From 1d7e0431da443a4a9be40b56b7afeacb932e244b08ae0854d57e389ef5e393f5 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Sun, 17 Nov 2024 13:53:32 +0000 Subject: [PATCH] - fix shebang in demos/flatpak-run.sh OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/bubblewrap?expand=0&rev=43 --- .gitattributes | 23 ++ .gitignore | 1 + bubblewrap-0.10.0.tar.xz | 3 + bubblewrap-0.11.0.tar.xz | 3 + bubblewrap-0.11.0.tar.xz.asc | 16 ++ bubblewrap-0.9.0.tar.xz | 3 + bubblewrap.changes | 463 +++++++++++++++++++++++++++++++++++ bubblewrap.keyring | 208 ++++++++++++++++ bubblewrap.spec | 89 +++++++ 9 files changed, 809 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 bubblewrap-0.10.0.tar.xz create mode 100644 bubblewrap-0.11.0.tar.xz create mode 100644 bubblewrap-0.11.0.tar.xz.asc create mode 100644 bubblewrap-0.9.0.tar.xz create mode 100644 bubblewrap.changes create mode 100644 bubblewrap.keyring create mode 100644 bubblewrap.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/bubblewrap-0.10.0.tar.xz b/bubblewrap-0.10.0.tar.xz new file mode 100644 index 0000000..af90317 --- /dev/null +++ b/bubblewrap-0.10.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:65d92cf44a63a51e1b7771f70c05013dce5bd6b0b2841c4b4be54b0c45565471 +size 119328 diff --git a/bubblewrap-0.11.0.tar.xz b/bubblewrap-0.11.0.tar.xz new file mode 100644 index 0000000..1a7d5bd --- /dev/null +++ b/bubblewrap-0.11.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:988fd6b232dafa04b8b8198723efeaccdb3c6aa9c1c7936219d5791a8b7a8646 +size 115228 diff --git a/bubblewrap-0.11.0.tar.xz.asc b/bubblewrap-0.11.0.tar.xz.asc new file mode 100644 index 0000000..1e74632 --- /dev/null +++ b/bubblewrap-0.11.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmciWjEACgkQI1wJnT6z +MHZhDg//YtlNR8PsIWqrY2nOj1H9IQJeTptbzB+BtyoiIl/fv0/0DWZVgZF9E0jr +VW1ju2B0oTxGSc+S71cg31r1Jj9hdj7HRVuHKfnmjHIHHuOhHfT1YDZT+KoYWl4c +iwN6x46psYABEaek79a5Ukmj+bX2pvtkqFps/zj504tBtuYHnSd4nyGFdqFr7XSx +Ioa8hVxhFjHOuMsteHrFl1a8BQbjGHwBxNVrBzs/0EEciJbwhzknhJMPXqK8LnoK +iL/BfXT7os1+aNB90MtJ3ryTt6kUXNtSoZt95qA/I4VV+/c7JK4pvqYXuRk/2OL4 +nDQRFUQMquvgFutZ0hmdVAeLKhhc4y3abr3PKBrt01ymRyJwb+ahkwrMR1lqkNPz +jZhryJoQ+KkoWqG/+UcXfILJ2KiSheFwbp/vnc2JGZyirDVCE+mr5CC/Vqgh7WeF +hA9Wx2YhBoQmVwgtf5JLghYrf6eoXu13h0AD9aQrWkejgQheg4+BVnXj8VXDISkw +MtZwfGGwOR9X6O4cKq/D8/LrDPqQ+UQNMAV+xB8zSDNQGfP83MLmHxVfqzAE72Hs +aLwqrCcXvw1iISTPi5szoAnb1xDVuUtNQIRwZAXUuoXwxJQWmmKBpphXR/VRVkW1 +KEQ3Ke8FMmAAYQc7tWagwTIVv7U8DOlNutmFMOu2nb9Ccme6ask= +=H36P +-----END PGP SIGNATURE----- diff --git a/bubblewrap-0.9.0.tar.xz b/bubblewrap-0.9.0.tar.xz new file mode 100644 index 0000000..82cf485 --- /dev/null +++ b/bubblewrap-0.9.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c6347eaced49ac0141996f46bba3b089e5e6ea4408bc1c43bab9f2d05dd094e1 +size 118984 diff --git a/bubblewrap.changes b/bubblewrap.changes new file mode 100644 index 0000000..aa6e499 --- /dev/null +++ b/bubblewrap.changes @@ -0,0 +1,463 @@ +------------------------------------------------------------------- +Sun Nov 17 13:53:07 UTC 2024 - Sebastian Wagner + +- fix shebang in demos/flatpak-run.sh + +------------------------------------------------------------------- +Fri Nov 1 18:56:54 UTC 2024 - Andreas Stieger + +- update to 0.11.0: + * New --overlay, --tmp-overlay, --ro-overlay and --overlay-src + options allow creation of overlay mounts. This feature is not + available when bubblewrap is installed setuid. + * New --level-prefix option produces output that can be parsed + by tools like logger --prio-prefix and + systemd-cat --level-prefix=1 + * bug fixes and developer visible changes +- add upstream signing key and validate source signature + +------------------------------------------------------------------- +Wed Aug 14 17:02:31 UTC 2024 - Bjørn Lie + +- Update to version v0.10.0: + * New features: Add the --[ro-]bind-fd option, which can be used + to mount a filesystem represented by a file descriptor without + time-of-check/time-of-use attacks. This is needed when + resolving security issue in Flatpak. + (CVE-2024-42472, bsc#1229157) + * Other changes: Fix some confusing syntax in SetupOpFlag (no + functional change). + +------------------------------------------------------------------- +Tue Apr 2 12:14:33 UTC 2024 - Wolfgang Frisch + +- update to v0.9.0: + * Build system changed to Meson from Autotools + * Add --argv0 + https://github.com/containers/bubblewrap/issues/91 + * --symlink is now idempotent, meaning it succeeds if the symlink already + exists and already has the desired target + * Clarify security considerations in documentation + * Clarify documentation for --cap-add + * Report a better error message if mount(2) fails with ENOSPC + * Fix a double-close on error reading from --args, --seccomp or + --add-seccomp-fd argument + * Improve memory allocation behaviour + +------------------------------------------------------------------- +Mon Mar 27 16:39:05 UTC 2023 - Andreas Stieger + +- update to v0.8.0: + * Add --disable-userns option to prevent the sandbox from + creating its own nested user namespace + * Add --assert-userns-disabled option to check that an existing + userns was created with --disable-userns + * Give a clearer error message if the kernel doesn't have + CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER + +------------------------------------------------------------------- +Wed Dec 7 21:50:27 UTC 2022 - Dirk Müller + +- update to v0.7.0: + * --size option controls the size of a subsequent --tmpfs (#509) + * Better error messages if a mount operation fails (#472) + * Better error message if creating the new user namespace fails with + ENOSPC (#487) + * When building as a Meson subproject, a RUNPATH can be set on the + executable to make it easier to bundle its libcap dependency + * Fix test failures when running as uid 0 but with limited capabilities + (#510) + * Use POSIX command -v in preference to non-standard which (#527) + * Fix a copy/paste error in --help (#531) + +------------------------------------------------------------------- +Wed May 18 12:43:26 UTC 2022 - Dominique Leuenberger + +- Update to version 0.6.2: + + New features in Meson build: + - Auto-detect whether the man page can be generated. + - -Dbwrapdir=... changes the installation directory (useful + when being used as a subproject). + - -Dtests=false disables unit tests. + + Bug fixes: + - Add --add-seccomp-fd to shell completions + - Document --add-seccomp-fd, --json-status-fd and --share-net + in the man page + - Add attributes to silence various compiler warnings + - Allow compilation of tests with musl on mips architectures + - Allow compilation with older glibc + - Disable sanitizers for a test helper whose seccomp profile + breaks the instrumentation + - Disable AddressSanitizer leak detection where it interferes + with unit testing + +------------------------------------------------------------------- +Fri Mar 4 18:13:15 UTC 2022 - Sebastian Wagner + +- Update to 0.6.1: + - Add a release checklist + - completions: Make zsh completion non-executable + The Autotools build system installed it with 0644 permissions because + it's listed as DATA, but the Meson build system installs executable + files as executable by default. + zsh completions don't need to be executable to work, and this one doesn't + have the `#!` marker that should start an executable script. +- update to 0.6.0: + - meson: Improve compatibility with Meson 0.49 + That version doesn't allow more than two arguments for define_variable. + - Disable test-specifying-pidns.sh under 'meson dist' while I investigate + This test is hanging when run under 'meson dist' for some reason, but + not when run under 'meson test', and not locally, only in the Github + Workflow-based CI. Disable it for now. + - meson: Actually build and run the tests + - tests: Fix compiler warnings for unused arguments + - meson: Run test scripts from $srcdir + - meson: Make G_TEST_SRCDIR, G_TEST_BUILDDIR match Autotools + - meson: Run the Python test script with Python, not bash + The python build option can be used to swap to a different interpreter, + for environments like the Steam Runtime where the python3 executable in + the PATH is extremely old but there is a better interpreter available. + This is treated as non-optional, because Meson is written in Python, + so the situation where there is no Python interpreter at build-time + shouldn't arise. + - meson: Build the try-syscall helper + - meson: Build tests with equivalent of -I$(top_srcdir) -I$(top_builddir) + - meson.build: Remove unnecessary check for sh + - Add a Meson build system + This allows bwrap to be built as a subproject in larger Meson projects. + When built as a subproject, we install into the --libexecdir and + require a program prefix to be specified: for example, Flatpak would use + program_prefix=flatpak- to get /usr/libexec/flatpak-bwrap. Verified to + be backwards-compatible as far as Meson 0.49.0 (Debian 9 backports). + Loosely based on previous work by Jussi Pakkanen (see #133). + Differences between the Autotools and Meson builds: + The Meson build requires a version of libcap that has pkg-config + metadata (introduced in libcap 2.23, in 2013). + The Meson build has no equivalent of --with-priv-mode=setuid. On + distributions like Debian <= 10 and RHEL <= 7 that require a setuid bwrap + executable, the sysadmin or distribution packaging will need to set the + correct permissions on the bwrap executable; Debian already did this via + packaging rather than the upstream build system. + The Meson build supports being used as a subproject, and there is CI + for this. It automatically disables shell completions and man pages, + moves the bubblewrap executable to ${libexecdir}, and renames the + bubblewrap executable according to a program_prefix option that the + caller must specify (for example, Flatpak would use + -Dprogram_prefix=flatpak- to get /usr/libexec/flatpak-bwrap). See the + tests/use-as-subproject/ directory for an example. + - Use HEAD to refer to other projects' default branches in documentation + This makes the URL independent of the name they have chosen for their + default branches. + - workflows: Update for rename of default branch to main + - tests: Exercise seccomp filters + - Allow loading more than one seccomp program + This will allow Flatpak to combine an allow-list (default-deny) of + known system calls with a deny-list (default-allow) of system calls + that are undesired. + Resolves: https://github.com/containers/bubblewrap/issues/453 + - Generalize linked lists of LockFile and SetupOp + I'm about to add a third linked list, for seccomp programs, which would + seem like too much duplication. + - Handle argc == 0 better + Unfortunately it's possible for argc to be 0, so error out pretty early + on in that case. I don't think this is a security issue in this case. + - Fix typo + - Remove trailing whitespace + - Fix spelling + - bash: Fix shellcheck warnings + - bash: Invoke bash using /usr/bin/env + - bubblewrap: Avoid a -Wjump-misses-init false-positive + When building with -Wjump-misses-init as part of a larger project, gcc + reports that we jump past initialization of cover_proc_dirs. This is + technically true, but we only use this variable in the case where it's + initialized, so that's harmless. + However, we can avoid this altogether by making the array static and + constant, which allows it to be moved from initialized data to read-only + data. + - bind-mount: Be more const-correct + When compiled with -Wwrite-strings as part of a larger project, gcc and + clang both warn that we're assigning a string constant to a mutable + struct member. There's actually no reason why it should be mutable, so + make it const. + - die_with_error: Save errno sooner + We need to save errno immediately, otherwise it could be overwritten + by a failing library call somewhere in the implementation of fprintf. + - main: Warn when non-repeatable options are repeated + A user might reasonably expect that `bwrap --seccomp 3 --seccomp 4 ...` + would load seccomp programs from both fds 3 and 4, but in fact it only + loads the program from fd 4. + Helps: https://github.com/containers/bubblewrap/issues/453 + Resolves: https://github.com/containers/bubblewrap/issues/454 + - utils: Add warn() + - Add SPDX-License-Identifier for files that already specify license + This is a step towards REUSE compliance. Third-party files that we do + not otherwise edit (git.mk, m4/attributes.m4) are excluded here. + - tests: Use preferred spelling for SPDX license identifiers + - Remove obsolete .travis.yml + We no longer use Travis-CI. + - Remove obsolete papr CI + We no longer use this. + + +------------------------------------------------------------------- +Mon Sep 20 18:52:20 UTC 2021 - Bjørn Lie + +- Update to version 0.5.0: + + New features: + - --chmod changes permissions + - --clearenv unsets every environment variable (except PWD) + - --perms sets permissions for one subsequent --bind-data, + --dir, --file, --ro-bind-data or --tmpfs + + Other enhancements: + - Better diagnostics when a --bind or other bind-mount fails + - zsh tab-completion + - Better test coverage + + Bug fixes: + - Use Python 3 for tests and examples + - Mount points for non-directories are created with permissions + -r--r--r-- instead of -rw-rw-rw- + - Don't remount items in /proc read-only if already EROFS, + required to run under Docker + - Allow mounting an non-directory over an existing + non-directory, e.g. --bind "$XDG_RUNTIME_DIR/my-log-socket" + /dev/log + - Silence kernel messages for our bind-mounts + - Make sure pkg-config is checked for, regardless of build + options + - Improve ability to bind-mount directories on case-insensitive + filesystems + - Fix -Wshadow warnings + - Fix deprecation warnings with newer SELinux +- Add new subpackage bubblewrap-zsh-completion + +------------------------------------------------------------------- +Wed Apr 1 10:03:39 UTC 2020 - Sebastian Wagner + +- Update to version 0.4.1: + * retcode: fix return code with syncfd and no event_fd + * Ensure we're always clearing the cap bounding set + * tests: Update output patterns for libcap >= 2.29 + * Don't rely on geteuid() to know when to switch back from setuid root + * Don't support --userns2 in setuid mode + * fixes CVE-2020-5291 + * fixes bsc#1168291 + +------------------------------------------------------------------- +Fri Dec 20 22:59:52 UTC 2019 - Bjørn Lie + +- Update to version 0.4.0: + + The biggest feature in this release is the support for joining + existing user and pid namespaces. This doesn't work in the + setuid mode (at the moment). + + Other changes: + - Stores namespace info in status json. + - In setuid mode pid 1 is now marked dumpable. + - Now builds with musl libc. + +------------------------------------------------------------------- +Fri Jun 7 14:38:21 UTC 2019 - Antonio Larrosa + +- Use /bin/bash instead of /usr/bin/bash in SLE12 + +------------------------------------------------------------------- +Sat Jun 1 15:08:49 UTC 2019 - Sebastian Wagner + +- Update to version 0.3.3: + - This release is the same as 0.3.2 but the version number in configure.ac + was accidentally still set to 0.3.1 +- Update to version 0.3.2: + - fixes boo#1136958 / CVE-2019-12439 + This release fixes a mostly theoretical security issue in unusual/broken + setups where `$XDG_RUNTIME_DIR` is unset. + There are some other smaller fixes, as well as an addition to the JSON + API that allows reading the inner process exit code, separately from + the `bwrap` exit code. + - Print "Out of memory" on stderr, not stdout + - bwrap: add option json-status-fd to show child exit code + - bwrap: Report COMMAND exit code in json-status-fd + - man page: Describe --chdir, not nonexistent --cwd + - Don't create our own temporary mount point for pivot_root + - Make lockdata long enough on 32-bit with 64-bit file pointers. + +------------------------------------------------------------------- +Thu Oct 11 16:41:12 UTC 2018 - Antonio Larrosa - 0.3.1 + +- update to version 0.3.1: + * New feature in this release is --bind-try (as well as --dev-bind-try + and --ro-bind-try) which works like the regular versions if the source + exists, but does nothing if it doesn't exist. + + * The mount type for the root tmpfs was also changed to "tmpfs" instead + of being empty, as the later could cause problems with some programs + when parsing the mountinfo files in /proc. + +------------------------------------------------------------------- +Sat Jul 14 20:06:50 UTC 2018 - sebix+novell.com@sebix.at + +- update to version 0.3.0: + * The biggest feature from this release is that bwrap + now supports being invoked recursively (from other container + runtimes such as Docker/podman/runc as well as bwrap itself) + when user namespaces are enabled, and the outer container manager + allows it (Docker's default seccomp policy doesn't). + + * This is useful for testing scenarios; for example a project + uses Kubernetes for its CI, but inside build the project wants to run + each unit test in their own pid namespace, without going out + and creating a new pod for every single unit test. + + * Similarly, rpm-ostree compose tree uses bwrap internally for scripts, + and we want to support running rpm-ostree inside a container as well. + + * Another feature is bwrap now supports -- to terminate argument + parsing. To detect availablity of this, you could parse bwrap --version. + +------------------------------------------------------------------- +Tue May 1 21:02:33 UTC 2018 - sebix+novell.com@sebix.at + +- update to version 0.2.1: + * All the demos are included + * bugfixes for the demo files + * There was an issue with mkdir when running bubblewrap on an NFS + filesystem that has been fixed, so flatpak now works on NFS shares. + * Some leaks have been fixed, including a file descriptor leak. + +------------------------------------------------------------------- +Mon Oct 9 17:53:37 UTC 2017 - sebix+novell.com@sebix.at + +- update to version 0.2.0 + - bwrap now automatically detects the new + user namespace restrictions in Red Hat Enterprise Linux 7.4: + bubblewrap: check for max_user_namespaces == 0. + - The most notable features are new arguments --as-pid1, and + --cap-add/--cap-drop. These were added for running systemd (or in general a + "full" init system) inside bubblewrap. But the capability options are also + useful for unprivileged callers to potentially retain capbilities inside the + sandbox (for example CAP_NET_ADMIN), when user namespaces are enabled. + Conversely, privileged callers (uid 0) can conversely drop capabilities (without + user namespaces). Contributed by Giuseppe Scrivano. + - With --dev, add /dev/fd and /dev/core symlinks + which should improve compatibility with older software. + +------------------------------------------------------------------- +Mon Sep 18 12:39:54 UTC 2017 - sebix+novell.com@sebix.at + +- add group + +------------------------------------------------------------------- +Fri Jul 7 09:40:27 UTC 2017 - sebix+novell.com@sebix.at + +- fix build macro with rpm < 4.12 (non-Factory currently) + +------------------------------------------------------------------- +Thu May 25 21:15:49 UTC 2017 - sebix+novell.com@sebix.at + +- update to version 0.1.8 +- New --die-with-parent which is based on the Linux prctl(PR_SET_PDEATHSIG) API. +- smaller bugfixes + +------------------------------------------------------------------- +Thu Mar 2 09:08:58 UTC 2017 - sebix+novell.com@sebix.at + +- upgrade to upstream version 0.1.7 +- note that this package was *never* affected by CVE-2017-5226 + as it was introduced in version 0.1.6 +- upstream changelog of version 0.1.7: + This release backs out the change in 0.1.6 which unconditionally + called setsid() in order to fix a security issue with TIOCSTI, aka + CVE-2017-522. That change caused some behavioural issues that are + hard to work with in some cases. For instance, it makes shell job + control not work for the bwrap command. + Instead there is now a new option --new-session which works like + 0.1.6. It is recommended that you use this if possible, but if not we + recommended that you neutralize this some other way, for instance + using SECCOMP, which is what flatpak does: + https://github.com/flatpak/flatpak/commit/902fb713990a8f968ea4350c7c2a27ff46f1a6c4 + In order to make it easy to create maximally safe sandboxes we have + also added a new commandline switch called --unshare-all. It unshares + all possible namespaces and is currently equivalent with: + --unshare-user-try --unshare-ipc --unshare-pid --unshare-net + --unshare-uts --unshare-cgroup-try + However, the intent is that as new namespaces are added to the kernel they will + be added to this list. Additionally, if --share-net is specified the network + namespace is not unshared. + This release also has some bugfixes: + bwrap reaps (unexpected) children that are inherited from the + parent, something which can happen if bwrap is part of a shell + pipeline. + bwrap clears the capability bounding set. The permitted + capabilities was already empty, and use of PR_NO_NEW_PRIVS should + make it impossible to increase the capabilities, but more + layers of protection is better. + The seccomp filter is now installed at the very end of bwrap, which + means the requirement of the filter is minimal. Any bwrap seccomp + filter must at least allow: execve, waitpid and write + Alexander Larsson (7): + Handle inherited children dying + Clear capability bounding set + Make the call to setsid() optional, with --new-session + demos/bubblewrap-shell.sh: Unshare all namespaces + Call setsid() and setexeccon() befor forking the init monitor + Install seccomp filter at the very end + Bump version to 0.1.7 + Colin Walters (6): + Release 0.1.6 + man: Correct namespace user -> mount + demo/shell: Add /var/tmp compat symlink, tweak PS1, add more docs + Release 0.1.6 + ci: Combine ASAN and UBSAN + Add --unshare-all and --share-net +- upstream changelog for 0.1.6: + This fixes a security issue with TIOCSTI, aka CVE-2017-522. Note bubblewrap is + far from the only program that has this issue, and I think the best fix is + probably in the kernel to support disabling this ioctl. + + Programs can also work around this by calling setsid() on their own in an exec + handler before doing an exevp("bwrap"). +- upstream changelog for 0.1.5: + This is a bugfix release, here are the major changes: + Running bubblewrap as root now works again + Various fixes for the testsuite + Use same default compiler warnings as ostree + Handle errors resolving symlinks during bind mounts + Alexander Larsson (2): + bind-mount: Check for errors in realpath() + Bump version to 0.1.5 + Colin Walters (6): + Don't call capset() unless we need to + Only --unshare-user automatically if we're not root + ci: Modernize a bit, add f25-ubsan + README.md: Update with better one liner and more information + utils: Add __attribute__((printf)) to die() + build: Sync default warning -> error set from ostree + Simon McVittie (4): + test-run: be a bash script + test-run: don't assume we are uid 1000 + Adapt tests so they can be run against installed binaries + Fix incorrect nesting of backticks when finding a FUSE mount + +------------------------------------------------------------------- +Fri Dec 16 10:14:32 UTC 2016 - sebix+novell.com@sebix.at + +- upgrade to upstream version 0.1.4 +- Build also for Leap 42.2 + +------------------------------------------------------------------- +Fri Oct 14 2016 Colin Walters - 0.1.3-2 + +- New upstream version + +------------------------------------------------------------------- +Mon Sep 12 2016 Kalev Lember - 0.1.2-1 + +- Update to 0.1.2 + +------------------------------------------------------------------- +Tue Jul 12 2016 Igor Gnatenko - 0.1.1-2 + +- Trivial fixes in packaging + +------------------------------------------------------------------- +Fri Jul 08 2016 Colin Walters - 0.1.1 + +- Initial package diff --git a/bubblewrap.keyring b/bubblewrap.keyring new file mode 100644 index 0000000..50a27dc --- /dev/null +++ b/bubblewrap.keyring @@ -0,0 +1,208 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBEoEbMcBEACg2ByFTN0inbeNg5aBs2H49AtW/eGqbiWMML3RwlfPqu+I2MGC +PeOHBWjtSWyPDixrL1DGDA4Cs0uoxk98sRZE8peAhGpFEdiAcGuQU/JcJ0gDTsfj +1WKMcWi6yI5eu8NinkW2pJuMgLpxNtD2j8wfegoBttB4omXinOpCHuz7lGYenbZk +6/DCgzVeq+ssOdfjPLSJJPIyIIwhdDorXX0pvzAou168LFlDJaWx7OytYfKz1zV/ +f+bwnzbMRriAClJYgNl+UT+XnHO3zMIy1mSk4uffaDXeRPPO/R6lM/u7a5w9wHi/ +oKIPHJ9BmsgA5vBImuNNRa2pnOHwpBnphnpvqLm/98JAJJfMkoefy2Oc2J6PxJla +pP090sXzt6T7YpR9epwZCO5+OU6sIbK/vjy1pi0hxx847H4hrKzW67kr9o5btjxm +FybqLTT+o01n7x9/A6SBE/vVAfZ1OYm0/DoSNdKpaQtvNeQ1h5gw7gY/uT8VCQB+ +ZQVRQkInAqYSzO4oYPS9ynud5d3qNllpZs77EaEN5yVKZk/36QUGoRdbmpZoMTjB +aaM6G0MUO+1FikvBT+aDmomgD+JkDOZf1bIJaSg/QtIIjq5ALExbk1XDkL++XVDJ +9Ag7U467kinjcKWuVIr2aOMMSlXFuDFlsZbeJGCqkdkc2Ucdy1p0fZPWWQARAQAB +tChTaW1vbiBNY1ZpdHRpZSA8c21jdkBwc2V1ZG9yYW5kb20uY28udWs+iQJXBBMB +CgBBAhsDAh4BAheAAhkBBQsJCAcDBRUKCQgLBRYCAwEAFiEE2pjyXAhxxJpZ6v8s +Tej/KmPHzJAFAmOfkucFCSxnKSAACgkQTej/KmPHzJCj6w//fX/1/Z8yOEy4LnlT +d+xeA1Z/HzJAykzsqbdfS2wKhglhswPD16T/Rhb8PbmyFEU1n9H/AxX/xsKcOl9X +JPTsziKg8N2HY8EcTTM79KhH6boCwZmmGtRVupAnAa7mK0FyySxRmExQhBNN++oJ +gSn+D6FWTzR21wvD4gR2U+x3uchINs6fG4f5JEnIrr7aGZPdsCsDSPfm9Jvz/MHG +E/cFi6dxZAPAVcKtY85XGSVWxI+wqOYfpVI+hs8FcXrIJ9UXEJhX9FVZ9XybrzyD +O4zfNL2LBPayQf3zgcNffA42J/sQDZwEec1bcQd7uQlGFvCRwL7egksBMSH5G0Ff +ybuxHF6uydOsZY2ZSA1a/PDRtoQ9PMN0mZO7Euk/gXA0GPi4OwuAkcyuGvu5YQFF +bmXZu1Mz6bYjdhoaeSC8wqV6x5Zw1THlRvyKKuq7bFqJksNzxaiBt7fRZDMsOvQ6 +XHU7ELeDPVCvExhUPXYjVwsBvmsCnLprSwAWIlKhRnAdhUMnbyO2Kjw2KkSrJPgt +wESG2LMSdgyqPpSWMoccYRG/zn/W6vqFUZ4SpVy43HSsegNjuS7NUxartr/28CpL +f1xFIzwieBmqF047cMQiuvo2U7dQwP+WcG+hWcdvgX3k5MwhXXFOg9A+xt1bPqe0 +/Vcvc3gqIbxULXlU72BUwVuSXVi0IFNpbW9uIE1jVml0dGllIDxzbWN2QGRlYmlh +bi5vcmc+iQJUBBMBCgA+AhsDAh4BAheABQsJCAcDBRUKCQgLBRYCAwEAFiEE2pjy +XAhxxJpZ6v8sTej/KmPHzJAFAmOfkwQFCSxnKSAACgkQTej/KmPHzJD1bRAAizrB +7z9KFjr+9t3iIEBplYr5/fzK9qEBIVt6pxTZrnJlx2BWf0HPaPc6BpmM8dUWEI7c +dXzjM26BFjnU8/HDpBDTmvA31MFMc9kruOn6DlVQGCNGy154isShGh5O8Ytv7VMN +r58FUPSMgP8bxyteDEZB9AzxpN7wduFgonS9jn0WuVTKxBGwQQdSfY30dUuMBfed +A+bFNAIxVGrmq6H5dyjm92mK5oqo9/b4ZzzJMl2Ii/LTw+XYiCAvwhAwK73272sF +oPcSQnBUxA8hzp6fA9/AkUhtCmkvmvckVo6pZgbduVQAGLBUwf7J5Czm8Oe02El1 +01P9MetJf4NehKGkMgp3B87DkJyUZc2dWlWt9a2KaTm+8ILbj8Bx6AmLCyXJp+jO +E26sx5rnwPAZPoDz1wmYfwiKx2aUADOXR/xHgEWb+VPKKB47bbJMcGzUB7t38Ov7 +Hl7ldnF0vFLlSfxlj2VUHL2+hHs0jw+KyEkC7BN0umfIhiN7JbuurUcqPZzNHIk4 +SDYLggflkYS6JI8PHxIidVrVHDU/ef94Jq+6hJuH3sRu/l6B2R+mTnXKuzHUXyXu ++82R/u9D5NlJYdCUUxVDp0uAMki9jwgRguLwdiG1Xzrdt2DZXaXQ+1gjiCO2YR0W +RG80RmG6/DJ7PgnQ52pgLnOEghA8NDMmKh0Xcvq0JlNpbW9uIEphbWVzIE1jVml0 +dGllIChib3JuIDE5ODMtMDgtMjUpiQJUBBMBCgA+AhsDAh4BAheABQsJCAcDBRUK +CQgLBRYCAwEAFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAmOfkvYFCSxnKSAACgkQ +Tej/KmPHzJC06w/8COGhjTvLzRozZ2f34C11f5urTNcCDxN1DJNurv/AUdNN8rHq +8qUkAxsC6c+MzVrb5brfD0YY496q2HPFdmZX02izTGyo2vp8n4RC4Z+u6gcmuhkU +bN+76T35kRO0+k59S/mXWnvErLcyWxgx7fjf6/ZskWNoq779siB0GJ5Ly0ZXGugb +GhO+QiZzMprJ9rXzsJJAwcQNRLTclm2hSUAtFd+3lQQVWy9XbMuk8Lng8NC8ReDt +es/8ZI/jnwmUz1oR3pewJjwhfl2jKrhplitWI3wcf2PueHN5/qbJq+M9xBCMaYj4 +LrQ7jSmEMi6WENRtj3BiZsYtGwkX7yc2EImojZZ3iAgpG/hVdxKosmRnvcEjNtOa +BrNfjupYhH+7t4eJasHwQNZXJn73/qH95rOtF4STFvlDfpCJa/foOisPc2DF+nhh +Xtt7Uvyw5c1rvrNd67crvJSfsgV+WbaDM735oGboM8KmkRQSPcoMj8op8ER8E/oI +vKeVJHNEq+cBiql3AYcmzStdFXM+VMeNUhCSW5cUT0mLuxDuRKyRq0bvpjfSUs+j +NP/ETzD2f7jCQQ2uWdJ/WvLxwEwcoevSBp6SH2IP1QISmxXeohuKV6yb+UrzL6eB +nh6cl9Y32OUayA+eLBXmOcpgk+qsVMkb9iDxy8Igk9bYpYSUv4fNsKh5Wvy0L1Np +bW9uIE1jVml0dGllIDxzaW1vbi5tY3ZpdHRpZUBjb2xsYWJvcmEuY28udWs+iQJs +BDABCgBWFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAljO8AI4HQBzdXBlcnNlZGVk +IGJ5IDNDODY3MkEwRjQ5NjM3RkUwNjRBQzMwRjUyQTQzQTFFNEI3N0IwNTkACgkQ +Tej/KmPHzJClKw/+J/7A5uvxfAbJ5Lz/mg4K3owJw79Az67E+J+onM1vYBS+hJxw +6cxgzx6LjWVMp+Qnj3lolJ9Xb8X6a3HVSc/sN52FxDqI7M1UrhsvbreRu2quE8im +o9EhtKP6GqrLlVDuq/59WGgUmwN5DZOGkJ0DQ5Sv1H92RvcGKJkVabIAKUadehg4 +9hAyrn2OhCqo99a/I2vujAsudOJC8Z7JG+xy1eOZccmb9AEmim9hs9CigR2GwbIy +PrRHMmehbxGVFqot1rkOZh8ztrYskuHQdZvlO/CvIh3oFW3TwUiJss4eGbl8CLiP +54Rh7IRggMKlmtWr6BmCSGRsxRQ/ccvjn/NUFynlGxIRh/7UzatMNriuo+j12VQ0 +QGsHmut6GKfi9ih6nCXEEtGCUDKaQ1llD8zZIuq6+ITIojrc0tRidATYitU68H2Y +SEIgEGGqFPrjmj0Kife12hDT0tLq2GrxO7K3UAWi8F43o+Rs/RkOnBVAuW5oEUX9 +1Vom7WaSyoBnYFiGMjtFl1tiTUN3Gj0nDOaHJl4eGvO25Tq/y+mTp55EdIKUJUW1 +vsqJneXU92vziw45Od5T9EfW2XlfUn7TiKgLvCq2twMF7vdfc4B4TkNJUZKIOf7/ +7A+uG2Jmv1aSioqIWG4KZlx7r46C3Zh4aasvqvZqFeRTgaIYwpam4sLiy2G5Ag0E +SgRt1wEQAMSwM5piHmJxjWe4SaekBldmZ7kbq7b03mtqGOL0SsSr1AE4DDzqWEeo +6DQhQJvkKLmAnSchmjVvNQ4zID5VP3pGTR5D2akPt1ouX1SyBoCfDdu9SNzYvWnr +gAc1MfVN4Su1lG7yi3RU+m7dAwITcN+BUE4JNWXudees9yfNq/18TC24z3xZbfYp +w1oCWeey03hl5U1PrPl7Dw9xrBnjaqWm215lUhOcjUTHQdf6C0xePH3oS+696A+j +Si8VPCG7z6AJNlmCJvaV3aeFjvNtiWpl1ZL3vVzhIKxulOy+p7bK/ZF9OPhT5f6s +XS2e/ZRuGt+62s5q+n1r7X28BuoYTgJ/5wCs/oU4IX9zmtK/v8lO2/pMpE9iCwd3 +hFt1tPAckD81uVycinxZ+qn+mT6OBH/5G9YEw7BUyaNy/aq14H4cZ1TsZ0nAlwNa +bvyyQIo1NcG825A4uZ+ZLztvXE8obbOOLDWSFbWB4NUQBqAtxIKloIvMUFE0WIqC +gIs/zIIcoUJRn8vk02jm/zaO82myoGzRvivZdztZlCGtsJjsLdbm4dzP0oywdOXe +S0YqWjiDuNNLbye0I9fVRvKojr0ban/vx42cUy91CloBtjoNuCWqpmqzTdFB7xc7 +PWMNxQ6VpSjcsKH83O7pw5/pLLXdY4sl/SdRHFUHjhS+uGfceL4jABEBAAGJAjwE +GAEKACYCGwwWIQTamPJcCHHEmlnq/yxN6P8qY8fMkAUCZh+xewUJH92qpAAKCRBN +6P8qY8fMkFBaD/9HOqzLmcna/46w8HY6tzrUWoIMTleUBkFpWsewJalipJoRjfI+ +rJh9KYnOdZKnFy5F7iz00FM3MBcVif3BsfkjgkbbJ6WPajRSZg7llnPDOgxT/iyU +xb3+qgX9HGh4HmYW7w1YlYzhjrQ/wxB5AziyZac9HBbuZStcb+olC2c/V+YlBNO3 +QQQ/Pb60vsMmVZeox5RPfBtjyZP8uciEB5w9vv3/t1YliwJx5GlJM194XOiqzImH +9Vo4h2L7YOVtaa+KChb24GShBzc/VsDFeljH6SCIaWzq3TGH7hpEC0fP59xQ+MFZ +58CqQ98WnTJIRXInfqa5o2gk7SNEnPNmPuiVUSjByWmSv1haxjhMciGhik69m+82 +1i+4Z6PCU2MypryTQLuzwTRTsX/Y4120172ppQEexV8jhATKTM6/62X8u9HvRctK +Nl/+bpQp0/FK+o2BSmYAuvSOQKcLr7IxlqVSJoFMjnUQENSeBUg+n0XewiilN6cL +2ifK6qOxqbOynffFbWpO9FqjVZHKM/3oO/CmKQJ46FHjqKAnhnRpG5j/5Kj9BBJw +Y+9xetfa8n1ES80NwCQZcEaa7xD08kqq8aWHCExDGnWohF3/PYEdO+cqTN9RUN6H +YWHi24Xs/S7D0my+ubkpnfXawhPbeSx0Eq2iQJ/685QE/G+kKikbed887bkCDQRm +H7ERARAAunxdA+AKJdY8BUNyuxD52lg5lzS27OVmrfkcSVpp01homz1XjJxBYfY2 +akIhze0R1+2e34u/L3rqsD9m5rxi7OlArpsfszgz3cCqk/4IFhoo71SMrjrpsmIw +MRoheBwQGXFOtB96I1gnzZ6/Ya10PNIrWs4bQjpIf4PzaV2Q0SMZZWzq9wgSnIpY +Bqk3LHnmGMY/2/JJLsaNrmc0phcBEBrUdbvAjj0zblW6873DI0aqFvkwZQPDXh3a +HcQmw8bcDsuv1XPq2Ik2+NXiWFZ6pZWqCjwW+QeUurCDVP2lq2dNvrZBBnaOnXYZ +jE8iT3zg2orGXdRgaQ/qnQH+vvF9zZkCBoi/wca2Zi6wWitb0Hk7M8igALGHaxwh +CMUVlpNIFO0lx4V5dOZI3vUBdGR7KwMkFXcY1X33cB64dci8cjKpBjvUcTWwaFsl +QdtxX48CaX3cf8x2b5qBhDv1j2Jh62P8lK4NyTbwz3EwAvliySLGf2HYOpq4nU8W +j3D1Lb1LwvEQ7ulXFIcML059SLA8amILLqkqs711TPka7NmMrfFUeYaYQ/ddJ7rn +ngDa4HEPGEgzw3oQioQkDHuE80PkGoxpclEpkY40+ZOY2CgkbBHul1Fx4w8icg5Y +WUPXUqGPze61NZ+TxrPfrWZfApcAErjszYDeRHa4PD2tIFWJgS0AEQEAAYkCPAQY +AQoAJhYhBNqY8lwIccSaWer/LE3o/ypjx8yQBQJmH7ERAhsgBQkDwmcAAAoJEE3o +/ypjx8yQyTQP/29LTZR0640S+7GdukXXPpkFrNF/NQwbgSCPpSnnuHMR+kPCaSmf +1yethqWcAYKenWaCi0f634HFbn6GpkgTd4w8dk0438NikKZOQ1PrEfcS1Q/lOiW9 +p2aO8qer2EPSar/m6gyNTx6DX4qNb6DJXVdBsGTZPa8j9amLLoGnVA7qjt0S8btX +V4xSsTGLLJ1MMAoe86tr9Z43RD/HmRC6yZNI/zKA7TGvgz/YK4lMutcFfLwyM/CI +WCIJ8AIvV2hCQVAdEP/sQSS1OXDm7bzc6II+tq/2oNqeV1BLzh5714X/+XtizsRa +RrqdrZad8cFcTsvbQuWirxGTKPuEs2VK+yz4XX4HHSgIqSBU+Y54HGpyMMECqK+f +xclFiVTTBIEgDUeCfBpyKJ/+O9/dMpkYzhqjF9bzHXqesO9WK8b1AFVVDdU1pJxb +TsT0BAGFA5yZmxBkXnGgNsciJhADV15IDsft1vXp+stU/TmqoGRzxb0JBLscTSwp +zsqdCRbgcG7+cSrYGBXFtrTTYPXLfJFdS6Zj1Z5/XLmixLYg6fGIh3+zGO4WP4Lj +ywrc0VR7dnQteRkA8IWaDl+IEZFE7455F/G9D0XHmBRy52Y7++Y1+zTIjJLIP8F8 +IeZHNdYxZVF7s8sGk+n0mvHmtigpb9vc7bz1KQpojEDi4uwFb1Bl5BkkuQINBGYf +sPYBEADMmaLRAvcX9Z7orMRamv7VPeCBn1Y6/qjZDIcx1RedvzkcLXaIjcfqIPmA +78JtMJ8CmSExc/TqIFeD/gwHAyhUDh9AExtlvzo7fXMBgi97REFwPk4YZJwRiIkH +CRBQpYK42AbOnfr5WXB6R4MH9dWusvyevRgtsYqnhXFXpNUeD3XV1hbNJZTNmSJ/ +6mFn6APfPjciBSPDMLLiLmzsIsaRq6YBrcs/d266oFQhZ+usKKqoVg+bXKxm4LpX +igZ62SqwwzCFDtzttYHQLF9XLHL0zy8aFmVWRU2WQjlTQmr6JC/iOl44GMSwTIhJ +J3yTD6DS0iLOy+PVyZjspoET2iemExe+bne0PUNCV753/aEf9Jqx9IuNBb5XcFva +3oWNiWJsHcCa5gPCE1XpkRt/vBibSOhm4/yHWgH+mt15JrfAohUtPBSzfSRwLPXK +ko+XpqdUighuqEZYqitHHSiiwfrbjh12O0XTJ8DDYRay6YMrbvCNo5QBKWj/UHNn +tgy8esqAi22MqzrYzLqTD5+9vBxHVuY8GCAm1ULNxltA8hWPkgDWogdh5QfY00/j +tYzkoPcf0SlZwTe5a4bIP+mVYlab7wq4qNkRlOYAHNbZZHnI7sRY4eVzsyMO9Y83 +Sw1PcJPZ09NYrtkAyynmwPYKporojp5kb3jOrI4Pi2jb+E2i5QARAQABiQRyBBgB +CgAmFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAmYfsPYCGwIFCQPCZwACQAkQTej/ +KmPHzJDBdCAEGQEKAB0WIQR6BzrRrmlPolv/YuUjXAmdPrMwdgUCZh+w9gAKCRAj +XAmdPrMwdjW5EAC+a3xPNamOonKe0WOhSbPdTzfSenb0tmLmK5NKm0PCDNT/O3Qh +7++MEA69NJRIF4TUsZv6eyDN/nulOoFID8gxK9CPG6gCW0QGE39rzrFcZGzIa6ql +70YK8tSsuDQcwbP0wwUynIpkgqeyNj6jrRi5ggGLGVj8GfV/d2MZJOeOBPqPuFaA +3kqoubOXK4tV37coTsycfmMZfMWClGVHba4HfPtBSw+ocTrRfPtC09WdE46ggkm5 +ITIVOgG56k4Z10GT+gAmSIRIXOdlR4ZUEv/0BojLsVrtaSCCDJEYkL9ricpWFxFG +I9IjVHBKcsl4Yi/19QgRhqyc7JQpawu44l9FKV/9eTPBIwOW35RJ/7aOIeaxOb6N +ix5kr7CJ4RmX3fz4JDY0HybyTwkfKevsDlz21G/IJp67AxtlaKDxtfmfYcv2quyC +00ges7aW4ik/TkWGqEPkrq7PAxcUVKHEzUQCGvCS6UvuFpy3F6VzyAlGuqCng2Ry +O3Pw8/flEAZQ7bb80R6fwnq1XC/V9kuDhSM1xY2K5X9lMMovmykOKqVjgzyfGkai +nQlsSVGCtcun4eiPVpzoZJJ795fcNe0dKzquse4EGjx21qIlBZyTr/3BxFpDL7HV +w8CnNP+Xgp57oc/RPiwgSFgec4XkwUH2dA+6vTIi0IJn6UXPeITh5PscFxU7EACL +vaBwq74XZfnnpwl58ddt1miAkdR8cRKEfdXctajFgTuF8xagrVOlBpasvyQjrE4H +n+BWedApHS1xKnOzt1fNxgjHO5oQ7xW+zfu9QGl9Jo7tqAZuQfZWnzF4Jijtz8Aq +S8f0IgFw1obLrFhOAVgtnhQTEiKSkBLGb/AzcjBMmmzyHQXnFS5AM5ARAXOxJ1hm +k9/UDZhzjKsgmtmyLFGeL7+4031IEAe2rrgRMcDXdd08e54bH4be+KADDYnnrXQC +/oey9+IuZE3Wa9LsfbLkFPbc9/Ec2M4Sll525uWaGR9tdOESECKXPXskF/Z/U+nh +R+hQ5UP7ZA+b7y70TmsRIhsmO8Ysvcs0WABv8radHqCflMPcaRw34APz6SDt7JyG +viD+PoTN1HMQT5IccD4u1D4y8YO+ge5y1RhciXtzJrIhzhFInyhqGPJmD719K/fq +ooDGO7SMUL9XYcz3TwW1JoXfhhHpztkF004gdE9CEJmWuu9T0SIzBKEOctmil1B9 +YqKtxyUb8sj/l4xxH7zMlSh+0t40ytIDt2uragDDVbdV+4A3OSlNTu8adPbAc5Vz +qUyLH8bmaN+Trgek0U8HGIWdc9TE4p/ussaRgB6C7edDp9Ru9gTYUuKmSHs0TXhV +N0m9J0v6rnnJ8G6qPmCTRmiTd2KDK+AlIQF7jrp3l7kCDQRZV7yuARAAs2t1cYyI +MO+WhEqKqK2M6JzBFBP6hiUzy+LOfCK4zQ2kBRM8RE2th2f0wZtQjsh29hFJ2Y/Q +HEcGqPFtI0uC7fAB1G9zcEIdlprr+PEgGg3i+dufewNIYTPmCQ3ckOnhxueUYwdg +SDL0em15UTN2RfQSBsDa7QhhzA1qa3bCqWMHelxarwVAyZLQ18NUx8W4WmETuoqP +n+4X/KeoSbBhDbvxbbcnE1rvXUavr/nTG9K7FSqipI3474aMZa+8ABXc6Hvp6GAX +vOf8fdM+E2fRyAWEBX33ttIMnzCQZ0LXu0TlM94o0o6NgsHRC0+gw8xdYluxjdv6 +sXS2Z/aMbI67ZG9eERXFRnclYYCCHLmHXcZSgg2GQpi+EHW2WtperDb6CCnmaGuM +P9iWhtST4p5jst8AsansHyRmCqmuqzaj1Tf9/ThRtm4JNFfgSmqBAejoK0wUPNOR +pPYq7N7JF0BT8Y22+QxqJYykdfIEBj5fthzTZaHxxVwuWd8ZkyAD+T0Q81riZ/UR +uBZ3BvcbiPnhbpZjyR6Y5C4bfdWhPFW7yuHNsGIw+8BYpMfzSPyY16mo0gwyCp5F +GyQWImIqA+CHlTRZcJyVOTs5zTFZSsdfzlxDYO4lIFq8N33na/O1GfFDaH4SShMw +Aqc1a4AJD3LOTlZuu4pFt5PMvswyyqyXw0cAEQEAAYkCPAQYAQoAJgIbIBYhBNqY +8lwIccSaWer/LE3o/ypjx8yQBQJjn5N2BQkOCj2uAAoJEE3o/ypjx8yQ4lcP/3w1 +1MtMf/5IlF+xBtYENcu5E3YWT2gdMe1QNYTrttjEzfCR0uHTtfX9a/EJ8Fp4MJBJ +9xBTz8qgXG/bEAc1Kd8onSaTznEpjKml0MJBF2BQDdAXWCMw/6mACH2KWGA7gQYd +rJFoCZTj8lTS/qBDTJMXZ9Xj72PHKI15J3pS54Is2Jj4ZLGxlrgMUPVFKq1XRAiV +32dcxDDvKyiOCVeSAk4uV+1gyWw1Z45dip3bsBE+Xiy06BCP7NB4x/xkWPzc9L9h +/cV5WGRUqWYQgRnPAir0hMkfdZXwjE5xs4a/TK0hU3YpbVcAo7ZOiuHbbVJ7v6Li +7jqGZthUGgwcHuRAb4qfK9QIQ9MkBoHilxewrUMMsioDsLXmpRot+N1ZP9vrh3SS +ynVX5G/iJLEqzbEfXang+UWA4AHgGeggp4NZcyWpliHlEkAy2iU/ffkxaKnUyGon +/iB7Ag/BiCtKuD119Vme8jipjOZYOqHdqxxaVNDGQNF/O5mLO2n5C6OQkvoix8Im +MuMnhlc1mEErmwc14qplwFTCyoSvSSptFnzTw4Onbfl7FEsjTyoh7qxzZgqe1WVi +teuieUQ5/saufp4wbv7aNk/scfCuRytXrd0UQLIAjpPSQVWg2gud+0Tg4aBzcf/q +lhShsXE+DS/ewdqFJ2yJQ6wnV9O/Ge51sFI5g6H/uQINBFlXt+8BEAC5XfTqbrAi ++uYWuKAGBYQwxgbstCE9sU6PhzyLPT+HzoC3tJrKfZrk9VwcHpy2H7rk8++6wfJd +fdXgVEi6gwYP2XA+DyjQKRBjEg2PeCDVOfKFIz5b0G+luSNkOaPy/CQuMY3slGGx +EldymrAF2xaVPRs1htzoW6YjxrTb72NUs3DrFtcFNfRkkqBtRY9mIjt9TJh52rZM +TR8fOryj5o15nakiMIlK/G5Jzh4oo2MA0FIrv6ysH6GorRdoAFCXE1PwGegZwDmr +BBzyr8bdaHqfCR0Bi1QRIcO+V60o42tir3amuv4PXqJWYrFkvIPZ3EA+4TG4I/CB +DR69SAk5JYWy1VEtawvo8ptV/RXBxKPcPF72qZwEc6LvG5XxCvFNjttqmBijTiWA +ok7h03UK0WeHquOaDVLjalnUSMBZD3LScyNh/xJpA7Y3a04sg/dV/I/zy9vqGiSK +/1JQVabbF8zXuJQ+PX2jaH21yTRsKvlHKbdr5tXogXESpKt5rDFnwPFNgFX7GYnl +G9Zg21P39crB+ZivTvciCrtxPJ8zn2soVhAREjCwcOjExZ3RFG0Zoegfz636FS42 +P5Vte14dZNIMBcRlcWCcxQnEjxvu8+B62yL3lvMMjj7OrdWirQreqrVKmItXD3bp +Q4lNxTmMlqycCCR+WpMW9wJvksJ+gGKiYQARAQABiQRyBBgBCgAmAhsCFiEE2pjy +XAhxxJpZ6v8sTej/KmPHzJAFAmOfk2oFCQ4KQm0CQMF0IAQZAQoAHRYhBDbsWmRI +pPXveb7+mOBa4UePgUxPBQJZV7fvAAoJEOBa4UePgUxPXsIP/0snY8VlwDpgD2Zi +mCI9sBDtNYo80J0whOn6ls8Ha1u1D8T9JPRBLhhPMP/Ftu5cVhnBvjFHhMBinbjB +dWnHQuda9MMxfb3SGK4S/gJ8CbIC/fqP0GC0kXvPslFkYLR1hef2nlj4qDd0otCV +SNOB1dmeeJ6VhPOcfpfyOvr/bDCvRYKI2XM4aLqU1YUjFZu4XvUkv/zHi5ohC7ka +M0WyEwUh5RXZhxMYDbonocdMnHkIAt0SFWBeUSpcQYQg70Fw15+xSFKYAhpjO3r8 +FoFaR7Lp3yFgHZf4kVla2XDqfN203nROYUf9V8lOwkaaOZrxFUFvXGA3EkQpn9mX +ou56vq6PoHISPOROFE+eSrCJXlQkpxBGO4jQpub45eyWHItV4fIe4zOFwjEx0pVi +MJgt1Iib05iDP7cSithdllC77OVRzgNmYGed5DkEp/YjQmUr3ohCuSCZIz6Cz6+j +vtLLG4/RWggkZ6ktK43ED293B/YxceeQr4gflvnrdnGK1D4MrXE6D21+CaIFqb00 +tuMGGCJ7CBx2uvM7GAche6hv6SvCmx1Q6WtefJsU9PQQxu/SWkHKkPJlgZCgZvUq +GI9xukqG0DgSUR/SXIyAcjaGq9UE2zKuekeAihGWsduwr4cCTe18sP3HGEYHEL0D +5hX0KR78ryCGt7NR7x6QWrFwElK+CRBN6P8qY8fMkMWTD/0UCzVWU7G+rWSO7FB5 +ieryleNJm7PN7/a7mhZ02te26pK2M4hB7II0hJGGPi8IwxENvoEpzmzLHHSyFrly +il2meimCophIHhWnRxLQfAQ8RZzdNbLcj4L2JNMMxPZmkeqMcvEjikWePm9usFvi +7tgwsGFaC6hLRqBBiHSLXj3cYDreCUMCbEGk279HPEqFlVYgNpTxK1rPJAVHv9Uy +D2BoAX2vI6ioMsJzoSMvOA89Jmz3xp52Y1DmCBXHKV7Q37oPa+ofIQAaRV4bh8mT +SqHu9Um47qij1Uwb3JR4dgMdiuMvfQYsL4/Tu0oJa2Kw+QYhRhXCJMYHYKG7n3pP +tt7rvA6407FZXnHcmsCurQxXu03+3nhfPoxhSFou1s+mDHl/mft5p9E+Pmxbg4W+ +ElqXpkmKyN4ckHCtLzId6Cgw4zHbC9nzgTRw4uKY+bxukvcdv54G720Rl5UJkILz +e+ObWzuZsILibop2tDSY/3b4a0y8HiVxsIBHqoI8KCce9xLebo/mdj79mZmfdAkK +axGeAcqchtvCFAju0xTl+v68Xeeh0Psb50HLa2X57v3Ay1wIaiCy+HuGQfN9XgFb +KzVkYwaV7WNlx4Vr+XYTHxNBcJH+TXSatVSToCb6vNrdfj8lmST6Yhnr3iVlUdSN +pVbHWbZSGkUptYFdg5psy9Tniw== +=861B +-----END PGP PUBLIC KEY BLOCK----- diff --git a/bubblewrap.spec b/bubblewrap.spec new file mode 100644 index 0000000..6f95180 --- /dev/null +++ b/bubblewrap.spec @@ -0,0 +1,89 @@ +# +# spec file for package bubblewrap +# +# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2024 Andreas Stieger +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: bubblewrap +Version: 0.11.0 +Release: 0 +Summary: Core execution tool for unprivileged containers +License: LGPL-2.0-or-later +Group: Productivity/Security +URL: https://github.com/containers/bubblewrap +Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz +Source1: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz.asc +# https://www.pseudorandom.co.uk/2003/contact/ +# 0x4DE8FF2A63C7CC90, fingerprint: DA98 F25C 0871 C49A 59EA FF2C 4DE8 FF2A 63C7 CC90 +Source2: %{name}.keyring +BuildRequires: docbook-xsl-stylesheets +BuildRequires: gcc +BuildRequires: git +BuildRequires: libcap-devel +BuildRequires: libtool +BuildRequires: libxslt +BuildRequires: meson >= 0.49.0 +BuildRequires: pkgconfig +BuildRequires: pkgconfig(libselinux) + +%description +Bubblewrap (%{_bindir}/bwrap) is a core execution engine for unprivileged +containers that works as a setuid binary on kernels without +user namespaces. + +%package zsh-completion +Summary: Zsh tab-completion for bubblewrap +Group: System/Shells +Supplements: (%{name} and zsh) + +%description zsh-completion +This package provides zsh tab-completion for bubblewrap. + +%prep +%autosetup -p1 -n %{name}-%{version} +sed -i '1d' completions/bash/bwrap +%if 0%{?suse_version} < 1500 +sed -i '1s,%{_bindir}/env bash,/bin/bash,' demos/bubblewrap-shell.sh +sed -i '1s/env //' demos/userns-block-fd.py +%else +sed -i '1s/env //' demos/bubblewrap-shell.sh demos/userns-block-fd.py +%endif +sed -i '1s/env //' demos/flatpak-run.sh + +%build +%meson +%meson_build + +%install +%meson_install +find %{buildroot} -type f -name "*.la" -delete -print + +%files +%license COPYING +%doc README.md demos +%dir %{_datadir}/bash-completion +%dir %{_datadir}/bash-completion/completions +%{_datadir}/bash-completion/completions/bwrap +%{_bindir}/bwrap +%{_mandir}/man1/* + +%files zsh-completion +%license COPYING +%dir %{_datadir}/zsh +%dir %{_datadir}/zsh/site-functions +%{_datadir}/zsh/site-functions/_bwrap + +%changelog