This repository was archived by the owner on May 30, 2023. It is now read-only.
Merged
Conversation
2080c37 to
a0e946e
Compare
pothos
reviewed
Jun 10, 2022
54fb0d1 to
7d4e040
Compare
pothos
reviewed
Jun 14, 2022
pothos
reviewed
Jun 14, 2022
| @@ -0,0 +1 @@ | |||
| - ignition ([CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706)) | |||
Contributor
There was a problem hiding this comment.
Maybe a change entry would be good in addition?
Contributor
Author
There was a problem hiding this comment.
I was thinking the same - but it's part of the Ignition-2.14.0 changelog: https://coreos.github.io/ignition/release-notes/#changes which is already mentioned here: 83118a5.
Maybe it's good to add this: https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion which is not directly linked in the changelog.
Contributor
There was a problem hiding this comment.
The change to enable it is done in this PR, so I think the operator notes link is very valuable here in case someone would have to opt out
Contributor
Author
There was a problem hiding this comment.
Ok, done. Thanks for the suggestion :)
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
this helper removes config from VMWare and Virtualbox and should not be directly used by the user. Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
7d4e040 to
fabc5d1
Compare
pothos
reviewed
Jun 14, 2022
| @@ -0,0 +1 @@ | |||
| - VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata. Also see: https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion | |||
Contributor
There was a problem hiding this comment.
Suggested change
| - VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata. Also see: https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion | |
| - VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar-linux/coreos-overlay/pull/1948)) |
Without the markdown formatting I'm not sure if it becomes a clickable link in the homepage?
Contributor
There was a problem hiding this comment.
have added a link to this PR, too
pothos
approved these changes
Jun 14, 2022
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
We add `sys-apps/ignition` as a `coreos-base/coreos` dependency to get `/usr/libexec/ignition-rmcfg` available on the _real_ root. Now we want `/usr/bin/ignition` to be in the chroot until it's being copied to the initramfs but we don't want it on the actual root. With `PKG_INSTALL_MASK`, we'll prevent `/usr/bin/ignition` to be added to the image in the `./build_image` - at this time, initramfs is already created and `sys-apps/ignition` is a binary package. Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
fabc5d1 to
d4349bf
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In this PR, we add the
ignition-rmcfgcommand (in the root filesystem, not in the initramfs) to remove Ignition configuration from booted instance on VMWare and Virtualbox.See also: GHSA-hj57-j5cw-2mwp
We could add a Mantle test to verify Ignition has been correctly removed from VMWare guestinfo.
changelog/directory (user-facing change, bug fix, security fix, update)No need to backport since
ignition-2.14.0is not yet released.