)]}'
{"id":"openstack%2Fironic-python-agent~927974","triplet_id":"openstack%2Fironic-python-agent~master~I5254b80717cb5a7f9084e3eff32a00b968f987b7","project":"openstack/ironic-python-agent","branch":"master","topic":"ossa-2024-003","attention_set":{},"removed_from_attention_set":{"10342":{"account":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"last_update":"2024-09-04 20:04:48.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"I5254b80717cb5a7f9084e3eff32a00b968f987b7","subject":"Inspect non-raw images for safety","status":"MERGED","created":"2024-09-04 14:10:19.000000000","updated":"2024-09-04 20:07:42.000000000","submitted":"2024-09-04 20:04:48.000000000","submitter":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"total_comment_count":3,"unresolved_comment_count":1,"has_review_started":true,"submission_id":"927974-ossa-2024-003","meta_rev_id":"5878958b1217ad5cf1141a364353aa7618c5e4ac","_number":927974,"virtual_id_number":927974,"owner":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"actions":{},"labels":{"Verified":{"approved":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"all":[{"tag":"autogenerated:zuul:gate","value":2,"date":"2024-09-04 20:04:47.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"value":0,"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},{"value":0,"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"}],"values":{"-2":"Fails","-1":"Doesn\u0027t seem to work"," 0":"No score","+1":"Works for me","+2":"Verified"},"description":"","default_value":0,"optional":true},"Code-Review":{"approved":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"all":[{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"value":2,"date":"2024-09-04 16:11:39.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},{"value":2,"date":"2024-09-04 18:18:59.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"}],"values":{"-2":"Do not merge","-1":"This patch needs further work before it can be merged"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me (core reviewer)"},"description":"","default_value":0,"optional":true},"Workflow":{"approved":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"all":[{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"value":0,"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},{"value":1,"date":"2024-09-04 18:18:59.000000000","permitted_voting_range":{"min":1,"max":1},"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"}],"values":{"-1":"Work in progress"," 0":"Ready for reviews","+1":"Approved"},"description":"","default_value":0,"optional":true},"Backport-Candidate":{"all":[{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"value":0,"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},{"value":0,"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"}],"values":{"-1":"Do Not Backport"," 0":"Backport Review Needed","+1":"Should Backport"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2024-09-04 14:46:30.000000000","updated_by":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"reviewer":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"state":"REVIEWER"},{"updated":"2024-09-04 15:18:55.000000000","updated_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"reviewer":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"state":"CC"},{"updated":"2024-09-04 17:57:26.000000000","updated_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"reviewer":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"state":"REVIEWER"},{"updated":"2024-09-04 18:17:22.000000000","updated_by":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"reviewer":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"state":"CC"},{"updated":"2024-09-04 18:18:59.000000000","updated_by":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"reviewer":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"state":"REVIEWER"}],"messages":[{"id":"0331f957bea32daafc2f2730a6e63314f29eba0d","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-04 14:10:19.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"16c2103095c79227e39f03e9c0ddc1ace860bcb0","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-04 14:23:58.000000000","message":"Uploaded patch set 2.","accounts_in_message":[],"_revision_number":2},{"id":"ee475e22a4408b46acf50abc6965377abbd3c5bf","author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"date":"2024-09-04 14:46:30.000000000","message":"Patch Set 2: Code-Review+2","accounts_in_message":[],"_revision_number":2},{"id":"29ca230dacf4d36ca7a6f9e170b9b37c5fb002e0","author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"date":"2024-09-04 14:54:15.000000000","message":"Patch Set 2: -Code-Review\n\n(1 comment)","accounts_in_message":[],"_revision_number":2},{"id":"f687796b6bb7a530de06912eb5d4560b275e21d2","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-04 14:58:47.000000000","message":"Uploaded patch set 3.","accounts_in_message":[],"_revision_number":3},{"id":"c5a60eca23d577dbf6cd0678590ee212ae75691f","author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"date":"2024-09-04 14:59:52.000000000","message":"Patch Set 3: Code-Review+2","accounts_in_message":[],"_revision_number":3},{"id":"be474274f61b2c01d329ab4bf930468f0ea41e0f","tag":"autogenerated:zuul:check-arm64","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 15:18:55.000000000","message":"Patch Set 3:\n\nBuild succeeded (ARM64 pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/66baf7ff19d24232a9738942b19850dd\n\n- openstack-tox-py39-arm64 https://zuul.opendev.org/t/openstack/build/1daf3a50739b4e969a412a5f3892769c : SUCCESS in 10m 25s (non-voting)\n- openstack-tox-py311-arm64 https://zuul.opendev.org/t/openstack/build/a91ff96c16b84488ac38a2411003f112 : SUCCESS in 8m 23s (non-voting)","accounts_in_message":[],"_revision_number":3},{"id":"7b8928d3a4dd2f197144fe5a12603281b46c616c","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-04 15:38:28.000000000","message":"Patch Set 3:\n\n(1 comment)","accounts_in_message":[],"_revision_number":3},{"id":"0458a880f3d04f87db2af427045618e5f0f63dcf","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-04 16:11:39.000000000","message":"Uploaded patch set 4: Patch Set 3 was rebased.\n\nCopied Votes:\n* Code-Review+2 (copy condition: \"**changekind:TRIVIAL_REBASE** OR is:MIN\")\n","accounts_in_message":[],"_revision_number":4},{"id":"79f283dd34dd1794797f8afa84ef8d78ed42f0ae","tag":"autogenerated:zuul:check-arm64","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 16:41:59.000000000","message":"Patch Set 4:\n\nBuild succeeded (ARM64 pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/df295236a2b04627847117b672e5082b\n\n- openstack-tox-py39-arm64 https://zuul.opendev.org/t/openstack/build/442188da7ac94e1fa91fb7dc784125cc : SUCCESS in 13m 27s (non-voting)\n- openstack-tox-py311-arm64 https://zuul.opendev.org/t/openstack/build/886d3177ad3d4bb198838216d92944d9 : SUCCESS in 9m 08s (non-voting)","accounts_in_message":[],"_revision_number":4},{"id":"b494d8564cf38bf38416a0510dded75de1b80481","tag":"autogenerated:gerrit:setTopic","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-04 17:24:24.000000000","message":"Topic set to ossa-2024-003","accounts_in_message":[],"_revision_number":4},{"id":"ab599f987df8d2a3773d1eac7ac139fbdd0462d9","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 17:57:26.000000000","message":"Patch Set 4: Verified+1\n\nBuild succeeded (check pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/0700919a4c444538b64e6d7aea39f8d2\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/571c8b38fbbc4faa86f181a0e26c182a : SUCCESS in 5m 33s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/c08512fd8ae840c5a758b1f0fa0c2e87 : SUCCESS in 3m 28s\n- openstack-tox-py39 https://zuul.opendev.org/t/openstack/build/af2ab249aba04b289b53feadaf53cf71 : SUCCESS in 4m 38s\n- openstack-tox-py311 https://zuul.opendev.org/t/openstack/build/9bef34453b7f4cdc924e935a70f2dbf8 : SUCCESS in 5m 02s\n- openstack-tox-py312 https://zuul.opendev.org/t/openstack/build/4177999095134a5da78278e8c1bf3a53 : SUCCESS in 5m 28s (non-voting)\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/9b9ba693435a4aeb9b24fd20bb0eed5f : SUCCESS in 5m 35s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/915f133a20e44389b5142d9d219e2a46 : SUCCESS in 2m 51s\n- openstack-tox-functional https://zuul.opendev.org/t/openstack/build/1fd18d64436a43798096c4d1046517a8 : SUCCESS in 3m 41s\n- ipa-tox-bandit https://zuul.opendev.org/t/openstack/build/b44245f245284137976f20bc292efee1 : SUCCESS in 3m 19s\n- ipa-tempest-bios-ipmi-direct-src https://zuul.opendev.org/t/openstack/build/35c6e583c1ed4b40a306f31ff5cd6d87 : SUCCESS in 1h 13m 30s\n- ipa-tempest-uefi-redfish-vmedia-src https://zuul.opendev.org/t/openstack/build/e8e446723c514dc18dc422ac5d624bde : SUCCESS in 1h 16m 46s\n- metalsmith-integration-ipa-src-uefi https://zuul.opendev.org/t/openstack/build/06ee1931562145688d708eeab474e648 : SUCCESS in 1h 34m 58s\n- metalsmith-integration-ipa-src-legacy https://zuul.opendev.org/t/openstack/build/f95dc259bc194c838cbe606ed04e0a7e : FAILURE in 1h 29m 21s (non-voting)\n- ironic-standalone-ipa-src https://zuul.opendev.org/t/openstack/build/9e5fc412098740ba965e9c5ab2447be6 : SUCCESS in 1h 09m 25s\n- ironic-python-agent-check-image-tinyipa https://zuul.opendev.org/t/openstack/build/0ba3b6c7ca5f4366a368da4983dc16ed : SUCCESS in 20m 59s (non-voting)\n- ironic-python-agent-check-image-dib-centos9 https://zuul.opendev.org/t/openstack/build/f70e7ff556bb44399994e479cddb35ed : SUCCESS in 9m 15s (non-voting)\n- ipa-tempest-ironic-inspector-src https://zuul.opendev.org/t/openstack/build/d29d95de9581428fbd94d7f168dc293b : FAILURE in 1h 43m 17s (non-voting)\n- ipa-tox-codespell https://zuul.opendev.org/t/openstack/build/2de16445f1ba4d4b8b83764bd1d8a827 : SUCCESS in 4m 19s","accounts_in_message":[],"_revision_number":4},{"id":"bbbae6e4c8a881e0672d78a8a2df385ddb398142","author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"date":"2024-09-04 18:17:22.000000000","message":"Patch Set 4:\n\n(1 comment)","accounts_in_message":[],"_revision_number":4},{"id":"a1a2e7f43da432fd0ada4fe85e73da66dddaad83","author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"date":"2024-09-04 18:18:59.000000000","message":"Patch Set 4: Code-Review+2 Workflow+1","accounts_in_message":[],"_revision_number":4},{"id":"c14089b23d6b4cd484fdeb69f49256c650075d74","tag":"autogenerated:zuul:gate","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 18:22:28.000000000","message":"Patch Set 4: -Verified\n\nStarting gate jobs.","accounts_in_message":[],"_revision_number":4},{"id":"f51376470a306d677ab3eb06d360b945c46d4d4b","tag":"autogenerated:zuul:gate","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 20:04:47.000000000","message":"Patch Set 4: Verified+2\n\nBuild succeeded (gate pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/908b5f54b53d40b488418acf6f7522ea\n\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/5d39acbfd4f64f1d9e8da60f078f9f37 : SUCCESS in 3m 09s\n- openstack-tox-py39 https://zuul.opendev.org/t/openstack/build/a9aa4f3a222a45078e92a7c024a76901 : SUCCESS in 4m 34s\n- openstack-tox-py311 https://zuul.opendev.org/t/openstack/build/8fd49e6199ad45b7ab64fd6927ebe764 : SUCCESS in 4m 21s\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/3ee53f6203f04b1194aeabf4eda60872 : SUCCESS in 5m 38s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/4b6b1d633adf47c7931bc7824836618c : SUCCESS in 3m 41s\n- openstack-tox-functional https://zuul.opendev.org/t/openstack/build/0c1a5286885747978fd6acb77a27c93a : SUCCESS in 3m 16s\n- ipa-tox-bandit https://zuul.opendev.org/t/openstack/build/4f7b3524a5e94140889a0de611528cc6 : SUCCESS in 2m 59s\n- ipa-tempest-bios-ipmi-direct-src https://zuul.opendev.org/t/openstack/build/250fb5b861e1474781ce16e4b939dc03 : SUCCESS in 46m 14s\n- ipa-tempest-uefi-redfish-vmedia-src https://zuul.opendev.org/t/openstack/build/7211a24a1fcb4aaca8a591d3cef8a755 : SUCCESS in 53m 31s\n- metalsmith-integration-ipa-src-uefi https://zuul.opendev.org/t/openstack/build/55d992d80e014c33891a24ee6da78e72 : SUCCESS in 1h 12m 52s\n- ironic-standalone-ipa-src https://zuul.opendev.org/t/openstack/build/66ad19a72bf340bab4308016f800fb25 : SUCCESS in 1h 19m 49s\n- ipa-tox-codespell https://zuul.opendev.org/t/openstack/build/fbbfc44fe0f44c60abb716e552c863bd : SUCCESS in 3m 14s","accounts_in_message":[],"_revision_number":4},{"id":"2967a1a208850ec9819b49040e63982add6c5e9f","tag":"autogenerated:gerrit:merged","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 20:04:48.000000000","message":"Change has been successfully merged","accounts_in_message":[],"_revision_number":4},{"id":"5878958b1217ad5cf1141a364353aa7618c5e4ac","tag":"autogenerated:zuul:promote","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 20:07:42.000000000","message":"Patch Set 4:\n\nBuild succeeded (promote pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/15dba89936354b5b96286e8442b26017\n\n- promote-openstack-tox-docs https://zuul.opendev.org/t/openstack/build/f730927245fc406da289e5fff2dc8ef3 : SUCCESS in 39s\n- promote-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/58f784ecea204dda85764c732f4deb7d : SUCCESS in 39s","accounts_in_message":[],"_revision_number":4}],"current_revision_number":4,"current_revision":"e303a369dce6c4c5dd0402701b020888396406f3","revisions":{"38517aeeb194241f21c6e2cb37621f0fd26158ca":{"kind":"REWORK","_number":1,"created":"2024-09-04 14:10:19.000000000","uploader":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"ref":"refs/changes/74/927974/1","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ironic-python-agent","ref":"refs/changes/74/927974/1","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/1"}}},"commit":{"parents":[{"commit":"bd3b596ced759bac182a3dda9798d396cf879e35","subject":"Fix series in release notes","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/bd3b596ced759bac182a3dda9798d396cf879e35"}]}],"author":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-07-30 18:18:14.000000000","tz":-420},"committer":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-09-04 14:10:18.000000000","tz":-420},"subject":"Inspect non-raw images for safety","message":"Inspect non-raw images for safety\n\nWhen IPA gets a non-raw image, it performs an on-the-fly conversion\nusing qemu-img convert, as well as running qemu-img frequently to get\nbasic information about the image before validating it.\n\nNow, we ensure that before any qemu-img calls are made, that we have\ninspected the image for safety and pass through the detected format.\n\nIf given a disk_format\u003draw image and image streaming is enabled\n(default), we retain the existing behavior of not inspecting it in\nany way and streaming it bit-perfect to the device. In this case, we\nnever use qemu-based tools on the image at all.\n\nIf given a disk_format\u003draw image and image streaming is disabled, this\nchange fixes a bug where the image may have been converted if it was not\nactually raw in the first place. We now stream these bit-perfect to the\ndevice.\n\nAdds two config options:\n- [DEFAULT]/disable_deep_image_inspection, which can be set to \"True\" in\n  order to disable all security features. Do not do this.\n- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types\n  IPA should accept.\n\nBoth of these configuration options are wired up to be set by the lookup\ndata returned by Ironic at lookup time.\n\nThis uses a image format inspection module imported from Nova; this\ninspector will eventually live in oslo.utils, at which point we\u0027ll\nmigrate our usage of the inspector to it.\n\nCloses-Bug: #2071740\nChange-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/38517aeeb194241f21c6e2cb37621f0fd26158ca"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/38517aeeb194241f21c6e2cb37621f0fd26158ca"}]},"branch":"refs/heads/master"},"44626da570280f9cc4a7928ee02c4204014b10d8":{"kind":"REWORK","_number":2,"created":"2024-09-04 14:23:58.000000000","uploader":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"ref":"refs/changes/74/927974/2","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ironic-python-agent","ref":"refs/changes/74/927974/2","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/2"}}},"commit":{"parents":[{"commit":"bd3b596ced759bac182a3dda9798d396cf879e35","subject":"Fix series in release notes","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/bd3b596ced759bac182a3dda9798d396cf879e35"}]}],"author":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-07-30 18:18:14.000000000","tz":-420},"committer":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-09-04 14:23:52.000000000","tz":-420},"subject":"Inspect non-raw images for safety","message":"Inspect non-raw images for safety\n\nWhen IPA gets a non-raw image, it performs an on-the-fly conversion\nusing qemu-img convert, as well as running qemu-img frequently to get\nbasic information about the image before validating it.\n\nNow, we ensure that before any qemu-img calls are made, that we have\ninspected the image for safety and pass through the detected format.\n\nIf given a disk_format\u003draw image and image streaming is enabled\n(default), we retain the existing behavior of not inspecting it in\nany way and streaming it bit-perfect to the device. In this case, we\nnever use qemu-based tools on the image at all.\n\nIf given a disk_format\u003draw image and image streaming is disabled, this\nchange fixes a bug where the image may have been converted if it was not\nactually raw in the first place. We now stream these bit-perfect to the\ndevice.\n\nAdds two config options:\n- [DEFAULT]/disable_deep_image_inspection, which can be set to \"True\" in\n  order to disable all security features. Do not do this.\n- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types\n  IPA should accept.\n\nBoth of these configuration options are wired up to be set by the lookup\ndata returned by Ironic at lookup time.\n\nThis uses a image format inspection module imported from Nova; this\ninspector will eventually live in oslo.utils, at which point we\u0027ll\nmigrate our usage of the inspector to it.\n\nCloses-Bug: #2071740\nChange-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/44626da570280f9cc4a7928ee02c4204014b10d8"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/44626da570280f9cc4a7928ee02c4204014b10d8"}]},"branch":"refs/heads/master"},"d138211dff7d5cf46d4a6365f4c6499939e9e9ec":{"kind":"REWORK","_number":3,"created":"2024-09-04 14:58:47.000000000","uploader":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"ref":"refs/changes/74/927974/3","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ironic-python-agent","ref":"refs/changes/74/927974/3","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/3"}}},"commit":{"parents":[{"commit":"bd3b596ced759bac182a3dda9798d396cf879e35","subject":"Fix series in release notes","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/bd3b596ced759bac182a3dda9798d396cf879e35"}]}],"author":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-07-30 18:18:14.000000000","tz":-420},"committer":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-09-04 14:58:41.000000000","tz":-420},"subject":"Inspect non-raw images for safety","message":"Inspect non-raw images for safety\n\nWhen IPA gets a non-raw image, it performs an on-the-fly conversion\nusing qemu-img convert, as well as running qemu-img frequently to get\nbasic information about the image before validating it.\n\nNow, we ensure that before any qemu-img calls are made, that we have\ninspected the image for safety and pass through the detected format.\n\nIf given a disk_format\u003draw image and image streaming is enabled\n(default), we retain the existing behavior of not inspecting it in\nany way and streaming it bit-perfect to the device. In this case, we\nnever use qemu-based tools on the image at all.\n\nIf given a disk_format\u003draw image and image streaming is disabled, this\nchange fixes a bug where the image may have been converted if it was not\nactually raw in the first place. We now stream these bit-perfect to the\ndevice.\n\nAdds two config options:\n- [DEFAULT]/disable_deep_image_inspection, which can be set to \"True\" in\n  order to disable all security features. Do not do this.\n- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types\n  IPA should accept.\n\nBoth of these configuration options are wired up to be set by the lookup\ndata returned by Ironic at lookup time.\n\nThis uses a image format inspection module imported from Nova; this\ninspector will eventually live in oslo.utils, at which point we\u0027ll\nmigrate our usage of the inspector to it.\n\nCloses-Bug: #2071740\nChange-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/d138211dff7d5cf46d4a6365f4c6499939e9e9ec"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/d138211dff7d5cf46d4a6365f4c6499939e9e9ec"}]},"branch":"refs/heads/master"},"e303a369dce6c4c5dd0402701b020888396406f3":{"kind":"TRIVIAL_REBASE","_number":4,"created":"2024-09-04 16:11:39.000000000","uploader":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"ref":"refs/changes/74/927974/4","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ironic-python-agent","ref":"refs/changes/74/927974/4","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/4 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/4 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/4 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ironic-python-agent refs/changes/74/927974/4"}}},"commit":{"parents":[{"commit":"ba5c1bfe2abc7ee5891d7ec56489c15e63e9a413","subject":"Remove and disable examples job","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/ba5c1bfe2abc7ee5891d7ec56489c15e63e9a413"}]}],"author":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-07-30 18:18:14.000000000","tz":-420},"committer":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-09-04 16:11:28.000000000","tz":-420},"subject":"Inspect non-raw images for safety","message":"Inspect non-raw images for safety\n\nWhen IPA gets a non-raw image, it performs an on-the-fly conversion\nusing qemu-img convert, as well as running qemu-img frequently to get\nbasic information about the image before validating it.\n\nNow, we ensure that before any qemu-img calls are made, that we have\ninspected the image for safety and pass through the detected format.\n\nIf given a disk_format\u003draw image and image streaming is enabled\n(default), we retain the existing behavior of not inspecting it in\nany way and streaming it bit-perfect to the device. In this case, we\nnever use qemu-based tools on the image at all.\n\nIf given a disk_format\u003draw image and image streaming is disabled, this\nchange fixes a bug where the image may have been converted if it was not\nactually raw in the first place. We now stream these bit-perfect to the\ndevice.\n\nAdds two config options:\n- [DEFAULT]/disable_deep_image_inspection, which can be set to \"True\" in\n  order to disable all security features. Do not do this.\n- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types\n  IPA should accept.\n\nBoth of these configuration options are wired up to be set by the lookup\ndata returned by Ironic at lookup time.\n\nThis uses a image format inspection module imported from Nova; this\ninspector will eventually live in oslo.utils, at which point we\u0027ll\nmigrate our usage of the inspector to it.\n\nCloses-Bug: #2071740\nChange-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/e303a369dce6c4c5dd0402701b020888396406f3"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/e303a369dce6c4c5dd0402701b020888396406f3"}]},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[{"rule_name":"gerrit~DefaultSubmitRule","status":"CLOSED","labels":[{"label":"Verified","status":"MAY","applied_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}},{"label":"Code-Review","status":"MAY","applied_by":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"}},{"label":"Workflow","status":"MAY","applied_by":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"}},{"label":"Backport-Candidate","status":"MAY"}]}],"submit_requirements":[{"name":"Verified","description":"Verified in gate by CI","status":"SATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Verified\u003dMAX AND -label:Verified\u003dMIN","fulfilled":true,"status":"PASS","passing_atoms":["label:Verified\u003dMAX"],"failing_atoms":["label:Verified\u003dMIN"],"atom_explanations":{}}},{"name":"Backport-Candidate","description":"Backport candidate status","status":"NOT_APPLICABLE","is_legacy":false,"applicability_expression_result":{"fulfilled":false,"status":"FAIL"},"submittability_expression_result":{"expression":"is:true","fulfilled":true,"status":"NOT_EVALUATED","passing_atoms":[],"failing_atoms":[],"atom_explanations":{}}},{"name":"Code-Review","description":"Code reviewed by core reviewer","status":"SATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Code-Review\u003dMAX AND -label:Code-Review\u003dMIN","fulfilled":true,"status":"PASS","passing_atoms":["label:Code-Review\u003dMAX"],"failing_atoms":["label:Code-Review\u003dMIN"],"atom_explanations":{}}},{"name":"Workflow","description":"Approved for gate by core reviewer","status":"SATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Workflow\u003dMAX AND -label:Workflow\u003dMIN","fulfilled":true,"status":"PASS","passing_atoms":["label:Workflow\u003dMAX"],"failing_atoms":["label:Workflow\u003dMIN"],"atom_explanations":{}}}]}