k8s-sidecar/2.2.3 package update #77296
Merged
Chainguard Internal / elastic-build (eco-2-28)
succeeded
Jan 6, 2026 in 5m 31s
APKs built successfully
Build ID: ca67ad61-67cc-4e12-b462-2afe1ea87f76
Details
builds
x86_64 Logs
Click to expand
o (0.3.2-r6)
installing krb5-conf (1.0-r7)
installing libcom_err (1.47.3-r1)
installing keyutils-libs (1.6.3-r37)
installing libssl3 (3.6.0-r6)
installing krb5-libs (1.22.1-r1)
installing libtirpc (1.3.7-r1)
installing libpcre2-8-0 (10.47-r0)
installing libsepol (3.9-r1)
installing libselinux (3.9-r1)
installing libnftnl (1.3.1-r0)
installing xtables (1.8.11-r31)
installing libcap (2.77-r0)
installing iproute2 (6.17.0-r2)
installing libstdc++ (15.2.0-r6)
installing inih (62-r1)
installing liburcu (0.15.5-r0)
installing libblkid (2.41.3-r0)
installing libuuid (2.41.3-r0)
installing xfsprogs-core (6.18.0-r0)
installing xfsprogs (6.18.0-r0)
installing libmount (2.41.3-r0)
installing mount (2.41.3-r0)
installing ncurses-terminfo-base (6.6_p20251230-r0)
installing ncurses (6.6_p20251230-r0)
installing setarch (2.41.3-r0)
installing libfdisk (2.41.3-r0)
installing sqlite-libs (3.51.1-r0)
installing util-linux (2.41.3-r0)
installing libsmartcols (2.41.3-r0)
installing util-linux-misc (2.41.3-r0)
installing libxcrypt (4.5.2-r0)
installing libcrypt1 (2.42-r4)
installing linux-pam (1.7.1-r4)
installing openssh-keygen (10.2_p1-r3)
installing openssh-server-config (10.2_p1-r3)
installing openssh-server (10.2_p1-r3)
installing busybox (1.37.0-r50)
installing microvm-init (0.0.1-r15)
qemu: starting VM
qemu: waiting for SSH
conn read: read tcp 127.0.0.1:45226->127.0.0.1:34345: i/o timeout
qemu: meta-data=/dev/vda isize=512 agcount=8, agsize=1638400 blks
qemu: = sectsz=4096 attr=2, projid32bit=1
qemu: = crc=1 finobt=1, sparse=1, rmapbt=1
qemu: = reflink=1 bigtime=1 inobtcount=1 nrext64=1
qemu: = exchange=1 metadir=0
qemu: data = bsize=4096 blocks=13107200, imaxpct=25
qemu: = sunit=0 swidth=0 blks
qemu: naming =version 2 bsize=4096 ascii-ci=0, ftype=1, parent=1
qemu: log =internal log bsize=4096 blocks=16384, version=2
qemu: = sectsz=4096 sunit=1 blks, lazy-count=1
qemu: realtime =none extsz=4096 blocks=0, rtextents=0
qemu: = rgcount=0 rgsize=0 extents
qemu: = zoned=0 start=0 reserved=0
qemu: Discarding blocks...Done.
conn read: read tcp 127.0.0.1:45234->127.0.0.1:34345: i/o timeout
qemu: [INIT] Checking for init.d scripts...
qemu: [INIT] No /opt/melange/init.d directory (optional, skipping)
qemu: ssh-keygen: generating new host keys: RSA ECDSA
qemu: Server listening on 0.0.0.0 port 2223.
qemu: Server listening on 0.0.0.0 port 22.
qemu: VM started successfully, SSH server is up
qemu: Connection closed by 10.0.2.2 port 36300
qemu: verifying VM host key against pre-provisioned key
qemu: Accepted publickey for root from 10.0.2.2 port 36306 ssh2: ECDSA SHA256:R4Mhh11MThSSjVvuSEzWkWsItPIoLfUWE8elizUwRE0
qemu: VM host key successfully verified against pre-provisioned key
qemu: Connection closed by 10.0.2.2 port 36306
qemu: Accepted publickey for root from 10.0.2.2 port 36316 ssh2: ECDSA SHA256:R4Mhh11MThSSjVvuSEzWkWsItPIoLfUWE8elizUwRE0
qemu: Accepted publickey for root from 10.0.2.2 port 60418 ssh2: ECDSA SHA256:R4Mhh11MThSSjVvuSEzWkWsItPIoLfUWE8elizUwRE0
qemu: Accepted publickey for root from 10.0.2.2 port 36324 ssh2: ECDSA SHA256:R4Mhh11MThSSjVvuSEzWkWsItPIoLfUWE8elizUwRE0
qemu: running kernel version: 6.16.10-r2-qemu-generic #Chainguard SMP PREEMPT_DYNAMIC Fri Oct 3 22:31:32 UTC 2025
qemu: setting up local workspace
qemu: unmounting host workspace from guest
running the main test pipeline
{"time": "2026-01-06T16:25:30.495928+00:00", "level": "CRITICAL", "msg": "Should have added {LABEL} as environment variable! Exit"}
Charset-Normalizer 3.4.4 - Python 3.13.11 - Unicode 15.1.0 - SpeedUp ON
usage: normalizer [-h] [-v] [-a] [-n] [-m] [-r] [-f] [-i] [-t THRESHOLD]
[--version]
files [files ...]
The Real First Universal Charset Detector. Discover originating encoding used
on text file. Normalize text to unicode.
positional arguments:
files File(s) to be analysed
options:
-h, --help show this help message and exit
-v, --verbose Display complementary information about file if any.
Stdout will contain logs about the detection process.
-a, --with-alternative
Output complementary possibilities if any. Top-level
JSON WILL be a list.
-n, --normalize Permit to normalize input file. If not set, program
does not write anything.
-m, --minimal Only output the charset detected to STDOUT. Disabling
JSON output.
-r, --replace Replace file when trying to normalize it instead of
creating a new one.
-f, --force Replace file without asking if you are sure, use this
flag with caution.
-i, --no-preemptive Disable looking at a charset declaration to hint the
detector.
-t, --threshold THRESHOLD
Define a custom maximum amount of noise allowed in
decoded content. 0. <= noise <= 1.
--version Show version information and exit.
Usage: pyrsa-decrypt [options] private_key
Decrypts a file. The original file must be shorter than the key length in
order to have been encrypted.
Options:
-h, --help show this help message and exit
-i INPUT, --input=INPUT
Name of the file to decrypt. Reads from stdin if not
specified.
-o OUTPUT, --output=OUTPUT
Name of the file to write the decrypted file to.
Written to stdout if this option is not present.
--keyform=KEYFORM Key format of the private key - default PEM
Usage: pyrsa-encrypt [options] public_key
Encrypts a file. The file must be shorter than the key length in order to be
encrypted.
Options:
-h, --help show this help message and exit
-i INPUT, --input=INPUT
Name of the file to encrypt. Reads from stdin if not
specified.
-o OUTPUT, --output=OUTPUT
Name of the file to write the encrypted file to.
Written to stdout if this option is not present.
--keyform=KEYFORM Key format of the public key - default PEM
Usage: pyrsa-keygen [options] keysize
Generates a new RSA key pair of "keysize" bits.
Options:
-h, --help show this help message and exit
--pubout=PUBOUT Output filename for the public key. The public key is not
saved if this option is not present. You can use pyrsa-
priv2pub to create the public key file later.
-o OUT, --out=OUT Output filename for the private key. The key is written
to stdout if this option is not present.
--form=FORM key format of the private and public keys - default PEM
Usage: pyrsa-priv2pub [options]
Reads a private key and outputs the corresponding public key. Both private and
public keys use the format described in PKCS#1 v1.5
Options:
-h, --help show this help message and exit
-i INFILENAME, --input=INFILENAME
Input filename. Reads from stdin if not specified
-o OUTFILENAME, --output=OUTFILENAME
Output filename. Writes to stdout of not specified
--inform=INFORM key format of input - default PEM
--outform=OUTFORM key format of output - default PEM
Usage: pyrsa-sign [options] private_key hash_method
Signs a file, outputs the signature. Choose the hash method from MD5, SHA-1,
SHA-224, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512
Options:
-h, --help show this help message and exit
-i INPUT, --input=INPUT
Name of the file to sign. Reads from stdin if not
specified.
-o OUTPUT, --output=OUTPUT
Name of the file to write the signature to. Written to
stdout if this option is not present.
--keyform=KEYFORM Key format of the private key - default PEM
Usage: pyrsa-verify [options] public_key signature_file
Verifies a signature, exits with status 0 upon success, prints an error
message and exits with status 1 upon error.
Options:
-h, --help show this help message and exit
-i INPUT, --input=INPUT
Name of the file to verify. Reads from stdin if not
specified.
--keyform=KEYFORM Key format of the public key - default PEM
usage: wsdump [-h] [-p PROXY] [-v [VERBOSE]] [-n] [-r] [-s [SUBPROTOCOLS ...]]
[-o ORIGIN] [--eof-wait EOF_WAIT] [-t TEXT] [--timings]
[--headers HEADERS]
ws_url
WebSocket Simple Dump Tool
positional arguments:
ws_url websocket url. ex. ws://echo.websocket.events/
options:
-h, --help show this help message and exit
-p, --proxy PROXY proxy url. ex. http://127.0.0.1:8080
-v, --verbose [VERBOSE]
set verbose mode. If set to 1, show opcode. If set to
2, enable to trace websocket module
-n, --nocert Ignore invalid SSL cert
-r, --raw raw output
-s, --subprotocols [SUBPROTOCOLS ...]
Set subprotocols
-o, --origin ORIGIN Set origin
--eof-wait EOF_WAIT wait time(second) after 'EOF' received.
-t, --text TEXT Send initial text
--timings Print timings in seconds
--headers HEADERS Set custom headers. Use ',' as separator
running step "test/tw/ldd-check"
running step "check for missing library dependencies using ldd"
[ldd-check] Testing binaries in package k8s-sidecar
PASS[ldd-check]: /usr/lib/python3.13/site-packages/charset_normalizer/md.cpython-313-x86_64-linux-gnu.so
PASS[ldd-check]: /usr/lib/python3.13/site-packages/charset_normalizer/md__mypyc.cpython-313-x86_64-linux-gnu.so
aarch64 Logs
Click to expand
in/dind" started successfully
running command bash [-c
# Retry up to 60 seconds to wait for docker to start.
worked=false
for i in $(seq 60); do
if docker info >/dev/null 2>&1; then
worked=true
break
fi
echo "docker healthcheck failed, docker is not ready, retrying... ($i/60 seconds so far)..."
sleep 1
done
if [ "$worked" = "false" ]; then
echo "Failed to start docker after 60 seconds"
exit 1
fi
]
command "bash" completed successfully
melange devel with runner docker is testing:
image configuration:
contents:
build repositories: []
runtime repositories: []
repositories: []
keyring: []
packages: [k8s-sidecar ldd-check]
accounts:
runas:
users:
- uid=1000(build) gid=1000
groups:
- gid=1000(build) members=[build]
installing wolfi-baselayout (20230201-r25)
installing ca-certificates-bundle (20251003-r0)
installing glibc-locale-posix (2.42-r4)
installing ld-linux (2.42-r4)
installing glibc (2.42-r4)
installing libgcc (15.2.0-r6)
installing oldlibstdcxx-2.28 (8.5.0-r1)
installing libstdc++ (15.2.0-r6)
installing ct-manylinux-2.28-gcc-14 (1.28.0-r87)
installing ct-manylinux-2.28 (1.28.0-r87)
installing gmp (6.3.0-r8)
installing mpfr (4.2.2-r2)
installing mpc (1.3.1-r7)
installing posix-cc-wrappers (2-r7)
installing isl (0.27-r4)
installing zlib (1.3.1.2-r0)
installing libzstd1 (1.5.7-r5)
installing libstdc++-14 (14.3.0-r9)
installing libstdc++-14-dev (14.3.0-r9)
installing libquadmath (15.2.0-r6)
installing openssf-compiler-options (20250904-r2)
installing binutils (2.45.1-r2)
installing libxcrypt (4.5.2-r0)
installing libxcrypt-dev (4.5.2-r0)
installing nss-db (2.42-r4)
installing nss-hesiod (2.42-r4)
installing linux-headers (6.18.3-r0)
installing glibc-dev (2.42-r4)
installing gcc-14 (14.3.0-r9)
installing libgfortran-14 (14.3.0-r9)
installing gfortran-14 (14.3.0-r9)
installing libgfortran (15.2.0-r6)
installing gcc-14-default (14.3.0-r9)
installing mpdecimal (4.0.1-r3)
installing ncurses-terminfo-base (6.6_p20251230-r0)
installing ncurses (6.6_p20251230-r0)
installing readline (8.3-r1)
installing gdbm (1.26-r1)
installing libexpat1 (2.7.3-r0)
installing libffi (3.5.2-r1)
installing xz (5.8.2-r0)
installing libbz2-1 (1.0.8-r21)
installing libuuid (2.41.3-r0)
installing sqlite-libs (3.51.1-r0)
installing py3-pip-wheel (25.3-r3)
installing libcrypto3 (3.6.0-r6)
installing libssl3 (3.6.0-r6)
installing python-3.13-base (3.13.11-r2)
installing python-3.13 (3.13.11-r2)
installing k8s-sidecar (2.2.3-r0)
installing apk-tools (2.14.10-r9)
installing bash (5.3-r3)
installing posix-libc-utils (2.42-r4)
installing libcrypt1 (2.42-r4)
installing busybox (1.37.0-r50)
installing ldd-check (0.0.35-r1)
installing wolfi-keys (1-r12)
installing wolfi-base (1-r7)
layer digest: sha256:8806c6f169fd625ba952ae971cf1e16c44eaa2ece25c56d3a25cd1f7eb60a5b0
layer diffID: sha256:6066324eb720f587a62106f0883c557d28e597c50613a72a971f3c940fa64580
saving OCI image locally: apko.local/cache:5ac66c6b7d4f4f73620c416d83cc8de971e0335611dbf3331ba8a8e6635e43d6
tagging local image apko.local/cache:5ac66c6b7d4f4f73620c416d83cc8de971e0335611dbf3331ba8a8e6635e43d6 as index.docker.io/library/melange:latest
populating workspace /tmp/melange-workspace-1485881754 from k8s-sidecar
running the main test pipeline
{"time": "2026-01-06T16:25:28.900975+00:00", "level": "CRITICAL", "msg": "Should have added {LABEL} as environment variable! Exit"}
Charset-Normalizer 3.4.4 - Python 3.13.11 - Unicode 15.1.0 - SpeedUp ON
usage: normalizer [-h] [-v] [-a] [-n] [-m] [-r] [-f] [-i] [-t THRESHOLD]
[--version]
files [files ...]
The Real First Universal Charset Detector. Discover originating encoding used
on text file. Normalize text to unicode.
positional arguments:
files File(s) to be analysed
options:
-h, --help show this help message and exit
-v, --verbose Display complementary information about file if any.
Stdout will contain logs about the detection process.
-a, --with-alternative
Output complementary possibilities if any. Top-level
JSON WILL be a list.
-n, --normalize Permit to normalize input file. If not set, program
does not write anything.
-m, --minimal Only output the charset detected to STDOUT. Disabling
JSON output.
-r, --replace Replace file when trying to normalize it instead of
creating a new one.
-f, --force Replace file without asking if you are sure, use this
flag with caution.
-i, --no-preemptive Disable looking at a charset declaration to hint the
detector.
-t, --threshold THRESHOLD
Define a custom maximum amount of noise allowed in
decoded content. 0. <= noise <= 1.
--version Show version information and exit.
Usage: pyrsa-decrypt [options] private_key
Decrypts a file. The original file must be shorter than the key length in
order to have been encrypted.
Options:
-h, --help show this help message and exit
-i INPUT, --input=INPUT
Name of the file to decrypt. Reads from stdin if not
specified.
-o OUTPUT, --output=OUTPUT
Name of the file to write the decrypted file to.
Written to stdout if this option is not present.
--keyform=KEYFORM Key format of the private key - default PEM
Usage: pyrsa-encrypt [options] public_key
Encrypts a file. The file must be shorter than the key length in order to be
encrypted.
Options:
-h, --help show this help message and exit
-i INPUT, --input=INPUT
Name of the file to encrypt. Reads from stdin if not
specified.
-o OUTPUT, --output=OUTPUT
Name of the file to write the encrypted file to.
Written to stdout if this option is not present.
--keyform=KEYFORM Key format of the public key - default PEM
Usage: pyrsa-keygen [options] keysize
Generates a new RSA key pair of "keysize" bits.
Options:
-h, --help show this help message and exit
--pubout=PUBOUT Output filename for the public key. The public key is not
saved if this option is not present. You can use pyrsa-
priv2pub to create the public key file later.
-o OUT, --out=OUT Output filename for the private key. The key is written
to stdout if this option is not present.
--form=FORM key format of the private and public keys - default PEM
Usage: pyrsa-priv2pub [options]
Reads a private key and outputs the corresponding public key. Both private and
public keys use the format described in PKCS#1 v1.5
Options:
-h, --help show this help message and exit
-i INFILENAME, --input=INFILENAME
Input filename. Reads from stdin if not specified
-o OUTFILENAME, --output=OUTFILENAME
Output filename. Writes to stdout of not specified
--inform=INFORM key format of input - default PEM
--outform=OUTFORM key format of output - default PEM
Usage: pyrsa-sign [options] private_key hash_method
Signs a file, outputs the signature. Choose the hash method from MD5, SHA-1,
SHA-224, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512
Options:
-h, --help show this help message and exit
-i INPUT, --input=INPUT
Name of the file to sign. Reads from stdin if not
specified.
-o OUTPUT, --output=OUTPUT
Name of the file to write the signature to. Written to
stdout if this option is not present.
--keyform=KEYFORM Key format of the private key - default PEM
Usage: pyrsa-verify [options] public_key signature_file
Verifies a signature, exits with status 0 upon success, prints an error
message and exits with status 1 upon error.
Options:
-h, --help show this help message and exit
-i INPUT, --input=INPUT
Name of the file to verify. Reads from stdin if not
specified.
--keyform=KEYFORM Key format of the public key - default PEM
usage: wsdump [-h] [-p PROXY] [-v [VERBOSE]] [-n] [-r] [-s [SUBPROTOCOLS ...]]
[-o ORIGIN] [--eof-wait EOF_WAIT] [-t TEXT] [--timings]
[--headers HEADERS]
ws_url
WebSocket Simple Dump Tool
positional arguments:
ws_url websocket url. ex. ws://echo.websocket.events/
options:
-h, --help show this help message and exit
-p, --proxy PROXY proxy url. ex. http://127.0.0.1:8080
-v, --verbose [VERBOSE]
set verbose mode. If set to 1, show opcode. If set to
2, enable to trace websocket module
-n, --nocert Ignore invalid SSL cert
-r, --raw raw output
-s, --subprotocols [SUBPROTOCOLS ...]
Set subprotocols
-o, --origin ORIGIN Set origin
--eof-wait EOF_WAIT wait time(second) after 'EOF' received.
-t, --text TEXT Send initial text
--timings Print timings in seconds
--headers HEADERS Set custom headers. Use ',' as separator
running step "test/tw/ldd-check"
running step "check for missing library dependencies using ldd"
[ldd-check] Testing binaries in package k8s-sidecar
PASS[ldd-check]: /usr/lib/python3.13/site-packages/charset_normalizer/md.cpython-313-aarch64-linux-gnu.so
PASS[ldd-check]: /usr/lib/python3.13/site-packages/charset_normalizer/md__mypyc.cpython-313-aarch64-linux-gnu.so
PASS[ldd-check]: /usr/lib/python3.13/site-packages/pydantic_core/_pydantic_core.cpython-313-aarch64-linux-gnu.so
PASS[ldd-check]: /usr/lib/python3.13/site-packages/yaml/_yaml.cpython-313-aarch64-linux-gnu.so
INFO[ldd-check]: tested 4 files with ldd. 4 passes. 0 fails.
pod 99ed3181d993e7612c027e2d13dd8b1f9356e83b6a6341c0d6306de08fd5a132 terminated
tests completed successfully
all tests passed
Indexes
https://apk.cgr.dev/chainguard-2.28-presubmit/e6e7e588196608991594f9abca248ac645b698d4
Packages
- ✅ k8s-sidecar (success | 36s | x86_64 logs | aarch64 logs)
Tests
- ✅ k8s-sidecar (success | 40s | x86_64 logs | aarch64 logs)
More Observability
Command
cg build log \
--build-id ca67ad61-67cc-4e12-b462-2afe1ea87f76 \
--project prod-eco-8de7 \
--cluster elastic-pre \
--namespace pre-eco-2-28 \
--start 2026-01-06T16:20:23Z \
--end 2026-01-06T16:35:55Z
Loading