Make allow_other and allow_root mutually exclusive #475
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
monthonk
had a problem deploying
to
PR integration tests
GitHub Actions
Failure
monthonk
had a problem deploying
to
PR integration tests
GitHub Actions
Failure
monthonk
had a problem deploying
to
PR integration tests
GitHub Actions
Failure
monthonk
had a problem deploying
to
PR integration tests
GitHub Actions
Failure
monthonk
force-pushed
the
allow_other_options
branch
from
bba9153 to
bc359ad
Compare
monthonk
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
monthonk
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
monthonk
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
monthonk
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
Signed-off-by: Monthon Klongklaew <monthonk@amazon.com>
monthonk
force-pushed
the
allow_other_options
branch
from
bc359ad to
49a3097
Compare
monthonk
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
monthonk
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
monthonk
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
monthonk
temporarily deployed
to
PR integration tests
GitHub Actions
Inactive
sauraank
approved these changes
Aug 24, 2023
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jan 14, 2025
Update CRT submodules to latest releases <details> <summary>Full CRT changes</summary> ``` Submodule mountpoint-s3-crt-sys/crt/aws-c-common fadfef4..7a6f5df: > Fix dependency build failure on old cmake versions (#1176) Submodule mountpoint-s3-crt-sys/crt/aws-c-s3 337155f..1c80418: > Improve Copy Operation by taking the Source URI (#482) > Auto - Update S3 Ruleset & Partition (#483) > Fix CI for GCC-13 on Ubuntu-18 (#479) > [s3_client]: retry on failed TLS negotiation (#478) > [s3_meta_request]: Retry on ExpiredToken (#472) > Remove Extra Platform Info That Is Not Used (#475) > Respect checksum header over settings from options (#474) > Add full object checksum callback (#473) Submodule mountpoint-s3-crt-sys/crt/aws-c-sdkutils ce09f79..1ae8664: > Update Config File Parsing Logic to Parse Services Section (#51) > Switch CI to use Roles (#49) Submodule mountpoint-s3-crt-sys/crt/aws-lc 5982853..697acc6: > Prepare release v1.42.0 (#2094) > alignas(16) unsupported w/ GCC 7.2 for ARM32 (#2086) > Update ML-KEM's internal header files to use unique include guards (#2078) > Provide FIPS_is_entropy_cpu_jitter() (#2088) > CMake, use 'NOT WIN32' instead of 'UNIX' (#2075) > Only need libunwind for testing (#2093) > Add more logging for SSL_ERROR_SYSCALL errors in bssl_shim.cc (#2079) > Add more test coverage for Ruby/OpenSSL gem (#2085) > aws-lc-rs scripts now use nightly (#2087) > ML-DSA unique names (#2072) > Fix python tests for upstream PR 128036 (#2080) > Remove algorithms from testmodulewrapper that are now used in the real modulewrapper (#2069) > Fix tpm2-tss CI job (#2076) > [EC] ec_nistp P-256 C scalar_mul_{base|public} (#2033) > No PR license statement check on a merge (#2074) > Migrate 1st batch of CI jobs to CodeBuild (#2067) > Ensure PQDSA test suite has length checks on input signatures and public keys (#2062) > Fix CI for aws-lc-rs (#2073) > Upstream merge 2024 12 13 (#2060) > Modified posix builds to enable dilithium by default (#2034) > Extend documentation for basic BN_foo functions (#2066) > Add PKCS7_print_ctx as a no-op (#2064) > Update BoringSSL benchmark to use C++17 (#2063) > Prune hanging instances longer than 2 hours (#2061) > Add fuzz testing for PKCS7_verify (#2051) > [EC] Use s2n-bignum's modular inversion for P-256/384/521 (#2057) > Fuzzing PKCS7 encrypted inputs (#2027) > Add integration script and CI for ruby 3.1 and 3.2 (#1563) > Bring in testing changes from upstream commit 5ee4e95 (#2048) > [EC] P-256/384/521 s2n-bignum scalar multiplication (#2036) > Use older image with gcc-13 for alpine linux ci (#2054) > Just use releasecheck with tcpdump ci (#2055) > Address fips hash using adrp instead of adr to increase reach (#2053) > Prepare release 1.41.1 (#2052) > s2n-bignum update 2024-12-10 (#2050) > Fix RSAZABI test and enable IFMA based RSA on Windows (#1869) > Upstream merge 2024 12 02 (#2030) > Update FIPS v3.0 draft security policy (#2047) > Switch ML-DSA to use AWS-LC SHA3 (#2001) > Added FIPS 204 documentation, cleanse intermediate values (#2017) > Link to NIST website (#2045) > Prevent accidental null dereference (#2046) > Deprecate recently added PKCS7 functions (#2039) > Allow build on Solaris (#2035) > Use SHA256 as default digest for OCSP signing (#2038) > Add blowfish names to EVP_CIPHER API (#2041) > Initialize arrays as arrays (#2042) > Add AWS-LC-FIPS v3.0 policy docs (#2043) > Implement PKCS7_verify, update PKCS7_sign (#1993) > Move PQDSA to FIPS module (#2032) > Only abort when RSA PWCT fail in FIPS (#2020) > Revert "Trim some redundant Arm feature detection files" (#1979) > Fix perl handling of paths w/ spaces (#2005) > Upstream merge 2024 11 18 (#2012) > Fix CI issues with ML-DSA (#2031) > strdup is not C99 (#2008) > Add ML-DSA-44 and ML-DSA-87 to PQDSA API (#2009) > Coverity fixes for P173127397 (#2014) > Fix strongSwan CI (#2028) > Ran minimise_corpora.sh (#2024) > Expose BN_set_flags as a no-op (#2021) > Fix segfault in PKCS7 test (#2025) > Update aws-lc-nginx.patch for nginx v1.27.3 (#2023) > Fix python 3.13 patch (#2026) > Allow constructed strings in BER parsing (#2015) Submodule mountpoint-s3-crt-sys/crt/s2n-tls 493b771..2e79e7e: > refactor(bench): remove historical benchmarks (#4940) > fix: pem parsing detection of last cert errors (#4908) > docs: specify s2n_blob growable conditions (#4943) > chore(bindings): move tokio examples to dedicated folder (#4954) > chore: fix GHA for merge-queue (#4973) > chore(binding): release 0.3.8 (#4969) > (chore): Installs Nix in AL2023 Buildspec (#4934) > build(deps): bump the all-gha-updates group in /.github/workflows with 5 updates (#4961) > feat(s2n-tls-hyper): Add support for negotiating HTTP/2 (#4924) > tests: allow TLS1.2 with RSA-PSS certs in integ tests (#4949) > ci: update CRT test ubuntu version to ubuntu24 (#4964) > feat(bindings): enable application owned certs (#4937) > ci: batch dependabot updates (#4959) > ci(refactor): deprecate Omnibus (#4953) > build(deps): bump actions/cache from 2.1.4 to 4.1.2 in /.github/workflows (#4928) > build(deps): bump peaceiris/actions-gh-pages from 3 to 4 in /.github/workflows (#4921) > build(deps): bump cross-platform-actions/action from 0.23.0 to 0.26.0 in /.github/workflows (#4951) > build(deps): bump github/codeql-action from 2 to 3 in /.github/workflows (#4917) > ci: add change directory to third-party-src logic (#4950) > feat: TLS1.2 support for RSA-PSS certificates (#4927) > feat: feature probe S2N_LIBCRYPTO_SUPPORTS_ENGINE (#4878) > test(bindings): run unit tests under asan (#4948) > ci(refactor): remove ASAN from Omnibus and GeneralBatch (#4946) > ci(refactor): remove fuzz tests from Omnibus (#4945) > refactor: add a s2n_libcrypto_is_openssl() helper function (#4930) > fix(s2n-tls-hyper): Add proper IPv6 address formatting (#4938) > ci: add openssl-1.0.2-fips to fuzz test (#4942) > ci(refactor): remove Valgrind checks from omnibus and generalBatch (#4913) > fix(bindings): address clippy issues from 1.83 (#4941) > test: pin tests to explicit TLS 1.2/TLS 1.3 policy (#4926) > (chore): Fixes team-label github action (#4935) > chore: add new team member (#4939) > upgrade cmake version to 3.9 (#4933) > ci: add awslc-fips and openssl-1.0.2-fips to valgrind (#4912) > chore(bindings): feature gate network testsa and relax http status assertions (#4907) > chore: Ocsp timeout adjustment (#4866) > build(deps): bump aws-actions/configure-aws-credentials from 4.0.1 to 4.0.2 in /.github/workflows (#4892) > test: expand s2n_record_read testing to both TLS1.3 and TLS1.2 (#4903) > test: pin optional client auth test to a TLS 1.2 policy (#4914) > feat: add alert mappings for certificate errors (#4919) > doc: document generating bindings with prebuilt libs2n (#4872) > ci: Move kTLS test out of GeneralBatch (#4904) > build(deps): bump actions/checkout from 3 to 4 in /.github/workflows (#4888) > test(s2n-tls-hyper): matching on s2n-tls error (#4906) > build(deps): bump nixbuild/nix-quick-install-action from 21 to 29 in /.github/workflows (#4890) > build(deps): bump JulienKode/team-labeler-action from 0.1.1 to 1.3 in /.github/workflows (#4889) > tests: pin tests to a numbered TLS1.2 policy (#4905) > test: remove load system certs functionality for s2n_default_tls13_config (#4897) > doc: add information about s2n-tls software architecture (#4868) > ci: grant dependabot status update permissions (#4898) > ci: fixes for cargo audit (#4895) > test(s2n-tls-hyper): Add localhost http tests (#4838) > test: add rust well-known-endpoint tests (#4884) > chore: bindings release 0.3.7 (#4894) > chore: add a cargo audit action (#4862) > ci: add open fds valgrind check (#4851) ``` </details> </details> ### Does this change impact existing behavior? No. ### Does this change need a changelog entry? No. --- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and I agree to the terms of the [Developer Certificate of Origin (DCO)](https://developercertificate.org/). --------- Signed-off-by: Ilya Isaev <iisaev@amazon.com> Co-authored-by: Ilya Isaev <iisaev@amazon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of change
Reported in #466 that
--allow-otherinfers--allow-root. If both--allow-rootand--allow-otherare defined, only--allow-rootwill function. So, we should make the two options mutually exclusive.Does this change impact existing behavior?
Yes, cli arguments
--allow-rootand--allow-otherare now mutually exclusive.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and I agree to the terms of the Developer Certificate of Origin (DCO).