Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

e2e: image trust: Getting key identity: exit status 2 #18358

Closed
edsantiago opened this issue Apr 26, 2023 · 2 comments · Fixed by #18578 or #18816
Closed

e2e: image trust: Getting key identity: exit status 2 #18358

edsantiago opened this issue Apr 26, 2023 · 2 comments · Fixed by #18578 or #18816
Labels
flakes Flakes from Continuous Integration kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@edsantiago
Copy link
Member

Happening in both podman image trust show and ..show --json tests:

# podman [options] image trust show \
      --registrypath /var/tmp/go/src/github.com/containers/podman/test \
      --policypath /var/tmp/go/src/github.com/containers/podman/test/policy.json --json
time="2023-04-24T16:39:52-05:00" level=error msg="Getting key identity: exit status 2"
[
  .....
  {
    "transport": "repository",
    "name": "registry.access.redhat.com",
    "repo_name": "registry.access.redhat.com",
    "sigstore": "https://access.redhat.com/webassets/docker/content/sigstore",
    "type": "signed"
    >>>>MISSING GPG_ID<<<<<
  }
]

The test then fails because the expected gpg_id: [email protected] entry is missing.

registry.access.redhat.com is reliably unreliable, so I'm betting this is a registry flake. Maybe the error logging could be improved?
@edsantiago edsantiago added flakes Flakes from Continuous Integration kind/bug Categorizes issue or PR as related to a bug. labels Apr 26, 2023
@edsantiago
Copy link
Member Author

Well, well:

$ GNUPGHOME=/tmp/dsfsdf bin/podman image trust show -n --registrypath test --policypath test/policy.json
ERRO[0000] Getting key identity: exit status 2          <<<<<<<< same error
all         default                        accept                  
repository  docker.io/library/hello-world  reject                  
repository  registry.access.redhat.com     signed                  https://access.redhat.com/webassets/docker/content/sigstore
                  missing "[email protected], ditto"     --------^^^^^^^^^^^^^^^^

...suggesting that this is closely related to #17966.

Incidentally, this has not gone away, not even close:

  • debian-12 : int podman debian-12 root host sqlite
  • fedora-37 : int podman fedora-37 root host boltdb
    • 04-25 19:04 in Podman trust [It] podman image trust show
  • fedora-37 : int podman fedora-37 root host sqlite
    • 05-02 11:33 in int podman fedora-37 root host sqlite: unknown failure
  • fedora-38 : int podman fedora-38 root container sqlite
  • fedora-38 : int podman fedora-38 root host boltdb
  • rawhide : int podman rawhide root host sqlite

edsantiago added a commit to edsantiago/libpod that referenced this issue May 15, 2023
@edsantiago
e2e: serialize gpg tests
a485ba5 
Reason: gpg tests all run with a different GNUPGHOME, and gpg-agent
does not like that, and there's no longer any way to run gpg
without the agent. So, do not run these tests in parallel, and
clean up agent after each test.

Fixes: containers#17966 (I hope)

May also fix containers#18358 but it will take some time to be sure.

Signed-off-by: Ed Santiago <[email protected]>
@edsantiago edsantiago mentioned this issue May 15, 2023
Merged
@edsantiago
Copy link
Member Author

Well, phooey.

@edsantiago edsantiago reopened this May 16, 2023
edsantiago added a commit to edsantiago/libpod that referenced this issue Jun 7, 2023
@edsantiago
e2e: add ginkgo decorators to address flakes
b65ba90 
- trust_test: adding 'Ordered' seems to resolve a very common
  flake. I've tested this for dozens of CI runs, and haven't
  seen the flake recur (normally it fails every few runs).

- exec and search tests: add FlakeAttempts(3). This is a NOP
  under our current CI setup, in which we run ginkgo with
  a global --flake-attempts=3. I am submitting this as an
  optimistic step toward a no-flake-attempts world (containers#17967)

Fixes: containers#18358

Signed-off-by: Ed Santiago <[email protected]>
@edsantiago edsantiago mentioned this issue Jun 7, 2023
Merged
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 6, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
flakes Flakes from Continuous Integration kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
1 participant
@edsantiago