diff --git a/.grype.yaml b/.grype.yaml index bd1a2b69b..cdefcaa86 100644 --- a/.grype.yaml +++ b/.grype.yaml @@ -3,3 +3,8 @@ ignore: # see https://github.com/anchore/grype/issues/558 - vulnerability: CVE-2015-5237 - vulnerability: CVE-2021-22570 + # https://github.com/opencontainers/runc/issues/4233 + - vulnerability: CVE-2024-3154 + - package: + name: github.com/opencontainers/runc + version: v1.1.12 diff --git a/.trivyignore b/.trivyignore index 1b543c066..0b7fcae4b 100644 --- a/.trivyignore +++ b/.trivyignore @@ -1,2 +1,4 @@ # Temp ignore, as 2.36-9+deb12u6 is not yet available in debian CVE-2024-2961 +# opencontainers/runc 1.2.0-rc.1 is incompatible with Go 1.22: https://github.com/opencontainers/runc/issues/4233 +CVE-2024-3154 diff --git a/internal/driver/registry_default.go b/internal/driver/registry_default.go index 4d8ba3f74..928ce0398 100644 --- a/internal/driver/registry_default.go +++ b/internal/driver/registry_default.go @@ -65,7 +65,9 @@ type ( mapper *relationtuple.Mapper readOnlyMapper *relationtuple.Mapper - initialized sync.Once + init1, init2 sync.Once + init1err, init2err error + healthH *healthx.Handler healthServer *health.Server handlers []Handler @@ -310,42 +312,47 @@ func (r *RegistryDefault) DetermineNetwork(ctx context.Context) (*networkx.Netwo } func (r *RegistryDefault) InitWithoutNetworkID(ctx context.Context) error { - if dbal.IsMemorySQLite(r.Config(ctx).DSN()) { - mb, err := r.MigrationBox(ctx) - if err != nil { - return err + r.init1.Do(func() { + if dbal.IsMemorySQLite(r.Config(ctx).DSN()) { + mb, err := r.MigrationBox(ctx) + if err != nil { + r.init1err = err + return + } + + if err := mb.Up(ctx); err != nil { + r.init1err = err + return + } } - if err := mb.Up(ctx); err != nil { - return err + p, err := sql.NewPersister(ctx, r, uuid.Nil) + if err != nil { + r.init1err = err + return } - } - return nil + r.p = p + r.traverser = sql.NewTraverser(p) + }) + return r.init1err } func (r *RegistryDefault) Init(ctx context.Context) (err error) { - r.initialized.Do(func() { - err = func() error { - if err := r.InitWithoutNetworkID(ctx); err != nil { - return err - } - - network, err := r.DetermineNetwork(ctx) - if err != nil { - return err - } + r.init2.Do(func() { + if err := r.InitWithoutNetworkID(ctx); err != nil { + r.init2err = err + return + } - p, err := sql.NewPersister(ctx, r, network.ID) - if err != nil { - return err - } - r.p = p - r.traverser = sql.NewTraverser(p) + network, err := r.DetermineNetwork(ctx) + if err != nil { + r.init2err = err + return + } - return nil - }() + r.p.SetNetwork(network.ID) }) - return + return r.init2err } var _ x.TransactorProvider = (*RegistryDefault)(nil) diff --git a/internal/persistence/definitions.go b/internal/persistence/definitions.go index 9b6a51a8a..876504090 100644 --- a/internal/persistence/definitions.go +++ b/internal/persistence/definitions.go @@ -22,6 +22,7 @@ type ( Connection(ctx context.Context) *pop.Connection NetworkID(ctx context.Context) uuid.UUID + SetNetwork(nid uuid.UUID) Transaction(ctx context.Context, f func(ctx context.Context) error) error } Migrator interface { diff --git a/internal/persistence/sql/persister.go b/internal/persistence/sql/persister.go index 963142e58..7fd5d94f6 100644 --- a/internal/persistence/sql/persister.go +++ b/internal/persistence/sql/persister.go @@ -100,6 +100,10 @@ func (p *Persister) NetworkID(ctx context.Context) uuid.UUID { return p.d.Contextualizer().Network(ctx, p.nid) } +func (p *Persister) SetNetwork(nid uuid.UUID) { + p.nid = nid +} + func internalPaginationFromOptions(opts ...x.PaginationOptionSetter) (*internalPagination, error) { xp := x.GetPaginationOptions(opts...) ip := &internalPagination{ diff --git a/internal/persistence/sql/traverser.go b/internal/persistence/sql/traverser.go index f2a000c2e..542e6f2ff 100644 --- a/internal/persistence/sql/traverser.go +++ b/internal/persistence/sql/traverser.go @@ -22,7 +22,6 @@ type ( Traverser struct { conn *pop.Connection d dependencies - nid uuid.UUID p *Persister } @@ -195,7 +194,6 @@ func NewTraverser(p *Persister) *Traverser { return &Traverser{ conn: p.conn, d: p.d, - nid: p.nid, p: p, } }