forked from pool/apptainer
Christian Goll
62b21fe220
- Fix 'apptainer build' using signed packages from the SUSE Registry (bsc#1221364). * Remove-signatures-from-Docker-images.patch OBS-URL: https://build.opensuse.org/request/show/1157757 OBS-URL: https://build.opensuse.org/package/show/network:cluster/apptainer?expand=0&rev=68
59 lines
2.2 KiB
Diff
59 lines
2.2 KiB
Diff
From: Egbert Eich <eich@suse.com>
|
|
Date: Wed Mar 13 17:41:43 2024 +0100
|
|
Subject: Remove signatures from Docker images
|
|
Patch-mainline: Not yet
|
|
Git-repo: https://github.com/apptainer/apptainer
|
|
Git-commit: eb17f79efd7c2fc1a5bacbca3743b71f0a659355
|
|
References: bsc#1221364
|
|
|
|
OCI image layouts do not support the storing of signatures.
|
|
Therefore, singed containers will cause apptainer to error
|
|
on ``apptainer build ..``
|
|
with the message:
|
|
"Pushing signatures for OCI images is not supported" when
|
|
attempting to pull signed containers from a Docker registry.
|
|
To fix this, set an option to remove signatures.
|
|
|
|
This fixes issue #2094.
|
|
|
|
Signed-off-by: Egbert Eich <eich@suse.com>
|
|
Signed-off-by: Egbert Eich <eich@suse.de>
|
|
---
|
|
internal/pkg/build/oci/oci.go | 5 +++--
|
|
internal/pkg/build/sources/conveyorPacker_oci.go | 5 +++--
|
|
3 files changed, 7 insertions(+), 4 deletions(-)
|
|
diff --git a/CHANGELOG.md b/CHANGELOG.md
|
|
index edcddd3a3..d0c609053 100644
|
|
diff --git a/internal/pkg/build/oci/oci.go b/internal/pkg/build/oci/oci.go
|
|
index 68e6f5989..46665917a 100644
|
|
--- a/internal/pkg/build/oci/oci.go
|
|
+++ b/internal/pkg/build/oci/oci.go
|
|
@@ -125,8 +125,9 @@ func (t *ImageReference) newImageSource(ctx context.Context, sys *types.SystemCo
|
|
|
|
// First we are fetching into the cache
|
|
_, err = copy.Image(ctx, policyCtx, t.ImageReference, t.source, ©.Options{
|
|
- ReportWriter: w,
|
|
- SourceCtx: sys,
|
|
+ ReportWriter: w,
|
|
+ SourceCtx: sys,
|
|
+ RemoveSignatures: true,
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
diff --git a/internal/pkg/build/sources/conveyorPacker_oci.go b/internal/pkg/build/sources/conveyorPacker_oci.go
|
|
index f4107da63..14a545a53 100644
|
|
--- a/internal/pkg/build/sources/conveyorPacker_oci.go
|
|
+++ b/internal/pkg/build/sources/conveyorPacker_oci.go
|
|
@@ -301,8 +301,9 @@ func (cp *OCIConveyorPacker) Pack(ctx context.Context) (*sytypes.Bundle, error)
|
|
func (cp *OCIConveyorPacker) fetch(ctx context.Context) error {
|
|
// cp.srcRef contains the cache source reference
|
|
_, err := copy.Image(ctx, cp.policyCtx, cp.tmpfsRef, cp.srcRef, ©.Options{
|
|
- ReportWriter: io.Discard,
|
|
- SourceCtx: cp.sysCtx,
|
|
+ ReportWriter: io.Discard,
|
|
+ SourceCtx: cp.sysCtx,
|
|
+ RemoveSignatures: true,
|
|
})
|
|
return err
|
|
}
|