Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(docker): bump-git-2.39 #2998

Merged
merged 3 commits into from
Jan 18, 2023
Merged

chore(docker): bump-git-2.39 #2998

merged 3 commits into from
Jan 18, 2023

Conversation

nitrocode
Copy link
Member

@nitrocode nitrocode commented Jan 18, 2023
edited
Loading

what

  • chore(docker): bump-git-2.39

why

  • resolve security issue

tests

  • I have tested my changes by pr tests

Waiting for git 2.39

$ docker run -it alpine:3.17 sh -c "apk update && apk info git"
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/aarch64/APKINDEX.tar.gz
v3.17.1-83-g24a1fb849a [https://dl-cdn.alpinelinux.org/alpine/v3.17/main]
v3.17.1-86-g720cea6326 [https://dl-cdn.alpinelinux.org/alpine/v3.17/community]
OK: 17684 distinct packages available
git-2.38.3-r1 description:
Distributed version control system

git-2.38.3-r1 webpage:
https://www.git-scm.com/

git-2.38.3-r1 installed size:
6284 KiB

references

@nitrocode nitrocode requested a review from a team as a code owner January 18, 2023 03:24
@nitrocode nitrocode added dependencies PRs that update a dependency file security labels Jan 18, 2023
@nitrocode nitrocode mentioned this pull request Jan 18, 2023
Merged
1 task
@chenrui333
Copy link
Member

the package is not avail in alpine 3.17 yet?

#0 0.087 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
#0 0.310 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
#0 0.744 ERROR: unable to select packages:
#0 0.796   git-2.38.3-r1:
#0 0.796     breaks: world[git~2.39]

@chenrui333
Copy link
Member

indeed

$ docker run -it alpine:3.17 sh
/ # apk update
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/aarch64/APKINDEX.tar.gz
v3.17.1-80-ga327c5695c [https://dl-cdn.alpinelinux.org/alpine/v3.17/main]
v3.17.1-79-g7f75271162 [https://dl-cdn.alpinelinux.org/alpine/v3.17/community]
OK: 17684 distinct packages available
/ # apk add git
(1/7) Installing ca-certificates (20220614-r4)
(2/7) Installing brotli-libs (1.0.9-r9)
(3/7) Installing nghttp2-libs (1.51.0-r0)
(4/7) Installing libcurl (7.87.0-r1)
(5/7) Installing libexpat (2.5.0-r0)
(6/7) Installing pcre2 (10.42-r0)
(7/7) Installing git (2.38.3-r1)
Executing busybox-1.35.0-r29.trigger
Executing ca-certificates-20220614-r4.trigger
OK: 17 MiB in 22 packages

@nitrocode
Copy link
Member Author

It's in their repo. I'm waiting for the package to be available. Thank you for including those helpful commands!

@chenrui333
Copy link
Member

I just updated the PR, that would help installing the latest git

$ docker run -it alpine:3.17 sh
/ # apk add git --repository=http://dl-cdn.alpinelinux.org/alpine/edge/main/
fetch http://dl-cdn.alpinelinux.org/alpine/edge/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/aarch64/APKINDEX.tar.gz
(1/7) Installing ca-certificates (20230106-r0)
(2/7) Installing brotli-libs (1.0.9-r10)
(3/7) Installing nghttp2-libs (1.51.0-r0)
(4/7) Installing libcurl (7.87.0-r3)
(5/7) Installing libexpat (2.5.0-r0)
(6/7) Installing pcre2 (10.42-r0)
(7/7) Installing git (2.39.1-r1)
Executing busybox-1.35.0-r29.trigger
Executing ca-certificates-20230106-r0.trigger
OK: 17 MiB in 22 packages
/ # git --version
git version 2.39.1

the latest git wont be in alpine:3.17 release any time soon.

@nitrocode nitrocode merged commit e8dac17 into main Jan 18, 2023
@nitrocode nitrocode deleted the bump-git branch January 18, 2023 23:04
@nitrocode nitrocode added this to the v0.22.3 milestone Jan 18, 2023
@nitrocode nitrocode mentioned this pull request Jan 23, 2023
Merged
3 tasks
@albertorm95 albertorm95 mentioned this pull request May 19, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chenrui333 chenrui333 chenrui333 approved these changes

@jamengual jamengual jamengual approved these changes

Assignees
No one assigned
Labels
dependencies PRs that update a dependency file security
Projects
None yet
Milestone
v0.22.3
Development

Successfully merging this pull request may close these issues.
3 participants
@nitrocode @chenrui333 @jamengual