We should use a golang that isn't having security issues.
This includes:
* go1.14.6 (released 2020/07/16) includes fixes to the go command, the
compiler, the linker, vet, and the database/sql, encoding/json,
net/http, reflect, and testing packages. See the Go 1.14.6 milestone on
our issue tracker for details.
* go1.14.7 (released 2020/08/06) includes security fixes to the
encoding/binary package. See the Go 1.14.7 milestone on our issue
tracker for details (CVE-2020-16845)
Signed-off-by: Dirk Mueller <dirk@dmllr.de>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
* Fix migration script
1. port is string when parsed from configparser
2. remove index and db_user in if condition
Signed-off-by: Qian Deng <dengq@vmware.com>
* Add port to public_url
Add port to public_url
Signed-off-by: Qian Deng <dengq@vmware.com>
* Customized value for notary and clair
db config in notary and clair is hardcoded
Signed-off-by: Qian Deng <dengq@vmware.com>
* Add notary and clair db config in harbor.yml
Add notary clair config to harbor.yml and fix related regression
Signed-off-by: Qian Deng <dengq@vmware.com>
This commit removes code to support upgrade from <v1.6.0
It also removes packages for supporting mysql/mariadb from Dockerfile
It does not handle the optimization in the script such as run.sh after the update.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
mount a temp dir input for all input files and configs
generated secrets file stored in data volumns keys dir
certs file stored in data volumns nginx dir
Signed-off-by: Qian Deng <dengq@vmware.com>
The psycopg2 installed by pip has very old `.so` files.
This commit will mitigate such issue by using `tdnf` to install this package.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is to fix the issue on notary migrations from mysql to pgsql.
1, alter sequence for the primary key of changeseed, this is missed in v1.6.0 migrator.
2, alter table owners from postgres to notarysigner and notaryserver.
Issue:
https://github.com/goharbor/harbor/issues/6465
Workaround:
https://github.com/goharbor/harbor/issues/6465#issuecomment-445162616
Impacted upgrade path:
1, Upgrade from version older then v1.6.0 with migrator:v1.6.0, and migrates the notarty DB.
No impacted upgrade path:
1, Upgrade from version older than v1.6.0 with migrator:v1.6.0, but without migrates the notarty DB.
Notes:
After merge this fix, we need to provide an new migrator with an new tag, like v1.6.1, and
deprecated the v1.6.0. For those who was impacted by migrator v1.6.0, will open an new PR to build
the workaround into the migrator and expose an specical command for hot-fix.
Signed-off-by: wang yan <wangyan@vmware.com>
This commit is to fix bug reported by community to upgrade v1.6.0, for the details
just refer to #5788. The fix is to add the encoding(utf-8) for the converter when to convert
the mysql data to pqsql data. Already passed on test with Chinese/Japanese.
Signed-off-by: wang yan <wangyan@vmware.com>
update
This commit is to remove the document/tests of ova from harbor repository as decide to deprecate
ova installer in the future release.
Signed-off-by: wang yan <wangyan@vmware.com>
In some user's environment, there's local object storage hosted with
self-signed certificate.
Because registry process runs in a photon container, it has to trust
the certificate in the photon level such that the registry can access
the storage service.
This commit updates the registry image to append custom cert to the root
bundle when the container is started. And make the customer cert
configurable in `harbor.cfg`
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
There's a limitation in the new harbor.cfg file the redis url will be
hard coded to the internal redis instance. We expect user to manually
edit the .cfg file if he's using a customized redis, this would be a
very rare case. We'll mention it in the release note of 1.6
Root cause: Use default 'now'::timestamp will not generate timestamp for each transaction,
PG will convert now to a timestamp as soon as the constant is parsed. To fix it, update it
to defult CURRENT_TIMESTAMP, thie setting is the same as default now(), which returns the
start time of current transaction because ther are fuction calls, hey will give the desired
behavior of defaulting to the time of row insertion.
Reference: https://www.postgresql.org/docs/9.6/static/functions-datetime.html#FUNCTIONS-DATETIME-CURRENT
PG version: 9.6.9