-
Notifications
You must be signed in to change notification settings - Fork 36
sys-apps/ignition: add ignition-rmcfg
#1948
Conversation
2080c37
to
a0e946e
Compare
54fb0d1
to
7d4e040
Compare
@@ -0,0 +1 @@ | |||
- ignition ([CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe a change entry would be good in addition?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking the same - but it's part of the Ignition-2.14.0 changelog: https://coreos.github.io/ignition/release-notes/#changes which is already mentioned here: 83118a5.
Maybe it's good to add this: https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion which is not directly linked in the changelog.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change to enable it is done in this PR, so I think the operator notes link is very valuable here in case someone would have to opt out
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, done. Thanks for the suggestion :)
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
this helper removes config from VMWare and Virtualbox and should not be directly used by the user. Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
7d4e040
to
fabc5d1
Compare
@@ -0,0 +1 @@ | |||
- VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata. Also see: https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata. Also see: https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion | |
- VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar-linux/coreos-overlay/pull/1948)) |
Without the markdown formatting I'm not sure if it becomes a clickable link in the homepage?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
have added a link to this PR, too
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
We add `sys-apps/ignition` as a `coreos-base/coreos` dependency to get `/usr/libexec/ignition-rmcfg` available on the _real_ root. Now we want `/usr/bin/ignition` to be in the chroot until it's being copied to the initramfs but we don't want it on the actual root. With `PKG_INSTALL_MASK`, we'll prevent `/usr/bin/ignition` to be added to the image in the `./build_image` - at this time, initramfs is already created and `sys-apps/ignition` is a binary package. Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
fabc5d1
to
d4349bf
Compare
In this PR, we add the
ignition-rmcfg
command (in the root filesystem, not in the initramfs) to remove Ignition configuration from booted instance on VMWare and Virtualbox.See also: GHSA-hj57-j5cw-2mwp
We could add a Mantle test to verify Ignition has been correctly removed from VMWare guestinfo.
changelog/
directory (user-facing change, bug fix, security fix, update)No need to backport since
ignition-2.14.0
is not yet released.