Update frr to fix a CVE (#265)

Author: majst01

almalinux/Dockerfile

@@ -23,7 +23,8 @@ COPY --from=ignition-builder /work/ignition/bin/amd64/ignition* /usr/local/bin/
 
 RUN set -ex \
  # with an empty /etc/machine-id nothing will be installed in /boot
- && echo "almalinux" > /etc/machine-id \
+ # machine-id must a valid, see man machine-id
+ && echo "7b9f54e12f3b4f06a34c9d0f4b0e68c2" > /etc/machine-id \
  && dnf update -y \
  && dnf install -y epel-release \
  && dnf update -y \

cmd/install.go

@@ -583,6 +583,21 @@ func (i *installer) kernelAndInitrdPath() (kern string, initrd string, err error
 	// -rwxr-xr-x 1 root root 43526368 Jul 19  2021 vmlinux-5.10.51
 	// -rw-r--r-- 1 root root  6962816 Aug 13 15:25 vmlinuz-5.10.0-17-amd64
 
+	// Almalinux 9
+	// [root@14231d4e67d28390 ~]# ls -l /boot/
+	// total 160420
+	// -rw------- 1 root root  8876661 Jan  7 23:19 System.map-5.14.0-503.19.1.el9_5.x86_64
+	// -rw-r--r-- 1 root root    93842 Jul 19  2021 config-5.10.51
+	// -rw-r--r-- 1 root root   226249 Jan  7 23:19 config-5.14.0-503.19.1.el9_5.x86_64
+	// drwx------ 3 root root     4096 Jun  8  2022 efi
+	// drwx------ 3 root root     4096 Jan  9 08:02 grub2
+	// -rw------- 1 root root 97054329 Jan  9 08:04 initramfs-5.14.0-503.19.1.el9_5.x86_64.img
+	// drwxr-xr-x 3 root root     4096 Jan  9 08:02 loader
+	// lrwxrwxrwx 1 root root       52 Jan  9 08:03 symvers-5.14.0-503.19.1.el9_5.x86_64.gz -> /lib/modules/5.14.0-503.19.1.el9_5.x86_64/symvers.gz
+	// lrwxrwxrwx 1 root root       21 Jul 19  2021 vmlinux -> /boot/vmlinux-5.10.51
+	// -rwxr-xr-x 1 root root 43526368 Jul 19  2021 vmlinux-5.10.51
+	// -rwxr-xr-x 1 root root 14467384 Jan  7 23:19 vmlinuz-5.14.0-503.19.1.el9_5.x86_64
+
 	var (
 		bootPartition   = "/boot"
 		systemMapPrefix = "/boot/System.map-"

cmd/main.go

@@ -23,12 +23,14 @@ func main() {
 
 	oss, err := detectOS(fs)
 	if err != nil {
-		panic(err)
+		log.Error("installation failed", "error", err)
+		os.Exit(1)
 	}
 
 	config, err := parseInstallYAML(fs)
 	if err != nil {
-		panic(err)
+		log.Error("installation failed", "error", err)
+		os.Exit(1)
 	}
 
 	i := installer{
@@ -44,11 +46,11 @@ func main() {
 
 	err = i.do()
 	if err != nil {
-		i.log.Error("installation failed", "duration", time.Since(start))
-		panic(err)
+		i.log.Error("installation failed", "error", err, "duration", time.Since(start).String())
+		os.Exit(1)
 	}
 
-	i.log.Info("installation succeeded", "duration", time.Since(start))
+	i.log.Info("installation succeeded", "duration", time.Since(start).String())
 }
 
 func parseInstallYAML(fs afero.Fs) (*api.InstallerConfig, error) {

debian/docker-make.debian.yaml

@@ -23,8 +23,8 @@ builds:
     build-args:
       - BASE_OS_VERSION=bookworm
       - DOCKER_APT_CHANNEL=bookworm
-      - FRR_VERSION=frr-10
-      - FRR_VERSION_DETAIL=10.1.1-0~deb12u1
+      - FRR_VERSION=frr-10.1
+      - FRR_VERSION_DETAIL=10.1.2-0~deb12u1
       - FRR_APT_CHANNEL=bookworm
       - SEMVER_MAJOR_MINOR=12
       - SEMVER=${SEMVER_MAJOR_MINOR}${SEMVER_PATCH}

debian/docker-make.ubuntu.yaml

@@ -25,8 +25,8 @@ builds:
       - ${SEMVER_MAJOR_MINOR}
     build-args:
       - BASE_OS_VERSION=24.04
-      - FRR_VERSION=frr-10
-      - FRR_VERSION_DETAIL=10.1.1-0~ubuntu24.04.1
+      - FRR_VERSION=frr-10.1
+      - FRR_VERSION_DETAIL=10.1.2-0~ubuntu24.04.1
       - FRR_APT_CHANNEL=noble
       - SEMVER_MAJOR_MINOR=24.04
       - SEMVER=${SEMVER_MAJOR_MINOR}${SEMVER_PATCH}

go.mod

@@ -2,20 +2,20 @@ module github.com/metal-stack/metal-images
 
 go 1.23.0
 
-toolchain go1.23.1
+toolchain go1.23.4
 
 require (
 	github.com/aws/aws-sdk-go v1.55.5
 	github.com/flatcar/ignition v0.36.2
 	github.com/google/go-cmp v0.6.0
-	github.com/metal-stack/metal-go v0.39.1
-	github.com/metal-stack/metal-hammer v0.13.8
+	github.com/metal-stack/metal-go v0.39.4
+	github.com/metal-stack/metal-hammer v0.13.10
 	github.com/metal-stack/metal-lib v0.19.0
-	github.com/metal-stack/metal-networker v0.45.2
+	github.com/metal-stack/metal-networker v0.45.3
 	github.com/metal-stack/v v1.0.3
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/spf13/afero v1.11.0
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.10.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -50,9 +50,9 @@ require (
 	github.com/vincent-petithory/dataurl v1.0.0 // indirect
 	go.mongodb.org/mongo-driver v1.17.1 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
-	golang.org/x/sys v0.27.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	google.golang.org/protobuf v1.36.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )

go.sum

@@ -128,14 +128,14 @@ github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
 github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/metal-stack/metal-go v0.39.1 h1:oarRe7KbcvsOfjCLbXwlVVHJfX5AMlWxoCQrRpmbdrA=
-github.com/metal-stack/metal-go v0.39.1/go.mod h1:ltItf/Md/z588c7Dr3X6iemCeOFh3rJ8nDL5Dpb9zFQ=
-github.com/metal-stack/metal-hammer v0.13.8 h1:U3EVXbwDzQLn0IBgXFsA7rUZMhXoaaGOCRxxmODBm74=
-github.com/metal-stack/metal-hammer v0.13.8/go.mod h1:vvN5H8II1jlLXTOUmbJwsoOtYpwGa3+QEY8HEHzgbFw=
+github.com/metal-stack/metal-go v0.39.4 h1:UaYSsBc5JaGmVLI2uV8mOo5+T2v1pHUN+GwKXaNcmaE=
+github.com/metal-stack/metal-go v0.39.4/go.mod h1:ltItf/Md/z588c7Dr3X6iemCeOFh3rJ8nDL5Dpb9zFQ=
+github.com/metal-stack/metal-hammer v0.13.10 h1:p1L2rGeABbjv8jRnua7dYF8nDjLZ+BohkU1Bl6KxbBg=
+github.com/metal-stack/metal-hammer v0.13.10/go.mod h1:cOdArIOW1VBICPX3dlpyg1Wf3PsMeGjyw7mJJmCTqeU=
 github.com/metal-stack/metal-lib v0.19.0 h1:4yBnp/jPGgX9KeCje3A4MFL2oDjgjOjgsIK391LltRI=
 github.com/metal-stack/metal-lib v0.19.0/go.mod h1:fCMaWwVGA/xAoGvBk72/nfzqBkHly0iOzrWpc55Fau4=
-github.com/metal-stack/metal-networker v0.45.2 h1:f1U9tzLPG17fthnQROHphKDKpeW//VDnCiNbtNwcm+A=
-github.com/metal-stack/metal-networker v0.45.2/go.mod h1:DUjaql5THUSJd/7M1ZlcYgX/bllp1IhXwOFM+Nvkaus=
+github.com/metal-stack/metal-networker v0.45.3 h1:GALlPsSMYw70vuQLcmwEEX9VNJVWkZk/4pP7eERD/VU=
+github.com/metal-stack/metal-networker v0.45.3/go.mod h1:DUjaql5THUSJd/7M1ZlcYgX/bllp1IhXwOFM+Nvkaus=
 github.com/metal-stack/v v1.0.3 h1:Sh2oBlnxrCUD+mVpzfC8HiqL045YWkxs0gpTvkjppqs=
 github.com/metal-stack/v v1.0.3/go.mod h1:YTahEu7/ishwpYKnp/VaW/7nf8+PInogkfGwLcGPdXg=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
@@ -168,8 +168,8 @@ github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/vincent-petithory/dataurl v1.0.0 h1:cXw+kPto8NLuJtlMsI152irrVw9fRDX8AbShPRpg2CI=
 github.com/vincent-petithory/dataurl v1.0.0/go.mod h1:FHafX5vmDzyP+1CQATJn7WFKc9CvnvxyvZy6I1MrG/U=
 github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728/go.mod h1:x9oS4Wk2s2u4tS29nEaDLdzvuHdB19CvSGJjPgkZJNk=
@@ -262,8 +262,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
-golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -274,8 +274,8 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -340,8 +340,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk=
+google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=