Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Capture all fedora atomic variants in install script #11170

Merged
merged 3 commits into from
Oct 31, 2024
Merged

Capture all fedora atomic variants in install script #11170

merged 3 commits into from
Oct 31, 2024

Conversation

dereknola
Copy link
Member

Proposed Changes

  • As suggested in the linked issue, instead of adding a VARIANT_ID for every flavor of fedora atomic just look and see if this is fedora and a ostree (i.e. rpm-ostree) package manager is available.

Types of Changes

Verification

Tested on a kinoite, the EOL fedora Atomic and coreos VMs.

Testing

Linked Issues

#9361

User-Facing Change

Allow easier installation of k3s on all variants of fedora atomic that use rpm-ostree

Further Comments

@dereknola dereknola requested a review from a team as a code owner October 24, 2024 18:38
@dereknola dereknola mentioned this pull request Oct 24, 2024
Closed
@dereknola
Capture all fedora atomic variants in install script
bedb25f 
Signed-off-by: Derek Nola <derek.nola@suse.com>
brandond
brandond previously approved these changes Oct 24, 2024
View reviewed changes
@codecov Codecov
Copy link

codecov bot commented Oct 24, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 41.89%. Comparing base (9be4076) to head (991183e).
Report is 6 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (9be4076) and HEAD (991183e). Click for more details.

HEAD has 8 uploads less than BASE
Flag BASE (9be4076) HEAD (991183e)
unittests 2 1
e2etests 13 6
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11170      +/-   ##
==========================================
- Coverage   46.94%   41.89%   -5.06%     
==========================================
  Files         178      178              
  Lines       18498    18498              
==========================================
- Hits         8684     7749     -935     
- Misses       8461     9544    +1083     
+ Partials     1353     1205     -148
Flag Coverage Δ
e2etests 34.00% <ø> (-8.23%) ⬇️
inttests 34.65% <ø> (+0.03%) ⬆️
unittests 13.11% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@AdamNowotny
Copy link

Just tested this on Bluefin. It doesn't work unless the ID checks are replaced with ID_LIKE.
I created a similar PR (#11167) that checks for ID and VARIANT instead but happy to go with this as long as we can check ID_LIKE. Would that break on other systems?

# cat /etc/os-release 
NAME="Bluefin"
VERSION="40.20241021.0 (Silverblue)"
ID=bluefin
ID_LIKE="fedora"
VERSION_ID=40
VERSION_CODENAME="Archaeopteryx"
PLATFORM_ID="platform:f40"
PRETTY_NAME="Bluefin-dx 40 (FROM Fedora Silverblue)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:universal-blue:bluefin:40"
DEFAULT_HOSTNAME="bluefin"
HOME_URL="https://projectbluefin.io"
DOCUMENTATION_URL="https://docs.projectbluefin.io"
SUPPORT_URL="https://github.com/ublue-os/bluefin/issues/"
BUG_REPORT_URL="https://github.com/ublue-os/bluefin/issues/"
SUPPORT_END=2025-05-13
VARIANT="Silverblue"
VARIANT_ID=bluefin-dx-nvidia
OSTREE_VERSION='40.20241021.0'
BUILD_ID="78bbc1a"

@cwayne18
Copy link
Member

/trivy

@github-actions GitHub Actions
Copy link
Contributor

❌ Trivy scan action failed, check logs ❌

@cwayne18
Copy link
Member

/trivy

@github-actions GitHub Actions
Copy link
Contributor 


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://aquasecurity.github.io/trivy/v0.56/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


bin/cni (gobinary)
==================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/containerd-shim-runc-v2 (gobinary)
======================================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/k3s (gobinary)
==================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/runc (gobinary)
===================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

@dereknola
Cover bluefin and other "fedora-like" OS as well
6f1078c 
Signed-off-by: Derek Nola <derek.nola@suse.com>
@dereknola
Copy link
Member Author

@AdamNowotny I've updated the PR to cover Bluefin. We do appreciate your PR, which is the 3rd such PR we have seen around fedora atomic derived OSes. I'm hoping to "cover everything" with this PR going forward rather than having other future PRs pop up with more VARIANT_IDs.

@dereknola
Also cover reboot warning
991183e 
Signed-off-by: Derek Nola <derek.nola@suse.com>
@AdamNowotny
Copy link

@dereknola Just tested this branch and looks good on Bluefin now. I'll close my PR.

VestigeJ
VestigeJ approved these changes Oct 31, 2024
View reviewed changes
Copy link

@VestigeJ VestigeJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dereknola dereknola merged commit 4f714d3 into k3s-io:master Oct 31, 2024
37 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VestigeJ VestigeJ VestigeJ approved these changes

@briandowns briandowns briandowns approved these changes

@cwayne18 cwayne18 cwayne18 approved these changes

@brandond brandond brandond approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dereknola @AdamNowotny @cwayne18 @brandond @briandowns @VestigeJ