514f77b460
- Update to umoci v0.3.1. Upstream changelog: - Fix several minor bugs in `hack/release.sh` that caused the release artefacts to not match the intended style, as well as making it more generic so other projects can use it. openSUSE/umoci#155 openSUSE/umoci#163 - A recent configuration issue caused `go vet` and `go lint` to not run as part of our CI jobs. This means that some of the information submitted as part of [CII best practices badging][cii] was not accurate. This has been corrected, and after review we concluded that only stylistic issues were discovered by static analysis. openSUSE/umoci#158 - 32-bit unit test builds were broken in a refactor in [0.3.0]. This has been fixed, and we've added tests to our CI to ensure that something like this won't go unnoticed in the future. openSUSE/umoci#157 - `umoci unpack` would not correctly preserve set{uid,gid} bits. While this would not cause issues when building an image (as we only create a manifest of the final extracted rootfs), it would cause issues for other users of `umoci`. openSUSE/umoci#166 openSUSE/umoci#169 - Updated to [v0.4.1 of `go-mtree`][gomtree-v0.4.1], which fixes several minor bugs with manifest generation. openSUSE/umoci#176 - `umoci unpack` would not handle "weird" tar archive layers previously (it would error out with DiffID errors). While this wouldn't cause issues for layers generated using Go's `archive/tar` implementation, it would cause issues for GNU gzip and other such tools. - `umoci unpack`'s mapping options (`--uid-map` and `--gid-map`) have had an interface change, to better match the [`user_namespaces(7)`][user_namespaces] interfaces. Note that this is a **breaking change**, but the workaround is to switch to the trivially different (but now more consistent) format. openSUSE/umoci#167 - `umoci unpack` used to create the bundle and rootfs with world read-and-execute permissions by default. This could potentially result in an unsafe rootfs (containing dangerous setuid binaries for instance) being accessible by an unprivileged user. This has been fixed by always setting the mode of the bundle to `0700`, which requires a user to explicitly work around this basic protection. This scenario was documented in our security documentation previously, but has now been fixed. openSUSE/umoci#181 openSUSE/umoci#182 [cii]: https://bestpractices.coreinfrastructure.org/projects/1084 [gomtree-v0.4.1]: https://github.com/vbatts/go-mtree/releases/tag/v0.4.1 [user_namespaces]: http://man7.org/linux/man-pages/man7/user_namespaces.7.html - Remove patch that has been applied upstream. - i586-0001-fix-mis-usage-of-time.Unix.patch OBS-URL: https://build.opensuse.org/request/show/531029 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/umoci?expand=0&rev=26
17 lines
833 B
Plaintext
17 lines
833 B
Plaintext
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIzBAABCAAdFiEEXzbGxhtUYBJKdfWmnhiqJn3bjbQFAlnUNXwACgkQnhiqJn3b
|
|
jbRlPBAAg/ykOVftxsHQM8YKjQqRcD2+d6csXMlI0q2zErnWAQ+G7qdoRwj2PyLW
|
|
KbnV20082eqhI5+eg+LRGjb6XKyDdx/3YzqTH8etbUi8U9VKaj1fdAH08bTa93fq
|
|
sDEo6s1DiZZfI/POG/00ugkkBsLriROAYfqgUez7YH91+bPGVpY/5CmioACWBCs+
|
|
tNgd/dT3Db+q0ORkWjCLQLNtejJ3lFzL7gQwoQl0gv1NH6h3zxM6LcAvD9n8mm6w
|
|
ADxoCkWwvbH6qfIH7tKgbkDYxf9LTPfwijyFtBxF9jkwUOjJnURwTA6kTvwtRdjN
|
|
Dl8SKqqZGrivu4tki4JRAIOKuvRCqVryeMX98IHTTyuQENZneSK8uojYTZdV/mq0
|
|
YrExjs1K7OZHIgdxcJfRmxpP8ypXfWeP6s4pQklTmXjWmA+IU9IbOi43phEJ6fKI
|
|
8vlItvNTTDimePvp0RRP+UnwatT7XMnp+2AioCN3cexx+//Iadtl8jcs0dTDBqe7
|
|
gdPx7f6Qw81ZQmAoL0OBat7zBtxHnKeLsdK0xcl3RJ7RzdSPaLvOHqMmaNS356Ve
|
|
q/dq/a65b/kReQwM636JSssMEdtB2eEvJ+LNVMB/oOyfdRutOPODM67W5PVUBHAE
|
|
0XDf8HWxZNPUghQnYUIWIlwfhRHGnatOgbsi7/Rr3nVFsPaCI9w=
|
|
=VfqF
|
|
-----END PGP SIGNATURE-----
|