Bug 1943284 - opm index prune will fail if the working directory does not have write permissions
Summary: opm index prune will fail if the working directory does not have write permis...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.6
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.9.0
Assignee: Kevin Rizza
QA Contact: xzha
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-25 17:38 UTC by tonyg
Modified: 2021-10-18 17:30 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-18 17:29:50 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift operator-framework-olm pull 150 0 None None None 2021-08-12 21:56:32 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:30:13 UTC

Description tonyg 2021-03-25 17:38:55 UTC
Description of problem:

opm index prune will fail if the working directory does not have write permissions.


Version-Release number of selected component (if applicable):


- (4.6.22) Version: version.Version{OpmVersion:"v1.14.3-34-gd0b49148", GitCommit:"d0b49148a4f476f1403c7b8fd262173789009484", BuildDate:"2021-03-13T05:04:00Z", GoOs:"linux", GoArch:"amd64"}

- (4.7.4) Version: version.Version{OpmVersion:"v1.15.4-6-ga97d366a", GitCommit:"a97d366a92d302ff2056fa2d19aa3e48b0fbc99c", BuildDate:"2021-03-20T23:23:02Z", GoOs:"linux", GoArch:"amd64"}

- (4.8.0-0.nightly-2021-03-24-200346) ersion: version.Version{OpmVersion:"v1.16.0-49-g4b5d403b", GitCommit:"4b5d403b8b91dbb1141f46087fa13a6d0649a103", BuildDate:"2021-03-24T13:31:11Z", GoOs:"linux", GoArch:"amd64"}


How reproducible:

All the time, with all the mentioned versions

Steps to Reproduce:

mkdir /tmp/fail
cd /tmp/fail
chmod u-w .
chmod o-w .

REGISTRY_AUTH_FILE=/path/to/pull-secrets.txt \
opm index prune \
  --from-index registry.redhat.io/redhat/redhat-operator-index:v${version} \
  --packages performance-addon-operator,sriov-network-operator,ptp-operator,kubevirt-hyperconverged \
  --tag ${local_registry}/redhat/redhat-operator-index:v4.6


Actual results:

INFO[0000] pruning the index                             packages="[performance-addon-operator sriov-network-operator ptp-operator kubevirt-hyperconverged]"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1724068]
                              
goroutine 1 [running]:        
github.com/operator-framework/operator-registry/pkg/lib/indexer.ImageIndexer.PruneFromIndex(0x1d8d2e0, 0xc0001d4578, 0x1dccba0, 0xc00000f9e0, 0x1d8f3e0, 0xc00000fa40, 0x0, 0x0, 0x0, 0x0, ...)                                                                
        /src/pkg/lib/indexer/indexer.go:253 +0x4c8
github.com/operator-framework/operator-registry/cmd/opm/index.runIndexPruneCmdFunc(0xc000482b00, 0xc0001a8c00, 0x0, 0x6, 0x0, 0x0)
        /src/cmd/opm/index/prune.go:120 +0x6d5
github.com/spf13/cobra.(*Command).execute(0xc000482b00, 0xc0001a8ba0, 0x6, 0x6, 0xc000482b00, 0xc0001a8ba0)
        /src/vendor/github.com/spf13/cobra/command.go:840 +0x47c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0002138c0, 0x1b806b0, 0x5, 0x0)
        /src/vendor/github.com/spf13/cobra/command.go:945 +0x336
github.com/spf13/cobra.(*Command).Execute(...)                                                                                                                                      /src/vendor/github.com/spf13/cobra/command.go:885                                                                                                                  
main.main()                          
        /src/cmd/opm/main.go:39 +0x246

Expected results:

An image should be created locally and tagged as defined.
Additional info:

Comment 1 Kevin Rizza 2021-03-25 18:40:03 UTC
This is expected, as opm requires these permissions. In order to prune the existing image, it needs to be able to pull the old image down and unpack it locally in order to read its contents -- there is not currently a way for that to be done purely in memory. As a result, I'm closing this as NOTABUG. If you have further questions, feel free to reach out to the OLM team on our mailing list aos-odin or on our coreos slack channel forum-operator-fw.

Comment 2 Frédéric Lepied 2021-03-26 09:02:24 UTC
I don't see how having a segfault could be considered not a bug. Anyway the command should display a meaningful error at least. And at most use a temporary directory in /tmp instead of doing it in the current directory.

Comment 3 Bill Peck 2021-04-30 15:49:10 UTC
I'm re-opening this as it should at least report an error that it can't write to the current directory instead of just segfaulting.  I wasted time because the error message was not meaningful.

Comment 4 Bill Peck 2021-04-30 15:50:04 UTC
https://github.com/operator-framework/operator-registry/pull/610#issuecomment-807577824

The above PR should be considered.

Comment 9 xzha 2021-08-23 09:55:32 UTC
verified.

zhaoxia@xzha-mac fail % opm version
Version: version.Version{OpmVersion:"0ba8af9f5", GitCommit:"0ba8af9f5f4f5445a5b47a187074cc084dd6f369", BuildDate:"2021-08-23T02:57:27Z", GoOs:"darwin", GoArch:"amd64"}

zhaoxia@xzha-mac bug-1943284 % mkdir fail
zhaoxia@xzha-mac bug-1943284 % cd fail 
zhaoxia@xzha-mac fail % chmod u-w .
zhaoxia@xzha-mac fail % chmod o-w .

zhaoxia@xzha-mac fail % opm index prune --from-index registry.redhat.io/redhat/redhat-operator-index:4.8 -p performance-addon-operator,sriov-network-operator,ptp-operator,kubevirt-hyperconverged  -t quay.io/xzhao/redhat-operator-index-test:4.8
INFO[0000] pruning the index                             packages="[performance-addon-operator sriov-network-operator ptp-operator kubevirt-hyperconverged]"
Error: mkdir index_build_tmp220531695: permission denied
Usage:
  opm index prune [flags]

Flags:
  -i, --binary-image opm        container image for on-image opm command
  -c, --container-tool string   tool to interact with container images (save, build, etc.). One of: [docker, podman] (default "podman")
  -f, --from-index string       index to prune
      --generate                if enabled, just creates the dockerfile and saves it to local disk
  -h, --help                    help for prune
  -d, --out-dockerfile string   if generating the dockerfile, this flag is used to (optionally) specify a dockerfile name
  -p, --packages strings        comma separated list of packages to keep
      --permissive              allow registry load errors
  -t, --tag string              custom tag for container image being built

Global Flags:
      --skip-tls   skip TLS certificate verification for container image registries while pulling bundles or index


There is error message "mkdir index_build_tmp220531695: permission denied"
LGTM, verified.

Comment 12 errata-xmlrpc 2021-10-18 17:29:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759


Note You need to log in before you can comment on or make changes to this bug.