From c89fa839cd7a8d6eb617b6f09d6f4add939758c9 Mon Sep 17 00:00:00 2001 From: Steve Brasier Date: Fri, 20 Oct 2023 10:30:42 +0000 Subject: [PATCH] fix stackhpc cve-2023-41914 build --- ansible/roles/cve-2023-41914/README.md | 8 ++++++-- environments/.stackhpc/hooks/post.yml | 6 +++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ansible/roles/cve-2023-41914/README.md b/ansible/roles/cve-2023-41914/README.md index 3ed1c0dae..9c2c282ec 100644 --- a/ansible/roles/cve-2023-41914/README.md +++ b/ansible/roles/cve-2023-41914/README.md @@ -18,14 +18,18 @@ This role can be run in two ways: **NB**: This playbook will ALWAYS stop and restart Slurm, even if no updates are actually required. -2. To remediate images during build (i.e no Slurm services are running, no slurm database exists), run `tasks/install-rpms.yml`, e.g. using the following in an environment pre-hook: +2. To remediate images during build (i.e no Slurm services are running, no slurm database exists), run `tasks/validate.yml` then `tasks/install-rpms.yml`, e.g. using the following in an environment pre-hook: ```yaml - hosts: builder gather_facts: no become: yes tasks: - - name: Fix cve-2023-41914 + - name: Check fixes for cve-2023-41914 can be applied + import_role: + name: cve-2023-41914 + tasks_from: validate.yml + - name: Apply fixes for cve-2023-41914 import_role: name: cve-2023-41914 tasks_from: install-rpms.yml diff --git a/environments/.stackhpc/hooks/post.yml b/environments/.stackhpc/hooks/post.yml index 48223a5a4..22cdc38f7 100644 --- a/environments/.stackhpc/hooks/post.yml +++ b/environments/.stackhpc/hooks/post.yml @@ -2,7 +2,11 @@ gather_facts: no become: yes tasks: - - name: Fix cve-2023-41914 + - name: Check fixes for cve-2023-41914 can be applied + import_role: + name: cve-2023-41914 + tasks_from: validate.yml + - name: Apply fixes for cve-2023-41914 import_role: name: cve-2023-41914 tasks_from: install-rpms.yml