diff --git a/mantle/go.mod b/mantle/go.mod index 9467a6ff20..eb257a391d 100644 --- a/mantle/go.mod +++ b/mantle/go.mod @@ -17,7 +17,7 @@ require ( github.com/coreos/go-semver v0.3.0 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e github.com/coreos/go-systemd/v22 v22.0.0 - github.com/coreos/ignition/v2 v2.13.0 + github.com/coreos/ignition/v2 v2.14.0 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f github.com/coreos/stream-metadata-go v0.1.8 github.com/coreos/vcontext v0.0.0-20211021162308-f1dbbca7bef4 diff --git a/mantle/go.sum b/mantle/go.sum index 8c23a206fc..ea1b0b8b29 100644 --- a/mantle/go.sum +++ b/mantle/go.sum @@ -60,6 +60,7 @@ github.com/aws/aws-sdk-go v1.34.28 h1:sscPpn/Ns3i0F4HPEWAVcwdIRaZZCuL7llJ2/60yPI github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= +github.com/beevik/etree v1.1.1-0.20200718192613-4a2f8b9d084c/go.mod h1:0yGO2rna3S9DkITDWHY1bMtcY4IJ4w+4S+EooZUR0bE= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -84,8 +85,9 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.0.0 h1:XJIw/+VlJ+87J+doOxznsAWIdmWuViOVhkQamW5YV28= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/coreos/ignition/v2 v2.13.0 h1:1ouW+d0nOuPUbLjxxOCnC+dWQxynr8Mt5exqJoCD7b4= github.com/coreos/ignition/v2 v2.13.0/go.mod h1:HO1HWYWcvAIbHu6xewoKxPGBTyZ32FLwGIuipw5d63o= +github.com/coreos/ignition/v2 v2.14.0 h1:KfkCCnA6AK0kts/1zxzzNH5lDMCQN9sqqGcGs+RJVX4= +github.com/coreos/ignition/v2 v2.14.0/go.mod h1:wxc4qdYEIHLygzWbVVEuoD7lQGTZmMgX0VjAPYBbeEQ= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/stream-metadata-go v0.1.8 h1:EbLlLia+Ekuqgh8nF4NNFs0jUqmhUbN4mWd1O8u8TQE= @@ -381,6 +383,7 @@ github.com/vishvananda/netns v0.0.0-20150710222425-604eaf189ee8/go.mod h1:ZjcWmF github.com/vmware/govmomi v0.15.0 h1:fVMjwFASkUIGenwURwP0ruAzTjka0l2AV9wtARwkJLI= github.com/vmware/govmomi v0.15.0/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728/go.mod h1:x9oS4Wk2s2u4tS29nEaDLdzvuHdB19CvSGJjPgkZJNk= +github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3/go.mod h1:CSBTxrhePCm0cmXNKDGeu+6bOQzpaEklfCqEpn89JWk= github.com/vmware/vmw-ovflib v0.0.0-20170608004843-1f217b9dc714/go.mod h1:jiPk45kn7klhByRvUq5i2vo1RtHKBHj+iWGFpxbXuuI= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= diff --git a/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go b/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go index 1b9875a847..2b91dc4929 100644 --- a/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go +++ b/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/cosa_v1.go @@ -73,6 +73,7 @@ type Build struct { PkgdiffBetweenBuilds PackageSetDifferences `json:"pkgdiff,omitempty"` PowerVirtualServer []Cloudartifact `json:"powervs,omitempty"` ReleasePayload *Image `json:"release-payload,omitempty"` + S3 *S3 `json:"s3,omitempty"` } type BuildArtifacts struct { @@ -147,3 +148,9 @@ type Koji struct { type PackageSetDifferences []PackageSetDifferencesItems type PackageSetDifferencesItems interface{} + +type S3 struct { + Bucket string `json:"bucket,omitempty"` + Key string `json:"key,omitempty"` + PublicURL string `json:"public-url,omitempty"` +} diff --git a/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go b/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go index e1ddd61c12..50e2aee3e5 100644 --- a/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go +++ b/mantle/vendor/github.com/coreos/coreos-assembler-schema/cosa/schema_doc.go @@ -225,6 +225,7 @@ var generatedSchemaJSON = `{ "parent-advisories-diff", "advisories-diff", "release-payload", + "s3", "coreos-assembler.basearch", "coreos-assembler.build-timestamp", @@ -266,6 +267,26 @@ var generatedSchemaJSON = `{ "default":"", "minLength": 1 }, + "s3": { + "type": "object", + "properties": { + "bucket": { + "$id":"#/properties/bucket", + "type":"string", + "title":"Bucket" + }, + "key": { + "$id": "#/properties/key", + "type":"string", + "title":"Key" + }, + "public-url": { + "$id":"#/properties/public-url", + "type":"string", + "title":"Public URL" + } + } + }, "koji": { "type": "object", "properties": { diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go b/mantle/vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go index 7761280d07..492fd7e6cf 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go @@ -62,6 +62,7 @@ var ( ErrClevisCustomWithOthers = errors.New("cannot use custom clevis config with tpm2, tang, or threshold") ErrTangThumbprintRequired = errors.New("thumbprint is required") ErrFileIllegalMode = errors.New("illegal file mode") + ErrModeSpecialBits = errors.New("setuid/setgid/sticky bits are not supported in spec versions older than 3.4.0") ErrBothIDAndNameSet = errors.New("cannot set both id and name") ErrLabelTooLong = errors.New("partition labels may not exceed 36 characters") ErrDoesntMatchGUIDRegex = errors.New("doesn't match the form \"01234567-89AB-CDEF-EDCB-A98765432101\"") @@ -99,6 +100,7 @@ var ( ErrEngineConfiguration = errors.New("engine incorrectly configured") // AWS S3 specific errors + ErrInvalidS3ARN = errors.New("invalid S3 ARN format") ErrInvalidS3ObjectVersionId = errors.New("invalid S3 object VersionId") // Obsolete errors, left here for ABI compatibility diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/directory.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/directory.go index c1cc24404f..0327b02282 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/directory.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/directory.go @@ -22,5 +22,6 @@ import ( func (d Directory) Validate(c path.ContextPath) (r report.Report) { r.Merge(d.Node.Validate(c)) r.AddOnError(c.Append("mode"), validateMode(d.Mode)) + r.AddOnWarn(c.Append("mode"), validateModeSpecialBits(d.Mode)) return } diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/file.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/file.go index 26466eceff..5fa9ca8bb8 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/file.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/file.go @@ -25,6 +25,7 @@ import ( func (f File) Validate(c path.ContextPath) (r report.Report) { r.Merge(f.Node.Validate(c)) r.AddOnError(c.Append("mode"), validateMode(f.Mode)) + r.AddOnWarn(c.Append("mode"), validateModeSpecialBits(f.Mode)) r.AddOnError(c.Append("overwrite"), f.validateOverwrite()) return } diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/mode.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/mode.go index 7d23eb3e4c..6021b91532 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/mode.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_0/types/mode.go @@ -24,3 +24,13 @@ func validateMode(m *int) error { } return nil } + +func validateModeSpecialBits(m *int) error { + if m != nil { + mode := uint32(*m) + if mode&07000 != 0 { + return errors.ErrModeSpecialBits + } + } + return nil +} diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/directory.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/directory.go index c1cc24404f..0327b02282 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/directory.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/directory.go @@ -22,5 +22,6 @@ import ( func (d Directory) Validate(c path.ContextPath) (r report.Report) { r.Merge(d.Node.Validate(c)) r.AddOnError(c.Append("mode"), validateMode(d.Mode)) + r.AddOnWarn(c.Append("mode"), validateModeSpecialBits(d.Mode)) return } diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/file.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/file.go index d30ed3de3a..97aa84a769 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/file.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/file.go @@ -25,6 +25,7 @@ import ( func (f File) Validate(c path.ContextPath) (r report.Report) { r.Merge(f.Node.Validate(c)) r.AddOnError(c.Append("mode"), validateMode(f.Mode)) + r.AddOnWarn(c.Append("mode"), validateModeSpecialBits(f.Mode)) r.AddOnError(c.Append("overwrite"), f.validateOverwrite()) return } diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/mode.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/mode.go index 7d23eb3e4c..6021b91532 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/mode.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_1/types/mode.go @@ -24,3 +24,13 @@ func validateMode(m *int) error { } return nil } + +func validateModeSpecialBits(m *int) error { + if m != nil { + mode := uint32(*m) + if mode&07000 != 0 { + return errors.ErrModeSpecialBits + } + } + return nil +} diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/directory.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/directory.go index f6f0684557..b01a6bf9d7 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/directory.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/directory.go @@ -22,5 +22,6 @@ import ( func (d Directory) Validate(c path.ContextPath) (r report.Report) { r.Merge(d.Node.Validate(c)) r.AddOnError(c.Append("mode"), validateMode(d.Mode)) + r.AddOnWarn(c.Append("mode"), validateModeSpecialBits(d.Mode)) return } diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/file.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/file.go index 9b71bb26aa..4e7566bd3b 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/file.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/file.go @@ -25,6 +25,7 @@ import ( func (f File) Validate(c path.ContextPath) (r report.Report) { r.Merge(f.Node.Validate(c)) r.AddOnError(c.Append("mode"), validateMode(f.Mode)) + r.AddOnWarn(c.Append("mode"), validateModeSpecialBits(f.Mode)) r.AddOnError(c.Append("overwrite"), f.validateOverwrite()) return } diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/mode.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/mode.go index 9eb7573d8b..ad3e51c22c 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/mode.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_2/types/mode.go @@ -24,3 +24,13 @@ func validateMode(m *int) error { } return nil } + +func validateModeSpecialBits(m *int) error { + if m != nil { + mode := uint32(*m) + if mode&07000 != 0 { + return errors.ErrModeSpecialBits + } + } + return nil +} diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/directory.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/directory.go index f6f0684557..b01a6bf9d7 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/directory.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/directory.go @@ -22,5 +22,6 @@ import ( func (d Directory) Validate(c path.ContextPath) (r report.Report) { r.Merge(d.Node.Validate(c)) r.AddOnError(c.Append("mode"), validateMode(d.Mode)) + r.AddOnWarn(c.Append("mode"), validateModeSpecialBits(d.Mode)) return } diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/file.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/file.go index 9b71bb26aa..4e7566bd3b 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/file.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/file.go @@ -25,6 +25,7 @@ import ( func (f File) Validate(c path.ContextPath) (r report.Report) { r.Merge(f.Node.Validate(c)) r.AddOnError(c.Append("mode"), validateMode(f.Mode)) + r.AddOnWarn(c.Append("mode"), validateModeSpecialBits(f.Mode)) r.AddOnError(c.Append("overwrite"), f.validateOverwrite()) return } diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/mode.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/mode.go index 9eb7573d8b..ad3e51c22c 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/mode.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_3/types/mode.go @@ -24,3 +24,13 @@ func validateMode(m *int) error { } return nil } + +func validateModeSpecialBits(m *int) error { + if m != nil { + mode := uint32(*m) + if mode&07000 != 0 { + return errors.ErrModeSpecialBits + } + } + return nil +} diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_4_experimental/translate/translate.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_4_experimental/translate/translate.go index 5b39cae9b8..2539c8f4fd 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_4_experimental/translate/translate.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_4_experimental/translate/translate.go @@ -16,6 +16,7 @@ package translate import ( "github.com/coreos/ignition/v2/config/translate" + "github.com/coreos/ignition/v2/config/util" old_types "github.com/coreos/ignition/v2/config/v3_3/types" "github.com/coreos/ignition/v2/config/v3_4_experimental/types" ) @@ -27,9 +28,36 @@ func translateIgnition(old old_types.Ignition) (ret types.Ignition) { return } +func translateFileEmbedded1(old old_types.FileEmbedded1) (ret types.FileEmbedded1) { + tr := translate.NewTranslator() + tr.Translate(&old.Append, &ret.Append) + tr.Translate(&old.Contents, &ret.Contents) + if old.Mode != nil { + // We support the special mode bits for specs >=3.4.0, so if + // the user provides special mode bits in an Ignition config + // with the version < 3.4.0, then we need to explicitly mask + // those bits out during translation. + ret.Mode = util.IntToPtr(*old.Mode & ^07000) + } + return +} + +func translateDirectoryEmbedded1(old old_types.DirectoryEmbedded1) (ret types.DirectoryEmbedded1) { + if old.Mode != nil { + // We support the special mode bits for specs >=3.4.0, so if + // the user provides special mode bits in an Ignition config + // with the version < 3.4.0, then we need to explicitly mask + // those bits out during translation. + ret.Mode = util.IntToPtr(*old.Mode & ^07000) + } + return +} + func Translate(old old_types.Config) (ret types.Config) { tr := translate.NewTranslator() tr.AddCustomTranslator(translateIgnition) + tr.AddCustomTranslator(translateDirectoryEmbedded1) + tr.AddCustomTranslator(translateFileEmbedded1) tr.Translate(&old, &ret) return } diff --git a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_4_experimental/types/url.go b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_4_experimental/types/url.go index 0d8771bf6d..3ca189dae3 100644 --- a/mantle/vendor/github.com/coreos/ignition/v2/config/v3_4_experimental/types/url.go +++ b/mantle/vendor/github.com/coreos/ignition/v2/config/v3_4_experimental/types/url.go @@ -16,7 +16,9 @@ package types import ( "net/url" + "strings" + "github.com/aws/aws-sdk-go/aws/arn" "github.com/vincent-petithory/dataurl" "github.com/coreos/ignition/v2/config/shared/errors" @@ -39,6 +41,30 @@ func validateURL(s string) error { } } return nil + case "arn": + fullURL := u.Scheme + ":" + u.Opaque + if !arn.IsARN(fullURL) { + return errors.ErrInvalidS3ARN + } + s3arn, err := arn.Parse(fullURL) + if err != nil { + return err + } + if s3arn.Service != "s3" { + return errors.ErrInvalidS3ARN + } + urlSplit := strings.Split(fullURL, "/") + if strings.HasPrefix(s3arn.Resource, "accesspoint/") && len(urlSplit) < 3 { + return errors.ErrInvalidS3ARN + } else if len(urlSplit) < 2 { + return errors.ErrInvalidS3ARN + } + if v, ok := u.Query()["versionId"]; ok { + if len(v) == 0 || v[0] == "" { + return errors.ErrInvalidS3ObjectVersionId + } + } + return nil case "data": if _, err := dataurl.DecodeString(s); err != nil { return err diff --git a/mantle/vendor/modules.txt b/mantle/vendor/modules.txt index 318f0b79a8..41443576ea 100644 --- a/mantle/vendor/modules.txt +++ b/mantle/vendor/modules.txt @@ -195,7 +195,7 @@ github.com/coreos/go-systemd/unit github.com/coreos/go-systemd/v22/dbus github.com/coreos/go-systemd/v22/journal github.com/coreos/go-systemd/v22/unit -# github.com/coreos/ignition/v2 v2.13.0 +# github.com/coreos/ignition/v2 v2.14.0 github.com/coreos/ignition/v2/config/merge github.com/coreos/ignition/v2/config/shared/errors github.com/coreos/ignition/v2/config/shared/validations