Merge branch 'main' into fix/python3.10

wolfi-dev · Feb 20, 2024 · 2ea72c0 · 2ea72c0
2 parents 3bfa060 + a26e09b
commit 2ea72c0
Show file tree

Hide file tree

Showing 62 changed files with 496 additions and 123 deletions.
diff --git a/.github/workflows/build-world.yaml b/.github/workflows/build-world.yaml
@@ -24,7 +24,7 @@ jobs:
     # permissions:
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -29,7 +29,7 @@ jobs:
       contents: read
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -142,7 +142,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
     steps:
       - uses: actions/checkout@v4
@@ -246,7 +246,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
     steps:
       - uses: actions/checkout@v4

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
@@ -33,7 +33,7 @@ jobs:
         run: |
           # Copy wolfictl out of the wolfictl image and onto PATH
           TMP=$(mktemp -d)
-          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41 -c "cp /usr/bin/wolfictl /out"
+          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1 -c "cp /usr/bin/wolfictl /out"
           echo "$TMP" >> $GITHUB_PATH
 
       # Assuming that we have a list of changed files such as `foo.yaml` and `bar.yaml`, this
@@ -70,7 +70,7 @@ jobs:
       group: wolfi-builder-${{ matrix.arch }}
     needs: changes
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --security-opt seccomp=unconfined --security-opt apparmor:unconfined
     outputs:
@@ -192,7 +192,7 @@ jobs:
     name: "ABI Compatibility check"
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
     needs: build
     if: needs.build.outputs.packages_were_built == 'true'
 
@@ -231,7 +231,7 @@ jobs:
     name: "Scan packages for CVEs"
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
     needs: build
     if: needs.build.outputs.packages_were_built == 'true'
 

diff --git a/.github/workflows/lint-world.yaml b/.github/workflows/lint-world.yaml
@@ -29,7 +29,7 @@ jobs:
       group: wolfi-os-builder-${{ matrix.arch }}
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
     steps:
       - uses: actions/checkout@v4

diff --git a/.github/workflows/withdraw-packages.yaml b/.github/workflows/withdraw-packages.yaml
@@ -24,7 +24,7 @@ jobs:
         run: |
           # Copy wolfictl out of the wolfictl image and onto PATH
           TMP=$(mktemp -d)
-          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41 -c "cp /usr/bin/wolfictl /out"
+          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1 -c "cp /usr/bin/wolfictl /out"
           echo "$TMP" >> $GITHUB_PATH
 
       - name: 'Authenticate to Google Cloud'

diff --git a/.github/workflows/wolfictl-check-update.yaml b/.github/workflows/wolfictl-check-update.yaml
@@ -29,7 +29,7 @@ jobs:
     - name: Check
       id: check
       if: ${{ steps.files.outputs.all_changed_files != '' }}
-      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:c0ce3a26b4fe886fb2da4bfc32be3472e7ddb76ae7f3463c82f7534b1c867a27
+      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:b4e251fddf75847e3d93abcd0a9d7edd401a8eb7efde555c48a9ebd9d2c077a8
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:

diff --git a/Makefile b/Makefile
@@ -184,7 +184,7 @@ dev-container:
 	    -v "${PWD}:${PWD}" \
 	    -w "${PWD}" \
 	    -e SOURCE_DATE_EPOCH=0 \
-	    ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+	    ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
 PACKAGES_CONTAINER_FOLDER ?= /work/packages
 TMP_REPOSITORIES_DIR := $(shell mktemp -d)
@@ -249,6 +249,6 @@ dev-container-wolfi:
 		--mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \
 		--mount type=bind,source="$(TMP_REPOSITORIES_FILE)",destination="/etc/apk/repositories",readonly \
 		-w "$(PACKAGES_CONTAINER_FOLDER)" \
-		ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+		ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 	@rm "$(TMP_REPOSITORIES_FILE)"
 	@rmdir "$(TMP_REPOSITORIES_DIR)"
diff --git a/aws-cli.yaml b/aws-cli.yaml
@@ -1,7 +1,7 @@
 package:
   name: aws-cli
-  version: 1.32.44
-  epoch: 1
+  version: 1.32.45
+  epoch: 0
   description: "Universal Command Line Interface for Amazon Web Services"
   copyright:
     - license: Apache-2.0
@@ -33,7 +33,7 @@ pipeline:
   - uses: fetch
     with:
       uri: https://github.com/aws/aws-cli/archive/${{package.version}}.tar.gz
-      expected-sha256: 28a9ef5dc42f37ec0f0607e8c3847d857d8a3b5730faa5216b895bd9a2c48559
+      expected-sha256: a86e25e0f3b9fc21f468db6ddd45a4ce6301b28186a6cd658f25befc8634ddb6
 
   - runs: |
       python3 setup.py build

diff --git a/configurable-http-proxy.yaml b/configurable-http-proxy.yaml
@@ -1,10 +1,10 @@
 package:
   name: configurable-http-proxy
   version: 4.6.1
-  epoch: 1
+  epoch: 2
   description: "HTTP parser written against llparse"
   copyright:
-    - license: BSD 3-Clause
+    - license: BSD-3-Clause
   dependencies:
     runtime:
       - nodejs-18

diff --git a/datadog-agent.yaml b/datadog-agent.yaml
@@ -1,7 +1,7 @@
 package:
   name: datadog-agent
-  version: 7.50.3
-  epoch: 1
+  version: 7.51.0
+  epoch: 0
   description: "Collect events and metrics from your hosts that send data to Datadog."
   copyright:
     - license: Apache-2.0
@@ -51,17 +51,7 @@ pipeline:
     with:
       repository: https://github.com/DataDog/datadog-agent
       tag: ${{package.version}}
-      expected-commit: abce0cb22b94b1519861b36ac9b8c9ea317bf6a1
-
-  - runs: |
-      # NOTE: we need to remove the existing docker dep because is higher than the version required by buildkit.
-      go mod edit -droprequire=github.com/docker/docker
-
-  - uses: go/bump
-    with:
-      deps: golang.org/x/[email protected] github.com/containerd/[email protected] github.com/go-git/go-git/[email protected] github.com/moby/[email protected] github.com/opencontainers/[email protected] github.com/docker/[email protected]
-      replaces: github.com/cloudflare/circl=github.com/cloudflare/[email protected] github.com/docker/docker=github.com/docker/[email protected]+incompatible
-      go-version: "1.21.0"
+      expected-commit: 5b3c5ccb394e61a7946f35ad0eeb4197dfcd5d68
 
   - runs: |
       export PATH=$PATH:$GOPATH/bin

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -1,6 +1,6 @@
 package:
   name: docker-compose
-  version: 2.24.5
+  version: 2.24.6
   epoch: 0
   description: Define and run multi-container applications with Docker
   copyright:
@@ -27,7 +27,11 @@ pipeline:
     with:
       repository: https://github.com/docker/compose
       tag: v${{package.version}}
-      expected-commit: 8fdd45cd4ce0035968efef3cae44529690fbea60
+      expected-commit: eb5f7d76fee2027bb4e25711e0d2666b3891dcd3
+
+  - uses: go/bump
+    with:
+      deps: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/[email protected] go.opentelemetry.io/[email protected] go.opentelemetry.io/otel/exporters/otlp/otlptrace/[email protected] go.opentelemetry.io/otel/[email protected]
 
   - runs: |
       mkdir -p ${{targets.destdir}}/usr/bin

diff --git a/gcc.yaml b/gcc.yaml
@@ -1,7 +1,7 @@
 package:
   name: gcc
   version: 13.2.0
-  epoch: 4
+  epoch: 5
   description: "the GNU compiler collection"
   copyright:
     - license: GPL-3.0-or-later
@@ -186,6 +186,13 @@ subpackages:
           mv "${{targets.destdir}}"/usr/lib/libgccjit.so "${{targets.subpkgdir}}"/usr/lib/
           mv "${{targets.destdir}}"/usr/include/libgccjit*.h "${{targets.subpkgdir}}"/usr/include/
 
+  - name: "libssp"
+    description: "GCC stack protection library"
+    pipeline:
+      - runs: |
+          mkdir -p "${{targets.subpkgdir}}"/usr/lib64
+          mv "${{targets.destdir}}"/usr/lib64/libssp* "${{targets.subpkgdir}}"/usr/lib64
+
   - name: "libgomp"
     description: "GNU parallel programming library"
     pipeline:

diff --git a/gobump.yaml b/gobump.yaml
@@ -1,6 +1,6 @@
 package:
   name: gobump
-  version: 0.7.3
+  version: 0.7.4
   epoch: 0
   description: Go tool to declaratively bump dependencies
   copyright:
@@ -11,7 +11,7 @@ pipeline:
     with:
       repository: https://github.com/chainguard-dev/gobump.git
       tag: v${{package.version}}
-      expected-commit: d7faf41b0523afab7ac3706722120fb6e09ddc8c
+      expected-commit: 8b182eb15364022c87269b5f815a3d2a78505da5
 
   - uses: go/build
     with:

diff --git a/hugo-extended.yaml b/hugo-extended.yaml
@@ -1,6 +1,6 @@
 package:
   name: hugo-extended
-  version: 0.122.0
+  version: 0.123.0
   epoch: 0
   description: The world's fastest framework for building websites.
   copyright:

diff --git a/hugo.yaml b/hugo.yaml
@@ -1,6 +1,6 @@
 package:
   name: hugo
-  version: 0.122.0
+  version: 0.123.0
   epoch: 0
   description: The world's fastest framework for building websites.
   copyright:
@@ -18,7 +18,7 @@ pipeline:
     with:
       repository: https://github.com/gohugoio/hugo
       tag: v${{package.version}}
-      expected-commit: b9a03bd59d5f71a529acb3e33f995e0ef332b3aa
+      expected-commit: 3c8a4713908e48e6523f058ca126710397aa4ed5
 
   - uses: go/build
     with:

diff --git a/k3d.yaml b/k3d.yaml
@@ -1,7 +1,7 @@
 package:
   name: k3d
   version: 5.6.0
-  epoch: 5
+  epoch: 6
   description: Little helper to run CNCF's k3s in Docker
   copyright:
     - license: Apache-2.0
@@ -23,6 +23,10 @@ pipeline:
       tag: v${{package.version}}
       expected-commit: 9748b1e158f3a03e807c6a989edc0fee856ff5a2
 
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected] github.com/docker/[email protected] golang.org/x/[email protected] github.com/opencontainers/[email protected] github.com/containerd/[email protected]
+
   - runs: |
       make build
       install -Dm755 ./bin/k3d ${{targets.destdir}}/usr/bin/k3d

diff --git a/karpenter.yaml b/karpenter.yaml
@@ -1,6 +1,6 @@
 package:
   name: karpenter
-  version: 0.34.0
+  version: 0.34.1
   epoch: 0
   description: Karpenter is a Kubernetes Node Autoscaler built for flexibility, performance, and simplicity.
   copyright:
@@ -13,7 +13,7 @@ pipeline:
     with:
       repository: https://github.com/aws/karpenter
       tag: v${{package.version}}
-      expected-commit: 17d6c05309b0bc36fb7302b09d4332190fdc0375
+      expected-commit: 596ea97071b9d51eb29fb160c8ff4adb4536dd24
 
   - uses: go/build
     with:

diff --git a/kubeadm-bootstrap-controller.yaml b/kubeadm-bootstrap-controller.yaml
@@ -0,0 +1,39 @@
+package:
+  name: kubeadm-bootstrap-controller
+  version: 1.6.1
+  epoch: 0
+  description: Cluster API core controller
+  copyright:
+    - license: Apache-2.0
+
+environment:
+  contents:
+    packages:
+      - busybox
+      - ca-certificates-bundle
+      - go
+  environment:
+    CGO_ENABLED: "0"
+
+pipeline:
+  - uses: git-checkout
+    with:
+      expected-commit: a150f715f5a607ef172dbe96615ffdf1d51220b3
+      repository: https://github.com/kubernetes-sigs/cluster-api
+      tag: v${{package.version}}
+
+  - uses: go/build
+    with:
+      ldflags: -s -w
+      output: kubeadm-bootstrap-controller
+      packages: ./bootstrap/kubeadm
+
+  - uses: strip
+
+update:
+  enabled: true
+  github:
+    identifier: kubernetes-sigs/cluster-api
+    strip-prefix: v
+    tag-filter: v
+    use-tag: true
diff --git a/libburn.yaml b/libburn.yaml
@@ -0,0 +1,52 @@
+# Generated from https://git.alpinelinux.org/aports/plain/main/libburn/APKBUILD
+package:
+  name: libburn
+  version: 1.5.6
+  epoch: 0
+  description: Library for reading, mastering and writing optical discs
+  copyright:
+    - license: GPL-2.0-or-later
+
+environment:
+  contents:
+    packages:
+      - autoconf
+      - automake
+      - build-base
+      - busybox
+      - ca-certificates-bundle
+      - linux-headers
+
+pipeline:
+  - uses: fetch
+    with:
+      expected-sha256: 7295491b4be5eeac5e7a3fb2067e236e2955ffdc6bbd45f546466edee321644b
+      uri: https://files.libburnia-project.org/releases/libburn-${{package.version}}.tar.gz
+
+  - uses: autoconf/configure
+
+  - uses: autoconf/make
+
+  - uses: autoconf/make-install
+
+  - uses: strip
+
+subpackages:
+  - name: libburn-dev
+    pipeline:
+      - uses: split/dev
+    dependencies:
+      runtime:
+        - libburn
+    description: libburn dev
+
+  - name: libburn-doc
+    pipeline:
+      - uses: split/manpages
+    description: libburn manpages
+
+update:
+  enabled: true
+  release-monitor:
+    identifier: 1568
+    strip-suffix: .pl01