Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use git-core base pkg instead of git #422

Merged
merged 1 commit into from
Jan 31, 2024
Merged

Use git-core base pkg instead of git #422

merged 1 commit into from
Jan 31, 2024

Conversation

macedogm
Copy link
Member

@macedogm macedogm commented Jan 22, 2024
edited by weyfonk
Loading

Use the base level package git-core that has less dependencies than git, reducing image size and possibly future CVEs ("less packages normally means less CVEs").

git

/ # zypper in git
Refreshing service 'container-suseconnect-zypp'.
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following 12 NEW packages are going to be installed:
  file git git-core less libexpat1 libgdbm4 libpcre2-8-0 libsha1detectcoll1 perl perl-Error perl-Git which

The following 12 packages are not supported by their vendor:
  file git git-core less libexpat1 libgdbm4 libpcre2-8-0 libsha1detectcoll1 perl perl-Error perl-Git which

12 new packages to install.
Overall download size: 12.5 MiB. Already cached: 0 B. After the operation, additional 69.5 MiB will be used.

git-core

/ # zypper in git-core
Refreshing service 'container-suseconnect-zypp'.
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following 7 NEW packages are going to be installed:
  file git-core less libexpat1 libpcre2-8-0 libsha1detectcoll1 which

The following 7 packages are not supported by their vendor:
  file git-core less libexpat1 libpcre2-8-0 libsha1detectcoll1 which

7 new packages to install.
Overall download size: 5.6 MiB. Already cached: 0 B. After the operation, additional 28.5 MiB will be used.

Note (@weyfonk): This PR initially targeted master, hence replaced git with git-core. But it now targets release/fleet/v0.9, where git is not in package/Dockerfile, although it should be.
This PR now effectively acts as a backport of #362 as well.

@macedogm macedogm requested a review from a team as a code owner January 22, 2024 12:19
@kkaempf kkaempf added this to the v2.8-Next1 milestone Jan 22, 2024
This was referenced Jan 26, 2024
Closed
Merged
@weyfonk
Copy link
Contributor

weyfonk commented Jan 30, 2024

Thanks! Submitted to rancher/fleet as rancher/fleet#2105, as per rancher/fleet#2008.

@macedogm
Copy link
Member Author

macedogm commented Jan 30, 2024
edited
Loading

@weyfonk thanks! Should I close this PR then?

@weyfonk
Copy link
Contributor

weyfonk commented Jan 30, 2024

@weyfonk thanks! Should I close this PR then?

No need :) As discussed offline, this is still relevant for Fleet v0.9.

@weyfonk weyfonk changed the base branch from master to release/fleet/v0.9 January 30, 2024 10:42
@macedogm @weyfonk
Use git-core pkg instead of git
7b1cf96 
Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
@weyfonk weyfonk mentioned this pull request Jan 30, 2024
Merged
@weyfonk
Copy link
Contributor

weyfonk commented Jan 30, 2024

CI fails because it runs against a fork which doesn't have access to secrets. It passes when running against the same state on the upstream repository.

@manno manno merged commit f2f3c96 into rancher:release/fleet/v0.9 Jan 31, 2024
3 of 4 checks passed
@macedogm macedogm deleted the image-git-core branch January 31, 2024 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/fleet area/gitjob kind/security team/fleet
Projects
Fleet
Archived in project
Milestone
v2.8-Next1
Development

Successfully merging this pull request may close these issues.
4 participants
@macedogm @weyfonk @kkaempf @manno