Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bug(redhat): we don't need to return error if redhat image doesn't contain content_sets #7911

Closed
DmitriyLewen opened this issue Nov 13, 2024 Discussed in #7910 · 7 comments · Fixed by #7912
Closed

bug(redhat): we don't need to return error if redhat image doesn't contain content_sets #7911

DmitriyLewen opened this issue Nov 13, 2024 Discussed in #7910 · 7 comments · Fixed by #7912
Assignees
Labels
kind/bug Categorizes issue or PR as related to a bug.
Milestone

Comments

@DmitriyLewen
Copy link
Contributor

Description

There are cases when root/buildinfo/content_manifests/ contains *.json file, but these are not content_sets files.
e.g.:

➜ docker run -it --rm registry.access.redhat.com/ubi9-minimal@sha256:ba0d97dd43fea58f9bdcc4488c60a3869827e1e30a51c11bbfae3fb7dc91e6f5 ls -hl /root/buildinfo/content_manifests/ 
total 592K
-rw-r--r-- 1 root root 469K Nov  1 19:30 sbom-cyclonedx.json
-rw-r--r-- 1 root root 118K Nov  1 19:30 sbom-purl.json

In this case we don't use defaultContentSets:

defaultContentSets = map[string][]string{
"6": {
"rhel-6-server-rpms",
"rhel-6-server-extras-rpms",
},
"7": {
"rhel-7-server-rpms",
"rhel-7-server-extras-rpms",
},
"8": {
"rhel-8-for-x86_64-baseos-rpms",
"rhel-8-for-x86_64-appstream-rpms",
},
"9": {
"rhel-9-for-x86_64-baseos-rpms",
"rhel-9-for-x86_64-appstream-rpms",
},
}

Discussed in #7910

@knqyf263
Copy link
Collaborator

I'm curious why the image doesn't contain content sets. I presume all newer images have content sets.

@DmitriyLewen
Copy link
Contributor Author

DmitriyLewen commented Nov 15, 2024

previous version contains content sets:

➜ docker run -it --rm registry.access.redhat.com/ubi9-minimal@sha256:f5d2c6a1e0c86e4234ea601552dbabb4ced0e013a1efcbfb439f1f6a7a9275b0 ls -hl /root/buildinfo/content_manifests/
total 4.0K
-rw-rw-r-- 1 root root 368 Sep 18 21:24 ubi9-minimal-container-9.4-1227.1726694542.json

But i checked all 9.5 images. These images don't contain content sets:

➜ docker run -it --rm registry.access.redhat.com/ubi9-minimal@sha256:ba0d97dd43fea58f9bdcc4488c60a3869827e1e30a51c11bbfae3fb7dc91e6f5 ls -hl /root/buildinfo/content_manifests/
-rw-r--r-- 1 root root 469K Nov  1 19:30 sbom-cyclonedx.json
-rw-r--r-- 1 root root 118K Nov  1 19:30 sbom-purl.json
➜ docker run -it --rm registry.access.redhat.com/ubi9-minimal@sha256:bdb50787faf8f9416ee7d669ccbbc0727bd8920d043fb8144987698788399a01 ls -hl /root/buildinfo/content_manifests/
-rw-r--r-- 1 root root 471K Nov 13 17:21 sbom-cyclonedx.json
-rw-r--r-- 1 root root 121K Nov 13 17:21 sbom-purl.json
➜ docker run -it --rm registry.access.redhat.com/ubi9-minimal@sha256:ab4eac109595d4595b6a978cd41c6310d7eec36122ae593a14448edfbfd7c297 ls -hl /root/buildinfo/content_manifests/
-rw-r--r-- 1 root root 471K Nov 14 17:17 sbom-cyclonedx.json
-rw-r--r-- 1 root root 121K Nov 14 17:17 sbom-purl.json
➜ docker run -it --rm registry.access.redhat.com/ubi9-minimal@sha256:8b6978d555746877c73f52375f60fd7b6fd27d6aca000eaed27d0995303c13de ls -hl /root/buildinfo/content_manifests/
-rw-r--r-- 1 root root 471K Nov 14 14:18 sbom-cyclonedx.json
-rw-r--r-- 1 root root 121K Nov 14 14:18 sbom-purl.json

docs say The UBI minimal images, named ubi-minimal offer a minimized pre-installed content set (https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html-single/building_running_and_managing_containers/index#con_understanding-the-ubi-minimal-images_assembly_types-of-container-images)

But RedHat tries to make their minimal images smaller and safer.
could they have removed the content set altogether? 🤔

@pmolon
Copy link

pmolon commented Nov 15, 2024

We have a ticket open with RedHat support to inquire about the missing content sets. It looks to be a bug in their newer 9.5 images. I can post an update as soon as I recieve final update about the case.

@DmitriyLewen
Copy link
Contributor Author

Hello @pmolon
Excellent! Thank you!
We look forward to hearing from you.

@knqyf263
Copy link
Collaborator

Yes, as @pmolon said, it should be a bug. Otherwise, it's a breaking change, and Red Hat should notify certified scanners. Anyway, we need a workaround until @pmolon gets a reply from Red Hat. I'll review #7912

@knqyf263 knqyf263 added this to the v0.57.1 milestone Nov 18, 2024
@janani66
Copy link

We have a ticket open with RedHat support to inquire about the missing content sets. It looks to be a bug in their newer 9.5 images. I can post an update as soon as I recieve final update about the case.

@pmolon -- May I have the link to the ticket with RH Support?

@pmolon
Copy link

pmolon commented Nov 18, 2024

@janani66 case is 03985698, there Jira should be public https://issues.redhat.com/browse/RHEL-67397

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
Status: No status
4 participants