Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auto update: fix usage of --authfile #19092

Merged
merged 1 commit into from
Jul 5, 2023

Conversation

vrothberg
Copy link
Member

@vrothberg vrothberg commented Jul 3, 2023

The --authfile flag has been ignored. Fix that and add a test to make
sure we won't regress another time. Requires a new --tls-verify flag
to actually test the code.

Also bump c/common since common/pull/1538 is required to correctly check
for updates. Note that I had to use the go-mod-edit-replace trick on
c/common as c/buildah would otherwise be moved back to 1.30.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2218315
Signed-off-by: Valentin Rothberg [email protected]

Does this PR introduce a user-facing change?

Fix a bug podman-auto-update to correctly use authentication files when contacting container registries.

@openshift-ci openshift-ci bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note labels Jul 3, 2023
@vrothberg vrothberg marked this pull request as ready for review July 3, 2023 09:09
@openshift-ci openshift-ci bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. and removed do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Jul 3, 2023
@vrothberg vrothberg added 4.6 and removed approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jul 3, 2023
@vrothberg
Copy link
Member Author

Definitely a 4.6 candidate but requires a new .1 release c/common before.

@vrothberg
Copy link
Member Author

@edsantiago PTAL

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 3, 2023
@vrothberg vrothberg force-pushed the bz-2218315 branch 2 times, most recently from 6308504 to f518b6d Compare July 3, 2023 10:53
Copy link
Member

@edsantiago edsantiago left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm seeing timeouts. Continuing to investigate.

test/system/150-login.bats Outdated Show resolved Hide resolved
test/system/150-login.bats Outdated Show resolved Hide resolved
@vrothberg
Copy link
Member Author

I'm seeing timeouts. Continuing to investigate.

Thank you! I addressed the comments and will push once I have green light from you.

@edsantiago
Copy link
Member

Nothing more that I can find, except, the CI failures look unexpected. I will assume that you understand those and your next push will resolve those failures. So, please go ahead!

@vrothberg
Copy link
Member Author

Nothing more that I can find, except, the CI failures look unexpected. I will assume that you understand those and your next push will resolve those failures. So, please go ahead!

Thanks a lot for your help!

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 3, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: edsantiago, vrothberg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [edsantiago,vrothberg]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@vrothberg vrothberg force-pushed the bz-2218315 branch 2 times, most recently from 12df179 to 3730f60 Compare July 3, 2023 13:59
@edsantiago
Copy link
Member

Why is the error message different?

@vrothberg
Copy link
Member Author

Why is the error message different?

The first one fails with an TLS error, the second one with an auth one. It passed before on my F38 machine but I assume it's a golang thing.

@edsantiago
Copy link
Member

I mean, why is the TLS error different? Your tests passed on my f38. In CI, the TLS error is different. (At least on debian, and ISTR another arch also but the errors are gone). I would like to understand why the TLS errors are different.

@vrothberg
Copy link
Member Author

I mean, why is the TLS error different? Your tests passed on my f38. In CI, the TLS error is different. (At least on debian, and ISTR another arch also but the errors are gone). I would like to understand why the TLS errors are different.

I strongly suspect it's golang.

@umohnani8
Copy link
Member

changes LGTM

Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also bump c/common since common/pull/1538 is required to correctly check
for updates. Note that I had to use the go-mod-edit-replace trick on
c/common as c/buildah would otherwise be moved back to 1.30.

This is fine for now but I think we should bump c/common for buildah then vendor buildah here to resolve this properly. These replaces are annoying to deal with in the long run.

LGTM

@edsantiago
Copy link
Member

@vrothberg see #19106 for my attempt at refactoring the registry code. I've tried a few slightly-different approaches, last week and today, and am happiest with this.

If you agree that this is a worthwhile approach, please feel free to steal it, or to remove your new tests and just put a "TBD" placeholder (so we don't have to undo all that unnecessary systemd-helper clunkiness). If #19106 fails CI or is otherwise not a desirable approach, no problem.

@vrothberg
Copy link
Member Author

vrothberg commented Jul 4, 2023

@edsantiago I am cool with merging #19106 as is and rebase this PR on top 👍 OR, I rebase this PR directly on top of it.

@vrothberg
Copy link
Member Author

Rebased on top of #19106 and it works like charm (on my machine). Thanks a lot, @edsantiago!

@vrothberg
Copy link
Member Author

@Luap99 @edsantiago PTanotherL

I am cool to merge as it.

Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I let @edsantiago to have the final say for the tests

@edsantiago
Copy link
Member

eeeeek, please be careful with my registry-refactor, it is going to cause flakes because wait_for_port is currently semi-broken: it seems to be doing "wait for port to be bound", not "wait for someone to actually be listening on the port", and those are not the same thing under podman -p. I was not able to solve this yesterday. A simple sleep 2 after wait_for_port can mitigate the flakes until I get around to fixing it. Which can't be today, sorry.

@vrothberg
Copy link
Member Author

Thank you, @edsantiago! We can wait with merging this PR until the issue is fixed. If 4.6.0 gets out before, then the PR will make it into 4.6.1 :)

@edsantiago
Copy link
Member

Seeing your new diffs was a strong motivator for me to get the registry refactor done! New diffs in #19106, CI in progress:

   [registry helper, run_podman ... registry ...]
    cid="$output"

    # wait_for_port isn't enough: that just checks that podman has mapped the port...
    wait_for_port 127.0.0.1 ${PODMAN_LOGIN_REGISTRY_PORT}
    # ...so we look in container logs for confirmation that registry is running.
    _PODMAN_TEST_OPTS="${PODMAN_LOGIN_ARGS}" wait_for_output "listening on .::.:5000" $cid

@vrothberg
Copy link
Member Author

Apologies in case my comments encouraged you to work, @edsantiago. I will remain silent until tomorrow :)

The --authfile flag has been ignored.  Fix that and add a test to make
sure we won't regress another time.  Requires a new --tls-verify flag
to actually test the code.

Also bump c/common since common/pull/1538 is required to correctly check
for updates.  Note that I had to use the go-mod-edit-replace trick on
c/common as c/buildah would otherwise be moved back to 1.30.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2218315
Signed-off-by: Valentin Rothberg <[email protected]>
@vrothberg
Copy link
Member Author

Rebased since #19106 just merged. Good to go ✔️

@edsantiago
Copy link
Member

/lgtm
/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 5, 2023
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 5, 2023
@vrothberg
Copy link
Member Author

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 5, 2023
@vrothberg
Copy link
Member Author

Still needs a backport. We can cut a new c/common once containers/common#1505 is in.

@openshift-merge-robot openshift-merge-robot merged commit 93447e2 into containers:main Jul 5, 2023
@vrothberg vrothberg deleted the bz-2218315 branch July 5, 2023 12:18
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Oct 4, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 4, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants