commit melange for openSUSE:Factory

2 Nov 2024

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package melange for openSUSE:Factory checked in at 2024-11-02 16:12:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/melange (Old)
 and      /work/SRC/openSUSE:Factory/.melange.new.2020 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "melange"

Sat Nov  2 16:12:01 2024 rev:39 rq:1220163 version:0.15.0

Changes:
--------

--- /work/SRC/openSUSE:Factory/melange/melange.changes	2024-10-30 17:35:24.066682036 +0100
+++ /work/SRC/openSUSE:Factory/.melange.new.2020/melange.changes	2024-11-02 16:12:11.852299939 +0100
@@ -1,0 +2,22 @@
+Sat Nov 02 08:22:10 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 0.15.0:
+  * feat(qemu): fix qemu command on cross-compilation cases
+  * update docs
+  * feat(qemu): add flag to specify cpu model to use, useful for
+    cases where /dev/kvm is not available
+  * fix(qemu): remove ssh ignoreHostKey, set an host-key retrieval
+    step, then use host key verification for all successive
+    commands
+  * fix linting
+  * fix(qemu): improve error when not finding a suitable kernel
+    image
+  * fix(qemu): use net.Listen to find open port, simplify random
+    port logic
+  * fix(qemu): use package go-shellquote and simplify cmd handling
+  * fix(qemu): use package go-shellquote and simplify cmd handling
+  * fix(qemu): specify KVM accelleration on linux, use only if
+    /dev/kvm is present
+  * fix(qemu): fix typos
+
+-------------------------------------------------------------------

Old:
----
  melange-0.14.11.obscpio

New:
----
  melange-0.15.0.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ melange.spec ++++++
--- /var/tmp/diff_new_pack.Sn1KAa/_old	2024-11-02 16:12:12.720335975 +0100
+++ /var/tmp/diff_new_pack.Sn1KAa/_new	2024-11-02 16:12:12.724336142 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           melange
-Version:        0.14.11
+Version:        0.15.0
 Release:        0
 Summary:        Build APKs from source code
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.Sn1KAa/_old	2024-11-02 16:12:12.764337802 +0100
+++ /var/tmp/diff_new_pack.Sn1KAa/_new	2024-11-02 16:12:12.768337968 +0100
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/chainguard-dev/melange</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v0.14.11</param>
+    <param name="revision">v0.15.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.Sn1KAa/_old	2024-11-02 16:12:12.792338964 +0100
+++ /var/tmp/diff_new_pack.Sn1KAa/_new	2024-11-02 16:12:12.796339130 +0100
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/chainguard-dev/melange</param>
-              <param name="changesrevision">7af591847a044b2eb12246dcabf1f4e5346cd9ea</param></service></servicedata>
+              <param name="changesrevision">e1fb07674e1d11b0691011c29cc256a2b4e88e5f</param></service></servicedata>
 (No newline at EOF)
 

++++++ melange-0.14.11.obscpio -> melange-0.15.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.14.11/docs/md/melange_build.md new/melange-0.15.0/docs/md/melange_build.md
--- old/melange-0.14.11/docs/md/melange_build.md	2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/docs/md/melange_build.md	2024-11-01 20:03:52.000000000 +0100
@@ -36,6 +36,7 @@
       --cache-source string                                     directory or bucket used for preloading the cache
       --cleanup                                                 when enabled, the temp dir used for the guest will be cleaned up after completion (default true)
       --cpu string                                              default CPU resources to use for builds
+      --cpumodel string                                         default memory resources to use for builds (default "host")
       --create-build-log                                        creates a package.log file containing a list of packages that were built by the command
       --debug                                                   enables debug logging of build pipelines
       --debug-runner                                            when enabled, the builder pod will persist after the build succeeds or fails
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.14.11/go.mod new/melange-0.15.0/go.mod
--- old/melange-0.14.11/go.mod	2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/go.mod	2024-11-01 20:03:52.000000000 +0100
@@ -3,7 +3,6 @@
 go 1.23.2
 
 require (
-	al.essio.dev/pkg/shellescape v1.5.1
 	chainguard.dev/apko v0.19.4
 	cloud.google.com/go/storage v1.45.0
 	dagger.io/dagger v0.13.6
@@ -22,6 +21,7 @@
 	github.com/ijt/goparsify v0.0.0-20221203142333-3a5276334b8d
 	github.com/invopop/jsonschema v0.12.0
 	github.com/joho/godotenv v1.5.1
+	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/klauspost/compress v1.17.11
 	github.com/klauspost/pgzip v1.2.6
 	github.com/kubescape/go-git-url v0.0.30
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.14.11/go.sum new/melange-0.15.0/go.sum
--- old/melange-0.14.11/go.sum	2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/go.sum	2024-11-01 20:03:52.000000000 +0100
@@ -1,5 +1,3 @@
-al.essio.dev/pkg/shellescape v1.5.1 h1:86HrALUujYS/h+GtqoB26SBEdkWfmMI6FubjXlsXyho=
-al.essio.dev/pkg/shellescape v1.5.1/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890=
 cel.dev/expr v0.16.1 h1:NR0+oFYzR1CqLFhTAqg3ql59G9VfN8fKq1TCHJ6gq1g=
 cel.dev/expr v0.16.1/go.mod h1:AsGA5zb3WruAEQeQng1RZdGEXmBj0jvMWh6l5SnNuC8=
 chainguard.dev/apko v0.19.4 h1:ce01FSWOKiVk2+3d4BDol/AiOqnUQLaq121XrlcWn1M=
@@ -310,6 +308,8 @@
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
 github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.14.11/pkg/build/build.go new/melange-0.15.0/pkg/build/build.go
--- old/melange-0.14.11/pkg/build/build.go	2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/pkg/build/build.go	2024-11-01 20:03:52.000000000 +0100
@@ -112,6 +112,7 @@
 	Remove                bool
 	LintRequire, LintWarn []string
 	DefaultCPU            string
+	DefaultCPUModel       string
 	DefaultDisk           string
 	DefaultMemory         string
 	DefaultTimeout        time.Duration
@@ -198,6 +199,7 @@
 		config.WithEnvFileForParsing(b.EnvFile),
 		config.WithVarsFileForParsing(b.VarsFile),
 		config.WithDefaultCPU(b.DefaultCPU),
+		config.WithDefaultCPUModel(b.DefaultCPUModel),
 		config.WithDefaultDisk(b.DefaultDisk),
 		config.WithDefaultMemory(b.DefaultMemory),
 		config.WithDefaultTimeout(b.DefaultTimeout),
@@ -770,7 +772,7 @@
 		log.Infof("empty workspace requested")
 	} else {
 		// Prepare workspace directory
-		if err := os.MkdirAll(b.WorkspaceDir, 0755); err != nil {
+		if err := os.MkdirAll(b.WorkspaceDir, 0o755); err != nil {
 			return fmt.Errorf("mkdir -p %s: %w", b.WorkspaceDir, err)
 		}
 
@@ -789,7 +791,7 @@
 
 	if !b.isBuildLess() {
 		// Prepare guest directory
-		if err := os.MkdirAll(b.GuestDir, 0755); err != nil {
+		if err := os.MkdirAll(b.GuestDir, 0o755); err != nil {
 			return fmt.Errorf("mkdir -p %s: %w", b.GuestDir, err)
 		}
 
@@ -1002,7 +1004,7 @@
 func (b Build) writeSBOM(pkgName string, doc *spdx.Document) error {
 	apkFSPath := filepath.Join(b.WorkspaceDir, melangeOutputDirName, pkgName)
 	sbomDirPath := filepath.Join(apkFSPath, "/var/lib/db/sbom")
-	if err := os.MkdirAll(sbomDirPath, os.FileMode(0755)); err != nil {
+	if err := os.MkdirAll(sbomDirPath, os.FileMode(0o755)); err != nil {
 		return fmt.Errorf("creating SBOM directory: %w", err)
 	}
 
@@ -1121,6 +1123,7 @@
 
 	if b.Configuration.Package.Resources != nil {
 		cfg.CPU = b.Configuration.Package.Resources.CPU
+		cfg.CPUModel = b.Configuration.Package.Resources.CPUModel
 		cfg.Memory = b.Configuration.Package.Resources.Memory
 		cfg.Disk = b.Configuration.Package.Resources.Disk
 	}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.14.11/pkg/build/options.go new/melange-0.15.0/pkg/build/options.go
--- old/melange-0.14.11/pkg/build/options.go	2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/pkg/build/options.go	2024-11-01 20:03:52.000000000 +0100
@@ -351,6 +351,13 @@
 	}
 }
 
+func WithCPUModel(cpumodel string) Option {
+	return func(b *Build) error {
+		b.DefaultCPUModel = cpumodel
+		return nil
+	}
+}
+
 func WithDisk(disk string) Option {
 	return func(b *Build) error {
 		b.DefaultDisk = disk
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.14.11/pkg/cli/build.go new/melange-0.15.0/pkg/cli/build.go
--- old/melange-0.14.11/pkg/cli/build.go	2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/pkg/cli/build.go	2024-11-01 20:03:52.000000000 +0100
@@ -71,7 +71,7 @@
 	var interactive bool
 	var remove bool
 	var runner string
-	var cpu, memory, disk string
+	var cpu, cpumodel, memory, disk string
 	var timeout time.Duration
 	var extraPackages []string
 	var libc string
@@ -182,6 +182,7 @@
 				build.WithLintRequire(lintRequire),
 				build.WithLintWarn(lintWarn),
 				build.WithCPU(cpu),
+				build.WithCPUModel(cpumodel),
 				build.WithDisk(disk),
 				build.WithMemory(memory),
 				build.WithTimeout(timeout),
@@ -250,6 +251,7 @@
 	cmd.Flags().BoolVarP(&interactive, "interactive", "i", false, "when enabled, attaches stdin with a tty to the pod on failure")
 	cmd.Flags().BoolVar(&remove, "rm", true, "clean up intermediate artifacts (e.g. container images, temp dirs)")
 	cmd.Flags().StringVar(&cpu, "cpu", "", "default CPU resources to use for builds")
+	cmd.Flags().StringVar(&cpumodel, "cpumodel", "host", "default memory resources to use for builds")
 	cmd.Flags().StringVar(&disk, "disk", "", "disk size to use for builds")
 	cmd.Flags().StringVar(&memory, "memory", "", "default memory resources to use for builds")
 	cmd.Flags().DurationVar(&timeout, "timeout", 0, "default timeout for builds")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.14.11/pkg/config/config.go new/melange-0.15.0/pkg/config/config.go
--- old/melange-0.14.11/pkg/config/config.go	2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/pkg/config/config.go	2024-11-01 20:03:52.000000000 +0100
@@ -123,9 +123,10 @@
 }
 
 type Resources struct {
-	CPU    string `json:"cpu,omitempty" yaml:"cpu,omitempty"`
-	Memory string `json:"memory,omitempty" yaml:"memory,omitempty"`
-	Disk   string `json:"disk,omitempty" yaml:"disk,omitempty"`
+	CPU      string `json:"cpu,omitempty" yaml:"cpu,omitempty"`
+	CPUModel string `json:"cpumodel,omitempty" yaml:"cpumodel,omitempty"`
+	Memory   string `json:"memory,omitempty" yaml:"memory,omitempty"`
+	Disk     string `json:"disk,omitempty" yaml:"disk,omitempty"`
 }
 
 // PackageURL returns the package URL ("purl") for the APK (origin) package.
@@ -882,11 +883,11 @@
 type ConfigurationParsingOption func(*configOptions)
 
 type configOptions struct {
-	filesystem        fs.FS
-	envFilePath       string
-	cpu, memory, disk string
-	timeout           time.Duration
-	commit            string
+	filesystem                  fs.FS
+	envFilePath                 string
+	cpu, cpumodel, memory, disk string
+	timeout                     time.Duration
+	commit                      string
 
 	varsFilePath string
 }
@@ -911,6 +912,12 @@
 	}
 }
 
+func WithDefaultCPUModel(cpumodel string) ConfigurationParsingOption {
+	return func(options *configOptions) {
+		options.cpumodel = cpumodel
+	}
+}
+
 func WithDefaultDisk(disk string) ConfigurationParsingOption {
 	return func(options *configOptions) {
 		options.disk = disk
@@ -1408,6 +1415,9 @@
 	if options.cpu != "" {
 		cfg.Package.Resources.CPU = options.cpu
 	}
+	if options.cpumodel != "" {
+		cfg.Package.Resources.CPUModel = options.cpumodel
+	}
 	if options.memory != "" {
 		cfg.Package.Resources.Memory = options.memory
 	}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.14.11/pkg/container/config.go new/melange-0.15.0/pkg/container/config.go
--- old/melange-0.14.11/pkg/container/config.go	2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/pkg/container/config.go	2024-11-01 20:03:52.000000000 +0100
@@ -43,18 +43,19 @@
 }
 
 type Config struct {
-	PackageName  string
-	Mounts       []BindMount
-	Capabilities Capabilities
-	Environment  map[string]string
-	ImgRef       string
-	PodID        string
-	Arch         apko_types.Architecture
-	RunAs        string
-	WorkspaceDir string
-	CPU, Memory  string
-	SSHKey       []byte
-	SSHAddress   string
-	Disk         string
-	Timeout      time.Duration
+	PackageName           string
+	Mounts                []BindMount
+	Capabilities          Capabilities
+	Environment           map[string]string
+	ImgRef                string
+	PodID                 string
+	Arch                  apko_types.Architecture
+	RunAs                 string
+	WorkspaceDir          string
+	CPU, CPUModel, Memory string
+	SSHKey                []byte
+	SSHAddress            string
+	SSHHostKey            string
+	Disk                  string
+	Timeout               time.Duration
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/melange-0.14.11/pkg/container/qemu_runner.go new/melange-0.15.0/pkg/container/qemu_runner.go
--- old/melange-0.14.11/pkg/container/qemu_runner.go	2024-10-28 17:38:43.000000000 +0100
+++ new/melange-0.15.0/pkg/container/qemu_runner.go	2024-11-01 20:03:52.000000000 +0100
@@ -37,7 +37,6 @@
 	"strings"
 	"time"
 
-	"al.essio.dev/pkg/shellescape"
 	apko_build "chainguard.dev/apko/pkg/build"
 	apko_types "chainguard.dev/apko/pkg/build/types"
 	apko_cpio "chainguard.dev/apko/pkg/cpio"
@@ -45,8 +44,10 @@
 	"github.com/chainguard-dev/clog"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/tarball"
+	"github.com/kballard/go-shellquote"
 	"go.opentelemetry.io/otel"
 	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/knownhosts"
 )
 
 var _ Debugger = (*qemu)(nil)
@@ -54,9 +55,7 @@
 const QemuName = "qemu"
 
 const (
-	defaultDiskSize   = "50Gi"
-	SSHPortRangeStart = 10000
-	SSHPortRangeEnd   = 50000
+	defaultDiskSize = "50Gi"
 )
 
 type qemu struct{}
@@ -166,7 +165,7 @@
 	ctx, span := otel.Tracer("melange").Start(ctx, "qemu.StartPod")
 	defer span.End()
 
-	port, err := randpomPortN()
+	port, err := randomPortN()
 	if err != nil {
 		return err
 	}
@@ -183,6 +182,7 @@
 	defer span.End()
 	defer os.Remove(cfg.ImgRef)
 	defer os.Remove(cfg.Disk)
+	defer os.Remove(cfg.SSHHostKey)
 
 	clog.FromContext(ctx).Info("qemu: sending shutdown signal")
 	err := sendSSHCommand(ctx,
@@ -254,7 +254,8 @@
 	// create an initramfs from the layer
 	guestInitramfs, err := os.CreateTemp("", "melange-guest-*.initramfs.cpio")
 	if err != nil {
-		return ref, fmt.Errorf("failed to create guest dir: %w", err)
+		clog.FromContext(ctx).Errorf("failed to create guest dir: %v", err)
+		return ref, err
 	}
 
 	// in case of some kernel images, we also need the /lib/modules directory to load
@@ -273,7 +274,8 @@
 
 	err = apko_cpio.FromLayer(layer, guestInitramfs)
 	if err != nil {
-		return ref, fmt.Errorf("failed to create cpio initramfs: %w", err)
+		clog.FromContext(ctx).Errorf("failed to create cpio initramfs: %v", err)
+		return ref, err
 	}
 
 	return guestInitramfs.Name(), nil
@@ -308,7 +310,7 @@
 		"/usr/share/qemu/bios-microvm.bin",
 		"/usr/share/seabios/bios-microvm.bin",
 	} {
-		if _, err := os.Stat(p); err == nil {
+		if _, err := os.Stat(p); err == nil && cfg.Arch.ToAPK() != "aarch64" {
 			// only enable pcie for network, enable RTC for kernel, disable i8254PIT, i8259PIC and serial port
 			baseargs = append(baseargs, "-machine", "microvm,rtc=on,pcie=on,pit=off,pic=off,isa-serial=off")
 			baseargs = append(baseargs, "-bios", p)
@@ -320,6 +322,11 @@
 	// we need to fallback to -machine virt, if not machine has been specified
 	if !microvm {
 		baseargs = append(baseargs, "-machine", "virt")
+		if cfg.Arch.ToAPK() != apko_types.ParseArchitecture(runtime.GOARCH).ToAPK() {
+			baseargs = append(baseargs, "-machine", "virt,virtualization=true")
+		} else if _, err := os.Stat("/dev/kvm"); err == nil {
+			baseargs = append(baseargs, "-machine", "virt")
+		}
 	}
 
 	baseargs = append(baseargs, "-kernel", kernelPath)
@@ -350,12 +357,21 @@
 
 	// use kvm on linux, and Hypervisor.framework on macOS
 	if runtime.GOOS == "linux" {
-		baseargs = append(baseargs, "-enable-kvm")
+		if cfg.Arch.ToAPK() != apko_types.ParseArchitecture(runtime.GOARCH).ToAPK() {
+			baseargs = append(baseargs, "-accel", "tcg,thread=multi")
+		} else if _, err := os.Stat("/dev/kvm"); err == nil {
+			baseargs = append(baseargs, "-accel", "kvm")
+		}
 	} else if runtime.GOOS == "darwin" {
 		baseargs = append(baseargs, "-accel", "hvf")
 	}
 
-	baseargs = append(baseargs, "-cpu", "host")
+	if cfg.CPUModel != "" {
+		baseargs = append(baseargs, "-cpu", cfg.CPUModel)
+	} else {
+		baseargs = append(baseargs, "-cpu", "host")
+	}
+
 	baseargs = append(baseargs, "-daemonize")
 	// ensure we disable unneeded devices, this is less needed if we use microvm machines
 	// but still useful otherwise
@@ -427,6 +443,7 @@
 			break
 		}
 		try++
+		time.Sleep(time.Millisecond * 200)
 	}
 	if try >= retries {
 		// ensure cleanup of resources
@@ -435,6 +452,11 @@
 		return fmt.Errorf("qemu: could not start VM, timeout reached")
 	}
 
+	err = getHostKey(ctx, cfg)
+	if err != nil {
+		return fmt.Errorf("qemu: could not get VM host key")
+	}
+
 	// default to root user but if a different user is specified
 	// we will use the embedded build:1000:1000 user
 	user := "root"
@@ -464,6 +486,8 @@
 			clog.FromContext(ctx).Infof("qemu: local QEMU_KERNEL_IMAGE file detected, using: %s", kernelVar)
 			kernel = kernelVar
 		}
+	} else if _, err := os.Stat(kernel); err != nil {
+		return "", "", fmt.Errorf("qemu: /boot/vmlinuz not found, specify a kernel path with env variable QEMU_KERNEL_IMAGE and QEMU_KERNEL_MODULES if needed")
 	}
 
 	return kernel, cfg.ImgRef, nil
@@ -610,6 +634,59 @@
 	return nil
 }
 
+func getHostKey(ctx context.Context, cfg *Config) error {
+	var hostKey ssh.PublicKey
+
+	signer, err := ssh.ParsePrivateKey(cfg.SSHKey)
+	if err != nil {
+		clog.FromContext(ctx).Errorf("Unable to parse private key: %v", err)
+		return err
+	}
+
+	// Create SSH client configuration
+	config := &ssh.ClientConfig{
+		User: "build",
+		Auth: []ssh.AuthMethod{
+			ssh.PublicKeys(signer),
+		},
+		Config: ssh.Config{
+			Ciphers: []string{"aes128-ctr"},
+		},
+		HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
+			hostKey = key
+			return nil // Accept the host key for the purpose of retrieving it
+		},
+	}
+
+	// Connect to the SSH server
+	client, err := ssh.Dial("tcp", cfg.SSHAddress, config)
+	if err != nil {
+		clog.FromContext(ctx).Errorf("Failed to dial: %s", err)
+		return err
+	}
+	defer client.Close()
+
+	// Write the host key to the known_hosts file
+	hostKeyLine := fmt.Sprintf("%s %s %s\n", cfg.SSHAddress, hostKey.Type(), base64.StdEncoding.EncodeToString(hostKey.Marshal()))
+	clog.FromContext(ctx).Infof("host-key: %s", hostKeyLine)
+
+	knownHost, err := os.CreateTemp("", "known_hosts_*")
+	if err != nil {
+		clog.FromContext(ctx).Errorf("host-key fetch - failed to create random known_hosts file: %v", err)
+		return err
+	}
+	defer knownHost.Close()
+
+	cfg.SSHHostKey = knownHost.Name()
+
+	_, err = knownHost.Write([]byte(hostKeyLine))
+	if err != nil {
+		clog.FromContext(ctx).Errorf("host-key fetch - failed to write to known_hosts file: %v", err)
+		return err
+	}
+	return nil
+}
+
 func sendSSHCommand(ctx context.Context, user, address string,
 	cfg *Config, extraVars map[string]string,
 	stdin io.Reader, stderr, stdout io.Writer,
@@ -621,6 +698,12 @@
 		return err
 	}
 
+	hostKeyCallback, err := knownhosts.New(cfg.SSHHostKey)
+	if err != nil {
+		clog.FromContext(ctx).Errorf("could not create hostkeycallback function: %v", err)
+		return err
+	}
+
 	// Create SSH client configuration
 	config := &ssh.ClientConfig{
 		User: user,
@@ -630,7 +713,7 @@
 		Config: ssh.Config{
 			Ciphers: []string{"aes128-ctr"},
 		},
-		HostKeyCallback: ssh.InsecureIgnoreHostKey(), // equivalent to StrictHostKeyChecking=no
+		HostKeyCallback: hostKeyCallback,
 	}
 
 	// Connect to the SSH server
@@ -681,15 +764,9 @@
 		}
 	}
 
-	b64cmd := base64.StdEncoding.EncodeToString([]byte(shellescape.QuoteCommand(command)))
-	cmd := strings.Join(
-		[]string{
-			"_c=$(echo " + b64cmd + "| base64 -d) || exit 97",
-			"eval set -- \"$_c\" || exit 98",
-			"exec \"$@\"",
-		}, " ;")
+	cmd := shellquote.Join(command...)
 
-	clog.FromContext(ctx).Infof("running (%d) %v", len(command), command)
+	clog.FromContext(ctx).Infof("running (%d) %v", len(command), cmd)
 	err = session.Run(cmd)
 	if err != nil {
 		clog.FromContext(ctx).Errorf("Failed to run command %v: %s", command, err)
@@ -801,15 +878,12 @@
 	return mem
 }
 
-func randpomPortN() (int, error) {
-	for port := SSHPortRangeStart; port <= SSHPortRangeEnd; port++ {
-		address := fmt.Sprintf("localhost:%d", port)
-		listener, err := net.Listen("tcp", address)
-		if err == nil {
-			listener.Close()
-			return port, nil
-		}
+func randomPortN() (int, error) {
+	l, err := net.Listen("tcp", "localhost:0")
+	if err != nil {
+		return 0, fmt.Errorf("no open port found")
 	}
+	defer l.Close()
 
-	return 0, fmt.Errorf("no open port found in range %d-%d", SSHPortRangeStart, SSHPortRangeEnd)
+	return l.Addr().(*net.TCPAddr).Port, nil
 }

++++++ melange.obsinfo ++++++
--- /var/tmp/diff_new_pack.Sn1KAa/_old	2024-11-02 16:12:13.164354408 +0100
+++ /var/tmp/diff_new_pack.Sn1KAa/_new	2024-11-02 16:12:13.168354575 +0100
@@ -1,5 +1,5 @@
 name: melange
-version: 0.14.11
-mtime: 1730133523
-commit: 7af591847a044b2eb12246dcabf1f4e5346cd9ea
+version: 0.15.0
+mtime: 1730487832
+commit: e1fb07674e1d11b0691011c29cc256a2b4e88e5f
 

++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/melange/vendor.tar.gz /work/SRC/openSUSE:Factory/.melange.new.2020/vendor.tar.gz differ: char 5, line 1

    

Source-Sync

tags

participants (1)