Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Capture all fedora atomic variants in install script #11170

Merged
merged 3 commits into from
Oct 31, 2024

Conversation

dereknola
Copy link
Member

@dereknola dereknola commented Oct 24, 2024

Proposed Changes

  • As suggested in the linked issue, instead of adding a VARIANT_ID for every flavor of fedora atomic just look and see if this is fedora and a ostree (i.e. rpm-ostree) package manager is available.

Types of Changes

Verification

Tested on a kinoite, the EOL fedora Atomic and coreos VMs.

Testing

Linked Issues

User-Facing Change

Allow easier installation of k3s on all variants of fedora atomic that use rpm-ostree

Further Comments

@dereknola dereknola force-pushed the fedora_atomic_flavors branch from 0dc1bbc to bedb25f Compare October 24, 2024 18:45
brandond
brandond previously approved these changes Oct 24, 2024
Copy link

codecov bot commented Oct 24, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 41.89%. Comparing base (9be4076) to head (991183e).
Report is 6 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (9be4076) and HEAD (991183e). Click for more details.

HEAD has 8 uploads less than BASE
Flag BASE (9be4076) HEAD (991183e)
unittests 2 1
e2etests 13 6
Additional details and impacted files
@@            Coverage Diff             @@
##           master   #11170      +/-   ##
==========================================
- Coverage   46.94%   41.89%   -5.06%     
==========================================
  Files         178      178              
  Lines       18498    18498              
==========================================
- Hits         8684     7749     -935     
- Misses       8461     9544    +1083     
+ Partials     1353     1205     -148     
Flag Coverage Δ
e2etests 34.00% <ø> (-8.23%) ⬇️
inttests 34.65% <ø> (+0.03%) ⬆️
unittests 13.11% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@AdamNowotny
Copy link

Just tested this on Bluefin. It doesn't work unless the ID checks are replaced with ID_LIKE.
I created a similar PR (#11167) that checks for ID and VARIANT instead but happy to go with this as long as we can check ID_LIKE. Would that break on other systems?

# cat /etc/os-release 
NAME="Bluefin"
VERSION="40.20241021.0 (Silverblue)"
ID=bluefin
ID_LIKE="fedora"
VERSION_ID=40
VERSION_CODENAME="Archaeopteryx"
PLATFORM_ID="platform:f40"
PRETTY_NAME="Bluefin-dx 40 (FROM Fedora Silverblue)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:universal-blue:bluefin:40"
DEFAULT_HOSTNAME="bluefin"
HOME_URL="https://projectbluefin.io"
DOCUMENTATION_URL="https://docs.projectbluefin.io"
SUPPORT_URL="https://github.com/ublue-os/bluefin/issues/"
BUG_REPORT_URL="https://github.com/ublue-os/bluefin/issues/"
SUPPORT_END=2025-05-13
VARIANT="Silverblue"
VARIANT_ID=bluefin-dx-nvidia
OSTREE_VERSION='40.20241021.0'
BUILD_ID="78bbc1a"

@cwayne18
Copy link
Member

/trivy

Copy link
Contributor

❌ Trivy scan action failed, check logs ❌

@cwayne18
Copy link
Member

/trivy

Copy link
Contributor


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://aquasecurity.github.io/trivy/v0.56/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


bin/cni (gobinary)
==================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/containerd-shim-runc-v2 (gobinary)
======================================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/k3s (gobinary)
==================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

bin/runc (gobinary)
===================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version  │                           Title                           │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼───────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-34156 │ HIGH     │ fixed  │ 1.22.6            │ 1.22.7, 1.23.1 │ encoding/gob: golang: Calling Decoder.Decode on a message │
│         │                │          │        │                   │                │ which contains deeply nested structures...                │
│         │                │          │        │                   │                │ https://avd.aquasec.com/nvd/cve-2024-34156                │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴───────────────────────────────────────────────────────────┘

@dereknola
Copy link
Member Author

@AdamNowotny I've updated the PR to cover Bluefin. We do appreciate your PR, which is the 3rd such PR we have seen around fedora atomic derived OSes. I'm hoping to "cover everything" with this PR going forward rather than having other future PRs pop up with more VARIANT_IDs.

Signed-off-by: Derek Nola <[email protected]>
@AdamNowotny
Copy link

@dereknola Just tested this branch and looks good on Bluefin now. I'll close my PR.

Copy link

@VestigeJ VestigeJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dereknola dereknola merged commit 4f714d3 into k3s-io:master Oct 31, 2024
37 checks passed
@dereknola dereknola deleted the fedora_atomic_flavors branch November 14, 2024 17:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants