From 9372cc8a529fc29d3ae5c691da19bafba6b67aa8 Mon Sep 17 00:00:00 2001 From: Ashwin Das Date: Fri, 16 Aug 2024 12:02:28 -0400 Subject: [PATCH 1/5] fix synk security errors --- pyartcd/pyartcd/pipelines/operator_sdk_sync.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/pyartcd/pyartcd/pipelines/operator_sdk_sync.py b/pyartcd/pyartcd/pipelines/operator_sdk_sync.py index a5c3dfcf5..a718603b2 100644 --- a/pyartcd/pyartcd/pipelines/operator_sdk_sync.py +++ b/pyartcd/pyartcd/pipelines/operator_sdk_sync.py @@ -86,10 +86,16 @@ def _extract_binaries(self, arch, sdkVersion, build): rarch = brew_arch_for_go_arch(arch) tarballFilename = f"{self.sdk}-{sdkVersion}-linux-{rarch}.tar.gz" - cmd = f"rm -rf ./{rarch} && mkdir ./{rarch}" + \ - f" && oc image extract {pullspec} --path /usr/local/bin/{self.sdk}:./{rarch}/ --confirm" + \ - f" && chmod +x ./{rarch}/{self.sdk} && tar -c -z -v --file ./{rarch}/{tarballFilename} ./{rarch}/{self.sdk}" + \ - f" && ln -s {tarballFilename} ./{rarch}/{self.sdk}-linux-{rarch}.tar.gz && rm -f ./{rarch}/{self.sdk}" + cmd = [ + f"rm -rf ./{rarch} &&", + f"mkdir ./{rarch} &&", + f"oc image extract {pullspec} --path /usr/local/bin/{self.sdk}:./{rarch}/ --confirm &&", + f"chmod +x ./{rarch}/{self.sdk} &&", + f"tar -c -z -v --file ./{rarch}/{tarballFilename} ./{rarch}/{self.sdk} &&", + f"ln -s {tarballFilename} ./{rarch}/{self.sdk}-linux-{rarch}.tar.gz &&", + f"rm -f ./{rarch}/{self.sdk}" + ] + self.exec_cmd(cmd) if arch == 'amd64' or arch == 'arm64': tarballFilename = f"{self.sdk}-{sdkVersion}-darwin-{rarch}.tar.gz" From e7300c64d8884be0c2adff1770d5fcfdc73044fd Mon Sep 17 00:00:00 2001 From: Ashwin Das Date: Fri, 16 Aug 2024 14:56:27 -0400 Subject: [PATCH 2/5] test --- pyartcd/pyartcd/pipelines/operator_sdk_sync.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pyartcd/pyartcd/pipelines/operator_sdk_sync.py b/pyartcd/pyartcd/pipelines/operator_sdk_sync.py index a718603b2..3e0ecd9d9 100644 --- a/pyartcd/pyartcd/pipelines/operator_sdk_sync.py +++ b/pyartcd/pyartcd/pipelines/operator_sdk_sync.py @@ -14,6 +14,8 @@ from pyartcd.cli import cli, click_coroutine, pass_runtime from pyartcd.runtime import Runtime +ARCHES = ["x86_64", "s390x", "ppc64le", "aarch64"] + class OperatorSDKPipeline: def __init__(self, runtime: Runtime, group: str, assembly: str, nvr: str, prerelease: bool, updatelatest: bool, arches: str) -> None: @@ -64,6 +66,8 @@ async def run(self): sdkVersion = self._get_sdkversion(build) self._logger.info(sdkVersion) for arch in self.arches.split(','): + if arch not in ARCHES: + raise Exception(f"Unsupported arch: {arch}") self._extract_binaries(arch, sdkVersion, build['extra']['image']['index']['pull'][0]) if self.assembly: self._jira_client.complete_subtask(self.parent_jira_key, "operator-sdk", f"operator_sdk_sync job: {jenkins.get_build_url()}") From 118c5c9c523f1517cf3f3db4958c81a0ff240788 Mon Sep 17 00:00:00 2001 From: Ashwin Das Date: Fri, 16 Aug 2024 15:04:39 -0400 Subject: [PATCH 3/5] test --- ocp-build-data-validator/validator/__main__.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ocp-build-data-validator/validator/__main__.py b/ocp-build-data-validator/validator/__main__.py index 77e4d1785..dc32d2b4e 100644 --- a/ocp-build-data-validator/validator/__main__.py +++ b/ocp-build-data-validator/validator/__main__.py @@ -1,6 +1,7 @@ import argparse import atexit import sys +import shlex from multiprocessing import Pool, cpu_count from . import format, support, schema, github, distgit, cgit @@ -81,6 +82,7 @@ def main(): action='store_true', help='Only run schema validations') args = parser.parse_args() + sanitized_args = {k: shlex.quote(v) if isinstance(v, str) else v for k, v in vars(args).items()} print(f"Validating {len(args.files)} file(s)...") if args.single_thread: for f in args.files: From b93d13ae2e9582df334ac488b7628d2f557b60ca Mon Sep 17 00:00:00 2001 From: Ashwin Das Date: Fri, 16 Aug 2024 15:09:33 -0400 Subject: [PATCH 4/5] test --- ocp-build-data-validator/validator/__main__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ocp-build-data-validator/validator/__main__.py b/ocp-build-data-validator/validator/__main__.py index dc32d2b4e..9e4e73e50 100644 --- a/ocp-build-data-validator/validator/__main__.py +++ b/ocp-build-data-validator/validator/__main__.py @@ -82,7 +82,7 @@ def main(): action='store_true', help='Only run schema validations') args = parser.parse_args() - sanitized_args = {k: shlex.quote(v) if isinstance(v, str) else v for k, v in vars(args).items()} + args = {k: shlex.quote(v) if isinstance(v, str) else v for k, v in vars(args).items()} print(f"Validating {len(args.files)} file(s)...") if args.single_thread: for f in args.files: From 4cd815afb9b3f7f929166cfacae3a98dcc4f0e5a Mon Sep 17 00:00:00 2001 From: Ashwin Das Date: Fri, 16 Aug 2024 15:16:02 -0400 Subject: [PATCH 5/5] test --- pyartcd/pyartcd/pipelines/rebuild.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pyartcd/pyartcd/pipelines/rebuild.py b/pyartcd/pyartcd/pipelines/rebuild.py index 4a923883d..b4de55adf 100644 --- a/pyartcd/pyartcd/pipelines/rebuild.py +++ b/pyartcd/pyartcd/pipelines/rebuild.py @@ -57,7 +57,7 @@ def __init__(self, runtime: Runtime, group: str, assembly: str, plashet_remote: # sets environment variables for Doozer self._doozer_env_vars = os.environ.copy() - self._doozer_env_vars["DOOZER_WORKING_DIR"] = str(self.runtime.working_dir / "doozer-working") + self._doozer_working_dir = str(self.runtime.working_dir / "doozer-working") if not ocp_build_data_url: ocp_build_data_url = self.runtime.config.get("build_config", {}).get("ocp_build_data_url", @@ -385,7 +385,7 @@ async def _build_plashets(self, timestamp: str, el_version: int, group_config: D def _generate_repo_file_for_image(self, file: TextIOWrapper, plashets: Iterable[PlashetBuildResult], arches): # Copy content of .oit/signed.repo in the distgit repo - source_path = Path(self._doozer_env_vars["DOOZER_WORKING_DIR"]) / f"distgits/containers/{self.dg_key}/.oit/signed.repo" + source_path = Path(self._doozer_working_dir) / f"distgits/containers/{self.dg_key}/.oit/signed.repo" repo_content = source_path.read_text() yum_repos = ConfigParser() @@ -500,7 +500,7 @@ async def _build_image(self, repo_url: str) -> List[str]: if self.runtime.dry_run: return [] # parse record.log - with open(Path(self._doozer_env_vars["DOOZER_WORKING_DIR"]) / "record.log", "r") as file: + with open(Path(self._doozer_working_dir) / "record.log", "r") as file: record_log = parse_record_log(file) return record_log["build"][-1]["nvrs"].split(",") @@ -528,7 +528,7 @@ async def _rebase_and_build_rpm(self, release: str) -> List[str]: return [] # parse record.log - with open(Path(self._doozer_env_vars["DOOZER_WORKING_DIR"]) / "record.log", "r") as file: + with open(Path(self._doozer_working_dir) / "record.log", "r") as file: record_log = parse_record_log(file) return record_log["build_rpm"][-1]["nvrs"].split(",")