Fix permissions of qemu-ARCH-static in debian-base and other images #67222
Conversation
Also, don't re-download qemu-ARCH-static binaries for debian-iptables
k8s-ci-robot
added
release-note-none
k8s-ci-robot
added
the
approved
| @@ -14,10 +14,6 @@ | |||
|
|
|||
| FROM BASEIMAGE | |||
There was a problem hiding this comment.
can we still do a follow-up to use ARG instead of sed? :-)
There was a problem hiding this comment.
yes, but I don't have time to work on that right now.
There was a problem hiding this comment.
Ok fair enough, I may do this then, taking a note 😄
|
I'm assuming once this is done, #67026 has to be redone with 0.3.2 base image? |
yep. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: BenTheElder, ixdy, tallclair The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
|
/sig architecture |
k8s-ci-robot
added
the
sig/architecture
|
Automatic merge from submit-queue (batch tested with PRs 67058, 67083, 67220, 67222, 67209). If you want to cherry-pick this change to another branch, please follow the instructions here. |
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Update to use debian-base:0.3.2 **What this PR does / why we need it**: uses the fixed debian-base image from #67222. Also includes a small fix for a bug in the debian-base Makefile that I introduced in that same PR. This is basically a rehash of #67026. **Release note**: ```release-note NONE ```
…67222-#67283-#67365-upstream-release-1.10 Automatic merge from submit-queue. release-1.10: update to debian-base 0.3.2, debian-iptables v10.1 and hyperkubebase 0.10.1 Cherry pick of #67026 #67222 #67283 #67365 on release-1.10. #67026: Upgrade debian-base to 0.3.1 for CVEs #67222: ensure qemu-ARCH-static binary is world readable and #67283: Add missing tmpdir path to chmod #67365: Update to debian-iptables v10.1 and hyperkube-base 0.10.1
What this PR does / why we need it: proper fix for the issue I found in #67215. Some machines (like apparently workstations at Google) have a restrictive umask, so the
qemu-ARCH-staticbinaries were getting installed in images without world read/execute permissions, causing utilities likeapt-getto fail.There was also a duplicate download/install of these binaries for
debian-iptables, which further confused the issue. I've since removed that duplicate installation.Many thanks to @BenTheElder for asking the right question to get me to look at the permissions again.
I haven't pushed any images yet. After merge, I'll build/promote
debian-base:0.3.2, then update everything to use it, then push some more images, write some more PRs, ...Release note:
/assign @tallclair