[release-0.0.99.5] Prepare stable branch (part 1)#1739
Conversation
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
Detected by https://www.shellcheck.net/: Line 1255: if ! localtime_target=$(readlink /etc/localtime >/dev/null 2>&3) \ ^-- SC2327 (warning): This command substitution will be empty because the command's output gets redirected away. ^-- SC2328 (error): This redirection takes output away from the command substitution. See: https://www.shellcheck.net/wiki/SC2327 https://www.shellcheck.net/wiki/SC2328 Fallout from 8db414d containers#1701 containers#1739 (cherry picked from commit d32dd5d)
Summary of ChangesHello @debarshiray, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request is a preparatory step for the Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
b6fdb0a to
a67f614
Compare
There was a problem hiding this comment.
Code Review
This pull request prepares the release-0.0.99.5 stable branch, primarily to address the security vulnerability GHSA-4f99-4q7p-p3gh. The changes include a fix in the legacy toolbox shell script, updates to the Zuul CI configuration for the new release branch, and a significant removal of container image definitions for various distributions. This cleanup of images for Arch, older Fedora versions, RHEL, and Ubuntu seems intended to reduce the maintenance surface for this stable release. The fix in the toolbox script is a step in the right direction, and I've provided a suggestion to make it even more robust, aligning it with the fix made in the Go implementation.
|
Build failed. ✔️ unit-test SUCCESS in 1m 41s |
Bash 5.3.0 changed the error messages shown by its exec built-in [1].
With Bash 5.2.37:
$ exec /etc
bash: /etc: Is a directory
bash: exec: /etc: cannot execute: Is a directory
With Bash 5.3.0:
$ exec /etc
bash: /etc: Is a directory
The 'assert' function cannot directly handle compound commands. So,
those need to be wrapped in 'bash -c "..."' [2].
[1] Bash commit b8c60bc9ca365f82
See how exec_builtin() handles EX_NOEXEC and EISDIR from
shell_execve() to avoid printing a duplicate error message.
https://cgit.git.savannah.gnu.org/cgit/bash.git/commit/?id=b8c60bc9ca365f82
[2] https://github.com/bats-core/bats-assert
containers#1688
containers#1699
containers#1739
(backported from commit 6c98db6)
With the recent expansion of the test suite, it's necessary to increase the timeout for the Fedora 38 and 39 nodes to prevent the CI from timing out. containers#1445 containers#1739 (cherry picked from commit ce66b0b)
Stable branches for old Toolbx releases are only about the toolbox(1) executable. It doesn't make sense to have old "stable" versions of the image definitions, because the registries will have only one set of images built from the definitions in the main branch, and all supported versions of toolbox(1) must work with them. containers#1739
This is meant to make the project more searchable on the Internet. More and more people have been pointing out that "toolbox" is terribly difficult to search for, and it's impossible to find any decent Internet real estate by that name. containers#1399 containers#1739 (backported from commit c3403da)
containers#1468 containers#1739 (cherry picked from commit 9ea8967)
|
Build failed. ✔️ unit-test SUCCESS in 1m 37s |
This was due to: ... which was fixed in commit 6c98db6 in the |
|
Build failed. ✔️ unit-test SUCCESS in 1m 39s |
|
Build failed. ✔️ unit-test SUCCESS in 1m 44s |
f2b2a18
into
containers:release-0.0.99.5
The GitHub Actions workflows for building and publishing the images were removed because the image definitions were removed from this branch [1]. [1] Commit f2b2a18 containers@f2b2a18ddef288a3 containers#1739 containers#1741
The GitHub Actions workflows for building and publishing the images were removed because the image definitions were removed from this branch [1]. [1] Commit f2b2a18 containers@f2b2a18ddef288a3 containers#1739 containers#1742
The GitHub Actions workflows for building and publishing the images were removed because the image definitions were removed from this branch [1]. [1] Commit f2b2a18 containers@f2b2a18ddef288a3 containers#1739 containers#1742
Detected by https://www.shellcheck.net/: Line 1255: if ! localtime_target=$(readlink /etc/localtime >/dev/null 2>&3) \ ^-- SC2327 (warning): This command substitution will be empty because the command's output gets redirected away. ^-- SC2328 (error): This redirection takes output away from the command substitution. See: https://www.shellcheck.net/wiki/SC2327 https://www.shellcheck.net/wiki/SC2328 Fallout from 8db414d containers#1701 containers#1739 containers#1743 (cherry picked from commit d32dd5d) (cherry picked from commit a67f614)
Bash 5.3.0 changed the error messages shown by its exec built-in [1].
With Bash 5.2.37:
$ exec /etc
bash: /etc: Is a directory
bash: exec: /etc: cannot execute: Is a directory
With Bash 5.3.0:
$ exec /etc
bash: /etc: Is a directory
The 'assert' function cannot directly handle compound commands. So,
those need to be wrapped in 'bash -c "..."' [2].
[1] Bash commit b8c60bc9ca365f82
See how exec_builtin() handles EX_NOEXEC and EISDIR from
shell_execve() to avoid printing a duplicate error message.
https://cgit.git.savannah.gnu.org/cgit/bash.git/commit/?id=b8c60bc9ca365f82
[2] https://github.com/bats-core/bats-assert
containers#1688
containers#1699
containers#1739
containers#1743
(backported from commit 6c98db6)
(cherry picked from commit 0090893)
Detected by https://www.shellcheck.net/: Line 1255: if ! localtime_target=$(readlink /etc/localtime >/dev/null 2>&3) \ ^-- SC2327 (warning): This command substitution will be empty because the command's output gets redirected away. ^-- SC2328 (error): This redirection takes output away from the command substitution. See: https://www.shellcheck.net/wiki/SC2327 https://www.shellcheck.net/wiki/SC2328 Fallout from 8db414d containers#1701 containers#1739 containers#1744 (cherry picked from commit d32dd5d) (cherry picked from commit a67f614)
Bash 5.3.0 changed the error messages shown by its exec built-in [1].
With Bash 5.2.37:
$ exec /etc
bash: /etc: Is a directory
bash: exec: /etc: cannot execute: Is a directory
With Bash 5.3.0:
$ exec /etc
bash: /etc: Is a directory
The 'assert' function cannot directly handle compound commands. So,
those need to be wrapped in 'bash -c "..."' [2].
[1] Bash commit b8c60bc9ca365f82
See how exec_builtin() handles EX_NOEXEC and EISDIR from
shell_execve() to avoid printing a duplicate error message.
https://cgit.git.savannah.gnu.org/cgit/bash.git/commit/?id=b8c60bc9ca365f82
[2] https://github.com/bats-core/bats-assert
containers#1688
containers#1699
containers#1739
containers#1744
(backported from commit 6c98db6)
(cherry picked from commit 0090893)
The GitHub Actions workflows for building and publishing the images were removed because the image definitions were removed from this branch [1]. [1] Commit f2b2a18 containers@f2b2a18ddef288a3 containers#1739 containers#1742
The GitHub Actions workflows for building and publishing the images were removed because the image definitions were removed from this branch [1]. [1] Commit f2b2a18 containers@f2b2a18ddef288a3 containers#1739 containers#1742
The GitHub Actions workflows for building and publishing the images were removed because the image definitions were removed from this branch [1]. [1] Commit f2b2a18 containers@f2b2a18ddef288a3 containers#1739 containers#1746
With the recent expansion of the test suite, it's necessary to increase the timeout for the Fedora 38 and 39 nodes to prevent the CI from timing out. containers#1445 containers#1739 containers#1744 (cherry picked from commit ce66b0b) (cherry picked from commit 754feea)
Stable branches for old Toolbx releases are only about the toolbox(1) executable. It doesn't make sense to have old "stable" versions of the image definitions, because the registries will have only one set of images built from the definitions in the main branch, and all supported versions of toolbox(1) must work with them. containers#1739 containers#1744 (cherry picked from commit f2b2a18)
The GitHub Actions workflows for building and publishing the images were removed because the image definitions were removed from this branch [1]. [1] Commit f2b2a18 containers@f2b2a18ddef288a3 containers#1739 containers#1746
The GitHub Actions workflows for building and publishing the images were removed because the image definitions were removed from this branch [1]. [1] Commit f2b2a18 containers@f2b2a18ddef288a3 containers#1739 containers#1748
The GitHub Actions workflows for building and publishing the images were removed because the image definitions were removed from this branch [1]. [1] Commit f2b2a18 containers@f2b2a18ddef288a3 containers#1739 containers#1749
... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh.
https://github.com/containers/toolbox/security/dependabot/26