From d3c5ce06e79dada28a63a8f2a6d2d41237947b89 Mon Sep 17 00:00:00 2001 From: Pablo Baeyens Date: Thu, 6 Jun 2024 14:36:37 +0000 Subject: [PATCH] [chore] Clarify that cmd/otelcorecol and top-level go.mod are not the source of the core distro (#10351) #### Description Documents the purpose of `cmd/otelcorecol` in a new README and in a comment on the builder manifest. Adds note to top-level go.mod. This is a common point of confusion and was recently confusing for users on the aftermath of CVE-2024-36129 Counterpart to open-telemetry/opentelemetry-collector-contrib/pull/33409 --------- Co-authored-by: Armin Ruech <7052238+arminru@users.noreply.github.com> --- cmd/otelcorecol/README.md | 4 ++++ cmd/otelcorecol/builder-config.yaml | 8 ++++++++ go.mod | 8 ++++++++ 3 files changed, 20 insertions(+) create mode 100644 cmd/otelcorecol/README.md diff --git a/cmd/otelcorecol/README.md b/cmd/otelcorecol/README.md new file mode 100644 index 00000000000..f79604734fa --- /dev/null +++ b/cmd/otelcorecol/README.md @@ -0,0 +1,4 @@ +# `otelcorecol` test binary + +This folder contains the sources for the `otelcorecol` test binary. This binary is intended for internal **TEST PURPOSES ONLY**. The source files in this folder are **NOT** the ones used to build any official OpenTelemetry Collector releases. +Check [open-telemetry/opentelemetry-collector-releases](https://github.com/open-telemetry/opentelemetry-collector-releases) for the official releases. Check the [**`otelcol` folder**](https://github.com/open-telemetry/opentelemetry-collector-releases/tree/main/distributions/otelcol) on that repository for the official Collector core manifest. diff --git a/cmd/otelcorecol/builder-config.yaml b/cmd/otelcorecol/builder-config.yaml index 2a1390befe3..a5fd63d4597 100644 --- a/cmd/otelcorecol/builder-config.yaml +++ b/cmd/otelcorecol/builder-config.yaml @@ -1,3 +1,11 @@ +# NOTE: +# This builder configuration is NOT used to build any official binary. +# To see the builder manifests used for official binaries, +# check https://github.com/open-telemetry/opentelemetry-collector-releases +# +# For the OpenTelemetry Collector Core official distribution sources, check +# https://github.com/open-telemetry/opentelemetry-collector-releases/tree/main/distributions/otelcol + dist: module: go.opentelemetry.io/collector/cmd/otelcorecol name: otelcorecol diff --git a/go.mod b/go.mod index ac030871ca7..b4c6bab7f18 100644 --- a/go.mod +++ b/go.mod @@ -1,5 +1,13 @@ module go.opentelemetry.io/collector +// NOTE: +// This go.mod is NOT used to build any official binary. +// To see the builder manifests used for official binaries, +// check https://github.com/open-telemetry/opentelemetry-collector-releases +// +// For the OpenTelemetry Collector Core distribution specifically, see +// https://github.com/open-telemetry/opentelemetry-collector-releases/tree/main/distributions/otelcol + go 1.21.0 require (