- fix shebang in demos/flatpak-run.sh

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/bubblewrap?expand=0&rev=43

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

bubblewrap-0.11.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:988fd6b232dafa04b8b8198723efeaccdb3c6aa9c1c7936219d5791a8b7a8646
+size 115228

bubblewrap-0.11.0.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmciWjEACgkQI1wJnT6z
+MHZhDg//YtlNR8PsIWqrY2nOj1H9IQJeTptbzB+BtyoiIl/fv0/0DWZVgZF9E0jr
+VW1ju2B0oTxGSc+S71cg31r1Jj9hdj7HRVuHKfnmjHIHHuOhHfT1YDZT+KoYWl4c
+iwN6x46psYABEaek79a5Ukmj+bX2pvtkqFps/zj504tBtuYHnSd4nyGFdqFr7XSx
+Ioa8hVxhFjHOuMsteHrFl1a8BQbjGHwBxNVrBzs/0EEciJbwhzknhJMPXqK8LnoK
+iL/BfXT7os1+aNB90MtJ3ryTt6kUXNtSoZt95qA/I4VV+/c7JK4pvqYXuRk/2OL4
+nDQRFUQMquvgFutZ0hmdVAeLKhhc4y3abr3PKBrt01ymRyJwb+ahkwrMR1lqkNPz
+jZhryJoQ+KkoWqG/+UcXfILJ2KiSheFwbp/vnc2JGZyirDVCE+mr5CC/Vqgh7WeF
+hA9Wx2YhBoQmVwgtf5JLghYrf6eoXu13h0AD9aQrWkejgQheg4+BVnXj8VXDISkw
+MtZwfGGwOR9X6O4cKq/D8/LrDPqQ+UQNMAV+xB8zSDNQGfP83MLmHxVfqzAE72Hs
+aLwqrCcXvw1iISTPi5szoAnb1xDVuUtNQIRwZAXUuoXwxJQWmmKBpphXR/VRVkW1
+KEQ3Ke8FMmAAYQc7tWagwTIVv7U8DOlNutmFMOu2nb9Ccme6ask=
+=H36P
+-----END PGP SIGNATURE-----

bubblewrap-0.9.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c6347eaced49ac0141996f46bba3b089e5e6ea4408bc1c43bab9f2d05dd094e1
+size 118984

bubblewrap.changes

@@ -0,0 +1,463 @@
+-------------------------------------------------------------------
+Sun Nov 17 13:53:07 UTC 2024 - Sebastian Wagner <sebix@sebix.at>
+
+- fix shebang in demos/flatpak-run.sh
+
+-------------------------------------------------------------------
+Fri Nov  1 18:56:54 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to 0.11.0:
+  * New --overlay, --tmp-overlay, --ro-overlay and --overlay-src
+    options allow creation of overlay mounts. This feature is not
+    available when bubblewrap is installed setuid.
+  * New --level-prefix option produces output that can be parsed
+    by tools like logger --prio-prefix and
+    systemd-cat --level-prefix=1
+  * bug fixes and developer visible changes
+- add upstream signing key and validate source signature
+
+-------------------------------------------------------------------
+Wed Aug 14 17:02:31 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version v0.10.0:
+  * New features: Add the --[ro-]bind-fd option, which can be used
+    to mount a filesystem represented by a file descriptor without
+    time-of-check/time-of-use attacks. This is needed when
+    resolving security issue in Flatpak.
+    (CVE-2024-42472, bsc#1229157)
+  * Other changes: Fix some confusing syntax in SetupOpFlag (no
+    functional change).
+
+-------------------------------------------------------------------
+Tue Apr  2 12:14:33 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
+
+- update to v0.9.0:
+  * Build system changed to Meson from Autotools
+  * Add --argv0
+    https://github.com/containers/bubblewrap/issues/91
+  * --symlink is now idempotent, meaning it succeeds if the symlink already
+    exists and already has the desired target 
+  * Clarify security considerations in documentation
+  * Clarify documentation for --cap-add
+  * Report a better error message if mount(2) fails with ENOSPC
+  * Fix a double-close on error reading from --args, --seccomp or
+    --add-seccomp-fd argument
+  * Improve memory allocation behaviour
+
+-------------------------------------------------------------------
+Mon Mar 27 16:39:05 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- update to v0.8.0:
+  * Add --disable-userns option to prevent the sandbox from
+    creating its own nested user namespace
+  * Add --assert-userns-disabled option to check that an existing
+    userns was created with --disable-userns
+  * Give a clearer error message if the kernel doesn't have
+    CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER
+
+-------------------------------------------------------------------
+Wed Dec  7 21:50:27 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to v0.7.0:
+  * --size option controls the size of a subsequent --tmpfs (#509)
+  * Better error messages if a mount operation fails (#472)
+  * Better error message if creating the new user namespace fails with
+    ENOSPC (#487)
+  * When building as a Meson subproject, a RUNPATH can be set on the
+    executable to make it easier to bundle its libcap dependency
+  * Fix test failures when running as uid 0 but with limited capabilities
+    (#510)
+  * Use POSIX command -v in preference to non-standard which (#527)
+  * Fix a copy/paste error in --help (#531)
+
+-------------------------------------------------------------------
+Wed May 18 12:43:26 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 0.6.2:
+  + New features in Meson build:
+    - Auto-detect whether the man page can be generated.
+    - -Dbwrapdir=... changes the installation directory (useful
+       when being used as a subproject).
+    - -Dtests=false disables unit tests.
+  + Bug fixes:
+    - Add --add-seccomp-fd to shell completions
+    - Document --add-seccomp-fd, --json-status-fd and --share-net
+      in the man page
+    - Add attributes to silence various compiler warnings
+    - Allow compilation of tests with musl on mips architectures
+    - Allow compilation with older glibc
+    - Disable sanitizers for a test helper whose seccomp profile
+      breaks the instrumentation
+    - Disable AddressSanitizer leak detection where it interferes
+      with unit testing
+
+-------------------------------------------------------------------
+Fri Mar  4 18:13:15 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>
+
+- Update to 0.6.1:
+ - Add a release checklist
+ - completions: Make zsh completion non-executable
+   The Autotools build system installed it with 0644 permissions because
+   it's listed as DATA, but the Meson build system installs executable
+   files as executable by default.
+   zsh completions don't need to be executable to work, and this one doesn't
+   have the `#!` marker that should start an executable script.
+- update to 0.6.0:
+ - meson: Improve compatibility with Meson 0.49
+   That version doesn't allow more than two arguments for define_variable.
+ - Disable test-specifying-pidns.sh under 'meson dist' while I investigate
+   This test is hanging when run under 'meson dist' for some reason, but
+   not when run under 'meson test', and not locally, only in the Github
+   Workflow-based CI. Disable it for now.
+ - meson: Actually build and run the tests
+ - tests: Fix compiler warnings for unused arguments
+ - meson: Run test scripts from $srcdir
+ - meson: Make G_TEST_SRCDIR, G_TEST_BUILDDIR match Autotools
+ - meson: Run the Python test script with Python, not bash
+   The python build option can be used to swap to a different interpreter,
+   for environments like the Steam Runtime where the python3 executable in
+   the PATH is extremely old but there is a better interpreter available.
+   This is treated as non-optional, because Meson is written in Python,
+   so the situation where there is no Python interpreter at build-time
+   shouldn't arise.
+ - meson: Build the try-syscall helper
+ - meson: Build tests with equivalent of -I$(top_srcdir) -I$(top_builddir)
+ - meson.build: Remove unnecessary check for sh
+ - Add a Meson build system
+   This allows bwrap to be built as a subproject in larger Meson projects.
+   When built as a subproject, we install into the --libexecdir and
+   require a program prefix to be specified: for example, Flatpak would use
+   program_prefix=flatpak- to get /usr/libexec/flatpak-bwrap. Verified to
+   be backwards-compatible as far as Meson 0.49.0 (Debian 9 backports).
+   Loosely based on previous work by Jussi Pakkanen (see #133).
+   Differences between the Autotools and Meson builds:
+   The Meson build requires a version of libcap that has pkg-config
+   metadata (introduced in libcap 2.23, in 2013).
+   The Meson build has no equivalent of --with-priv-mode=setuid. On
+   distributions like Debian <= 10 and RHEL <= 7 that require a setuid bwrap
+   executable, the sysadmin or distribution packaging will need to set the
+   correct permissions on the bwrap executable; Debian already did this via
+   packaging rather than the upstream build system.
+   The Meson build supports being used as a subproject, and there is CI
+   for this. It automatically disables shell completions and man pages,
+   moves the bubblewrap executable to ${libexecdir}, and renames the
+   bubblewrap executable according to a program_prefix option that the
+   caller must specify (for example, Flatpak would use
+   -Dprogram_prefix=flatpak- to get /usr/libexec/flatpak-bwrap). See the
+   tests/use-as-subproject/ directory for an example.
+ - Use HEAD to refer to other projects' default branches in documentation
+   This makes the URL independent of the name they have chosen for their
+   default branches.
+ - workflows: Update for rename of default branch to main
+ - tests: Exercise seccomp filters
+ - Allow loading more than one seccomp program
+   This will allow Flatpak to combine an allow-list (default-deny) of
+   known system calls with a deny-list (default-allow) of system calls
+   that are undesired.
+   Resolves: https://github.com/containers/bubblewrap/issues/453
+ - Generalize linked lists of LockFile and SetupOp
+   I'm about to add a third linked list, for seccomp programs, which would
+   seem like too much duplication.
+ - Handle argc == 0 better
+   Unfortunately it's possible for argc to be 0, so error out pretty early
+   on in that case. I don't think this is a security issue in this case.
+ - Fix typo
+ - Remove trailing whitespace
+ - Fix spelling
+ - bash: Fix shellcheck warnings
+ - bash: Invoke bash using /usr/bin/env
+ - bubblewrap: Avoid a -Wjump-misses-init false-positive
+   When building with -Wjump-misses-init as part of a larger project, gcc
+   reports that we jump past initialization of cover_proc_dirs. This is
+   technically true, but we only use this variable in the case where it's
+   initialized, so that's harmless.
+   However, we can avoid this altogether by making the array static and
+   constant, which allows it to be moved from initialized data to read-only
+   data.
+ - bind-mount: Be more const-correct
+   When compiled with -Wwrite-strings as part of a larger project, gcc and
+   clang both warn that we're assigning a string constant to a mutable
+   struct member. There's actually no reason why it should be mutable, so
+   make it const.
+ - die_with_error: Save errno sooner
+   We need to save errno immediately, otherwise it could be overwritten
+   by a failing library call somewhere in the implementation of fprintf.
+ - main: Warn when non-repeatable options are repeated
+   A user might reasonably expect that `bwrap --seccomp 3 --seccomp 4 ...`
+   would load seccomp programs from both fds 3 and 4, but in fact it only
+   loads the program from fd 4.
+   Helps: https://github.com/containers/bubblewrap/issues/453
+   Resolves: https://github.com/containers/bubblewrap/issues/454
+ - utils: Add warn()
+ - Add SPDX-License-Identifier for files that already specify license
+   This is a step towards REUSE compliance. Third-party files that we do
+   not otherwise edit (git.mk, m4/attributes.m4) are excluded here.
+ - tests: Use preferred spelling for SPDX license identifiers
+ - Remove obsolete .travis.yml
+   We no longer use Travis-CI.
+ - Remove obsolete papr CI
+   We no longer use this.
+
+
+-------------------------------------------------------------------
+Mon Sep 20 18:52:20 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 0.5.0:
+  + New features:
+    - --chmod changes permissions
+    - --clearenv unsets every environment variable (except PWD)
+    - --perms sets permissions for one subsequent --bind-data,
+      --dir, --file, --ro-bind-data or --tmpfs
+  + Other enhancements:
+    - Better diagnostics when a --bind or other bind-mount fails
+    - zsh tab-completion
+    - Better test coverage
+  + Bug fixes:
+    - Use Python 3 for tests and examples
+    - Mount points for non-directories are created with permissions
+      -r--r--r-- instead of -rw-rw-rw-
+    - Don't remount items in /proc read-only if already EROFS,
+      required to run under Docker
+    - Allow mounting an non-directory over an existing
+      non-directory, e.g. --bind "$XDG_RUNTIME_DIR/my-log-socket"
+      /dev/log
+    - Silence kernel messages for our bind-mounts
+    - Make sure pkg-config is checked for, regardless of build
+      options
+    - Improve ability to bind-mount directories on case-insensitive
+      filesystems
+    - Fix -Wshadow warnings
+    - Fix deprecation warnings with newer SELinux
+- Add new subpackage bubblewrap-zsh-completion
+
+-------------------------------------------------------------------
+Wed Apr  1 10:03:39 UTC 2020 - Sebastian Wagner <sebix+novell.com@sebix.at>
+
+- Update to version 0.4.1:
+ * retcode: fix return code with syncfd and no event_fd
+ * Ensure we're always clearing the cap bounding set
+ * tests: Update output patterns for libcap >= 2.29
+ * Don't rely on geteuid() to know when to switch back from setuid root
+ * Don't support --userns2 in setuid mode
+ * fixes CVE-2020-5291
+ * fixes bsc#1168291
+
+-------------------------------------------------------------------
+Fri Dec 20 22:59:52 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 0.4.0:
+  + The biggest feature in this release is the support for joining
+    existing user and pid namespaces. This doesn't work in the
+    setuid mode (at the moment).
+  + Other changes:
+    - Stores namespace info in status json.
+    - In setuid mode pid 1 is now marked dumpable.
+    - Now builds with musl libc.
+
+-------------------------------------------------------------------
+Fri Jun  7 14:38:21 UTC 2019 - Antonio Larrosa <alarrosa@suse.com>
+
+- Use /bin/bash instead of /usr/bin/bash in SLE12
+
+-------------------------------------------------------------------
+Sat Jun  1 15:08:49 UTC 2019 - Sebastian Wagner <sebix+novell.com@sebix.at>
+
+- Update to version 0.3.3:
+ - This release is the same as 0.3.2 but the version number in configure.ac
+   was accidentally still set to 0.3.1
+- Update to version 0.3.2:
+ - fixes boo#1136958 / CVE-2019-12439
+  This release fixes a mostly theoretical security issue in unusual/broken
+  setups where `$XDG_RUNTIME_DIR` is unset.
+  There are some other smaller fixes, as well as an addition to the JSON
+  API that allows reading the inner process exit code, separately from
+  the `bwrap` exit code.
+  - Print "Out of memory" on stderr, not stdout
+  - bwrap: add option json-status-fd to show child exit code
+  - bwrap: Report COMMAND exit code in json-status-fd
+  - man page: Describe --chdir, not nonexistent --cwd
+  - Don't create our own temporary mount point for pivot_root
+  - Make lockdata long enough on 32-bit with 64-bit file pointers.
+
+-------------------------------------------------------------------
+Thu Oct 11 16:41:12 UTC 2018 - Antonio Larrosa <alarrosa@suse.com> - 0.3.1
+
+- update to version 0.3.1:
+  * New feature in this release is --bind-try (as well as --dev-bind-try
+    and --ro-bind-try) which works like the regular versions if the source
+    exists, but does nothing if it doesn't exist.
+
+  * The mount type for the root tmpfs was also changed to "tmpfs" instead
+    of being empty, as the later could cause problems with some programs
+    when parsing the mountinfo files in /proc.
+
+-------------------------------------------------------------------
+Sat Jul 14 20:06:50 UTC 2018 - sebix+novell.com@sebix.at
+
+- update to version 0.3.0:
+  * The biggest feature from this release is that bwrap
+    now supports being invoked recursively (from other container
+    runtimes such as Docker/podman/runc as well as bwrap itself)
+    when user namespaces are enabled, and the outer container manager
+    allows it (Docker's default seccomp policy doesn't).
+
+  * This is useful for testing scenarios; for example a project
+    uses Kubernetes for its CI, but inside build the project wants to run
+    each unit test in their own pid namespace, without going out
+    and creating a new pod for every single unit test.
+
+  * Similarly, rpm-ostree compose tree uses bwrap internally for scripts,
+    and we want to support running rpm-ostree inside a container as well.
+
+  * Another feature is bwrap now supports -- to terminate argument
+    parsing. To detect availablity of this, you could parse bwrap --version.
+
+-------------------------------------------------------------------
+Tue May  1 21:02:33 UTC 2018 - sebix+novell.com@sebix.at
+
+- update to version 0.2.1:
+ * All the demos are included
+ * bugfixes for the demo files
+ * There was an issue with mkdir when running bubblewrap on an NFS
+   filesystem that has been fixed, so flatpak now works on NFS shares.
+ * Some leaks have been fixed, including a file descriptor leak.
+
+-------------------------------------------------------------------
+Mon Oct  9 17:53:37 UTC 2017 - sebix+novell.com@sebix.at
+
+- update to version 0.2.0
+ - bwrap now automatically detects the new
+   user namespace restrictions in Red Hat Enterprise Linux 7.4:
+   bubblewrap: check for max_user_namespaces == 0.
+ - The most notable features are new arguments --as-pid1, and
+   --cap-add/--cap-drop. These were added for running systemd (or in general a
+   "full" init system) inside bubblewrap. But the capability options are also
+   useful for unprivileged callers to potentially retain capbilities inside the
+   sandbox (for example CAP_NET_ADMIN), when user namespaces are enabled.
+   Conversely, privileged callers (uid 0) can conversely drop capabilities (without
+   user namespaces). Contributed by Giuseppe Scrivano.
+ - With --dev, add /dev/fd and /dev/core symlinks
+   which should improve compatibility with older software.
+
+-------------------------------------------------------------------
+Mon Sep 18 12:39:54 UTC 2017 - sebix+novell.com@sebix.at
+
+- add group
+
+-------------------------------------------------------------------
+Fri Jul  7 09:40:27 UTC 2017 - sebix+novell.com@sebix.at
+
+- fix build macro with rpm < 4.12 (non-Factory currently)
+
+-------------------------------------------------------------------
+Thu May 25 21:15:49 UTC 2017 - sebix+novell.com@sebix.at
+
+- update to version 0.1.8
+- New --die-with-parent which is based on the Linux prctl(PR_SET_PDEATHSIG) API.
+- smaller bugfixes
+
+-------------------------------------------------------------------
+Thu Mar  2 09:08:58 UTC 2017 - sebix+novell.com@sebix.at
+
+- upgrade to upstream version 0.1.7
+- note that this package was *never* affected by CVE-2017-5226
+  as it was introduced in version 0.1.6
+- upstream changelog of version 0.1.7:
+    This release backs out the change in 0.1.6 which unconditionally
+    called setsid() in order to fix a security issue with TIOCSTI, aka
+    CVE-2017-522. That change caused some behavioural issues that are
+    hard to work with in some cases. For instance, it makes shell job
+    control not work for the bwrap command.
+    Instead there is now a new option --new-session which works like
+    0.1.6. It is recommended that you use this if possible, but if not we
+    recommended that you neutralize this some other way, for instance
+    using SECCOMP, which is what flatpak does:
+    https://github.com/flatpak/flatpak/commit/902fb713990a8f968ea4350c7c2a27ff46f1a6c4
+    In order to make it easy to create maximally safe sandboxes we have
+    also added a new commandline switch called --unshare-all. It unshares
+    all possible namespaces and is currently equivalent with:
+    --unshare-user-try --unshare-ipc --unshare-pid --unshare-net
+    --unshare-uts --unshare-cgroup-try
+    However, the intent is that as new namespaces are added to the kernel they will
+    be added to this list. Additionally, if --share-net is specified the network
+    namespace is not unshared.
+    This release also has some bugfixes:
+        bwrap reaps (unexpected) children that are inherited from the
+        parent, something which can happen if bwrap is part of a shell
+        pipeline.
+        bwrap clears the capability bounding set. The permitted
+        capabilities was already empty, and use of PR_NO_NEW_PRIVS should
+        make it impossible to increase the capabilities, but more
+        layers of protection is better.
+        The seccomp filter is now installed at the very end of bwrap, which
+        means the requirement of the filter is minimal. Any bwrap seccomp
+        filter must at least allow: execve, waitpid and write
+    Alexander Larsson (7):
+          Handle inherited children dying
+          Clear capability bounding set
+          Make the call to setsid() optional, with --new-session
+          demos/bubblewrap-shell.sh: Unshare all namespaces
+          Call setsid() and setexeccon() befor forking the init monitor
+          Install seccomp filter at the very end
+          Bump version to 0.1.7
+    Colin Walters (6):
+          Release 0.1.6
+          man: Correct namespace user -> mount
+          demo/shell: Add /var/tmp compat symlink, tweak PS1, add more docs
+          Release 0.1.6
+          ci: Combine ASAN and UBSAN
+          Add --unshare-all and --share-net
+- upstream changelog for 0.1.6:
+    This fixes a security issue with TIOCSTI, aka CVE-2017-522. Note bubblewrap is
+    far from the only program that has this issue, and I think the best fix is
+    probably in the kernel to support disabling this ioctl.
+
+    Programs can also work around this by calling setsid() on their own in an exec
+    handler before doing an exevp("bwrap").
+- upstream changelog for 0.1.5:
+    This is a bugfix release, here are the major changes:
+        Running bubblewrap as root now works again
+        Various fixes for the testsuite
+        Use same default compiler warnings as ostree
+        Handle errors resolving symlinks during bind mounts
+    Alexander Larsson (2):
+          bind-mount: Check for errors in realpath()
+          Bump version to 0.1.5
+    Colin Walters (6):
+          Don't call capset() unless we need to
+          Only --unshare-user automatically if we're not root
+          ci: Modernize a bit, add f25-ubsan
+          README.md: Update with better one liner and more information
+          utils: Add __attribute__((printf)) to die()
+          build: Sync default warning -> error set from ostree
+    Simon McVittie (4):
+          test-run: be a bash script
+          test-run: don't assume we are uid 1000
+          Adapt tests so they can be run against installed binaries
+          Fix incorrect nesting of backticks when finding a FUSE mount
+
+-------------------------------------------------------------------
+Fri Dec 16 10:14:32 UTC 2016 - sebix+novell.com@sebix.at
+
+- upgrade to upstream version 0.1.4
+- Build also for Leap 42.2
+
+-------------------------------------------------------------------
+Fri Oct 14 2016 Colin Walters <walters@verbum.org> - 0.1.3-2
+
+- New upstream version
+
+-------------------------------------------------------------------
+Mon Sep 12 2016 Kalev Lember <klember@redhat.com> - 0.1.2-1
+
+- Update to 0.1.2
+
+-------------------------------------------------------------------
+Tue Jul 12 2016 Igor Gnatenko <ignatenko@redhat.com> - 0.1.1-2
+
+- Trivial fixes in packaging
+
+-------------------------------------------------------------------
+Fri Jul 08 2016 Colin Walters <walters@verbum.org> - 0.1.1
+
+- Initial package

bubblewrap.keyring

@@ -0,0 +1,208 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBEoEbMcBEACg2ByFTN0inbeNg5aBs2H49AtW/eGqbiWMML3RwlfPqu+I2MGC
+PeOHBWjtSWyPDixrL1DGDA4Cs0uoxk98sRZE8peAhGpFEdiAcGuQU/JcJ0gDTsfj
+1WKMcWi6yI5eu8NinkW2pJuMgLpxNtD2j8wfegoBttB4omXinOpCHuz7lGYenbZk
+6/DCgzVeq+ssOdfjPLSJJPIyIIwhdDorXX0pvzAou168LFlDJaWx7OytYfKz1zV/
+f+bwnzbMRriAClJYgNl+UT+XnHO3zMIy1mSk4uffaDXeRPPO/R6lM/u7a5w9wHi/
+oKIPHJ9BmsgA5vBImuNNRa2pnOHwpBnphnpvqLm/98JAJJfMkoefy2Oc2J6PxJla
+pP090sXzt6T7YpR9epwZCO5+OU6sIbK/vjy1pi0hxx847H4hrKzW67kr9o5btjxm
+FybqLTT+o01n7x9/A6SBE/vVAfZ1OYm0/DoSNdKpaQtvNeQ1h5gw7gY/uT8VCQB+
+ZQVRQkInAqYSzO4oYPS9ynud5d3qNllpZs77EaEN5yVKZk/36QUGoRdbmpZoMTjB
+aaM6G0MUO+1FikvBT+aDmomgD+JkDOZf1bIJaSg/QtIIjq5ALExbk1XDkL++XVDJ
+9Ag7U467kinjcKWuVIr2aOMMSlXFuDFlsZbeJGCqkdkc2Ucdy1p0fZPWWQARAQAB
+tChTaW1vbiBNY1ZpdHRpZSA8c21jdkBwc2V1ZG9yYW5kb20uY28udWs+iQJXBBMB
+CgBBAhsDAh4BAheAAhkBBQsJCAcDBRUKCQgLBRYCAwEAFiEE2pjyXAhxxJpZ6v8s
+Tej/KmPHzJAFAmOfkucFCSxnKSAACgkQTej/KmPHzJCj6w//fX/1/Z8yOEy4LnlT
+d+xeA1Z/HzJAykzsqbdfS2wKhglhswPD16T/Rhb8PbmyFEU1n9H/AxX/xsKcOl9X
+JPTsziKg8N2HY8EcTTM79KhH6boCwZmmGtRVupAnAa7mK0FyySxRmExQhBNN++oJ
+gSn+D6FWTzR21wvD4gR2U+x3uchINs6fG4f5JEnIrr7aGZPdsCsDSPfm9Jvz/MHG
+E/cFi6dxZAPAVcKtY85XGSVWxI+wqOYfpVI+hs8FcXrIJ9UXEJhX9FVZ9XybrzyD
+O4zfNL2LBPayQf3zgcNffA42J/sQDZwEec1bcQd7uQlGFvCRwL7egksBMSH5G0Ff
+ybuxHF6uydOsZY2ZSA1a/PDRtoQ9PMN0mZO7Euk/gXA0GPi4OwuAkcyuGvu5YQFF
+bmXZu1Mz6bYjdhoaeSC8wqV6x5Zw1THlRvyKKuq7bFqJksNzxaiBt7fRZDMsOvQ6
+XHU7ELeDPVCvExhUPXYjVwsBvmsCnLprSwAWIlKhRnAdhUMnbyO2Kjw2KkSrJPgt
+wESG2LMSdgyqPpSWMoccYRG/zn/W6vqFUZ4SpVy43HSsegNjuS7NUxartr/28CpL
+f1xFIzwieBmqF047cMQiuvo2U7dQwP+WcG+hWcdvgX3k5MwhXXFOg9A+xt1bPqe0
+/Vcvc3gqIbxULXlU72BUwVuSXVi0IFNpbW9uIE1jVml0dGllIDxzbWN2QGRlYmlh
+bi5vcmc+iQJUBBMBCgA+AhsDAh4BAheABQsJCAcDBRUKCQgLBRYCAwEAFiEE2pjy
+XAhxxJpZ6v8sTej/KmPHzJAFAmOfkwQFCSxnKSAACgkQTej/KmPHzJD1bRAAizrB
+7z9KFjr+9t3iIEBplYr5/fzK9qEBIVt6pxTZrnJlx2BWf0HPaPc6BpmM8dUWEI7c
+dXzjM26BFjnU8/HDpBDTmvA31MFMc9kruOn6DlVQGCNGy154isShGh5O8Ytv7VMN
+r58FUPSMgP8bxyteDEZB9AzxpN7wduFgonS9jn0WuVTKxBGwQQdSfY30dUuMBfed
+A+bFNAIxVGrmq6H5dyjm92mK5oqo9/b4ZzzJMl2Ii/LTw+XYiCAvwhAwK73272sF
+oPcSQnBUxA8hzp6fA9/AkUhtCmkvmvckVo6pZgbduVQAGLBUwf7J5Czm8Oe02El1
+01P9MetJf4NehKGkMgp3B87DkJyUZc2dWlWt9a2KaTm+8ILbj8Bx6AmLCyXJp+jO
+E26sx5rnwPAZPoDz1wmYfwiKx2aUADOXR/xHgEWb+VPKKB47bbJMcGzUB7t38Ov7
+Hl7ldnF0vFLlSfxlj2VUHL2+hHs0jw+KyEkC7BN0umfIhiN7JbuurUcqPZzNHIk4
+SDYLggflkYS6JI8PHxIidVrVHDU/ef94Jq+6hJuH3sRu/l6B2R+mTnXKuzHUXyXu
++82R/u9D5NlJYdCUUxVDp0uAMki9jwgRguLwdiG1Xzrdt2DZXaXQ+1gjiCO2YR0W
+RG80RmG6/DJ7PgnQ52pgLnOEghA8NDMmKh0Xcvq0JlNpbW9uIEphbWVzIE1jVml0
+dGllIChib3JuIDE5ODMtMDgtMjUpiQJUBBMBCgA+AhsDAh4BAheABQsJCAcDBRUK
+CQgLBRYCAwEAFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAmOfkvYFCSxnKSAACgkQ
+Tej/KmPHzJC06w/8COGhjTvLzRozZ2f34C11f5urTNcCDxN1DJNurv/AUdNN8rHq
+8qUkAxsC6c+MzVrb5brfD0YY496q2HPFdmZX02izTGyo2vp8n4RC4Z+u6gcmuhkU
+bN+76T35kRO0+k59S/mXWnvErLcyWxgx7fjf6/ZskWNoq779siB0GJ5Ly0ZXGugb
+GhO+QiZzMprJ9rXzsJJAwcQNRLTclm2hSUAtFd+3lQQVWy9XbMuk8Lng8NC8ReDt
+es/8ZI/jnwmUz1oR3pewJjwhfl2jKrhplitWI3wcf2PueHN5/qbJq+M9xBCMaYj4
+LrQ7jSmEMi6WENRtj3BiZsYtGwkX7yc2EImojZZ3iAgpG/hVdxKosmRnvcEjNtOa
+BrNfjupYhH+7t4eJasHwQNZXJn73/qH95rOtF4STFvlDfpCJa/foOisPc2DF+nhh
+Xtt7Uvyw5c1rvrNd67crvJSfsgV+WbaDM735oGboM8KmkRQSPcoMj8op8ER8E/oI
+vKeVJHNEq+cBiql3AYcmzStdFXM+VMeNUhCSW5cUT0mLuxDuRKyRq0bvpjfSUs+j
+NP/ETzD2f7jCQQ2uWdJ/WvLxwEwcoevSBp6SH2IP1QISmxXeohuKV6yb+UrzL6eB
+nh6cl9Y32OUayA+eLBXmOcpgk+qsVMkb9iDxy8Igk9bYpYSUv4fNsKh5Wvy0L1Np
+bW9uIE1jVml0dGllIDxzaW1vbi5tY3ZpdHRpZUBjb2xsYWJvcmEuY28udWs+iQJs
+BDABCgBWFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAljO8AI4HQBzdXBlcnNlZGVk
+IGJ5IDNDODY3MkEwRjQ5NjM3RkUwNjRBQzMwRjUyQTQzQTFFNEI3N0IwNTkACgkQ
+Tej/KmPHzJClKw/+J/7A5uvxfAbJ5Lz/mg4K3owJw79Az67E+J+onM1vYBS+hJxw
+6cxgzx6LjWVMp+Qnj3lolJ9Xb8X6a3HVSc/sN52FxDqI7M1UrhsvbreRu2quE8im
+o9EhtKP6GqrLlVDuq/59WGgUmwN5DZOGkJ0DQ5Sv1H92RvcGKJkVabIAKUadehg4
+9hAyrn2OhCqo99a/I2vujAsudOJC8Z7JG+xy1eOZccmb9AEmim9hs9CigR2GwbIy
+PrRHMmehbxGVFqot1rkOZh8ztrYskuHQdZvlO/CvIh3oFW3TwUiJss4eGbl8CLiP
+54Rh7IRggMKlmtWr6BmCSGRsxRQ/ccvjn/NUFynlGxIRh/7UzatMNriuo+j12VQ0
+QGsHmut6GKfi9ih6nCXEEtGCUDKaQ1llD8zZIuq6+ITIojrc0tRidATYitU68H2Y
+SEIgEGGqFPrjmj0Kife12hDT0tLq2GrxO7K3UAWi8F43o+Rs/RkOnBVAuW5oEUX9
+1Vom7WaSyoBnYFiGMjtFl1tiTUN3Gj0nDOaHJl4eGvO25Tq/y+mTp55EdIKUJUW1
+vsqJneXU92vziw45Od5T9EfW2XlfUn7TiKgLvCq2twMF7vdfc4B4TkNJUZKIOf7/
+7A+uG2Jmv1aSioqIWG4KZlx7r46C3Zh4aasvqvZqFeRTgaIYwpam4sLiy2G5Ag0E
+SgRt1wEQAMSwM5piHmJxjWe4SaekBldmZ7kbq7b03mtqGOL0SsSr1AE4DDzqWEeo
+6DQhQJvkKLmAnSchmjVvNQ4zID5VP3pGTR5D2akPt1ouX1SyBoCfDdu9SNzYvWnr
+gAc1MfVN4Su1lG7yi3RU+m7dAwITcN+BUE4JNWXudees9yfNq/18TC24z3xZbfYp
+w1oCWeey03hl5U1PrPl7Dw9xrBnjaqWm215lUhOcjUTHQdf6C0xePH3oS+696A+j
+Si8VPCG7z6AJNlmCJvaV3aeFjvNtiWpl1ZL3vVzhIKxulOy+p7bK/ZF9OPhT5f6s
+XS2e/ZRuGt+62s5q+n1r7X28BuoYTgJ/5wCs/oU4IX9zmtK/v8lO2/pMpE9iCwd3
+hFt1tPAckD81uVycinxZ+qn+mT6OBH/5G9YEw7BUyaNy/aq14H4cZ1TsZ0nAlwNa
+bvyyQIo1NcG825A4uZ+ZLztvXE8obbOOLDWSFbWB4NUQBqAtxIKloIvMUFE0WIqC
+gIs/zIIcoUJRn8vk02jm/zaO82myoGzRvivZdztZlCGtsJjsLdbm4dzP0oywdOXe
+S0YqWjiDuNNLbye0I9fVRvKojr0ban/vx42cUy91CloBtjoNuCWqpmqzTdFB7xc7
+PWMNxQ6VpSjcsKH83O7pw5/pLLXdY4sl/SdRHFUHjhS+uGfceL4jABEBAAGJAjwE
+GAEKACYCGwwWIQTamPJcCHHEmlnq/yxN6P8qY8fMkAUCZh+xewUJH92qpAAKCRBN
+6P8qY8fMkFBaD/9HOqzLmcna/46w8HY6tzrUWoIMTleUBkFpWsewJalipJoRjfI+
+rJh9KYnOdZKnFy5F7iz00FM3MBcVif3BsfkjgkbbJ6WPajRSZg7llnPDOgxT/iyU
+xb3+qgX9HGh4HmYW7w1YlYzhjrQ/wxB5AziyZac9HBbuZStcb+olC2c/V+YlBNO3
+QQQ/Pb60vsMmVZeox5RPfBtjyZP8uciEB5w9vv3/t1YliwJx5GlJM194XOiqzImH
+9Vo4h2L7YOVtaa+KChb24GShBzc/VsDFeljH6SCIaWzq3TGH7hpEC0fP59xQ+MFZ
+58CqQ98WnTJIRXInfqa5o2gk7SNEnPNmPuiVUSjByWmSv1haxjhMciGhik69m+82
+1i+4Z6PCU2MypryTQLuzwTRTsX/Y4120172ppQEexV8jhATKTM6/62X8u9HvRctK
+Nl/+bpQp0/FK+o2BSmYAuvSOQKcLr7IxlqVSJoFMjnUQENSeBUg+n0XewiilN6cL
+2ifK6qOxqbOynffFbWpO9FqjVZHKM/3oO/CmKQJ46FHjqKAnhnRpG5j/5Kj9BBJw
+Y+9xetfa8n1ES80NwCQZcEaa7xD08kqq8aWHCExDGnWohF3/PYEdO+cqTN9RUN6H
+YWHi24Xs/S7D0my+ubkpnfXawhPbeSx0Eq2iQJ/685QE/G+kKikbed887bkCDQRm
+H7ERARAAunxdA+AKJdY8BUNyuxD52lg5lzS27OVmrfkcSVpp01homz1XjJxBYfY2
+akIhze0R1+2e34u/L3rqsD9m5rxi7OlArpsfszgz3cCqk/4IFhoo71SMrjrpsmIw
+MRoheBwQGXFOtB96I1gnzZ6/Ya10PNIrWs4bQjpIf4PzaV2Q0SMZZWzq9wgSnIpY
+Bqk3LHnmGMY/2/JJLsaNrmc0phcBEBrUdbvAjj0zblW6873DI0aqFvkwZQPDXh3a
+HcQmw8bcDsuv1XPq2Ik2+NXiWFZ6pZWqCjwW+QeUurCDVP2lq2dNvrZBBnaOnXYZ
+jE8iT3zg2orGXdRgaQ/qnQH+vvF9zZkCBoi/wca2Zi6wWitb0Hk7M8igALGHaxwh
+CMUVlpNIFO0lx4V5dOZI3vUBdGR7KwMkFXcY1X33cB64dci8cjKpBjvUcTWwaFsl
+QdtxX48CaX3cf8x2b5qBhDv1j2Jh62P8lK4NyTbwz3EwAvliySLGf2HYOpq4nU8W
+j3D1Lb1LwvEQ7ulXFIcML059SLA8amILLqkqs711TPka7NmMrfFUeYaYQ/ddJ7rn
+ngDa4HEPGEgzw3oQioQkDHuE80PkGoxpclEpkY40+ZOY2CgkbBHul1Fx4w8icg5Y
+WUPXUqGPze61NZ+TxrPfrWZfApcAErjszYDeRHa4PD2tIFWJgS0AEQEAAYkCPAQY
+AQoAJhYhBNqY8lwIccSaWer/LE3o/ypjx8yQBQJmH7ERAhsgBQkDwmcAAAoJEE3o
+/ypjx8yQyTQP/29LTZR0640S+7GdukXXPpkFrNF/NQwbgSCPpSnnuHMR+kPCaSmf
+1yethqWcAYKenWaCi0f634HFbn6GpkgTd4w8dk0438NikKZOQ1PrEfcS1Q/lOiW9
+p2aO8qer2EPSar/m6gyNTx6DX4qNb6DJXVdBsGTZPa8j9amLLoGnVA7qjt0S8btX
+V4xSsTGLLJ1MMAoe86tr9Z43RD/HmRC6yZNI/zKA7TGvgz/YK4lMutcFfLwyM/CI
+WCIJ8AIvV2hCQVAdEP/sQSS1OXDm7bzc6II+tq/2oNqeV1BLzh5714X/+XtizsRa
+RrqdrZad8cFcTsvbQuWirxGTKPuEs2VK+yz4XX4HHSgIqSBU+Y54HGpyMMECqK+f
+xclFiVTTBIEgDUeCfBpyKJ/+O9/dMpkYzhqjF9bzHXqesO9WK8b1AFVVDdU1pJxb
+TsT0BAGFA5yZmxBkXnGgNsciJhADV15IDsft1vXp+stU/TmqoGRzxb0JBLscTSwp
+zsqdCRbgcG7+cSrYGBXFtrTTYPXLfJFdS6Zj1Z5/XLmixLYg6fGIh3+zGO4WP4Lj
+ywrc0VR7dnQteRkA8IWaDl+IEZFE7455F/G9D0XHmBRy52Y7++Y1+zTIjJLIP8F8
+IeZHNdYxZVF7s8sGk+n0mvHmtigpb9vc7bz1KQpojEDi4uwFb1Bl5BkkuQINBGYf
+sPYBEADMmaLRAvcX9Z7orMRamv7VPeCBn1Y6/qjZDIcx1RedvzkcLXaIjcfqIPmA
+78JtMJ8CmSExc/TqIFeD/gwHAyhUDh9AExtlvzo7fXMBgi97REFwPk4YZJwRiIkH
+CRBQpYK42AbOnfr5WXB6R4MH9dWusvyevRgtsYqnhXFXpNUeD3XV1hbNJZTNmSJ/
+6mFn6APfPjciBSPDMLLiLmzsIsaRq6YBrcs/d266oFQhZ+usKKqoVg+bXKxm4LpX
+igZ62SqwwzCFDtzttYHQLF9XLHL0zy8aFmVWRU2WQjlTQmr6JC/iOl44GMSwTIhJ
+J3yTD6DS0iLOy+PVyZjspoET2iemExe+bne0PUNCV753/aEf9Jqx9IuNBb5XcFva
+3oWNiWJsHcCa5gPCE1XpkRt/vBibSOhm4/yHWgH+mt15JrfAohUtPBSzfSRwLPXK
+ko+XpqdUighuqEZYqitHHSiiwfrbjh12O0XTJ8DDYRay6YMrbvCNo5QBKWj/UHNn
+tgy8esqAi22MqzrYzLqTD5+9vBxHVuY8GCAm1ULNxltA8hWPkgDWogdh5QfY00/j
+tYzkoPcf0SlZwTe5a4bIP+mVYlab7wq4qNkRlOYAHNbZZHnI7sRY4eVzsyMO9Y83
+Sw1PcJPZ09NYrtkAyynmwPYKporojp5kb3jOrI4Pi2jb+E2i5QARAQABiQRyBBgB
+CgAmFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAmYfsPYCGwIFCQPCZwACQAkQTej/
+KmPHzJDBdCAEGQEKAB0WIQR6BzrRrmlPolv/YuUjXAmdPrMwdgUCZh+w9gAKCRAj
+XAmdPrMwdjW5EAC+a3xPNamOonKe0WOhSbPdTzfSenb0tmLmK5NKm0PCDNT/O3Qh
+7++MEA69NJRIF4TUsZv6eyDN/nulOoFID8gxK9CPG6gCW0QGE39rzrFcZGzIa6ql
+70YK8tSsuDQcwbP0wwUynIpkgqeyNj6jrRi5ggGLGVj8GfV/d2MZJOeOBPqPuFaA
+3kqoubOXK4tV37coTsycfmMZfMWClGVHba4HfPtBSw+ocTrRfPtC09WdE46ggkm5
+ITIVOgG56k4Z10GT+gAmSIRIXOdlR4ZUEv/0BojLsVrtaSCCDJEYkL9ricpWFxFG
+I9IjVHBKcsl4Yi/19QgRhqyc7JQpawu44l9FKV/9eTPBIwOW35RJ/7aOIeaxOb6N
+ix5kr7CJ4RmX3fz4JDY0HybyTwkfKevsDlz21G/IJp67AxtlaKDxtfmfYcv2quyC
+00ges7aW4ik/TkWGqEPkrq7PAxcUVKHEzUQCGvCS6UvuFpy3F6VzyAlGuqCng2Ry
+O3Pw8/flEAZQ7bb80R6fwnq1XC/V9kuDhSM1xY2K5X9lMMovmykOKqVjgzyfGkai
+nQlsSVGCtcun4eiPVpzoZJJ795fcNe0dKzquse4EGjx21qIlBZyTr/3BxFpDL7HV
+w8CnNP+Xgp57oc/RPiwgSFgec4XkwUH2dA+6vTIi0IJn6UXPeITh5PscFxU7EACL
+vaBwq74XZfnnpwl58ddt1miAkdR8cRKEfdXctajFgTuF8xagrVOlBpasvyQjrE4H
+n+BWedApHS1xKnOzt1fNxgjHO5oQ7xW+zfu9QGl9Jo7tqAZuQfZWnzF4Jijtz8Aq
+S8f0IgFw1obLrFhOAVgtnhQTEiKSkBLGb/AzcjBMmmzyHQXnFS5AM5ARAXOxJ1hm
+k9/UDZhzjKsgmtmyLFGeL7+4031IEAe2rrgRMcDXdd08e54bH4be+KADDYnnrXQC
+/oey9+IuZE3Wa9LsfbLkFPbc9/Ec2M4Sll525uWaGR9tdOESECKXPXskF/Z/U+nh
+R+hQ5UP7ZA+b7y70TmsRIhsmO8Ysvcs0WABv8radHqCflMPcaRw34APz6SDt7JyG
+viD+PoTN1HMQT5IccD4u1D4y8YO+ge5y1RhciXtzJrIhzhFInyhqGPJmD719K/fq
+ooDGO7SMUL9XYcz3TwW1JoXfhhHpztkF004gdE9CEJmWuu9T0SIzBKEOctmil1B9
+YqKtxyUb8sj/l4xxH7zMlSh+0t40ytIDt2uragDDVbdV+4A3OSlNTu8adPbAc5Vz
+qUyLH8bmaN+Trgek0U8HGIWdc9TE4p/ussaRgB6C7edDp9Ru9gTYUuKmSHs0TXhV
+N0m9J0v6rnnJ8G6qPmCTRmiTd2KDK+AlIQF7jrp3l7kCDQRZV7yuARAAs2t1cYyI
+MO+WhEqKqK2M6JzBFBP6hiUzy+LOfCK4zQ2kBRM8RE2th2f0wZtQjsh29hFJ2Y/Q
+HEcGqPFtI0uC7fAB1G9zcEIdlprr+PEgGg3i+dufewNIYTPmCQ3ckOnhxueUYwdg
+SDL0em15UTN2RfQSBsDa7QhhzA1qa3bCqWMHelxarwVAyZLQ18NUx8W4WmETuoqP
+n+4X/KeoSbBhDbvxbbcnE1rvXUavr/nTG9K7FSqipI3474aMZa+8ABXc6Hvp6GAX
+vOf8fdM+E2fRyAWEBX33ttIMnzCQZ0LXu0TlM94o0o6NgsHRC0+gw8xdYluxjdv6
+sXS2Z/aMbI67ZG9eERXFRnclYYCCHLmHXcZSgg2GQpi+EHW2WtperDb6CCnmaGuM
+P9iWhtST4p5jst8AsansHyRmCqmuqzaj1Tf9/ThRtm4JNFfgSmqBAejoK0wUPNOR
+pPYq7N7JF0BT8Y22+QxqJYykdfIEBj5fthzTZaHxxVwuWd8ZkyAD+T0Q81riZ/UR
+uBZ3BvcbiPnhbpZjyR6Y5C4bfdWhPFW7yuHNsGIw+8BYpMfzSPyY16mo0gwyCp5F
+GyQWImIqA+CHlTRZcJyVOTs5zTFZSsdfzlxDYO4lIFq8N33na/O1GfFDaH4SShMw
+Aqc1a4AJD3LOTlZuu4pFt5PMvswyyqyXw0cAEQEAAYkCPAQYAQoAJgIbIBYhBNqY
+8lwIccSaWer/LE3o/ypjx8yQBQJjn5N2BQkOCj2uAAoJEE3o/ypjx8yQ4lcP/3w1
+1MtMf/5IlF+xBtYENcu5E3YWT2gdMe1QNYTrttjEzfCR0uHTtfX9a/EJ8Fp4MJBJ
+9xBTz8qgXG/bEAc1Kd8onSaTznEpjKml0MJBF2BQDdAXWCMw/6mACH2KWGA7gQYd
+rJFoCZTj8lTS/qBDTJMXZ9Xj72PHKI15J3pS54Is2Jj4ZLGxlrgMUPVFKq1XRAiV
+32dcxDDvKyiOCVeSAk4uV+1gyWw1Z45dip3bsBE+Xiy06BCP7NB4x/xkWPzc9L9h
+/cV5WGRUqWYQgRnPAir0hMkfdZXwjE5xs4a/TK0hU3YpbVcAo7ZOiuHbbVJ7v6Li
+7jqGZthUGgwcHuRAb4qfK9QIQ9MkBoHilxewrUMMsioDsLXmpRot+N1ZP9vrh3SS
+ynVX5G/iJLEqzbEfXang+UWA4AHgGeggp4NZcyWpliHlEkAy2iU/ffkxaKnUyGon
+/iB7Ag/BiCtKuD119Vme8jipjOZYOqHdqxxaVNDGQNF/O5mLO2n5C6OQkvoix8Im
+MuMnhlc1mEErmwc14qplwFTCyoSvSSptFnzTw4Onbfl7FEsjTyoh7qxzZgqe1WVi
+teuieUQ5/saufp4wbv7aNk/scfCuRytXrd0UQLIAjpPSQVWg2gud+0Tg4aBzcf/q
+lhShsXE+DS/ewdqFJ2yJQ6wnV9O/Ge51sFI5g6H/uQINBFlXt+8BEAC5XfTqbrAi
++uYWuKAGBYQwxgbstCE9sU6PhzyLPT+HzoC3tJrKfZrk9VwcHpy2H7rk8++6wfJd
+fdXgVEi6gwYP2XA+DyjQKRBjEg2PeCDVOfKFIz5b0G+luSNkOaPy/CQuMY3slGGx
+EldymrAF2xaVPRs1htzoW6YjxrTb72NUs3DrFtcFNfRkkqBtRY9mIjt9TJh52rZM
+TR8fOryj5o15nakiMIlK/G5Jzh4oo2MA0FIrv6ysH6GorRdoAFCXE1PwGegZwDmr
+BBzyr8bdaHqfCR0Bi1QRIcO+V60o42tir3amuv4PXqJWYrFkvIPZ3EA+4TG4I/CB
+DR69SAk5JYWy1VEtawvo8ptV/RXBxKPcPF72qZwEc6LvG5XxCvFNjttqmBijTiWA
+ok7h03UK0WeHquOaDVLjalnUSMBZD3LScyNh/xJpA7Y3a04sg/dV/I/zy9vqGiSK
+/1JQVabbF8zXuJQ+PX2jaH21yTRsKvlHKbdr5tXogXESpKt5rDFnwPFNgFX7GYnl
+G9Zg21P39crB+ZivTvciCrtxPJ8zn2soVhAREjCwcOjExZ3RFG0Zoegfz636FS42
+P5Vte14dZNIMBcRlcWCcxQnEjxvu8+B62yL3lvMMjj7OrdWirQreqrVKmItXD3bp
+Q4lNxTmMlqycCCR+WpMW9wJvksJ+gGKiYQARAQABiQRyBBgBCgAmAhsCFiEE2pjy
+XAhxxJpZ6v8sTej/KmPHzJAFAmOfk2oFCQ4KQm0CQMF0IAQZAQoAHRYhBDbsWmRI
+pPXveb7+mOBa4UePgUxPBQJZV7fvAAoJEOBa4UePgUxPXsIP/0snY8VlwDpgD2Zi
+mCI9sBDtNYo80J0whOn6ls8Ha1u1D8T9JPRBLhhPMP/Ftu5cVhnBvjFHhMBinbjB
+dWnHQuda9MMxfb3SGK4S/gJ8CbIC/fqP0GC0kXvPslFkYLR1hef2nlj4qDd0otCV
+SNOB1dmeeJ6VhPOcfpfyOvr/bDCvRYKI2XM4aLqU1YUjFZu4XvUkv/zHi5ohC7ka
+M0WyEwUh5RXZhxMYDbonocdMnHkIAt0SFWBeUSpcQYQg70Fw15+xSFKYAhpjO3r8
+FoFaR7Lp3yFgHZf4kVla2XDqfN203nROYUf9V8lOwkaaOZrxFUFvXGA3EkQpn9mX
+ou56vq6PoHISPOROFE+eSrCJXlQkpxBGO4jQpub45eyWHItV4fIe4zOFwjEx0pVi
+MJgt1Iib05iDP7cSithdllC77OVRzgNmYGed5DkEp/YjQmUr3ohCuSCZIz6Cz6+j
+vtLLG4/RWggkZ6ktK43ED293B/YxceeQr4gflvnrdnGK1D4MrXE6D21+CaIFqb00
+tuMGGCJ7CBx2uvM7GAche6hv6SvCmx1Q6WtefJsU9PQQxu/SWkHKkPJlgZCgZvUq
+GI9xukqG0DgSUR/SXIyAcjaGq9UE2zKuekeAihGWsduwr4cCTe18sP3HGEYHEL0D
+5hX0KR78ryCGt7NR7x6QWrFwElK+CRBN6P8qY8fMkMWTD/0UCzVWU7G+rWSO7FB5
+ieryleNJm7PN7/a7mhZ02te26pK2M4hB7II0hJGGPi8IwxENvoEpzmzLHHSyFrly
+il2meimCophIHhWnRxLQfAQ8RZzdNbLcj4L2JNMMxPZmkeqMcvEjikWePm9usFvi
+7tgwsGFaC6hLRqBBiHSLXj3cYDreCUMCbEGk279HPEqFlVYgNpTxK1rPJAVHv9Uy
+D2BoAX2vI6ioMsJzoSMvOA89Jmz3xp52Y1DmCBXHKV7Q37oPa+ofIQAaRV4bh8mT
+SqHu9Um47qij1Uwb3JR4dgMdiuMvfQYsL4/Tu0oJa2Kw+QYhRhXCJMYHYKG7n3pP
+tt7rvA6407FZXnHcmsCurQxXu03+3nhfPoxhSFou1s+mDHl/mft5p9E+Pmxbg4W+
+ElqXpkmKyN4ckHCtLzId6Cgw4zHbC9nzgTRw4uKY+bxukvcdv54G720Rl5UJkILz
+e+ObWzuZsILibop2tDSY/3b4a0y8HiVxsIBHqoI8KCce9xLebo/mdj79mZmfdAkK
+axGeAcqchtvCFAju0xTl+v68Xeeh0Psb50HLa2X57v3Ay1wIaiCy+HuGQfN9XgFb
+KzVkYwaV7WNlx4Vr+XYTHxNBcJH+TXSatVSToCb6vNrdfj8lmST6Yhnr3iVlUdSN
+pVbHWbZSGkUptYFdg5psy9Tniw==
+=861B
+-----END PGP PUBLIC KEY BLOCK-----

bubblewrap.spec

@@ -0,0 +1,89 @@
+#
+# spec file for package bubblewrap
+#
+# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           bubblewrap
+Version:        0.11.0
+Release:        0
+Summary:        Core execution tool for unprivileged containers
+License:        LGPL-2.0-or-later
+Group:          Productivity/Security
+URL:            https://github.com/containers/bubblewrap
+Source0:        %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz
+Source1:        %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz.asc
+# https://www.pseudorandom.co.uk/2003/contact/
+# 0x4DE8FF2A63C7CC90, fingerprint: DA98 F25C 0871 C49A 59EA FF2C 4DE8 FF2A 63C7 CC90
+Source2:        %{name}.keyring
+BuildRequires:  docbook-xsl-stylesheets
+BuildRequires:  gcc
+BuildRequires:  git
+BuildRequires:  libcap-devel
+BuildRequires:  libtool
+BuildRequires:  libxslt
+BuildRequires:  meson >= 0.49.0
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(libselinux)
+
+%description
+Bubblewrap (%{_bindir}/bwrap) is a core execution engine for unprivileged
+containers that works as a setuid binary on kernels without
+user namespaces.
+
+%package zsh-completion
+Summary:        Zsh tab-completion for bubblewrap
+Group:          System/Shells
+Supplements:    (%{name} and zsh)
+
+%description zsh-completion
+This package provides zsh tab-completion for bubblewrap.
+
+%prep
+%autosetup -p1 -n %{name}-%{version}
+sed -i '1d' completions/bash/bwrap
+%if 0%{?suse_version} < 1500
+sed -i '1s,%{_bindir}/env bash,/bin/bash,' demos/bubblewrap-shell.sh
+sed -i '1s/env //' demos/userns-block-fd.py
+%else
+sed -i '1s/env //' demos/bubblewrap-shell.sh demos/userns-block-fd.py
+%endif
+sed -i '1s/env //' demos/flatpak-run.sh
+
+%build
+%meson
+%meson_build
+
+%install
+%meson_install
+find %{buildroot} -type f -name "*.la" -delete -print
+
+%files
+%license COPYING
+%doc README.md demos
+%dir %{_datadir}/bash-completion
+%dir %{_datadir}/bash-completion/completions
+%{_datadir}/bash-completion/completions/bwrap
+%{_bindir}/bwrap
+%{_mandir}/man1/*
+
+%files zsh-completion
+%license COPYING
+%dir %{_datadir}/zsh
+%dir %{_datadir}/zsh/site-functions
+%{_datadir}/zsh/site-functions/_bwrap
+
+%changelog