Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kaniko/1.23.2-r1: cve remediation #25347

Closed
wants to merge 4 commits into from
Closed

kaniko/1.23.2-r1: cve remediation #25347

wants to merge 4 commits into from

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Jul 31, 2024

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Jul 31, 2024

Open AI suggestions to solve the build error:

The error message is: "ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-2684831625
INFO   guest dir: /temp/melange-guest-1526121953
ERRO failed to build package: unable to run package kaniko pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/kaniko-1.23.2-r2.apk] Error 1
make: *** [Makefile:101: package/kaniko] Error 2
make[1]: Leaving directory '/github/home'
##[error]Process completed with exit code 2."

1. Verify Kaniko version and dependencies in Makefile.
2. Check build logs in `/temp/melange-workspace-2684831625` and `/temp/melange-guest-1526121953`.
3. Ensure Docker is running and accessible.
4. Validate Kaniko configuration and pipeline scripts.
5. Re-run build with increased verbosity.
6. Check for recent changes in the repository.

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Aug 3, 2024

Open AI suggestions to solve the build error:

The error message is: "ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-1143949804
INFO   guest dir: /temp/melange-guest-2498349089
ERRO failed to build package: unable to run package kaniko pipeline: unable to run pipeline: unable to run pipeline: exit status 1
make[1]: *** [Makefile:111: packages/aarch64/kaniko-1.23.2-r2.apk] Error 1
make[1]: Leaving directory '/github/home'
make: *** [Makefile:101: package/kaniko] Error 2
##[error]Process completed with exit code 2."

Steps to fix:
1. Ensure all dependencies are correctly specified in the `go.mod` file.
2. Run `go get github.com/containerd/platforms` to add the missing module.
3. Re-run the build process.

@mamccorm
Add containerd to go/bump
0d6900e 
Signed-off-by: Mark McCormick <[email protected]>
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Aug 4, 2024

Open AI suggestions to solve the build error:

The error message is: "fatal: detected dubious ownership in repository at '/github/home'
To add an exception for this directory, call:

git config --global --add safe.directory /github/home
WARN # github.com/docker/docker/builder/dockerfile
WARN vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go:227:47: undefined: shell.EnvsFromSlice
WARN vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go:511:103: undefined: shell.EnvGetter
WARN vendor/github.com/docker/docker/builder/dockerfile/builder.go:231:16: undefined: shell.EnvsFromSlice
WARN vendor/github.com/docker/docker/builder/dockerfile/evaluator.go:46:16: undefined: shell.EnvsFromSlice
WARN make: *** [Makefile:51: out/executor] Error 1
ERRO ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-416820034
INFO   guest dir: /temp/melange-guest-2585891872
ERRO failed to build package: unable to run package kaniko pipeline: unable to run pipeline: exit status 2
make[1]: *** [Makefile:111: packages/aarch64/kaniko-1.23.2-r2.apk] Error 1
make[1]: Leaving directory '/github/home'
make: *** [Makefile:101: package/kaniko] Error 2
##[error]Process completed with exit code 2."

1. Run `git config --global --add safe.directory /github/home`.
2. Ensure the `shell` package is correctly imported in the files with undefined references.
3. Verify the `shell` package version compatibility.
4. Rebuild the project using `make package/kaniko`.

@philroche philroche self-assigned this Aug 9, 2024
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Aug 9, 2024

Open AI suggestions to solve the build error:

The error message is: "fatal: detected dubious ownership in repository at '/github/home'
To add an exception for this directory, call:

git config --global --add safe.directory /github/home
WARN # github.com/docker/docker/builder/dockerfile
WARN vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go:227:47: undefined: shell.EnvsFromSlice
WARN vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go:511:103: undefined: shell.EnvGetter
WARN vendor/github.com/docker/docker/builder/dockerfile/builder.go:231:16: undefined: shell.EnvsFromSlice
WARN vendor/github.com/docker/docker/builder/dockerfile/evaluator.go:46:16: undefined: shell.EnvsFromSlice
WARN make: *** [Makefile:51: out/executor] Error 1
ERRO ERROR: failed to build package. the build environment has been preserved:
INFO   workspace dir: /temp/melange-workspace-3648040223
INFO   guest dir: /temp/melange-guest-3068896032
ERRO failed to build package: unable to run package kaniko pipeline: unable to run pipeline: exit status 2
make[1]: *** [Makefile:111: packages/aarch64/kaniko-1.23.2-r2.apk] Error 1
make[1]: Leaving directory '/github/home'
make: *** [Makefile:101: package/kaniko] Error 2
##[error]Process completed with exit code 2."

To fix this error:
1. Run `git config --global --add safe.directory /github/home` to resolve the ownership issue.
2. Ensure the `shell` package is correctly imported in the Dockerfile-related Go files.
3. Verify the `shell` package provides `EnvsFromSlice` and `EnvGetter` functions.
4. Rebuild the project.

@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Aug 9, 2024

Open AI suggestions to solve the build error:

The error message is: "fatal: detected dubious ownership in repository at '/github/home'
To add an exception for this directory, call:

git config --global --add safe.directory /github/home
make[1]: *** [Makefile:111: packages/aarch64/kaniko-1.23.2-r2.apk] Error 1
make[1]: Leaving directory '/github/home'
make: *** [Makefile:101: package/kaniko] Error 2
##[error]Process completed with exit code 2."

To fix this error:
1. Run: `git config --global --add safe.directory /github/home`
2. Retry: `make package/kaniko`

@philroche
Copy link
Member

There has been two attempts at remediating this CVE upstream wit attempted docker upgrades @ GoogleContainerTools/kaniko#3278 and GoogleContainerTools/kaniko#3270. Both attempts failed with failing tests. As such I will create pending-upstream-fix advisory for this CVE.

@philroche
Copy link
Member

Advisory PR created @ wolfi-dev/advisories#7202

This remediation PR can be close once wolfi-dev/advisories#7202 is merged

@philroche
Copy link
Member

wolfi-dev/advisories#7202 has now been approved and merged. Closing this PR

@philroche philroche closed this Aug 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@philroche philroche

Labels
automated pr GHSA-v23v-6jw2-98fq kaniko/1.23.2-r1 request-cve-remediation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@philroche @mamccorm