Merge pull request #455 from IBM/prep-v0.13.12

Prep v0.13.12
IBM · Mar 6, 2024 · 1b98479 · 1b98479
2 parents 0cb4a4e + d589e01
commit 1b98479
Show file tree

Hide file tree

Showing 8 changed files with 85 additions and 42 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,13 +13,21 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## v-next
 
+## v0.13.12
+
+Released 2024-03-06
+
+* Update go-toolset:1.20.12-2
+* golang/github.com/opencontainers/runc update for CVE-2024-21626
+* Add arm64 image. This makes developing and testing on a M1/2 mac easier
+
 ## v0.13.11
 
 Released 2024-01-09
 
 * Update go-toolset:1.20.10-3
 * Rebuild/Package updates to remediate CVE-2023-3446 CVE-2023-3817 CVE-2023-5678
-* golang.org/x/crypto update for CVE-2023-48795 
+* golang.org/x/crypto update for CVE-2023-48795
 
 ## v0.13.10
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 # This first stage of the build uses go-toolset to build the portieris binary creates
 # a simplified operating system image that satisfies vulnerability scanning requirements
-FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi8/go-toolset:1.20.10-3 as builder
+FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi8/go-toolset:1.20.12-2 as builder
 ARG PORTIERIS_VERSION=undefined
 
 # switch to root user as we need to run yum and rpm to ensure packages are up to date
@@ -60,7 +60,7 @@ FROM scratch
 COPY --from=installer /image/ /
 COPY --from=builder /opt/app-root/bin/portieris /portieris
 # buildkit skips stages which dont contribute to the final image
-COPY --from=nancy /nancy-checked /nancy-checked 
+COPY --from=nancy /nancy-checked /nancy-checked
 # Create /tmp for logs and /run for working directory
 RUN [ "/portieris", "--mkdir",  "/tmp,/run" ]
 WORKDIR /run

diff --git a/Makefile b/Makefile
@@ -1,11 +1,11 @@
 GOFILES=$(shell find . -type f -name '*.go' -not -path "./code-generator/*" -not -path "./pkg/apis/*")
 GOPACKAGES=$(shell go list ./... | grep -v test/ | grep -v pkg/apis/)
 
-VERSION=v0.13.11
+VERSION=v0.13.12
 TAG=$(VERSION)
 GOTAGS='containers_image_openpgp'
 
-.PHONY: test nancy test-deps alltests copyright-check copyright fmt detect-secrets image image.oci-archive image.amd64 image.s390x
+.PHONY: test nancy test-deps alltests copyright-check copyright fmt detect-secrets image image.oci-archive image.amd64 image.s390x image.arm64
 
 portieris:
 	CGO_ENABLED=0 go build \
@@ -24,11 +24,14 @@ detect-secrets:
 image: image.amd64
 
 image.oci-archive:
-	docker buildx build -o type=oci,dest=./portieris.tar --platform linux/amd64,linux/s390x --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris:$(TAG) .
+	docker buildx build -o type=oci,dest=./portieris.tar --platform linux/amd64,linux/s390x,linux/arm64 --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris:$(TAG) .
 
 image.amd64:
 	docker buildx build --load --platform linux/amd64 --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris-amd64-linux:$(TAG) .
 
+image.arm64:
+	docker buildx build --load --platform linux/arm64 --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris-arm64-linux:$(TAG) .
+
 image.s390x:
 	docker buildx build --load --platform linux/s390x --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris-s390x-linux:$(TAG) .
 

diff --git a/files-arm64.txt b/files-arm64.txt
@@ -0,0 +1,22 @@
+etc/pki
+root/buildinfo
+usr/lib64/ld-2.28.so
+usr/lib64/ld-linux-aarch64.so.1
+usr/lib64/libc-2.28.so
+usr/lib64/libc.so
+usr/lib64/libc.so.6
+usr/lib64/libssl.so
+usr/lib64/libssl.so.1.1
+usr/lib64/libdl-2.28.so
+usr/lib64/libdl.so
+usr/lib64/libdl.so.2
+usr/lib64/libpthread-2.28.so
+usr/lib64/libpthread.so
+usr/lib64/libpthread.so.0
+usr/lib64/libm-2.28.so
+usr/lib64/libm.so
+usr/lib64/libm.so.6
+etc/ssl/certs
+etc/redhat-release
+usr/share/zoneinfo
+usr/lib/golang/api/README
diff --git a/go.mod b/go.mod
@@ -19,9 +19,9 @@ require (
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.27.1
 	github.com/prometheus/client_golang v1.12.2
-	github.com/stretchr/testify v1.8.1
+	github.com/stretchr/testify v1.8.4
 	github.com/theupdateframework/notary v0.7.0
-	golang.org/x/crypto v0.17.0
+	golang.org/x/crypto v0.21.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.24.0
 	k8s.io/apiextensions-apiserver v0.0.0-00010101000000-000000000000
@@ -30,7 +30,7 @@ require (
 )
 
 require (
-	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
@@ -82,37 +82,38 @@ require (
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/moby/sys/mountinfo v0.7.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20211202193544-a5463b7f9c84 // indirect
-	github.com/opencontainers/runc v1.1.5 // indirect
-	github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect
+	github.com/opencontainers/runc v1.1.12 // indirect
+	github.com/opencontainers/runtime-spec v1.2.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/proglottis/gpgme v0.1.1 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.32.1 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect
 	github.com/vbatts/tar-split v0.11.2 // indirect
 	go.mongodb.org/mongo-driver v1.11.2 // indirect
-	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/net v0.22.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect