Bug 2104464
| Summary: | [osbuild] Image builder does not support the use of a dot inside a username | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Christophe Besson <cbesson> |
| Component: | osbuild | Assignee: | Ondřej Budai <obudai> |
| Status: | CLOSED ERRATA | QA Contact: | Release Test Team <release-test-team-automation> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.6 | CC: | atodorov, jrusz, obudai, sbarcomb |
| Target Milestone: | rc | Keywords: | Patch, Reproducer, Triaged |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | osbuild-62-1.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-11-08 09:37:27 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
From IEEE Std 1003.1-2017: 3.437 User Name: A string that is used to identify a user; see also User Database. To be portable across systems conforming to POSIX.1-2017, the value is composed of characters from the portable filename character set. The <hyphen-minus> character should not be used as the first character of a portable user name. 3.282 Portable Filename Character Set The set of characters from which portable filenames are constructed. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 . _ - The last three characters are the <period>, <underscore>, and <hyphen-minus> characters, respectively. --- Based on these paragraphs, we are missing only <period>, thus I will add this into osbuild. If you found a document stating that we should support also at-symbol, I would be happy to add it as well. Sent a patch upstream: https://github.com/osbuild/osbuild/pull/1075 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Low: Image Builder security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7548 |
Description of problem: Image builder does not support the use of a dot inside a username, whereas it seems to be valid as per IEEE Std 1003.1-2001 which allows letters, digits, underscores, periods, at signs (@) and dashes. Version-Release number of selected component (if applicable): osbuild-53-2.el8 osbuild-composer-46.3-1.el8_6 How reproducible: Always Steps to Reproduce: 1. Push the below blueprint name = "dotuser" description = "reproducer user with a dot" version = "0.0.1" modules = [] groups = [] distro = "" [[customizations.user]] name = "foo.bar" password = "$6$R4EexOTlkvDDwsK8$WkL4pU.JGHSO9LmpI/SMKYbunZU.t7BYLsZs1B9m0SeOH4RBICGlbScNRl0jUri3CBwasAd/sdZMkDp4SGoBq." 2. Start a compose Actual results: osbuild-composer fails to build the image very quickly (during some pre-checks I guess). The compose log is empty and the composer does not show any relevant error. Jul 06 12:57:43 localhost.localdomain osbuild-composer[65518]: time="2022-07-06T12:57:43+02:00" level=info msg="Removing unresponsive job: 7e30f983-5de4-478b-ba9f-1531ad831845\n" func="github.com/osbuild/osbuild-composer/internal/worker.(*Server).WatchHeartbeats" file="/builddir/build/BUILD/osbuild-composer-46.3/_build/src/github.com/osbuild/osbuild-composer/internal/worker/server.go:87" Jul 06 12:57:43 localhost.localdomain osbuild-composer[65518]: time="2022-07-06T12:57:43+02:00" level=error msg="Error finishing unresponsive job: error finishing job: job ws canceled" func="github.com/osbuild/osbuild-composer/internal/worker.(*Server).WatchHeartbeats" file="/builddir/build/BUILD/osbuild-composer-46.3/_build/src/github.com/osbuild/osbuild-composer/internal/worker/server.go:90" Additional info: - stracing the composer shows it does not report properly the error causing the issue: 27710 09:24:44.445774 write(1<pipe:[138414]>, "{\"type\": \"https://osbuild.org/validation-error\", \"title\": \"JSON Schema validation failed\", \"success\": false, \"errors\": [{\"message\": \"'foo.bar' does not match any of the regexes: '^[A-Za-z0-9_][A-Za-z0-9_-]{0,31}$'\", \"path\": [\"pipelines\", 1, \"stages\", 6, \"options\", \"users\"]}]}\n", 277) = 277 <0.000041> - the regex in question comes from the JSON schema of the org.osbuild.users stage (/usr/lib/osbuild/stages/org.osbuild.users). Modifying the line 29 by inserting \\\. into the regular expression in order to allow the dot inside a username works around the issue: 21 SCHEMA = """ 22 "additionalProperties": false, 23 "properties": { 24 "users": { 25 "additionalProperties": false, 26 "type": "object", 27 "description": "Keys are usernames, values are objects giving user info.", 28 "patternProperties": { 29 "^[A-Za-z0-9_][\\\.A-Za-z0-9_-]{0,31}$": { 30 "type": "object", 31 "properties": { - note that I didn't check this updated regex is correct and still prevents an invalid name.