Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package melange for openSUSE:Factory checked
in at 2024-11-02 16:12:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/melange (Old)
and /work/SRC/openSUSE:Factory/.melange.new.2020 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "melange"
Sat Nov 2 16:12:01 2024 rev:39 rq:1220163 version:0.15.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/melange/melange.changes 2024-10-30
17:35:24.066682036 +0100
+++ /work/SRC/openSUSE:Factory/.melange.new.2020/melange.changes
2024-11-02 16:12:11.852299939 +0100
@@ -1,0 +2,22 @@
+Sat Nov 02 08:22:10 UTC 2024 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.15.0:
+ * feat(qemu): fix qemu command on cross-compilation cases
+ * update docs
+ * feat(qemu): add flag to specify cpu model to use, useful for
+ cases where /dev/kvm is not available
+ * fix(qemu): remove ssh ignoreHostKey, set an host-key retrieval
+ step, then use host key verification for all successive
+ commands
+ * fix linting
+ * fix(qemu): improve error when not finding a suitable kernel
+ image
+ * fix(qemu): use net.Listen to find open port, simplify random
+ port logic
+ * fix(qemu): use package go-shellquote and simplify cmd handling
+ * fix(qemu): use package go-shellquote and simplify cmd handling
+ * fix(qemu): specify KVM accelleration on linux, use only if
+ /dev/kvm is present
+ * fix(qemu): fix typos
+
+-------------------------------------------------------------------
Old:
----
melange-0.14.11.obscpio
New:
----
melange-0.15.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ melange.spec ++++++
--- /var/tmp/diff_new_pack.Sn1KAa/_old 2024-11-02 16:12:12.720335975 +0100
+++ /var/tmp/diff_new_pack.Sn1KAa/_new 2024-11-02 16:12:12.724336142 +0100
@@ -17,7 +17,7 @@
Name: melange
-Version: 0.14.11
+Version: 0.15.0
Release: 0
Summary: Build APKs from source code
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.Sn1KAa/_old 2024-11-02 16:12:12.764337802 +0100
+++ /var/tmp/diff_new_pack.Sn1KAa/_new 2024-11-02 16:12:12.768337968 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/chainguard-dev/melange</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.14.11</param>
+ <param name="revision">v0.15.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Sn1KAa/_old 2024-11-02 16:12:12.792338964 +0100
+++ /var/tmp/diff_new_pack.Sn1KAa/_new 2024-11-02 16:12:12.796339130 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/chainguard-dev/melange</param>
- <param
name="changesrevision">7af591847a044b2eb12246dcabf1f4e5346cd9ea</param></service></servicedata>
+ <param
name="changesrevision">e1fb07674e1d11b0691011c29cc256a2b4e88e5f</param></service></servicedata>
(No newline at EOF)
++++++ melange-0.14.11.obscpio -> melange-0.15.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.14.11/docs/md/melange_build.md
new/melange-0.15.0/docs/md/melange_build.md
--- old/melange-0.14.11/docs/md/melange_build.md 2024-10-28
17:38:43.000000000 +0100
+++ new/melange-0.15.0/docs/md/melange_build.md 2024-11-01 20:03:52.000000000
+0100
@@ -36,6 +36,7 @@
--cache-source string directory or
bucket used for preloading the cache
--cleanup when enabled,
the temp dir used for the guest will be cleaned up after completion (default
true)
--cpu string default CPU
resources to use for builds
+ --cpumodel string default memory
resources to use for builds (default "host")
--create-build-log creates a
package.log file containing a list of packages that were built by the command
--debug enables debug
logging of build pipelines
--debug-runner when enabled,
the builder pod will persist after the build succeeds or fails
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.14.11/go.mod new/melange-0.15.0/go.mod
--- old/melange-0.14.11/go.mod 2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/go.mod 2024-11-01 20:03:52.000000000 +0100
@@ -3,7 +3,6 @@
go 1.23.2
require (
- al.essio.dev/pkg/shellescape v1.5.1
chainguard.dev/apko v0.19.4
cloud.google.com/go/storage v1.45.0
dagger.io/dagger v0.13.6
@@ -22,6 +21,7 @@
github.com/ijt/goparsify v0.0.0-20221203142333-3a5276334b8d
github.com/invopop/jsonschema v0.12.0
github.com/joho/godotenv v1.5.1
+ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
github.com/klauspost/compress v1.17.11
github.com/klauspost/pgzip v1.2.6
github.com/kubescape/go-git-url v0.0.30
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.14.11/go.sum new/melange-0.15.0/go.sum
--- old/melange-0.14.11/go.sum 2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/go.sum 2024-11-01 20:03:52.000000000 +0100
@@ -1,5 +1,3 @@
-al.essio.dev/pkg/shellescape v1.5.1
h1:86HrALUujYS/h+GtqoB26SBEdkWfmMI6FubjXlsXyho=
-al.essio.dev/pkg/shellescape v1.5.1/go.mod
h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890=
cel.dev/expr v0.16.1 h1:NR0+oFYzR1CqLFhTAqg3ql59G9VfN8fKq1TCHJ6gq1g=
cel.dev/expr v0.16.1/go.mod h1:AsGA5zb3WruAEQeQng1RZdGEXmBj0jvMWh6l5SnNuC8=
chainguard.dev/apko v0.19.4 h1:ce01FSWOKiVk2+3d4BDol/AiOqnUQLaq121XrlcWn1M=
@@ -310,6 +308,8 @@
github.com/joho/godotenv v1.5.1/go.mod
h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
github.com/josharian/intern v1.0.0
h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod
h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod
h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
github.com/kelseyhightower/envconfig v1.4.0
h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
github.com/kelseyhightower/envconfig v1.4.0/go.mod
h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
github.com/kevinburke/ssh_config v1.2.0
h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.14.11/pkg/build/build.go
new/melange-0.15.0/pkg/build/build.go
--- old/melange-0.14.11/pkg/build/build.go 2024-10-28 17:38:43.000000000
+0100
+++ new/melange-0.15.0/pkg/build/build.go 2024-11-01 20:03:52.000000000
+0100
@@ -112,6 +112,7 @@
Remove bool
LintRequire, LintWarn []string
DefaultCPU string
+ DefaultCPUModel string
DefaultDisk string
DefaultMemory string
DefaultTimeout time.Duration
@@ -198,6 +199,7 @@
config.WithEnvFileForParsing(b.EnvFile),
config.WithVarsFileForParsing(b.VarsFile),
config.WithDefaultCPU(b.DefaultCPU),
+ config.WithDefaultCPUModel(b.DefaultCPUModel),
config.WithDefaultDisk(b.DefaultDisk),
config.WithDefaultMemory(b.DefaultMemory),
config.WithDefaultTimeout(b.DefaultTimeout),
@@ -770,7 +772,7 @@
log.Infof("empty workspace requested")
} else {
// Prepare workspace directory
- if err := os.MkdirAll(b.WorkspaceDir, 0755); err != nil {
+ if err := os.MkdirAll(b.WorkspaceDir, 0o755); err != nil {
return fmt.Errorf("mkdir -p %s: %w", b.WorkspaceDir,
err)
}
@@ -789,7 +791,7 @@
if !b.isBuildLess() {
// Prepare guest directory
- if err := os.MkdirAll(b.GuestDir, 0755); err != nil {
+ if err := os.MkdirAll(b.GuestDir, 0o755); err != nil {
return fmt.Errorf("mkdir -p %s: %w", b.GuestDir, err)
}
@@ -1002,7 +1004,7 @@
func (b Build) writeSBOM(pkgName string, doc *spdx.Document) error {
apkFSPath := filepath.Join(b.WorkspaceDir, melangeOutputDirName,
pkgName)
sbomDirPath := filepath.Join(apkFSPath, "/var/lib/db/sbom")
- if err := os.MkdirAll(sbomDirPath, os.FileMode(0755)); err != nil {
+ if err := os.MkdirAll(sbomDirPath, os.FileMode(0o755)); err != nil {
return fmt.Errorf("creating SBOM directory: %w", err)
}
@@ -1121,6 +1123,7 @@
if b.Configuration.Package.Resources != nil {
cfg.CPU = b.Configuration.Package.Resources.CPU
+ cfg.CPUModel = b.Configuration.Package.Resources.CPUModel
cfg.Memory = b.Configuration.Package.Resources.Memory
cfg.Disk = b.Configuration.Package.Resources.Disk
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.14.11/pkg/build/options.go
new/melange-0.15.0/pkg/build/options.go
--- old/melange-0.14.11/pkg/build/options.go 2024-10-28 17:38:43.000000000
+0100
+++ new/melange-0.15.0/pkg/build/options.go 2024-11-01 20:03:52.000000000
+0100
@@ -351,6 +351,13 @@
}
}
+func WithCPUModel(cpumodel string) Option {
+ return func(b *Build) error {
+ b.DefaultCPUModel = cpumodel
+ return nil
+ }
+}
+
func WithDisk(disk string) Option {
return func(b *Build) error {
b.DefaultDisk = disk
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.14.11/pkg/cli/build.go
new/melange-0.15.0/pkg/cli/build.go
--- old/melange-0.14.11/pkg/cli/build.go 2024-10-28 17:38:43.000000000
+0100
+++ new/melange-0.15.0/pkg/cli/build.go 2024-11-01 20:03:52.000000000 +0100
@@ -71,7 +71,7 @@
var interactive bool
var remove bool
var runner string
- var cpu, memory, disk string
+ var cpu, cpumodel, memory, disk string
var timeout time.Duration
var extraPackages []string
var libc string
@@ -182,6 +182,7 @@
build.WithLintRequire(lintRequire),
build.WithLintWarn(lintWarn),
build.WithCPU(cpu),
+ build.WithCPUModel(cpumodel),
build.WithDisk(disk),
build.WithMemory(memory),
build.WithTimeout(timeout),
@@ -250,6 +251,7 @@
cmd.Flags().BoolVarP(&interactive, "interactive", "i", false, "when
enabled, attaches stdin with a tty to the pod on failure")
cmd.Flags().BoolVar(&remove, "rm", true, "clean up intermediate
artifacts (e.g. container images, temp dirs)")
cmd.Flags().StringVar(&cpu, "cpu", "", "default CPU resources to use
for builds")
+ cmd.Flags().StringVar(&cpumodel, "cpumodel", "host", "default memory
resources to use for builds")
cmd.Flags().StringVar(&disk, "disk", "", "disk size to use for builds")
cmd.Flags().StringVar(&memory, "memory", "", "default memory resources
to use for builds")
cmd.Flags().DurationVar(&timeout, "timeout", 0, "default timeout for
builds")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.14.11/pkg/config/config.go
new/melange-0.15.0/pkg/config/config.go
--- old/melange-0.14.11/pkg/config/config.go 2024-10-28 17:38:43.000000000
+0100
+++ new/melange-0.15.0/pkg/config/config.go 2024-11-01 20:03:52.000000000
+0100
@@ -123,9 +123,10 @@
}
type Resources struct {
- CPU string `json:"cpu,omitempty" yaml:"cpu,omitempty"`
- Memory string `json:"memory,omitempty" yaml:"memory,omitempty"`
- Disk string `json:"disk,omitempty" yaml:"disk,omitempty"`
+ CPU string `json:"cpu,omitempty" yaml:"cpu,omitempty"`
+ CPUModel string `json:"cpumodel,omitempty" yaml:"cpumodel,omitempty"`
+ Memory string `json:"memory,omitempty" yaml:"memory,omitempty"`
+ Disk string `json:"disk,omitempty" yaml:"disk,omitempty"`
}
// PackageURL returns the package URL ("purl") for the APK (origin) package.
@@ -882,11 +883,11 @@
type ConfigurationParsingOption func(*configOptions)
type configOptions struct {
- filesystem fs.FS
- envFilePath string
- cpu, memory, disk string
- timeout time.Duration
- commit string
+ filesystem fs.FS
+ envFilePath string
+ cpu, cpumodel, memory, disk string
+ timeout time.Duration
+ commit string
varsFilePath string
}
@@ -911,6 +912,12 @@
}
}
+func WithDefaultCPUModel(cpumodel string) ConfigurationParsingOption {
+ return func(options *configOptions) {
+ options.cpumodel = cpumodel
+ }
+}
+
func WithDefaultDisk(disk string) ConfigurationParsingOption {
return func(options *configOptions) {
options.disk = disk
@@ -1408,6 +1415,9 @@
if options.cpu != "" {
cfg.Package.Resources.CPU = options.cpu
}
+ if options.cpumodel != "" {
+ cfg.Package.Resources.CPUModel = options.cpumodel
+ }
if options.memory != "" {
cfg.Package.Resources.Memory = options.memory
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.14.11/pkg/container/config.go
new/melange-0.15.0/pkg/container/config.go
--- old/melange-0.14.11/pkg/container/config.go 2024-10-28 17:38:43.000000000
+0100
+++ new/melange-0.15.0/pkg/container/config.go 2024-11-01 20:03:52.000000000
+0100
@@ -43,18 +43,19 @@
}
type Config struct {
- PackageName string
- Mounts []BindMount
- Capabilities Capabilities
- Environment map[string]string
- ImgRef string
- PodID string
- Arch apko_types.Architecture
- RunAs string
- WorkspaceDir string
- CPU, Memory string
- SSHKey []byte
- SSHAddress string
- Disk string
- Timeout time.Duration
+ PackageName string
+ Mounts []BindMount
+ Capabilities Capabilities
+ Environment map[string]string
+ ImgRef string
+ PodID string
+ Arch apko_types.Architecture
+ RunAs string
+ WorkspaceDir string
+ CPU, CPUModel, Memory string
+ SSHKey []byte
+ SSHAddress string
+ SSHHostKey string
+ Disk string
+ Timeout time.Duration
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.14.11/pkg/container/qemu_runner.go
new/melange-0.15.0/pkg/container/qemu_runner.go
--- old/melange-0.14.11/pkg/container/qemu_runner.go 2024-10-28
17:38:43.000000000 +0100
+++ new/melange-0.15.0/pkg/container/qemu_runner.go 2024-11-01
20:03:52.000000000 +0100
@@ -37,7 +37,6 @@
"strings"
"time"
- "al.essio.dev/pkg/shellescape"
apko_build "chainguard.dev/apko/pkg/build"
apko_types "chainguard.dev/apko/pkg/build/types"
apko_cpio "chainguard.dev/apko/pkg/cpio"
@@ -45,8 +44,10 @@
"github.com/chainguard-dev/clog"
v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/tarball"
+ "github.com/kballard/go-shellquote"
"go.opentelemetry.io/otel"
"golang.org/x/crypto/ssh"
+ "golang.org/x/crypto/ssh/knownhosts"
)
var _ Debugger = (*qemu)(nil)
@@ -54,9 +55,7 @@
const QemuName = "qemu"
const (
- defaultDiskSize = "50Gi"
- SSHPortRangeStart = 10000
- SSHPortRangeEnd = 50000
+ defaultDiskSize = "50Gi"
)
type qemu struct{}
@@ -166,7 +165,7 @@
ctx, span := otel.Tracer("melange").Start(ctx, "qemu.StartPod")
defer span.End()
- port, err := randpomPortN()
+ port, err := randomPortN()
if err != nil {
return err
}
@@ -183,6 +182,7 @@
defer span.End()
defer os.Remove(cfg.ImgRef)
defer os.Remove(cfg.Disk)
+ defer os.Remove(cfg.SSHHostKey)
clog.FromContext(ctx).Info("qemu: sending shutdown signal")
err := sendSSHCommand(ctx,
@@ -254,7 +254,8 @@
// create an initramfs from the layer
guestInitramfs, err := os.CreateTemp("",
"melange-guest-*.initramfs.cpio")
if err != nil {
- return ref, fmt.Errorf("failed to create guest dir: %w", err)
+ clog.FromContext(ctx).Errorf("failed to create guest dir: %v",
err)
+ return ref, err
}
// in case of some kernel images, we also need the /lib/modules
directory to load
@@ -273,7 +274,8 @@
err = apko_cpio.FromLayer(layer, guestInitramfs)
if err != nil {
- return ref, fmt.Errorf("failed to create cpio initramfs: %w",
err)
+ clog.FromContext(ctx).Errorf("failed to create cpio initramfs:
%v", err)
+ return ref, err
}
return guestInitramfs.Name(), nil
@@ -308,7 +310,7 @@
"/usr/share/qemu/bios-microvm.bin",
"/usr/share/seabios/bios-microvm.bin",
} {
- if _, err := os.Stat(p); err == nil {
+ if _, err := os.Stat(p); err == nil && cfg.Arch.ToAPK() !=
"aarch64" {
// only enable pcie for network, enable RTC for kernel,
disable i8254PIT, i8259PIC and serial port
baseargs = append(baseargs, "-machine",
"microvm,rtc=on,pcie=on,pit=off,pic=off,isa-serial=off")
baseargs = append(baseargs, "-bios", p)
@@ -320,6 +322,11 @@
// we need to fallback to -machine virt, if not machine has been
specified
if !microvm {
baseargs = append(baseargs, "-machine", "virt")
+ if cfg.Arch.ToAPK() !=
apko_types.ParseArchitecture(runtime.GOARCH).ToAPK() {
+ baseargs = append(baseargs, "-machine",
"virt,virtualization=true")
+ } else if _, err := os.Stat("/dev/kvm"); err == nil {
+ baseargs = append(baseargs, "-machine", "virt")
+ }
}
baseargs = append(baseargs, "-kernel", kernelPath)
@@ -350,12 +357,21 @@
// use kvm on linux, and Hypervisor.framework on macOS
if runtime.GOOS == "linux" {
- baseargs = append(baseargs, "-enable-kvm")
+ if cfg.Arch.ToAPK() !=
apko_types.ParseArchitecture(runtime.GOARCH).ToAPK() {
+ baseargs = append(baseargs, "-accel",
"tcg,thread=multi")
+ } else if _, err := os.Stat("/dev/kvm"); err == nil {
+ baseargs = append(baseargs, "-accel", "kvm")
+ }
} else if runtime.GOOS == "darwin" {
baseargs = append(baseargs, "-accel", "hvf")
}
- baseargs = append(baseargs, "-cpu", "host")
+ if cfg.CPUModel != "" {
+ baseargs = append(baseargs, "-cpu", cfg.CPUModel)
+ } else {
+ baseargs = append(baseargs, "-cpu", "host")
+ }
+
baseargs = append(baseargs, "-daemonize")
// ensure we disable unneeded devices, this is less needed if we use
microvm machines
// but still useful otherwise
@@ -427,6 +443,7 @@
break
}
try++
+ time.Sleep(time.Millisecond * 200)
}
if try >= retries {
// ensure cleanup of resources
@@ -435,6 +452,11 @@
return fmt.Errorf("qemu: could not start VM, timeout reached")
}
+ err = getHostKey(ctx, cfg)
+ if err != nil {
+ return fmt.Errorf("qemu: could not get VM host key")
+ }
+
// default to root user but if a different user is specified
// we will use the embedded build:1000:1000 user
user := "root"
@@ -464,6 +486,8 @@
clog.FromContext(ctx).Infof("qemu: local
QEMU_KERNEL_IMAGE file detected, using: %s", kernelVar)
kernel = kernelVar
}
+ } else if _, err := os.Stat(kernel); err != nil {
+ return "", "", fmt.Errorf("qemu: /boot/vmlinuz not found,
specify a kernel path with env variable QEMU_KERNEL_IMAGE and
QEMU_KERNEL_MODULES if needed")
}
return kernel, cfg.ImgRef, nil
@@ -610,6 +634,59 @@
return nil
}
+func getHostKey(ctx context.Context, cfg *Config) error {
+ var hostKey ssh.PublicKey
+
+ signer, err := ssh.ParsePrivateKey(cfg.SSHKey)
+ if err != nil {
+ clog.FromContext(ctx).Errorf("Unable to parse private key: %v",
err)
+ return err
+ }
+
+ // Create SSH client configuration
+ config := &ssh.ClientConfig{
+ User: "build",
+ Auth: []ssh.AuthMethod{
+ ssh.PublicKeys(signer),
+ },
+ Config: ssh.Config{
+ Ciphers: []string{"aes128-ctr"},
+ },
+ HostKeyCallback: func(hostname string, remote net.Addr, key
ssh.PublicKey) error {
+ hostKey = key
+ return nil // Accept the host key for the purpose of
retrieving it
+ },
+ }
+
+ // Connect to the SSH server
+ client, err := ssh.Dial("tcp", cfg.SSHAddress, config)
+ if err != nil {
+ clog.FromContext(ctx).Errorf("Failed to dial: %s", err)
+ return err
+ }
+ defer client.Close()
+
+ // Write the host key to the known_hosts file
+ hostKeyLine := fmt.Sprintf("%s %s %s\n", cfg.SSHAddress,
hostKey.Type(), base64.StdEncoding.EncodeToString(hostKey.Marshal()))
+ clog.FromContext(ctx).Infof("host-key: %s", hostKeyLine)
+
+ knownHost, err := os.CreateTemp("", "known_hosts_*")
+ if err != nil {
+ clog.FromContext(ctx).Errorf("host-key fetch - failed to create
random known_hosts file: %v", err)
+ return err
+ }
+ defer knownHost.Close()
+
+ cfg.SSHHostKey = knownHost.Name()
+
+ _, err = knownHost.Write([]byte(hostKeyLine))
+ if err != nil {
+ clog.FromContext(ctx).Errorf("host-key fetch - failed to write
to known_hosts file: %v", err)
+ return err
+ }
+ return nil
+}
+
func sendSSHCommand(ctx context.Context, user, address string,
cfg *Config, extraVars map[string]string,
stdin io.Reader, stderr, stdout io.Writer,
@@ -621,6 +698,12 @@
return err
}
+ hostKeyCallback, err := knownhosts.New(cfg.SSHHostKey)
+ if err != nil {
+ clog.FromContext(ctx).Errorf("could not create hostkeycallback
function: %v", err)
+ return err
+ }
+
// Create SSH client configuration
config := &ssh.ClientConfig{
User: user,
@@ -630,7 +713,7 @@
Config: ssh.Config{
Ciphers: []string{"aes128-ctr"},
},
- HostKeyCallback: ssh.InsecureIgnoreHostKey(), // equivalent to
StrictHostKeyChecking=no
+ HostKeyCallback: hostKeyCallback,
}
// Connect to the SSH server
@@ -681,15 +764,9 @@
}
}
- b64cmd :=
base64.StdEncoding.EncodeToString([]byte(shellescape.QuoteCommand(command)))
- cmd := strings.Join(
- []string{
- "_c=$(echo " + b64cmd + "| base64 -d) || exit 97",
- "eval set -- \"$_c\" || exit 98",
- "exec \"$@\"",
- }, " ;")
+ cmd := shellquote.Join(command...)
- clog.FromContext(ctx).Infof("running (%d) %v", len(command), command)
+ clog.FromContext(ctx).Infof("running (%d) %v", len(command), cmd)
err = session.Run(cmd)
if err != nil {
clog.FromContext(ctx).Errorf("Failed to run command %v: %s",
command, err)
@@ -801,15 +878,12 @@
return mem
}
-func randpomPortN() (int, error) {
- for port := SSHPortRangeStart; port <= SSHPortRangeEnd; port++ {
- address := fmt.Sprintf("localhost:%d", port)
- listener, err := net.Listen("tcp", address)
- if err == nil {
- listener.Close()
- return port, nil
- }
+func randomPortN() (int, error) {
+ l, err := net.Listen("tcp", "localhost:0")
+ if err != nil {
+ return 0, fmt.Errorf("no open port found")
}
+ defer l.Close()
- return 0, fmt.Errorf("no open port found in range %d-%d",
SSHPortRangeStart, SSHPortRangeEnd)
+ return l.Addr().(*net.TCPAddr).Port, nil
}
++++++ melange.obsinfo ++++++
--- /var/tmp/diff_new_pack.Sn1KAa/_old 2024-11-02 16:12:13.164354408 +0100
+++ /var/tmp/diff_new_pack.Sn1KAa/_new 2024-11-02 16:12:13.168354575 +0100
@@ -1,5 +1,5 @@
name: melange
-version: 0.14.11
-mtime: 1730133523
-commit: 7af591847a044b2eb12246dcabf1f4e5346cd9ea
+version: 0.15.0
+mtime: 1730487832
+commit: e1fb07674e1d11b0691011c29cc256a2b4e88e5f
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/melange/vendor.tar.gz
/work/SRC/openSUSE:Factory/.melange.new.2020/vendor.tar.gz differ: char 5, line
1
