diff --git a/_service b/_service
index 710b5e7..1688f56 100644
--- a/_service
+++ b/_service
@@ -2,14 +2,14 @@
https
github.com
- openSUSE/umoci/releases/download/v0.3.0/umoci.tar.xz
- umoci-0.3.0.tar.xz
+ openSUSE/umoci/releases/download/v0.3.1/umoci.tar.xz
+ umoci-0.3.1.tar.xz
https
github.com
- openSUSE/umoci/releases/download/v0.3.0/umoci.tar.xz.asc
- umoci-0.3.0.tar.xz.asc
+ openSUSE/umoci/releases/download/v0.3.1/umoci.tar.xz.asc
+ umoci-0.3.1.tar.xz.asc
umoci
diff --git a/i586-0001-fix-mis-usage-of-time.Unix.patch b/i586-0001-fix-mis-usage-of-time.Unix.patch
deleted file mode 100644
index 89daf33..0000000
--- a/i586-0001-fix-mis-usage-of-time.Unix.patch
+++ /dev/null
@@ -1,209 +0,0 @@
-From 351b92da519b61cb24b5f7f71e5b9cf2c8c7bb02 Mon Sep 17 00:00:00 2001
-From: Aleksa Sarai
-Date: Mon, 24 Jul 2017 07:34:49 +1000
-Subject: [PATCH] *: fix mis-usage of unix.Stat_t.[AM]tim with time.Unix
-
-80f787e4853d ("*: replace syscall with unix") did not correctly replace
-the usage of (*syscall.Stat_t).[AM]tim.Unix() in tests, which resulted
-in 32-bit builds failing in OBS because we run those tests in a %check
-section. We need to add CI testing to make sure that we don't miss stuff
-like this in the future.
-
-Fixes: 80f787e4853d ("*: replace syscall with unix")
-Signed-off-by: Aleksa Sarai
----
- pkg/system/utime_linux_test.go | 48 ++++++++++++++++++++--------------------
- pkg/unpriv/unpriv_utimes_test.go | 48 ++++++++++++++++++++--------------------
- 2 files changed, 48 insertions(+), 48 deletions(-)
-
-diff --git a/pkg/system/utime_linux_test.go b/pkg/system/utime_linux_test.go
-index f4597020626a..719071df61b1 100644
---- a/pkg/system/utime_linux_test.go
-+++ b/pkg/system/utime_linux_test.go
-@@ -57,10 +57,10 @@ func TestLutimesFile(t *testing.T) {
- t.Fatal(err)
- }
-
-- atimeOld := time.Unix(fiOld.Atim.Sec, fiOld.Atim.Nsec)
-- mtimeOld := time.Unix(fiOld.Mtim.Sec, fiOld.Mtim.Nsec)
-- atimeNew := time.Unix(fiNew.Atim.Sec, fiNew.Atim.Nsec)
-- mtimeNew := time.Unix(fiNew.Mtim.Sec, fiNew.Mtim.Nsec)
-+ atimeOld := time.Unix(fiOld.Atim.Unix())
-+ mtimeOld := time.Unix(fiOld.Mtim.Unix())
-+ atimeNew := time.Unix(fiNew.Atim.Unix())
-+ mtimeNew := time.Unix(fiNew.Mtim.Unix())
-
- if atimeOld.Equal(atimeNew) {
- t.Errorf("atime was not changed at all!")
-@@ -106,10 +106,10 @@ func TestLutimesDirectory(t *testing.T) {
- t.Fatal(err)
- }
-
-- atimeOld := time.Unix(fiOld.Atim.Sec, fiOld.Atim.Nsec)
-- mtimeOld := time.Unix(fiOld.Mtim.Sec, fiOld.Mtim.Nsec)
-- atimeNew := time.Unix(fiNew.Atim.Sec, fiNew.Atim.Nsec)
-- mtimeNew := time.Unix(fiNew.Mtim.Sec, fiNew.Mtim.Nsec)
-+ atimeOld := time.Unix(fiOld.Atim.Unix())
-+ mtimeOld := time.Unix(fiOld.Mtim.Unix())
-+ atimeNew := time.Unix(fiNew.Atim.Unix())
-+ mtimeNew := time.Unix(fiNew.Mtim.Unix())
-
- if atimeOld.Equal(atimeNew) {
- t.Errorf("atime was not changed at all!")
-@@ -161,10 +161,10 @@ func TestLutimesSymlink(t *testing.T) {
- t.Fatal(err)
- }
-
-- atimeOld := time.Unix(fiOld.Atim.Sec, fiOld.Atim.Nsec)
-- mtimeOld := time.Unix(fiOld.Mtim.Sec, fiOld.Mtim.Nsec)
-- atimeNew := time.Unix(fiNew.Atim.Sec, fiNew.Atim.Nsec)
-- mtimeNew := time.Unix(fiNew.Mtim.Sec, fiNew.Mtim.Nsec)
-+ atimeOld := time.Unix(fiOld.Atim.Unix())
-+ mtimeOld := time.Unix(fiOld.Mtim.Unix())
-+ atimeNew := time.Unix(fiNew.Atim.Unix())
-+ mtimeNew := time.Unix(fiNew.Mtim.Unix())
-
- if atimeOld.Equal(atimeNew) {
- t.Errorf("atime was not changed at all!")
-@@ -180,10 +180,10 @@ func TestLutimesSymlink(t *testing.T) {
- }
-
- // Make sure that the parent directory was unchanged.
-- atimeParentOld := time.Unix(fiParentOld.Atim.Sec, fiParentOld.Atim.Nsec)
-- mtimeParentOld := time.Unix(fiParentOld.Mtim.Sec, fiParentOld.Mtim.Nsec)
-- atimeParentNew := time.Unix(fiParentNew.Atim.Sec, fiParentNew.Atim.Nsec)
-- mtimeParentNew := time.Unix(fiParentNew.Mtim.Sec, fiParentNew.Mtim.Nsec)
-+ atimeParentOld := time.Unix(fiParentOld.Atim.Unix())
-+ mtimeParentOld := time.Unix(fiParentOld.Mtim.Unix())
-+ atimeParentNew := time.Unix(fiParentNew.Atim.Unix())
-+ mtimeParentNew := time.Unix(fiParentNew.Mtim.Unix())
-
- if !atimeParentOld.Equal(atimeParentNew) {
- t.Errorf("parent directory atime was changed! old='%s' new='%s'", atimeParentOld, atimeParentNew)
-@@ -239,10 +239,10 @@ func TestLutimesRelative(t *testing.T) {
- t.Fatal(err)
- }
-
-- atimeOld := time.Unix(fiOld.Atim.Sec, fiOld.Atim.Nsec)
-- mtimeOld := time.Unix(fiOld.Mtim.Sec, fiOld.Mtim.Nsec)
-- atimeNew := time.Unix(fiNew.Atim.Sec, fiNew.Atim.Nsec)
-- mtimeNew := time.Unix(fiNew.Mtim.Sec, fiNew.Mtim.Nsec)
-+ atimeOld := time.Unix(fiOld.Atim.Unix())
-+ mtimeOld := time.Unix(fiOld.Mtim.Unix())
-+ atimeNew := time.Unix(fiNew.Atim.Unix())
-+ mtimeNew := time.Unix(fiNew.Mtim.Unix())
-
- if atimeOld.Equal(atimeNew) {
- t.Errorf("atime was not changed at all!")
-@@ -258,10 +258,10 @@ func TestLutimesRelative(t *testing.T) {
- }
-
- // Make sure that the parent directory was unchanged.
-- atimeParentOld := time.Unix(fiParentOld.Atim.Sec, fiParentOld.Atim.Nsec)
-- mtimeParentOld := time.Unix(fiParentOld.Mtim.Sec, fiParentOld.Mtim.Nsec)
-- atimeParentNew := time.Unix(fiParentNew.Atim.Sec, fiParentNew.Atim.Nsec)
-- mtimeParentNew := time.Unix(fiParentNew.Mtim.Sec, fiParentNew.Mtim.Nsec)
-+ atimeParentOld := time.Unix(fiParentOld.Atim.Unix())
-+ mtimeParentOld := time.Unix(fiParentOld.Mtim.Unix())
-+ atimeParentNew := time.Unix(fiParentNew.Atim.Unix())
-+ mtimeParentNew := time.Unix(fiParentNew.Mtim.Unix())
-
- if !atimeParentOld.Equal(atimeParentNew) {
- t.Errorf("parent directory atime was changed! old='%s' new='%s'", atimeParentOld, atimeParentNew)
-diff --git a/pkg/unpriv/unpriv_utimes_test.go b/pkg/unpriv/unpriv_utimes_test.go
-index 423e808a1da3..ac037e25f50f 100644
---- a/pkg/unpriv/unpriv_utimes_test.go
-+++ b/pkg/unpriv/unpriv_utimes_test.go
-@@ -56,10 +56,10 @@ func TestLutimesFile(t *testing.T) {
- t.Fatal(err)
- }
-
-- atimeOld := time.Unix(fiOld.Atim.Sec, fiOld.Atim.Nsec)
-- mtimeOld := time.Unix(fiOld.Mtim.Sec, fiOld.Mtim.Nsec)
-- atimeNew := time.Unix(fiNew.Atim.Sec, fiNew.Atim.Nsec)
-- mtimeNew := time.Unix(fiNew.Mtim.Sec, fiNew.Mtim.Nsec)
-+ atimeOld := time.Unix(fiOld.Atim.Unix())
-+ mtimeOld := time.Unix(fiOld.Mtim.Unix())
-+ atimeNew := time.Unix(fiNew.Atim.Unix())
-+ mtimeNew := time.Unix(fiNew.Mtim.Unix())
-
- if atimeOld.Equal(atimeNew) {
- t.Errorf("atime was not changed at all!")
-@@ -104,10 +104,10 @@ func TestLutimesDirectory(t *testing.T) {
- t.Fatal(err)
- }
-
-- atimeOld := time.Unix(fiOld.Atim.Sec, fiOld.Atim.Nsec)
-- mtimeOld := time.Unix(fiOld.Mtim.Sec, fiOld.Mtim.Nsec)
-- atimeNew := time.Unix(fiNew.Atim.Sec, fiNew.Atim.Nsec)
-- mtimeNew := time.Unix(fiNew.Mtim.Sec, fiNew.Mtim.Nsec)
-+ atimeOld := time.Unix(fiOld.Atim.Unix())
-+ mtimeOld := time.Unix(fiOld.Mtim.Unix())
-+ atimeNew := time.Unix(fiNew.Atim.Unix())
-+ mtimeNew := time.Unix(fiNew.Mtim.Unix())
-
- if atimeOld.Equal(atimeNew) {
- t.Errorf("atime was not changed at all!")
-@@ -158,10 +158,10 @@ func TestLutimesSymlink(t *testing.T) {
- t.Fatal(err)
- }
-
-- atimeOld := time.Unix(fiOld.Atim.Sec, fiOld.Atim.Nsec)
-- mtimeOld := time.Unix(fiOld.Mtim.Sec, fiOld.Mtim.Nsec)
-- atimeNew := time.Unix(fiNew.Atim.Sec, fiNew.Atim.Nsec)
-- mtimeNew := time.Unix(fiNew.Mtim.Sec, fiNew.Mtim.Nsec)
-+ atimeOld := time.Unix(fiOld.Atim.Unix())
-+ mtimeOld := time.Unix(fiOld.Mtim.Unix())
-+ atimeNew := time.Unix(fiNew.Atim.Unix())
-+ mtimeNew := time.Unix(fiNew.Mtim.Unix())
-
- if atimeOld.Equal(atimeNew) {
- t.Errorf("atime was not changed at all!")
-@@ -177,10 +177,10 @@ func TestLutimesSymlink(t *testing.T) {
- }
-
- // Make sure that the parent directory was unchanged.
-- atimeParentOld := time.Unix(fiParentOld.Atim.Sec, fiParentOld.Atim.Nsec)
-- mtimeParentOld := time.Unix(fiParentOld.Mtim.Sec, fiParentOld.Mtim.Nsec)
-- atimeParentNew := time.Unix(fiParentNew.Atim.Sec, fiParentNew.Atim.Nsec)
-- mtimeParentNew := time.Unix(fiParentNew.Mtim.Sec, fiParentNew.Mtim.Nsec)
-+ atimeParentOld := time.Unix(fiParentOld.Atim.Unix())
-+ mtimeParentOld := time.Unix(fiParentOld.Mtim.Unix())
-+ atimeParentNew := time.Unix(fiParentNew.Atim.Unix())
-+ mtimeParentNew := time.Unix(fiParentNew.Mtim.Unix())
-
- if !atimeParentOld.Equal(atimeParentNew) {
- t.Errorf("parent directory atime was changed! old='%s' new='%s'", atimeParentOld, atimeParentNew)
-@@ -236,10 +236,10 @@ func TestLutimesRelative(t *testing.T) {
- t.Fatal(err)
- }
-
-- atimeOld := time.Unix(fiOld.Atim.Sec, fiOld.Atim.Nsec)
-- mtimeOld := time.Unix(fiOld.Mtim.Sec, fiOld.Mtim.Nsec)
-- atimeNew := time.Unix(fiNew.Atim.Sec, fiNew.Atim.Nsec)
-- mtimeNew := time.Unix(fiNew.Mtim.Sec, fiNew.Mtim.Nsec)
-+ atimeOld := time.Unix(fiOld.Atim.Unix())
-+ mtimeOld := time.Unix(fiOld.Mtim.Unix())
-+ atimeNew := time.Unix(fiNew.Atim.Unix())
-+ mtimeNew := time.Unix(fiNew.Mtim.Unix())
-
- if atimeOld.Equal(atimeNew) {
- t.Errorf("atime was not changed at all!")
-@@ -255,10 +255,10 @@ func TestLutimesRelative(t *testing.T) {
- }
-
- // Make sure that the parent directory was unchanged.
-- atimeParentOld := time.Unix(fiParentOld.Atim.Sec, fiParentOld.Atim.Nsec)
-- mtimeParentOld := time.Unix(fiParentOld.Mtim.Sec, fiParentOld.Mtim.Nsec)
-- atimeParentNew := time.Unix(fiParentNew.Atim.Sec, fiParentNew.Atim.Nsec)
-- mtimeParentNew := time.Unix(fiParentNew.Mtim.Sec, fiParentNew.Mtim.Nsec)
-+ atimeParentOld := time.Unix(fiParentOld.Atim.Unix())
-+ mtimeParentOld := time.Unix(fiParentOld.Mtim.Unix())
-+ atimeParentNew := time.Unix(fiParentNew.Atim.Unix())
-+ mtimeParentNew := time.Unix(fiParentNew.Mtim.Unix())
-
- if !atimeParentOld.Equal(atimeParentNew) {
- t.Errorf("parent directory atime was changed! old='%s' new='%s'", atimeParentOld, atimeParentNew)
---
-2.13.3
-
diff --git a/umoci-0.3.0.tar.xz b/umoci-0.3.0.tar.xz
deleted file mode 100644
index 3ad2086..0000000
--- a/umoci-0.3.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:be8a3b921ad18d16212a0693500ccd02dce7fa4ad3d897b229f43e8d9fc4062b
-size 316896
diff --git a/umoci-0.3.0.tar.xz.asc b/umoci-0.3.0.tar.xz.asc
deleted file mode 100644
index f63ef79..0000000
--- a/umoci-0.3.0.tar.xz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAllzczoACgkQnhiqJn3b
-jbRhJRAAgdV9H2ExrjDjP/VPlhu1PRhDBBIudwmBj32isqb83eLx/0o68rxhnFm2
-SyjwDy1YApfgUaEUjEUOJSIhfkO3d9NyFA4znkO/p8E6EnbFaAQ2EBov0+QuhrjY
-iq3F2oM0bUsV9DYYsmDsseHc8Ti+VqJdAiv+fa8detPAmJknHBFTka58L0yCPT8m
-t0hQRbFRD/9bbLt9FUOjUtdRmenJvpM7XEh7l+DPi5qVvESMtgUmpNJ7ZljGE/6l
-Bd+qBr3SGNbGxwrirNRhTSlEz2uEQYfaArOr3gD42XvFa2kq25bbTuL29eF7jd39
-9ipmpnqlYmxxKh/9wOYqjkFTDwsfxgxV7Aw7m3XABm/tUNIg3taBjDmOKdWKUf60
-xxObtcFTUC8Y7KJCF2uzxJh4xO8NWVx5wKsoFyN8Wm/zlMJCdt1m7dj1o4T4aMHh
-CXhjqPPyj7dmMWKk6jQ/7/o3gz2ZCUPm2ytHdFKFQX7FoFY4QnJ9UhUfSwjOlTSS
-stUI8o9vHpP/pfp89OWwdo+Rc68oP00+EUk/L5CcbyMRSmtRC6owt480dYOPGuu4
-i8yj4cNQe51gJ9qSHayrELt+sfZRO7vK2ws12eNavt26DzMU5oucDgU6Aoj6S5ka
-4g8VaG8GLcU8I4ORdjmXqI+Pntfa2cUsY/Hlr0ZA0dpiUdgx0LI=
-=U59f
------END PGP SIGNATURE-----
diff --git a/umoci-0.3.1.tar.xz b/umoci-0.3.1.tar.xz
new file mode 100644
index 0000000..33224ca
--- /dev/null
+++ b/umoci-0.3.1.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9c92c72edeaf44b3409125e15a619f6718d9ddd29ed9539c60076b8746625440
+size 341716
diff --git a/umoci-0.3.1.tar.xz.asc b/umoci-0.3.1.tar.xz.asc
new file mode 100644
index 0000000..0dcd128
--- /dev/null
+++ b/umoci-0.3.1.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAlnUNXwACgkQnhiqJn3b
+jbRlPBAAg/ykOVftxsHQM8YKjQqRcD2+d6csXMlI0q2zErnWAQ+G7qdoRwj2PyLW
+KbnV20082eqhI5+eg+LRGjb6XKyDdx/3YzqTH8etbUi8U9VKaj1fdAH08bTa93fq
+sDEo6s1DiZZfI/POG/00ugkkBsLriROAYfqgUez7YH91+bPGVpY/5CmioACWBCs+
+tNgd/dT3Db+q0ORkWjCLQLNtejJ3lFzL7gQwoQl0gv1NH6h3zxM6LcAvD9n8mm6w
+ADxoCkWwvbH6qfIH7tKgbkDYxf9LTPfwijyFtBxF9jkwUOjJnURwTA6kTvwtRdjN
+Dl8SKqqZGrivu4tki4JRAIOKuvRCqVryeMX98IHTTyuQENZneSK8uojYTZdV/mq0
+YrExjs1K7OZHIgdxcJfRmxpP8ypXfWeP6s4pQklTmXjWmA+IU9IbOi43phEJ6fKI
+8vlItvNTTDimePvp0RRP+UnwatT7XMnp+2AioCN3cexx+//Iadtl8jcs0dTDBqe7
+gdPx7f6Qw81ZQmAoL0OBat7zBtxHnKeLsdK0xcl3RJ7RzdSPaLvOHqMmaNS356Ve
+q/dq/a65b/kReQwM636JSssMEdtB2eEvJ+LNVMB/oOyfdRutOPODM67W5PVUBHAE
+0XDf8HWxZNPUghQnYUIWIlwfhRHGnatOgbsi7/Rr3nVFsPaCI9w=
+=VfqF
+-----END PGP SIGNATURE-----
diff --git a/umoci.changes b/umoci.changes
index 2d7f200..8acae62 100644
--- a/umoci.changes
+++ b/umoci.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Wed Oct 4 02:52:51 UTC 2017 - asarai@suse.com
+
+- Update to umoci v0.3.1. Upstream changelog:
+ - Fix several minor bugs in `hack/release.sh` that caused the release artefacts
+ to not match the intended style, as well as making it more generic so other
+ projects can use it. openSUSE/umoci#155 openSUSE/umoci#163
+ - A recent configuration issue caused `go vet` and `go lint` to not run as part
+ of our CI jobs. This means that some of the information submitted as part of
+ [CII best practices badging][cii] was not accurate. This has been corrected,
+ and after review we concluded that only stylistic issues were discovered by
+ static analysis. openSUSE/umoci#158
+ - 32-bit unit test builds were broken in a refactor in [0.3.0]. This has been
+ fixed, and we've added tests to our CI to ensure that something like this
+ won't go unnoticed in the future. openSUSE/umoci#157
+ - `umoci unpack` would not correctly preserve set{uid,gid} bits. While this
+ would not cause issues when building an image (as we only create a manifest
+ of the final extracted rootfs), it would cause issues for other users of
+ `umoci`. openSUSE/umoci#166 openSUSE/umoci#169
+ - Updated to [v0.4.1 of `go-mtree`][gomtree-v0.4.1], which fixes several minor
+ bugs with manifest generation. openSUSE/umoci#176
+ - `umoci unpack` would not handle "weird" tar archive layers previously (it
+ would error out with DiffID errors). While this wouldn't cause issues for
+ layers generated using Go's `archive/tar` implementation, it would cause
+ issues for GNU gzip and other such tools.
+ - `umoci unpack`'s mapping options (`--uid-map` and `--gid-map`) have had an
+ interface change, to better match the [`user_namespaces(7)`][user_namespaces]
+ interfaces. Note that this is a **breaking change**, but the workaround is to
+ switch to the trivially different (but now more consistent) format.
+ openSUSE/umoci#167
+ - `umoci unpack` used to create the bundle and rootfs with world
+ read-and-execute permissions by default. This could potentially result in an
+ unsafe rootfs (containing dangerous setuid binaries for instance) being
+ accessible by an unprivileged user. This has been fixed by always setting the
+ mode of the bundle to `0700`, which requires a user to explicitly work around
+ this basic protection. This scenario was documented in our security
+ documentation previously, but has now been fixed. openSUSE/umoci#181
+ openSUSE/umoci#182
+
+ [cii]: https://bestpractices.coreinfrastructure.org/projects/1084
+ [gomtree-v0.4.1]: https://github.com/vbatts/go-mtree/releases/tag/v0.4.1
+ [user_namespaces]: http://man7.org/linux/man-pages/man7/user_namespaces.7.html
+- Remove patch that has been applied upstream.
+ - i586-0001-fix-mis-usage-of-time.Unix.patch
+
-------------------------------------------------------------------
Tue Jul 25 10:42:54 UTC 2017 - asarai@suse.com
diff --git a/umoci.spec b/umoci.spec
index f34ba07..6241bf0 100644
--- a/umoci.spec
+++ b/umoci.spec
@@ -24,7 +24,7 @@
%define project github.com/openSUSE/umoci
Name: umoci
-Version: 0.3.0
+Version: 0.3.1
Release: 0
Summary: Open Container Image manipulation tool
License: Apache-2.0
@@ -33,8 +33,6 @@ Url: https://github.com/openSUSE/umoci
Source0: %{name}-%{version}.tar.xz
Source1: %{name}-%{version}.tar.xz.asc
Source2: %{name}.keyring
-# PATCH-FIX-UPSTREAM: Backport of https://github.com/openSUSE/umoci/pull/157.
-Patch100: i586-0001-fix-mis-usage-of-time.Unix.patch
BuildRequires: fdupes
BuildRequires: go >= 1.6
BuildRequires: go-go-md2man
@@ -50,8 +48,6 @@ provided by the OCI.
%prep
%setup -q
-# https://github.com/openSUSE/umoci/pull/157
-%patch100 -p1
%build