Accepting request 1157874 from network:cluster

OBS-URL: https://build.opensuse.org/request/show/1157874
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apptainer?expand=0&rev=26

Remove-signatures-from-Docker-images.patch

@@ -0,0 +1,58 @@
+From: Egbert Eich <eich@suse.com>
+Date: Wed Mar 13 17:41:43 2024 +0100
+Subject: Remove signatures from Docker images
+Patch-mainline: Not yet
+Git-repo: https://github.com/apptainer/apptainer
+Git-commit: eb17f79efd7c2fc1a5bacbca3743b71f0a659355
+References: bsc#1221364
+
+OCI image layouts do not support the storing of signatures.
+Therefore, singed containers will cause apptainer to error
+on ``apptainer build ..``
+with the message:
+ "Pushing signatures for OCI images is not supported" when
+attempting to pull signed containers from a Docker registry.
+To fix this, set an option to remove signatures.
+
+This fixes issue #2094.
+
+Signed-off-by: Egbert Eich <eich@suse.com>
+Signed-off-by: Egbert Eich <eich@suse.de>
+---
+ internal/pkg/build/oci/oci.go                    | 5 +++--
+ internal/pkg/build/sources/conveyorPacker_oci.go | 5 +++--
+ 3 files changed, 7 insertions(+), 4 deletions(-)
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index edcddd3a3..d0c609053 100644
+diff --git a/internal/pkg/build/oci/oci.go b/internal/pkg/build/oci/oci.go
+index 68e6f5989..46665917a 100644
+--- a/internal/pkg/build/oci/oci.go
++++ b/internal/pkg/build/oci/oci.go
+@@ -125,8 +125,9 @@ func (t *ImageReference) newImageSource(ctx context.Context, sys *types.SystemCo
+ 
+ 	// First we are fetching into the cache
+ 	_, err = copy.Image(ctx, policyCtx, t.ImageReference, t.source, &copy.Options{
+-		ReportWriter: w,
+-		SourceCtx:    sys,
++		ReportWriter:     w,
++		SourceCtx:        sys,
++		RemoveSignatures: true,
+ 	})
+ 	if err != nil {
+ 		return nil, err
+diff --git a/internal/pkg/build/sources/conveyorPacker_oci.go b/internal/pkg/build/sources/conveyorPacker_oci.go
+index f4107da63..14a545a53 100644
+--- a/internal/pkg/build/sources/conveyorPacker_oci.go
++++ b/internal/pkg/build/sources/conveyorPacker_oci.go
+@@ -301,8 +301,9 @@ func (cp *OCIConveyorPacker) Pack(ctx context.Context) (*sytypes.Bundle, error)
+ func (cp *OCIConveyorPacker) fetch(ctx context.Context) error {
+ 	// cp.srcRef contains the cache source reference
+ 	_, err := copy.Image(ctx, cp.policyCtx, cp.tmpfsRef, cp.srcRef, &copy.Options{
+-		ReportWriter: io.Discard,
+-		SourceCtx:    cp.sysCtx,
++		ReportWriter:     io.Discard,
++		SourceCtx:        cp.sysCtx,
++		RemoveSignatures: true,
+ 	})
+ 	return err
+ }

apptainer.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Mar 13 19:28:40 UTC 2024 - Egbert Eich <eich@suse.com>
+
+- Fix 'apptainer build' using signed packages from the SUSE
+  Registry (bsc#1221364).
+  * Remove-signatures-from-Docker-images.patch
+
 -------------------------------------------------------------------
 Wed Jan 31 14:14:20 UTC 2024 - Egbert Eich <eich@suse.com>
 

apptainer.spec

@@ -41,6 +41,7 @@ Source4:        SLE-15SP6.def
 Source5:        Leap.def
 Source20:       %{name}-rpmlintrc
 Source21:       vendor.tar.gz
+Patch1:         Remove-signatures-from-Docker-images.patch
 BuildRequires:  cryptsetup
 BuildRequires:  fdupes
 BuildRequires:  gcc
@@ -102,6 +103,7 @@ based on the latest openSUSE Leap release.
 
 %prep
 %setup -q -n %{name}-%{version}%{?vers_suffix}
+%autopatch -p1
 cp %{S:1} .
 
 %build