Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runc: 1.1.13 -> 1.1.14 #339157

Merged
merged 1 commit into from
Sep 4, 2024
Merged

runc: 1.1.13 -> 1.1.14 #339157

merged 1 commit into from
Sep 4, 2024

Conversation

r-ryantm
Copy link
Contributor

@r-ryantm r-ryantm commented Sep 3, 2024

Automatic update generated by nixpkgs-update tools. This update was made based on information from https://github.com/opencontainers/runc/releases.

meta.description for runc is: CLI tool for spawning and running containers according to the OCI specification

meta.homepage for runc is: https://github.com/opencontainers/runc

Updates performed
  • Golang update
To inspect upstream changes
Impact

Checks done

  • built on NixOS

Caution

A test defined in passthru.tests did not pass.

  • found 1.1.14 with grep in /nix/store/pwaf7w6bppnhrb4jzpacf8662ijc5pvn-runc-1.1.14
  • found 1.1.14 in filename of file in /nix/store/pwaf7w6bppnhrb4jzpacf8662ijc5pvn-runc-1.1.14
Rebuild report (if merged into master) (click to expand) 
16 total rebuild path(s)

16 package rebuild(s)

First fifty rebuilds by attrpath

ansible-navigator
apx
apx-gui
buildah
cri-o
flintlock
img
k3s
k3s_1_28
k3s_1_29
k3s_1_30
krunvm
out-of-tree
podman
runc
Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/pwaf7w6bppnhrb4jzpacf8662ijc5pvn-runc-1.1.14 \
  --option binary-caches 'https://cache.nixos.org/ https://nix-community.cachix.org/' \
  --option trusted-public-keys '
  nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(The Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A runc https://github.com/r-ryantm/nixpkgs/archive/6011e86df371cffb7dd97a6fa292558ed179dfea.tar.gz

Or:

nix build github:r-ryantm/nixpkgs/6011e86df371cffb7dd97a6fa292558ed179dfea#runc

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/pwaf7w6bppnhrb4jzpacf8662ijc5pvn-runc-1.1.14
ls -la /nix/store/pwaf7w6bppnhrb4jzpacf8662ijc5pvn-runc-1.1.14/bin

Pre-merge build results

We have automatically built all packages that will get rebuilt due to
this change.

This gives evidence on whether the upgrade will break dependent packages.
Note sometimes packages show up as failed to build independent of the
change, simply because they are already broken on the target branch.

Result of nixpkgs-review run on x86_64-linux 1

2 packages failed to build:
  • ansible-navigator
  • ansible-navigator.dist
17 packages built:
  • apx
  • apx-gui
  • buildah
  • buildah.man
  • cri-o
  • cri-o.man
  • flintlock
  • img
  • k3s
  • k3s_1_28
  • k3s_1_29
  • krunvm
  • out-of-tree
  • podman
  • podman.man
  • runc
  • runc.man
Maintainer pings

cc @offlinehacker @saschagrunert @vdemeester for testing.

Tip

As a maintainer, if your package is located under pkgs/by-name/*, you can comment @NixOS/nixpkgs-merge-bot merge to automatically merge this update using the nixpkgs-merge-bot.

Add a 👍 reaction to pull requests you find important.

@vdemeester vdemeester added 12.approvals: 2 This PR was reviewed and approved by two reputable people 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in the package labels Sep 3, 2024
@fabianhjr fabianhjr merged commit 4b2d1e3 into NixOS:master Sep 4, 2024
30 of 31 checks passed
@r-ryantm r-ryantm deleted the auto-update/runc branch September 4, 2024 12:22
@LeSuisse
Copy link
Contributor

LeSuisse commented Sep 7, 2024

Flagging as security related, it fixes CVE-2024-45310.

@LeSuisse LeSuisse added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Sep 7, 2024
@LeSuisse LeSuisse mentioned this pull request Sep 7, 2024
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saschagrunert saschagrunert saschagrunert approved these changes

@vdemeester vdemeester vdemeester approved these changes

@offlinehacker offlinehacker Awaiting requested review from offlinehacker

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 11-100 12.approvals: 2 This PR was reviewed and approved by two reputable people 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in the package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@r-ryantm @LeSuisse @vdemeester @saschagrunert @fabianhjr