fix stackhpc cve-2023-41914 build

stackhpc · Oct 20, 2023 · c89fa83 · c89fa83
1 parent c147d9c
commit c89fa83
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/ansible/roles/cve-2023-41914/README.md b/ansible/roles/cve-2023-41914/README.md
@@ -18,14 +18,18 @@ This role can be run in two ways:
 
     **NB**: This playbook will ALWAYS stop and restart Slurm, even if no updates are actually required.
 
-2. To remediate images during build (i.e no Slurm services are running, no slurm database exists), run `tasks/install-rpms.yml`, e.g. using the following in an environment pre-hook:
+2. To remediate images during build (i.e no Slurm services are running, no slurm database exists), run `tasks/validate.yml` then `tasks/install-rpms.yml`, e.g. using the following in an environment pre-hook:
 
 ```yaml
 - hosts: builder
   gather_facts: no
   become: yes
   tasks:
-    - name: Fix cve-2023-41914
+    - name: Check fixes for cve-2023-41914 can be applied
+      import_role:
+        name: cve-2023-41914
+        tasks_from: validate.yml
+    - name: Apply fixes for cve-2023-41914
       import_role:
         name: cve-2023-41914
         tasks_from: install-rpms.yml

diff --git a/environments/.stackhpc/hooks/post.yml b/environments/.stackhpc/hooks/post.yml
@@ -2,7 +2,11 @@
   gather_facts: no
   become: yes
   tasks:
-    - name: Fix cve-2023-41914
+    - name: Check fixes for cve-2023-41914 can be applied
+      import_role:
+        name: cve-2023-41914
+        tasks_from: validate.yml
+    - name: Apply fixes for cve-2023-41914
       import_role:
         name: cve-2023-41914
         tasks_from: install-rpms.yml