Bug 2088459

Summary: [osbuild-composer] cannot build an edge container with sssd
Product: Red Hat Enterprise Linux 9 Reporter: Christophe Besson <cbesson>
Component: osbuild-composerAssignee: Image Builder team <osbuilders>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team-automation>
Severity: medium Docs Contact:
Priority: medium    
Version: 9.0CC: atodorov, obudai, qzhang, sbarcomb, thozza, xiaofwan
Target Milestone: rcKeywords: Reproducer, Triaged, WorkAround
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: osbuild-composer-51-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-15 09:50:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christophe Besson 2022-05-19 13:41:05 UTC 
Description of problem:
Using a blueprint with the 'sssd' packages leads to a transaction error due to a conditional dependencies. For a weird reason, it happens only while building an edge-container, the issue does not appear with AMI for example.

Version-Release number of selected component (if applicable):
osbuild-composer-46.3-1.el9_0

How reproducible:
Always

Steps to Reproduce:
1. Create and push the below blueprint
name = "sssd-rhel9"
description = "installing sssd fails"
version = "0.0.1"
modules = []
groups = []
distro = "rhel-90"

[[packages]]
name = "sssd"
version = "*"

2. Compose an edge-container
# composer-cli compose start-ostree --ref rhel/9/x86_64/edge sssd-rhel9 edge-container

Actual results:
 :
 :
Pipeline ostree-tree
Stage org.osbuild.rpm
Output:
 :
error: Failed dependencies:
	(libsss_sudo = 2.6.2-4.el9_0 if sudo) is needed by sssd-common-2.6.2-4.el9_0.x86_64
Traceback (most recent call last):
  File "/run/osbuild/bin/org.osbuild.rpm", line 334, in <module>
    r = main(args["tree"], args["inputs"], args["options"])
  File "/run/osbuild/bin/org.osbuild.rpm", line 288, in main
    subprocess.run([
  File "/usr/lib64/python3.9/subprocess.py", line 528, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['rpm', '--verbose', '--root', '/run/osbuild/tree', '--nosignature', '--install', '/tmp/manifest.sdfjof_h']' returned non-zero exit status 254.

Additional info:
- Adding the conditional deps in the blueprint fixes the issue (namely libsss_sudo, maybe also sudo)
Comment 1 Ondřej Budai 2022-05-23 09:47:21 UTC 
Already fixed upstream https://github.com/osbuild/osbuild-composer/pull/2568 and released in osbuild-composer-51. FWIW, the fix should be available soon in CentOS Stream.
Comment 3 Xiaofeng Wang 2022-05-24 05:59:45 UTC 
Pre-verified on upstream scratch build "osbuild-composer-54-1.20220524git5a22291.el9" on PR https://github.com/osbuild/osbuild-composer/pull/2681.
Comment 4 Christophe Besson 2022-06-20 09:40:02 UTC 
Adding another case with conditional dependencies.

Stage org.osbuild.rpm
Output:
[/usr/lib/tmpfiles.d/journal-nocow.conf:26] Failed to resolve specifier: uninitialized /etc detected, skipping
All rules containing unresolvable specifiers will be skipped.
Failed to create file /sys/fs/selinux/checkreqprot: Read-only file system
imported gpg key
imported gpg key
imported gpg key
creating a fake machine id
error: Failed dependencies:
        (osbuild-selinux if selinux-policy-targeted) is needed by osbuild-53-2.el8.noarch
        (container-selinux if selinux-policy) is needed by podman-2:4.0.2-6.module+el8.6.0+14877+f643d2d6.x86_64
        (container-selinux >= 2:2.162.1 if selinux-policy) is needed by containers-common-2:1-27.module+el8.6.0+14877+f643d2d6.x86_64
Traceback (most recent call last):
  File "/run/osbuild/bin/org.osbuild.rpm", line 334, in <module>
    r = main(args["tree"], args["inputs"], args["options"])
  File "/run/osbuild/bin/org.osbuild.rpm", line 298, in main
    ], cwd=pkgpath, check=True)
  File "/usr/lib64/python3.6/subprocess.py", line 438, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['rpm', '--verbose', '--root', '/run/osbuild/tree', '--nosignature', '--install', '/tmp/manifest.751bf2bg']' returned non-zero exit status 254.
Comment 7 Xiaofeng Wang 2022-07-07 04:28:11 UTC 
Hi Christophe!

No new osbuild and osbuild-composer packages in RHEL 9.0, could you please try it on RHEL 9.1? I verified this issue on RHEL 9.1, issue got fixed.
Verified RHEL 9.1 compose:
    http://download-node-02.eng.bos.redhat.com/rhel-9/nightly/RHEL-9/RHEL-9.1.0-20220706.0
Packages:
    osbuild-59-1.el9.noarch.rpm
    osbuild-composer-55-1.el9.x86_64.rpm
    weldr-client-35.5-2.el9.x86_64.rpm

If issue fixed, could you please update status to VERIFIED or ping me, I'll update the status. Thanks.
Comment 9 errata-xmlrpc 2022-11-15 09:50:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: Image Builder security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7950