Skip to content

Commit

Permalink
Explicitly set deleted timestamp in trivy (TraceMachina#1006)
Browse files Browse the repository at this point in the history
This works around a bug in trivy that broke our image pipelines with
host Docker 26+.

Fixes TraceMachina#1004
  • Loading branch information
aaronmondal authored Jun 14, 2024
1 parent bf9edc9 commit 43f1aeb
Show file tree
Hide file tree
Showing 8 changed files with 1,343 additions and 1,292 deletions.
38 changes: 19 additions & 19 deletions flake.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,7 @@
patches = [
./tools/nixpkgs_link_libunwind_and_libcxx.diff
./tools/nixpkgs_disable_ratehammering_pulumi_tests.diff
./tools/nixpkgs_trivy_0_52_2.diff
];
};
in
Expand Down
26 changes: 13 additions & 13 deletions local-remote-execution/generated-cc/cc/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -111,18 +111,18 @@ cc_toolchain_config(
coverage_link_flags = ["--coverage"],
cpu = "k8",
cxx_builtin_include_directories = [
"/nix/store/ac2b2xv1mcry27sqyrx2468k08csk86j-clang-wrapper-18.1.6/resource-root/include",
"/nix/store/n4ilv8fpd7d2dasf4f3s7j3p05rv0g36-clang-wrapper-18.1.7/resource-root/include",
"/nix/store/fwh4fxd747m0py3ib3s5abamia9nrf90-glibc-2.39-52-dev/include",
"/nix/store/ac2b2xv1mcry27sqyrx2468k08csk86j-clang-wrapper-18.1.6/resource-root/share",
"/nix/store/y2rz9qcspn84m0sca923z5v110y7xh8m-libcxx-18.1.6-dev/include/c++/v1",
"/nix/store/n4ilv8fpd7d2dasf4f3s7j3p05rv0g36-clang-wrapper-18.1.7/resource-root/share",
"/nix/store/kdjvg6i1k08fdvmk1lpmifhg9nd9c6qc-libcxx-18.1.7-dev/include/c++/v1",
"/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk",
],
cxx_flags = ["-std=c++14"],
dbg_compile_flags = ["-g"],
host_system_name = "x86_64-unknown-linux-gnu",
link_flags = [
"-fuse-ld=/nix/store/ac2b2xv1mcry27sqyrx2468k08csk86j-clang-wrapper-18.1.6/bin/ld.mold",
"-B/nix/store/vh8mhqfkwjxs1n24xxzwpz0wjd3lyn8c-customClang/bin",
"-fuse-ld=/nix/store/n4ilv8fpd7d2dasf4f3s7j3p05rv0g36-clang-wrapper-18.1.7/bin/ld.mold",
"-B/nix/store/w10ln3v5kxdi4v3z5pr77iksz7fz2ivk-customClang/bin",
"-Wl,-no-as-needed",
"-Wl,-z,relro,-z,now",
],
Expand All @@ -147,18 +147,18 @@ cc_toolchain_config(
target_libc = "glibc_2.35",
target_system_name = "local",
tool_paths = {
"ar": "/nix/store/y2psnv2l882cpskmgg8g1rw1580wyjv4-binutils-wrapper-2.41/bin/ar",
"ld": "/nix/store/y2psnv2l882cpskmgg8g1rw1580wyjv4-binutils-wrapper-2.41/bin/ld",
"ar": "/nix/store/5bskz9jc2csyv2j7n9bd3zbhq1s3zf2b-binutils-wrapper-2.41/bin/ar",
"ld": "/nix/store/5bskz9jc2csyv2j7n9bd3zbhq1s3zf2b-binutils-wrapper-2.41/bin/ld",
"llvm-cov": "None",
"llvm-profdata": "None",
"cpp": "/usr/bin/cpp",
"gcc": "/nix/store/vh8mhqfkwjxs1n24xxzwpz0wjd3lyn8c-customClang/bin/customClang",
"dwp": "/nix/store/y2psnv2l882cpskmgg8g1rw1580wyjv4-binutils-wrapper-2.41/bin/dwp",
"gcc": "/nix/store/w10ln3v5kxdi4v3z5pr77iksz7fz2ivk-customClang/bin/customClang",
"dwp": "/nix/store/5bskz9jc2csyv2j7n9bd3zbhq1s3zf2b-binutils-wrapper-2.41/bin/dwp",
"gcov": "None",
"nm": "/nix/store/y2psnv2l882cpskmgg8g1rw1580wyjv4-binutils-wrapper-2.41/bin/nm",
"objcopy": "/nix/store/y2psnv2l882cpskmgg8g1rw1580wyjv4-binutils-wrapper-2.41/bin/objcopy",
"objdump": "/nix/store/y2psnv2l882cpskmgg8g1rw1580wyjv4-binutils-wrapper-2.41/bin/objdump",
"strip": "/nix/store/y2psnv2l882cpskmgg8g1rw1580wyjv4-binutils-wrapper-2.41/bin/strip",
"nm": "/nix/store/5bskz9jc2csyv2j7n9bd3zbhq1s3zf2b-binutils-wrapper-2.41/bin/nm",
"objcopy": "/nix/store/5bskz9jc2csyv2j7n9bd3zbhq1s3zf2b-binutils-wrapper-2.41/bin/objcopy",
"objdump": "/nix/store/5bskz9jc2csyv2j7n9bd3zbhq1s3zf2b-binutils-wrapper-2.41/bin/objdump",
"strip": "/nix/store/5bskz9jc2csyv2j7n9bd3zbhq1s3zf2b-binutils-wrapper-2.41/bin/strip",
},
toolchain_identifier = "local",
unfiltered_compile_flags = [
Expand Down
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
This file is generated by cc_configure and contains builtin include directories
that /nix/store/vh8mhqfkwjxs1n24xxzwpz0wjd3lyn8c-customClang/bin/customClang reported. This file is a dependency of every compilation action and
that /nix/store/w10ln3v5kxdi4v3z5pr77iksz7fz2ivk-customClang/bin/customClang reported. This file is a dependency of every compilation action and
changes to it will be reflected in the action cache key. When some of these
paths change, Bazel will make sure to rerun the action, even though none of
declared action inputs or the action commandline changes.

/nix/store/ac2b2xv1mcry27sqyrx2468k08csk86j-clang-wrapper-18.1.6/resource-root/include
/nix/store/n4ilv8fpd7d2dasf4f3s7j3p05rv0g36-clang-wrapper-18.1.7/resource-root/include
/nix/store/fwh4fxd747m0py3ib3s5abamia9nrf90-glibc-2.39-52-dev/include
/nix/store/ac2b2xv1mcry27sqyrx2468k08csk86j-clang-wrapper-18.1.6/resource-root/share
/nix/store/y2rz9qcspn84m0sca923z5v110y7xh8m-libcxx-18.1.6-dev/include/c++/v1
/nix/store/n4ilv8fpd7d2dasf4f3s7j3p05rv0g36-clang-wrapper-18.1.7/resource-root/share
/nix/store/kdjvg6i1k08fdvmk1lpmifhg9nd9c6qc-libcxx-18.1.7-dev/include/c++/v1
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk
4 changes: 2 additions & 2 deletions local-remote-execution/generated-cc/cc/cc_wrapper.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/nix/store/rrvpd603w99rkcpg6rg71yqypycwkk6n-bash/bin/bash
#!/nix/store/6rj1j8s1gcnpic31s1i5s086x6m8aslm-bash/bin/bash
#
# Copyright 2015 The Bazel Authors. All rights reserved.
#
Expand All @@ -22,4 +22,4 @@ set -eu


# Call the C++ compiler
/nix/store/vh8mhqfkwjxs1n24xxzwpz0wjd3lyn8c-customClang/bin/customClang "$@"
/nix/store/w10ln3v5kxdi4v3z5pr77iksz7fz2ivk-customClang/bin/customClang "$@"
Loading

0 comments on commit 43f1aeb

Please sign in to comment.