Ignore CLI and catatonit for MTA

[fbladilo]

• mta-cli can't have CGO_ENABLED set
• catatonit needs to be ignored

[openshift-ci]

Hi @fbladilo. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[fbladilo]

@kolyshkin @rphillips review when you get a chance, much appreciated

[kolyshkin]

There is already an exception for catatonit (lines 100-102 above). I guess this one is not packaged as rpm?

[fbladilo]

@kolyshkin One would think that the rpm exception mentioned would cover since :
podman run --rm -it --entrypoint /bin/bash e934d4dbe40d
bash-5.1$ rpm -qf /usr/libexec/catatonit/catatonit
catatonit-0.2.0-1.el9.x86_64

But it gets flagged :
sudo ./check-payload scan image operator --spec registry-proxy.engineering.redhat.com/rh-osbs/mta-mta-rhel9-operator:7.3.1-2 I0528 08:49:56.680357 17092 main.go:306] using config file: config.toml I0528 08:49:56.680378 17092 main.go:102] "scan" version="0.3.5-0-gb545135b-dirty" I0528 08:49:58.606981 17092 scan.go:460] "scanning failed" image="registry-proxy.engineering.redhat.com/rh-osbs/mta-mta-rhel9-operator:7.3.1-2" path="/usr/libexec/catatonit/catatonit" error="executable is not dynamically linked" component="mta-operator-container" tag="" rpm="catatonit" status="failed" ---- Failure Report +------------------------+-----------+----------------------------------+--------------------------------------+------------------------------------------------------------------------------+ | OPERATOR NAME | RPM NAME | EXECUTABLE NAME | STATUS | IMAGE | +------------------------+-----------+----------------------------------+--------------------------------------+------------------------------------------------------------------------------+ | mta-operator-container | catatonit | /usr/libexec/catatonit/catatonit | executable is not dynamically linked | registry-proxy.engineering.redhat.com/rh-osbs/mta-mta-rhel9-operator:7.3.1-2 | +------------------------+-----------+----------------------------------+--------------------------------------+------------------------------------------------------------------------------+ F0528 08:49:58.782403 17092 main.go:294] Error: run failed
We don't even install catatonit , it comes as part of the ansible-operator base image

[kolyshkin]

This is because the RPM used to be called podman-catatonit and now it's just catatonit. I'm afraid we have to specify both, so something like

 [[rpm.podman-catatonit.ignore]]
 error = "ErrNotDynLinked"
 files = ["/usr/libexec/catatonit/catatonit"]
 
+[[rpm.catatonit.ignore]]
+error = "ErrNotDynLinked"
+files = ["/usr/libexec/catatonit/catatonit"]
+

Using rpm is preferable because other payloads may have the same package.

Same with /usr/local/bin/mta-cli -- if it comes from an rpm, you can make the exclusion rule smaller by listing it only once. If it doesn't, you have to list every payload (as you currently do).

[fbladilo]

@kolyshkin Makes sense for catatonit, I will add the RPM name variant. As for mta-cli, it is not a RPM unfortunately.

[kolyshkin]

Now if you can remove the catatonit from the first commit (to minimize git history noise), that'd be great.

[fbladilo]

@kolyshkin Done

[kolyshkin]

LGTM, thanks!

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fbladilo, kolyshkin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [kolyshkin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 19c5b32 and 2 for PR HEAD 3cdc217 in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 19c5b32 and 2 for PR HEAD 3cdc217 in total

[fbladilo]

/retest

[openshift-ci]

@fbladilo: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[rphillips]

/ok-to-test

[rphillips]

Opened a PR to fix the images test #266

/override ci/prow/images

[openshift-ci]

@rphillips: Overrode contexts on behalf of rphillips: ci/prow/images

Details

In response to this:

Opened a PR to fix the images test #266

/override ci/prow/images

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@fbladilo: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.