Merge remote-tracking branch 'origin/main' into feat/openbao-current-…

…builddate
wolfi-dev · Oct 9, 2024 · 07b6684 · 07b6684
2 parents 17e599a + c337404
commit 07b6684
Show file tree

Hide file tree

Showing 91 changed files with 4,379 additions and 1,282 deletions.
diff --git a/.github/actions/docker-run/action.yaml b/.github/actions/docker-run/action.yaml
@@ -6,7 +6,7 @@ inputs:
  required: true
  image:
  description: "The image to use"
- default: "ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5"
+ default: "ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8"
  required: false
  workdir:
  description: "The images working directory"

diff --git a/.github/workflows/build-beta.yaml b/.github/workflows/build-beta.yaml
@@ -152,7 +152,7 @@ jobs:
 
  container:
  # NOTE: This step only signs and uploads, so it doesn't need any privileges
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
 
  steps:
  - name: Harden Runner

diff --git a/.github/workflows/build-old.yaml b/.github/workflows/build-old.yaml
@@ -26,7 +26,7 @@ jobs:
  contents: read
 
  container:
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
  # TODO: Deprivilege
  options: |
  --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -139,7 +139,7 @@ jobs:
 
  container:
  # NOTE: This step only signs and uploads, so it doesn't need any privileges
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
 
  steps:
  - name: Harden Runner
@@ -262,7 +262,7 @@ jobs:
 
  container:
  # NOTE: This step only signs and uploads, so it doesn't need any privileges
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
 
  steps:
  - name: Harden Runner

diff --git a/.github/workflows/build-world.yaml b/.github/workflows/build-world.yaml
@@ -27,7 +27,7 @@ jobs:
  # permissions:
 
  container:
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
  # TODO: Deprivilege
  options: |
  --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -29,7 +29,7 @@ jobs:
  contents: read
 
  container:
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
  # TODO: Deprivilege
  options: |
  --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -175,7 +175,7 @@ jobs:
 
  container:
  # NOTE: This step only signs and uploads, so it doesn't need any privileges
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
 
  steps:
  - name: Harden Runner
@@ -303,7 +303,7 @@ jobs:
 
  container:
  # NOTE: This step only signs and uploads, so it doesn't need any privileges
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
 
  steps:
  - name: Harden Runner

diff --git a/.github/workflows/lint-world.yaml b/.github/workflows/lint-world.yaml
@@ -32,7 +32,7 @@ jobs:
  group: wolfi-os-builder-${{ matrix.arch }}
 
  container:
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
 
  steps:
  - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

diff --git a/.github/workflows/postsubmit-bundle-build.yaml b/.github/workflows/postsubmit-bundle-build.yaml
@@ -30,7 +30,7 @@ jobs:
 
  runs-on: ubuntu-latest
  container:
- image: ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ image: ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
 
  permissions:
  id-token: write
@@ -114,7 +114,7 @@ jobs:
  )
 
  BUNDLE=$(wolfictl bundle \
- --bundle-base ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5 \
+ --bundle-base ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8 \
  --bundle-repo "${BUNDLE_REPO}" \
  ${COMMON_FLAGS} \
  --runner bubblewrap \

diff --git a/Makefile b/Makefile
@@ -141,7 +141,7 @@ dev-container:
  -v "${PWD}:${PWD}" \
  -w "${PWD}" \
  -e SOURCE_DATE_EPOCH=0 \
- ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
 
 PACKAGES_CONTAINER_FOLDER ?= /work/packages
 # This target spins up a docker container that is helpful for testing local
@@ -208,6 +208,6 @@ dev-container-wolfi:
  --mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \
  --mount type=bind,source="$(TMP_REPOS_FILE)",destination="/etc/apk/repositories",readonly \
  -w "$(PACKAGES_CONTAINER_FOLDER)" \
- ghcr.io/wolfi-dev/sdk:latest@sha256:41afbe0864023cc9fb7dda378e831fcb4ae56b88fb36475a4e28a5555c0f71a5
+ ghcr.io/wolfi-dev/sdk:latest@sha256:16e05ea526a250ddb3e24167ecc6494b29961d0e5fc02b716b9eea31e82439f8
  @rm "$(TMP_REPOS_FILE)"
  @rmdir "$(TMP_REPOS_DIR)"
diff --git a/cert-manager-1.16.yaml b/cert-manager-1.16.yaml
@@ -1,8 +1,8 @@
 package:
  name: cert-manager-1.16
  # See https://cert-manager.io/docs/installation/supported-releases/ for upstream-supported versions
- version: 1.16.0
- epoch: 1
+ version: 1.16.1
+ epoch: 0
  description: Automatically provision and manage TLS certificates in Kubernetes
  copyright:
  - license: Apache-2.0
@@ -26,7 +26,7 @@ pipeline:
  with:
  repository: https://github.com/cert-manager/cert-manager
  tag: v${{package.version}}
- expected-commit: 67c897d068cf4602a62370f4152eeccfdd108b61
+ expected-commit: ff50c068fd1942419fcce05131d3200a7641cc50
 
  # the makefile hardcodes the requirement for some container runtime (CTR), even when we don't need it
  # to workaround, set CTR to anything $(command -v)able
@@ -106,12 +106,13 @@ test:
  controller --help
  startupapicheck --help
  webhook --help
- acmesolver-linux-amd64 --help
- cainjector-linux-amd64 --help
- controller-linux-amd64 --help
- startupapicheck-linux-amd64 -v
- startupapicheck-linux-amd64 --help
- webhook-linux-amd64 --help
+ arch=$(uname -m | sed -e "s/x86_64/amd64/" -e "s/aarch64/arm64/")
+ acmesolver-linux-$arch --help
+ cainjector-linux-$arch --help
+ controller-linux-$arch --help
+ startupapicheck-linux-$arch -v
+ startupapicheck-linux-$arch --help
+ webhook-linux-$arch --help
 
 update:
  enabled: true

diff --git a/cloudnative-pg.yaml b/cloudnative-pg.yaml
@@ -59,5 +59,6 @@ test:
  manager_${{build.goarch}} version | grep "${{package.version}}"
  /manager version | grep "${{package.version}}"
  /manager debug show-architectures | grep ${{build.goarch}}
- manager_amd64 version
- manager_amd64 --help
+ arch=$(uname -m | sed -e "s/x86_64/amd64/" -e "s/aarch64/arm64/")
+ manager_$arch version
+ manager_$arch --help
diff --git a/confluent-kafka.yaml b/confluent-kafka.yaml
@@ -8,7 +8,7 @@ package:
  # with the `version:` field.
  # 2. Created a new variable `mangled-package-version` to append `-ccs` to the
  # version.
- version: 7.9.0.82
+ version: 8.0.0.2
  epoch: 0
  description: Community edition of Confluent Kafka.
  copyright:
@@ -34,6 +34,8 @@ environment:
  - gradle
  - openjdk-11
  - sbt
+ environment:
+ JAVA_HOME: /usr/lib/jvm/java-11-openjdk
 
 var-transforms:
  - from: ${{package.version}}
@@ -44,7 +46,7 @@ var-transforms:
 pipeline:
  - uses: git-checkout
  with:
- expected-commit: cbc25f70cb7fe8a4c54933db073a131384438bdb
+ expected-commit: d93667803acda10900d7ffa6d21e612cd6e0c50e
  repository: https://github.com/confluentinc/kafka
  tag: v${{vars.mangled-package-version}}
 
@@ -94,9 +96,12 @@ update:
  enabled: true
  git:
  strip-prefix: v
- strip-suffix: -css
+ strip-suffix: -ccs
  ignore-regex-patterns:
  - -rc.*
+ version-transform:
+ - match: ^(\d+\.\d+\.\d+)\-(\d+)$
+ replace: $1.$2
 
 test:
  pipeline:

diff --git a/cosign.yaml b/cosign.yaml
@@ -51,7 +51,8 @@ test:
  cosign --help
  - name: Get an attestation and test
  runs: |
- cosign download attestation --platform=linux/amd64 \
+ arch=$(uname -m | sed -e "s/x86_64/amd64/" -e "s/aarch64/arm64/")
+ cosign download attestation --platform=linux/$arch \
  --predicate-type=https://spdx.dev/Document \
  chainguard/curl | jq -r .payload | base64 -d | jq .predicate
 

diff --git a/dpkg.yaml b/dpkg.yaml
@@ -126,10 +126,11 @@ test:
  mkdir -p test/data
  echo "brew" > test/data/homebrew.txt
  mkdir -p test/DEBIAN
+ arch=$(uname -m | sed -e "s/x86_64/amd64/" -e "s/aarch64/arm64/")
  cat <<EOF > test/DEBIAN/control
  Package: test
  Version: 1.40.99
- Architecture: amd64
+ Architecture: $arch
  Description: I am a test
  Maintainer: Dpkg Developers <[email protected]>
 

diff --git a/execline.yaml b/execline.yaml
@@ -1,7 +1,7 @@
 package:
  name: execline
- version: 2.9.6.0
- epoch: 1
+ version: 2.9.6.1
+ epoch: 0
  description: "a small scripting language intended to be an alternative to shell scripting"
  copyright:
  - license: ISC
@@ -20,7 +20,7 @@ pipeline:
  with:
  repository: git://git.skarnet.org/execline
  tag: v${{package.version}}
- expected-commit: 48ebde9a5ea2a5a96f438b1bc9a19cd3bcb96f8c
+ expected-commit: 32ed930a967c83c5b683d1d22c286b46a9f792ea
 
  - name: Configure
  runs: |

diff --git a/gitlab-pages-17.4.yaml b/gitlab-pages-17.4.yaml
@@ -1,6 +1,6 @@
 package:
  name: gitlab-pages-17.4
- version: 17.4.1
+ version: 17.4.2
  epoch: 0
  description: GitLab Pages daemon used to serve static websites for GitLab users.
  copyright:
@@ -20,7 +20,7 @@ pipeline:
  with:
  repository: https://gitlab.com/gitlab-org/gitlab-pages.git
  tag: v${{package.version}}
- expected-commit: 1a5ebda50db9b91712526b31f3ab271218f6f850
+ expected-commit: b80b8bb6d3f1f0c2ddfab5a571873d898e3ae523
 
  - uses: go/build
  with:

diff --git a/logstash.yaml → logstash-8.yaml b/logstash.yaml → logstash-8.yaml
@@ -15,15 +15,16 @@
 # 2. If the plugin is not a default plugin, do the same as above, but in a
 # subpackage to be installed separately.
 package:
- name: logstash
+ name: logstash-8
  version: 8.15.2
- epoch: 1
+ epoch: 2
  description: Logstash - transport and process your logs, events, or other data
  copyright:
  - license: Apache-2.0
  dependencies:
  provides:
  - ${{package.name}}-base=${{package.full-version}}
+ - logstash=${{package.full-version}}
  runtime:
  - bash # some helper scripts use bash and busybox utilities
  - busybox

diff --git a/logstash/create_archive_pack.patch → logstash-8/create_archive_pack.patch b/logstash/create_archive_pack.patch → logstash-8/create_archive_pack.patch
diff --git a/...sh/test/logstash-filter-xml/logstash.conf → ...-8/test/logstash-filter-xml/logstash.conf b/...sh/test/logstash-filter-xml/logstash.conf → ...-8/test/logstash-filter-xml/logstash.conf
diff --git a/logstash/test/logstash-filter-xml/test.xml → logstash-8/test/logstash-filter-xml/test.xml b/logstash/test/logstash-filter-xml/test.xml → logstash-8/test/logstash-filter-xml/test.xml
diff --git a/pipelines/py/one-python.yaml b/pipelines/py/one-python.yaml
@@ -0,0 +1,66 @@
+name: Run some stuff with just one python - do not worry about the name
+
+needs:
+ packages:
+ - busybox
+
+inputs:
+ content:
+ description: |
+ what do you want to run. content will be written to file and executed.
+ If it has a shbang (#!) then it will be honored. 
+ Otherwise use '#!/bin/sh -e'
+ required: true
+
+pipeline:
+ - name: "run content"
+ runs: |
+ set +x
+ tmpd=$(mktemp -d) || { echo "failed mktemp"; exit 1; }
+ trap "rm -Rf $tmpd" EXIT
+
+ cat > "$tmpd/runner.dist" <<"END_ONE_PYTHON_CONTENT"
+ ${{inputs.content}}
+ END_ONE_PYTHON_CONTENT
+
+ if p=$(command -v python3); then
+ py=$p
+ if [ -L "$p" ]; then
+ py=$(readlink -f "$p") ||
+ { echo "ERROR: failed 'readlink -f $p'" 1>&2; exit 1; }
+ fi
+ else
+ glob="/usr/bin/python3.[0-9][0-9] /usr/bin/python3.[789]"
+ n=0
+ for p in $glob; do
+ [ -x "$p" ] && n=$((n+1)) && py=$p && found="$found $p"
+ done
+ if [ "$n" -ne 1 ]; then
+ echo "ERROR: found $n pythons matching $glob. Cannot use one-python here."
+ [ "$n" -eq 0 ] || echo " found: $found" 1>&2
+ exit 1
+ fi
+ fi
+ echo "using python=$py for one-python"
+
+ ln -s "$py" "$tmpd/python" && ln -s "$py" "$tmpd/python3" || {
+ echo "ERROR: symlink of $py into tmpdir failed."
+ exit 1
+ }
+
+ # add shbang of #!/bin/sh -e if not present.
+ if head -n 1 "$tmpd/runner.dist" | grep -q "^#!"; then
+ cp "$tmpd/runner.dist" "$tmpd/runner"
+ else
+ echo "#!/bin/sh -e" > "$tmpd/runner"
+ cat "$tmpd/runner.dist" >> "$tmpd/runner"
+ fi
+
+ [ $? -eq 0 ] || {
+ echo "ERROR: very strange failure (failed write to runner?)"
+ exit 1
+ }
+ chmod 755 "$tmpd/runner"
+ export PATH="$tmpd:$PATH"
+
+ runner
diff --git a/protobuf.yaml b/protobuf.yaml
@@ -1,7 +1,7 @@
 package:
  name: protobuf
  version: 3.27.4
- epoch: 0
+ epoch: 1
  description: Library for extensible, efficient structure packing
  copyright:
  - license: BSD-3-Clause
@@ -47,7 +47,8 @@ pipeline:
  -DBUILD_SHARED_LIBS=True \
  -DCMAKE_BUILD_TYPE=Release \
  -Dprotobuf_ABSL_PROVIDER=package \
- -Dprotobuf_BUILD_TESTS=OFF
+ -Dprotobuf_BUILD_TESTS=OFF \
+ -Dprotobuf_BUILD_LIBUPB=OFF
  ninja -C build
  DESTDIR=${{targets.destdir}} ninja -C build install
 
@@ -127,15 +128,3 @@ test:
  pipeline:
  - runs: |
  protoc --help
- protoc-gen-upb --version
- protoc-gen-upb --help
- protoc-gen-upb-27.4.0 --version
- protoc-gen-upb-27.4.0 --help
- protoc-gen-upb_minitable --version
- protoc-gen-upb_minitable --help
- protoc-gen-upb_minitable-27.4.0 --version
- protoc-gen-upb_minitable-27.4.0 --help
- protoc-gen-upbdefs --version
- protoc-gen-upbdefs --help
- protoc-gen-upbdefs-27.4.0 --version
- protoc-gen-upbdefs-27.4.0 --help