Links with long paths cause an error when rebasing on a layered oci image.

[jmarrero]

An image built from a Dockerfile like:

FROM quay.io/cgwalters/fcos
RUN rpm-ostree install usbguard && rpm-ostree cleanup -m

Can be used to run a container successfully. However, when using it for rebasing we get a fatal error:

[core@tutorial ~]$ sudo rpm-ostree rebase --experimental ostree-unverified-registry:quay.io/jmarrero_rh/my-custom-fcos:usbguard --bypass-driverrero_rh/my-custom-fcos:usbguard --bypass-driver

Pulling manifest: ostree-unverified-image:docker://quay.io/jmarrero_rh/my-custom-fcos:usbguard
Importing: ostree-unverified-image:docker://quay.io/jmarrero_rh/my-custom-fcos:usbguard (digest: sha256:0b1d780fccdfc37a76d0c669b76fc4894bf5529625443ffb5fae02a78215e784)
Downloading base layer: sha256:32d462eed69a178d5dd54654d505c6a59b48b55264795e7d17621ea0cc3c1e7d (750.5 MB)
Downloading layer: sha256:d1b8ba23795851ee62cb13eb2a993decb414ec6b6f01a9ed5950b34054de0ffa (309 bytes)
Downloading layer: sha256:6754fb92ebb364d5d7c0a9b8c964981c631b187ebb76e91e89d4d1592395b716 (71.2 MB)
Downloading layer: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 (32 bytes)
Downloading layer: sha256:c44fd984437b70583a2821ac6a8e5f0e3f367a12c765a92f62c87d065c71cb9a (35.3 MB)
error: Parsing layer blob sha256:c44fd984437b70583a2821ac6a8e5f0e3f367a12c765a92f62c87d065c71cb9a: Failed to commit tar: ExitStatus(ExitStatus(256)): error: No such file or directory: clean.cpython-310.opt-1.p

Tested with usbguard & keylime both which end up with the same error.

[cgwalters]

This is probably related to https://bugzilla.redhat.com/show_bug.cgi?id=1290659 - it may help for us to run through the pathname translation bits which we can probably do better after #3340 lands.

[jmarrero]

rebasing on an image with usbguard seems to throw a similar error but it's a different file.

    ostree-unverified-registry:quay.io/jmarrero_rh/my-custom-fcos:usbguard
Pulling manifest: ostree-unverified-image:docker://quay.io/jmarrero_rh/my-custom-fcos:usbguard
Importing: ostree-unverified-image:docker://quay.io/jmarrero_rh/my-custom-fcos:usbguard (digest: sha256:3adb857112001b5324ce0a711a4b9fe2483fc1ab396da332044155f5732ed2c6)
Downloading base layer: sha256:32d462eed69a178d5dd54654d505c6a59b48b55264795e7d17621ea0cc3c1e7d (750.5 MB)
Downloading layer: sha256:88fca5f84412ea62e9d3ef8086abf5b94c69e97b97a21d0e8100c8b25b4751da (308 bytes)
Downloading layer: sha256:6634387d790390347b51197df1ad9400ddfd8e8e12c0cb7c21941608bef5c611 (71.2 MB)
Downloading layer: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 (32 bytes)
Downloading layer: sha256:16cf6276885e1d52624e42e7bd078374648e8b2846f5e9fc6486dd6d7fc9d280 (35.3 MB)
error: Parsing layer blob sha256:16cf6276885e1d52624e42e7bd078374648e8b2846f5e9fc6486dd6d7fc9d280: Failed to commit tar: ExitStatus(unix_wait_status(256)): error: No such file or directory: clean.cpython-310.opt-1.p

Last week @cgwalters noted that test_RSA.cpython-310.opt-1. has two hard links. Looking at the usbguard image rebase instead of keylime it looks like the file the rebase complains about has the same number of hardlinks:

-rw-r--r--. 2 root root  2095 Jan 17 13:27 clean.cpython-310.opt-1.pyc

The rebase error is looking unrelated to SELinux.

[jmarrero]

With ostreedev/ostree-rs-ext#251

Now we can successfully rebase:

[root@tutorial ~]# sudo rpm-ostree rebase --experimental \
    ostree-unverified-registry:quay.io/jmarrero_rh/my-custom-fcos:usbguard
Pulling manifest: ostree-unverified-image:docker://quay.io/jmarrero_rh/my-custom-fcos:usbguard
Importing: ostree-unverified-image:docker://quay.io/jmarrero_rh/my-custom-fcos:usbguard (digest: sha256:0b1d780fccdfc37a76d0c669b76fc4894bf5529625443ffb5fae02a78215e784)
Downloading base layer: sha256:32d462eed69a178d5dd54654d505c6a59b48b55264795e7d17621ea0cc3c1e7d (750.5 MB)
Downloading layer: sha256:d1b8ba23795851ee62cb13eb2a993decb414ec6b6f01a9ed5950b34054de0ffa (309 bytes)
Downloading layer: sha256:6754fb92ebb364d5d7c0a9b8c964981c631b187ebb76e91e89d4d1592395b716 (71.2 MB)
Downloading layer: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 (32 bytes)
Downloading layer: sha256:c44fd984437b70583a2821ac6a8e5f0e3f367a12c765a92f62c87d065c71cb9a (35.3 MB)
Staging deployment... done
Added:
  checkpolicy-3.3-1.fc35.x86_64
  libqb-2.0.4-1.fc35.x86_64
  libxcrypt-compat-4.4.27-2.fc35.x86_64
  mpdecimal-2.5.1-2.fc35.x86_64
  policycoreutils-python-utils-3.3-1.fc35.noarch
  protobuf-3.14.0-6.fc35.x86_64
  python-pip-wheel-21.2.3-4.fc35.noarch
  python-setuptools-wheel-57.4.0-1.fc35.noarch
  python-unversioned-command-3.10.2-1.fc35.noarch
  python3-3.10.2-1.fc35.x86_64
  python3-audit-3.0.7-1.fc35.x86_64
  python3-libs-3.10.2-1.fc35.x86_64
  python3-libselinux-3.3-1.fc35.x86_64
  python3-libsemanage-3.3-1.fc35.x86_64
  python3-policycoreutils-3.3-1.fc35.noarch
  python3-setools-4.4.0-3.fc35.x86_64
  python3-setuptools-57.4.0-1.fc35.noarch
  usbguard-1.0.0-6.fc35.x86_64
  usbguard-selinux-1.0.0-6.fc35.noarch
Changes queued for next boot. Run "systemctl reboot" to start a reboot
[root@tutorial ~]# 

after reboot:

[core@tutorial ~]$ usbguard
 Usage: usbguard [OPTIONS] <command> [COMMAND OPTIONS] ...

[jmarrero]

Closed with: ostreedev/ostree-rs-ext#251