25 13:52 .
drwxr-xr-x. 18 root root 260 Nov 25 13:52 ..
drwxr-xr-x.  2 root root   6 Nov 25 13:52 secrets
fedora:rawhide:
total 0
drwxr-xr-x.  3 root root  21 Nov 25 13:52 .
drwxr-xr-x. 18 root root 260 Nov 25 13:52 ..
drwxr-xr-x.  2 root root   6 Nov 25 13:52 secrets

So fedora:24 got fixed by fedora:25 and fedora:rawhide lost the fix again.

Comment 12 Dusty Mabe 2017-02-01 04:58:50 UTC

I merged a bunch of changes into rawhide dockerfile that should fix this I believe once the images start building again. 

https://pagure.io/fedora-kickstarts/pull-request/119

Comment 13 Jan Pazdziora 2017-02-27 04:53:46 UTC

(In reply to Dusty Mabe from comment #12)
> I merged a bunch of changes into rawhide dockerfile that should fix this I
> believe once the images start building again. 

What is the plan / process to start the image building?

Comment 14 Dusty Mabe 2017-02-27 15:05:11 UTC

hey jan,

for rawhide, they are actively trying to get a full rawhide compose done. Once a compose completes successfully then this will be available in the rawhide image (and presumably f26). Let me know if I did not answer your question.

Comment 15 Fedora End Of Life 2017-11-16 18:34:06 UTC

This message is a reminder that Fedora 25 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 25. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '25'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 25 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

Comment 16 Jan Pazdziora 2017-11-29 14:15:16 UTC

fedora:26, fedora:27, and fedora:rawhide contain /run/lock:

$ for i in 23 24 25 26 27 rawhide ; do echo fedora:$i: ; docker run --rm -ti fedora:$i ls -la /run/lock ; done

So maybe this should be CLOSED CURRENTRELEASE?

Comment 17 Dusty Mabe 2017-12-11 13:42:33 UTC

sure

Note You need to log in before you can comment on or make changes to this bug.