Fix security issues#35
Conversation
Signed-off-by: Rajeev Ranjan <rajeev2.ranjan@intel.com>
Signed-off-by: Rajeev Ranjan <rajeev2.ranjan@intel.com>
Signed-off-by: Rajeev Ranjan <rajeev2.ranjan@intel.com>
Signed-off-by: Rajeev Ranjan <rajeev2.ranjan@intel.com>
Signed-off-by: Rajeev Ranjan <rajeev2.ranjan@intel.com>
Signed-off-by: Rajeev Ranjan <rajeev2.ranjan@intel.com>
| local file="$1" expected="$2" got | ||
| [[ "${#expected}" -eq 64 ]] || { echo "[ERROR] verify_sha256_hex: invalid expected sha length for $(basename "$file")"; return 2; } | ||
| got="$(sha256sum "$file" | awk '{print $1}')" | ||
| if [[ "$got" != "$expected" ]]; then |
There was a problem hiding this comment.
Should we use the curly brackets for the variables to avoid shellcheck errors?
There was a problem hiding this comment.
Quoted & unambiguous. So not needed.
| Environment="CONTAINERD_NO_PROXY=${NO_PROXY}" | ||
| EOF | ||
| ) | ||
| chmod 0600 "$DROPIN" |
There was a problem hiding this comment.
Curly brackets for variables.
There was a problem hiding this comment.
Quoted & unambiguous. So not needed.
| echo "Waiting for K3s API server to be ready..." | ||
| for i in $(seq 1 60); do | ||
| kubectl get nodes --no-headers 2>/dev/null | grep -q ' Ready' && break | ||
| k get nodes --no-headers 2>/dev/null | grep -q ' Ready' && break |
There was a problem hiding this comment.
Is k can be used instead of kubectl ? Did we set this alias in environment file?
There was a problem hiding this comment.
| [ -f "${INSTALL_SCRIPTS}/nfd-node-feature-rules.yaml" ] && kubectl apply -f "${INSTALL_SCRIPTS}/nfd-node-feature-rules.yaml" || true | ||
| [ -f "${INSTALL_SCRIPTS}/gpu-plugin.yaml" ] && kubectl apply -f "${INSTALL_SCRIPTS}/gpu-plugin.yaml" || true | ||
| [ -f "${INSTALL_SCRIPTS}/npu-plugin.yaml" ] && kubectl apply -f "${INSTALL_SCRIPTS}/npu-plugin.yaml" || true | ||
| [ -f "${INSTALL_SCRIPTS}/nfd.yaml" ] && k apply -f "${INSTALL_SCRIPTS}/nfd.yaml" && sleep 15 || true |
There was a problem hiding this comment.
is the k alias set in environment file?
There was a problem hiding this comment.
https://github.com/open-edge-platform/edge-node-infrastructure-blueprint/pull/35/changes#diff-7299a1659dae3752ebaa5b4c0881b8bf30e926a3120faa2ff090ea8e4535006fR34 Alias her meant to be locally used in this script only
|
|
||
| echo "=== Pod status after plugin installation ===" | ||
| kubectl get pods -A | ||
| k get pods -A |
There was a problem hiding this comment.
Signed-off-by: Rajeev Ranjan <rajeev2.ranjan@intel.com>
rranjan3
requested review from
Ram-srini,
ipsita-npg,
krishnajs,
punam20 and
shankarsrinivas1
as code owners
2 participants
PULL DESCRIPTION
Resolving the Security issues identified during SDLe Security check analysis.
Verified with VEN for kubernetes host-type
Impact Analysis
CODE MAINTAINABILITY
Code must act as a teacher for future developers