Re: Failing to replace vendored code copies by Debian packages (Was: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622))

To: Andreas Tille <andreas@an3as.eu>, debian-go@lists.debian.org
Subject: Re: Failing to replace vendored code copies by Debian packages (Was: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622))
From: Nilesh Patra <nilesh@riseup.net>
Date: Sun, 20 Feb 2022 19:42:42 +0530
Message-id: <[🔎] 5bdb23bc-bfae-a30c-3719-e9b2222de0c9@riseup.net>
In-reply-to: <[🔎] YhE7ser3+W0MyAyP@an3as.eu>
References: <Yg/D8ToeJaDezsuI@an3as.eu> <[🔎] CAFyCLW8OvrDdPEurW2AL1TyfKqru8zo6CcLKZ5vh7kazY46_jg@mail.gmail.com> <Yg/H5Chk9lWkxFqn@an3as.eu> <[🔎] CAFyCLW8XADF3m88sSWvxgWb0XbFFoA_2mSa8MSJWEfCixAvUNw@mail.gmail.com> <Yg/WWSrWWf0a7FEm@an3as.eu> <[🔎] 3f99a166-9094-dd08-8705-b4fc27a2013a@riseup.net> <[🔎] YhADw9XxvZhuiK+0@an3as.eu> <[🔎] 2be41e60-2078-5853-e66a-cd1f0fa2ac6b@riseup.net> <[🔎] YhANRbX6kdKqQP3r@an3as.eu> <[🔎] YhDvI73QhW9tpMwk@an3as.eu> <[🔎] YhE7ser3+W0MyAyP@an3as.eu>

On 2/20/22 12:19 AM, Andreas Tille wrote:

I'm afraid the version bump was not responsible for the strange grpc
issue.  I kept on working on version 3.9.4 of singularity-container to
reduce the number of vendored code copies.  As I wrote down in
d/README.source[1] I failed in replacing any vendored copy by the Debian
packaged version and it all ended up in
[...]


That was due to pre-generated .pb.go file compiled with new protoc.

I have fixed this, and also managed to un0vendor ~20 deps, and used that
with the packages in archive. I tried to unvendor more, but it might break things, so
we may be we cannot make it to a much better state than it already is.
All changes are in salsa.

After the said changes, I uploaded 3.9.5 to experimental.

Hope that helps.

Regards,
Nilesh

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

References:
- Re: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)
  - From: Andreas Tille <andreas@an3as.eu>
- Re: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)
  - From: Shengjing Zhu <zhsj@debian.org>
- Re: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)
  - From: Andreas Tille <andreas@an3as.eu>
- Re: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)
  - From: Shengjing Zhu <zhsj@debian.org>
- Re: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)
  - From: Andreas Tille <andreas@an3as.eu>
- Re: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)
  - From: Nilesh Patra <nilesh@riseup.net>
- Re: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)
  - From: Andreas Tille <andreas@an3as.eu>
- Re: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)
  - From: Nilesh Patra <nilesh@riseup.net>
- Re: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)
  - From: Andreas Tille <andreas@an3as.eu>
- Re: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)
  - From: Andreas Tille <andreas@an3as.eu>
- Failing to replace vendored code copies by Debian packages (Was: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622))
  - From: Andreas Tille <andreas@an3as.eu>

Prev by Date: Failing to replace vendored code copies by Debian packages (Was: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622))
Next by Date: Newjoiner
Previous by thread: Failing to replace vendored code copies by Debian packages (Was: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622))
Next by thread: extra vendor/ directory
Index(es):
- Date
- Thread