-
Notifications
You must be signed in to change notification settings - Fork 762
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default secret mode to 400 #3585
Conversation
Fixed a bug where buildah bud mounted secrets permissions were incorrect due to a decimal/octal conversion error. buildah bud mounted secrets now have a default permission of 400. Fixes containers#3557 Signed-off-by: Ashley Cui <acui@redhat.com>
LGTM |
LGTM |
/lgtm |
LGTM, restarting flakes |
/hold cancel |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ashley-cui, flouthoc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi @ashley-cui thank you very much for this bugfix! Unfortunately my build is currently stuck due to this issue - is it already possible to install a buildah version with this bugfix included? (I am on RHEL8 using |
@sebastianbertoli Looks like this hasn't gotten into a release version of buildah yet. Your best bet would be to either manually changing the mode of the secret using mode=400 or building from upstream. |
Hi @ashley-cui, thank you for the advice! I'll try it out the mode=400 tomorrow and hopefully get rid of my temporary workaround. 🚀 |
Hi @ashley-cui, is this supposed to work or am I overlooking something? Thanks!
I am getting this error: |
You might need a newer buildah? |
Hi @rhatdan thank you for reaching out! I am on RHEL8.4 and Do I need to follow these steps? https://github.com/containers/buildah/blob/main/install.md#rhel8-beta Cheers! :) |
RHEL8.5 should have buildah 1.23.1 |
There is currently buildah-1.22.3 in the current 8.5. There will be 1.23.1 in the next 8.5 batch update - happening soon. |
Signed-off-by: Ashley Cui acui@redhat.com
What type of PR is this?
/kind bug
What this PR does / why we need it:
Fixed a bug where buildah bud mounted secrets permissions were incorrect due to a decimal/octal conversion error. buildah bud mounted secrets now have a default permission of 400.
How to verify it
Which issue(s) this PR fixes:
Fixes #3557
Special notes for your reviewer:
Does this PR introduce a user-facing change?