← Back to issue list

Rockcraft ignores configured staging Pro contract URL when building with `--pro=fips-updates`

View original Github issue

Metadata

Project
rockcraft
Number
#910
Type
issue
State
open
Author
bschimke95
Labels
Created
2025-07-01 10:24:42+00:00
Updated
2025-07-14 14:51:03+00:00
Closed

Current evaluation

No evaluation has been recorded for this issue yet.

Issue body

### Bug Description I'm attempting to build a Rock with Ubuntu Pro features (`fips-updates`) enabled, following the guidance from [this tutorial](https://discourse.ubuntu.com/t/build-rocks-with-ubuntu-pro-services/57578), using a Multipass VM that has Ubuntu Pro enabled and uses `rockcraft` on `/edge/pro-sources`. However, when running: ```bash sudo rockcraft pack --pro=fips-updates ``` I receive the following error: ``` Request error when trying to retrieve the guest token. Full execution log: '/root/.local/state/rockcraft/log/rockcraft-20250701-093309.982978.log' ``` The logs indicate that Rockcraft attempts to contact the **production** Ubuntu Pro contract server: ``` requests.exceptions.HTTPError: 401 Client Error: for url: https://contracts.canonical.com/v1/contracts/... ``` This is despite the system being explicitly configured to use the **staging** Pro contract server, as set in `/etc/ubuntu-advantage/uaclient.conf`: ```yaml contract_url: https://contracts.staging.canonical.com ``` This configuration works with other Pro tooling on the system. However, it appears that Rockcraft does **not respect** the staging URL set in the system config and instead defaults to the production URL when attempting to retrieve a guest token. **Expected behavior**: Rockcraft should honor the configured contract URL in `/etc/ubuntu-advantage/uaclient.conf` when requesting a guest token for Ubuntu Pro features. **Impact**: This prevents building Rocks with Pro features in internal CI environments that are intentionally pointed to staging infrastructure to avoid overloading production servers. ### To Reproduce 1. Configure the host system with a staging Pro token, set the contract URL to `https://contracts.staging.canonical.com` in `/etc/ubuntu-advantage/uaclient.conf` and use the `edge/pro-sources` branch of Rockcraft. 2. Run `sudo rockcraft pack --pro=fips-updates`. 3. Observe the failure due to the guest token being requested from the production endpoint. ### Environment Should not be relevant but tested on: * Ubuntu 22.04 inside a Ubuntu Pro-enabled 22.04 Multipass VM ### rockcraft.yaml ```yaml name: metallb-controller summary: Rock for the Metallb controller. description: > This rock is a drop in replacement for the quay.io/metallb/controller image. version: v0.14.9 license: Apache-2.0 base: bare build-base: ubuntu@22.04 platforms: amd64: arm64: entrypoint-service: controller services: controller: command: /controller [ -h ] override: replace startup: enabled parts: add-base-files: plugin: nil stage-packages: # Original Dockerfile uses gcr.io/distroless/static:latest as a base. # This image contains the following: # https://github.com/GoogleContainerTools/distroless/blob/1533e54a73805ec13fe0cc68218fc7a215a0a6f7/base/README.md - ca-certificates - tzdata - base-passwd - bash - coreutils # Can't have stage packages and stage slices together, apparently. add-base-slices: plugin: nil stage-packages: - base-files_tmp build-deps: plugin: nil build-snaps: - go/1.22/stable controller: after: [build-deps] plugin: go source-type: git source: https://github.com/metallb/metallb source-tag: v0.14.9 source-depth: 1 override-build: | GIT_COMMIT=`git rev-parse HEAD` # We'll use the tag name. GIT_BRANCH=`git describe --tags --abbrev=0` CGO_ENABLED=0 go build -v -o $CRAFT_PART_INSTALL/controller \ -ldflags "-X 'go.universe.tf/metallb/internal/version.gitCommit=${GIT_COMMIT}' -X 'go.universe.tf/metallb/internal/version.gitBranch=${GIT_BRANCH}'" \ ./controller cp $CRAFT_PART_BUILD/LICENSE $CRAFT_PART_INSTALL/ ``` ### Relevant log output ```shell 2025-07-01 09:33:16.309 Executing on host: lxc --project rockcraft config device show local:rockcraft-metallb-controller-amd64-4 2025-07-01 09:33:16.377 Executing on host: lxc --project rockcraft config device remove local:rockcraft-metallb-controller-amd64-4 disk-/root/project 2025-07-01 09:33:16.481 Executing on host: lxc --project rockcraft stop local:rockcraft-metallb-controller-amd64-4 2025-07-01 09:33:20.548 Request error when trying to retrieve the guest token. 2025-07-01 09:33:20.551 Traceback (most recent call last): 2025-07-01 09:33:20.551 File "/snap/rockcraft/3384/lib/python3.12/site-packages/craft_providers/pro.py", line 78, in request_pro_guest_token 2025-07-01 09:33:20.551 response.raise_for_status() 2025-07-01 09:33:20.551 File "/snap/rockcraft/3384/lib/python3.12/site-packages/requests/models.py", line 1024, in raise_for_status 2025-07-01 09:33:20.551 raise HTTPError(http_error_msg, response=self) 2025-07-01 09:33:20.551 requests.exceptions.HTTPError: 401 Client Error: for url: https://contracts.canonical.com/v1/contracts/cAEU6p_D3E5Wcb48FAZqZUn7KzXc5SKvuHGUnopS36EQ/context/machines/e523c43785514bcd871331d6c9be6228/guest-token 2025-07-01 09:33:20.551 2025-07-01 09:33:20.551 During handling of the above exception, another exception occurred: 2025-07-01 09:33:20.551 Traceback (most recent call last): 2025-07-01 09:33:20.551 File "/snap/rockcraft/3384/lib/python3.12/site-packages/craft_application/application.py", line 758, in run 2025-07-01 09:33:20.551 return_code = self._run_inner() 2025-07-01 09:33:20.551 ^^^^^^^^^^^^^^^^^ 2025-07-01 09:33:20.551 File "/snap/rockcraft/3384/lib/python3.12/site-packages/craft_application/application.py", line 742, in _run_inner 2025-07-01 09:33:20.551 self.run_managed(platform, build_for) 2025-07-01 09:33:20.551 File "/snap/rockcraft/3384/lib/python3.12/site-packages/craft_application/application.py", line 506, in run_managed 2025-07-01 09:33:20.551 self._configure_instance_with_pro(instance) 2025-07-01 09:33:20.551 File "/snap/rockcraft/3384/lib/python3.12/site-packages/craft_application/application.py", line 456, in _configure_instance_with_pro 2025-07-01 09:33:20.551 instance.attach_pro_subscription() # type: ignore # noqa: PGH003 2025-07-01 09:33:20.551 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2025-07-01 09:33:20.551 File "/snap/rockcraft/3384/lib/python3.12/site-packages/craft_providers/lxd/lxd_instance.py", line 639, in attach_pro_subscription 2025-07-01 09:33:20.551 pro_token=pro.request_pro_guest_token(), 2025-07-01 09:33:20.551 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 2025-07-01 09:33:20.551 File "/snap/rockcraft/3384/lib/python3.12/site-packages/craft_providers/pro.py", line 92, in request_pro_guest_token 2025-07-01 09:33:20.551 raise GuestTokenError( 2025-07-01 09:33:20.551 craft_providers.errors.GuestTokenError: Request error when trying to retrieve the guest token. 2025-07-01 09:33:20.551 Full execution log: '/root/.local/state/rockcraft/log/rockcraft-20250701-093309.982978.log' ```

Evaluation history

No evaluation history available.