Skip to content

Commit 6dba03f

Browse files
jacobweinstockjacobweinstock
authored
Update Go dependencies in hook-bootkit; add resilience to kernel download and verify: (#281)
## Description <!--- Please describe what this PR is going to change --> The hook-bootkit dependency updates resolve some security issues. Use backup locations for kernel downloads. It happened that today the latest point releases for the 5.x and 6.x kernels were in the https://www.kernel.org/releases.json but not in corresponding sha256sum.asc file, https://www.kernel.org/pub/linux/kernel/v6.x/sha256sums.asc for example. Interestingly enough, the kernels were in https://cdn.kernel.org/pub/linux/kernel/v6.x/sha256sums.asc. The difference being https://www.kernel.org vs https://cdn.kernel.org. This new script will try against www.kernel.org and fall back to cdn.kernel.org. ## Why is this needed <!--- Link to issue you have raised --> Fixes: # ## How Has This Been Tested? <!--- Please describe in detail how you tested your changes. --> <!--- Include details of your testing environment, and the tests you ran to --> <!--- see how your change affects other areas of the code, etc. --> ## How are existing users impacted? What migration steps/scripts do we need? <!--- Fixes a bug, unblocks installation, removes a component of the stack etc --> <!--- Requires a DB migration script, etc. --> ## Checklist: I have: - [ ] updated the documentation and/or roadmap (if required) - [ ] added unit or e2e tests - [ ] provided instructions on how to upgrade
2 parents a659ccd + 77fd5a0 commit 6dba03f

File tree

5 files changed

+177
-104
lines changed

5 files changed

+177
-104
lines changed

images/hook-bootkit/go.mod

Lines changed: 24 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,44 +1,45 @@
11
module github.com/tinkerbell/hook/hook-bootkit
22

3-
go 1.22
3+
go 1.23.0
44

5-
toolchain go1.22.6
5+
toolchain go1.24.1
66

77
require (
88
github.com/cenkalti/backoff/v4 v4.3.0
9-
github.com/docker/docker v26.1.0+incompatible
10-
github.com/go-logr/logr v1.4.1
9+
github.com/docker/docker v28.3.2+incompatible
10+
github.com/go-logr/logr v1.4.3
1111
github.com/go-logr/zerologr v1.2.3
12-
github.com/rs/zerolog v1.30.0
12+
github.com/rs/zerolog v1.34.0
1313
)
1414

1515
require (
16-
github.com/Microsoft/go-winio v0.6.1 // indirect
16+
github.com/Microsoft/go-winio v0.6.2 // indirect
17+
github.com/containerd/errdefs v1.0.0 // indirect
18+
github.com/containerd/errdefs/pkg v0.3.0 // indirect
1719
github.com/containerd/log v0.1.0 // indirect
1820
github.com/distribution/reference v0.6.0 // indirect
19-
github.com/docker/go-connections v0.4.0 // indirect
21+
github.com/docker/go-connections v0.5.0 // indirect
2022
github.com/docker/go-units v0.5.0 // indirect
2123
github.com/felixge/httpsnoop v1.0.4 // indirect
2224
github.com/go-logr/stdr v1.2.2 // indirect
2325
github.com/gogo/protobuf v1.3.2 // indirect
24-
github.com/mattn/go-colorable v0.1.12 // indirect
25-
github.com/mattn/go-isatty v0.0.14 // indirect
26+
github.com/mattn/go-colorable v0.1.14 // indirect
27+
github.com/mattn/go-isatty v0.0.20 // indirect
2628
github.com/moby/docker-image-spec v1.3.1 // indirect
27-
github.com/moby/term v0.5.0 // indirect
29+
github.com/moby/sys/atomicwriter v0.1.0 // indirect
30+
github.com/moby/term v0.5.2 // indirect
2831
github.com/morikuni/aec v1.0.0 // indirect
2932
github.com/opencontainers/go-digest v1.0.0 // indirect
30-
github.com/opencontainers/image-spec v1.0.2 // indirect
33+
github.com/opencontainers/image-spec v1.1.1 // indirect
3134
github.com/pkg/errors v0.9.1 // indirect
32-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect
33-
go.opentelemetry.io/otel v1.26.0 // indirect
34-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 // indirect
35-
go.opentelemetry.io/otel/metric v1.26.0 // indirect
36-
go.opentelemetry.io/otel/sdk v1.26.0 // indirect
37-
go.opentelemetry.io/otel/trace v1.26.0 // indirect
38-
golang.org/x/mod v0.8.0 // indirect
39-
golang.org/x/net v0.23.0 // indirect
40-
golang.org/x/sys v0.19.0 // indirect
41-
golang.org/x/time v0.3.0 // indirect
42-
golang.org/x/tools v0.6.0 // indirect
43-
gotest.tools/v3 v3.5.0 // indirect
35+
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
36+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect
37+
go.opentelemetry.io/otel v1.37.0 // indirect
38+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 // indirect
39+
go.opentelemetry.io/otel/metric v1.37.0 // indirect
40+
go.opentelemetry.io/otel/trace v1.37.0 // indirect
41+
golang.org/x/net v0.42.0 // indirect
42+
golang.org/x/sys v0.34.0 // indirect
43+
golang.org/x/time v0.12.0 // indirect
44+
gotest.tools/v3 v3.5.2 // indirect
4445
)

0 commit comments

Comments
 (0)