Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHBA-2016-2857.html
Description of problem: # atomic install --system --name=etcd brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhel7/etcd:latest # ostree refs rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard ociimage/76ba6342472d4504bb7a45b182e0fe355ca72f4b3a4853581e27493ba84084ac ociimage/9b88b2c7a70f3746ba74ae47b2b634466cecdb6dee647b499062bcd150c1f2e7 ociimage/221c0f90f54c915d563412571904bcdf602cf3912d37141d3d178f3ded2e395d ostree/0/1/0 ostree/0/1/1 ociimage/rhel7/etcd-latest # atomic --debug scan --scanner openscap --scan_type cve registry.access.redhat.com/rhel7 Created /run/atomic/2016-10-04-19-48-18-117671 docker run -t --rm -v /etc/localtime:/etc/localtime -v /run/atomic/2016-10-04-19-48-18-117671:/scanin -v /var/lib/atomic/openscap/2016-10-04-19-48-18-117671:/scanout:rw,Z -v /etc/oscapd:/etc/oscapd:ro rhel7/openscap oscapd-evaluate scan --no-standard-compliance --targets chroots-in-dir:///scanin --output /scanout Created /run/atomic/2016-10-04-19-48-18-117671/98a88a8b722a71835dd761c88451c681a8f1bc6e577f90d4dc8b234100bd4861 Mounted {u'Created': 1473186186, u'Labels': {u'distribution-scope': u'public', u'build-date': u'2016-09-06T14:12:54.553894Z', u'Vendor': u'Red Hat, Inc.', u'Name': u'rhel7/rhel', u'Build_Host': u'rcm-img-docker02.build.eng.bos.redhat.com', u'vcs-type': u'git', u'vcs-ref': u'08780b7a7779335cf28f64654e43c75ad9341c77', u'release': u'104', u'Version': u'7.2', u'Architecture': u'x86_64', u'Release': u'104', u'BZComponent': u'rhel-server-docker', u'Authoritative_Registry': u'registry.access.redhat.com', u'com.redhat.build-host': u'rcm-img-docker02.build.eng.bos.redhat.com', u'architecture': u'x86_64'}, 'ImageId': u'98a88a8b722a71835dd761c88451c681a8f1bc6e577f90d4dc8b234100bd4861', u'VirtualSize': 201376319, u'ParentId': u'', 'input': 'registry.access.redhat.com/rhel7', u'RepoTags': [u'registry.access.redhat.com/rhel7:latest'], u'RepoDigests': None, u'Id': u'98a88a8b722a71835dd761c88451c681a8f1bc6e577f90d4dc8b234100bd4861', 'ImageType': 'Docker', u'Size': 201376319} to /run/atomic/2016-10-04-19-48-18-117671/98a88a8b722a71835dd761c88451c681a8f1bc6e577f90d4dc8b234100bd4861 Creating the output dir at /var/lib/atomic/openscap/2016-10-04-19-48-18-117671 INFO:OpenSCAP Daemon one-off evaluator 0.1.5 INFO:Autodetected "oscap" in path "/usr/bin/oscap". INFO:Autodetected "oscap-ssh" in path "/usr/bin/oscap-ssh". INFO:Autodetected "oscap-vm" in path "/usr/bin/oscap-vm". INFO:Autodetected "oscap-docker" in path "/usr/bin/oscap-docker". INFO:Autodetected "oscap-chroot" in path "/usr/bin/oscap-chroot". WARNING:Can't import the 'docker' package. Container scanning functionality will be disabled. INFO:Autodetected SCAP content at "/usr/share/openscap/cpe/openscap-cpe-oval.xml". INFO:Autodetected SCAP content in path "/usr/share/xml/scap/ssg/content". INFO:Creating tasks directory at '/var/lib/oscapd/tasks' because it didn't exist. INFO:Creating results directory at '/var/lib/oscapd/results' because it didn't exist. INFO:Creating results work in progress directory at '/var/lib/oscapd/work_in_progress' because it didn't exist. INFO:Evaluated EvaluationSpec, exit_code=0. INFO:Had a local version of /var/lib/oscapd/cve_feeds/com.redhat.rhsa-RHEL7.xml but it wasn't new enough INFO:Evaluated EvaluationSpec, exit_code=0. INFO:[100.00%] Scanned target 'chroot:///scanin/98a88a8b722a71835dd761c88451c681a8f1bc6e577f90d4dc8b234100bd4861' registry.access.redhat.com/rhel7 (98a88a8b722a718) The following issues were found: RHSA-2016:1940: openssl security update (Important) Severity: Important RHSA URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html RHSA ID: RHSA-2016:1940-01 Associated CVEs: CVE ID: CVE-2016-2177 CVE URL: https://access.redhat.com/security/cve/CVE-2016-2177 CVE ID: CVE-2016-2178 CVE URL: https://access.redhat.com/security/cve/CVE-2016-2178 CVE ID: CVE-2016-2179 CVE URL: https://access.redhat.com/security/cve/CVE-2016-2179 CVE ID: CVE-2016-2180 CVE URL: https://access.redhat.com/security/cve/CVE-2016-2180 CVE ID: CVE-2016-2181 CVE URL: https://access.redhat.com/security/cve/CVE-2016-2181 CVE ID: CVE-2016-2182 CVE URL: https://access.redhat.com/security/cve/CVE-2016-2182 CVE ID: CVE-2016-6302 CVE URL: https://access.redhat.com/security/cve/CVE-2016-6302 CVE ID: CVE-2016-6304 CVE URL: https://access.redhat.com/security/cve/CVE-2016-6304 CVE ID: CVE-2016-6306 CVE URL: https://access.redhat.com/security/cve/CVE-2016-6306 Files associated with this scan are in /var/lib/atomic/openscap/2016-10-04-19-48-18-117671. Unmounted /run/atomic/2016-10-04-19-48-18-117671/98a88a8b722a71835dd761c88451c681a8f1bc6e577f90d4dc8b234100bd4861 g-io-error-quark: Refspec 'ociimage/9a011419912964fc07dca28c1276beee515c6d6546b1dc75cba05f6c350a6cbf-latest' not found (1) Traceback (most recent call last): File "/bin/atomic", line 186, in <module> sys.exit(_func()) File "/usr/lib/python2.7/site-packages/Atomic/scan.py", line 169, in scan self.record_environment() File "/usr/lib/python2.7/site-packages/Atomic/scan.py", line 395, in record_environment environment['images'].append(self._inspect_image(image=iid)) File "/usr/lib/python2.7/site-packages/Atomic/atomic.py", line 254, in _inspect_image return self.syscontainers.inspect_system_image(image) File "/usr/lib/python2.7/site-packages/Atomic/syscontainers.py", line 607, in inspect_system_image return self._inspect_system_branch(repo, imagebranch) File "/usr/lib/python2.7/site-packages/Atomic/syscontainers.py", line 610, in _inspect_system_branch commit_rev = repo.resolve_rev(imagebranch, False)[1] Error: g-io-error-quark: Refspec 'ociimage/9a011419912964fc07dca28c1276beee515c6d6546b1dc75cba05f6c350a6cbf-latest' not found (1) Version-Release number of selected component (if applicable): atomic-1.12.3-2.el7.x86_64 atomic host 7.3 d3fa3283db8c5ee656f78dcfc0fcffe6cd5aa06596dac6ec5e436352208a59cb How reproducible: always Additional info: ostree refs --delete ociimage/* or atomic uninstall <system containers> makes atomic scan works again.