[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#990201: Update golang-github-appc-cni to 1.0 (was Re: singularity-container: CVE-2021-33622)

Hi again,

I can confirm I've got version 3.9.4 building thanks to all your

Am Fri, Feb 18, 2022 at 11:31:23PM +0530 schrieb Nilesh Patra:
> | dh_fixperms
> | chown -c root.root debian/singularity-container/usr/lib/*/singularity/bin/*
> | chown: changing ownership of 'debian/singularity-container/usr/lib/x86_64-linux-gnu/singularity/bin/starter': Operation not permitted
> | chown: changing ownership of 'debian/singularity-container/usr/lib/x86_64-linux-gnu/singularity/bin/starter-suid': Operation not permitted
> I am not really sure why this is done, but since this is more package related and has not got much to do with golang-land, I leave
> this onto you to carry fwd.

I disabled the attempt `chown -c root.root` which is not permitted on
one hand and not needed on the other hand since the resulting files
inside the Debian package are owned by root anyway.

> Hope that helped.

It helped a lot!

Seems I got cocky now and realised that there is a new version 3.9.5
out.  I did not wanted to upload something that is outdated at the time
of uploading and trusted that it is a minor bugfix release.  Unfortunately
the build has the following issue:

# github.com/sylabs/singularity/vendor/google.golang.org/grpc/status
../vendor/google.golang.org/grpc/status/status.go:176:21: cannot use any (type *any.Any) as type *anypb.Any in append
../vendor/google.golang.org/grpc/status/status.go:190:32: cannot use any (type *anypb.Any) as type *any.Any in argument to ptypes.UnmarshalAny

Please note that I've started to review the vendored copies and replaced
two of these by the Debian packaged code.  I'm not finished - just
wanted to see if I'm breaking something.  IMHO the breakage ist not
caused by the removal of the vendored copies but I wanted to stress this
point here.

Kind regards



Reply to: