NO-ISSUE: <carry>: fix: set NoLchown=true to allow image unpack on OCPci

[camilamacedo86]

The change is required to allow the tests run in the OCP/ci. See that we are facing the error:

Will run �[1m4�[0m of �[1m4�[0m specs
Using registry auth file: /var/run/secrets/ci.openshift.io/cluster-profile/pull-secret
no default policy found for (registry.redhat.io/redhat/certified-operator-index:v4.18), using insecure policy
�[38;5;243m------------------------------�[0m
�[38;5;9m• [FAILED] [3.087 seconds]�[0m
�[0mCheck Catalog Consistency �[38;5;9m�[1m[It] validates image: certified-operator-index�[0m
�[38;5;243m/go/src/github.com/openshift/operator-framework-operator-controller/openshift/default-catalog-consistency/test/validate/suite_test.go:30�[0m

  �[38;5;243mTimeline >>�[0m
  �[1mSTEP:�[0m Validating image: registry.redhat.io/redhat/certified-operator-index:v4.18 �[38;5;243m@ 05/19/25 13:04:30.923�[0m
  �[38;5;9m[FAILED]�[0m in [It] - /go/src/github.com/openshift/operator-framework-operator-controller/openshift/default-catalog-consistency/test/validate/suite_test.go:35 �[38;5;243m@ 05/19/25 13:04:34.009�[0m
  �[38;5;243m<< Timeline�[0m

  �[38;5;9m[FAILED] Unexpected error:
      <*fmt.wrapError | 0xc0005a6040>: 
      extract filesystem: apply layer 0: lchown /tmp/oci-certified-operator-index-3726979694/fs/afs: operation not permitted
      {
          msg: "extract filesystem: apply layer 0: lchown /tmp/oci-certified-operator-index-3726979694/fs/afs: operation not permitted",
          err: <*fmt.wrapError | 0xc0005a6020>{
              msg: "apply layer 0: lchown /tmp/oci-certified-operator-index-3726979694/fs/afs: operation not permitted",
              err: <*fs.PathError | 0xc0005a4060>{
                  Op: "lchown",
                  Path: "/tmp/oci-certified-operator-index-3726979694/fs/afs",
                  Err: <syscall.Errno>0x1,
              },
          },
      }
  occurred�[0m

[tmshort]

AFAICT, this avoids running lchown - or at least invoking the system call.

Where are we seeing this problem?

[camilamacedo86]

Hi @tmshort

We need to integrate this test with OCP/periodics, see: openshift/release#65050
When the tests are executed in the CI we are facing the issue:

msg: "apply layer 0: lchown /tmp/oci-certified-operator-index-3726979694/fs/afs: operation not permitted",
              err: <*fs.PathError | 0xc0005a4060>{
                  Op: "lchown",
                  Path: "/tmp/oci-certified-operator-index-3726979694/fs/afs",
                  Err: <syscall.Errno>0x1,
              },

I understand that setting NoLchown: true tells the unpacking process to skip the lchown() calls.
I tested locally all still working but I need to make it work in the CI env,

We don’t really need the file ownership metadata here—we’re not the owners of the image or the files inside. We just need to unpack the image so things can run in CI without throwing permission errors.

Hope that makes sense! Let me know if I’m missing something.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: camilamacedo86, grokspawn

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS [grokspawn]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@camilamacedo86: This pull request explicitly references no jira issue.

In response to this:

The change is required to allow the tests run in the OCP/ci. See that we are facing the error:

Will run �[1m4�[0m of �[1m4�[0m specs
Using registry auth file: /var/run/secrets/ci.openshift.io/cluster-profile/pull-secret
no default policy found for (registry.redhat.io/redhat/certified-operator-index:v4.18), using insecure policy
�[38;5;243m------------------------------�[0m
�[38;5;9m• [FAILED] [3.087 seconds]�[0m
�[0mCheck Catalog Consistency �[38;5;9m�[1m[It] validates image: certified-operator-index�[0m
�[38;5;243m/go/src/github.com/openshift/operator-framework-operator-controller/openshift/default-catalog-consistency/test/validate/suite_test.go:30�[0m

 �[38;5;243mTimeline >>�[0m
 �[1mSTEP:�[0m Validating image: registry.redhat.io/redhat/certified-operator-index:v4.18 �[38;5;243m@ 05/19/25 13:04:30.923�[0m
 �[38;5;9m[FAILED]�[0m in [It] - /go/src/github.com/openshift/operator-framework-operator-controller/openshift/default-catalog-consistency/test/validate/suite_test.go:35 �[38;5;243m@ 05/19/25 13:04:34.009�[0m
 �[38;5;243m<< Timeline�[0m

 �[38;5;9m[FAILED] Unexpected error:
     <*fmt.wrapError | 0xc0005a6040>: 
     extract filesystem: apply layer 0: lchown /tmp/oci-certified-operator-index-3726979694/fs/afs: operation not permitted
     {
         msg: "extract filesystem: apply layer 0: lchown /tmp/oci-certified-operator-index-3726979694/fs/afs: operation not permitted",
         err: <*fmt.wrapError | 0xc0005a6020>{
             msg: "apply layer 0: lchown /tmp/oci-certified-operator-index-3726979694/fs/afs: operation not permitted",
             err: <*fs.PathError | 0xc0005a4060>{
                 Op: "lchown",
                 Path: "/tmp/oci-certified-operator-index-3726979694/fs/afs",
                 Err: <syscall.Errno>0x1,
             },
         },
     }
 occurred�[0m

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

Distgit: ose-olm-catalogd
This PR has been included in build ose-olm-catalogd-container-v4.20.0-202505192121.p0.ga2c9bd8.assembly.stream.el9.
All builds following this will include this PR.

[openshift-bot]

[ART PR BUILD NOTIFIER]

Distgit: ose-olm-operator-controller
This PR has been included in build ose-olm-operator-controller-container-v4.20.0-202505192121.p0.ga2c9bd8.assembly.stream.el9.
All builds following this will include this PR.