Gemnasium can't build Docker.fips image
Summary
The build tmp image fips
job in the gemnasium
pipeline is currently failing with the following error:
Error: Unable to find a match: php php-common php-zip php-json php-xml php-mbstring
This occurs when trying to install php
in Dockerfile.fips
:
yum -y -q install --disableplugin=subscription-manager php php-common php-zip php-json php-xml php-mbstring
This can be reproduced using the same base image registry.access.redhat.com/ubi9/nodejs-14
as the Dockerfile.fips
uses:
docker run -u 0 -it --rm -v "$PWD:/src" registry.access.redhat.com/ubi8/nodejs-14 bash
bash-4.4# yum -y -q update --disableplugin=subscription-manager && \
> yum -y -q upgrade --disableplugin=subscription-manager && \
> yum -y -q install --disableplugin=subscription-manager php
Error: Unable to find a match: php
Searching for the php
package also fails:
bash-4.4# yum search php
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:00:23 ago on Fri Jun 3 04:24:58 2022.
No matches found.
For some reason, the image is unable to find the php
package, even though it exists in the remote repository:
[FILE] php-8.0.13-2.module+el8.6.0+13..> 02-Jun-2022 10:58 -
[FILE] php-common-8.0.13-2.module+el8..> 02-Jun-2022 10:58 -
[FILE] php-json-7.4.19-2.module+el8.6..> 02-Jun-2022 10:58 -
[FILE] php-mbstring-8.0.13-2.module+e..> 02-Jun-2022 10:58 -
[FILE] php-xml-8.0.13-2.module+el8.6...> 02-Jun-2022 10:58 -
The above file list shows that the packages in the remote repository have been updated at 02-Jun-2022 10:58 UTC
, and the last successful build tmp image fips
job in gemnasium
was at 02-Jun-2022 7:11 UTC, approximately 4 hours before the remote repository was updated. The first failed build tmp image fips
job occurred at 02-Jun-2022 8:17 UTC.
It seems that the recent changes to the remote repository are preventing the php
package from being found. The same failure also happens with the ruby
and rubygem-json
packages:
bash-4.4# yum install -y ruby
Last metadata expiration check: 0:00:11 ago on Fri Jun 3 05:20:55 2022.
All matches were filtered out by modular filtering for argument: ruby
Error: Unable to find a match: ruby
Something else that's interesting is that most of the above php
packages are for v8.0.13-2
, meanwhile, the current version of php
in registry.gitlab.com/security-products/gemnasium:3.0.2-fips
is 7.2.24
:
docker run -it --rm registry.gitlab.com/security-products/gemnasium:3.0.2-fips yum info php
Name : php
Version : 7.2.24
Release : 1.module+el8.2.0+4601+7c76a223
Architecture : x86_64
Size : 4.8 M
Source : php-7.2.24-1.module+el8.2.0+4601+7c76a223.src.rpm
Repository : @System
From repo : ubi-8-appstream
Summary : PHP scripting language for creating dynamic web sites
URL : http://www.php.net/
License : PHP and Zend and BSD and MIT and ASL 1.0
Also, if we look at the Red Hat Enterprise Linux Application Streams Life Cycle page and search the RHEL 8 Application Streams Release Life Cycle
for php
, it shows that php 7.2
has been retired as of May 2021
:
/cc @gonzoyumo @fcatteau