Bug 2136504

Summary: osbuild-composer can't access /var/cache/osbuild-composer/rpmmd on package upgrade from 9.0
Product: Red Hat Enterprise Linux 9 Reporter: Tomáš Hozza <thozza>
Component: osbuild-composerAssignee: Image Builder team <osbuilders>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team-automation>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 9.0CC: atodorov, obudai, osbuilders, release-test-team-automation
Target Milestone: rcKeywords: Patch, Triaged, Upstream, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: osbuild-composer-67-2.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2136503
: 2136533 (view as bug list) Environment:
Last Closed: 2023-05-09 07:32:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2136533    

Description Tomáš Hozza 2022-10-20 13:28:30 UTC 
Description of problem:
dnf-json previously ran as a service, and the
/var/cache/osbuild-composer/rpmmd directory and files were owned by root. As a script called from osbuild-composer those directories and files need to be owned by _osbuild-composer:_osbuild-composer, otherwise it will not be able to depsolve after an upgrade from the previous implementation.



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install the latest osbuild-composer package from the latest RHEL 9.0.
2. Start osbuild-composer.socket.
3. Create a testing blueprint and push it to composer using composer-cli
4. sudo composer-cli projects list
5. Upgrade the osbuild-composer package to the latest 9.1 rpm
6. sudo composer-cli projects list

Actual results:
Error such as:
[core@localhost ~]$ sudo composer-cli projects list
ERROR: ProjectsError: msg: DNF error occurred: RepoError: There was a problem reading a repository: Cannot create repo destination directory "/var/cache/osbuild-composer/rpmmd/5b1a6a9dd5657b1991ac6c2ffac793693229b8f1276abbcb83072907cde93b7a-abf9ed1cf56274b5": Permission denied

Expected results:
no permissions-related error on the var/cache/osbuild-composer/rpmmd folder

Additional info:
This can be worked around by removing the
/var/cache/osbuild-composer/rpmmd directory and restarting the service or rebooting.

Related:
https://github.com/osbuild/osbuild-composer/issues/3079
https://github.com/osbuild/osbuild-composer/pull/3085
Comment 6 Alexander Todorov 2023-02-13 11:25:06 UTC 
On a RHEL-9.0.0 system:

# rpm -q osbuild-composer
osbuild-composer-46.2-1.el9_0.x86_64

# systemctl start osbuild-composer.socket

# cat py3.toml 
name = "py3"
description = "A base ostree image with Python 3"
version = "0.0.1"
modules = []
groups = []

[[packages]]
name = "python3"
version = "*"

# composer-cli blueprints push py3.toml

# composer-cli blueprints list
py3

# subscription-manager register

# subscription-manager status
+-------------------------------------------+
   System Status Details
+-------------------------------------------+
Overall Status: Disabled
Content Access Mode is set to Simple Content Access. This host has access to content, regardless of subscription status.

System Purpose Status: Disabled

# subscription-manager list
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name: Red Hat Enterprise Linux for x86_64
Product ID:   479
Version:      9.0
Arch:         x86_64

# composer-cli blueprints depsolve py3
ERROR: BlueprintsError: py3: RHSM secrets not found on the host for this baseurl: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os
blueprint: py3 v0.0.1


@Tomas,
I am missing something here but not sure what. I can't depsolve in order to reproduce the bug. Any ideas ?
Comment 7 Brian Lane 2023-02-13 17:50:28 UTC 
Did you restart osbuild-composer / reboot after setting up the subscription? It only loads the cert at startup.
Comment 8 Alexander Todorov 2023-02-14 11:12:10 UTC 
(In reply to Brian Lane from comment #7)
> Did you restart osbuild-composer / reboot after setting up the subscription?
> It only loads the cert at startup.

I didn't. That worked. Thanks.
Comment 9 Alexander Todorov 2023-02-14 11:33:33 UTC 
After restart and a successful depsolve/projects list I see:

# ls -ld /var/cache/osbuild-composer/rpmmd/
drwxr-xr-x. 4 root root 4096 Feb 14 06:12 /var/cache/osbuild-composer/rpmmd/


After upgrade ....

# rpm -qa | grep osbuild
osbuild-composer-dnf-json-73-1.el9.x86_64
osbuild-composer-core-73-1.el9.x86_64
python3-osbuild-77-1.el9.noarch
osbuild-77-1.el9.noarch
osbuild-selinux-77-1.el9.noarch
osbuild-luks2-77-1.el9.noarch
osbuild-lvm2-77-1.el9.noarch
osbuild-ostree-77-1.el9.noarch
osbuild-composer-worker-73-1.el9.x86_64
osbuild-composer-73-1.el9.x86_64


# ls -ld /var/cache/osbuild-composer/rpmmd/
drwxr-xr-x. 20 _osbuild-composer _osbuild-composer 8192 Feb 14 06:23 /var/cache/osbuild-composer/rpmmd/
Comment 12 errata-xmlrpc 2023-05-09 07:32:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Image Builder security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2204