Bug 2081835

Summary: networking is broken when building containers due to missing container networking package dependencies
Product: Red Hat Enterprise Linux 9 Reporter: Neal Gompa <ngompa13>
Component: buildahAssignee: Jindrich Novy <jnovy>
Status: CLOSED ERRATA QA Contact: Joy Pu <ypu>
Severity: medium Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: amurdaca, bstinson, davdunc, davide, davidmccheyne, debarshir, dwalsh, extras-qa, fedora, jnovy, jwboyer, lsm5, michel, nalin, pehunt, pthomas, rh.container.bot, santiago, tsweeney, umohnani, ypu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: buildah-1.26.1-2.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2081834
: 2081836 (view as bug list) Environment:
Last Closed: 2022-11-15 10:09:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Neal Gompa 2022-05-04 18:59:08 UTC 
+++ This bug was initially created as a clone of Bug #2081834 +++

Description of problem:
Building containers with buildah does not work because it chokes on missing container networking dependencies that exist with podman. That is, if you *just* install buildah and never install podman, buildah will not work because it cannot correctly set up networking.

This is because the package is missing the following dependencies that podman has:

Suggests: containernetworking-plugins >= 0.9.1-1
Requires: netavark
Requires: iptables
Requires: nftables


Version-Release number of selected component (if applicable):
1.25.1-1.el9

How reproducible:
Always

Steps to Reproduce:
1. Install *only* buildah
2. Use "buildah bud" with containerfiles from https://pagure.io/nginx-vts-container

Actual results:
[root@097500dd2fd6 nginx-vts-container]# buildah bud -t nginx-vts-fedora -f Containerfile.fedora 
STEP 1/9: FROM registry.fedoraproject.org/fedora:latest
Trying to pull registry.fedoraproject.org/fedora:latest...
Getting image source signatures
Copying blob 9c6cc3463716 done  
Copying config 750037c05c done  
Writing manifest to image destination
Storing signatures
STEP 2/9: RUN dnf -y install nginx nginx-mod-vts     && dnf clean all
WARN[0006] Failed to load cached network config: network podman not found in CNI cache, falling back to loading network podman from disk 
WARN[0006] 1 error occurred:
	* plugin type="tuning" failed (delete): failed to find plugin "tuning" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin]
 
error building at STEP "RUN dnf -y install nginx nginx-mod-vts     && dnf clean all": plugin type="bridge" failed (add): failed to find plugin "bridge" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin]
[root@097500dd2fd6 nginx-vts-container]# WARN[0000] pkg/bind: error detaching "/var/tmp/buildah231551455/mnt/buildah-bind-target-3": no such file or directory 
WARN[0000] pkg/bind: error removing "/var/tmp/buildah231551455/mnt/buildah-bind-target-3": no such file or directory 
WARN[0000] pkg/bind: error detaching "/var/tmp/buildah231551455/mnt/rootfs": no such file or directory 
WARN[0000] pkg/bind: error removing "/var/tmp/buildah231551455/mnt/rootfs": no such file or directory 
WARN[0000] pkg/bind: error detaching "/var/tmp/buildah231551455/mnt": no such file or directory 
WARN[0000] pkg/bind: error removing "/var/tmp/buildah231551455/mnt": no such file or directory 
ERRO[0000] no such file or directory                    
error running container: did not get container start message from parent: EOF

Expected results:
Successful build of an image.

Additional info:
This also affects Fedora, since those packages are similarly configured.
Comment 1 Neal Gompa 2022-05-04 19:19:53 UTC 
Merge request proposed: https://gitlab.com/redhat/centos-stream/rpms/buildah/-/merge_requests/125
Comment 2 Jindrich Novy 2022-05-05 06:16:07 UTC 
Agreed, this is now added.
Comment 4 Joy Pu 2022-05-13 07:33:36 UTC 
Checked with buildah-1.26.1-2.el9.x86_64.rpm the request packages are included the network related ones. So set the Tested flag.
#  rpm -qpR buildah-1.26.1-2.el9.x86_64.rpm
containers-common >= 2:1-2
iptables
libassuan.so.0()(64bit)
libc.so.6()(64bit)
libc.so.6(GLIBC_2.14)(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.28)(64bit)
libc.so.6(GLIBC_2.3.2)(64bit)
libc.so.6(GLIBC_2.3.4)(64bit)
libc.so.6(GLIBC_2.32)(64bit)
libc.so.6(GLIBC_2.33)(64bit)
libc.so.6(GLIBC_2.34)(64bit)
libc.so.6(GLIBC_2.4)(64bit)
libc.so.6(GLIBC_2.8)(64bit)
libdevmapper.so.1.02()(64bit)
libdevmapper.so.1.02(Base)(64bit)
libdevmapper.so.1.02(DM_1_02_97)(64bit)
libgpg-error.so.0()(64bit)
libgpgme.so.11()(64bit)
libgpgme.so.11(GPGME_1.0)(64bit)
libgpgme.so.11(GPGME_1.1)(64bit)
libseccomp.so.2()(64bit)
netavark
nftables
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsZstd) <= 5.4.18-1
rtld(GNU_HASH)
runc >= 1.0.0-26
slirp4netns >= 0.3-0
Comment 8 Joy Pu 2022-05-23 09:33:28 UTC 
Checked with buildah-1:1.26.1-3.el9.x86_64 and it is already fit the request. So set this to verified.
# yum deplist  buildah |grep -e netavark -e iptables -e nftables -e buildah
Last metadata expiration check: 0:19:11 ago on Mon 23 May 2022 05:07:28 AM EDT.
package: buildah-1:1.26.1-3.el9.x86_64
  dependency: iptables
   provider: iptables-nft-1.8.7-28.el9.x86_64
  dependency: netavark
   provider: netavark-2:1.0.1-34.el9.x86_64
  dependency: nftables
   provider: nftables-1:0.9.8-12.el9.i686
   provider: nftables-1:0.9.8-12.el9.x86_64

And the from the source code:
[root@kvm-06-guest17 ~]# cat rpmbuild/SPECS/buildah.spec  |grep -e netavark -e  iptables -e nftables -e containernetworking-plugins
Suggests: containernetworking-plugins >= 0.9.1-1
Requires: netavark
Requires: iptables
Requires: nftables
Comment 10 errata-xmlrpc 2022-11-15 10:09:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: buildah security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:8008