pool/umoci
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
umoci/umoci.spec
Aleksa Sarai 514f77b460 Accepting request 531029 from home:cyphar:containers 
- Update to umoci v0.3.1. Upstream changelog:
	- Fix several minor bugs in `hack/release.sh` that caused the release artefacts
	  to not match the intended style, as well as making it more generic so other
	  projects can use it. openSUSE/umoci#155 openSUSE/umoci#163
	- A recent configuration issue caused `go vet` and `go lint` to not run as part
	  of our CI jobs. This means that some of the information submitted as part of
	  [CII best practices badging][cii] was not accurate. This has been corrected,
	  and after review we concluded that only stylistic issues were discovered by
	  static analysis. openSUSE/umoci#158
	- 32-bit unit test builds were broken in a refactor in [0.3.0]. This has been
	  fixed, and we've added tests to our CI to ensure that something like this
	  won't go unnoticed in the future. openSUSE/umoci#157
	- `umoci unpack` would not correctly preserve set{uid,gid} bits. While this
	  would not cause issues when building an image (as we only create a manifest
	  of the final extracted rootfs), it would cause issues for other users of
	  `umoci`. openSUSE/umoci#166 openSUSE/umoci#169
	- Updated to [v0.4.1 of `go-mtree`][gomtree-v0.4.1], which fixes several minor
	  bugs with manifest generation. openSUSE/umoci#176
	- `umoci unpack` would not handle "weird" tar archive layers previously (it
	  would error out with DiffID errors). While this wouldn't cause issues for
	  layers generated using Go's `archive/tar` implementation, it would cause
	  issues for GNU gzip and other such tools.
	- `umoci unpack`'s mapping options (`--uid-map` and `--gid-map`) have had an
	  interface change, to better match the [`user_namespaces(7)`][user_namespaces]
	  interfaces. Note that this is a **breaking change**, but the workaround is to
	  switch to the trivially different (but now more consistent) format.
	  openSUSE/umoci#167
	- `umoci unpack` used to create the bundle and rootfs with world
	  read-and-execute permissions by default. This could potentially result in an
	  unsafe rootfs (containing dangerous setuid binaries for instance) being
	  accessible by an unprivileged user. This has been fixed by always setting the
	  mode of the bundle to `0700`, which requires a user to explicitly work around
	  this basic protection. This scenario was documented in our security
	  documentation previously, but has now been fixed. openSUSE/umoci#181
	  openSUSE/umoci#182

	[cii]: https://bestpractices.coreinfrastructure.org/projects/1084
	[gomtree-v0.4.1]: https://github.com/vbatts/go-mtree/releases/tag/v0.4.1
	[user_namespaces]: http://man7.org/linux/man-pages/man7/user_namespaces.7.html
- Remove patch that has been applied upstream.
  - i586-0001-fix-mis-usage-of-time.Unix.patch

OBS-URL: https://build.opensuse.org/request/show/531029
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/umoci?expand=0&rev=26
2017-10-04 17:38:35 +00:00

94 lines
2.5 KiB
RPMSpec
Raw Blame History

#
# spec file for package umoci
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# nodebuginfo
# Remove stripping of Go binaries.
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
# Project name when using go tooling.
%define project github.com/openSUSE/umoci
Name: umoci
Version: 0.3.1
Release: 0
Summary: Open Container Image manipulation tool
License: Apache-2.0
Group: System/Management
Url: https://github.com/openSUSE/umoci
Source0: %{name}-%{version}.tar.xz
Source1: %{name}-%{version}.tar.xz.asc
Source2: %{name}.keyring
BuildRequires: fdupes
BuildRequires: go >= 1.6
BuildRequires: go-go-md2man
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?is_opensuse}
ExcludeArch: s390x
%endif
%description
umoci modifies Open Container images. umoci is a manipulation tool for OCI
images. In particular, it is a more complete alternative to oci-image-tools
provided by the OCI.
%prep
%setup -q
%build
# We can't use symlinks here because go-list gets confused by symlinks, so we
# have to copy the source to $HOME/go and then use that as the GOPATH.
export GOPATH=$HOME/go
mkdir -pv $HOME/go/src/%{project}
rm -rf $HOME/go/src/%{project}/*
cp -avr * $HOME/go/src/%{project}
export VERSION="$(cat ./VERSION)"
if [ "$VERSION" != "%{version}" ]; then
VERSION="%{version}_suse"
fi
# Build the binary.
make VERSION="$VERSION" umoci
# Build the docs if we have go-md2man.
make doc
%install
# Install the binary.
install -D -m 0755 %{name} "%{buildroot}/%{_bindir}/%{name}"
# Install all of the docs.
for file in doc/man/*.1; do
install -D -m 0644 $file "%{buildroot}/%{_mandir}/man1/$(basename $file)"
done
%fdupes %{buildroot}
%check
export GOPATH=$HOME/go
hack/test-unit.sh
%files
%defattr(-,root,root)
%doc COPYING README.md doc/*
%{_bindir}/%{name}
%{_mandir}/man1/umoci*
%changelog
Reference in New Issue View Git Blame Copy Permalink