Merge branch 'main' into test-ci

wolfi-dev · Nov 26, 2024 · 0c5e60a · 0c5e60a
2 parents a6c2fc8 + c58771e
commit 0c5e60a
Show file tree

Hide file tree

Showing 148 changed files with 2,210 additions and 430 deletions.
diff --git a/.github/actions/docker-run/action.yaml b/.github/actions/docker-run/action.yaml
@@ -6,7 +6,7 @@ inputs:
     required: true
   image:
     description: "The image to use"
-    default: "ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110"
+    default: "ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be"
     required: false
   workdir:
     description: "The images working directory"

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -29,7 +29,7 @@ jobs:
       contents: read
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -175,7 +175,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be
 
     steps:
       - name: Harden Runner
@@ -303,7 +303,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be
 
     steps:
       - name: Harden Runner

diff --git a/Makefile b/Makefile
@@ -167,7 +167,7 @@ dev-container:
 	    -v "${PWD}:${PWD}" \
 	    -w "${PWD}" \
 	    -e SOURCE_DATE_EPOCH=0 \
-	    ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110
+	    ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be
 
 PACKAGES_CONTAINER_FOLDER ?= /work/packages
 # This target spins up a docker container that is helpful for testing local
@@ -235,6 +235,6 @@ dev-container-wolfi:
 		--mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \
 		--mount type=bind,source="$(TMP_REPOS_FILE)",destination="/etc/apk/repositories",readonly \
 		-w "$(PACKAGES_CONTAINER_FOLDER)" \
-		ghcr.io/wolfi-dev/sdk:latest@sha256:77da1186e7c2d9796bcaf4fb035e8675cd822d67a1d8a530cc0f1ceb5df80110
+		ghcr.io/wolfi-dev/sdk:latest@sha256:98d8669d2eb9c8d23984fa2f55a272b67a04b4bfd132c714682c4fd716a3d7be
 	@rm "$(TMP_REPOS_FILE)"
 	@rmdir "$(TMP_REPOS_DIR)"
diff --git a/apache2.yaml b/apache2.yaml
@@ -1,13 +1,14 @@
 package:
   name: apache2
   version: 2.4.62
-  epoch: 4
+  epoch: 5
   description: "Apache HTTP Server"
   copyright:
     - license: Apache-2.0
   dependencies:
     runtime:
       - libgcc
+      - lua5.4
 
 environment:
   contents:
@@ -45,6 +46,7 @@ pipeline:
       opts: |
         --prefix=/ \
         --enable-layout=Debian \
+        --sysconfdir=/etc/apache2 \
         --enable-so \
         --enable-suexec \
         --with-suexec-caller=www-data \
@@ -152,15 +154,15 @@ subpackages:
           mkdir -p "${{targets.subpkgdir}}"/usr/local/apache2/logs
 
           # Install necessary config files
-          mkdir -p "${{targets.subpkgdir}}"/etc/
-          cp "${{targets.destdir}}"/etc/original/httpd.conf "${{targets.subpkgdir}}"/etc/
-          cp -r "${{targets.destdir}}"/etc/original/extra/ "${{targets.subpkgdir}}"/etc/
+          mkdir -p "${{targets.subpkgdir}}"/etc/apache2
+          cp "${{targets.destdir}}"/etc/apache2/original/httpd.conf "${{targets.subpkgdir}}"/etc/apache2
+          cp -r "${{targets.destdir}}"/etc/apache2/original/extra/ "${{targets.subpkgdir}}"/etc/apache2
 
           # Create symlinks
-          ln -s /etc/httpd.conf "${{targets.subpkgdir}}"/usr/local/apache2/conf/
-          ln -s /etc/extra "${{targets.subpkgdir}}"/usr/local/apache2/conf/
-          ln -s /etc/mime.types "${{targets.subpkgdir}}"/usr/local/apache2/conf/
-          ln -s /etc/magic "${{targets.subpkgdir}}"/usr/local/apache2/conf/
+          ln -s /etc/apache2/httpd.conf "${{targets.subpkgdir}}"/usr/local/apache2/conf/
+          ln -s /etc/apache2/extra "${{targets.subpkgdir}}"/usr/local/apache2/conf/
+          ln -s /etc/apache2/mime.types "${{targets.subpkgdir}}"/usr/local/apache2/conf/
+          ln -s /etc/apache2/magic "${{targets.subpkgdir}}"/usr/local/apache2/conf/
           ln -s /usr/lib/apache2/modules/ "${{targets.subpkgdir}}"/usr/local/apache2/
           ln -s /usr/share/apache2/default-site/htdocs "${{targets.subpkgdir}}"/usr/local/apache2/
           ln -s /usr/lib/cgi-bin/ "${{targets.subpkgdir}}"/usr/local/apache2/
@@ -169,39 +171,39 @@ subpackages:
           sed -ri \
             -e 's!^(\s*User)\s+daemon\s*$!\1 www-data!g' \
             -e 's!^(\s*Group)\s+daemon\s*$!\1 www-data!g' \
-            "${{targets.subpkgdir}}"/etc/httpd.conf
+            "${{targets.subpkgdir}}"/etc/apache2/httpd.conf
 
           # Modify CustomLog/ErrorLog and verify changes are applied
           sed -ri \
             -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
             -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
             -e 's!^(\s*TransferLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            "${{targets.subpkgdir}}"/etc/httpd.conf \
-            "${{targets.subpkgdir}}"/etc/extra/httpd-ssl.conf;
+            "${{targets.subpkgdir}}"/etc/apache2/httpd.conf \
+            "${{targets.subpkgdir}}"/etc/apache2/extra/httpd-ssl.conf;
 
           # Modify module config to match upstream docker
           sed -ri \
              -e '/LoadModule mpm_prefork_module/s/^/#/g' \
              -e '/LoadModule mpm_event_module/s/^#//g' \
-             "${{targets.subpkgdir}}"/etc/httpd.conf
+             "${{targets.subpkgdir}}"/etc/apache2/httpd.conf
 
           ### Modify other paths to match upstream default config
           sed -ri \
             -e 's!^(\s*ServerRoot)\s+\S+!\1 "/usr/local/apache2"!g' \
             -e 's|usr/lib/apache2/modules|modules|g' \
-            -e 's|etc/mime.types|conf/mime.types|g' \
+            -e 's|etc/apache2/mime.types|conf/mime.types|g' \
             -e 's|usr/share/apache2/default-site/htdocs|usr/local/apache2/htdocs|g' \
             -e 's|usr/lib/cgi-bin|usr/local/apache2/cgi-bin|g' \
-            -e 's|etc/extra|conf/extra|g' \
-            -e 's|etc/magic|conf/magic|g' \
-            "${{targets.subpkgdir}}"/etc/httpd.conf \
-            "${{targets.subpkgdir}}"/etc/extra/httpd-ssl.conf;
+            -e 's|etc/apache2/extra|conf/extra|g' \
+            -e 's|etc/apache2/magic|conf/magic|g' \
+            "${{targets.subpkgdir}}"/etc/apache2/httpd.conf \
+            "${{targets.subpkgdir}}"/etc/apache2/extra/httpd-ssl.conf;
 
           ### Modify other paths
           sed -ri \
             -e 's|etc/|usr/local/apache2/conf/|g' \
             -e 's|/var/run/apache2/|usr/local/apache2/logs/|g' \
-            "${{targets.subpkgdir}}"/etc/extra/httpd-ssl.conf;
+            "${{targets.subpkgdir}}"/etc/apache2/extra/httpd-ssl.conf;
     test:
       environment:
         contents:

diff --git a/aws-eks-pod-identity-agent.yaml b/aws-eks-pod-identity-agent.yaml
@@ -1,7 +1,7 @@
 #nolint:git-checkout-must-use-github-updates,valid-pipeline-git-checkout-tag
 package:
   name: aws-eks-pod-identity-agent
-  version: 0_git20241124
+  version: 0_git20241126
   epoch: 0
   description: EKS Pod Identity is a feature of Amazon EKS that simplifies the process for cluster administrators to configure Kubernetes applications with AWS IAM permissions
   copyright:

diff --git a/bash-completion.yaml b/bash-completion.yaml
@@ -1,7 +1,7 @@
 package:
   name: bash-completion
-  version: 2.14.0
-  epoch: 2
+  version: 2.15.0
+  epoch: 0
   description: "Programmable completion functions for bash"
   copyright:
     - license: GPL-2.0-only
@@ -20,7 +20,7 @@ pipeline:
   - uses: git-checkout
     with:
       repository: https://github.com/scop/bash-completion
-      expected-commit: 0543d1a28ce3d36741675c7ef6da7c2286288f3e
+      expected-commit: d4a1c565dfcafc21a6c9cfe56966a531a42b6219
       tag: ${{package.version}}
 
   - runs: autoreconf -fiv

diff --git a/brew.yaml b/brew.yaml
@@ -1,6 +1,6 @@
 package:
   name: brew
-  version: 4.4.6
+  version: 4.4.8
   epoch: 0
   description: "The homebrew package manager"
   copyright:
@@ -49,7 +49,7 @@ pipeline:
       repository: https://github.com/Homebrew/brew
       tag: ${{package.version}}
       destination: ./brew
-      expected-commit: cc0b5d6d05d1f3af5b2f53e9fbb1e7bfa0c332ab
+      expected-commit: e78a0adb4f260913fffdc956cc8c20fb54109feb
 
   - runs: |
       set -x

diff --git a/bun-bootstrap.yaml b/bun-bootstrap.yaml
@@ -1,6 +1,6 @@
 package:
   name: bun-bootstrap
-  version: 1.1.36
+  version: 1.1.37
   epoch: 0
   description: "Bun requires itself to bootstrap."
   copyright:
@@ -23,13 +23,13 @@ pipeline:
         uses: fetch
         with:
           uri: "https://github.com/oven-sh/bun/releases/download/bun-v${{package.version}}/bun-linux-aarch64.zip"
-          expected-sha256: "d5bbf74d49288bb69819c5459789dac06a0062d999a626d79d2f45b05b53597a"
+          expected-sha256: "6a2ef497ddcc8fb9b78add876d340c20d7642858e159f93ab5bcb406483ffdd2"
           extract: false
       - if: ${{build.arch}} == 'x86_64'
         uses: fetch
         with:
           uri: "https://github.com/oven-sh/bun/releases/download/bun-v${{package.version}}/bun-linux-x64.zip"
-          expected-sha256: "c5261f4d7e342fe720bc6a5d736b1c94f4df2942c225a87652c6985181b1ec77"
+          expected-sha256: "cc7a53917edc9b65778bacdfca21e9acfbd1f2f69742d616980377a78620e974"
           extract: false
 
   - runs: |

diff --git a/bun.yaml b/bun.yaml
@@ -1,6 +1,6 @@
 package:
   name: bun
-  version: 1.1.36
+  version: 1.1.37
   epoch: 0
   description: "Incredibly fast JavaScript runtime, bundler, test runner, and package manager - all in one"
   copyright:
@@ -54,7 +54,7 @@ pipeline:
   - uses: git-checkout
     with:
       repository: https://github.com/oven-sh/bun
-      expected-commit: ededc168cf07afcdbe5ca34495c58df435ea526d
+      expected-commit: 8ca0eb831d6739c6a94b3f4d484bbfe71ee97226
       tag: bun-v${{package.version}}
 
   - runs: |

diff --git a/cargo-audit.yaml b/cargo-audit.yaml
@@ -1,7 +1,7 @@
 package:
   name: cargo-audit
   version: 0.21.0
-  epoch: 1
+  epoch: 2
   description: Audit your dependencies for crates with security vulnerabilities reported to the RustSec Advisory Database.
   copyright:
     - license: MIT OR Apache-2.0
@@ -22,6 +22,8 @@ pipeline:
       tag: cargo-audit/v${{package.version}}
       expected-commit: 78f9859ef6a78bc4a7c7219dac1d0b250446c84c
 
+  - uses: rust/cargobump
+
   - runs: |
       cd cargo-audit
       cargo update --precise 0.3.36 --package time

diff --git a/cargo-audit/cargobump-deps.yaml b/cargo-audit/cargobump-deps.yaml
@@ -0,0 +1,3 @@
+packages:
+    - name: rustls
+      version: 0.23.18
diff --git a/cargo-auditable.yaml b/cargo-auditable.yaml
@@ -1,6 +1,6 @@
 package:
   name: cargo-auditable
-  version: 0.6.5
+  version: 0.6.6
   epoch: 0
   description: Cargo wrapper for embedding auditing data
   copyright:
@@ -19,7 +19,7 @@ pipeline:
     with:
       repository: https://github.com/rust-secure-code/cargo-auditable
       tag: v${{package.version}}
-      expected-commit: ceb4475d237b0296a3ddb946e0337fb658743ccc
+      expected-commit: 83713a1c609b28d93660c64b8974b0226fe2c7a4
 
   - name: cargo deps bump
     runs: |

diff --git a/cert-manager-istio-csr.yaml b/cert-manager-istio-csr.yaml
@@ -1,22 +1,18 @@
 package:
   name: cert-manager-istio-csr
-  version: 0.12.0
-  epoch: 1
+  version: 0.13.0
+  epoch: 0
   description: istio-csr is an agent that allows for Istio workload and control plane components to be secured using cert-manager.
   copyright:
     - license: Apache-2.0
 
 pipeline:
   - uses: git-checkout
     with:
-      expected-commit: 13f57d622f9a01f8ac2f5739049b1691c30bef04
+      expected-commit: 6418780c2e2101f0786a9272f60f388ec178cf8d
       repository: https://github.com/cert-manager/istio-csr/
       tag: v${{package.version}}
 
-  - uses: go/bump
-    with:
-      deps: github.com/cert-manager/[email protected]
-
   - uses: go/build
     with:
       ldflags: -X github.com/cert-manager/istio-csr//internal/version.AppVersion=${{package.version}} -X github.com/cert-manager/istio-csr/internal/version.GitCommit=$(git rev-parse HEAD)

diff --git a/corepack.yaml b/corepack.yaml
@@ -1,6 +1,6 @@
 package:
   name: corepack
-  version: 0.29.4
+  version: 0.30.0
   epoch: 0
   description: Zero-runtime-dependency package acting as bridge between Node projects and their package managers
   copyright:
@@ -15,7 +15,7 @@ environment:
 pipeline:
   - uses: fetch
     with:
-      expected-sha256: ebd45f1694cb56bfc114fc05b9322ac6c60fb535e5c33af17dfb913a796668c4
+      expected-sha256: 5a57ee4e2f9b71867f5a99d005b23e9a8dbd1ae423ee53af0ba978fa1ad34a63
       uri: https://github.com/nodejs/corepack/releases/download/v${{package.version}}/corepack.tgz
       strip-components: 0
 

diff --git a/ddp-tool.yaml b/ddp-tool.yaml
@@ -1,7 +1,7 @@
 #nolint:valid-pipeline-git-checkout-commit,valid-pipeline-git-checkout-tag
 package:
   name: ddp-tool
-  version: 1.0.34.0_git20241124
+  version: 1.0.34.0_git20241126
   epoch: 0
   description: Intel Dynamic Device Personalization Tool
   copyright:
@@ -18,7 +18,7 @@ environment:
 pipeline:
   - uses: git-checkout
     with:
-      expected-commit: 3868a732013b8e8817f6453b58a170f669d99a68
+      expected-commit: 3c9d350737420f943a57cf9ab67af6cc78a4024b
       repository: https://github.com/intel/ddp-tool/
       branch: master
 

diff --git a/debezium-connect-entrypoint-3.0.yaml b/debezium-connect-entrypoint-3.0.yaml
@@ -1,7 +1,7 @@
 package:
   name: debezium-connect-entrypoint-3.0
-  version: 3.0.2
-  epoch: 2
+  version: 3.0.3
+  epoch: 0
   description: Helper package to provide necessary files for the Debezium images
   copyright:
     - license: Apache-2.0
@@ -39,7 +39,7 @@ pipeline:
     with:
       repository: https://github.com/debezium/container-images
       tag: v${{package.version}}.Final
-      expected-commit: 0565147b930179425f985bcd706682695057230a
+      expected-commit: 29cf76542c7d65a4e71ac12e85ab2c2ea33141d7
 
   - uses: patch
     with:

diff --git a/envoy-ratelimit.yaml b/envoy-ratelimit.yaml
@@ -2,7 +2,7 @@
 package:
   name: envoy-ratelimit
   # This project doesn't do releases and everything is commit based.
-  version: 0.0.0_git20241118
+  version: 0.0.0_git20241125
   epoch: 0
   description: Go/gRPC service designed to enable generic rate limit scenarios from different types of applications.
   copyright:
@@ -16,7 +16,7 @@ environment:
 pipeline:
   - uses: git-checkout
     with:
-      expected-commit: 0e630f156ae7a3d4198daf971af2e6c595f19a70
+      expected-commit: 15b5ac4b45fbf6fdcb13e109077a103096c9f2e2
       repository: https://github.com/envoyproxy/ratelimit
       branch: main
 

diff --git a/falco-libs.yaml b/falco-libs.yaml
@@ -1,6 +1,6 @@
 package:
   name: falco-libs
-  version: 0.18.2
+  version: 0.19.0
   epoch: 0
   description: Foundational components necessary to build Falco
   copyright:
@@ -55,7 +55,7 @@ pipeline:
     with:
       repository: https://github.com/falcosecurity/libs
       tag: ${{package.version}}
-      expected-commit: a414ad33a20e4adc3d0afd11a2a82a0a73525a3a
+      expected-commit: 55ff79f8823e4c72399d9a3b7a80c9357b36bfcc
 
 data:
   - name: libs