Skip to content

Commit

Permalink
build(deps): bump github.com/coreos/ignition/v2 from 2.18.0 to 2.19.0
Browse files Browse the repository at this point in the history
Bumps [github.com/coreos/ignition/v2](https://github.com/coreos/ignition) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/coreos/ignition/releases)
- [Changelog](https://github.com/coreos/ignition/blob/main/docs/release-notes.md)
- [Commits](coreos/ignition@v2.18.0...v2.19.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/ignition/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
  • Loading branch information
dependabot[bot] authored and madhu-pillai committed Oct 22, 2024
1 parent cdd101e commit f6f2964
Show file tree
Hide file tree
Showing 20 changed files with 115 additions and 38 deletions.
3 changes: 2 additions & 1 deletion config/common/errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,8 @@ var (
ErrNoLuksBootDevice = errors.New("device is required for layouts: s390x-eckd, s390x-zfcp")
ErrMirrorNotSupport = errors.New("mirroring not supported on layouts: s390x-eckd, s390x-zfcp, s390x-virt")
ErrLuksBootDeviceBadName = errors.New("device name must start with /dev/dasd on s390x-eckd layout or /dev/sd on s390x-zfcp layout")
ErrCexUnSupportArch = errors.New("cex does not supported architectures other than s390x")
ErrCexArchitectureMismatch = errors.New("when using cex the targeted architecture must match s390x")
ErrCexNotSupported = errors.New("cex is not currently supported on the target platform")

// partition
ErrReuseByLabel = errors.New("partitions cannot be reused by label; number must be specified except on boot disk (/dev/disk/by-id/coreos-boot-disk) or when wipe_table is true")
Expand Down
2 changes: 1 addition & 1 deletion config/fcos/v1_6_exp/schema.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@ type BootDevice struct {
}

type BootDeviceLuks struct {
Cex base.Cex `yaml:"cex"`
Discard *bool `yaml:"discard"`
Device *string `yaml:"device"`
Enabled *bool `yaml:"enabled"`
Tang []base.Tang `yaml:"tang"`
Threshold *int `yaml:"threshold"`
Tpm2 *bool `yaml:"tpm2"`
Expand Down
9 changes: 4 additions & 5 deletions config/fcos/v1_6_exp/translate.go
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ func (c Config) processBootDevice(config *types.Config, ts *translate.Translatio
var r report.Report

// check for high-level features
wantLuks := util.IsTrue(c.BootDevice.Luks.Tpm2) || len(c.BootDevice.Luks.Tang) > 0 || util.IsTrue(c.BootDevice.Luks.Enabled)
wantLuks := util.IsTrue(c.BootDevice.Luks.Tpm2) || len(c.BootDevice.Luks.Tang) > 0 || util.IsTrue(c.BootDevice.Luks.Cex.Enabled)
wantMirror := len(c.BootDevice.Mirror.Devices) > 0
if !wantLuks && !wantMirror {
return r
Expand Down Expand Up @@ -252,7 +252,7 @@ func (c Config) processBootDevice(config *types.Config, ts *translate.Translatio
default:
luksDevice = "/dev/disk/by-partlabel/root"
}
if util.IsTrue(c.BootDevice.Luks.Enabled) {
if util.IsTrue(c.BootDevice.Luks.Cex.Enabled) {
cex, ts2, r2 := translateBootDeviceLuksCex(c.BootDevice.Luks, options)
rendered.Storage.Luks = []types.Luks{{
Cex: cex,
Expand Down Expand Up @@ -343,9 +343,8 @@ func translateBootDeviceLuksCex(from BootDeviceLuks, options common.TranslateOpt
tr := translate.NewTranslator("yaml", "json", options)
// Discard field is handled by the caller because it doesn't go
// into types.Cex
tm, r = translate.Prefixed(tr, "enabled", &from.Enabled, &to.Enabled)
//translate.MergeP(tr, tm, &r, "threshold", &from.Threshold, &to.Threshold)
translate.MergeP(tr, tm, &r, "enabled", &from.Enabled, &to.Enabled)
tm, r = translate.Prefixed(tr, "enabled", &from.Cex.Enabled, &to.Enabled)
translate.MergeP(tr, tm, &r, "enabled", &from.Cex.Enabled, &to.Enabled)
// we're being called manually, not via the translate package's
// custom translator mechanism, so we have to add the base
// translation ourselves
Expand Down
10 changes: 5 additions & 5 deletions config/fcos/v1_6_exp/validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,8 @@ func (d BootDevice) Validate(c path.ContextPath) (r report.Report) {
if layout != nil {
switch *layout {
case "aarch64", "ppc64le", "x86_64":
if util.IsTrue(d.Luks.Enabled) {
r.AddOnError(c.Append(*layout), common.ErrCexUnSupportArch)
if util.IsTrue(d.Luks.Cex.Enabled) {
r.AddOnError(c.Append(*layout), common.ErrCexArchitectureMismatch)
}
case "s390x-eckd":
if util.NilOrEmpty(d.Luks.Device) {
Expand All @@ -82,13 +82,13 @@ func (d BootDevice) Validate(c path.ContextPath) (r report.Report) {
}
}

if util.IsTrue(d.Luks.Enabled) && (len(d.Luks.Tang) > 0 || util.IsTrue(d.Luks.Tpm2)) {
if util.IsTrue(d.Luks.Cex.Enabled) && (len(d.Luks.Tang) > 0 || util.IsTrue(d.Luks.Tpm2)) {
r.AddOnError(c.Append("luks"), errors.ErrCexWithClevis)
}
}

if layout == nil && util.IsTrue(d.Luks.Enabled) {
r.AddOnError(c.Append("cex"), common.ErrCexUnSupportArch)
if layout == nil && util.IsTrue(d.Luks.Cex.Enabled) {
r.AddOnError(c.Append("cex"), common.ErrCexArchitectureMismatch)
}
r.Merge(d.Mirror.Validate(c.Append("mirror")))
return
Expand Down
6 changes: 4 additions & 2 deletions config/fcos/v1_6_exp/validate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -166,8 +166,10 @@ func TestValidateBootDevice(t *testing.T) {
BootDevice{
Layout: util.StrToPtr("s390x-eckd"),
Luks: BootDeviceLuks{
Device: util.StrToPtr("/dev/dasda"),
Enabled: util.BoolToPtr(true),
Device: util.StrToPtr("/dev/dasda"),
Cex: base.Cex{
Enabled: util.BoolToPtr(true),
},
},
},
nil,
Expand Down
8 changes: 7 additions & 1 deletion config/flatcar/v1_2_exp/translate.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,15 @@ import (
"github.com/coreos/vcontext/report"
)

var (
fieldFilters = cutil.NewFilters(types.Config{}, cutil.FilterMap{
"storage.luks.cex": common.ErrCexNotSupported,
})
)

// Return FieldFilters for this spec.
func (c Config) FieldFilters() *cutil.FieldFilters {
return nil
return &fieldFilters
}

// ToIgn3_5 translates the config to an Ignition config. It returns a
Expand Down
3 changes: 2 additions & 1 deletion docs/config-fcos-v1_6-exp.md
Original file line number Diff line number Diff line change
Expand Up @@ -221,7 +221,8 @@ The Fedora CoreOS configuration is a YAML document conforming to the following s
* **_tpm2_** (boolean): whether or not to use a tpm2 device.
* **_threshold_** (integer): sets the minimum number of pieces required to decrypt the device. Default is 1.
* **_discard_** (boolean): whether to issue discard commands to the underlying block device when blocks are freed. Enabling this improves performance and device longevity on SSDs and space utilization on thinly provisioned SAN devices, but leaks information about which disk blocks contain data. If omitted, it defaults to false.
* **_enabled_** (boolean): UnSupported
* **_cex_** (object): describes the IBM Crypto Express (CEX) card configuration for the luks device.
* **_enabled_** (boolean): whether or not to enable cex compatibility for luks. If omitted, defaults to false.
* **_mirror_** (object): describes mirroring of the boot disk for fault tolerance.
* **_devices_** (list of strings): the list of whole-disk devices (not partitions) to include in the disk array, referenced by their absolute path. At least two devices must be specified.
* **_grub_** (object): describes the desired GRUB bootloader configuration.
Expand Down
2 changes: 0 additions & 2 deletions docs/config-flatcar-v1_2-exp.md
Original file line number Diff line number Diff line change
Expand Up @@ -168,8 +168,6 @@ The Flatcar configuration is a YAML document conforming to the following specifi
* **pin** (string): the clevis pin.
* **config** (string): the clevis configuration JSON.
* **_needs_network_** (boolean): whether or not the device requires networking.
* **_cex_** (object): describes the IBM Crypto Express (CEX) card configuration for the luks device.
* **_enabled_** (boolean): whether or not to use a CEX secure key to encrypt the luks device.
* **_trees_** (list of objects): a list of local directory trees to be embedded in the config. Ownership is not preserved. File modes are set to 0755 if the local file is executable or 0644 otherwise. Attributes of files, directories, and symlinks can be overridden by creating a corresponding entry in the `files`, `directories`, or `links` section; such `files` entries must omit `contents` and such `links` entries must omit `target`.
* **local** (string): the base of the local directory tree, relative to the directory specified by the `--files-dir` command-line argument.
* **_path_** (string): the path of the tree within the target system. Defaults to `/`.
Expand Down
3 changes: 2 additions & 1 deletion docs/config-openshift-v4_18-exp.md
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,8 @@ The OpenShift configuration is a YAML document conforming to the following speci
* **_tpm2_** (boolean): whether or not to use a tpm2 device.
* **_threshold_** (integer): sets the minimum number of pieces required to decrypt the device. Default is 1.
* **_discard_** (boolean): whether to issue discard commands to the underlying block device when blocks are freed. Enabling this improves performance and device longevity on SSDs and space utilization on thinly provisioned SAN devices, but leaks information about which disk blocks contain data. If omitted, it defaults to false.
* **_enabled_** (boolean): UnSupported
* **_cex_** (object): describes the IBM Crypto Express (CEX) card configuration for the luks device.
* **_enabled_** (boolean): whether or not to enable cex compatibility for luks. If omitted, defaults to false.
* **_mirror_** (object): describes mirroring of the boot disk for fault tolerance.
* **_devices_** (list of strings): the list of whole-disk devices (not partitions) to include in the disk array, referenced by their absolute path. At least two devices must be specified.
* **_grub_** (object): describes the desired GRUB bootloader configuration.
Expand Down
3 changes: 2 additions & 1 deletion docs/examples.md
Original file line number Diff line number Diff line change
Expand Up @@ -350,7 +350,8 @@ boot_device:
layout: s390x-eckd
luks:
device: /dev/dasda
enabled: true
cex:
enabled: true
```

### Mirrored boot disk
Expand Down
17 changes: 17 additions & 0 deletions docs/release-notes.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,23 @@ nav_order: 9
- Roll back to Ignition spec 3.4.0 _(openshift 4.17.0)_


### Breaking changes


### Features

- Support LUKS encryption using IBM CEX secure keys on s390x

### Bug fixes


## Misc. changes


### Docs changes



## Butane 0.21.0 (2024-06-06)

Starting with this release, Butane binaries are signed with the [Fedora 40
Expand Down
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ require (
github.com/clarketm/json v1.17.1
github.com/coreos/go-semver v0.3.1
github.com/coreos/go-systemd/v22 v22.5.0
github.com/coreos/ignition/v2 v2.18.0
github.com/coreos/ignition/v2 v2.19.0
github.com/coreos/vcontext v0.0.0-20230201181013-d72178a18687
github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace
github.com/stretchr/testify v1.9.0
Expand All @@ -15,7 +15,7 @@ require (
)

require (
github.com/aws/aws-sdk-go v1.50.25 // indirect
github.com/aws/aws-sdk-go v1.53.5 // indirect
github.com/coreos/go-json v0.0.0-20230131223807-18775e0fb4fb // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/kr/pretty v0.3.1 // indirect
Expand Down
8 changes: 4 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
github.com/aws/aws-sdk-go v1.50.25 h1:vhiHtLYybv1Nhx3Kv18BBC6L0aPJHaG9aeEsr92W99c=
github.com/aws/aws-sdk-go v1.50.25/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/aws/aws-sdk-go v1.53.5 h1:1OcVWMjGlwt7EU5OWmmEEXqaYfmX581EK317QJZXItM=
github.com/aws/aws-sdk-go v1.53.5/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/clarketm/json v1.17.1 h1:U1IxjqJkJ7bRK4L6dyphmoO840P6bdhPdbbLySourqI=
github.com/clarketm/json v1.17.1/go.mod h1:ynr2LRfb0fQU34l07csRNBTcivjySLLiY1YzQqKVfdo=
github.com/coreos/go-json v0.0.0-20230131223807-18775e0fb4fb h1:rmqyI19j3Z/74bIRhuC59RB442rXUazKNueVpfJPxg4=
Expand All @@ -8,8 +8,8 @@ github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr
github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/coreos/ignition/v2 v2.18.0 h1:sPSGGsxaCuFMpKOMBQ71I9RIR20SIF4dWnoTomcPEYQ=
github.com/coreos/ignition/v2 v2.18.0/go.mod h1:TURPHDqWUWTmej8c+CEMBENMU3N/Lt6GfreHJuoDMbA=
github.com/coreos/ignition/v2 v2.19.0 h1:ek200E31M1NCVyvL22Bd40kOJp7yt1gdHAb3xwqTi8Y=
github.com/coreos/ignition/v2 v2.19.0/go.mod h1:ydb815SaH9A4304wIUoCS5IHyKRHWEp7dfJH8cQW2gA=
github.com/coreos/vcontext v0.0.0-20230201181013-d72178a18687 h1:uSmlDgJGbUB0bwQBcZomBTottKwEDF5fF8UjSwKSzWM=
github.com/coreos/vcontext v0.0.0-20230201181013-d72178a18687/go.mod h1:Salmysdw7DAVuobBW/LwsKKgpyCPHUhjyJoMJD+ZJiI=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
Expand Down
15 changes: 5 additions & 10 deletions internal/doc/butane.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -344,16 +344,11 @@ root:
desc: sets the minimum number of pieces required to decrypt the device. Default is 1.
- name: discard
desc: whether to issue discard commands to the underlying block device when blocks are freed. Enabling this improves performance and device longevity on SSDs and space utilization on thinly provisioned SAN devices, but leaks information about which disk blocks contain data. If omitted, it defaults to false.
- name: enabled
desc: whether or not to use a cex device.
transforms:
- regex: ".*"
replacement: "UnSupported"
if:
- variant: fcos
min: 1.6.0-experimental
- variant: openshift
min: 4.16.0-experimental
- name: cex
desc: describes the IBM Crypto Express (CEX) card configuration for the luks device.
children:
- name: enabled
desc: whether or not to enable cex compatibility for luks. If omitted, defaults to false.
- name: mirror
desc: describes mirroring of the boot disk for fault tolerance.
children:
Expand Down
5 changes: 5 additions & 0 deletions vendor/github.com/coreos/ignition/v2/config/doc/ignition.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions vendor/modules.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# github.com/aws/aws-sdk-go v1.50.25
# github.com/aws/aws-sdk-go v1.53.5
## explicit; go 1.19
github.com/aws/aws-sdk-go/aws/arn
# github.com/clarketm/json v1.17.1
Expand All @@ -13,7 +13,7 @@ github.com/coreos/go-semver/semver
# github.com/coreos/go-systemd/v22 v22.5.0
## explicit; go 1.12
github.com/coreos/go-systemd/v22/unit
# github.com/coreos/ignition/v2 v2.18.0
# github.com/coreos/ignition/v2 v2.19.0
## explicit; go 1.20
github.com/coreos/ignition/v2/config/doc
github.com/coreos/ignition/v2/config/merge
Expand Down

0 comments on commit f6f2964

Please sign in to comment.