Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

zellij/0.41.2-r1: cve remediation #35025

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Update cargobump-deps.yaml

810359e
Select commit
Loading
Failed to load commit list.
Open

zellij/0.41.2-r1: cve remediation #35025

Update cargobump-deps.yaml
810359e
Select commit
Loading
Failed to load commit list.
Octo STS / elastic-build failed Nov 26, 2024 in 3m 17s

Failed to build APKs

Build ID: 36c03741-b1c3-467f-857f-2cf823c36c4b

Details

x86_64 Logs

Click to expand 
git commit for build config not provided, attempting to detect automatically
melange v0.15.14 is building:
  configuration file: zellij.yaml
  workspace dir: /tmp/melange-workspace-812408384
evaluating pipelines for package requirements
--cache-dir ./melange-cache/ not a dir; skipping
populating workspace /tmp/melange-workspace-812408384 from zellij
building workspace in '/tmp/melange-guest-2502186483' with apko
Error: rpc error: code = NotFound desc = federate identity: rpc error: code = NotFound desc = no identity found for (https://accounts.google.com, 109346087047205543085)
Error running `chainctl auth token`: exit status 1
setting apk repositories: [https://apk.cgr.dev/wolfi-presubmit/d64ad014c78fe84f4ad71aacf5a42a0e0b12d22a https://packages.wolfi.dev/os]
image configuration:
  contents:
    build repositories: []
    runtime repositories: []
    keyring:      []
    packages:     [build-base busybox ca-certificates-bundle cargo-auditable git openssf-compiler-options openssl-dev rust git git cargobump binutils scanelf]
  accounts:
    runas:  
    users:
      - uid=1000(build) gid=1000
    groups:
      - gid=1000(build) members=[build]
auth configured for: []
installing ca-certificates-bundle (20241010-r2)
installing wolfi-baselayout (20230201-r15)
installing glibc (2.40-r3)
installing ld-linux (2.40-r3)
installing libgcc (14.2.0-r6)
installing glibc-locale-posix (2.40-r3)
installing libzstd1 (1.5.6-r5)
installing libstdc++ (14.2.0-r6)
installing binutils (2.43.1-r2)
installing make (4.4.1-r4)
installing pkgconf (2.3.0-r1)
installing libxcrypt (4.4.36-r8)
installing libxcrypt-dev (4.4.36-r8)
installing linux-headers (6.6.63-r0)
installing nss-hesiod (2.40-r3)
installing nss-db (2.40-r3)
installing glibc-dev (2.40-r3)
installing posix-cc-wrappers (1-r4)
installing openssf-compiler-options (20240627-r5)
installing libgo (14.2.0-r6)
installing gmp (6.3.0-r2)
installing mpfr (4.2.1-r5)
installing mpc (1.3.1-r5)
installing libquadmath (14.2.0-r6)
installing isl (0.27-r0)
installing zlib (1.3.1-r4)
installing libstdc++-dev (14.2.0-r6)
installing libatomic (14.2.0-r6)
installing libgomp (14.2.0-r6)
installing gcc (14.2.0-r6)
installing build-base (1-r8)
installing libcrypt1 (2.40-r3)
installing busybox (1.37.0-r0)
installing cargo-auditable (0.6.6-r0)
installing cargobump (0.0.2-r0)
installing libexpat1 (2.6.4-r0)
installing libpcre2-8-0 (10.44-r2)
installing libunistring (1.3-r1)
installing libidn2 (2.3.7-r3)
installing libpsl (0.21.5-r4)
installing libbrotlicommon1 (1.1.0-r4)
installing libbrotlidec1 (1.1.0-r4)
installing krb5-conf (1.0-r3)
installing libverto (0.3.2-r4)
installing keyutils-libs (1.6.3-r5)
installing libcom_err (1.47.1-r1)
installing libcrypto3 (3.4.0-r2)
installing libssl3 (3.4.0-r2)
installing krb5-libs (1.21.3-r2)
installing ncurses-terminfo-base (6.5_p20241006-r4)
installing ncurses (6.5_p20241006-r4)
installing readline (8.2.13-r1)
installing sqlite-libs (3.47.0-r0)
installing heimdal-libs (7.8.0-r7)
installing gdbm (1.24-r1)
installing cyrus-sasl (2.1.28-r5)
installing libevent (2.1.12-r6)
installing libldap (2.6.9-r0)
installing libnghttp2-14 (1.64.0-r1)
installing libcurl-openssl4 (8.11.0-r0)
installing git (2.47.1-r0)
installing jitterentropy-library (3.6.0-r0)
installing jitterentropy-library-dev (3.6.0-r0)
installing openssl-dev (3.4.0-r2)
installing libffi (3.4.6-r5)
installing xz (5.6.3-r2)
installing libxml2 (2.13.5-r0)
installing libLLVM-19 (19.1.4-r0)
installing libssh2 (1.11.1-r0)
installing libgit2 (1.8.4-r0)
installing rust-1.82 (1.82.0-r0)
installing scanelf (1.3.8-r0)
built image layer tarball as /tmp/apko-temp-3476868445/apko-x86_64.tar.gz
using /tmp/apko-temp-3476868445/apko-x86_64.tar.gz for image layer
ImgRef = /tmp/melange-guest-3921818861
running step "git-checkout"
[git checkout] repo='https://github.com/zellij-org/zellij' dest='.' depth='1' branch='' tag='v0.41.2' expcommit='40d49737d126eef60dd988f1fe60df4c42d23773' recurse='false'
[git checkout] execute: git config --global --add safe.directory /tmp/tmp.zGtHxO
[git checkout] execute: git config --global --add safe.directory /home/build
[git checkout] execute: git clone --quiet --origin=origin --config=user.name=Melange Build [email protected] --config=advice.detachedHead=false --branch=v0.41.2 --depth=1 https://github.com/zellij-org/zellij /tmp/tmp.zGtHxO
[git checkout] execute: cd /tmp/tmp.zGtHxO
[git checkout] tar -c . | tar -C "/home/build" -x
[git checkout] execute: cd /home/build
[git checkout] execute: git config --global --add safe.directory /home/build
[git checkout] execute: git fetch --quiet origin --depth=1 --no-tags +refs/tags/v0.41.2:refs/origin/tags/v0.41.2
[git checkout] execute: git checkout --quiet origin/tags/v0.41.2
[git checkout] tag v0.41.2 is 40d49737d126eef60dd988f1fe60df4c42d23773
running step "rust/cargobump"
+ cd .
+ BUMP_FILE_FLAG=
+ PACKAGES_FLAG=
+ '[' -n  ]
+ '[' -f ./cargobump-deps.yaml ]
+ BUMP_FILE_FLAG='--bump-file ./cargobump-deps.yaml'
+ '[' false '=' true ]
+ cargobump --bump-file ./cargobump-deps.yaml
2024/11/26 22:53:41 INFO Update package: cap-primitives
2024/11/26 22:53:45 INFO Package updated successfully: cap-primitives to version 3.4.1
2024/11/26 22:53:45 INFO Update package: cap-std
2024/11/26 22:53:47 INFO Package updated successfully: cap-std to version 3.4.1
2024/11/26 22:53:47 INFO Update package: rmp-serde
2024/11/26 22:53:48 INFO Package updated successfully: rmp-serde to version 1.1.1
2024/11/26 22:53:48 INFO Update package with a specific version: [email protected]
2024/11/26 22:53:49 INFO Package updated successfully: [email protected] to version 0.37.25
2024/11/26 22:53:49 INFO Update package: wasmtime
Error: failed to parse the pom file: failed to run cargo update 'Updating crates.io index
error: failed to select a version for the requirement `wasmtime = "^21.0.2"`
candidate versions found which didn't match: 25.0.0
location searched: crates.io index
required by package `zellij-server v0.41.2 (/home/build/zellij-server)`' with error: 'exit status 101'
Usage:
  cargobump <file-to-bump> [flags]
  cargobump [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  version     Prints the version

Flags:
      --bump-file string     The input file to read dependencies to bump from
      --cargoroot string     path to the Cargo.lock root
  -h, --help                 help for cargobump
      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
      --packages string      A space-separated list of dependencies to update in form package@version

Use "cargobump [command] --help" for more information about a command.

2024/11/26 22:53:49 INFO error during command execution: failed to parse the pom file: failed to run cargo update 'Updating crates.io index
error: failed to select a version for the requirement `wasmtime = "^21.0.2"`
candidate versions found which didn't match: 25.0.0
location searched: crates.io index
required by package `zellij-server v0.41.2 (/home/build/zellij-server)`' with error: 'exit status 101'
deleting guest dir /tmp/melange-guest-2502186483
deleting workspace dir /tmp/melange-workspace-812408384
removing image path /tmp/melange-guest-3921818861
failed to build package: unable to run package zellij pipeline: unable to run pipeline: unable to run pipeline: exit status 1

aarch64 Logs

Click to expand 
git commit for build config not provided, attempting to detect automatically
melange v0.15.14 is building:
  configuration file: zellij.yaml
  workspace dir: /tmp/melange-workspace-1833863888
evaluating pipelines for package requirements
--cache-dir ./melange-cache/ not a dir; skipping
populating workspace /tmp/melange-workspace-1833863888 from zellij
building workspace in '/tmp/melange-guest-3162848657' with apko
Error: rpc error: code = NotFound desc = federate identity: rpc error: code = NotFound desc = no identity found for (https://accounts.google.com, 109346087047205543085)
Error running `chainctl auth token`: exit status 1
setting apk repositories: [https://apk.cgr.dev/wolfi-presubmit/d64ad014c78fe84f4ad71aacf5a42a0e0b12d22a https://packages.wolfi.dev/os]
image configuration:
  contents:
    build repositories: []
    runtime repositories: []
    keyring:      []
    packages:     [build-base busybox ca-certificates-bundle cargo-auditable git openssf-compiler-options openssl-dev rust git git cargobump binutils scanelf]
  accounts:
    runas:  
    users:
      - uid=1000(build) gid=1000
    groups:
      - gid=1000(build) members=[build]
auth configured for: []
installing ca-certificates-bundle (20241010-r2)
installing wolfi-baselayout (20230201-r15)
installing glibc (2.40-r3)
installing libgcc (14.2.0-r6)
installing ld-linux (2.40-r3)
installing glibc-locale-posix (2.40-r3)
installing libzstd1 (1.5.6-r5)
installing libstdc++ (14.2.0-r6)
installing binutils (2.43.1-r2)
installing make (4.4.1-r4)
installing pkgconf (2.3.0-r1)
installing libxcrypt (4.4.36-r8)
installing libxcrypt-dev (4.4.36-r8)
installing linux-headers (6.6.63-r0)
installing nss-db (2.40-r3)
installing nss-hesiod (2.40-r3)
installing glibc-dev (2.40-r3)
installing posix-cc-wrappers (1-r4)
installing openssf-compiler-options (20240627-r5)
installing gmp (6.3.0-r2)
installing libgo (14.2.0-r6)
installing mpfr (4.2.1-r5)
installing mpc (1.3.1-r5)
installing isl (0.27-r0)
installing zlib (1.3.1-r4)
installing libquadmath (14.2.0-r6)
installing libstdc++-dev (14.2.0-r6)
installing libatomic (14.2.0-r6)
installing libgomp (14.2.0-r6)
installing gcc (14.2.0-r6)
installing build-base (1-r8)
installing libcrypt1 (2.40-r3)
installing busybox (1.37.0-r0)
installing cargo-auditable (0.6.6-r0)
installing cargobump (0.0.2-r0)
installing libexpat1 (2.6.4-r0)
installing libpcre2-8-0 (10.44-r2)
installing libunistring (1.3-r1)
installing libidn2 (2.3.7-r3)
installing libpsl (0.21.5-r4)
installing libbrotlicommon1 (1.1.0-r4)
installing libbrotlidec1 (1.1.0-r4)
installing krb5-conf (1.0-r3)
installing libverto (0.3.2-r4)
installing keyutils-libs (1.6.3-r5)
installing libcom_err (1.47.1-r1)
installing libcrypto3 (3.4.0-r2)
installing libssl3 (3.4.0-r2)
installing krb5-libs (1.21.3-r2)
installing ncurses-terminfo-base (6.5_p20241006-r4)
installing ncurses (6.5_p20241006-r4)
installing readline (8.2.13-r1)
installing sqlite-libs (3.47.0-r0)
installing heimdal-libs (7.8.0-r7)
installing gdbm (1.24-r1)
installing cyrus-sasl (2.1.28-r5)
installing libevent (2.1.12-r6)
installing libldap (2.6.9-r0)
installing libnghttp2-14 (1.64.0-r1)
installing libcurl-openssl4 (8.11.0-r0)
installing git (2.47.1-r0)
installing jitterentropy-library (3.6.0-r0)
installing jitterentropy-library-dev (3.6.0-r0)
installing openssl-dev (3.4.0-r2)
installing libffi (3.4.6-r5)
installing xz (5.6.3-r2)
installing libxml2 (2.13.5-r0)
installing libLLVM-19 (19.1.4-r0)
installing libssh2 (1.11.1-r0)
installing libgit2 (1.8.4-r0)
installing rust-1.82 (1.82.0-r0)
installing scanelf (1.3.8-r0)
built image layer tarball as /tmp/apko-temp-1503480270/apko-aarch64.tar.gz
using /tmp/apko-temp-1503480270/apko-aarch64.tar.gz for image layer
ImgRef = /tmp/melange-guest-4052990436
running step "git-checkout"
[git checkout] repo='https://github.com/zellij-org/zellij' dest='.' depth='1' branch='' tag='v0.41.2' expcommit='40d49737d126eef60dd988f1fe60df4c42d23773' recurse='false'
[git checkout] execute: git config --global --add safe.directory /tmp/tmp.lbzrQF
[git checkout] execute: git config --global --add safe.directory /home/build
[git checkout] execute: git clone --quiet --origin=origin --config=user.name=Melange Build [email protected] --config=advice.detachedHead=false --branch=v0.41.2 --depth=1 https://github.com/zellij-org/zellij /tmp/tmp.lbzrQF
[git checkout] execute: cd /tmp/tmp.lbzrQF
[git checkout] tar -c . | tar -C "/home/build" -x
[git checkout] execute: cd /home/build
[git checkout] execute: git config --global --add safe.directory /home/build
[git checkout] execute: git fetch --quiet origin --depth=1 --no-tags +refs/tags/v0.41.2:refs/origin/tags/v0.41.2
[git checkout] execute: git checkout --quiet origin/tags/v0.41.2
[git checkout] tag v0.41.2 is 40d49737d126eef60dd988f1fe60df4c42d23773
running step "rust/cargobump"
+ cd .
+ BUMP_FILE_FLAG=
+ PACKAGES_FLAG=
+ '[' -n  ]
+ '[' -f ./cargobump-deps.yaml ]
+ BUMP_FILE_FLAG='--bump-file ./cargobump-deps.yaml'
+ '[' false '=' true ]
+ cargobump --bump-file ./cargobump-deps.yaml
2024/11/26 22:53:08 INFO Update package: cap-primitives
2024/11/26 22:53:16 INFO Package updated successfully: cap-primitives to version 3.4.1
2024/11/26 22:53:16 INFO Update package: cap-std
2024/11/26 22:53:18 INFO Package updated successfully: cap-std to version 3.4.1
2024/11/26 22:53:18 INFO Update package: rmp-serde
2024/11/26 22:53:19 INFO Package updated successfully: rmp-serde to version 1.1.1
2024/11/26 22:53:19 INFO Update package with a specific version: [email protected]
2024/11/26 22:53:20 INFO Package updated successfully: [email protected] to version 0.37.25
2024/11/26 22:53:20 INFO Update package: wasmtime
Error: failed to parse the pom file: failed to run cargo update 'Updating crates.io index
error: failed to select a version for the requirement `wasmtime = "^21.0.2"`
candidate versions found which didn't match: 25.0.0
location searched: crates.io index
required by package `zellij-server v0.41.2 (/home/build/zellij-server)`' with error: 'exit status 101'
Usage:
  cargobump <file-to-bump> [flags]
  cargobump [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  version     Prints the version

Flags:
      --bump-file string     The input file to read dependencies to bump from
      --cargoroot string     path to the Cargo.lock root
  -h, --help                 help for cargobump
      --log-level string     log level (e.g. debug, info, warn, error) (default "info")
      --log-policy strings   log policy (e.g. builtin:stderr, /tmp/log/foo) (default [builtin:stderr])
      --packages string      A space-separated list of dependencies to update in form package@version

Use "cargobump [command] --help" for more information about a command.

2024/11/26 22:53:21 INFO error during command execution: failed to parse the pom file: failed to run cargo update 'Updating crates.io index
error: failed to select a version for the requirement `wasmtime = "^21.0.2"`
candidate versions found which didn't match: 25.0.0
location searched: crates.io index
required by package `zellij-server v0.41.2 (/home/build/zellij-server)`' with error: 'exit status 101'
deleting guest dir /tmp/melange-guest-3162848657
deleting workspace dir /tmp/melange-workspace-1833863888
removing image path /tmp/melange-guest-4052990436
failed to build package: unable to run package zellij pipeline: unable to run pipeline: unable to run pipeline: exit status 1

Indexes

https://apk.cgr.dev/wolfi-presubmit/d64ad014c78fe84f4ad71aacf5a42a0e0b12d22a

❌ Failed Packages

  • zellij (error | 1m59s)

Packages

More Observability

Command

cg build log \
  --build-id 36c03741-b1c3-467f-857f-2cf823c36c4b \
  --project prod-wolfi-os \
  --cluster elastic-pre \
  --namespace pre-wolfi \
  --start 2024-11-26T22:51:22Z \
  --end 2024-11-26T23:04:40Z \
  --attrs pkg,arch
View more details on Octo STS