Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rancher-2.9/2.9.0-r2: cve remediation #26520

Merged
merged 5 commits into from
Aug 29, 2024
Merged

rancher-2.9/2.9.0-r2: cve remediation #26520

merged 5 commits into from
Aug 29, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Aug 17, 2024

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Aug 17, 2024

Open AI suggestions to solve the build error:

The error message is: "fatal: detected dubious ownership in repository at '/github/home'
To add an exception for this directory, call:

git config --global --add safe.directory /github/home
ERRO request failed error=\"Get \\\"./packages/apk-configuration\\\": unsupported protocol scheme \\\"\\\"\" method=GET url=./packages/apk-configuration
WARN ignoring missing keys: failed to perform key discovery: Get \"./packages/apk-configuration\": GET ./packages/apk-configuration giving up after 1 attempt(s): Get \"./packages/apk-configuration\": unsupported protocol scheme \"\"
WARN Failed to running update. Error: package github.com/docker/docker with version 'v23.0.15' is already at version v25.0.3+incompatible
ERRO ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-2179414078
INFO   guest dir: /temp/melange-guest-2978620500
ERRO failed to build package: unable to run package rancher-2.9 pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/rancher-2.9-2.9.0-r3.apk] Error 1
make[1]: Leaving directory '/github/home'
make: *** [Makefile:101: package/rancher-2.9] Error 2"

1. Run `git config --global --add safe.directory /github/home`.
2. Ensure the URL in the GET request uses a supported protocol.
3. Verify package version compatibility for `github.com/docker/docker`.
4. Check pipeline configuration for errors.
5. Re-run the build process.

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Aug 19, 2024

Open AI suggestions to solve the build error:

The error message is:

fatal: detected dubious ownership in repository at '/github/home'
To add an exception for this directory, call:

git config --global --add safe.directory /github/home
ERRO request failed error="Get "./packages/apk-configuration": unsupported protocol scheme """ method=GET url=./packages/apk-configuration
WARN ignoring missing keys: failed to perform key discovery: Get "./packages/apk-configuration": GET ./packages/apk-configuration giving up after 1 attempt(s): Get "./packages/apk-configuration": unsupported protocol scheme ""
WARN Error: Failed to running update. Error: package github.com/docker/docker with version 'v23.0.15' is already at version v25.0.3+incompatible
ERRO ERROR: failed to build package. the build environment has been preserved:
INFO workspace dir: /temp/melange-workspace-2345026034
INFO guest dir: /temp/melange-guest-1341036309
ERRO failed to build package: unable to run package rancher-2.9 pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/rancher-2.9-2.9.0-r3.apk] Error 1
make[1]: Leaving directory '/github/home'
make: *** [Makefile:101: package/rancher-2.9] Error 2


To fix this error:
1. Run `git config --global --add safe.directory /github/home`.
2. Correct the URL for `./packages/apk-configuration` to use a supported protocol.
3. Ensure Docker package versions are compatible.
4. Verify paths and dependencies in the Makefile.
5. Re-run the build process.

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Aug 19, 2024

Open AI suggestions to solve the build error:

The error message is: "fatal: detected dubious ownership in repository at '/github/home'
To add an exception for this directory, call:

git config --global --add safe.directory /github/home
ERRO request failed error=\"Get \\\"./packages/apk-configuration\\\": unsupported protocol scheme \\\"\\\"\"
WARN ignoring missing keys: failed to perform key discovery: Get \"./packages/apk-configuration\": GET ./packages/apk-configuration giving up after 1 attempt(s): Get \"./packages/apk-configuration\": unsupported protocol scheme \"\"
WARN Error: Failed to running update. Error: package github.com/docker/docker with version 'v23.0.15' is already at version v25.0.3+incompatible
ERRO ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-3387662707
INFO   guest dir: /temp/melange-guest-576320573
ERRO failed to build package: unable to run package rancher-2.9 pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/rancher-2.9-2.9.0-r3.apk] Error 1
make[1]: Leaving directory '/github/home'
make: *** [Makefile:101: package/rancher-2.9] Error 2
##[error]Process completed with exit code 2."

1. Run `git config --global --add safe.directory /github/home`.
2. Correct the URL in `./packages/apk-configuration` to use `http` or `https`.
3. Check Docker package version compatibility.
4. Verify pipeline configuration.
5. Re-run the build.

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Aug 28, 2024

Open AI suggestions to solve the build error:

The error message is: "fatal: detected dubious ownership in repository at '/github/home'
To add an exception for this directory, call:

git config --global --add safe.directory /github/home
ERRO request failed error=\"Get \\\"./packages/apk-configuration\\\": unsupported protocol scheme \\\"\\\"\" method=GET url=./packages/apk-configuration
WARN ignoring missing keys for ./packages: failed to perform key discovery: Get \"./packages/apk-configuration\": GET ./packages/apk-configuration giving up after 1 attempt(s): Get \"./packages/apk-configuration\": unsupported protocol scheme \"\"
WARN Error: Failed to running update. Error: package github.com/docker/docker with version 'v23.0.15' is already at version v25.0.3+incompatible
ERRO ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-3504942631
INFO   guest dir: /temp/melange-guest-3424930909
ERRO failed to build package: unable to run package rancher-2.9 pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/rancher-2.9-2.9.0-r3.apk] Error 1
make[1]: Leaving directory '/github/home'
make: *** [Makefile:101: package/rancher-2.9] Error 2
##[error]Process completed with exit code 2."

1. Run `git config --global --add safe.directory /github/home`.
2. Check the URL in `./packages/apk-configuration` for the correct protocol scheme.
3. Ensure the correct version of `github.com/docker/docker` is specified.
4. Verify the build environment and dependencies.
5. Re-run the build process.

@philroche philroche mentioned this pull request Aug 29, 2024
Merged
@philroche
Copy link
Contributor

PR #27299 will enable successful build

cpanato
cpanato previously approved these changes Aug 29, 2024
View reviewed changes
@philroche
cve rancher 2.9 36b671989ad13000c1c8c11d7d8ad0f0 (#27299)
e4e5b23 
- **rancher-2.9/2.9.0-r2: fix GHSA-v23v-6jw2-98fq**
- **fix(CVE): remove go/bump as these docker deps are too old and need
upgraded by upstream**
- **fix(CVE): Bump rancher-2.9 sub package checksums**

---------

Signed-off-by: philroche <[email protected]>
@philroche
Copy link
Contributor

"Package Update Config Check " check failrue can be ignored as it will be handled by a subsequent version bump PR.

@jamie-albert jamie-albert merged commit 3be278e into main Aug 29, 2024
12 of 13 checks passed
@jamie-albert jamie-albert deleted the cve-rancher-2.9-36b671989ad13000c1c8c11d7d8ad0f0 branch August 29, 2024 12:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jamie-albert jamie-albert jamie-albert approved these changes

@cpanato cpanato cpanato left review comments

Assignees

@philroche philroche

Labels
automated pr GHSA-v23v-6jw2-98fq go/bump rancher-2.9/2.9.0-r2 request-cve-remediation service:bincapz/pass
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@philroche @cpanato @jamie-albert @xnox