helm-set-status/0.3.0-r2: cve remediation #63423
Merged
Chainguard Internal Staging / elastic-build (STAGING)
succeeded
Aug 18, 2025 in 5m 35s
APKs built successfully
Build ID: b6902e05-06d3-4e78-854e-f7956eb7ca0b
Details
x86_64 Logs
Click to expand
/18 13:41:54 Running go mod tidy with go version '1.25.0' ...
running step "go/build"
retrieving workspace from builder:
fetching remote workspace
retrieved and wrote post-build workspace to: /tmp/melange-workspace-1230600199
running package linters for helm-set-status
linting apk: helm-set-status
checking license information
LICENSE: Apache-2.0 (1.000000) (notice)
checking gathered license information against the configuration
no license differences detected
license information check complete
invalid license: NOASSERTION
writing SBOM for helm-set-status
generating package helm-set-status-0.3.0-r3
scanning for ld.so.conf.d files...
scanning for shared object dependencies...
interpreter for helm-set-status => /lib64/ld-linux-x86-64.so.2
found lib libc.so.6 for usr/bin/helm-set-status
scanning for commands...
found command usr/bin/helm-set-status
scanning for -doc package...
scanning for pkg-config data...
scanning for python modules...
scanning for ruby gems...
scanning for shbang deps...
runtime:
so:ld-linux-x86-64.so.2
so:libc.so.6
provides:
cmd:helm-set-status=0.3.0-r3
installed-size: 89340099
data.tar.gz digest: 2ebfdf1d2cc0325cceb3fd08af01675fa11be7010fad131fb8bb46bdbf8b0b28
wrote packages/x86_64/helm-set-status-0.3.0-r3.apk
cleaning Workspace by removing 15 file/directories in /home/build
generating apk index from packages in packages/x86_64
processing package packages/x86_64/helm-set-status-0.3.0-r3.apk
updating index at packages/x86_64/APKINDEX.tar.gz with new packages: [helm-set-status-0.3.0-r3]
qemu: sending shutdown signal
command "melange" completed successfully
build completed successfully
uploading packages...
running command tar [-C packages -cf packages.tar .]
command "tar" completed successfully
running command curl [-s --upload-file packages.tar -H Content-Type: application/octet-stream https://storage.googleapis.com/stg-bundle-staging/wolfi/x86_64/1755524439004450548-helm-set-status-0.3.0-r3.tar.gz?Expires=1755567639&GoogleAccessId=ebuild-tho0c6rsknlo655tnyjlifi%40staging-enforce-cd1e.iam.gserviceaccount.com&Signature=CoF8weFaleuawo0isUDnH1ZOK0%2F3WtzE8ZeCGTnPuE0SGXlEsUw9BMFIsvnMMkWPzQUCCw57vDApoCqfgx8zJbbpbqJ8MgsBoYw%2FiSiTjdZLcy2sZc1OM2jM97U3j8a351HVdpr2YgBtaM6QJMDkGsL%2BeaV1exjj8MdQlygEGjJ94iREBbrMSUUzIHY5ISGy3RLMrgkeaEpKCr8I7IfpL3Iw%2FFLh52xTEegT8ZjFb0uks1W2ixfyF%2Br0rDbMuIzDc0AyD28tnL2yMnMcZhBkyD8UMlyQfDwdtJwD5indTeKiMIU9KalSq4WfW9AvZz5Ua64B%2B5xnXcmPOZrvH%2B81uw%3D%3D]
command "curl" completed successfully
upload completed successfully
packages.tar sha256sum: 876d3070b5d2905b139d414f8220542d932a65f37dbb270a915e8d059af2fc20
sha256sum "876d3070b5d2905b139d414f8220542d932a65f37dbb270a915e8d059af2fc20" written to /dev/termination-log
build completed successfully
Built 1 packages, hash: 876d3070b5d2905b139d414f8220542d932a65f37dbb270a915e8d059af2fc20, size: 27561472 bytes
parsed env
Connecting to CAS
REAPI initialization failed, continuing without tracking: failed to create REAPI client: failed to prepare gRPC dial options: couldn't create RPC creds for https://www.googleapis.com/auth/cloud-platform: couldn't create RPC creds from : credentials: failed to read the service account key file: open : no such file or directory
no puller identity configured, skipping setup
puller identity configured successfully
running tests...
running command /usr/bin/dind [dockerd] in background
command "/usr/bin/dind" started successfully
running command bash [-c
# Retry up to 60 seconds to wait for docker to start.
worked=false
for i in $(seq 60); do
if docker info >/dev/null 2>&1; then
worked=true
break
fi
echo "docker healthcheck failed, docker is not ready, retrying... ($i/60 seconds so far)..."
sleep 1
done
if [ "$worked" = "false" ]; then
echo "Failed to start docker after 60 seconds"
exit 1
fi
]
command "bash" completed successfully
running command melange [test helm-set-status.yaml --gcplog --source-dir helm-set-status --test-package-append wolfi-base --arch=x86_64 --env-file=build-x86_64.env --pipeline-dirs=pipelines --runner=qemu --repository-append=https://apk.cgr.dev/chainguard --repository-append=https://apk.chainreg.biz/wolfi-presubmit/258eecb36e9d0e75f281c589832b704de3009536 --repository-append=https://apk.chainreg.biz/wolfi-presubmit/258eecb36e9d0e75f281c589832b704de3009536]
Error: rpc error: code = NotFound desc = federate identity: rpc error: code = NotFound desc = no identity found for (https://accounts.google.com, 117407589438042601705)
Error running `chainctl auth token`: exit status 1
image configuration:
contents:
build repositories: []
runtime repositories: []
repositories: []
keyring: []
packages: [busybox etcd helm helm-set-status kubernetes kwok kwokctl]
accounts:
runas:
users:
- uid=1000(build) gid=1000
groups:
- gid=1000(build) members=[build]
installing wolfi-baselayout (20230201-r23)
installing ca-certificates-bundle (20250619-r5)
installing libgcc (15.2.0-r0)
installing glibc-locale-posix (2.41-r56)
installing glibc (2.41-r56)
installing ld-linux (2.41-r56)
installing libxcrypt (4.4.38-r4)
installing libcrypt1 (2.41-r56)
installing busybox (1.37.0-r48)
installing etcd-3.6 (3.6.4-r1)
installing helm (3.18.5-r0)
installing helm-set-status (0.3.0-r3)
installing kubernetes-1.33 (1.33.3-r2)
installing kwok (0.7.0-r3)
installing kwokctl (0.7.0-r3)
installing wolfi-keys (1-r12)
installing zlib (1.3.1-r51)
installing libcrypto3 (3.5.2-r1)
installing libssl3 (3.5.2-r1)
installing apk-tools (2.14.10-r7)
installing wolfi-base (1-r7)
populating workspace /tmp/melange-workspace-4020575084 from helm-set-status
qemu: generating ssh key pairs for ephemeral VM
qemu: generating initramfs
image configuration:
contents:
build repositories: [https://apk.cgr.dev/chainguard]
runtime repositories: []
repositories: []
keyring: []
packages: [microvm-init]
installing wolfi-baselayout (20230201-r23)
installing ca-certificates-bundle (20250619-r5)
installing libgcc (15.2.0-r0)
installing glibc-locale-posix (2.41-r56)
installing glibc (2.41-r56)
installing ld-linux (2.41-r56)
installing gnutar (1.35-r5)
installing libattr1 (2.5.2-r53)
installing attr (2.5.2-r53)
installing zlib (1.3.1-r51)
installing libzstd1 (1.5.7-r3)
installing xz (5.8.1-r2)
installing libcrypto3 (3.5.2-r1)
installing kmod (34.2-r41)
installing libbz2-1 (1.0.8-r21)
installing libelf (0.193-r4)
installing libmnl (1.0.5-r6)
installing libnftnl (1.3.0-r0)
installing xtables (1.8.11-r27)
installing iproute2 (6.16.0-r1)
installing libpcre2-8-0 (10.45-r3)
installing libsepol (3.9-r1)
installing libselinux (3.9-r1)
installing libxcrypt (4.4.38-r4)
installing libcrypt1 (2.41-r56)
installing linux-pam (1.7.1-r1)
installing openssh-keygen (10.0_p1-r4)
installing openssh-server-config (10.0_p1-r4)
installing openssh-server (10.0_p1-r4)
installing libstdc++ (15.2.0-r0)
installing inih (61-r1)
installing liburcu (0.15.3-r1)
installing libblkid (2.41.1-r4)
installing libuuid (2.41.1-r4)
installing xfsprogs-core (6.15.0-r2)
installing xfsprogs (6.15.0-r2)
installing libmount (2.41.1-r4)
installing mount (2.41.1-r4)
installing ncurses-terminfo-base (6.5_p20250621-r1)
installing ncurses (6.5_p20250621-r1)
installing setarch (2.41.1-r4)
installing libfdisk (2.41.1-r4)
installing sqlite-libs (3.50.4-r0)
installing util-linux (2.41.1-r4)
installing libsmartcols (2.41.1-r4)
installing util-linux-misc (2.41.1-r4)
installing busybox (1.37.0-r48)
installing microvm-init (0.0.1-r12)
qemu: starting VM
qemu: waiting for SSH
qemu: meta-data=/dev/vda isize=512 agcount=8, agsize=1638400 blks
qemu: = sectsz=4096 attr=2, projid32bit=1
qemu: = crc=1 finobt=1, sparse=1, rmapbt=1
qemu: = reflink=1 bigtime=1 inobtcount=1 nrext64=1
qemu: = exchange=0 metadir=0
qemu: data = bsize=4096 blocks=13107200, imaxpct=25
qemu: = sunit=0 swidth=0 blks
qemu: naming =version 2 bsize=4096 ascii-ci=0, ftype=1, parent=0
qemu: log =internal log bsize=4096 blocks=16384, version=2
qemu: = sectsz=4096 sunit=1 blks, lazy-count=1
qemu: realtime =none extsz=4096 blocks=0, rtextents=0
qemu: = rgcount=0 rgsize=0 extents
qemu: = zoned=0 start=0 reserved=0
qemu: Discarding blocks...Done.
qemu: ssh-keygen: generating new host keys: RSA ECDSA ED25519
qemu: Server listening on 0.0.0.0 port 2223.
qemu: Server listening on 0.0.0.0 port 22.
qemu: VM started successfully, SSH server is up
qemu: Connection closed by 10.0.2.2 port 35668
qemu: Accepted publickey for root from 10.0.2.2 port 35672 ssh2: ECDSA SHA256:1hbX3MeGgJkWG1/4H1/lXo2WzgWczOgHq07oHN6YpZs
qemu: Connection closed by 10.0.2.2 port 35672
qemu: Accepted publickey for root from 10.0.2.2 port 35674 ssh2: ECDSA SHA256:1hbX3MeGgJkWG1/4H1/lXo2WzgWczOgHq07oHN6YpZs
qemu: Accepted publickey for root from 10.0.2.2 port 41046 ssh2: ECDSA SHA256:1hbX3MeGgJkWG1/4H1/lXo2WzgWczOgHq07oHN6YpZs
qemu: setting up local workspace
running the main test pipeline
set-status 0.1.0 Manually set the status of a helm release
running step "test/kwok/cluster"
{"time":"2025-08-18T13:43:23.617785405Z","level":"INFO","source":{"function":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster.runE","file":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster/cluster.go","line":304},"msg":"Cluster is creating","cluster":"kwok"}
{"time":"2025-08-18T13:43:24.196823927Z","level":"INFO","source":{"function":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster.runE","file":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster/cluster.go","line":311},"msg":"Cluster is created","cluster":"kwok","elapsed":{"nanosecond":579042766,"human":"579.042766ms"}}
{"time":"2025-08-18T13:43:24.200551444Z","level":"INFO","source":{"function":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster.runE","file":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster/cluster.go","line":344},"msg":"Cluster is starting","cluster":"kwok"}
aarch64 Logs
Click to expand
ranch='' tag='v0.3.0' expcommit='260bbd88a52aba1a76d44ed2ae66dccf5615dbf3' recurse='false'
[git checkout] execute: git config --global --add safe.directory /tmp/tmp.JrWPCz
[git checkout] execute: git config --global --add safe.directory /home/build
[git checkout] execute: git clone --quiet --origin=origin --config=user.name=Melange Build [email protected] --config=advice.detachedHead=false --branch=v0.3.0 --depth=1 https://github.com/k3s-io/helm-set-status.git /tmp/tmp.JrWPCz
[git checkout] execute: cd /tmp/tmp.JrWPCz
[git checkout] tar -c . | tar -C "/home/build" -x
[git checkout] execute: cd /home/build
[git checkout] execute: git config --global --add safe.directory /home/build
[git checkout] execute: git fetch --quiet origin --depth=1 --no-tags +refs/tags/v0.3.0:refs/origin/tags/v0.3.0
[git checkout] execute: git checkout --quiet origin/tags/v0.3.0
[git checkout] tag v0.3.0 is 260bbd88a52aba1a76d44ed2ae66dccf5615dbf3
running step "go/bump"
2025/08/18 13:41:39 Local Go version: 1.25.0
2025/08/18 13:41:39 Running go mod tidy with go version '1.25.0' ...
2025/08/18 13:41:43 Update package: github.com/containerd/containerd
2025/08/18 13:41:43 Running go mod edit -droprequire ...
2025/08/18 13:41:43 Running go get ...
2025/08/18 13:41:49 Update package: golang.org/x/net
2025/08/18 13:41:49 Running go mod edit -droprequire ...
2025/08/18 13:41:49 Running go get ...
2025/08/18 13:41:50 Update package: golang.org/x/oauth2
2025/08/18 13:41:50 Running go mod edit -droprequire ...
2025/08/18 13:41:50 Running go get ...
2025/08/18 13:41:50 Update package: helm.sh/helm/v3
2025/08/18 13:41:50 Running go mod edit -droprequire ...
2025/08/18 13:41:50 Running go get ...
2025/08/18 13:41:52 Running go mod tidy with go version '1.25.0' ...
running step "go/build"
retrieving workspace from builder:
retrieved and wrote post-build workspace to: /tmp/melange-workspace-2089963988
running package linters for helm-set-status
linting apk: helm-set-status
checking license information
LICENSE: Apache-2.0 (1.000000) (notice)
checking gathered license information against the configuration
no license differences detected
license information check complete
invalid license: NOASSERTION
writing SBOM for helm-set-status
generating package helm-set-status-0.3.0-r3
scanning for ld.so.conf.d files...
scanning for shared object dependencies...
interpreter for helm-set-status => /lib/ld-linux-aarch64.so.1
found lib libc.so.6 for usr/bin/helm-set-status
scanning for commands...
found command usr/bin/helm-set-status
scanning for -doc package...
scanning for pkg-config data...
scanning for python modules...
scanning for ruby gems...
scanning for shbang deps...
runtime:
so:ld-linux-aarch64.so.1
so:libc.so.6
provides:
cmd:helm-set-status=0.3.0-r3
installed-size: 85745436
data.tar.gz digest: 10f525545313a3c6b06ff1559ed244e61b2fc89cc6da84b2f3f06f4d73e9132e
wrote packages/aarch64/helm-set-status-0.3.0-r3.apk
cleaning Workspace by removing 15 file/directories in /home/build
generating apk index from packages in packages/aarch64
processing package packages/aarch64/helm-set-status-0.3.0-r3.apk
updating index at packages/aarch64/APKINDEX.tar.gz with new packages: [helm-set-status-0.3.0-r3]
command "melange" completed successfully
build completed successfully
uploading packages...
running command tar [-C packages -cf packages.tar .]
command "tar" completed successfully
running command curl [-s --upload-file packages.tar -H Content-Type: application/octet-stream https://storage.googleapis.com/stg-bundle-staging/wolfi/aarch64/1755524439004378228-helm-set-status-0.3.0-r3.tar.gz?Expires=1755567639&GoogleAccessId=ebuild-tho0c6rsknlo655tnyjlifi%40staging-enforce-cd1e.iam.gserviceaccount.com&Signature=qQe92q%2BvIjqMVO7%2BMDlEki7AdAxYAgYCBSal53jNghidtFH0wkJRYdI1FWxnmZu%2FbLQRrnBUBRlNpqxs%2BvKxVMipqRCayCoCxS7snztEY6rR8V7BsM3yGf3RNMBCLsVAnOlGEzz1D51qYEN6erwzY2dqGhVI5FNMsgZScYIaTJK2BZGAS4BQVHCEtPeRGxZ4ReqB1Nya%2FD2bJv%2B4S9vhxkp0n%2FtXCeSQKq6thZJBqx645GAnANmfZmvskZW0QfRvhsmOw%2FyEpDBru%2FQPogT6NUKHvPigW9ueurP5H3YARfZo7pq01jM9AFdpxS2YZPJthjW3amXNxEj2mHPuzkkrXQ%3D%3D]
command "curl" completed successfully
upload completed successfully
packages.tar sha256sum: e0e7681ecc61db19e1f4435c06485b37be5a44cc8ec11d036098fda58fb8f189
sha256sum "e0e7681ecc61db19e1f4435c06485b37be5a44cc8ec11d036098fda58fb8f189" written to /dev/termination-log
build completed successfully
Built 1 packages, hash: e0e7681ecc61db19e1f4435c06485b37be5a44cc8ec11d036098fda58fb8f189, size: 25349120 bytes
parsed env
Connecting to CAS
REAPI initialization failed, continuing without tracking: failed to create REAPI client: failed to prepare gRPC dial options: couldn't create RPC creds for https://www.googleapis.com/auth/cloud-platform: couldn't create RPC creds from : credentials: failed to read the service account key file: open : no such file or directory
no puller identity configured, skipping setup
puller identity configured successfully
running tests...
running command /usr/bin/dind [dockerd] in background
command "/usr/bin/dind" started successfully
running command bash [-c
# Retry up to 60 seconds to wait for docker to start.
worked=false
for i in $(seq 60); do
if docker info >/dev/null 2>&1; then
worked=true
break
fi
echo "docker healthcheck failed, docker is not ready, retrying... ($i/60 seconds so far)..."
sleep 1
done
if [ "$worked" = "false" ]; then
echo "Failed to start docker after 60 seconds"
exit 1
fi
]
command "bash" completed successfully
running command melange [test helm-set-status.yaml --gcplog --source-dir helm-set-status --test-package-append wolfi-base --arch=aarch64 --env-file=build-aarch64.env --pipeline-dirs=pipelines --runner=docker --repository-append=https://apk.cgr.dev/chainguard --repository-append=https://apk.chainreg.biz/wolfi-presubmit/258eecb36e9d0e75f281c589832b704de3009536 --repository-append=https://apk.chainreg.biz/wolfi-presubmit/258eecb36e9d0e75f281c589832b704de3009536]
Error: rpc error: code = NotFound desc = federate identity: rpc error: code = NotFound desc = no identity found for (https://accounts.google.com, 117407589438042601705)
Error running `chainctl auth token`: exit status 1
image configuration:
contents:
build repositories: []
runtime repositories: []
repositories: []
keyring: []
packages: [busybox etcd helm helm-set-status kubernetes kwok kwokctl]
accounts:
runas:
users:
- uid=1000(build) gid=1000
groups:
- gid=1000(build) members=[build]
installing wolfi-baselayout (20230201-r23)
installing ca-certificates-bundle (20250619-r5)
installing libgcc (15.2.0-r0)
installing glibc-locale-posix (2.41-r56)
installing glibc (2.41-r56)
installing ld-linux (2.41-r56)
installing libxcrypt (4.4.38-r4)
installing libcrypt1 (2.41-r56)
installing busybox (1.37.0-r48)
installing etcd-3.6 (3.6.4-r1)
installing helm (3.18.5-r0)
installing helm-set-status (0.3.0-r3)
installing kubernetes-1.33 (1.33.3-r2)
installing kwok (0.7.0-r3)
installing kwokctl (0.7.0-r3)
installing wolfi-keys (1-r12)
installing zlib (1.3.1-r51)
installing libcrypto3 (3.5.2-r1)
installing libssl3 (3.5.2-r1)
installing apk-tools (2.14.10-r7)
installing wolfi-base (1-r7)
layer digest: sha256:f68622b226a1c768447d9c08494f40e4244e08ee3735b225386384b8f12df93d
layer diffID: sha256:fb0073b08bdc759bab6cec42e9fb62afdcc2e04fc5196d5364ba9db061c81c80
saving OCI image locally: apko.local/cache:29b4d875d0feefb23bb34ece1102d6829695dd3b08e1bcf3ad1bdb581430ad8e
populating workspace /tmp/melange-workspace-1539779796 from helm-set-status
running the main test pipeline
set-status 0.1.0 Manually set the status of a helm release
running step "test/kwok/cluster"
{"time":"2025-08-18T13:43:23.923787584Z","level":"INFO","source":{"function":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster.runE","file":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster/cluster.go","line":304},"msg":"Cluster is creating","cluster":"kwok"}
{"time":"2025-08-18T13:43:24.553820054Z","level":"INFO","source":{"function":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster.runE","file":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster/cluster.go","line":311},"msg":"Cluster is created","cluster":"kwok","elapsed":{"nanosecond":630038324,"human":"630.038324ms"}}
{"time":"2025-08-18T13:43:24.555473149Z","level":"INFO","source":{"function":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster.runE","file":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster/cluster.go","line":344},"msg":"Cluster is starting","cluster":"kwok"}
{"time":"2025-08-18T13:43:25.50992877Z","level":"INFO","source":{"function":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster.runE","file":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/create/cluster/cluster.go","line":349},"msg":"Cluster is started","cluster":"kwok","elapsed":{"nanosecond":954451040,"human":"954.45104ms"}}
{"time":"2025-08-18T13:43:25.528672902Z","level":"INFO","source":{"function":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/scale.runE","file":"sigs.k8s.io/kwok/pkg/kwokctl/cmd/scale/scale.go","line":112},"msg":"No resource found, use default resource","cluster":"kwok","resource":"node"}
{"time":"2025-08-18T13:43:25.708809236Z","level":"INFO","source":{"function":"sigs.k8s.io/kwok/pkg/kwokctl/snapshot.(*Loader).finishLoad","file":"sigs.k8s.io/kwok/pkg/kwokctl/snapshot/load.go","line":187},"msg":"Load resources","cluster":"kwok","name":"node","replicas":1,"resource":"nodes","counter":1,"elapsed":{"nanosecond":120668771,"human":"120.668771ms"}}
Attempt 1: /healthz not ready, retrying...
Attempt 2: /healthz not ready, retrying...
/healthz is ready
/readyz is ready
/openapi/v2 is ready
node/node-000000 condition met
Kubernetes control plane is running at https://127.0.0.1:32764
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
running step "Create ServiceAccount and Token"
Skipping ServiceAccount and Token creation as per input
running step "Install test chart and change status"
"kubernetes-dashboard" has been added to your repositories
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "kubernetes-dashboard" chart repository
Update Complete. ⎈Happy Helming!⎈
Indexes
https://apk.chainreg.biz/wolfi-presubmit/258eecb36e9d0e75f281c589832b704de3009536
Packages
- ✅ helm-set-status (success | 2m7s | x86_64 logs | aarch64 logs)
Tests
- ✅ helm-set-status (success | 30s | x86_64 logs | aarch64 logs)
More Observability
Command
cg build log \
--build-id b6902e05-06d3-4e78-854e-f7956eb7ca0b \
--project staging-images-183e \
--cluster elastic-pre-a \
--namespace pre-wolfi \
--start 2025-08-18T13:37:58Z \
--end 2025-08-18T13:53:35Z
Loading