Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add compile restic binary for CVE fix #5564

Merged
merged 1 commit into from Nov 9, 2022
Merged

Add compile restic binary for CVE fix #5564

merged 1 commit into from Nov 9, 2022

Conversation

qiuming-best
Copy link
Contributor

Signed-off-by: Ming mqiu@vmware.com

Thank you for contributing to Velero!

Please add a summary of your change

Does your change fix a particular issue?

Fixes #(issue)
Fix CVE scanned from TMC by compiling restic binary using a higher version of golang

Please indicate you've done the following:

  • Accepted the DCO. Commits without the DCO will delay acceptance.
  • Created a changelog file or added /kind changelog-not-required as a comment on this pull request.
  • Updated the corresponding documentation in site/content/docs/main.

@qiuming-best qiuming-best added the kind/changelog-not-required PR does not require a user changelog. Often for docs, website, or build changes label Nov 8, 2022
Lyndon-Li
Lyndon-Li previously approved these changes Nov 8, 2022
View reviewed changes
reasonerjt
reasonerjt reviewed Nov 8, 2022
View reviewed changes
Dockerfile Outdated
@@ -29,7 +29,7 @@ WORKDIR /go/src/github.com/vmware-tanzu/velero

COPY . /go/src/github.com/vmware-tanzu/velero

RUN apt-get update && apt-get install -y bzip2
RUN apt-get update && apt-get install -y bzip2 git
Copy link
Contributor

@reasonerjt reasonerjt Nov 8, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you need this? The debian base image has git already as I remember.
And the bzip2 is no longer needed therefore the whole apt-get may be skipped.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@reasonerjt Done

reasonerjt
reasonerjt reviewed Nov 8, 2022
View reviewed changes
hack/build-restic.sh Outdated
chmod +x ${restic_bin}
cd ${build_path}/velero
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will break once the directory changes, how about switch to pushd/popd to make it more robust?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, using pushd/popd is much more better

blackpiglet
blackpiglet previously approved these changes Nov 9, 2022
View reviewed changes
@reasonerjt
Copy link
Contributor

@qiuming-best
Thanks for making the update, please rebase to resolve the conflict.

@codecov-commenter
Copy link

Codecov Report

Merging #5564 (a5824fb) into release-1.9 (48856f2) will not change coverage.
The diff coverage is n/a.

@@             Coverage Diff              @@
##           release-1.9    #5564   +/-   ##
============================================
  Coverage        41.66%   41.66%           
============================================
  Files              214      214           
  Lines            18599    18599           
============================================
  Hits              7749     7749           
  Misses           10267    10267           
  Partials           583      583

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@github-actions github-actions bot added Area/Design Design Documents Dependencies Pull requests that update a dependency file Documentation has-e2e-tests has-unit-tests Website non-docs changes for the website labels Nov 9, 2022
@qiuming-best qiuming-best marked this pull request as draft November 9, 2022 07:25
@qiuming-best
Add compile restic binary for CVE fix
58f64e6 
Signed-off-by: Ming <mqiu@vmware.com>
@github-actions github-actions bot removed Dependencies Pull requests that update a dependency file Website non-docs changes for the website has-unit-tests labels Nov 9, 2022
@qiuming-best qiuming-best marked this pull request as ready for review November 9, 2022 07:36
@blackpiglet blackpiglet merged commit 2fa4a01 into vmware-tanzu:release-1.9 Nov 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reasonerjt reasonerjt reasonerjt approved these changes

@blackpiglet blackpiglet blackpiglet approved these changes

@Lyndon-Li Lyndon-Li Lyndon-Li left review comments

@ywk253100 ywk253100 Awaiting requested review from ywk253100

@shubham-pampattiwar shubham-pampattiwar Awaiting requested review from shubham-pampattiwar

Assignees

@qiuming-best qiuming-best

Labels
has-changelog kind/changelog-not-required PR does not require a user changelog. Often for docs, website, or build changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@qiuming-best @reasonerjt @codecov-commenter @blackpiglet @Lyndon-Li