Bug 1943284

Summary: opm index prune will fail if the working directory does not have write permissions
Product: OpenShift Container Platform Reporter: tonyg
Component: OLMAssignee: Kevin Rizza <krizza>
OLM sub component: OLM QA Contact: xzha
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: anbhatta, bpeck, flepied, tflannag, xzha
Version: 4.6Keywords: Reopened
Target Milestone: ---   
Target Release: 4.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-18 17:29:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description tonyg 2021-03-25 17:38:55 UTC 
Description of problem:

opm index prune will fail if the working directory does not have write permissions.


Version-Release number of selected component (if applicable):


- (4.6.22) Version: version.Version{OpmVersion:"v1.14.3-34-gd0b49148", GitCommit:"d0b49148a4f476f1403c7b8fd262173789009484", BuildDate:"2021-03-13T05:04:00Z", GoOs:"linux", GoArch:"amd64"}

- (4.7.4) Version: version.Version{OpmVersion:"v1.15.4-6-ga97d366a", GitCommit:"a97d366a92d302ff2056fa2d19aa3e48b0fbc99c", BuildDate:"2021-03-20T23:23:02Z", GoOs:"linux", GoArch:"amd64"}

- (4.8.0-0.nightly-2021-03-24-200346) ersion: version.Version{OpmVersion:"v1.16.0-49-g4b5d403b", GitCommit:"4b5d403b8b91dbb1141f46087fa13a6d0649a103", BuildDate:"2021-03-24T13:31:11Z", GoOs:"linux", GoArch:"amd64"}


How reproducible:

All the time, with all the mentioned versions

Steps to Reproduce:

mkdir /tmp/fail
cd /tmp/fail
chmod u-w .
chmod o-w .

REGISTRY_AUTH_FILE=/path/to/pull-secrets.txt \
opm index prune \
  --from-index registry.redhat.io/redhat/redhat-operator-index:v${version} \
  --packages performance-addon-operator,sriov-network-operator,ptp-operator,kubevirt-hyperconverged \
  --tag ${local_registry}/redhat/redhat-operator-index:v4.6


Actual results:

INFO[0000] pruning the index                             packages="[performance-addon-operator sriov-network-operator ptp-operator kubevirt-hyperconverged]"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1724068]
                              
goroutine 1 [running]:        
github.com/operator-framework/operator-registry/pkg/lib/indexer.ImageIndexer.PruneFromIndex(0x1d8d2e0, 0xc0001d4578, 0x1dccba0, 0xc00000f9e0, 0x1d8f3e0, 0xc00000fa40, 0x0, 0x0, 0x0, 0x0, ...)                                                                
        /src/pkg/lib/indexer/indexer.go:253 +0x4c8
github.com/operator-framework/operator-registry/cmd/opm/index.runIndexPruneCmdFunc(0xc000482b00, 0xc0001a8c00, 0x0, 0x6, 0x0, 0x0)
        /src/cmd/opm/index/prune.go:120 +0x6d5
github.com/spf13/cobra.(*Command).execute(0xc000482b00, 0xc0001a8ba0, 0x6, 0x6, 0xc000482b00, 0xc0001a8ba0)
        /src/vendor/github.com/spf13/cobra/command.go:840 +0x47c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0002138c0, 0x1b806b0, 0x5, 0x0)
        /src/vendor/github.com/spf13/cobra/command.go:945 +0x336
github.com/spf13/cobra.(*Command).Execute(...)                                                                                                                                      /src/vendor/github.com/spf13/cobra/command.go:885                                                                                                                  
main.main()                          
        /src/cmd/opm/main.go:39 +0x246

Expected results:

An image should be created locally and tagged as defined.
Additional info:
Comment 1 Kevin Rizza 2021-03-25 18:40:03 UTC 
This is expected, as opm requires these permissions. In order to prune the existing image, it needs to be able to pull the old image down and unpack it locally in order to read its contents -- there is not currently a way for that to be done purely in memory. As a result, I'm closing this as NOTABUG. If you have further questions, feel free to reach out to the OLM team on our mailing list aos-odin or on our coreos slack channel forum-operator-fw.
Comment 2 Frédéric Lepied 2021-03-26 09:02:24 UTC 
I don't see how having a segfault could be considered not a bug. Anyway the command should display a meaningful error at least. And at most use a temporary directory in /tmp instead of doing it in the current directory.
Comment 3 Bill Peck 2021-04-30 15:49:10 UTC 
I'm re-opening this as it should at least report an error that it can't write to the current directory instead of just segfaulting.  I wasted time because the error message was not meaningful.
Comment 4 Bill Peck 2021-04-30 15:50:04 UTC 
https://github.com/operator-framework/operator-registry/pull/610#issuecomment-807577824

The above PR should be considered.
Comment 9 xzha 2021-08-23 09:55:32 UTC 
verified.

zhaoxia@xzha-mac fail % opm version
Version: version.Version{OpmVersion:"0ba8af9f5", GitCommit:"0ba8af9f5f4f5445a5b47a187074cc084dd6f369", BuildDate:"2021-08-23T02:57:27Z", GoOs:"darwin", GoArch:"amd64"}

zhaoxia@xzha-mac bug-1943284 % mkdir fail
zhaoxia@xzha-mac bug-1943284 % cd fail 
zhaoxia@xzha-mac fail % chmod u-w .
zhaoxia@xzha-mac fail % chmod o-w .

zhaoxia@xzha-mac fail % opm index prune --from-index registry.redhat.io/redhat/redhat-operator-index:4.8 -p performance-addon-operator,sriov-network-operator,ptp-operator,kubevirt-hyperconverged  -t quay.io/xzhao/redhat-operator-index-test:4.8
INFO[0000] pruning the index                             packages="[performance-addon-operator sriov-network-operator ptp-operator kubevirt-hyperconverged]"
Error: mkdir index_build_tmp220531695: permission denied
Usage:
  opm index prune [flags]

Flags:
  -i, --binary-image opm        container image for on-image opm command
  -c, --container-tool string   tool to interact with container images (save, build, etc.). One of: [docker, podman] (default "podman")
  -f, --from-index string       index to prune
      --generate                if enabled, just creates the dockerfile and saves it to local disk
  -h, --help                    help for prune
  -d, --out-dockerfile string   if generating the dockerfile, this flag is used to (optionally) specify a dockerfile name
  -p, --packages strings        comma separated list of packages to keep
      --permissive              allow registry load errors
  -t, --tag string              custom tag for container image being built

Global Flags:
      --skip-tls   skip TLS certificate verification for container image registries while pulling bundles or index


There is error message "mkdir index_build_tmp220531695: permission denied"
LGTM, verified.
Comment 12 errata-xmlrpc 2021-10-18 17:29:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759