Bug 2053149 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index
Summary: oc adm catalog mirror throws 'missing signature key' error when using file://...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.9
Hardware: x86_64
OS: Linux
Target Milestone: ---
: 4.9.z
Assignee: Vitaly Grinberg
QA Contact: Jian Zhang
: 2053170 (view as bug list)
Depends On: 2053175
Blocks: 2053170
TreeView+ depends on / blocked
Reported: 2022-02-10 15:50 UTC by Vitaly Grinberg
Modified: 2022-03-10 07:45 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2049133
: 2053170 (view as bug list)
Last Closed: 2022-02-28 20:50:17 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift oc pull 1064 0 None open [release-4.9] Bug 2053149: Fix catalog mirror from files 2022-02-14 22:10:56 UTC
Red Hat Product Errata RHSA-2022:0655 0 None None None 2022-02-28 20:50:40 UTC

Comment 3 Xiaoli Tian 2022-02-14 05:29:38 UTC

*** This bug has been marked as a duplicate of bug 2053175 ***

Comment 4 Jian Zhang 2022-02-14 08:47:40 UTC
I reopen it and update the target release to 4.9.z since the fixed PR https://github.com/openshift/oc/pull/1064 specify this bug.

Comment 5 Jian Zhang 2022-02-14 08:48:40 UTC
*** Bug 2053170 has been marked as a duplicate of this bug. ***

Comment 6 Jian Zhang 2022-02-14 09:43:22 UTC
1, Build a release build with the unmerged PR(https://github.com/openshift/oc/pull/1064) via cluster-bot: https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift-origin-installer-launch-gcp-modern/1493146543702675456 

2, Extract the `oc` client from this generated release image.

[cloud-user@preserve-olm-env bug-2049133]$ podman pull registry.build01.ci.openshift.org/ci-ln-rw3ikqk/release:latest
Trying to pull registry.build01.ci.openshift.org/ci-ln-rw3ikqk/release:latest...
Getting image source signatures

[cloud-user@preserve-olm-env bug-2049133]$  oc adm release extract --tools registry.build01.ci.openshift.org/ci-ln-rw3ikqk/release:latest
W0214 04:31:30.312641 2163615 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version.

[cloud-user@preserve-olm-env bug-2049133]$ tar -zxvf openshift-client-linux-4.9.0-0.ci.test-2022-02-14-090841-ci-ln-rw3ikqk-latest.tar.gz

[cloud-user@preserve-olm-env bug-2049133]$ ./oc version -o yaml
  buildDate: "2022-02-14T09:00:30Z"
  compiler: gc
  gitCommit: b91f8b6
  gitTreeState: dirty
  gitVersion: v4.2.0-alpha.0-1203-gb91f8b6
  goVersion: go1.16.12
  major: ""
  minor: ""
  platform: linux/amd64
openshiftVersion: 4.11.0-0.nightly-2022-02-12-075213
releaseClientVersion: 4.9.0-0.ci.test-2022-02-14-090841-ci-ln-rw3ikqk-latest
  buildDate: "2022-02-04T23:38:54Z"
  compiler: gc
  gitCommit: 6f5a5295923a614a4202a7ad274b38b69f9ca8c0
  gitTreeState: clean
  gitVersion: v1.23.3+f14faf2
  goVersion: go1.17.5
  major: "1"
  minor: "23"
  platform: linux/amd64

3,  mirror this pruned index image to local.
[cloud-user@preserve-olm-env bug-2049133]$ ./oc adm catalog mirror quay.io/olmqe/sriov-fec:v4.9 file:///local/index 

!!   Sqlite-based catalogs are deprecated. Support for them will be removed in a
!!   future release. Please migrate your catalog workflows to the new file-based
!!   catalog format.

src image has index label for database path: /database/index.db
wrote mirroring manifests to manifests-sriov-fec-1644831257

To upload local images to a registry, run:

	oc adm catalog mirror file://local/index/olmqe/sriov-fec:v4.9 REGISTRY/REPOSITORY

4, Mirror local images to docker registry.
[cloud-user@preserve-olm-env bug-2049133]$ ./oc adm catalog mirror file://local/index/olmqe/sriov-fec:v4.9 localhost:5000/jiazha3 -a /run/user/1000/containers/auth.json --insecure

!!   Sqlite-based catalogs are deprecated. Support for them will be removed in a
!!   future release. Please migrate your catalog workflows to the new file-based
!!   catalog format.

src image has index label for database path: /database/index.db
using index path mapping: /database/index.db:/tmp/781571833
wrote database to /tmp/781571833
using database at: /tmp/781571833/index.db
      file://local/index/olmqe/sriov-fec/intel/n3000-labeler sha256:22f677655049d4c2e6cd9e49ca9ed20f34ac175ef0c82f5c5eabc79031c1c29a 1.832KiB
      file://local/index/olmqe/sriov-fec/intel/n3000-labeler sha256:87b9e3e9b9bcfd908a710c25d94bd7ebe7d891d5e7bda60707f831209724dab8 3.647KiB
      file://local/index/olmqe/sriov-fec/intel/n3000-labeler sha256:ea0daff3b167ba37e107fb6e005274948c69276982e2381bb519aec939200f9b 3.867KiB
      file://local/index/olmqe/sriov-fec/intel/n3000-labeler sha256:effddbbd1ca1f93c071f6da79c1d68d21cde9d43c5cb83f91223375319b904e7 314.8KiB
      file://local/index/olmqe/sriov-fec/intel/n3000-labeler sha256:e9f85eba3786323e170394ca73cb7e431adcebe084217572d73537513b4742d5 15.91MiB
      file://local/index/olmqe/sriov-fec/intel/n3000-labeler sha256:6ea6b01ba32a53862e954f377e01e3116b8f9447c95cd36f21c86d7dc73964e6 81.67MiB
      sha256:a176c826509a3aa5d1c84ec9f5c77ddb097bb61bdd456c05a9899058e0811b8e -> f86885fc
sha256:a176c826509a3aa5d1c84ec9f5c77ddb097bb61bdd456c05a9899058e0811b8e localhost:5000/jiazha3/intel-n3000-labeler:f86885fc
mounted: localhost:5000/jiazha3/openshift4-ose-kube-rbac-proxy sha256:8371edeb80944cd165f030b9809d8dcb6266a91345dd84adaa035a43d7d65a87 10.76MiB
sha256:b98bd93ac4f9efe1cbcac3936076568fae6cc6c19845fab12a1b80586b33296f localhost:5000/jiazha3/openshift4-ose-kube-rbac-proxy
sha256:96ebd88d19be8a3b5679ad24041d456e01c0a1a9f0bf9a535725488083f4cd17 localhost:5000/jiazha3/openshift4-ose-kube-rbac-proxy
sha256:4fc86a4a96c593c8f234d4edf057c9e2215ff799a82464d81adcb6dd13ea455e localhost:5000/jiazha3/openshift4-ose-kube-rbac-proxy
sha256:ca006e25d09c1706a7faec17527ff4a14e64368d6541583b519dbaeb4a30d32f localhost:5000/jiazha3/openshift4-ose-kube-rbac-proxy
sha256:8b4f814c112d7b91dc5e7904d4f3c684f3d77227344d2b553a84d4a1bc2829d3 localhost:5000/jiazha3/openshift4-ose-kube-rbac-proxy:a8cc7e74
info: Mirroring completed in 8.94s (83.96MB/s)
no digest mapping available for file://local/index/olmqe/sriov-fec:v4.9, skip writing to ImageContentSourcePolicy
wrote mirroring manifests to manifests-index/olmqe/sriov-fec-1644831318

It works as expected. FYI, the current Quay.io doesn't support the `application/vnd.oci.image.config.v1+json` media type, but Quay 3.6 supports it. That means if CU uses Quay 3.6 to create the registry, it will work well. Related doc: https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/configure_red_hat_quay/index#other-oci-artifacts-with-quay

Comment 8 Jian Zhang 2022-02-16 10:03:18 UTC
Verified it based on comment 6.

Comment 12 errata-xmlrpc 2022-02-28 20:50:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: OpenShift Container Platform 4.9.23 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.