From 615fd850c9acaa02bbfc69d5e3eea53b18b0c582 Mon Sep 17 00:00:00 2001
From: Zuul <zuul@review.opendev.org>
Date: Mon, 22 Dec 2025 12:17:45 +0000
Subject: [PATCH] Update git submodules

* Update ironic-python-agent-builder from branch 'master'
  to 40b946c1c10fe86b8f6f5b321f6329e75b9970b3
  - Merge "Lockout configdrive reads on network boots"
  - Lockout configdrive reads on network boots

    We discovered it was possible, when the agent was network
    booted, due to the model of "don't break existing users"
    coding, that it was possible for the script to consider
    a standing config drive as valid. This could result in
    configuration getting loaded from the configuration drive
    which is a security issue, but only for the networking portion
    of the configuration due to the use of glean instead of
    cloud-init.

    We since reverted out the default to have simple-init enabled,
    and this change fixes the load logic so we prevent these possible
    cases considering that ironic deployments using virtual media
    should now all be on code bases with the publisher ID value set.

    Change-Id: If2a63fd16d8ae8e71b61b39f7c0c87ff45a81cf0
    Signed-off-by: Julia Kreger <juliaashleykreger@gmail.com>
---
 ironic-python-agent-builder | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ironic-python-agent-builder b/ironic-python-agent-builder
index a090c0445f..40b946c1c1 160000
--- a/ironic-python-agent-builder
+++ b/ironic-python-agent-builder
@@ -1 +1 @@
-Subproject commit a090c0445fa46322baddaf049bbb6feeec5d45c3
+Subproject commit 40b946c1c10fe86b8f6f5b321f6329e75b9970b3
-- 
2.43.0