New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge 2023 10 04 #1821
Merged
Merged
Merge 2023 10 04 #1821
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
dbungert
commented
Oct 5, 2023
- cherry-picked 143d8e3..8f28063 from autoinstall: Don't use snap env when invoking early and late commands #1811
- cherry-picked 85af88e..8ab052c from util: File writer enhancements #1818
- cherry-picked 3a319e7..ab0af63 from Cloud init log #1819
- cherry-picked 62e1268 from install: create autoinstall-user-data 0400 #1820
- cherry-picked 2970912..f6da616 from source: do not fire a configured event again if nothing changed #1814
(cherry picked from commit 39f1ea9)
(cherry picked from commit 8f28063)
(cherry picked from commit ddc3345)
(cherry picked from commit ddc11d8)
target already exists, we should just inspect target and find if it is a directory or not. (cherry picked from commit 4a4e8ba)
(cherry picked from commit 8ab052c)
(cherry picked from commit a2b63da)
(cherry picked from commit d3debfc)
These have owner syslog at install time, but that is uid remapped on the target system which may end up with a different owning user. (cherry picked from commit ab0af63)
CVE-2023-5182 As autoinstall-user-data contains a password hash hash for a user with sudo access, create the autoinstall-user-data as 0400 root:root. The old permissions are 0640 root:adm, and the adm group does not by default have sudo access, so cracking that hash could lead to privilege escallation for someone in the adm group. Thanks to Patric Åhlin and Johan Hortling for identifying and reporting the issue. (cherry picked from commit 62e1268)
When handling a POST request to /source, Subiquity sends a 'source configured' event. This signals other controllers / models that they need to restart their tasks that depend on the source being used. However, if the user of the installer goes back all the way to the source page and submits it again without changing the settings, there should be no reason to restart the machinery. If a call to source ends up doing no modification to the model (i.e., not changing the source used or the search_drivers setting), we now avoid emitting the 'source configured' event ; except if the model has not been configured yet. Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com> (cherry picked from commit fff2f65)
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com> (cherry picked from commit f6da616)
Chris-Peterson444
approved these changes
Oct 5, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.