Description of problem: Trying to use opm binary from downstream OCP 4.6 (registry.redhat.io/openshift4/ose-operator-registry:v4.6) per instructions here, https://docs.openshift.com/container-platform/4.6/cli_reference/opm-cli.html#olm-installing-opm_opm-cli Version-Release number of selected component (if applicable): OCP 4.6 How reproducible: All the time Steps to Reproduce: 1. Establish Ubuntu 18.04.4 VM 2. oc image extract registry.redhat.io/openshift4/ose-operator-registry:v4.6.0 --path /usr/bin/opm:. --confirm 3. chmod +x ./opm 4. ./opm --help Actual results: ./opm: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by ./opm) Expected results: Version: version.Version{OpmVersion:"1.12.3", GitCommit:"", BuildDate:"2020-07-01T23:18:58Z", GoOs:"linux", GoArch:"amd64"} Additional info:
Is there a min OS level for Ubuntu that is needed to run opm for OCP 4.6?
It seem Ubuntu 19.04 uses 2.29 and Ubuntu 20.04 uses 2.31 ...spun up a 20.04 VM and was able to get this to work ./opm version Version: version.Version{OpmVersion:"v1.14.3-5-gf6e5d92", GitCommit:"f6e5d9281f335472dda7110fca2c710794c97fb5", BuildDate:"2020-10-06T13:13:12Z", GoOs:"linux", GoArch:"amd64"} Unfortunately not finding a ton of options to upgrade Ubuntu 18 to 2.28 or higher, even worse default enterprise CI is using Travis with Ubuntu 18. Still looking for workaround at Ubuntu 18
The opm linux build uses dynamic linking for glibc due to the hard dependency on sqlite at this time. There are some restrictions around statically linking on linux due to cryptographic audit requirements that ensure libraries like openssl are not vulnerable. The opm provided is built in a RHEL8 container. It's good to see that you found a workaround on Ubuntu 20.04, but I'm not sure we have a workaround for Ubuntu 18.04. At this time our proposed solution is to update the official openshift 4.6 docs to describe these limitations for the opm build on linux.
So is this just a statement of downstream opm? Seems that upstream works https://github.com/operator-framework/operator-registry/releases/download/v1.14.3/linux-amd64-opm Assuming different build processes?
Yes, I believe this is the case. Downstream build is very different from upstream.
FYI, I've created DOCS PR here for adding limitation condition about glibc version: https://github.com/openshift/openshift-docs/pull/27181
At the moment we have decided to pull opm upstream as that build doesn't have the limitation for linux. This can be closed.
The doc updates(https://github.com/openshift/openshift-docs/pull/27181) looks good to me, verify it. Thanks!
*** Bug 1918088 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633