f3781ab7f3
- Update to umoci v0.3.0. Upstream changelog: - `umoci` now passes all of the requirements for the [CII best practices bading program][cii]. openSUSE/umoci#134 - `umoci` also now has more extensive architecture, quick-start and roadmap documentation. openSUSE/umoci#134 - `umoci` now supports [`1.0.0` of the OCI image specification][ispec-v1.0.0] and [`1.0.0` of the OCI runtime specification][rspec-v1.0.0], which are the first milestone release. Note that there are still some remaining UX issues with `--image` and other parts of `umoci` which may be subject to change in future versions. In particular, this update of the specification now means that images may have ambiguous tags. `umoci` will warn you if an operation may have an ambiguous result, but we plan to improve this functionality far more in the future. openSUSE/umoci#133 openSUSE/umoci#142 - `umoci` also now supports more complicated descriptor walk structures, and also handles mutation of such structures more sanely. At the moment, this functionality has not been used "in the wild" and `umoci` doesn't have the UX to create such structures (yet) but these will be implemented in future versions. openSUSE/umoci#145 - `umoci repack` now supports `--mask-path` to ignore changes in the rootfs that are in a child of at least one of the provided masks when generating new layers. openSUSE/umoci#127 - Error messages from `github.com/openSUSE/umoci/oci/cas/drivers/dir` actually make sense now. openSUSE/umoci#121 - `umoci unpack` now generates `config.json` blobs according to the [still proposed][ispec-pr492] OCI image specification conversion document. openSUSE/umoci#120 - `umoci repack` also now automatically adding `Config.Volumes` from the image configuration to the set of masked paths. This matches recently added [recommendations by the spec][ispec-pr694], but is a backwards-incompatible change because the new default is that `Config.Volumes` **will** be masked. If you wish to retain the old semantics, use `--no-mask-volumes` (though make sure to be aware of the reasoning behind `Config.Volume` masking). openSUSE/umoci#127 - `umoci` now uses [`SecureJoin`][securejoin] rather than a patched version of `FollowSymlinkInScope`. The two implementations are roughly equivalent, but `SecureJoin` has a nicer API and is maintained as a separate project. - Switched to using `golang.org/x/sys/unix` over `syscall` where possible, which makes the codebase significantly cleaner. openSUSE/umoci#141 [cii]: https://bestpractices.coreinfrastructure.org/projects/1084 [rspec-v1.0.0]: https://github.com/opencontainers/runtime-spec/releases/tag/v1.0.0 [ispec-v1.0.0]: https://github.com/opencontainers/image-spec/releases/tag/v1.0.0 [ispec-pr492]: https://github.com/opencontainers/image-spec/pull/492 [ispec-pr694]: https://github.com/opencontainers/image-spec/pull/694 [securejoin]: https://github.com/cyphar/filepath-securejoin OBS-URL: https://build.opensuse.org/request/show/512069 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/umoci?expand=0&rev=23