Bug 2136503

Summary: osbuild-composer can't access /var/cache/osbuild-composer/rpmmd on package upgrade from 8.6
Product: Red Hat Enterprise Linux 8 Reporter: Tomáš Hozza <thozza>
Component: osbuild-composerAssignee: Image Builder team <osbuilders>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team-automation>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 8.7CC: atodorov, obudai
Target Milestone: rcKeywords: Patch, Triaged, Upstream, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: osbuild-composer-67-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2136504 2136532 (view as bug list) Environment:
Last Closed: 2023-05-16 08:27:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2136532    

Description Tomáš Hozza 2022-10-20 13:23:19 UTC 
Description of problem:
dnf-json previously ran as a service, and the
/var/cache/osbuild-composer/rpmmd directory and files were owned by root. As a script called from osbuild-composer those directories and files need to be owned by _osbuild-composer:_osbuild-composer, otherwise it will not be able to depsolve after an upgrade from the previous implementation.



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install the latest osbuild-composer package from the latest RHEL 8.6.
2. Start osbuild-composer.socket.
3. Create a testing blueprint and push it to composer using composer-cli
4. sudo composer-cli projects list
5. Upgrade the osbuild-composer package to the latest 8.7 rpm
6. sudo composer-cli projects list

Actual results:
Error such as:
[core@localhost ~]$ sudo composer-cli projects list
ERROR: ProjectsError: msg: DNF error occurred: RepoError: There was a problem reading a repository: Cannot create repo destination directory "/var/cache/osbuild-composer/rpmmd/5b1a6a9dd5657b1991ac6c2ffac793693229b8f1276abbcb83072907cde93b7a-abf9ed1cf56274b5": Permission denied

Expected results:
no permissions-related error on the var/cache/osbuild-composer/rpmmd folder

Additional info:
This can be worked around by removing the
/var/cache/osbuild-composer/rpmmd directory and restarting the service or rebooting.

Related:
https://github.com/osbuild/osbuild-composer/issues/3079
https://github.com/osbuild/osbuild-composer/pull/3085
Comment 6 Alexander Todorov 2023-02-14 14:15:04 UTC 
# rpm -q osbuild-composer 
osbuild-composer-46.1-1.el8.x86_64

# ls -ld /var/cache/osbuild-composer/rpmmd/
drwxr-xr-x. 4 root root 211 Feb 14 08:52 /var/cache/osbuild-composer/rpmmd/


After upgrade:

# rpm -q osbuild-composer
osbuild-composer-73-1.el8.x86_64

# ls -ld /var/cache/osbuild-composer/rpmmd/
drwxr-xr-x. 18 _osbuild-composer _osbuild-composer 8192 Feb 14 09:07 /var/cache/osbuild-composer/rpmmd/


# composer-cli blueprints depsolve RHEL8-VMWare-CIS - WORKS w/o error

# composer-cli projects list - WORKS w/o error
Comment 8 errata-xmlrpc 2023-05-16 08:27:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Image Builder security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2780