apptainer/Remove-signatures-from-Docker-images.patch

From: Egbert Eich <eich@suse.com>
Date: Wed Mar 13 17:41:43 2024 +0100
Subject: Remove signatures from Docker images
Patch-mainline: Not yet
Git-repo: https://github.com/apptainer/apptainer
Git-commit: eb17f79efd7c2fc1a5bacbca3743b71f0a659355
References: bsc#1221364

OCI image layouts do not support the storing of signatures.
Therefore, singed containers will cause apptainer to error
on ``apptainer build ..``
with the message:
 "Pushing signatures for OCI images is not supported" when
attempting to pull signed containers from a Docker registry.
To fix this, set an option to remove signatures.

This fixes issue #2094.

Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
 internal/pkg/build/oci/oci.go                    | 5 +++--
 internal/pkg/build/sources/conveyorPacker_oci.go | 5 +++--
 3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index edcddd3a3..d0c609053 100644
diff --git a/internal/pkg/build/oci/oci.go b/internal/pkg/build/oci/oci.go
index 68e6f5989..46665917a 100644
--- a/internal/pkg/build/oci/oci.go
+++ b/internal/pkg/build/oci/oci.go
@@ -125,8 +125,9 @@ func (t *ImageReference) newImageSource(ctx context.Context, sys *types.SystemCo
 
 	// First we are fetching into the cache
 	_, err = copy.Image(ctx, policyCtx, t.ImageReference, t.source, &copy.Options{
-		ReportWriter: w,
-		SourceCtx:    sys,
+		ReportWriter:     w,
+		SourceCtx:        sys,
+		RemoveSignatures: true,
 	})
 	if err != nil {
 		return nil, err
diff --git a/internal/pkg/build/sources/conveyorPacker_oci.go b/internal/pkg/build/sources/conveyorPacker_oci.go
index f4107da63..14a545a53 100644
--- a/internal/pkg/build/sources/conveyorPacker_oci.go
+++ b/internal/pkg/build/sources/conveyorPacker_oci.go
@@ -301,8 +301,9 @@ func (cp *OCIConveyorPacker) Pack(ctx context.Context) (*sytypes.Bundle, error)
 func (cp *OCIConveyorPacker) fetch(ctx context.Context) error {
 	// cp.srcRef contains the cache source reference
 	_, err := copy.Image(ctx, cp.policyCtx, cp.tmpfsRef, cp.srcRef, &copy.Options{
-		ReportWriter: io.Discard,
-		SourceCtx:    cp.sysCtx,
+		ReportWriter:     io.Discard,
+		SourceCtx:        cp.sysCtx,
+		RemoveSignatures: true,
 	})
 	return err
 }
Accepting request 1157757 from home:eeich:branches:network:cluster - Fix 'apptainer build' using signed packages from the SUSE Registry (bsc#1221364). * Remove-signatures-from-Docker-images.patch OBS-URL: https://build.opensuse.org/request/show/1157757 OBS-URL: https://build.opensuse.org/package/show/network:cluster/apptainer?expand=0&rev=68 2024-03-14 08:00:10 +00:00			`From: Egbert Eich <eich@suse.com>`
			`Date: Wed Mar 13 17:41:43 2024 +0100`
			`Subject: Remove signatures from Docker images`
			`Patch-mainline: Not yet`
			`Git-repo: https://github.com/apptainer/apptainer`
			`Git-commit: eb17f79efd7c2fc1a5bacbca3743b71f0a659355`
			`References: bsc#1221364`

			`OCI image layouts do not support the storing of signatures.`
			`Therefore, singed containers will cause apptainer to error`
			on ``apptainer build ..``
			`with the message:`
			`"Pushing signatures for OCI images is not supported" when`
			`attempting to pull signed containers from a Docker registry.`
			`To fix this, set an option to remove signatures.`

			`This fixes issue #2094.`

			`Signed-off-by: Egbert Eich <eich@suse.com>`
			`Signed-off-by: Egbert Eich <eich@suse.de>`
			`---`
			`internal/pkg/build/oci/oci.go \| 5 +++--`
			`internal/pkg/build/sources/conveyorPacker_oci.go \| 5 +++--`
			`3 files changed, 7 insertions(+), 4 deletions(-)`
			`diff --git a/CHANGELOG.md b/CHANGELOG.md`
			`index edcddd3a3..d0c609053 100644`
			`diff --git a/internal/pkg/build/oci/oci.go b/internal/pkg/build/oci/oci.go`
			`index 68e6f5989..46665917a 100644`
			`--- a/internal/pkg/build/oci/oci.go`
			`+++ b/internal/pkg/build/oci/oci.go`
			`@@ -125,8 +125,9 @@ func (t ImageReference) newImageSource(ctx context.Context, sys types.SystemCo`

			`// First we are fetching into the cache`
			`_, err = copy.Image(ctx, policyCtx, t.ImageReference, t.source, &copy.Options{`
			`- ReportWriter: w,`
			`- SourceCtx: sys,`
			`+ ReportWriter: w,`
			`+ SourceCtx: sys,`
			`+ RemoveSignatures: true,`
			`})`
			`if err != nil {`
			`return nil, err`
			`diff --git a/internal/pkg/build/sources/conveyorPacker_oci.go b/internal/pkg/build/sources/conveyorPacker_oci.go`
			`index f4107da63..14a545a53 100644`
			`--- a/internal/pkg/build/sources/conveyorPacker_oci.go`
			`+++ b/internal/pkg/build/sources/conveyorPacker_oci.go`
			`@@ -301,8 +301,9 @@ func (cp OCIConveyorPacker) Pack(ctx context.Context) (sytypes.Bundle, error)`
			`func (cp *OCIConveyorPacker) fetch(ctx context.Context) error {`
			`// cp.srcRef contains the cache source reference`
			`_, err := copy.Image(ctx, cp.policyCtx, cp.tmpfsRef, cp.srcRef, &copy.Options{`
			`- ReportWriter: io.Discard,`
			`- SourceCtx: cp.sysCtx,`
			`+ ReportWriter: io.Discard,`
			`+ SourceCtx: cp.sysCtx,`
			`+ RemoveSignatures: true,`
			`})`
			`return err`
			`}`