Bug 2042444

Summary: Build is not recognizing the USER group from an s2i image
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: BuildAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Jitendar Singh <jitsingh>
Severity: high Docs Contact:
Priority: medium    
Version: 4.6.zCC: adam.kaplan, aos-bugs, gmontero, jortizpa, nalin, pbhattac, pkumari, rsandu, spandura
Target Milestone: ---   
Target Release: 4.9.z   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-02-23 20:02:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2021551    
Bug Blocks: 2053122    

Comment 4 Priti Kumari 2022-02-15 12:55:30 UTC 
Verified with 4.9.0-0.nightly-2022-02-11-171352

=====================

> oc logs -f bc/nginx-container

Cloning "https://github.com/sclorg/nginx-container.git" ...
	Commit:	fdc9bd0d719a83c1cb61cafe72f6562a5aacff99 (Merge pull request #169 from sclorg/fix_build_and_push)
	Author:	Petr Hracek <phracek>
	Date:	Mon Feb 7 13:11:36 2022 +0100
time="2022-02-15T12:50:57Z" level=info msg="Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled"
I0215 12:50:57.623493       1 defaults.go:102] Defaulting to storage driver "overlay" with options [mountopt=metacopy=on].
Caching blobs under "/var/cache/blobs".
Trying to pull quay.io/pkumari/testing@sha256:5e6b2e85c6e2e97b79f2d96c174d71af98ba38242b8ed68e0a6467de64133598...
[...]
Adding transient rw bind mount for /run/secrets/rhsm
STEP 1/9: FROM quay.io/pkumari/testing@sha256:5e6b2e85c6e2e97b79f2d96c174d71af98ba38242b8ed68e0a6467de64133598
STEP 2/9: LABEL "io.openshift.build.image"="quay.io/pkumari/testing@sha256:5e6b2e85c6e2e97b79f2d96c174d71af98ba38242b8ed68e0a6467de64133598"       "io.openshift.build.commit.author"="Petr Hracek <phracek>"       "io.openshift.build.commit.date"="Mon Feb 7 13:11:36 2022 +0100"       "io.openshift.build.commit.id"="fdc9bd0d719a83c1cb61cafe72f6562a5aacff99"       "io.openshift.build.commit.ref"="master"       "io.openshift.build.commit.message"="Merge pull request #169 from sclorg/fix_build_and_push"       "io.openshift.build.source-location"="https://github.com/sclorg/nginx-container.git"       "io.openshift.build.source-context-dir"="1.20/test/test-app"
STEP 3/9: ENV OPENSHIFT_BUILD_NAME="nginx-container-1"     OPENSHIFT_BUILD_NAMESPACE="default"     OPENSHIFT_BUILD_SOURCE="https://github.com/sclorg/nginx-container.git"     OPENSHIFT_BUILD_COMMIT="fdc9bd0d719a83c1cb61cafe72f6562a5aacff99"
STEP 4/9: USER root
STEP 5/9: COPY upload/src /tmp/src
STEP 6/9: RUN chown -R 1001:0 /tmp/src
STEP 7/9: USER 1001
STEP 8/9: RUN /usr/libexec/s2i/assemble
---> Installing application source
---> Copying nginx.conf configuration file...
'./nginx.conf' -> '/etc/nginx/nginx.conf'
---> Copying nginx configuration files...
'./nginx-cfg/default.conf' -> '/opt/app-root/etc/nginx.d/default.conf'
---> Copying nginx default server configuration files...
'./nginx-default-cfg/alias.conf' -> '/opt/app-root/etc/nginx.default.d/alias.conf'
---> Copying nginx start-hook scripts...
STEP 9/9: CMD /usr/libexec/s2i/run
COMMIT temp.builder.openshift.io/default/nginx-container-1:8d33e774
time="2022-02-15T12:51:06Z" level=warning msg="Adding metacopy option, configured globally"
Getting image source signatures
Copying blob sha256:9eba3d93bf9f876a4ad4b370d50b428af0b857025df667b4c9f1fc9078453d84
[...]
Successfully tagged temp.builder.openshift.io/default/nginx-container-1:8d33e774
74ce3b4dd96dc36485a43119381605fc54be5b2ca9becd50ccaea58f35c2d718

Pushing image image-registry.openshift-image-registry.svc:5000/default/nginx-container:latest ...
Getting image source signatures
[...]
Successfully pushed image-registry.openshift-image-registry.svc:5000/default/nginx-container@sha256:46eda5fd72f315e0e9c4733090b17cc271a7cc6b9e5fa1a8770a0fa01add851f
Push successful
Comment 7 errata-xmlrpc 2022-02-23 20:02:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.22 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0561