Bug 1431400

Summary: ostrees are not building in f26
Product: [Fedora] Fedora Reporter: Dusty Mabe <dustymabe>
Component: rpm-ostreeAssignee: Colin Walters <walters>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 26CC: dustymabe, jlebon, mruckman, walters
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: AcceptedFreezeException
Fixed In Version: rpm-ostree-2017.3-2.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-14 01:40:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1349185    
Attachments:
Description Flags
test run none

Description Dusty Mabe 2017-03-12 01:12:40 UTC 
Description of problem:
rpm-ostree tries to drop network access when it runs scriptlets. In order to do this mock needs to pass systemd-nspawn args with --capability=CAP_NET_ADMIN. One way to fix this is to fix koji and pungi to pass the args:

https://pagure.io/koji/pull-request/344
https://pagure.io/pungi/pull-request/560

The other way, which we have done for now, is to make rpm-ostree not drop network access (and thus not require CAP_NET_ADMIN) by default so that we don't have to require changes to pungi/koji. 

https://github.com/projectatomic/rpm-ostree/pull/672

This is in the rpm-ostree in the following bodhi update:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-47f6ab16ca



Can we get this as a freeze exception?
Comment 1 Dusty Mabe 2017-03-12 01:15:48 UTC 

The failure you see looks something like: 
```
INFO: Running in chroot: ['/usr/bin/rpm-ostree compose tree --repo=/srv/ostreerepo/ /srv/fedora-atomic/fedora-atomic-docker-host.json']
Start: chroot ['/usr/bin/rpm-ostree compose tree --repo=/srv/ostreerepo/ /srv/fedora-atomic/fedora-atomic-docker-host.json']
Can't create loopback device
error: bwrap test failed, see <https://github.com/projectatomic/rpm-ostree/pull/429>: Executing bwrap(true): Child process exited with code 1
Finish: chroot ['/usr/bin/rpm-ostree compose tree --repo=/srv/ostreerepo/ /srv/fedora-atomic/fedora-atomic-docker-host.json']
```
Comment 2 Dusty Mabe 2017-03-12 01:21:14 UTC 
Created attachment 1262175 [details]
test run

I tested rpm-ostree-2017.3-2.fc26 in a mock environment (like is run by pungi/bodhi) and verified this update allowed for me to successfully build an ostree (also tested that the previous rpm-ostree did show the failure).

Here is an attachment with more information on how I tested.
Comment 3 Fedora Blocker Bugs Application 2017-03-12 01:27:22 UTC 
Proposed as a Freeze Exception for 26-alpha by Fedora user dustymabe using the blocker tracking app because:

 Get the ostree generated. Images aren't getting created and thus "don't boot". I don't know if Atomic is considered release blocking or not so please be nice if I'm out of line.
Comment 4 Fedora Update System 2017-03-13 13:14:54 UTC 
rpm-ostree-2017.3-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-47f6ab16ca
Comment 5 Mike Ruckman 2017-03-13 18:53:54 UTC 
Discussed in today's Blocker Review meeting. We should pull in a fix so that Atomic ostree's get build properly for Fedora Atomic.
Comment 6 Fedora Update System 2017-03-14 01:40:32 UTC 
rpm-ostree-2017.3-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.