2022-04-14 10:21:08 |
Mark Goddard |
description |
Images that have a source with type=git are currently failing to build. By default, this includes the gnocchi-base image.
INFO:kolla.common.utils.gnocchi-base:Step 6/9 : RUN ln -s gnocchi-base-source/* gnocchi && SETUPTOOLS_USE_DISTUTILS=stdlib python3 -m pip --no-cache-dir install --upgrade -c /requirements/upper-constraints.txt gnocchiclient /gnocchi[keystone,mysql,file,ceph,s3] && mkdir -p /etc/gnocchi && chown -R gnocchi: /etc/gnocchi
INFO:kolla.common.utils.gnocchi-base: ---> Running in d6b2a86e3d65
INFO:kolla.common.utils.gnocchi-base:Looking in indexes: http://mirror.iad3.inmotion.opendev.org:8080/pypi/simple, https://mirror.iad3.inmotion.opendev.org/wheel/ubuntu-20.04-x86_64
INFO:kolla.common.utils.gnocchi-base:Processing /gnocchi
INFO:kolla.common.utils.gnocchi-base: Preparing metadata (setup.py): started
INFO:kolla.common.utils.gnocchi-base: Preparing metadata (setup.py): finished with status 'error'
INFO:kolla.common.utils.gnocchi-base:[91m error: subprocess-exited-with-error
INFO:kolla.common.utils.gnocchi-base:
INFO:kolla.common.utils.gnocchi-base: × python setup.py egg_info did not run successfully.
INFO:kolla.common.utils.gnocchi-base: │ exit code: 1
INFO:kolla.common.utils.gnocchi-base: ╰─> [30 lines of output]
INFO:kolla.common.utils.gnocchi-base: /var/lib/kolla/venv/lib/python3.8/site-packages/setuptools/installer.py:27: SetuptoolsDeprecationWarning: setuptools.installer is deprecated. Requirements should be satisfied by a PEP 517 installer.
INFO:kolla.common.utils.gnocchi-base: warnings.warn(
INFO:kolla.common.utils.gnocchi-base: Traceback (most recent call last):
INFO:kolla.common.utils.gnocchi-base: File "<string>", line 2, in <module>
INFO:kolla.common.utils.gnocchi-base: File "<pip-setuptools-caller>", line 34, in <module>
INFO:kolla.common.utils.gnocchi-base: File "/gnocchi/setup.py", line 34, in <module>
INFO:kolla.common.utils.gnocchi-base: setuptools.setup(
INFO:kolla.common.utils.gnocchi-base: File "/var/lib/kolla/venv/lib/python3.8/site-packages/setuptools/__init__.py", line 155, in setup
INFO:kolla.common.utils.gnocchi-base: return distutils.core.setup(**attrs)
INFO:kolla.common.utils.gnocchi-base: File "/usr/lib/python3.8/distutils/core.py", line 108, in setup
INFO:kolla.common.utils.gnocchi-base: _setup_distribution = dist = klass(attrs)
INFO:kolla.common.utils.gnocchi-base: File "/var/lib/kolla/venv/lib/python3.8/site-packages/setuptools/dist.py", line 458, in __init__
INFO:kolla.common.utils.gnocchi-base: _Distribution.__init__(
INFO:kolla.common.utils.gnocchi-base: File "/usr/lib/python3.8/distutils/dist.py", line 292, in __init__
INFO:kolla.common.utils.gnocchi-base: self.finalize_options()
INFO:kolla.common.utils.gnocchi-base: File "/var/lib/kolla/venv/lib/python3.8/site-packages/setuptools/dist.py", line 851, in finalize_options
INFO:kolla.common.utils.gnocchi-base: ep(self)
INFO:kolla.common.utils.gnocchi-base: File "/var/lib/kolla/venv/lib/python3.8/site-packages/setuptools/dist.py", line 872, in _finalize_setup_keywords
INFO:kolla.common.utils.gnocchi-base: ep.load()(self, ep.name, value)
INFO:kolla.common.utils.gnocchi-base: File "/gnocchi-base-source/gnocchi-base-archive-4.4.1/.eggs/setuptools_scm-6.4.2-py3.8.egg/setuptools_scm/integration.py", line 75, in version_keyword
INFO:kolla.common.utils.gnocchi-base: _assign_version(dist, config)
INFO:kolla.common.utils.gnocchi-base: File "/gnocchi-base-source/gnocchi-base-archive-4.4.1/.eggs/setuptools_scm-6.4.2-py3.8.egg/setuptools_scm/integration.py", line 51, in _assign_version
INFO:kolla.common.utils.gnocchi-base: _version_missing(config)
INFO:kolla.common.utils.gnocchi-base: File "/gnocchi-base-source/gnocchi-base-archive-4.4.1/.eggs/setuptools_scm-6.4.2-py3.8.egg/setuptools_scm/__init__.py", line 106, in _version_missing
INFO:kolla.common.utils.gnocchi-base: raise LookupError(
INFO:kolla.common.utils.gnocchi-base: LookupError: setuptools-scm was unable to detect version for /gnocchi-base-source/gnocchi-base-archive-4.4.1.
INFO:kolla.common.utils.gnocchi-base:
INFO:kolla.common.utils.gnocchi-base: Make sure you're either building from a fully intact git repository or PyPI tarballs. Most other sources (such as GitHub's tarballs, a git checkout without the .git folder) don't contain the necessary metadata and will not work.
INFO:kolla.common.utils.gnocchi-base:
INFO:kolla.common.utils.gnocchi-base: For example, if you're using pip, instead of https://github.com/user/proj/archive/master.zip use git+https://github.com/user/proj.git#egg=proj
INFO:kolla.common.utils.gnocchi-base: [end of output]
INFO:kolla.common.utils.gnocchi-base:
INFO:kolla.common.utils.gnocchi-base: note: This error originates from a subprocess, and is likely not a problem with pip.
INFO:kolla.common.utils.gnocchi-base:[0m
INFO:kolla.common.utils.gnocchi-base:[91merror: metadata-generation-failed
INFO:kolla.common.utils.gnocchi-base:× Encountered error while generating package metadata.
INFO:kolla.common.utils.gnocchi-base:╰─> See above for output.
INFO:kolla.common.utils.gnocchi-base:note: This is an issue with the package mentioned above, not pip.
INFO:kolla.common.utils.gnocchi-base:hint: See above for details.
This is currently affecting Ubuntu builds, which presumably include a backport of the git fix for https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765.
This happens because kolla clones the git repository, then creates a tarball from it, preserving the ownership of the user running kolla-build on the files in the tarball. When we ADD this tarball into the image, Docker extracts it and preserves ownership of the files. The build runs as the root user, which typically is different than the user running kolla-build. Hence we hit CVE-2022-24765. |
Images that have a source with type=git are currently failing to build. By default, this includes the gnocchi-base image.
INFO:kolla.common.utils.gnocchi-base:Step 6/9 : RUN ln -s gnocchi-base-source/* gnocchi && SETUPTOOLS_USE_DISTUTILS=stdlib python3 -m pip --no-cache-dir install --upgrade -c /requirements/upper-constraints.txt gnocchiclient /gnocchi[keystone,mysql,file,ceph,s3] && mkdir -p /etc/gnocchi && chown -R gnocchi: /etc/gnocchi
INFO:kolla.common.utils.gnocchi-base: ---> Running in d6b2a86e3d65
INFO:kolla.common.utils.gnocchi-base:Looking in indexes: http://mirror.iad3.inmotion.opendev.org:8080/pypi/simple, https://mirror.iad3.inmotion.opendev.org/wheel/ubuntu-20.04-x86_64
INFO:kolla.common.utils.gnocchi-base:Processing /gnocchi
INFO:kolla.common.utils.gnocchi-base: Preparing metadata (setup.py): started
INFO:kolla.common.utils.gnocchi-base: Preparing metadata (setup.py): finished with status 'error'
INFO:kolla.common.utils.gnocchi-base:[91m error: subprocess-exited-with-error
INFO:kolla.common.utils.gnocchi-base:
INFO:kolla.common.utils.gnocchi-base: × python setup.py egg_info did not run successfully.
INFO:kolla.common.utils.gnocchi-base: │ exit code: 1
INFO:kolla.common.utils.gnocchi-base: ╰─> [30 lines of output]
INFO:kolla.common.utils.gnocchi-base: /var/lib/kolla/venv/lib/python3.8/site-packages/setuptools/installer.py:27: SetuptoolsDeprecationWarning: setuptools.installer is deprecated. Requirements should be satisfied by a PEP 517 installer.
INFO:kolla.common.utils.gnocchi-base: warnings.warn(
INFO:kolla.common.utils.gnocchi-base: Traceback (most recent call last):
INFO:kolla.common.utils.gnocchi-base: File "<string>", line 2, in <module>
INFO:kolla.common.utils.gnocchi-base: File "<pip-setuptools-caller>", line 34, in <module>
INFO:kolla.common.utils.gnocchi-base: File "/gnocchi/setup.py", line 34, in <module>
INFO:kolla.common.utils.gnocchi-base: setuptools.setup(
INFO:kolla.common.utils.gnocchi-base: File "/var/lib/kolla/venv/lib/python3.8/site-packages/setuptools/__init__.py", line 155, in setup
INFO:kolla.common.utils.gnocchi-base: return distutils.core.setup(**attrs)
INFO:kolla.common.utils.gnocchi-base: File "/usr/lib/python3.8/distutils/core.py", line 108, in setup
INFO:kolla.common.utils.gnocchi-base: _setup_distribution = dist = klass(attrs)
INFO:kolla.common.utils.gnocchi-base: File "/var/lib/kolla/venv/lib/python3.8/site-packages/setuptools/dist.py", line 458, in __init__
INFO:kolla.common.utils.gnocchi-base: _Distribution.__init__(
INFO:kolla.common.utils.gnocchi-base: File "/usr/lib/python3.8/distutils/dist.py", line 292, in __init__
INFO:kolla.common.utils.gnocchi-base: self.finalize_options()
INFO:kolla.common.utils.gnocchi-base: File "/var/lib/kolla/venv/lib/python3.8/site-packages/setuptools/dist.py", line 851, in finalize_options
INFO:kolla.common.utils.gnocchi-base: ep(self)
INFO:kolla.common.utils.gnocchi-base: File "/var/lib/kolla/venv/lib/python3.8/site-packages/setuptools/dist.py", line 872, in _finalize_setup_keywords
INFO:kolla.common.utils.gnocchi-base: ep.load()(self, ep.name, value)
INFO:kolla.common.utils.gnocchi-base: File "/gnocchi-base-source/gnocchi-base-archive-4.4.1/.eggs/setuptools_scm-6.4.2-py3.8.egg/setuptools_scm/integration.py", line 75, in version_keyword
INFO:kolla.common.utils.gnocchi-base: _assign_version(dist, config)
INFO:kolla.common.utils.gnocchi-base: File "/gnocchi-base-source/gnocchi-base-archive-4.4.1/.eggs/setuptools_scm-6.4.2-py3.8.egg/setuptools_scm/integration.py", line 51, in _assign_version
INFO:kolla.common.utils.gnocchi-base: _version_missing(config)
INFO:kolla.common.utils.gnocchi-base: File "/gnocchi-base-source/gnocchi-base-archive-4.4.1/.eggs/setuptools_scm-6.4.2-py3.8.egg/setuptools_scm/__init__.py", line 106, in _version_missing
INFO:kolla.common.utils.gnocchi-base: raise LookupError(
INFO:kolla.common.utils.gnocchi-base: LookupError: setuptools-scm was unable to detect version for /gnocchi-base-source/gnocchi-base-archive-4.4.1.
INFO:kolla.common.utils.gnocchi-base:
INFO:kolla.common.utils.gnocchi-base: Make sure you're either building from a fully intact git repository or PyPI tarballs. Most other sources (such as GitHub's tarballs, a git checkout without the .git folder) don't contain the necessary metadata and will not work.
INFO:kolla.common.utils.gnocchi-base:
INFO:kolla.common.utils.gnocchi-base: For example, if you're using pip, instead of https://github.com/user/proj/archive/master.zip use git+https://github.com/user/proj.git#egg=proj
INFO:kolla.common.utils.gnocchi-base: [end of output]
INFO:kolla.common.utils.gnocchi-base:
INFO:kolla.common.utils.gnocchi-base: note: This error originates from a subprocess, and is likely not a problem with pip.
INFO:kolla.common.utils.gnocchi-base:[0m
INFO:kolla.common.utils.gnocchi-base:[91merror: metadata-generation-failed
INFO:kolla.common.utils.gnocchi-base:× Encountered error while generating package metadata.
INFO:kolla.common.utils.gnocchi-base:╰─> See above for output.
INFO:kolla.common.utils.gnocchi-base:note: This is an issue with the package mentioned above, not pip.
INFO:kolla.common.utils.gnocchi-base:hint: See above for details.
This is currently affecting Ubuntu builds, which presumably include a backport of the git fix for https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765.
This happens because kolla clones the git repository, then creates a tarball from it, preserving the ownership of the user running kolla-build on the files in the tarball. When we ADD this tarball into the image, Docker extracts it and preserves ownership of the files. The build runs as the root user, which typically is different than the user running kolla-build. Hence we hit CVE-2022-24765.
Related PBR bug: https://bugs.launchpad.net/pbr/+bug/1968877 |
|