From vpagar at redhat.com Thu Jul 2 07:56:35 2020 From: vpagar at redhat.com (Vaibhav Pagar) Date: Thu, 2 Jul 2020 13:26:35 +0530 Subject: [scl.org] Fix for the Node.js images Message-ID: Hello, I am Vaibhav Pagar and I am reaching out to you regarding query about the container images of Node.js which you are maintaining. One my customer is using below 2 container images which are affected by the given CVE's ~~~ 1] Image Node.js 10 https://catalog.redhat.com/software/containers/ubi8/nodejs-10/5c839aa3d70cc51dd4c425d9?container-tabs=overview Affected by two CVE's :- > CVE-2020-13777 Fixed with >> RHSA-2020:2637 on 2020-06-22 > CVE-2020-11080 Fixed with >> RHSA-2020:2755 on 2020-06-25 Both of the above CVE's are marked as important so their fix will be released in container images soon as the actual fix for the package is already released. 2] Image Node.js 12 https://catalog.redhat.com/software/containers/ubi8/nodejs-12/5d3fff015a13461f5fb8635a?container-tabs=security Affected by two CVE's:- > CVE-2020-13777 Fixed with >> RHSA-2020:2637 on 2020-06-22 > CVE-2020-11080 Fixed with >> RHSA-2020:2755 on 2020-06-25 ~~~ I can see for both the CVE's the fix is already released for the affected packages, so when can we expect the fix in Node.js container images? Customers want to get this fix asap as the CVE is marked as important and they said that it's affecting their deployments. Can you please let me know any ETA for the fix? Thank you, Vaibhav Pagar TECHNICAL SUPPORT ENGINEER, Red Hat India Pvt. Ltd. vpagar at redhat.com M: 7588040831 @redhatnews Red Hat Red Hat -------------- next part -------------- An HTML attachment was scrubbed... URL: From vpagar at redhat.com Sun Jul 5 00:47:54 2020 From: vpagar at redhat.com (Vaibhav Pagar) Date: Sun, 5 Jul 2020 06:17:54 +0530 Subject: [scl.org] Fix for the Node.js images In-Reply-To: References: Message-ID: Hello, Can you please take a look at my query regarding CVE 2020-8174, as customer is pushing a lot to get the fix for this CVE in the latest version of node.js container image. Let me know if you need any more information from me so I can share it accordingly. Thanks & Regards, Vaibhav Pagar TECHNICAL SUPPORT ENGINEER, Red Hat India Pvt. Ltd. vpagar at redhat.com M: 7588040831 @redhatnews Red Hat Red Hat On Thu, Jul 2, 2020 at 1:26 PM Vaibhav Pagar wrote: > Hello, > > I am Vaibhav Pagar and I am reaching out to you regarding query about the > container images of Node.js which you are maintaining. > One my customer is using below 2 container images which are affected by > the given CVE's > > ~~~ > 1] Image Node.js 10 > > > https://catalog.redhat.com/software/containers/ubi8/nodejs-10/5c839aa3d70cc51dd4c425d9?container-tabs=overview > > Affected by two CVE's :- > > > CVE-2020-13777 Fixed with >> RHSA-2020:2637 on 2020-06-22 > > CVE-2020-11080 Fixed with >> RHSA-2020:2755 on 2020-06-25 > > Both of the above CVE's are marked as important so their fix will be > released in container images soon as the actual fix for the package is > already released. > > > > 2] Image Node.js 12 > > > https://catalog.redhat.com/software/containers/ubi8/nodejs-12/5d3fff015a13461f5fb8635a?container-tabs=security > > Affected by two CVE's:- > > > CVE-2020-13777 Fixed with >> RHSA-2020:2637 on 2020-06-22 > > CVE-2020-11080 Fixed with >> RHSA-2020:2755 on 2020-06-25 > ~~~ > > I can see for both the CVE's the fix is already released for the affected > packages, so when can we expect the fix in Node.js container images? > Customers want to get this fix asap as the CVE is marked as important and > they said that it's affecting their deployments. > Can you please let me know any ETA for the fix? > > Thank you, > > Vaibhav Pagar > > TECHNICAL SUPPORT ENGINEER, > > Red Hat India Pvt. Ltd. > > vpagar at redhat.com M: 7588040831 > > > > @redhatnews Red Hat > Red Hat > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmercier at cng.fr Mon Jul 20 09:37:48 2020 From: jmercier at cng.fr (Jonathan MERCIER) Date: Mon, 20 Jul 2020 11:37:48 +0200 Subject: [scl.org] How to disable debug info subpackage Message-ID: <56fbd4b1-2ba3-4961-58a2-a74be7f75ff0@cng.fr> Dear, I try to package a D library without the use of debuginfo package (that do not works well on dlang) Thus I use usually this statement: %global debug_package?????? %{nil} But it seem with SCL it is not enough as at the end I have some error message like: RPM build errors: ??? Installed (but unpackaged) file(s) found: /usr/lib/debug/.dwz/jonathan-dlang_ldc2092-derelict-3-1.20170923git8dda339.fc32.x86_64 /usr/lib/debug/opt/jonathan/jonathan-dlang_ldc2092/root/usr/lib64/libDerelictAL.so.3.0.0-3-1.20170923git8dda339.fc32.x86_64.debug ? ... /usr/src/debug/jonathan-dlang_ldc2092-derelict-3-1.20170923git8dda339.fc32.x86_64/GL3/source/derelict/opengl/extensions/arb_f.d spec file: https://paste.centos.org/view/5dea53ce Thanks -- Jonathan MERCIER Researcher computational biology PhD, Jonathan MERCIER Centre National de Recherche en G?nomique Humaine (CNRGH) Bioinformatics (LBI) 2, rue Gaston Cr?mieux 91057 Evry Cedex Tel :(33) 1 60 87 83 44 Email :jonathan.mercier at cnrgh.fr -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: jgkellajgbopoedg. Type: image/jpg Size: 5638 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: igikpmojebpnoefn. Type: image/jpg Size: 17553 bytes Desc: not available URL: From jmercier at cng.fr Mon Jul 27 10:20:50 2020 From: jmercier at cng.fr (Jonathan MERCIER) Date: Mon, 27 Jul 2020 12:20:50 +0200 Subject: [scl.org] How to use SCL inside a container Message-ID: <020fa951-53b5-810a-cc34-08c3742de7e2@cng.fr> Dear I tried to build a container both with docker and buildah and got the same message error from gitlab-ci ---> https://gitlab.com/jonathan-dlang/scl_metapackage/-/jobs/657306213 $ scl load "${SCL_VENDOR}-${SCL_COLLECTION}${DLANG_VERSION}" 31 Missing function scl in your environment!!! What is those scl functions ? We can see too that while scl_source? is calld (line 28) the list of loaded collection is empty (line 29) I tried to use a scl_enable file as it is done by sclorg -> https://github.com/sclorg/mariadb-container/blob/master/root-common/usr/share/container-scripts/mysql/scl_enable with the same error Any help are welcome best regards -- Jonathan MERCIER Researcher computational biology PhD, Jonathan MERCIER Centre National de Recherche en G?nomique Humaine (CNRGH) Bioinformatics (LBI) 2, rue Gaston Cr?mieux 91057 Evry Cedex Tel :(33) 1 60 87 83 44 Email :jonathan.mercier at cnrgh.fr -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: cpbodojgmihicpfj. Type: image/jpg Size: 5638 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: piepgbmfpikofemd. Type: image/jpg Size: 17553 bytes Desc: not available URL: From stefanrin at gmail.com Mon Jul 27 17:41:08 2020 From: stefanrin at gmail.com (Stefan Ring) Date: Mon, 27 Jul 2020 19:41:08 +0200 Subject: [scl.org] How to use SCL inside a container In-Reply-To: <020fa951-53b5-810a-cc34-08c3742de7e2@cng.fr> References: <020fa951-53b5-810a-cc34-08c3742de7e2@cng.fr> Message-ID: On Mon, Jul 27, 2020 at 12:23 PM Jonathan MERCIER wrote: > > Dear I tried to build a container both with docker and buildah and got the same message error from gitlab-ci > > ---> https://gitlab.com/jonathan-dlang/scl_metapackage/-/jobs/657306213 No access rights. > $ scl load "${SCL_VENDOR}-${SCL_COLLECTION}${DLANG_VERSION}" > 31Missing function scl in your environment!!! > > What is those scl functions ? > > We can see too that while scl_source is calld (line 28) the list of loaded collection is empty (line 29) Do you know how to use scl outside of a container? Because it does not actually make a difference. > I tried to use a scl_enable file as it is done by sclorg -> https://github.com/sclorg/mariadb-container/blob/master/root-common/usr/share/container-scripts/mysql/scl_enable > > with the same error If it?s only one line in the CI recipe, just use scl enable {scl_name} -- command (line). From zhunting at redhat.com Mon Jul 27 18:30:54 2020 From: zhunting at redhat.com (Zach Huntington Meath) Date: Mon, 27 Jul 2020 14:30:54 -0400 Subject: [scl.org] How to use SCL inside a container In-Reply-To: References: <020fa951-53b5-810a-cc34-08c3742de7e2@cng.fr> Message-ID: Jonathan, I've had some success with containers and trying to use the SCL while the container is running. What I've had success with is adding the script like you had up there to /etc/profile.d and then it'll run when any bash instance is started. Something like this: https://github.com/theforeman/forklift/blob/master/roles/ruby_scl/tasks/main.yml#L14-L20 But instead of using ansible you just have your script and copy it to /etc/profile.d/foo.sh when you're building the container in your Dockerfile. On Mon, Jul 27, 2020 at 1:41 PM Stefan Ring wrote: > On Mon, Jul 27, 2020 at 12:23 PM Jonathan MERCIER wrote: > > > > Dear I tried to build a container both with docker and buildah and got > the same message error from gitlab-ci > > > > ---> https://gitlab.com/jonathan-dlang/scl_metapackage/-/jobs/657306213 > > No access rights. > > > $ scl load "${SCL_VENDOR}-${SCL_COLLECTION}${DLANG_VERSION}" > > 31Missing function scl in your environment!!! > > > > What is those scl functions ? > > > > We can see too that while scl_source is calld (line 28) the list of > loaded collection is empty (line 29) > > Do you know how to use scl outside of a container? Because it does not > actually make a difference. > > > I tried to use a scl_enable file as it is done by sclorg -> > https://github.com/sclorg/mariadb-container/blob/master/root-common/usr/share/container-scripts/mysql/scl_enable > > > > with the same error > > If it?s only one line in the CI recipe, just use scl enable {scl_name} > -- command (line). > > > _______________________________________________ > SCLorg mailing list > SCLorg at redhat.com > https://www.redhat.com/mailman/listinfo/sclorg > -- Zachary Huntington-Meath Red Hat Engineering (919)-619-4189 irc: zhunting -------------- next part -------------- An HTML attachment was scrubbed... URL: From bwburch at gmail.com Mon Jul 27 17:19:38 2020 From: bwburch at gmail.com (Brett Burch) Date: Mon, 27 Jul 2020 17:19:38 -0000 Subject: [scl.org] mongodb-36-centos7:latest Message-ID: Our project is using mongodb-36-centos7:1 and when we run security scans in gcr it identifies security issues, so I tried to add yum update -y to Dockerfile and now when I try to run container I'm getting Pod errors: CreateContainerError. Is there a way to update the image? The security issues are pointing to openssl libs. Thanks, Brett -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonathan.mercier at cnrgh.fr Wed Jul 29 23:32:24 2020 From: jonathan.mercier at cnrgh.fr (jonathan mercier) Date: Wed, 29 Jul 2020 23:32:24 -0000 Subject: [scl.org] How to use SCL inside a container In-Reply-To: References: <020fa951-53b5-810a-cc34-08c3742de7e2@cng.fr> Message-ID: <8715358f6ff15e3d0e05856209675aa86550ba10.camel@cnrgh.fr> Thanks Zach and Stefan for your help Previously repository was in private mode (now they are public, a mistake?) currently my scl_metapackage image fail on test: https://gitlab.com/jonathan-dlang/scl_metapackage/-/pipelines/1722250001 . Indeed it seems that PATH and others env vars are not loaded2. scl load ? do not works I have any problem with these rpm on my local computer This image extends this one: https://gitlab.com/jonathan-dlang/fedorawhich define an entrypoint in order to initialize both modules and scl I will take a closer look to your code Zach Any way your help is really appreciated.I would like to demonstrate that scl can replace environment module into my lab Thanks, best regards Jonathan Le lundi 27 juillet 2020 ? 14:30 -0400, Zach Huntington Meath a ?crit : > Jonathan, > I've had some success with containers and trying to use the SCL while > the container is running. What I've had success with is adding the > script like you had up there to /etc/profile.d and then it'll run > when any bash instance is started. Something like this: > https://github.com/theforeman/forklift/blob/master/roles/ruby_scl/tasks/main.yml#L14-L20 > > But instead of using ansible you just have your script and copy it to > /etc/profile.d/foo.sh when you're building the container in your > Dockerfile. > > On Mon, Jul 27, 2020 at 1:41 PM Stefan Ring > wrote: > > On Mon, Jul 27, 2020 at 12:23 PM Jonathan MERCIER > > wrote: > > > > > > > > > > Dear I tried to build a container both with docker and buildah > > and got the same message error from gitlab-ci > > > > > > > > > > ---> > > https://gitlab.com/jonathan-dlang/scl_metapackage/-/jobs/657306213 > > > > > > > > No access rights. > > > > > > > > > $ scl load "${SCL_VENDOR}-${SCL_COLLECTION}${DLANG_VERSION}" > > > > > 31Missing function scl in your environment!!! > > > > > > > > > > What is those scl functions ? > > > > > > > > > > We can see too that while scl_source is calld (line 28) the list > > of loaded collection is empty (line 29) > > > > > > > > Do you know how to use scl outside of a container? Because it does > > not > > > > actually make a difference. > > > > > > > > > I tried to use a scl_enable file as it is done by sclorg -> > > https://github.com/sclorg/mariadb-container/blob/master/root-common/usr/share/container-scripts/mysql/scl_enable > > > > > > > > > > with the same error > > > > > > > > If it?s only one line in the CI recipe, just use scl enable > > {scl_name} > > > > -- command (line). > > > > > > > > > > > > _______________________________________________ > > > > SCLorg mailing list > > > > SCLorg at redhat.com > > > > https://www.redhat.com/mailman/listinfo/sclorg > > > > > _______________________________________________SCLorg mailing > listSCLorg at redhat.com > https://www.redhat.com/mailman/listinfo/sclorg -------------- next part -------------- An HTML attachment was scrubbed... URL: