Skip to content

Monthly GLSA metadata 2025-10-01 #3321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 2, 2025
Merged

Monthly GLSA metadata 2025-10-01 #3321

merged 1 commit into from
Oct 2, 2025

Conversation

flatcar-infra
Copy link

Updated GLSA metadata

@github-actions
portage-stable/metadata: Monthly GLSA metadata updates
9dd9784 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@flatcar-infra flatcar-infra requested a review from a team as a code owner October 1, 2025 07:07
@chewi chewi merged commit beedbca into main Oct 2, 2025
4 of 5 checks passed
@chewi chewi deleted the buildbot/monthly-glsa-metadata-updates-2025-10-01 branch October 2, 2025 15:59
@krnowak
Copy link
Member

krnowak commented Oct 2, 2025

Oi, this should have been put on hold - this will likely make the nightly builds fail, because we are still having the old pam version and this will trigger the GLSA check. Let's see.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 2, 2025
edited
Loading

Build action triggered: https://github.com/flatcar/scripts/actions/runs/18345308847

@chewi
Copy link
Contributor

chewi commented Oct 3, 2025

Sorry, I thought it was harmless. 😢 I think PRs like this need a note about what we should check or watch out for when merging.

@tormath1
Copy link
Contributor

tormath1 commented Oct 3, 2025
edited
Loading

So yeah the CI is failing because:

 This system is affected by the following GLSAs:
 202508-01
 202505-01

Let's revert this commit while PAM issue is being addressed.

EDIT: #3337

@tormath1 tormath1 mentioned this pull request Oct 3, 2025
Merged
@dongsupark
Copy link
Member

dongsupark commented Oct 8, 2025
edited
Loading

Just FYI, we have 2 options:

  1. Do not update GLSA metadata, a.k.a. keep such bot PRs open until pam could be updated. Basically what we already do.
  2. Add the 2 GLSAs to GLSA_ALLOWLIST, to avoid such CI failures. I am fine with this approach as well, as long as the pam update seems not so trivial.

@krnowak
Copy link
Member

krnowak commented Oct 8, 2025

Let's go with 1. I'm working on the PAM update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chewi chewi chewi approved these changes

Assignees

No one assigned

Labels

main

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@flatcar-infra @krnowak @chewi @tormath1 @dongsupark