Accepting request 1157757 from home:eeich:branches:network:cluster

- Fix 'apptainer build' using signed packages from the SUSE Registry (bsc#1221364). * Remove-signatures-from-Docker-images.patch OBS-URL: https://build.opensuse.org/request/show/1157757 OBS-URL: https://build.opensuse.org/package/show/network:cluster/apptainer?expand=0&rev=68
2024-03-14 08:00:10 +00:00
parent 33caaa9a61
commit 62b21fe220
3 changed files with 67 additions and 0 deletions
--- a/Remove-signatures-from-Docker-images.patch
+++ b/Remove-signatures-from-Docker-images.patch
@@ -0,0 +1,58 @@
 From: Egbert Eich <eich@suse.com>
 Date: Wed Mar 13 17:41:43 2024 +0100
 Subject: Remove signatures from Docker images
 Patch-mainline: Not yet
 Git-repo: https://github.com/apptainer/apptainer
 Git-commit: eb17f79efd7c2fc1a5bacbca3743b71f0a659355
 References: bsc#1221364
 OCI image layouts do not support the storing of signatures.
 Therefore, singed containers will cause apptainer to error
 on ``apptainer build ..``
 with the message:
 "Pushing signatures for OCI images is not supported" when
 attempting to pull signed containers from a Docker registry.
 To fix this, set an option to remove signatures.
 This fixes issue #2094.
 Signed-off-by: Egbert Eich <eich@suse.com>
 Signed-off-by: Egbert Eich <eich@suse.de>
 ---
 internal/pkg/build/oci/oci.go                    | 5 +++--
 internal/pkg/build/sources/conveyorPacker_oci.go | 5 +++--
 3 files changed, 7 insertions(+), 4 deletions(-)
 diff --git a/CHANGELOG.md b/CHANGELOG.md
 index edcddd3a3..d0c609053 100644
 diff --git a/internal/pkg/build/oci/oci.go b/internal/pkg/build/oci/oci.go
 index 68e6f5989..46665917a 100644
 --- a/internal/pkg/build/oci/oci.go
 +++ b/internal/pkg/build/oci/oci.go
@@ -125,8 +125,9 @@ func (t *ImageReference) newImageSource(ctx context.Context, sys *types.SystemCo
 	// First we are fetching into the cache
 	_, err = copy.Image(ctx, policyCtx, t.ImageReference, t.source, &copy.Options{
 -		ReportWriter: w,
 -		SourceCtx:    sys,
 +		ReportWriter:     w,
 +		SourceCtx:        sys,
 +		RemoveSignatures: true,
 	})
 	if err != nil {
 		return nil, err
 diff --git a/internal/pkg/build/sources/conveyorPacker_oci.go b/internal/pkg/build/sources/conveyorPacker_oci.go
 index f4107da63..14a545a53 100644
 --- a/internal/pkg/build/sources/conveyorPacker_oci.go
 +++ b/internal/pkg/build/sources/conveyorPacker_oci.go
@@ -301,8 +301,9 @@ func (cp *OCIConveyorPacker) Pack(ctx context.Context) (*sytypes.Bundle, error)
 func (cp *OCIConveyorPacker) fetch(ctx context.Context) error {
 	// cp.srcRef contains the cache source reference
 	_, err := copy.Image(ctx, cp.policyCtx, cp.tmpfsRef, cp.srcRef, &copy.Options{
 -		ReportWriter: io.Discard,
 -		SourceCtx:    cp.sysCtx,
 +		ReportWriter:     io.Discard,
 +		SourceCtx:        cp.sysCtx,
 +		RemoveSignatures: true,
 	})
 	return err
 }
--- a/apptainer.changes
+++ b/apptainer.changes
@@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Wed Mar 13 19:28:40 UTC 2024 - Egbert Eich <eich@suse.com>
 - Fix 'apptainer build' using signed packages from the SUSE
  Registry (bsc#1221364).
  * Remove-signatures-from-Docker-images.patch
 -------------------------------------------------------------------
 Wed Jan 31 14:14:20 UTC 2024 - Egbert Eich <eich@suse.com>
--- a/apptainer.spec
+++ b/apptainer.spec
@@ -41,6 +41,7 @@ Source4:        SLE-15SP6.def
 Source5:        Leap.def
 Source20:       %{name}-rpmlintrc
 Source21:       vendor.tar.gz
 Patch1:         Remove-signatures-from-Docker-images.patch
 BuildRequires:  cryptsetup
 BuildRequires:  fdupes
 BuildRequires:  gcc
@@ -102,6 +103,7 @@ based on the latest openSUSE Leap release.
 %prep
 %setup -q -n %{name}-%{version}%{?vers_suffix}
 %autopatch -p1
 cp %{S:1} .
 %build