Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mkosi: fix Fedora GPG key issue in mkosi build #2303

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

mkosi: fix Fedora GPG key issue in mkosi build #2303

wants to merge 4 commits into from
+14 −10

Conversation

beraldoleal
Copy link
Member

@beraldoleal beraldoleal commented Feb 20, 2025
edited
Loading

Attempt to bump to F40. Since F39 is EOL since 2024-11-26. Which will conflict with 165e989

@beraldoleal beraldoleal requested a review from a team as a code owner February 20, 2025 19:10
@beraldoleal
Copy link
Member Author

@mkulke @stevenhorsman The mkosi job seems to be flaky. I encountered a GPG failure in #2290 and also noticed it in #2297 and #2302.

This is an attempt to fix it.

@wainersm
Copy link
Member

@mkulke @stevenhorsman The mkosi job seems to be flaky. I encountered a GPG failure in #2290 and also noticed it in #2297 and #2302.

This is an attempt to fix it.

@beraldoleal latest two nightly CI for libvirt failed due that problem too.

@beraldoleal
Copy link
Member Author

beraldoleal commented Feb 20, 2025
edited
Loading

@beraldoleal latest two nightly CI for libvirt failed due that problem too.

Yes, but it seems the keys are already installed, so this PR will not fix. It looks like only a few rpm keys are missing.

@beraldoleal beraldoleal force-pushed the mkosi-ci-job-fix branch 2 times, most recently from 971a672 to cfcca34 Compare February 20, 2025 19:44
@mkulke
Copy link
Collaborator

mkulke commented Feb 20, 2025

thanks for addressing this, not sure about the gpg-keys, but we will also have to set --tools-tree-release=40 in the Dockerfile since mkosi 22 defaults to fedora v39. Similarly, we need to bump the kata agent in versions.yaml, because only the last kate release contains the fix to work with newer kernels.

https://cloud-native.slack.com/archives/C04A2EJ70BX/p1739967980219339?thread_ts=1739955191.414709&cid=C04A2EJ70BX

@beraldoleal
Copy link
Member Author

beraldoleal commented Feb 20, 2025
edited
Loading

@mkulke, do you mean bump kata-containers in go.mod?

@beraldoleal beraldoleal force-pushed the mkosi-ci-job-fix branch 2 times, most recently from 0792b6f to 37c4ca7 Compare February 20, 2025 20:08
@beraldoleal
mkosi: fix Fedora GPG key issue in mkosi build
293e321 
Fedora 30 is EOL. Attempt to bump to F40.

Signed-off-by: Beraldo Leal <bleal@redhat.com>
@beraldoleal
dependency: bump kata runtime to latest
1983861 
This should have required fixes for handling fedora 40.

Signed-off-by: Beraldo Leal <bleal@redhat.com>
@mkulke
Copy link
Collaborator

mkulke commented Feb 20, 2025

@mkulke, do you mean bump kata-containers in go.mod?

no, kata-agent in versions.yaml, although we should probably bump both

@stevenhorsman
Copy link
Member

@mkulke, do you mean bump kata-containers in go.mod?

no, kata-agent in versions.yaml, although we should probably bump both

@beraldoleal - are you able to bump the kata-agent, or do you want me to make the commit to this branch as it would be great to have the CI back in action. Thanks!

@beraldoleal
caa: bump kata-agent
3e3efb3 
This way we are going to be able to use newer fedora images.

Signed-off-by: Beraldo Leal <bleal@redhat.com>
@beraldoleal
Copy link
Member Author

@mkulke, do you mean bump kata-containers in go.mod?

no, kata-agent in versions.yaml, although we should probably bump both

@beraldoleal - are you able to bump the kata-agent, or do you want me to make the commit to this branch as it would be great to have the CI back in action. Thanks!

Hi @stevenhorsman , based previous bumps I just assumed this should be done via cached-artefacts registry. See my recent commit. Let me know if there is something else to do.

stevenhorsman
stevenhorsman approved these changes Feb 24, 2025
View reviewed changes
Copy link
Member

@stevenhorsman stevenhorsman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, assuming the tests are back passing. Thanks @beraldoleal!

@stevenhorsman stevenhorsman added the test_e2e_libvirt Run Libvirt e2e tests label Feb 24, 2025
@beraldoleal
Copy link
Member Author

@mkulke the error now is a little bit different with mkosi test. Expected? Have you seen this before?

@stevenhorsman
Copy link
Member

stevenhorsman commented Feb 24, 2025
edited
Loading

It looks like the s390x podvm-mkosi is still using f39?:

Import of key(s) didn't help, wrong key(s)?
updates                                          16 kB/s | 4.6 kB     00:00    
GPG key at https://fedoraproject.org/fedora.gpg (0xA15B79CC) is already installed
GPG key at https://fedoraproject.org/fedora.gpg (0xE99D6AD1) is already installed
GPG key at https://fedoraproject.org/fedora.gpg (0x105EF944) is already installed
GPG key at https://fedoraproject.org/fedora.gpg (0x31645531) is already installed
Public key for filesystem-3.18-6.fc39.s390x.rpm is not installed. Failing package is: filesystem-3.18-6.fc39.s390x
 GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for setup-2.14.4-1.fc39.noarch.rpm is not installed. Failing package is: setup-2.14.4-1.fc39.noarch
 GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
The GPG keys listed for the "updates" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: fedora-gpg-keys-39-2.noarch
 GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-release-39-36.noarch.rpm is not installed. Failing package is: fedora-release-39-36.noarch
 GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-release-common-39-36.noarch.rpm is not installed. Failing package is: fedora-release-common-39-36.noarch
 GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-release-identity-basic-39-36.noarch.rpm is not installed. Failing package is: fedora-release-identity-basic-39-36.noarch
 GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Public key for fedora-repos-39-2.noarch.rpm is not installed. Failing package is: fedora-repos-39-2.noarch
 GPG Keys are configured as: https://fedoraproject.org/fedora.gpg
Error: GPG check FAILED
‣ "env HOME=/ dnf --assumeyes --best --releasever=39 --installroot=/home/ansible/.cache/mkosi/mkosi-workspacebd5sal1q/root --setopt=keepcache=1 --setopt=logdir=/var/log --setopt=cachedir=/var/cache/dnf --setopt=persistdir=/var/lib/dnf --setopt=install_weak_deps=0 --setopt=check_config_file_age=0 '--disableplugin=*' --enableplugin=builddep --setopt=metadata_expire=never --config=/etc/dnf/dnf.conf --setopt=reposdir=/etc/yum.repos.d --setopt=varsdir=/etc/dnf/vars install filesystem" returned non-zero exit code 1.

do we need Release=40 in the s390x configs e.g. https://github.com/confidential-containers/cloud-api-adaptor/blob/main/src/cloud-api-adaptor/podvm-mkosi/mkosi.presets/system/mkosi.conf.d/fedora-s390x.conf too?

@beraldoleal
s390x: adding Release=40
cec44ae 
Lets see if this fixes the s390x issue.

Signed-off-by: Beraldo Leal <bleal@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevenhorsman stevenhorsman stevenhorsman approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
test_e2e_libvirt Run Libvirt e2e tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@beraldoleal @wainersm @mkulke @stevenhorsman