Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-43386

oc-mirror fails Unable to load configmap verifier while performing from the quay.io to the disk

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.13, 4.12
    • oc-mirror
    • None
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Trying to download images using the oc-mirror plugin from quay.io to disk on a RHEL8 and RHEL9 OS with fips enabled generates the error:
      error: error retrieving mapping information for quay.io/openshift-release-dev/ocp-release@sha256:dd58c982a2166dcac5ce8f390f8b26b36df27ac765c4e012a670a9c0bac909df: Unable to load configmap verifier: the config map openshift-config-managed/release-verification has an invalid key "verifier-public-key-redhat" that must be a GPG public key: openpgp: invalid data: tag byte does not have MSB set: openpgp: invalid data: tag byte does not have MSB set  

      Version-Release number of selected component (if applicable):

      ./oc-mirror version --output=yaml
clientVersion:
  buildDate: "2024-09-12T09:59:41Z"
  compiler: gc
  gitCommit: c9123030d5df99847cf3779856d90ff83cf64dcb
  gitTreeState: clean
  gitVersion: 4.17.0-202409120935.p0.gc912303.assembly.stream.el9-c912303
  goVersion: go1.22.5 (Red Hat 1.22.5-1.el9) X:strictfipsruntime
  major: ""
  minor: ""
  platform: linux/amd64    

      How reproducible:

      Steps to Reproduce:

      1. Install oc-mirror 4.17.0-202409120935.p0.gc912303.assembly.stream.el9-c912303
2.  oc-mirror --config=./imageset-config.yaml file://updates    

      Actual results:

      Found: updates/oc-mirror-workspace/src/publish
Found: updates/oc-mirror-workspace/src/v2
Found: updates/oc-mirror-workspace/src/charts
Found: updates/oc-mirror-workspace/src/release-signatures
No metadata detected, creating new workspace
Using proxy <REDACTED> to request updates from https://api.openshift.com/api/upgrades_info/v1/graph?arch=amd64&channel=stable-4.13&id=2c53cb87-f9dd-43f0-bd28-0a7e217e5bf2&version=4.12.40
error: error retrieving mapping information for quay.io/openshift-release-dev/ocp-release@sha256:dd58c982a2166dcac5ce8f390f8b26b36df27ac765c4e012a670a9c0bac909df: Unable to load configmap verifier: the config map openshift-config-managed/release-verification has an invalid key "verifier-public-key-redhat" that must be a GPG public key: openpgp: invalid data: tag byte does not have MSB set: openpgp: invalid data: tag byte does not have MSB set    

      Expected results:

      No errors should be seen when performing disk2mirror    

      Additional info:

      imageset-config.yaml link in the comment.
      When testing locally with fips disabled the image download finishes without errors. 
      $ sudo sysctl crypto.fips_enabled
crypto.fips_enabled = 0    

              luzuccar@redhat.com Luigi Mario Zuccarelli
              rhn-support-macastil Mario Castillo
              ying zhou ying zhou
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: