* Bump libraries to incorporate CVE fixes
Bump golang.org/x/net to cover CVE-2025-22870 and fix bsc#1238700.
Bump golang.org/x/crypto to cover CVE-2025-22869 and fix bsc#1239335.
In addition and as a requirement of the new x/crypto library go is bumped to 1.23
Signed-off-by: David Cassany <dcassany@suse.com>
* Dockerfile: bump golang container to 1.24 (#912)
Required since vendored x/crypto lib requires go ver >= 1.23
Related to #dd41431b0b2792f0fca005adf3abc3cf471877c4
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* CVE-2025-22872
Bump golang.org/x/net
https://github.com/advisories/GHSA-vvgc-356p-c3xw
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* go mod vendor
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
---------
Signed-off-by: David Cassany <dcassany@suse.com>
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Co-authored-by: David Cassany <dcassany@suse.com>
* Update system-upgrade-controller API
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Update Fleet API
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Sanitize dependencies
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
---------
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* feat: Add Type field to SeedImageSpec
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* feat: Add raw disk build generation to SeedImage
If SeedImageSpec.Type is set to 'raw' we now try to run elemental
build-disk to generate the disk image.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add elemental-toolkit to seedimage-builder
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* feat: Update yip to v1.4.5
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* feat: Reset yaml
Add yip cloud-config for raw disk-image that will extract the
elemental-register configuration to /oem/registration/config.yaml and
Start the elemental-register-install.service in the post-reset hook.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* feat: Use new toolkit param deploy-command
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Picked a non-conflicting uid/gid, tested on v1.24.9-k3s2 with the
recommended hardening options.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add new package to Dockerfile
* Update dependencies
* Add unit test helpers
* Add new machine registration controller
* Remove old machine registration controller
* Add rbac tag for secrets
* Fix container argument in chart
* Add labels to all created resources
Because CGO is needed in elemental-register for TPM emulation, but
Alpine image uses musl-libc instead of glibc, which causes issues.
Signed-off-by: Loic Devulder <ldevulder@suse.com>
* Produce 2 binaries instead of one
This generates a different binary for the register command as to not
bundle it with the full operator.
On the makefile separated builds have been done for operator and
registry.
On the docker image a different container is created for the register
and pushed to a different repo as well.
For releases gorelease generates 2 different binaries.
Signed-off-by: Itxaka <igarcia@suse.com>
There was a mix of ros-operator and rancheros-operator.
This patch fixes it so its always rancheros-operator, even
changing the repos to have the full name so everything matches
Signed-off-by: Itxaka <igarcia@suse.com>
- Drops everything not needed for ros-operator
- New simple Dockerfile
- New jobs based on ros-operator only
- Remove uneeded tests
- Remove dependency on os2 images for integration tests
- Use gorelease to release ros-operator binaries
- Use docker to push ci images to ros-operator-ci registry on PR
- Use docker to push master/tag images to ros-operator registry
- Build chart indepently
- Have a null test CI job for future integration tests
Signed-off-by: Itxaka <igarcia@suse.com>
* Disable mtree
Fixes: https://github.com/rancher-sandbox/os2/issues/49
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* Add installation test suite
Move the installation setup for tests to leverage ros-installer and
reworks it to be run as a suite.
At the moment only covers installation with container images, but is a
setup that would work as well for other scenarios.
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* Bump cOS
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* Disable mirror override
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* fix: Set 0 size for max autogrow
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
They serve as example and as default. At this stage we extend them in a
way that doesn't make sense to bring them with us. Besides, they are
conflicting with our settings and pulls datasources before we actually
want.
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Francesco Giudici