2016-12-13 11:10:13 +00:00
|
|
|
#
|
|
|
|
|
# spec file for package umoci
|
|
|
|
|
#
|
2018-02-02 14:06:47 +00:00
|
|
|
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
2016-12-13 11:10:13 +00:00
|
|
|
#
|
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
|
|
|
#
|
|
|
|
|
# nodebuginfo
|
|
|
|
|
|
2017-03-21 09:17:22 +00:00
|
|
|
|
2016-12-13 11:10:13 +00:00
|
|
|
# Remove stripping of Go binaries.
|
|
|
|
|
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
|
|
|
|
|
|
2016-12-20 10:14:26 +00:00
|
|
|
# Project name when using go tooling.
|
2017-02-07 07:39:48 +00:00
|
|
|
%define project github.com/openSUSE/umoci
|
2016-12-20 10:14:26 +00:00
|
|
|
|
2016-12-13 11:10:13 +00:00
|
|
|
Name: umoci
|
Accepting request 585262 from home:cyphar:umoci_0.4.0
- Update to umoci v0.4.0. Upstream changelog:
+ `umoci repack` now supports `--refresh-bundle` which will update the
OCI bundle's metadata (mtree and umoci-specific manifests) after packing
the image tag. This means that the bundle can be used as a base layer for
future diffs without needing to unpack the image again.
openSUSE/umoci#196
+ Added a website, and reworked the documentation to be better structured.
You can visit the website at [`umo.ci`][umo.ci]. openSUSE/umoci#188
+ Added support for the `user.rootlesscontainers` specification, which
allows for persistent on-disk emulation of `chown(2)` inside rootless
containers. This implementation is interoperable with [@AkihiroSuda's
`PRoot` fork][as-proot-fork] (though we do not test its interoperability
at the moment) as both tools use [the same protobuf
specification][rootlesscontainers-proto]. openSUSE/umoci#227
+ `umoci unpack` now has support for opaque whiteouts (whiteouts which
remove all children of a directory in the lower layer), though `umoci
repack` does not currently have support for generating them. While this
is technically a spec requirement, through testing we've never
encountered an actual user of these whiteouts. openSUSE/umoci#224
openSUSE/umoci#229
+ `umoci unpack` will now use some rootless tricks inside user namespaces
for operations that are known to fail (such as `mknod(2)`) while other
operations will be carried out as normal (such as `lchown(2)`). It should
be noted that the `/proc/self/uid_map` checking we do can be tricked into
not detecting user namespaces, but you would need to be trying to break
it on purpose. openSUSE/umoci#171 openSUSE/umoci#230
* Fix a bug in our "parent directory restore" code, which is responsible
for ensuring that the mtime and other similar properties of a directory
are not modified by extraction inside said directory. The bug would
manifest as xattrs not being restored properly in certain edge-cases
(which we incidentally hit in a test-case). openSUSE/umoci#161
openSUSE/umoci#162
* `umoci unpack` will now "clean up" the bundle generated if an error
occurs during unpacking. Previously this didn't happen, which made
cleaning up the responsibility of the caller (which was quite difficult
if you were unprivileged). This is a breaking change, but is in the error
path so it's not critical. openSUSE/umoci#174 openSUSE/umoci#187
* `umoci gc` now will no longer remove unknown files and directories that
aren't `flock(2)`ed, thus ensuring that any possible OCI image-spec
extensions or other users of an image being operated on will no longer
break. openSUSE/umoci#198
* `umoci unpack --rootless` will now correctly handle regular file
unpacking when overwriting a file that `umoci` doesn't have write access
to. In addition, the semantics of pre-existing hardlinks to a clobbered
file are clarified (the hard-links will not refer to the new layer's
inode). openSUSE/umoci#222 openSUSE/umoci#223
[as-proot-fork]: https://github.com/AkihiroSuda/runrootless
[rootlesscontainers-proto]: https://rootlesscontaine.rs/proto/rootlesscontainers.proto
[umo.ci]: https://umo.ci/
OBS-URL: https://build.opensuse.org/request/show/585262
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/umoci?expand=0&rev=30
2018-03-10 09:23:00 +00:00
|
|
|
Version: 0.4.0
|
2016-12-13 11:10:13 +00:00
|
|
|
Release: 0
|
|
|
|
|
Summary: Open Container Image manipulation tool
|
|
|
|
|
License: Apache-2.0
|
|
|
|
|
Group: System/Management
|
2017-02-07 07:39:48 +00:00
|
|
|
Url: https://github.com/openSUSE/umoci
|
2017-04-12 09:22:07 +00:00
|
|
|
Source0: %{name}-%{version}.tar.xz
|
|
|
|
|
Source1: %{name}-%{version}.tar.xz.asc
|
|
|
|
|
Source2: %{name}.keyring
|
2017-07-25 12:06:05 +00:00
|
|
|
BuildRequires: fdupes
|
2016-12-13 11:10:13 +00:00
|
|
|
BuildRequires: go >= 1.6
|
|
|
|
|
BuildRequires: go-go-md2man
|
2017-03-21 09:17:22 +00:00
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
2018-02-02 14:06:47 +00:00
|
|
|
ExcludeArch: s390
|
2016-12-13 11:10:13 +00:00
|
|
|
%if 0%{?is_opensuse}
|
|
|
|
|
ExcludeArch: s390x
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%description
|
2017-07-25 12:06:05 +00:00
|
|
|
umoci modifies Open Container images. umoci is a manipulation tool for OCI
|
|
|
|
|
images. In particular, it is a more complete alternative to oci-image-tools
|
|
|
|
|
provided by the OCI.
|
2016-12-13 11:10:13 +00:00
|
|
|
|
|
|
|
|
%prep
|
2017-04-10 17:45:50 +00:00
|
|
|
%setup -q
|
2016-12-13 11:10:13 +00:00
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
|
2016-12-20 10:14:26 +00:00
|
|
|
# We can't use symlinks here because go-list gets confused by symlinks, so we
|
|
|
|
|
# have to copy the source to $HOME/go and then use that as the GOPATH.
|
|
|
|
|
export GOPATH=$HOME/go
|
|
|
|
|
mkdir -pv $HOME/go/src/%{project}
|
|
|
|
|
rm -rf $HOME/go/src/%{project}/*
|
|
|
|
|
cp -avr * $HOME/go/src/%{project}
|
|
|
|
|
|
2016-12-19 13:56:41 +00:00
|
|
|
export VERSION="$(cat ./VERSION)"
|
2016-12-13 11:10:13 +00:00
|
|
|
if [ "$VERSION" != "%{version}" ]; then
|
2017-03-21 09:17:22 +00:00
|
|
|
VERSION="%{version}_suse"
|
2016-12-13 11:10:13 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Build the binary.
|
|
|
|
|
make VERSION="$VERSION" umoci
|
|
|
|
|
|
|
|
|
|
# Build the docs if we have go-md2man.
|
|
|
|
|
make doc
|
|
|
|
|
|
|
|
|
|
%install
|
|
|
|
|
# Install the binary.
|
2017-02-10 18:03:48 +00:00
|
|
|
install -D -m 0755 %{name} "%{buildroot}/%{_bindir}/%{name}"
|
2016-12-13 11:10:13 +00:00
|
|
|
|
|
|
|
|
# Install all of the docs.
|
Accepting request 512069 from home:cyphar:containers
- Update to umoci v0.3.0. Upstream changelog:
- `umoci` now passes all of the requirements for the [CII best practices bading
program][cii]. openSUSE/umoci#134
- `umoci` also now has more extensive architecture, quick-start and roadmap
documentation. openSUSE/umoci#134
- `umoci` now supports [`1.0.0` of the OCI image
specification][ispec-v1.0.0] and [`1.0.0` of the OCI runtime
specification][rspec-v1.0.0], which are the first milestone release. Note
that there are still some remaining UX issues with `--image` and other parts
of `umoci` which may be subject to change in future versions. In particular,
this update of the specification now means that images may have ambiguous
tags. `umoci` will warn you if an operation may have an ambiguous result, but
we plan to improve this functionality far more in the future.
openSUSE/umoci#133 openSUSE/umoci#142
- `umoci` also now supports more complicated descriptor walk structures, and
also handles mutation of such structures more sanely. At the moment, this
functionality has not been used "in the wild" and `umoci` doesn't have the UX
to create such structures (yet) but these will be implemented in future
versions. openSUSE/umoci#145
- `umoci repack` now supports `--mask-path` to ignore changes in the rootfs
that are in a child of at least one of the provided masks when generating new
layers. openSUSE/umoci#127
- Error messages from `github.com/openSUSE/umoci/oci/cas/drivers/dir` actually
make sense now. openSUSE/umoci#121
- `umoci unpack` now generates `config.json` blobs according to the [still
proposed][ispec-pr492] OCI image specification conversion document.
openSUSE/umoci#120
- `umoci repack` also now automatically adding `Config.Volumes` from the image
configuration to the set of masked paths. This matches recently added
[recommendations by the spec][ispec-pr694], but is a backwards-incompatible
change because the new default is that `Config.Volumes` **will** be masked.
If you wish to retain the old semantics, use `--no-mask-volumes` (though make
sure to be aware of the reasoning behind `Config.Volume` masking).
openSUSE/umoci#127
- `umoci` now uses [`SecureJoin`][securejoin] rather than a patched version of
`FollowSymlinkInScope`. The two implementations are roughly equivalent, but
`SecureJoin` has a nicer API and is maintained as a separate project.
- Switched to using `golang.org/x/sys/unix` over `syscall` where possible,
which makes the codebase significantly cleaner. openSUSE/umoci#141
[cii]: https://bestpractices.coreinfrastructure.org/projects/1084
[rspec-v1.0.0]: https://github.com/opencontainers/runtime-spec/releases/tag/v1.0.0
[ispec-v1.0.0]: https://github.com/opencontainers/image-spec/releases/tag/v1.0.0
[ispec-pr492]: https://github.com/opencontainers/image-spec/pull/492
[ispec-pr694]: https://github.com/opencontainers/image-spec/pull/694
[securejoin]: https://github.com/cyphar/filepath-securejoin
OBS-URL: https://build.opensuse.org/request/show/512069
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/umoci?expand=0&rev=23
2017-07-24 10:39:50 +00:00
|
|
|
for file in doc/man/*.1; do
|
2017-03-21 09:17:22 +00:00
|
|
|
install -D -m 0644 $file "%{buildroot}/%{_mandir}/man1/$(basename $file)"
|
2016-12-13 11:10:13 +00:00
|
|
|
done
|
|
|
|
|
|
2017-07-25 12:06:05 +00:00
|
|
|
%fdupes %{buildroot}
|
2016-12-13 11:10:13 +00:00
|
|
|
|
2016-12-20 10:14:26 +00:00
|
|
|
%check
|
|
|
|
|
export GOPATH=$HOME/go
|
2017-02-07 07:39:48 +00:00
|
|
|
hack/test-unit.sh
|
2016-12-20 10:14:26 +00:00
|
|
|
|
2016-12-13 11:10:13 +00:00
|
|
|
%files
|
|
|
|
|
%defattr(-,root,root)
|
Accepting request 512069 from home:cyphar:containers
- Update to umoci v0.3.0. Upstream changelog:
- `umoci` now passes all of the requirements for the [CII best practices bading
program][cii]. openSUSE/umoci#134
- `umoci` also now has more extensive architecture, quick-start and roadmap
documentation. openSUSE/umoci#134
- `umoci` now supports [`1.0.0` of the OCI image
specification][ispec-v1.0.0] and [`1.0.0` of the OCI runtime
specification][rspec-v1.0.0], which are the first milestone release. Note
that there are still some remaining UX issues with `--image` and other parts
of `umoci` which may be subject to change in future versions. In particular,
this update of the specification now means that images may have ambiguous
tags. `umoci` will warn you if an operation may have an ambiguous result, but
we plan to improve this functionality far more in the future.
openSUSE/umoci#133 openSUSE/umoci#142
- `umoci` also now supports more complicated descriptor walk structures, and
also handles mutation of such structures more sanely. At the moment, this
functionality has not been used "in the wild" and `umoci` doesn't have the UX
to create such structures (yet) but these will be implemented in future
versions. openSUSE/umoci#145
- `umoci repack` now supports `--mask-path` to ignore changes in the rootfs
that are in a child of at least one of the provided masks when generating new
layers. openSUSE/umoci#127
- Error messages from `github.com/openSUSE/umoci/oci/cas/drivers/dir` actually
make sense now. openSUSE/umoci#121
- `umoci unpack` now generates `config.json` blobs according to the [still
proposed][ispec-pr492] OCI image specification conversion document.
openSUSE/umoci#120
- `umoci repack` also now automatically adding `Config.Volumes` from the image
configuration to the set of masked paths. This matches recently added
[recommendations by the spec][ispec-pr694], but is a backwards-incompatible
change because the new default is that `Config.Volumes` **will** be masked.
If you wish to retain the old semantics, use `--no-mask-volumes` (though make
sure to be aware of the reasoning behind `Config.Volume` masking).
openSUSE/umoci#127
- `umoci` now uses [`SecureJoin`][securejoin] rather than a patched version of
`FollowSymlinkInScope`. The two implementations are roughly equivalent, but
`SecureJoin` has a nicer API and is maintained as a separate project.
- Switched to using `golang.org/x/sys/unix` over `syscall` where possible,
which makes the codebase significantly cleaner. openSUSE/umoci#141
[cii]: https://bestpractices.coreinfrastructure.org/projects/1084
[rspec-v1.0.0]: https://github.com/opencontainers/runtime-spec/releases/tag/v1.0.0
[ispec-v1.0.0]: https://github.com/opencontainers/image-spec/releases/tag/v1.0.0
[ispec-pr492]: https://github.com/opencontainers/image-spec/pull/492
[ispec-pr694]: https://github.com/opencontainers/image-spec/pull/694
[securejoin]: https://github.com/cyphar/filepath-securejoin
OBS-URL: https://build.opensuse.org/request/show/512069
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/umoci?expand=0&rev=23
2017-07-24 10:39:50 +00:00
|
|
|
%doc COPYING README.md doc/*
|
2016-12-13 11:10:13 +00:00
|
|
|
%{_bindir}/%{name}
|
|
|
|
|
%{_mandir}/man1/umoci*
|
|
|
|
|
|
|
|
|
|
%changelog
|
