Bug 1712245 - Unable to use shell variable in build config environment variable section when variable name includes a '.'
Summary: Unable to use shell variable in build config environment variable section whe...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.2.0
Assignee: Nalin Dahyabhai
QA Contact: wewang
URL:
Whiteboard:
: 1712855 (view as bug list)
Depends On:
Blocks: 1713681
TreeView+ depends on / blocked
 
Reported: 2019-05-21 07:16 UTC by mchoma
Modified: 2019-10-16 06:29 UTC (History)
18 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: When shell variables were referenced in build configurations which used the source-to-image build strategy, logic which attempted to produce a Dockerfile which could be used to perform the source-to-image build would incorrectly attempt to evaluate those variables. Consequence: Some shell variables would be erroneously evaluated as empty values, leading to build errors, and other variables would trigger error messages from failed attempts to evaluate them. Fix: Shell variables referenced in build configurations are now properly escaped, so that they are evaluated at the expected time. Result: These errors should no longer be observed.
Clone Of:
: 1713681 (view as bug list)
Environment:
Last Closed: 2019-10-16 06:29:13 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
build.log (1.18 KB, text/plain)
2019-05-21 07:30 UTC, mchoma 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:2922 0 None None None 2019-10-16 06:29:33 UTC

Internal Links: 1713681

Description mchoma 2019-05-21 07:16:42 UTC 
Description of problem:
Setting environment variable using shell variable, e.g. ${user.home} leads to error during build

Missing ':' in substitution: "${user.home}"


Version-Release number of selected component (if applicable):
OCP 4.1.0-rc.5

How reproducible:


Steps to Reproduce:
oc login url
oc create -f ./build_config.yaml
oc start-build env-reproducer-bc --follow

Builds ends with error
error: build error: error resolving step {Value:env Next:0xc4208e32d0 Children:[] Attributes:map[] Original:ENV OPENSHIFT_BUILD_NAME="env-reproducer-bc-2" OPENSHIFT_BUILD_NAMESPACE="default" TEST="${user.home}" Flags:[] StartLine:3 endLine:3}: Missing ':' in substitution: "${user.home}"

build_config.yaml:

kind: BuildConfig
apiVersion: build.openshift.io/v1
metadata:
  name: env-reproducer-bc
  namespace: default
spec:
  nodeSelector: null
  output: {}
  resources: {}
  successfulBuildsHistoryLimit: 5
  failedBuildsHistoryLimit: 5
  strategy:
    type: Source
    sourceStrategy:
      from:
        kind: DockerImage
        name: 'registry.access.redhat.com/jboss-eap-7/eap72-openshift:1.0'
      env:
        - name: TEST
          value: '${user.home}'
  postCommit: {}
  source:
    type: None
  triggers:
    - type: ConfigChange
  runPolicy: Serial
status:
  lastVersion: 1

Additional info:
Reproducer is working fine on OCP 3.11. 
I assume that has something to do with replacing docker with other container technologies on OCP cluster.
Comment 1 mchoma 2019-05-21 07:30:15 UTC 
Created attachment 1571511 [details]
build.log
Comment 2 XiuJuan Wang 2019-05-21 08:31:01 UTC 
Could reproduce this with customer case in 4.1.0-0.nightly-2019-05-21-005558 version.
And works with v3.11.115 and v3.10.145.
Comment 3 Adam Kaplan 2019-05-21 12:54:32 UTC 
Moving to the Containers component - bug appears to be in buildah processing the Dockerfile.

We can't call this issue closed until the issue is fixed in buildah and merged into openshift/builder. We will also want to backport the fix to 4.1.z.
Comment 4 Nalin Dahyabhai 2019-05-21 18:14:54 UTC 
Hmm, it looks like it's producing an error when the variable name includes a '.'.  When I try the logged instructions using a Dockerfile with 'docker build' (both moby-engine-18.06.3-2.ce.gitd7080c1.fc30.x86_64 or docker-1.13.1-96.gitb2f74b2.el7.x86_64), I get the same `Missing ':' in substitution: "${user.home}"` error:

  FROM registry.access.redhat.com/jboss-eap-7/eap72-openshift:1.0
  LABEL "io.openshift.build.image"="registry.access.redhat.com/jboss-eap-7/eap72-openshift:1.0" "io.openshift.build.source-location"="/tmp/build/inputs"
  ENV OPENSHIFT_BUILD_NAME="env-reproducer-bc-2" OPENSHIFT_BUILD_NAMESPACE="default" TEST="${user.home}"

A bit of experimenting with 3.11.98 suggests that for s2i builds, environment variables set in the build config weren't being expanded, and ended up being set as specified in the resulting image's config blob, and the trigger for the build failing is that we're attempting to do so now.
Comment 5 Nalin Dahyabhai 2019-05-22 00:00:30 UTC 
This looks like a combination of https://github.com/openshift/source-to-image/pull/969 and https://github.com/containers/buildah/pull/1607.
Comment 6 Paul Weil 2019-05-22 12:27:54 UTC 
*** Bug 1712855 has been marked as a duplicate of this bug. ***
Comment 15 Adam Kaplan 2019-06-10 18:06:53 UTC 
PR: https://github.com/openshift/builder/pull/76
Comment 16 Adam Kaplan 2019-06-21 17:31:17 UTC 
Wen - is this ON_QA yet? Cloned BZ for 4.1.z has been verified.
Comment 18 wewang 2019-06-25 02:01:42 UTC 
Verified version:
4.2.0-0.nightly-2019-06-24-160709
Comment 20 errata-xmlrpc 2019-10-16 06:29:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2922
Note You need to log in before you can comment on or make changes to this bug.