mirror of https://gerrit.hackerspace.pl/hscloud
ops/k0: bump runc to 1.1.12 (CVE-2024-21626)
Change-Id: I204f0a296b600143da43b8c8e34d70d4dcb1b8aa Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1903 Reviewed-by: informatic <informatic@hackerspace.pl>changes/03/1903/3
parent
1b3774b584
commit
faf8a41a83
19
ops/hive.nix
19
ops/hive.nix
|
@ -7,6 +7,14 @@ let
|
|||
hscloud = import ../default.nix { };
|
||||
pkgs = hscloud.pkgs;
|
||||
|
||||
nixpkgsForRunc112 = import
|
||||
(pkgs.fetchFromGitHub {
|
||||
owner = "nixos";
|
||||
repo = "nixpkgs";
|
||||
rev = "f6a0dcdc5008e7aa6ccac5b99a02b73461540789";
|
||||
sha256 = "sha256-ro5vOuY6kDvqXFWLRMcXKkEurJZSD+DQ866aWp0tARk=";
|
||||
}) {};
|
||||
|
||||
# TODO(patryk): unpin and upgrade
|
||||
nixpkgsMachines = import
|
||||
(pkgs.fetchFromGitHub {
|
||||
|
@ -15,7 +23,16 @@ let
|
|||
rev = "e26c0ffdb013cd378fc2528a44689a8bf35d2a6c";
|
||||
sha256 = "1b33hw35fqb9rzszdg5jpiyfvhx2cxpv0qrkyr19zkdpdahzdbss";
|
||||
})
|
||||
{ };
|
||||
{
|
||||
overlays = [
|
||||
(self: super: {
|
||||
# Bump runc to 1.1.12 fix CVE-2024-21626
|
||||
# Taking it from another nixpkgs is the easiest, as nixpkgsMachines'
|
||||
# Go is too old to build a newer verison of runc from upstream.
|
||||
runc = nixpkgsForRunc112.runc;
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
mkClusterMachine = path: {
|
||||
deployment.tags = [ "k8s" ];
|
||||
|
|
Loading…
Reference in New Issue