Gemnasium can't build Docker.fips image
Summary
The build tmp image fips job in the gemnasium pipeline is currently failing with the following error:
Error: Unable to find a match: php php-common php-zip php-json php-xml php-mbstringThis occurs when trying to install php in Dockerfile.fips:
yum -y -q install --disableplugin=subscription-manager php php-common php-zip php-json php-xml php-mbstringThis can be reproduced using the same base image registry.access.redhat.com/ubi9/nodejs-14 as the Dockerfile.fips uses:
docker run -u 0 -it --rm -v "$PWD:/src" registry.access.redhat.com/ubi8/nodejs-14 bash
bash-4.4# yum -y -q update --disableplugin=subscription-manager && \
> yum -y -q upgrade --disableplugin=subscription-manager && \
> yum -y -q install --disableplugin=subscription-manager php
Error: Unable to find a match: phpSearching for the php package also fails:
bash-4.4# yum search php
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:00:23 ago on Fri Jun 3 04:24:58 2022.
No matches found.For some reason, the image is unable to find the php package, even though it exists in the remote repository:
[FILE] php-8.0.13-2.module+el8.6.0+13..> 02-Jun-2022 10:58 -
[FILE] php-common-8.0.13-2.module+el8..> 02-Jun-2022 10:58 -
[FILE] php-json-7.4.19-2.module+el8.6..> 02-Jun-2022 10:58 -
[FILE] php-mbstring-8.0.13-2.module+e..> 02-Jun-2022 10:58 -
[FILE] php-xml-8.0.13-2.module+el8.6...> 02-Jun-2022 10:58 - The above file list shows that the packages in the remote repository have been updated at 02-Jun-2022 10:58 UTC, and the last successful build tmp image fips job in gemnasium was at 02-Jun-2022 7:11 UTC, approximately 4 hours before the remote repository was updated. The first failed build tmp image fips job occurred at 02-Jun-2022 8:17 UTC.
It seems that the recent changes to the remote repository are preventing the php package from being found. The same failure also happens with the ruby and rubygem-json packages:
bash-4.4# yum install -y ruby
Last metadata expiration check: 0:00:11 ago on Fri Jun 3 05:20:55 2022.
All matches were filtered out by modular filtering for argument: ruby
Error: Unable to find a match: rubySomething else that's interesting is that most of the above php packages are for v8.0.13-2, meanwhile, the current version of php in registry.gitlab.com/security-products/gemnasium:3.0.2-fips is 7.2.24:
docker run -it --rm registry.gitlab.com/security-products/gemnasium:3.0.2-fips yum info php
Name : php
Version : 7.2.24
Release : 1.module+el8.2.0+4601+7c76a223
Architecture : x86_64
Size : 4.8 M
Source : php-7.2.24-1.module+el8.2.0+4601+7c76a223.src.rpm
Repository : @System
From repo : ubi-8-appstream
Summary : PHP scripting language for creating dynamic web sites
URL : http://www.php.net/
License : PHP and Zend and BSD and MIT and ASL 1.0Also, if we look at the Red Hat Enterprise Linux Application Streams Life Cycle page and search the RHEL 8 Application Streams Release Life Cycle for php, it shows that php 7.2 has been retired as of May 2021:
/cc @gonzoyumo @fcatteau