Sandbox/rdutta/3.0/update 3.0.20250521 3.0 v1#178
Closed
ranjan-dutta wants to merge 283 commits into3.0-devfrom
Closed
Sandbox/rdutta/3.0/update 3.0.20250521 3.0 v1#178ranjan-dutta wants to merge 283 commits into3.0-devfrom
ranjan-dutta wants to merge 283 commits into3.0-devfrom
Conversation
…tapackage (#12298)
This is early work to build a kernel in the extended repo that includes LVBS support.
…ch 3.0-dev (#13365) Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>
…3.0-dev (#13366) Co-authored-by: jykanase <v-jykanase@microsoft.com>
….0-dev (#13367) Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
….0-dev (#13368) Co-authored-by: Sreenivasulu Malavathula (HCL Technologies Ltd) <v-smalavathu@microsoft.com>
…-dev (#13369) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
…3.0-dev (#13370) Co-authored-by: Kevin Lockwood <57274670+kevin-b-lockwood@users.noreply.github.com>
…h 3.0-dev (#13371) Co-authored-by: jykanase <v-jykanase@microsoft.com>
…Medium] - branch 3.0-dev (#13372) Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
…ev (#13373) Co-authored-by: kgodara912 <kshigodara@outlook.com>
…m] - branch 3.0-dev (#13374) Co-authored-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
…h 3.0-dev (#13375) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
…2024-11053 [High] - branch 3.0-dev (#13376) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
…ch 3.0-dev (#13389) Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
…3.0-dev (#13390) Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
…[Medium] - branch 3.0-dev (#13391) Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
…v (#13392) Co-authored-by: jykanase <v-jykanase@microsoft.com>
… branch 3.0-dev (#13393) Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
…nch 3.0-dev (#13394) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
…0-dev (#13395) Co-authored-by: kgodara912 <kshigodara@outlook.com>
…4-7246 - branch 3.0-dev (#13396) Co-authored-by: jykanase <v-jykanase@microsoft.com>
…gs (#13674) Updated the config options in config_aarch64 as per nvidia's recently published patch guide. The config options are related to GB200 and GB200F helps h/w team to run the diagnostics. Made modification to config_aarch64 based on nvidia's recommendation. nvidia patch guide: https://docs.nvidia.com/grace-patch-config-guide.pdf Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
Signed-off-by: Sreenivasulu Malavathula <v-smalavathu@microsoft.com>
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
…gs (#13674) Updated the config options in config_aarch64 as per nvidia's recently published patch guide. The config options are related to GB200 and GB200F helps h/w team to run the diagnostics. Made modification to config_aarch64 based on nvidia's recommendation. nvidia patch guide: https://docs.nvidia.com/grace-patch-config-guide.pdf Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
# By CBL-Mariner-Bot (78) and others # Via GitHub (6) and others * tag '3.0.20250521-3.0': (271 commits) Fixed reporting of build errors (CP: #13889) (#13897) Revert "Revert "Merge 3.0-dev for May 2025 2 release"" (#13847) Revert "Anphel/3 mid may 2025 update b" (#13846) kernel-64k: Added a new patch to solve EFI slack slots issue (#13783) kernel-64k: enabling config options required for GB200 and GB200F diags (#13674) Prepare May 2025 Update 2 (#13808) Revert "Merge 3.0-dev for May 2025 2 release" (#13833) kernel-64k: Added a new patch to solve EFI slack slots issue (#13783) Patch docker-buildx for CVE-2025-0495 [Medium] (#13768) [Medium] Patch yasm for CVE-2023-51258 and CVE-2023-37732 (#13792) [Medium] Patch iniparser for CVE-2023-33461 (#13804) [Medium] patch rpm-ostree for CVE-2024-2905 (#13818) kernel-64k: enabling config options required for GB200 and GB200F diags (#13674) [3.0] bmake: move tests to check section (#13815) Updated lua-json to version 1.3.4 (#11179) Upgrade kyotocabinet to version 1.2.80 (#10802) Extended build failure logging (#13705) Prepare May 2025 Update 2 (#13808) dom0 packages: Update to dom0 release v2411.19.1 (#13648) [AUTO-CHERRYPICK] Upgrade SymCrypt-OpenSSL to 1.8.1 - branch 3.0-dev (#13805) ... # Conflicts: # .pipelines/prchecks/PackageBuildPRCheck.yml # .pipelines/templates/PackageTestResultsAnalysis.yml # LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md # LICENSES-AND-NOTICES/SPECS/data/licenses.json # SPECS-EXTENDED/kernel-ipe/config_aarch64 # SPECS-EXTENDED/kernel-ipe/kernel-ipe.signatures.json # SPECS-EXTENDED/kernel-ipe/kernel-ipe.spec # SPECS-SIGNED/mft_kernel-signed/mft_kernel-signed.spec # SPECS-SIGNED/mlnx-ofa_kernel-modules-signed/mlnx-ofa_kernel-modules-signed.spec # SPECS/azcopy/azcopy.spec # SPECS/azurelinux-release/azurelinux-release.spec # SPECS/blobfuse2/blobfuse2.spec # SPECS/busybox/busybox.spec # SPECS/cf-cli/cf-cli.spec # SPECS/cni-plugins/cni-plugins.spec # SPECS/containerd/containerd.spec # SPECS/containerd2/containerd2.spec # SPECS/containerized-data-importer/containerized-data-importer.spec # SPECS/coredns/coredns.spec # SPECS/dcos-cli/dcos-cli.spec # SPECS/docker-buildx/docker-buildx.spec # SPECS/docker-compose/docker-compose.spec # SPECS/elfutils/elfutils.spec # SPECS/etcd/etcd.spec # SPECS/flannel/flannel.spec # SPECS/fluent-bit/fluent-bit.spec # SPECS/fwctl/fwctl.spec # SPECS/gh/gh.spec # SPECS/git-lfs/git-lfs.spec # SPECS/grub2/grub2.spec # SPECS/helm/helm.spec # SPECS/ig/ig.spec # SPECS/influxdb/influxdb.spec # SPECS/iser/iser.spec # SPECS/isert/isert.spec # SPECS/kata-containers-cc/kata-containers-cc.spec # SPECS/kata-containers/kata-containers.spec # SPECS/keda/keda.spec # SPECS/kernel-headers/kernel-headers.signatures.json # SPECS/kernel-headers/kernel-headers.spec # SPECS/kernel-mshv/config # SPECS/kernel-mshv/kernel-mshv.signatures.json # SPECS/kernel-mshv/kernel-mshv.spec # SPECS/kernel-rt/config # SPECS/kernel/config # SPECS/kernel/config_aarch64 # SPECS/kernel/kernel-uki.spec # SPECS/kernel/kernel.signatures.json # SPECS/kernel/kernel.spec # SPECS/knem/knem.spec # SPECS/kube-vip-cloud-provider/kube-vip-cloud-provider.spec # SPECS/kubernetes/kubernetes.spec # SPECS/kubevirt/kubevirt.spec # SPECS/libguestfs/libguestfs.spec # SPECS/mesa/mesa.spec # SPECS/mft_kernel/mft_kernel.spec # SPECS/mlnx-nfsrdma/mlnx-nfsrdma.spec # SPECS/mlnx-ofa_kernel/mlnx-ofa_kernel.spec # SPECS/moby-containerd-cc/moby-containerd-cc.spec # SPECS/moby-engine/moby-engine.spec # SPECS/multus/multus.spec # SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec # SPECS/openssh/openssh.spec # SPECS/packer/packer.spec # SPECS/prometheus-adapter/prometheus-adapter.spec # SPECS/prometheus-node-exporter/prometheus-node-exporter.spec # SPECS/prometheus-process-exporter/prometheus-process-exporter.spec # SPECS/prometheus/prometheus.spec # SPECS/qemu/CVE-2023-6683.patch # SPECS/qemu/CVE-2023-6693.patch # SPECS/qemu/CVE-2024-3567.patch # SPECS/qemu/qemu.spec # SPECS/selinux-policy/selinux-policy.spec # SPECS/skopeo/skopeo.spec # SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec # SPECS/srp/srp.spec # SPECS/supermin/supermin.spec # SPECS/systemd/systemd.spec # SPECS/telegraf/telegraf.spec # SPECS/vitess/vitess.spec # SPECS/xpmem/xpmem.spec # cgmanifest.json # toolkit/resources/manifests/package/pkggen_core_aarch64.txt # toolkit/resources/manifests/package/pkggen_core_x86_64.txt # toolkit/resources/manifests/package/toolchain_aarch64.txt # toolkit/resources/manifests/package/toolchain_x86_64.txt # toolkit/scripts/toolchain/container/Dockerfile # toolkit/scripts/toolchain/container/toolchain-sha256sums # toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+26
to
+29
| - name: Workflow trigger checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # For consistency, we use the same major/minor version of Python that Azure Linux ships |
Check warning
Code scanning / zizmor
does not set persist-credentials: false Warning
Comment on lines
+16
to
+48
| name: SRPMs duplicates check | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| # Each group is published to a different repo, thus we only need to check | ||
| # for SRPM duplicates within the group. | ||
| specs-dirs-groups: ["SPECS SPECS-SIGNED", "SPECS-EXTENDED"] | ||
|
|
||
| steps: | ||
| # Checkout the branch of our repo that triggered this action | ||
| - name: Workflow trigger checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # For consistency, we use the same major/minor version of Python that Azure Linux ships | ||
| - name: Setup Python 3.12 | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: 3.12 | ||
|
|
||
| # Generate the specs.json files. They are the input for the duplicates check script. | ||
| - name: Generate specs.json | ||
| run: | | ||
| set -euo pipefail | ||
| for spec_folder in ${{ matrix.specs-dirs-groups }}; do | ||
| echo "Generating specs.json for spec folder '$spec_folder'." | ||
| sudo make -C toolkit -j$(nproc) parse-specs REBUILD_TOOLS=y DAILY_BUILD_ID=lkg SPECS_DIR=../$spec_folder | ||
| cp -v build/pkg_artifacts/specs.json ${spec_folder}_specs.json | ||
| done | ||
| - name: Check for duplicate SRPMs | ||
| run: python3 toolkit/scripts/check_srpm_duplicates.py *_specs.json |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fix the issue, we need to add a permissions block to the workflow. Since the workflow only performs read-only operations, the minimal required permission is contents: read. This ensures the GITHUB_TOKEN has the least privilege necessary to execute the workflow.
The permissions block should be added at the root level of the workflow, so it applies to all jobs within the workflow. No additional changes are required to the existing functionality.
Suggested changeset
1
.github/workflows/check-srpm-duplicates.yml
| @@ -7,2 +7,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: |
Copilot is powered by AI and may make mistakes. Always verify output.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge Checklist
All boxes should be checked before merging the PR
Description
this is for AZL update to 3.0.20250521-3.0
Any Newly Introduced Dependencies
How Has This Been Tested?