Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-44222

`--secure-policy=false` not work when use --alpha-ctlg-filter

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • 4.18
    • oc-mirror
    • Moderate
    • None
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • Hide
      *Cause*: What actions or circumstances cause this bug to present.
      *Consequence*: What happens when the bug presents.
      *Fix*: What was done to fix the bug.
      *Result*: Bug doesn’t present anymore.
      Show
      *Cause*: What actions or circumstances cause this bug to present. *Consequence*: What happens when the bug presents. *Fix*: What was done to fix the bug. *Result*: Bug doesn’t present anymore.
    • Bug Fix
    • In Progress

      Description of problem:

      Hit signature issue even use --secure-policy=false when rebuild the catalog 

      Version-Release number of selected component (if applicable):

      ./oc-mirror.rhel8  version 
      WARNING: This version information is deprecated and will be replaced with the output from --short. Use --output=yaml|json to get the full version.
      Client Version: version.Info{Major:"", Minor:"", GitVersion:"4.18.0-202410251041.p0.g95f0611.assembly.stream.el9-95f0611", GitCommit:"95f0611c1dc9584a4a9e857912b9eaa539234bbc", GitTreeState:"clean", BuildDate:"2024-10-25T11:28:19Z", GoVersion:"go1.22.7 (Red Hat 1.22.7-1.module+el8.10.0+22325+dc584f75) X:strictfipsruntime", Compiler:"gc", Platform:"linux/amd64"}

      How reproducible:

           Always
          

      Steps to Reproduce:

      1. Using the imagesetconfig like : 
      apiVersion: mirror.openshift.io/v2alpha1
      kind: ImageSetConfiguration
      mirror:
        operators:
        - catalog: oci:///test/ibm-catalog
        - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.15
          packages:
          - name: windows-machine-config-operator
          - name: cluster-kube-descheduler-operator
        - catalog: registry.redhat.io/redhat/redhat-operator-index:v4.14
          packages:
          - name: servicemeshoperator 
          - name: windows-machine-config-operator
        - catalog: registry.redhat.io/redhat/certified-operator-index:v4.15
          packages:
          - name: nvidia-network-operator
        - catalog: registry.redhat.io/redhat/community-operator-index:v4.15
          packages:
          - name: skupper-operator
          - name: reportportal-operator
        - catalog: registry.redhat.io/redhat/redhat-marketplace-index:v4.15
          packages:
          - name: dynatrace-operator-rhmp
      
      2. run the oc-mirror with rebuild catalog :
      ./oc-mirror.rhel8 -c config-example.yaml file://outexample --v2  --alpha-ctlg-filter --secure-policy=false

       

      Actual results:

      2. Hit error:
      
      

      ./oc-mirror.rhel8 -c config-example.yaml file://outexample --v2  --alpha-ctlg-filter --secure-policy=false  
       
      2024/11/05 03:15:47  [WARN]   : ⚠️  --v2 flag identified, flow redirected to the oc-mirror v2 version. This is Tech Preview, it is still under development and it is not production ready.
      2024/11/05 03:15:47  [INFO]   : 👋 Hello, welcome to oc-mirror
      2024/11/05 03:15:47  [INFO]   : ⚙️  setting up the environment for you...
      2024/11/05 03:15:47  [INFO]   : 🔀 workflow mode: mirrorToDisk 
      2024/11/05 03:15:47  [INFO]   : 🕵️  going to discover the necessary images...
      2024/11/05 03:15:47  [INFO]   : 🔍 collecting release images...
      2024/11/05 03:15:47  [INFO]   : 🔍 collecting operator images...
      2024/11/05 03:15:49  [INFO]   : 🔂 rebuilding catalog (pulling catalog image) registry.redhat.io/redhat/redhat-marketplace-index:v4.15
      2024/11/05 03:15:53  [INFO]   : 👋 Goodbye, thank you for using oc-mirror
      2024/11/05 03:15:53  [ERROR]  : 4 errors occurred:

      • [linux/s390x]: creating build container: copying system image from manifest list: Source image rejected: Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"1AC4971355A34A82", Status:gpgme.Error {err:0x9}

        , Timestamp:time.Date(2024, time.November, 4, 22, 32, 13, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}

      • [linux/arm64]: creating build container: copying system image from manifest list: Source image rejected: Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"1AC4971355A34A82", Status:gpgme.Error {err:0x9}

        , Timestamp:time.Date(2024, time.November, 4, 22, 32, 13, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}

      • [linux/amd64]: creating build container: copying system image from manifest list: Source image rejected: Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"1AC4971355A34A82", Status:gpgme.Error {err:0x9}

        , Timestamp:time.Date(2024, time.November, 4, 22, 32, 13, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}

      • [linux/ppc64le]: creating build container: copying system image from manifest list: Source image rejected: Invalid GPG signature: gpgme.Signature{Summary:128, Fingerprint:"1AC4971355A34A82", Status:gpgme.Error {err:0x9}

        , Timestamp:time.Date(2024, time.November, 4, 22, 32, 12, 0, time.Local), ExpTimestamp:time.Date(1970, time.January, 1, 0, 0, 0, 0, time.Local), WrongKeyUsage:false, PKATrust:0x0, ChainModel:false, Validity:0, ValidityReason:error(nil), PubkeyAlgo:1, HashAlgo:8}
         

       

      Expected results:

      3. no error.

      Additional info:

       

              luzuccar@redhat.com Luigi Mario Zuccarelli
              yinzhou@redhat.com ying zhou
              ying zhou ying zhou
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: