)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"046e4e925eaafc4ea83f896e1bc7c7b7bb5f4ae0","unresolved":false,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":"Add script to check for forbidden instructions"},{"line_number":8,"context_line":""},{"line_number":9,"context_line":"When building images for binary type, it is expected to not install"},{"line_number":10,"context_line":"executables from untrusted sources, and gem, sensu-install, npm or"},{"line_number":11,"context_line":"pip packages for instance should come from the distro itself."},{"line_number":12,"context_line":""}],"source_content_type":"text/x-gerrit-commit-message","patch_set":6,"id":"9fdfeff1_019ac86d","line":9,"range":{"start_line":9,"start_character":25,"end_line":9,"end_character":31},"updated":"2019-02-27 09:09:54.000000000","message":"I think this depends on your perspective. Some might see it as images built from binary packages rather than source. Your definition might be classed more as a \u0027distro\u0027 install type.\n\nAlso \u0027trusted\u0027 means different things to different people :)","commit_id":"0f789a92d012ad0744a3d86c05f24d407fc7cd59"}],"tools/validate-binary-build.sh":[{"author":{"_account_id":16282,"name":"YaZug","email":"jschluet@redhat.com","username":"yazug"},"change_message_id":"f74111415da2501bd6b0d201d14d518719d2ace2","unresolved":false,"context_lines":[{"line_number":33,"context_line":"    check_for_errors \"npm .*install\""},{"line_number":34,"context_line":"    check_for_errors \"git .*clone\""},{"line_number":35,"context_line":"    check_for_errors \"wget\""},{"line_number":36,"context_line":"    check_for_errors \"curl\""},{"line_number":37,"context_line":"    rm -r $tmpdir"},{"line_number":38,"context_line":"done"},{"line_number":39,"context_line":""}],"source_content_type":"text/x-sh","patch_set":4,"id":"9fdfeff1_eb6e5afe","line":36,"range":{"start_line":36,"start_character":0,"end_line":36,"end_character":27},"updated":"2019-01-31 20:32:15.000000000","message":"2019-01-31 15:36:46.638534 | ubuntu-xenial | /tmp/kolla-templates.Ynba5B/docker/base/Dockerfile:COPY curlrc /root/.curlrc\n\nI can see this being valid but could also be stuff that should be cleaned up/guarded on source builds","commit_id":"9eafb4ff3a2d04fb82159f5146f935438bd1d358"},{"author":{"_account_id":13039,"name":"Martin André","email":"m.andre@redhat.com","username":"mandre"},"change_message_id":"f211e281ae669ad8f3ac5eed4126d1f873180383","unresolved":false,"context_lines":[{"line_number":33,"context_line":"    check_for_errors \"npm .*install\""},{"line_number":34,"context_line":"    check_for_errors \"git .*clone\""},{"line_number":35,"context_line":"    check_for_errors \"wget\""},{"line_number":36,"context_line":"    check_for_errors \"curl\""},{"line_number":37,"context_line":"    rm -r $tmpdir"},{"line_number":38,"context_line":"done"},{"line_number":39,"context_line":""}],"source_content_type":"text/x-sh","patch_set":4,"id":"9fdfeff1_c71ca279","line":36,"range":{"start_line":36,"start_character":0,"end_line":36,"end_character":27},"in_reply_to":"9fdfeff1_eb6e5afe","updated":"2019-02-01 09:52:55.000000000","message":"Indeed, there are a couple more false positive for the curl check, I\u0027ll improve the regex.","commit_id":"9eafb4ff3a2d04fb82159f5146f935438bd1d358"},{"author":{"_account_id":16282,"name":"YaZug","email":"jschluet@redhat.com","username":"yazug"},"change_message_id":"cbce0e734f5d0c4c6e22227065c071ea034ed784","unresolved":false,"context_lines":[{"line_number":29,"context_line":"for distro in debian ubuntu centos rhel oraclelinux; do"},{"line_number":30,"context_line":"    tmpdir\u003d$(mktemp -d kolla-templates.XXXXXX --tmpdir)"},{"line_number":31,"context_line":"    generate_templates"},{"line_number":32,"context_line":"    check_for_errors \"gem .*install\""},{"line_number":33,"context_line":"    check_for_errors \"pip .*install\""},{"line_number":34,"context_line":"    check_for_errors \"npm .*install\""},{"line_number":35,"context_line":"    check_for_errors \"git .*clone\""}],"source_content_type":"text/x-sh","patch_set":5,"id":"9fdfeff1_86986075","line":32,"range":{"start_line":32,"start_character":4,"end_line":32,"end_character":36},"updated":"2019-02-22 12:21:48.000000000","message":"sensu-install is another that is installing ruby gems","commit_id":"c8df2300add137b785fc6d10568ef0f66e16df1d"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"046e4e925eaafc4ea83f896e1bc7c7b7bb5f4ae0","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"check_for_errors () {"},{"line_number":14,"context_line":"    regex\u003d$1"},{"line_number":15,"context_line":"    # Look for all rendered Dockerfile. We don\u0027t care about kolla-toolbox."},{"line_number":16,"context_line":"    find $tmpdir/docker -not -path \"*kolla-toolbox*\" -name Dockerfile -print0 |"},{"line_number":17,"context_line":"        xargs -0 egrep --color \"$regex\""},{"line_number":18,"context_line":"    # NOTE(mandre) grep returns status code of 1 if the expression isn\u0027t found"}],"source_content_type":"text/x-sh","patch_set":6,"id":"9fdfeff1_c18e0026","line":15,"range":{"start_line":15,"start_character":40,"end_line":15,"end_character":73},"updated":"2019-02-27 09:09:54.000000000","message":"Why not?","commit_id":"0f789a92d012ad0744a3d86c05f24d407fc7cd59"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"c3b46c4f2b008fdf1fea0a980867bdf9997b3176","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"check_for_errors () {"},{"line_number":14,"context_line":"    regex\u003d$1"},{"line_number":15,"context_line":"    # Look for all rendered Dockerfile. We don\u0027t care about kolla-toolbox."},{"line_number":16,"context_line":"    find $tmpdir/docker -not -path \"*kolla-toolbox*\" -name Dockerfile -print0 |"},{"line_number":17,"context_line":"        xargs -0 egrep --color \"$regex\""},{"line_number":18,"context_line":"    # NOTE(mandre) grep returns status code of 1 if the expression isn\u0027t found"}],"source_content_type":"text/x-sh","patch_set":6,"id":"7faddb67_c17d1a1d","line":15,"range":{"start_line":15,"start_character":40,"end_line":15,"end_character":73},"in_reply_to":"9fb8cfa7_50fa0775","updated":"2019-07-08 09:08:00.000000000","message":"Ansible 2.2 is a concern, yes. We have a bug [1] tracking that change, mnasiadka is planning to pick it up.\n\n[1] https://bugs.launchpad.net/kolla/+bug/1829895","commit_id":"0f789a92d012ad0744a3d86c05f24d407fc7cd59"},{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"edfc39b96c2b3c20a8a14b7341624ee06ac4a994","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"check_for_errors () {"},{"line_number":14,"context_line":"    regex\u003d$1"},{"line_number":15,"context_line":"    # Look for all rendered Dockerfile. We don\u0027t care about kolla-toolbox."},{"line_number":16,"context_line":"    find $tmpdir/docker -not -path \"*kolla-toolbox*\" -name Dockerfile -print0 |"},{"line_number":17,"context_line":"        xargs -0 egrep --color \"$regex\""},{"line_number":18,"context_line":"    # NOTE(mandre) grep returns status code of 1 if the expression isn\u0027t found"}],"source_content_type":"text/x-sh","patch_set":6,"id":"9fdfeff1_56d96f80","line":15,"range":{"start_line":15,"start_character":40,"end_line":15,"end_character":73},"in_reply_to":"9fdfeff1_363b8bd1","updated":"2019-02-27 11:02:45.000000000","message":"Kolla-ansible uses it during deployment to create users, endpoints, etc.","commit_id":"0f789a92d012ad0744a3d86c05f24d407fc7cd59"},{"author":{"_account_id":13039,"name":"Martin André","email":"m.andre@redhat.com","username":"mandre"},"change_message_id":"5151c8b26363c8d269e0a6ff517b25f7f75515aa","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"check_for_errors () {"},{"line_number":14,"context_line":"    regex\u003d$1"},{"line_number":15,"context_line":"    # Look for all rendered Dockerfile. We don\u0027t care about kolla-toolbox."},{"line_number":16,"context_line":"    find $tmpdir/docker -not -path \"*kolla-toolbox*\" -name Dockerfile -print0 |"},{"line_number":17,"context_line":"        xargs -0 egrep --color \"$regex\""},{"line_number":18,"context_line":"    # NOTE(mandre) grep returns status code of 1 if the expression isn\u0027t found"}],"source_content_type":"text/x-sh","patch_set":6,"id":"9fdfeff1_b6945be9","line":15,"range":{"start_line":15,"start_character":40,"end_line":15,"end_character":73},"in_reply_to":"9fdfeff1_56d96f80","updated":"2019-02-27 11:19:09.000000000","message":"Oh ok, my bad then. I\u0027ll see how to make kolla-toolbox compliant.","commit_id":"0f789a92d012ad0744a3d86c05f24d407fc7cd59"},{"author":{"_account_id":14985,"name":"Alex Schultz","email":"aschultz@next-development.com","username":"mwhahaha"},"change_message_id":"7341ddf1ac592e067dd0e79d65f99c351b7aeb79","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"check_for_errors () {"},{"line_number":14,"context_line":"    regex\u003d$1"},{"line_number":15,"context_line":"    # Look for all rendered Dockerfile. We don\u0027t care about kolla-toolbox."},{"line_number":16,"context_line":"    find $tmpdir/docker -not -path \"*kolla-toolbox*\" -name Dockerfile -print0 |"},{"line_number":17,"context_line":"        xargs -0 egrep --color \"$regex\""},{"line_number":18,"context_line":"    # NOTE(mandre) grep returns status code of 1 if the expression isn\u0027t found"}],"source_content_type":"text/x-sh","patch_set":6,"id":"9fb8cfa7_50fa0775","line":15,"range":{"start_line":15,"start_character":40,"end_line":15,"end_character":73},"in_reply_to":"9fdfeff1_b6945be9","updated":"2019-06-07 22:31:02.000000000","message":"So I started looking into this, but the problem is it appears that there currently isn\u0027t a binary only version of kolla-toolbox. Perhaps it\u0027s better to just update the node to reflect this and address kolla-toolbox separately?  It looks like it\u0027s just an interface to execute ansible modules. I\u0027m actually more concerned that it has ansible pinned to 2.2.0.0.  Alternatively I can try and figure out what the required binary packages are for the ansible bits but that seems like a larger ongoing task then initially implementing this for the wider container list","commit_id":"0f789a92d012ad0744a3d86c05f24d407fc7cd59"},{"author":{"_account_id":13039,"name":"Martin André","email":"m.andre@redhat.com","username":"mandre"},"change_message_id":"a4ce7622632e7148d986146f44d000ca96037dfd","unresolved":false,"context_lines":[{"line_number":12,"context_line":""},{"line_number":13,"context_line":"check_for_errors () {"},{"line_number":14,"context_line":"    regex\u003d$1"},{"line_number":15,"context_line":"    # Look for all rendered Dockerfile. We don\u0027t care about kolla-toolbox."},{"line_number":16,"context_line":"    find $tmpdir/docker -not -path \"*kolla-toolbox*\" -name Dockerfile -print0 |"},{"line_number":17,"context_line":"        xargs -0 egrep --color \"$regex\""},{"line_number":18,"context_line":"    # NOTE(mandre) grep returns status code of 1 if the expression isn\u0027t found"}],"source_content_type":"text/x-sh","patch_set":6,"id":"9fdfeff1_363b8bd1","line":15,"range":{"start_line":15,"start_character":40,"end_line":15,"end_character":73},"in_reply_to":"9fdfeff1_c18e0026","updated":"2019-02-27 10:59:45.000000000","message":"kolla-toolbox is a utility container for the operator, it\u0027s not really part of the deployment.","commit_id":"0f789a92d012ad0744a3d86c05f24d407fc7cd59"}]}