)]}'
{"id":"openstack%2Fironic-python-agent~927979","triplet_id":"openstack%2Fironic-python-agent~stable%2F2023.1~I5254b80717cb5a7f9084e3eff32a00b968f987b7","project":"openstack/ironic-python-agent","branch":"stable/2023.1","topic":"ossa-2024-003","attention_set":{},"removed_from_attention_set":{"10342":{"account":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"last_update":"2024-09-06 19:47:04.000000000","reason":"Change was submitted"},"4571":{"account":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"last_update":"2024-09-06 19:47:04.000000000","reason":"Change was submitted"}},"hashtags":[],"change_id":"I5254b80717cb5a7f9084e3eff32a00b968f987b7","subject":"Inspect non-raw images for safety","status":"MERGED","created":"2024-09-04 14:10:56.000000000","updated":"2024-09-06 19:49:54.000000000","submitted":"2024-09-06 19:47:04.000000000","submitter":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"total_comment_count":1,"unresolved_comment_count":0,"has_review_started":true,"submission_id":"927979-ossa-2024-003","meta_rev_id":"032ae06efb38fdb41281c395f1e1a0077089631a","_number":927979,"virtual_id_number":927979,"owner":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"actions":{},"labels":{"Verified":{"approved":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"all":[{"value":0,"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},{"value":0,"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},{"tag":"autogenerated:zuul:gate","value":2,"date":"2024-09-06 19:47:04.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-2":"Fails","-1":"Doesn\u0027t seem to work"," 0":"No score","+1":"Works for me","+2":"Verified"},"description":"","default_value":0,"optional":true},"Code-Review":{"approved":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"all":[{"value":2,"date":"2024-09-06 17:48:33.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},{"value":2,"date":"2024-09-06 17:05:06.000000000","permitted_voting_range":{"min":2,"max":2},"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-2":"Do not merge","-1":"This patch needs further work before it can be merged"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me (core reviewer)"},"description":"","default_value":0,"optional":true},"Workflow":{"approved":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"all":[{"value":1,"date":"2024-09-06 17:48:33.000000000","permitted_voting_range":{"min":1,"max":1},"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},{"value":0,"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-1":"Work in progress"," 0":"Ready for reviews","+1":"Approved"},"description":"","default_value":0,"optional":true},"Backport-Candidate":{"all":[{"value":0,"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},{"value":0,"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},{"value":0,"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}],"values":{"-1":"Do Not Backport"," 0":"Backport Review Needed","+1":"Should Backport"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2024-09-04 15:10:14.000000000","updated_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"reviewer":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"state":"CC"},{"updated":"2024-09-04 15:53:28.000000000","updated_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"reviewer":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"state":"REVIEWER"},{"updated":"2024-09-04 23:00:21.000000000","updated_by":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"reviewer":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"state":"REVIEWER"},{"updated":"2024-09-04 23:24:44.000000000","updated_by":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"reviewer":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"state":"REVIEWER"}],"messages":[{"id":"fa8b2c6656586b5aa2f7c0183df608ed6e4f4652","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-04 14:10:56.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"2e7e18327a4d2161b785bd32e354cfc2a22527c2","tag":"autogenerated:zuul:check-arm64","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 15:10:14.000000000","message":"Patch Set 1:\n\nBuild succeeded (ARM64 pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/ab65757209cc4c8d83324da8f9175955\n\n- openstack-tox-py38-arm64 https://zuul.opendev.org/t/openstack/build/ab1385311c1842a898e0feceff0c8b8e : SUCCESS in 7m 11s (non-voting)","accounts_in_message":[],"_revision_number":1},{"id":"ddcd9aca1dca05db70a3b2afe04486c10846a856","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 15:53:28.000000000","message":"Patch Set 1: Verified-1\n\nBuild failed (check pipeline).  For information on how to proceed, see\nhttps://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing\nand https://docs.openstack.org/project-team-guide/testing.html#how-to-handle-test-failures\n\nhttps://zuul.opendev.org/t/openstack/buildset/1542d1414ded4380bd7128ac1c23abe5\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/621ef34d9ccd4f729596b5771e84aca9 : SUCCESS in 6m 12s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/fdd4e92931a844369af99f942c42845f : SUCCESS in 3m 06s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/4d00e768d1e940efb7f62dc56bd4825c : SUCCESS in 4m 59s\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/7446b6549e2744d99b00e0c90ede8c01 : SUCCESS in 5m 26s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/1008caa81c8f4413a9955701858efdb4 : SUCCESS in 4m 54s\n- openstack-tox-functional https://zuul.opendev.org/t/openstack/build/3bfce88317914597beedc21ce3fcbf9d : SUCCESS in 3m 28s\n- ipa-tox-examples https://zuul.opendev.org/t/openstack/build/3853e2b84c664974b9567d3fb4c3a5a6 : SUCCESS in 3m 20s\n- ipa-tempest-bios-ipmi-direct-src https://zuul.opendev.org/t/openstack/build/ba0bac5898a045c2bf39d99a7bbfe3ad : FAILURE in 1h 12m 48s\n- ipa-tempest-uefi-redfish-vmedia-src https://zuul.opendev.org/t/openstack/build/10af89cd36b74951be54d0b16defec18 : FAILURE in 57m 37s\n- metalsmith-integration-ipa-src-uefi https://zuul.opendev.org/t/openstack/build/ae3a6df13d2c4658b92bb46e535f9fef : FAILURE in 39m 31s\n- metalsmith-integration-ipa-src-legacy https://zuul.opendev.org/t/openstack/build/679bd1e8b9d34545920dde8dea9dd8ff : FAILURE in 47m 11s\n- ironic-standalone-ipa-src https://zuul.opendev.org/t/openstack/build/e38f98ab85b7420eb9a4e1115f4af296 : FAILURE in 48m 55s\n- ironic-python-agent-check-image-tinyipa https://zuul.opendev.org/t/openstack/build/97adda93ea9b46f2aec998c70ceb1d15 : SUCCESS in 19m 38s (non-voting)\n- ironic-python-agent-check-image-dib-centos9 https://zuul.opendev.org/t/openstack/build/732b88b2a639471ba703d454091c930f : FAILURE in 2m 38s (non-voting)\n- ipa-tempest-ironic-inspector-src https://zuul.opendev.org/t/openstack/build/8da9e19e204b4b3991a6222f4726ccb0 : FAILURE in 1h 16m 21s (non-voting)\n- ipa-tox-bandit https://zuul.opendev.org/t/openstack/build/ab3bb6fa1e1d445d8cce0f73cbd5b59c : FAILURE in 3m 52s (non-voting)","accounts_in_message":[],"_revision_number":1},{"id":"3ca27c7ef053e49eb9fda4eac212d91bdcfe1eba","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-04 16:19:25.000000000","message":"Uploaded patch set 2: Patch Set 1 was rebased.\n\nOutdated Votes:\n* Verified-1\n","accounts_in_message":[],"_revision_number":2},{"id":"edf73d6224d1c39baece8007e7c1516acc3bf2a7","tag":"autogenerated:gerrit:setTopic","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-04 17:25:56.000000000","message":"Topic set to ossa-2024-003","accounts_in_message":[],"_revision_number":2},{"id":"4a39045f70f0d9a1a2f0671560914efe243266a0","tag":"autogenerated:zuul:check-arm64","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 18:28:21.000000000","message":"Patch Set 2:\n\nBuild succeeded (ARM64 pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/4f2ceae3d65e420e8da8d89c08b06cd7\n\n- openstack-tox-py38-arm64 https://zuul.opendev.org/t/openstack/build/ff6469038dc2440d8ff1caf43a95a8d0 : SUCCESS in 4m 42s (non-voting)","accounts_in_message":[],"_revision_number":2},{"id":"601b1b84608de9f7a7e4204ccd2e20a0af62ab9a","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 19:27:55.000000000","message":"Patch Set 2: Verified-1\n\nBuild failed (check pipeline).  For information on how to proceed, see\nhttps://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing\nand https://docs.openstack.org/project-team-guide/testing.html#how-to-handle-test-failures\n\nhttps://zuul.opendev.org/t/openstack/buildset/09c74d233e93466ab02ff49277b9ed69\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/5e6e977247fd4de5b8d953bbf7ae50f6 : SUCCESS in 5m 26s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/1cafd42a06db4c0784c725a9c2b922a0 : SUCCESS in 3m 42s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/76c2ae80e3714e74a540e5ae6ba50b3c : SUCCESS in 4m 58s\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/0968b568877341a68cf0a743a66bfa99 : SUCCESS in 5m 17s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/d268664747264ecd9dd20df004e5fdab : SUCCESS in 3m 00s\n- openstack-tox-functional https://zuul.opendev.org/t/openstack/build/f380174d7ef34d02a614c01d0cc20df6 : SUCCESS in 3m 35s\n- ipa-tempest-bios-ipmi-direct-src https://zuul.opendev.org/t/openstack/build/7fac8b0a1546492e95988e44a6a4061a : FAILURE in 24m 58s\n- ipa-tempest-uefi-redfish-vmedia-src https://zuul.opendev.org/t/openstack/build/2acef3837c8e421a8968b05c0cb53512 : FAILURE in 30m 04s\n- metalsmith-integration-ipa-src-uefi https://zuul.opendev.org/t/openstack/build/2e62eb3c983d40238abc989180db6371 : FAILURE in 50m 14s\n- metalsmith-integration-ipa-src-legacy https://zuul.opendev.org/t/openstack/build/e0e61e2a244a410f84f47f8f63e5827f : FAILURE in 52m 02s\n- ironic-standalone-ipa-src https://zuul.opendev.org/t/openstack/build/453cf056cb7a44578ca667cf1b51d541 : SUCCESS in 1h 28m 20s\n- ironic-python-agent-check-image-tinyipa https://zuul.opendev.org/t/openstack/build/29598d1c4f0a4cdfa30a617c1c8aace1 : SUCCESS in 17m 50s (non-voting)\n- ironic-python-agent-check-image-dib-centos9 https://zuul.opendev.org/t/openstack/build/30f5732117c5448886db7d989077d621 : FAILURE in 2m 49s (non-voting)\n- ipa-tempest-ironic-inspector-src https://zuul.opendev.org/t/openstack/build/b18c44e6b6494c13b5c74fcdacb8aa24 : TIMED_OUT in 3h 02m 58s (non-voting)\n- ipa-tox-bandit https://zuul.opendev.org/t/openstack/build/c0cb5ece6f4d4548ac346019c23d2c86 : FAILURE in 3m 43s (non-voting)","accounts_in_message":[],"_revision_number":2},{"id":"a8909465e20b40f80285561daf889cc4d2747bd8","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-04 21:24:12.000000000","message":"Patch Set 2:\n\n(1 comment)","accounts_in_message":[],"_revision_number":2},{"id":"30d8c15fbec8ee80b22a1b758e201573c1b97e22","tag":"autogenerated:zuul:check-arm64","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-04 21:36:26.000000000","message":"Patch Set 2:\n\nBuild succeeded (ARM64 pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/96eee5ffdece4d12b16cc38b93983075\n\n- openstack-tox-py38-arm64 https://zuul.opendev.org/t/openstack/build/d807fd77f76640b8b0a9adc7f0d1a909 : SUCCESS in 4m 34s (non-voting)","accounts_in_message":[],"_revision_number":2},{"id":"92b9b0bd76a9b1939d971ee6dc894b95918ef69b","author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"date":"2024-09-04 23:00:21.000000000","message":"Patch Set 2: Code-Review+2","accounts_in_message":[],"_revision_number":2},{"id":"794eb8c7f11b08f84b025438e54659c125d5821a","author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"date":"2024-09-04 23:24:44.000000000","message":"Patch Set 2: Code-Review+2 Workflow+1","accounts_in_message":[],"_revision_number":2},{"id":"5e8703d07ad3880bd9aa5659eb745c5498b08c0a","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-05 00:23:16.000000000","message":"Patch Set 2:\n\nBuild failed (check pipeline).  For information on how to proceed, see\nhttps://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing\nand https://docs.openstack.org/project-team-guide/testing.html#how-to-handle-test-failures\n\nhttps://zuul.opendev.org/t/openstack/buildset/58a6d86f64fd45d99b0ae97ef52914d3\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/5b0410fd32774a8886b1e11846a00f00 : SUCCESS in 5m 04s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/f8dab2591c294670b7f4289cdfb182a5 : SUCCESS in 4m 52s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/7509aee9617f4b52b466b50ae823d475 : SUCCESS in 3m 19s\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/55e99d6e5aa04ae1a11bfae042b9ec17 : SUCCESS in 5m 06s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/f3b39d204ce54041a9055b6541ac3b86 : SUCCESS in 2m 22s\n- openstack-tox-functional https://zuul.opendev.org/t/openstack/build/338c187ad6eb4f0d9ecbb082ba98dd99 : SUCCESS in 4m 23s\n- ipa-tempest-bios-ipmi-direct-src https://zuul.opendev.org/t/openstack/build/63bd7b73b5684cc4a43a050b5fefbd95 : SUCCESS in 1h 22m 13s\n- ipa-tempest-uefi-redfish-vmedia-src https://zuul.opendev.org/t/openstack/build/e2bba53f3edc4f32a86fdffce6d32f0b : SUCCESS in 1h 28m 58s\n- metalsmith-integration-ipa-src-uefi https://zuul.opendev.org/t/openstack/build/089b248520474fba92dd3c50dfe161e5 : FAILURE in 34m 42s\n- metalsmith-integration-ipa-src-legacy https://zuul.opendev.org/t/openstack/build/efa067648457433a901894b01e22cc15 : FAILURE in 38m 05s\n- ironic-standalone-ipa-src https://zuul.opendev.org/t/openstack/build/2daea0b945f94701a78e5cf46a33aaa0 : SUCCESS in 1h 07m 02s\n- ironic-python-agent-check-image-tinyipa https://zuul.opendev.org/t/openstack/build/d710e658e8034194b71a740e8c4ca39e : SUCCESS in 20m 46s (non-voting)\n- ironic-python-agent-check-image-dib-centos9 https://zuul.opendev.org/t/openstack/build/a543ce1c1f0d40b5a8b234e439502693 : FAILURE in 2m 19s (non-voting)\n- ipa-tempest-ironic-inspector-src https://zuul.opendev.org/t/openstack/build/a0ec743224444aa985ca44e9b7cbc8d6 : FAILURE in 2h 53m 53s (non-voting)\n- ipa-tox-bandit https://zuul.opendev.org/t/openstack/build/a63a87876baf4f349213c4e4a3ca3280 : FAILURE in 3m 08s (non-voting)","accounts_in_message":[],"_revision_number":2},{"id":"162a9f46a5e93c34d3666bc1eb12f1f09cc98c54","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-05 20:11:20.000000000","message":"Uploaded patch set 3: Patch Set 2 was rebased.\n\nCopied Votes:\n* Code-Review+2 (copy condition: \"**changekind:TRIVIAL_REBASE** OR is:MIN\")\n\nOutdated Votes:\n* Verified-1\n* Workflow+1\n","accounts_in_message":[],"_revision_number":3},{"id":"90950fc8e1fbbd040644d6b3f36b66d2623aab51","tag":"autogenerated:zuul:check-arm64","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-05 20:18:42.000000000","message":"Patch Set 3:\n\nBuild succeeded (ARM64 pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/d3aa74073abc498f828376dea6e8d219\n\n- openstack-tox-py38-arm64 https://zuul.opendev.org/t/openstack/build/3241f2e8e0b54ed296047c064c6014e2 : SUCCESS in 5m 35s (non-voting)","accounts_in_message":[],"_revision_number":3},{"id":"e5cf1ea4f5c80a22f19a199193d4e60b766b2460","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-05 23:03:34.000000000","message":"Patch Set 3: Verified-1\n\nBuild failed (check pipeline).  For information on how to proceed, see\nhttps://docs.opendev.org/opendev/infra-manual/latest/developers.html#automated-testing\nand https://docs.openstack.org/project-team-guide/testing.html#how-to-handle-test-failures\n\nhttps://zuul.opendev.org/t/openstack/buildset/d0cb01c2c0444498bed8f79c92c38a66\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/cc8ce00c2ca8430fb9718984b099f0ac : SUCCESS in 3m 56s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/bcaa2d0370a24485878ab9432179ec76 : SUCCESS in 3m 08s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/ff5e880049bf4c3e942b50185e5f617d : SUCCESS in 3m 31s\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/29dddc2113824ce4b2956aa204e93d53 : SUCCESS in 5m 24s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/9d33cc81945e400b852ce348b6f8231c : SUCCESS in 2m 52s\n- openstack-tox-functional https://zuul.opendev.org/t/openstack/build/45377bdc399941d187adcd0cea999ef4 : SUCCESS in 3m 26s\n- ipa-tempest-bios-ipmi-direct-src https://zuul.opendev.org/t/openstack/build/8cd2ff631a114c79b48b63a013dd5ca4 : FAILURE in 23m 04s\n- ironic-standalone-ipa-src https://zuul.opendev.org/t/openstack/build/654b104df22e405db2c653611a68d022 : SUCCESS in 1h 26m 31s\n- ironic-python-agent-check-image-tinyipa https://zuul.opendev.org/t/openstack/build/48cf4e7408414a5ab9e7606d12cbce7b : SUCCESS in 20m 15s (non-voting)\n- ironic-python-agent-check-image-dib-centos9 https://zuul.opendev.org/t/openstack/build/96f57094cf0e45b68e7f7b4885c43ab1 : FAILURE in 3m 45s (non-voting)\n- ipa-tempest-ironic-inspector-src https://zuul.opendev.org/t/openstack/build/ad08c0a49d3040f8b2f90e8b1ab713ea : SUCCESS in 2h 41m 17s (non-voting)\n- ipa-tox-bandit https://zuul.opendev.org/t/openstack/build/b028180360864e2abfe7d71a87d39d9d : FAILURE in 3m 12s (non-voting)","accounts_in_message":[],"_revision_number":3},{"id":"7b757bd1e5a1d4a7d8446bc9346c564832686b38","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-06 17:02:00.000000000","message":"Uploaded patch set 4: Patch Set 3 was rebased.\n\nCopied Votes:\n* Code-Review+2 (copy condition: \"**changekind:TRIVIAL_REBASE** OR is:MIN\")\n\nOutdated Votes:\n* Verified-1\n","accounts_in_message":[],"_revision_number":4},{"id":"3a5354c24a9c4863404b5f10c781f4336072deaf","tag":"autogenerated:zuul:check-arm64","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-06 17:02:45.000000000","message":"Patch Set 4:\n\nThis change depends on a change with an invalid configuration.","accounts_in_message":[],"_revision_number":4},{"id":"2308f687fc99c2cd12aefaf8dd72a2ec3016ee83","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-06 17:02:59.000000000","message":"Patch Set 4: Verified-1\n\nThis change depends on a change with an invalid configuration.","accounts_in_message":[],"_revision_number":4},{"id":"4ab435cc968e369d785ba50f697db3c8cd7eb48e","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"date":"2024-09-06 17:05:06.000000000","message":"Uploaded patch set 5: Patch Set 4 was rebased.\n\nCopied Votes:\n* Code-Review+2 (copy condition: \"**changekind:TRIVIAL_REBASE** OR is:MIN\")\n\nOutdated Votes:\n* Verified-1\n","accounts_in_message":[],"_revision_number":5},{"id":"6930db4cb13e2ba79ce486fee69ff95ce5333f0e","tag":"autogenerated:zuul:check-arm64","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-06 17:30:50.000000000","message":"Patch Set 5:\n\nBuild succeeded (ARM64 pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/7f254eda814747fb9e4efc2c7492ffa8\n\n- openstack-tox-py38-arm64 https://zuul.opendev.org/t/openstack/build/f40569f4cd684439be3a14a9b60b7703 : SUCCESS in 6m 03s (non-voting)","accounts_in_message":[],"_revision_number":5},{"id":"a9899c8865e821bd0f988aa36807553370393b28","author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"date":"2024-09-06 17:48:33.000000000","message":"Patch Set 5: Code-Review+2 Workflow+1","accounts_in_message":[],"_revision_number":5},{"id":"3f78745e0bd2293aed71ab56036c35e145fad0d9","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-06 18:51:58.000000000","message":"Patch Set 5: Verified+1\n\nBuild succeeded (check pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/9882d92c6c8a4111b0c6845845601621\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/318d1fe819b04977b9385aaa8e46e002 : SUCCESS in 4m 57s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/b34945c8dac84919bfe9e13e89b18758 : SUCCESS in 4m 32s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/575c6db3a26343df8f7d384c7548e118 : SUCCESS in 3m 43s\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/69475cda81c549c6b08014f0f724a0f3 : SUCCESS in 5m 42s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/bd8873427506435eb8793278cd7d27f1 : SUCCESS in 4m 33s\n- openstack-tox-functional https://zuul.opendev.org/t/openstack/build/36a4604c8d0c4a5ca8c9c72f32637a3b : SUCCESS in 3m 28s\n- ironic-standalone-ipa-src https://zuul.opendev.org/t/openstack/build/b7d07d6a5a8b45c09ba6de7b91db1b76 : SUCCESS in 1h 40m 08s\n- ironic-python-agent-check-image-tinyipa https://zuul.opendev.org/t/openstack/build/53793aa1937c4f2d8d469e81fa3880d6 : SUCCESS in 19m 05s (non-voting)\n- ironic-python-agent-check-image-dib-centos9 https://zuul.opendev.org/t/openstack/build/8deefdb3efe64c309ec6081fbbbfe7a1 : SUCCESS in 9m 22s (non-voting)\n- ipa-tox-bandit https://zuul.opendev.org/t/openstack/build/f2597c5bdcd1439a8e33934425c5ccac : FAILURE in 2m 37s (non-voting)","accounts_in_message":[],"_revision_number":5},{"id":"04024f79f8d0ace250c94746bb7ce8237558bf91","tag":"autogenerated:zuul:gate","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-06 18:52:39.000000000","message":"Patch Set 5: -Verified\n\nStarting gate jobs.","accounts_in_message":[],"_revision_number":5},{"id":"b2365a8484c7f931c66074782c6f73aa08b68a8a","tag":"autogenerated:zuul:gate","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-06 19:47:04.000000000","message":"Patch Set 5: Verified+2\n\nBuild succeeded (gate pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/74039d942ec242ba81bfe8ea255e888c\n\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/89a965059adf408eb095d3377f2c4fbe : SUCCESS in 2m 38s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/d7488cecb54847fcbcd31649de72e00e : SUCCESS in 4m 05s\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/064c30b82d8f4c94b50ba635457536a7 : SUCCESS in 5m 09s\n- build-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/3f5fe54c92c74d36aadd4d61eba85915 : SUCCESS in 4m 10s\n- openstack-tox-functional https://zuul.opendev.org/t/openstack/build/f4a7f35d8281482380257587abeb6905 : SUCCESS in 3m 58s\n- ironic-standalone-ipa-src https://zuul.opendev.org/t/openstack/build/653cf81ed321405f92a58583e78afa0f : SUCCESS in 49m 59s","accounts_in_message":[],"_revision_number":5},{"id":"dc35155ca9230c7c0e7b31d6e9d0374bb2ac8764","tag":"autogenerated:gerrit:merged","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-06 19:47:04.000000000","message":"Change has been successfully merged","accounts_in_message":[],"_revision_number":5},{"id":"032ae06efb38fdb41281c395f1e1a0077089631a","tag":"autogenerated:zuul:promote","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2024-09-06 19:49:54.000000000","message":"Patch Set 5:\n\nBuild succeeded (promote pipeline).\nhttps://zuul.opendev.org/t/openstack/buildset/df296bac443c46b3a1a7bc5f214c830b\n\n- promote-openstack-tox-docs https://zuul.opendev.org/t/openstack/build/c8163d6b97f74345a10013e7830d91d9 : SUCCESS in 46s\n- promote-openstack-releasenotes https://zuul.opendev.org/t/openstack/build/bd48739309184ccfaca4f8c3f24b75ca : SUCCESS in 36s","accounts_in_message":[],"_revision_number":5}],"current_revision_number":5,"current_revision":"a1da3c9322305a5540a23ca19048ce7aa552a405","revisions":{"210c36bbdf34a1eecf58f3476b038831515b441e":{"kind":"REWORK","_number":1,"created":"2024-09-04 14:10:56.000000000","uploader":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"ref":"refs/changes/79/927979/1","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ironic-python-agent","ref":"refs/changes/79/927979/1","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/1"}}},"commit":{"parents":[{"commit":"3c61f2b4de9cc7a4888ff733f7064797e0af35c5","subject":"Merge \"preserve/handle config drives on 4k block devices\" into stable/2023.1","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/3c61f2b4de9cc7a4888ff733f7064797e0af35c5"}]}],"author":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-03-11 16:29:58.000000000","tz":60},"committer":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-09-04 14:10:55.000000000","tz":-420},"subject":"Inspect non-raw images for safety","message":"Inspect non-raw images for safety\n\nThis is a backport of two changes merged together to facilitate\nbackporting:\n\nThe first is a refactor of disk utilities:\n\nImport disk_{utils,partitioner} from ironic-lib\n\nWith the iscsi deploy long gone, these modules are only used in IPA and\nin fact represent a large part of its critical logic. Having them\nseparately sometimes makes fixing issues tricky if an interface of\na function needs changing.\n\nThis change imports the code mostly as it is, just removing run_as_root and\na deprecated function, as well as moving configuration options to config.py.\n\nAlso migrates one relevant function from ironic_lib.utils.\n\nThe second is the fix for the security issue:\n\nInspect non-raw images for safety\n\nWhen IPA gets a non-raw image, it performs an on-the-fly conversion\nusing qemu-img convert, as well as running qemu-img frequently to get\nbasic information about the image before validating it.\n\nNow, we ensure that before any qemu-img calls are made, that we have\ninspected the image for safety and pass through the detected format.\n\nIf given a disk_format\u003draw image and image streaming is enabled\n(default), we retain the existing behavior of not inspecting it in\nany way and streaming it bit-perfect to the device. In this case, we\nnever use qemu-based tools on the image at all.\n\nIf given a disk_format\u003draw image and image streaming is disabled, this\nchange fixes a bug where the image may have been converted if it was not\nactually raw in the first place. We now stream these bit-perfect to the\ndevice.\n\nAdds two config options:\n- [DEFAULT]/disable_deep_image_inspection, which can be set to \"True\" in\n  order to disable all security features. Do not do this.\n- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types\n  IPA should accept.\n\nBoth of these configuration options are wired up to be set by the lookup\ndata returned by Ironic at lookup time.\n\nThis uses a image format inspection module imported from Nova; this\ninspector will eventually live in oslo.utils, at which point we\u0027ll\nmigrate our usage of the inspector to it.\n\nCloses-Bug: #2071740\nCo-Authored-By: Dmitry Tantsur \u003cdtantsur@protonmail.com\u003e\nChange-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/210c36bbdf34a1eecf58f3476b038831515b441e"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/210c36bbdf34a1eecf58f3476b038831515b441e"}]},"branch":"refs/heads/stable/2023.1"},"22110d48b73c3ebca98327ac32a8b61381af5bda":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2024-09-04 16:19:25.000000000","uploader":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"ref":"refs/changes/79/927979/2","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ironic-python-agent","ref":"refs/changes/79/927979/2","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/2"}}},"commit":{"parents":[{"commit":"521038579a271b3d421d2cdf6b00e55ed49347b6","subject":"Remove and disable examples job","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/521038579a271b3d421d2cdf6b00e55ed49347b6"}]}],"author":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-03-11 16:29:58.000000000","tz":60},"committer":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-09-04 16:19:18.000000000","tz":-420},"subject":"Inspect non-raw images for safety","message":"Inspect non-raw images for safety\n\nThis is a backport of two changes merged together to facilitate\nbackporting:\n\nThe first is a refactor of disk utilities:\n\nImport disk_{utils,partitioner} from ironic-lib\n\nWith the iscsi deploy long gone, these modules are only used in IPA and\nin fact represent a large part of its critical logic. Having them\nseparately sometimes makes fixing issues tricky if an interface of\na function needs changing.\n\nThis change imports the code mostly as it is, just removing run_as_root and\na deprecated function, as well as moving configuration options to config.py.\n\nAlso migrates one relevant function from ironic_lib.utils.\n\nThe second is the fix for the security issue:\n\nInspect non-raw images for safety\n\nWhen IPA gets a non-raw image, it performs an on-the-fly conversion\nusing qemu-img convert, as well as running qemu-img frequently to get\nbasic information about the image before validating it.\n\nNow, we ensure that before any qemu-img calls are made, that we have\ninspected the image for safety and pass through the detected format.\n\nIf given a disk_format\u003draw image and image streaming is enabled\n(default), we retain the existing behavior of not inspecting it in\nany way and streaming it bit-perfect to the device. In this case, we\nnever use qemu-based tools on the image at all.\n\nIf given a disk_format\u003draw image and image streaming is disabled, this\nchange fixes a bug where the image may have been converted if it was not\nactually raw in the first place. We now stream these bit-perfect to the\ndevice.\n\nAdds two config options:\n- [DEFAULT]/disable_deep_image_inspection, which can be set to \"True\" in\n  order to disable all security features. Do not do this.\n- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types\n  IPA should accept.\n\nBoth of these configuration options are wired up to be set by the lookup\ndata returned by Ironic at lookup time.\n\nThis uses a image format inspection module imported from Nova; this\ninspector will eventually live in oslo.utils, at which point we\u0027ll\nmigrate our usage of the inspector to it.\n\nCloses-Bug: #2071740\nCo-Authored-By: Dmitry Tantsur \u003cdtantsur@protonmail.com\u003e\nChange-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/22110d48b73c3ebca98327ac32a8b61381af5bda"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/22110d48b73c3ebca98327ac32a8b61381af5bda"}]},"branch":"refs/heads/stable/2023.1"},"f76251741bd3420c87390985551459a9fb00366b":{"kind":"TRIVIAL_REBASE","_number":3,"created":"2024-09-05 20:11:20.000000000","uploader":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"ref":"refs/changes/79/927979/3","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ironic-python-agent","ref":"refs/changes/79/927979/3","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/3"}}},"commit":{"parents":[{"commit":"a7533cec89731566237f69c435631e501613a422","subject":"Remove and disable examples job","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/a7533cec89731566237f69c435631e501613a422"}]}],"author":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-03-11 16:29:58.000000000","tz":60},"committer":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-09-05 20:11:12.000000000","tz":-420},"subject":"Inspect non-raw images for safety","message":"Inspect non-raw images for safety\n\nThis is a backport of two changes merged together to facilitate\nbackporting:\n\nThe first is a refactor of disk utilities:\n\nImport disk_{utils,partitioner} from ironic-lib\n\nWith the iscsi deploy long gone, these modules are only used in IPA and\nin fact represent a large part of its critical logic. Having them\nseparately sometimes makes fixing issues tricky if an interface of\na function needs changing.\n\nThis change imports the code mostly as it is, just removing run_as_root and\na deprecated function, as well as moving configuration options to config.py.\n\nAlso migrates one relevant function from ironic_lib.utils.\n\nThe second is the fix for the security issue:\n\nInspect non-raw images for safety\n\nWhen IPA gets a non-raw image, it performs an on-the-fly conversion\nusing qemu-img convert, as well as running qemu-img frequently to get\nbasic information about the image before validating it.\n\nNow, we ensure that before any qemu-img calls are made, that we have\ninspected the image for safety and pass through the detected format.\n\nIf given a disk_format\u003draw image and image streaming is enabled\n(default), we retain the existing behavior of not inspecting it in\nany way and streaming it bit-perfect to the device. In this case, we\nnever use qemu-based tools on the image at all.\n\nIf given a disk_format\u003draw image and image streaming is disabled, this\nchange fixes a bug where the image may have been converted if it was not\nactually raw in the first place. We now stream these bit-perfect to the\ndevice.\n\nAdds two config options:\n- [DEFAULT]/disable_deep_image_inspection, which can be set to \"True\" in\n  order to disable all security features. Do not do this.\n- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types\n  IPA should accept.\n\nBoth of these configuration options are wired up to be set by the lookup\ndata returned by Ironic at lookup time.\n\nThis uses a image format inspection module imported from Nova; this\ninspector will eventually live in oslo.utils, at which point we\u0027ll\nmigrate our usage of the inspector to it.\n\nCloses-Bug: #2071740\nCo-Authored-By: Dmitry Tantsur \u003cdtantsur@protonmail.com\u003e\nChange-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/f76251741bd3420c87390985551459a9fb00366b"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/f76251741bd3420c87390985551459a9fb00366b"}]},"branch":"refs/heads/stable/2023.1"},"2d143a88b1a870191acf227ab7b23a2140c18dd4":{"kind":"TRIVIAL_REBASE","_number":4,"created":"2024-09-06 17:02:00.000000000","uploader":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"ref":"refs/changes/79/927979/4","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ironic-python-agent","ref":"refs/changes/79/927979/4","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/4 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/4 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/4 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/4"}}},"commit":{"parents":[{"commit":"e771a14e199d1fec902349af66f9b0a0b62fc242","subject":"[stable-only] Multiple job fixes","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/e771a14e199d1fec902349af66f9b0a0b62fc242"}]}],"author":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-03-11 16:29:58.000000000","tz":60},"committer":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-09-06 17:01:39.000000000","tz":-420},"subject":"Inspect non-raw images for safety","message":"Inspect non-raw images for safety\n\nThis is a backport of two changes merged together to facilitate\nbackporting:\n\nThe first is a refactor of disk utilities:\n\nImport disk_{utils,partitioner} from ironic-lib\n\nWith the iscsi deploy long gone, these modules are only used in IPA and\nin fact represent a large part of its critical logic. Having them\nseparately sometimes makes fixing issues tricky if an interface of\na function needs changing.\n\nThis change imports the code mostly as it is, just removing run_as_root and\na deprecated function, as well as moving configuration options to config.py.\n\nAlso migrates one relevant function from ironic_lib.utils.\n\nThe second is the fix for the security issue:\n\nInspect non-raw images for safety\n\nWhen IPA gets a non-raw image, it performs an on-the-fly conversion\nusing qemu-img convert, as well as running qemu-img frequently to get\nbasic information about the image before validating it.\n\nNow, we ensure that before any qemu-img calls are made, that we have\ninspected the image for safety and pass through the detected format.\n\nIf given a disk_format\u003draw image and image streaming is enabled\n(default), we retain the existing behavior of not inspecting it in\nany way and streaming it bit-perfect to the device. In this case, we\nnever use qemu-based tools on the image at all.\n\nIf given a disk_format\u003draw image and image streaming is disabled, this\nchange fixes a bug where the image may have been converted if it was not\nactually raw in the first place. We now stream these bit-perfect to the\ndevice.\n\nAdds two config options:\n- [DEFAULT]/disable_deep_image_inspection, which can be set to \"True\" in\n  order to disable all security features. Do not do this.\n- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types\n  IPA should accept.\n\nBoth of these configuration options are wired up to be set by the lookup\ndata returned by Ironic at lookup time.\n\nThis uses a image format inspection module imported from Nova; this\ninspector will eventually live in oslo.utils, at which point we\u0027ll\nmigrate our usage of the inspector to it.\n\nCloses-Bug: #2071740\nCo-Authored-By: Dmitry Tantsur \u003cdtantsur@protonmail.com\u003e\nChange-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/2d143a88b1a870191acf227ab7b23a2140c18dd4"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/2d143a88b1a870191acf227ab7b23a2140c18dd4"}]},"branch":"refs/heads/stable/2023.1"},"a1da3c9322305a5540a23ca19048ce7aa552a405":{"kind":"TRIVIAL_REBASE","_number":5,"created":"2024-09-06 17:05:06.000000000","uploader":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"ref":"refs/changes/79/927979/5","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/ironic-python-agent","ref":"refs/changes/79/927979/5","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/5 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/5 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/5 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/ironic-python-agent refs/changes/79/927979/5"}}},"commit":{"parents":[{"commit":"2af0f1032978fa4f9d7ca03d391a5bce75e8c938","subject":"[stable-only] Multiple job fixes","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/2af0f1032978fa4f9d7ca03d391a5bce75e8c938"}]}],"author":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-03-11 16:29:58.000000000","tz":60},"committer":{"name":"Jay Faulkner","email":"jay@jvf.cc","date":"2024-09-06 17:04:59.000000000","tz":-420},"subject":"Inspect non-raw images for safety","message":"Inspect non-raw images for safety\n\nThis is a backport of two changes merged together to facilitate\nbackporting:\n\nThe first is a refactor of disk utilities:\n\nImport disk_{utils,partitioner} from ironic-lib\n\nWith the iscsi deploy long gone, these modules are only used in IPA and\nin fact represent a large part of its critical logic. Having them\nseparately sometimes makes fixing issues tricky if an interface of\na function needs changing.\n\nThis change imports the code mostly as it is, just removing run_as_root and\na deprecated function, as well as moving configuration options to config.py.\n\nAlso migrates one relevant function from ironic_lib.utils.\n\nThe second is the fix for the security issue:\n\nInspect non-raw images for safety\n\nWhen IPA gets a non-raw image, it performs an on-the-fly conversion\nusing qemu-img convert, as well as running qemu-img frequently to get\nbasic information about the image before validating it.\n\nNow, we ensure that before any qemu-img calls are made, that we have\ninspected the image for safety and pass through the detected format.\n\nIf given a disk_format\u003draw image and image streaming is enabled\n(default), we retain the existing behavior of not inspecting it in\nany way and streaming it bit-perfect to the device. In this case, we\nnever use qemu-based tools on the image at all.\n\nIf given a disk_format\u003draw image and image streaming is disabled, this\nchange fixes a bug where the image may have been converted if it was not\nactually raw in the first place. We now stream these bit-perfect to the\ndevice.\n\nAdds two config options:\n- [DEFAULT]/disable_deep_image_inspection, which can be set to \"True\" in\n  order to disable all security features. Do not do this.\n- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types\n  IPA should accept.\n\nBoth of these configuration options are wired up to be set by the lookup\ndata returned by Ironic at lookup time.\n\nThis uses a image format inspection module imported from Nova; this\ninspector will eventually live in oslo.utils, at which point we\u0027ll\nmigrate our usage of the inspector to it.\n\nCloses-Bug: #2071740\nCo-Authored-By: Dmitry Tantsur \u003cdtantsur@protonmail.com\u003e\nChange-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/a1da3c9322305a5540a23ca19048ce7aa552a405"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/ironic-python-agent/commit/a1da3c9322305a5540a23ca19048ce7aa552a405"}]},"branch":"refs/heads/stable/2023.1"}},"requirements":[],"submit_records":[{"rule_name":"gerrit~DefaultSubmitRule","status":"CLOSED","labels":[{"label":"Verified","status":"MAY","applied_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]}},{"label":"Code-Review","status":"MAY","applied_by":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"}},{"label":"Workflow","status":"MAY","applied_by":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"}},{"label":"Backport-Candidate","status":"MAY"}]}],"submit_requirements":[{"name":"Verified","description":"Verified in gate by CI","status":"SATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Verified\u003dMAX AND -label:Verified\u003dMIN","fulfilled":true,"status":"PASS","passing_atoms":["label:Verified\u003dMAX"],"failing_atoms":["label:Verified\u003dMIN"],"atom_explanations":{}}},{"name":"Backport-Candidate","description":"Backport candidate status","status":"NOT_APPLICABLE","is_legacy":false,"applicability_expression_result":{"fulfilled":false,"status":"FAIL"},"submittability_expression_result":{"expression":"is:true","fulfilled":true,"status":"NOT_EVALUATED","passing_atoms":[],"failing_atoms":[],"atom_explanations":{}}},{"name":"Code-Review","description":"Code reviewed by core reviewer","status":"SATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Code-Review\u003dMAX AND -label:Code-Review\u003dMIN","fulfilled":true,"status":"PASS","passing_atoms":["label:Code-Review\u003dMAX"],"failing_atoms":["label:Code-Review\u003dMIN"],"atom_explanations":{}}},{"name":"Workflow","description":"Approved for gate by core reviewer","status":"SATISFIED","is_legacy":false,"submittability_expression_result":{"expression":"label:Workflow\u003dMAX AND -label:Workflow\u003dMIN","fulfilled":true,"status":"PASS","passing_atoms":["label:Workflow\u003dMAX"],"failing_atoms":["label:Workflow\u003dMIN"],"atom_explanations":{}}}]}