From 42be045d41eb759eaeaffdb1d8c3ccee50bf3570 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 18 Mar 2021 08:53:18 -0400 Subject: [PATCH 01/26] prepare for non-rawhide build Signed-off-by: Lokesh Mandvekar --- buildah.spec | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/buildah.spec b/buildah.spec index 461d17d..74c099b 100644 --- a/buildah.spec +++ b/buildah.spec @@ -24,8 +24,6 @@ # https://github.com/containers/buildah %global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global git0 https://%{import_path} -%global commit0 9eb048a8b3c02fd5e946a01d72a4facf6c1700bc -%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) @@ -39,7 +37,7 @@ Release: 0.19.dev.git%{shortcommit0}%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io -Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Source: %{download_url} BuildRequires: device-mapper-devel BuildRequires: golang BuildRequires: git @@ -102,7 +100,7 @@ Requires: openssl This package contains system tests for %{name} %prep -%autosetup -Sgit -n %{name}-%{commit0} +%autosetup -Sgit -n %{name}-%{built_tag_strip} sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile sed -i '/docs install/d' Makefile From 09e9460ddac732391852fb0508d76d234af1ce0b Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 29 Mar 2021 08:24:05 -0400 Subject: [PATCH 02/26] buildah-1.20.0-1 - bump to v1.20.0 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + buildah.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 0607064..9af1d49 100644 --- a/.gitignore +++ b/.gitignore @@ -598,3 +598,4 @@ /buildah-8f63761.tar.gz /buildah-885e9c1.tar.gz /buildah-9eb048a.tar.gz +/v1.20.0.tar.gz diff --git a/buildah.spec b/buildah.spec index 74c099b..c6f2abc 100644 --- a/buildah.spec +++ b/buildah.spec @@ -27,13 +27,13 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v1.19.4 +%define built_tag v1.20.0 %define built_tag_strip %(b=%{built_tag}; echo ${b:1}) -%define download_url https://%{import_path}/archive/%{built_tag}.tar.gz +%define download_url %{git0}/archive/%{built_tag}.tar.gz Name: %{repo} Version: 1.20.0 -Release: 0.19.dev.git%{shortcommit0}%{?dist} +Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io @@ -159,6 +159,9 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Mon Mar 29 2021 Lokesh Mandvekar - 1.20.0-1 +- bump to v1.20.0 + * Tue Feb 09 2021 RH Container Bot - 1.20.0-0.19.dev.git9eb048a - autobuilt 9eb048a diff --git a/sources b/sources index c97215f..3a08525 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (buildah-9eb048a.tar.gz) = 15318f699a3591d31db19e7254b28c69af459f8215a9f05dd065cee8dead68642e0837de78f11826278b293443bf15840c0730f1a0422835853aff0a04516848 +SHA512 (v1.20.0.tar.gz) = 6490fd44d6595afb486d2433258d5e17d8694d25118b6fb7ac38e8c63f9da84ce71dd56fe1c908ee1667647462260a236f3bf8b3558f1564af3cf18a3485d5e0 From c7f372c44b9ecaf93d022cf8eccb889c4739ee02 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 14 Apr 2021 13:26:39 +0000 Subject: [PATCH 03/26] buildah-1.20.1-1 autobuilt v1.20.1 Signed-off-by: RH Container Bot --- .gitignore | 1 + buildah.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9af1d49..870cee7 100644 --- a/.gitignore +++ b/.gitignore @@ -599,3 +599,4 @@ /buildah-885e9c1.tar.gz /buildah-9eb048a.tar.gz /v1.20.0.tar.gz +/v1.20.1.tar.gz diff --git a/buildah.spec b/buildah.spec index c6f2abc..6aae44f 100644 --- a/buildah.spec +++ b/buildah.spec @@ -27,12 +27,12 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v1.20.0 +%define built_tag v1.20.1 %define built_tag_strip %(b=%{built_tag}; echo ${b:1}) %define download_url %{git0}/archive/%{built_tag}.tar.gz Name: %{repo} -Version: 1.20.0 +Version: 1.20.1 Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 @@ -159,6 +159,9 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Wed Apr 14 2021 RH Container Bot - 1.20.1-1 +- autobuilt v1.20.1 + * Mon Mar 29 2021 Lokesh Mandvekar - 1.20.0-1 - bump to v1.20.0 diff --git a/sources b/sources index 3a08525..1c7a5c9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.20.0.tar.gz) = 6490fd44d6595afb486d2433258d5e17d8694d25118b6fb7ac38e8c63f9da84ce71dd56fe1c908ee1667647462260a236f3bf8b3558f1564af3cf18a3485d5e0 +SHA512 (v1.20.1.tar.gz) = 22495d9f0da1d6061ddb41e4cecfdb2108c152262798d6c959fc524870160f15ee486bcc37e262e571c64dc732e852f05e6c4b9331bbdef4150bd56997fefa83 From c840201159ff055f41a7168dd86250eacf44387d Mon Sep 17 00:00:00 2001 From: Ed Santiago Date: Thu, 15 Apr 2021 14:59:20 -0600 Subject: [PATCH 04/26] buildah-tests: require nmap-ncat Signed-off-by: Ed Santiago (cherry picked from commit 61b06adcc4197db513c2aa10bd6e9e62eada2108) Signed-off-by: Lokesh Mandvekar --- buildah.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/buildah.spec b/buildah.spec index 6aae44f..971a796 100644 --- a/buildah.spec +++ b/buildah.spec @@ -93,6 +93,7 @@ Requires: golang Requires: jq Requires: httpd-tools Requires: openssl +Requires: nmap-ncat %description tests %{summary} From 27a4cb66969b6789ba4a59774f0d1e57b8a711fc Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 16 Apr 2021 13:51:15 -0400 Subject: [PATCH 05/26] buildah-1.20.1-2 - rebuild for buildah-tests Signed-off-by: Lokesh Mandvekar --- buildah.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/buildah.spec b/buildah.spec index 971a796..81d7b98 100644 --- a/buildah.spec +++ b/buildah.spec @@ -33,7 +33,7 @@ Name: %{repo} Version: 1.20.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io @@ -160,6 +160,9 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Fri Apr 16 2021 Lokesh Mandvekar - 1.20.1-2 +- rebuild for buildah-tests + * Wed Apr 14 2021 RH Container Bot - 1.20.1-1 - autobuilt v1.20.1 From 0ba27bbd8499d558c2c96a872d15b2f64652c496 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 19 Apr 2021 20:38:10 -0400 Subject: [PATCH 06/26] buildah-1.20.1-3 - adjust deps and stay ahead of f33 Signed-off-by: Lokesh Mandvekar --- buildah.spec | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/buildah.spec b/buildah.spec index 81d7b98..f571ff2 100644 --- a/buildah.spec +++ b/buildah.spec @@ -33,7 +33,7 @@ Name: %{repo} Version: 1.20.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io @@ -47,30 +47,14 @@ BuildRequires: go-md2man BuildRequires: gpgme-devel BuildRequires: libassuan-devel BuildRequires: make -Requires: containers-common -Requires: oci-runtime >= 2 -# No ostree for centos 7 -%if 0%{?fedora} || 0%{?centos} >= 8 BuildRequires: ostree-devel -%endif -# No btrfs for centos 8 -%if 0%{?fedora} || 0%{?centos} <= 7 && ! 0%{?eln} -BuildRequires: btrfs-progs-devel -%endif -%if 0%{?fedora} BuildRequires: libseccomp-static +Requires: containers-common >= 4:1-11 Requires: libseccomp >= 2.4.1-0 -Recommends: crun >= 0.17.1-1 -Recommends: container-selinux -Recommends: slirp4netns >= 0.3-0 -Recommends: fuse-overlayfs Suggests: cpp -%else -BuildRequires: libseccomp-devel -Requires: crun >= 0.17.1-1 -Requires: libseccomp -Requires: container-selinux -Requires: slirp4netns >= 0.3-0 +# No btrfs for centos 8 +%if 0%{?fedora} +BuildRequires: btrfs-progs-devel %endif %description @@ -160,6 +144,9 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Tue Apr 20 2021 Lokesh Mandvekar - 1.20.1-3 +- adjust deps and stay ahead of f33 + * Fri Apr 16 2021 Lokesh Mandvekar - 1.20.1-2 - rebuild for buildah-tests From 78000a1c0dde037c07b493c343529d7614542d15 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 22 Apr 2021 08:40:23 -0400 Subject: [PATCH 07/26] buildah-1.20.1-4 - fix gating tests Signed-off-by: Lokesh Mandvekar --- buildah-gating.patch | 82 ++++++++++++++++++++++++++++++++++++++++++++ buildah.spec | 10 ++++-- 2 files changed, 89 insertions(+), 3 deletions(-) create mode 100644 buildah-gating.patch diff --git a/buildah-gating.patch b/buildah-gating.patch new file mode 100644 index 0000000..51bf393 --- /dev/null +++ b/buildah-gating.patch @@ -0,0 +1,82 @@ +From 4a74ca7d2ba9eac48156a78740f4d5d598dc80d8 Mon Sep 17 00:00:00 2001 +From: Ed Santiago +Date: Tue, 20 Apr 2021 15:55:25 -0600 +Subject: [PATCH] push to docker test: don't get fooled by podman + +Gating tests have failed (at least) twice already because +one of the push.bats tests runs "which docker" and skips +if it's missing. Sadly, some gating-test systems install +podman-docker (possibly when there's a bodhi that combines +podman and buildah). This causes the test to fail. + +Solution: confirm that if docker exists, it isn't podman +in disguise. Since we need to do a similar check in +the pull-from-docker-daemon test in pull.bats, refactor +that into a common skip_if_no_docker helper. + +Signed-off-by: Ed Santiago +--- + tests/helpers.bash | 14 ++++++++++++++ + tests/pull.bats | 9 +-------- + tests/push.bats | 5 +---- + 3 files changed, 16 insertions(+), 12 deletions(-) + +diff --git a/tests/helpers.bash b/tests/helpers.bash +index 5e90e7f6eb..4dc3a7dbda 100644 +--- a/tests/helpers.bash ++++ b/tests/helpers.bash +@@ -358,3 +358,17 @@ function skip_if_in_container() { + skip "This test is not working inside a container" + fi + } ++ ++####################### ++# skip_if_no_docker # ++####################### ++function skip_if_no_docker() { ++ which docker || skip "docker is not installed" ++ systemctl -q is-active docker || skip "docker.service is not active" ++ ++ # Confirm that this is really truly docker, not podman. ++ docker_version=$(docker --version) ++ if [[ $docker_version =~ podman ]]; then ++ skip "this test needs actual docker, not podman-docker" ++ fi ++} +diff --git a/tests/pull.bats b/tests/pull.bats +index edf447423c..aae38631c8 100644 +--- a/tests/pull.bats ++++ b/tests/pull.bats +@@ -92,15 +92,8 @@ load helpers + } + + @test "pull-from-docker-daemon" { +- run systemctl status docker +- if [[ ! "$output" =~ "active (running)" ]] +- then +- skip "Skip the test as docker services is not running" +- fi ++ skip_if_no_docker + +- run systemctl start docker +- echo "$output" +- [ "$status" -eq 0 ] + run docker pull alpine + echo "$output" + [ "$status" -eq 0 ] +diff --git a/tests/push.bats b/tests/push.bats +index 91ec4eb145..37966ea228 100644 +--- a/tests/push.bats ++++ b/tests/push.bats +@@ -140,10 +140,7 @@ load helpers + } + + @test "buildah push image to docker and docker registry" { +- run which docker +- if [[ $status -ne 0 ]]; then +- skip "docker is not installed" +- fi ++ skip_if_no_docker + + _prefetch busybox + run_buildah push --signature-policy ${TESTSDIR}/policy.json busybox docker-daemon:buildah/busybox:latest diff --git a/buildah.spec b/buildah.spec index f571ff2..e902814 100644 --- a/buildah.spec +++ b/buildah.spec @@ -33,11 +33,12 @@ Name: %{repo} Version: 1.20.1 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io -Source: %{download_url} +Source0: %{download_url} +Patch0: buildah-gating.patch BuildRequires: device-mapper-devel BuildRequires: golang BuildRequires: git @@ -49,7 +50,7 @@ BuildRequires: libassuan-devel BuildRequires: make BuildRequires: ostree-devel BuildRequires: libseccomp-static -Requires: containers-common >= 4:1-11 +Requires: containers-common >= 4:1-15 Requires: libseccomp >= 2.4.1-0 Suggests: cpp # No btrfs for centos 8 @@ -144,6 +145,9 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Thu Apr 22 2021 Lokesh Mandvekar - 1.20.1-4 +- fix gating tests + * Tue Apr 20 2021 Lokesh Mandvekar - 1.20.1-3 - adjust deps and stay ahead of f33 From 145458c57a3a922a6ce9e18a12ea273176cdfa99 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Fri, 21 May 2021 01:56:06 +0000 Subject: [PATCH 08/26] buildah-1.21.0-1 autobuilt v1.21.0 Signed-off-by: RH Container Bot --- .gitignore | 1 + buildah.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 870cee7..4e4ec93 100644 --- a/.gitignore +++ b/.gitignore @@ -600,3 +600,4 @@ /buildah-9eb048a.tar.gz /v1.20.0.tar.gz /v1.20.1.tar.gz +/v1.21.0.tar.gz diff --git a/buildah.spec b/buildah.spec index e902814..551eb31 100644 --- a/buildah.spec +++ b/buildah.spec @@ -27,13 +27,13 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v1.20.1 +%define built_tag v1.21.0 %define built_tag_strip %(b=%{built_tag}; echo ${b:1}) %define download_url %{git0}/archive/%{built_tag}.tar.gz Name: %{repo} -Version: 1.20.1 -Release: 4%{?dist} +Version: 1.21.0 +Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io @@ -145,6 +145,9 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Fri May 21 2021 RH Container Bot - 1.21.0-1 +- autobuilt v1.21.0 + * Thu Apr 22 2021 Lokesh Mandvekar - 1.20.1-4 - fix gating tests diff --git a/sources b/sources index 1c7a5c9..4d0fd22 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.20.1.tar.gz) = 22495d9f0da1d6061ddb41e4cecfdb2108c152262798d6c959fc524870160f15ee486bcc37e262e571c64dc732e852f05e6c4b9331bbdef4150bd56997fefa83 +SHA512 (v1.21.0.tar.gz) = 2ce6afceadec37f54f7f80562969cc382267dabc4fa5a89a09a211326e403376d209d89162333337af8602cb5c551eb446d3c9fac26f516fb8d354a7b5b77472 From d78823b26c38eec67fa8e47ce85d528c9ffc2e25 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 21 May 2021 09:21:56 -0400 Subject: [PATCH 09/26] remove patch merged upstream Signed-off-by: Lokesh Mandvekar --- buildah-gating.patch | 82 -------------------------------------------- buildah.spec | 1 - 2 files changed, 83 deletions(-) delete mode 100644 buildah-gating.patch diff --git a/buildah-gating.patch b/buildah-gating.patch deleted file mode 100644 index 51bf393..0000000 --- a/buildah-gating.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 4a74ca7d2ba9eac48156a78740f4d5d598dc80d8 Mon Sep 17 00:00:00 2001 -From: Ed Santiago -Date: Tue, 20 Apr 2021 15:55:25 -0600 -Subject: [PATCH] push to docker test: don't get fooled by podman - -Gating tests have failed (at least) twice already because -one of the push.bats tests runs "which docker" and skips -if it's missing. Sadly, some gating-test systems install -podman-docker (possibly when there's a bodhi that combines -podman and buildah). This causes the test to fail. - -Solution: confirm that if docker exists, it isn't podman -in disguise. Since we need to do a similar check in -the pull-from-docker-daemon test in pull.bats, refactor -that into a common skip_if_no_docker helper. - -Signed-off-by: Ed Santiago ---- - tests/helpers.bash | 14 ++++++++++++++ - tests/pull.bats | 9 +-------- - tests/push.bats | 5 +---- - 3 files changed, 16 insertions(+), 12 deletions(-) - -diff --git a/tests/helpers.bash b/tests/helpers.bash -index 5e90e7f6eb..4dc3a7dbda 100644 ---- a/tests/helpers.bash -+++ b/tests/helpers.bash -@@ -358,3 +358,17 @@ function skip_if_in_container() { - skip "This test is not working inside a container" - fi - } -+ -+####################### -+# skip_if_no_docker # -+####################### -+function skip_if_no_docker() { -+ which docker || skip "docker is not installed" -+ systemctl -q is-active docker || skip "docker.service is not active" -+ -+ # Confirm that this is really truly docker, not podman. -+ docker_version=$(docker --version) -+ if [[ $docker_version =~ podman ]]; then -+ skip "this test needs actual docker, not podman-docker" -+ fi -+} -diff --git a/tests/pull.bats b/tests/pull.bats -index edf447423c..aae38631c8 100644 ---- a/tests/pull.bats -+++ b/tests/pull.bats -@@ -92,15 +92,8 @@ load helpers - } - - @test "pull-from-docker-daemon" { -- run systemctl status docker -- if [[ ! "$output" =~ "active (running)" ]] -- then -- skip "Skip the test as docker services is not running" -- fi -+ skip_if_no_docker - -- run systemctl start docker -- echo "$output" -- [ "$status" -eq 0 ] - run docker pull alpine - echo "$output" - [ "$status" -eq 0 ] -diff --git a/tests/push.bats b/tests/push.bats -index 91ec4eb145..37966ea228 100644 ---- a/tests/push.bats -+++ b/tests/push.bats -@@ -140,10 +140,7 @@ load helpers - } - - @test "buildah push image to docker and docker registry" { -- run which docker -- if [[ $status -ne 0 ]]; then -- skip "docker is not installed" -- fi -+ skip_if_no_docker - - _prefetch busybox - run_buildah push --signature-policy ${TESTSDIR}/policy.json busybox docker-daemon:buildah/busybox:latest diff --git a/buildah.spec b/buildah.spec index 551eb31..75aa43d 100644 --- a/buildah.spec +++ b/buildah.spec @@ -38,7 +38,6 @@ Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io Source0: %{download_url} -Patch0: buildah-gating.patch BuildRequires: device-mapper-devel BuildRequires: golang BuildRequires: git From 3c3e5c5aae44ec8b272660d3d9c7dc7ab817c001 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 8 Jun 2021 19:09:55 +0000 Subject: [PATCH 10/26] buildah-1.21.1-1 autobuilt v1.21.1 Signed-off-by: RH Container Bot --- .gitignore | 1 + buildah.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4e4ec93..359671e 100644 --- a/.gitignore +++ b/.gitignore @@ -601,3 +601,4 @@ /v1.20.0.tar.gz /v1.20.1.tar.gz /v1.21.0.tar.gz +/v1.21.1.tar.gz diff --git a/buildah.spec b/buildah.spec index 75aa43d..ca8400f 100644 --- a/buildah.spec +++ b/buildah.spec @@ -27,12 +27,12 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v1.21.0 +%define built_tag v1.21.1 %define built_tag_strip %(b=%{built_tag}; echo ${b:1}) %define download_url %{git0}/archive/%{built_tag}.tar.gz Name: %{repo} -Version: 1.21.0 +Version: 1.21.1 Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 @@ -144,6 +144,9 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Tue Jun 08 2021 RH Container Bot - 1.21.1-1 +- autobuilt v1.21.1 + * Fri May 21 2021 RH Container Bot - 1.21.0-1 - autobuilt v1.21.0 diff --git a/sources b/sources index 4d0fd22..1b171bd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.21.0.tar.gz) = 2ce6afceadec37f54f7f80562969cc382267dabc4fa5a89a09a211326e403376d209d89162333337af8602cb5c551eb446d3c9fac26f516fb8d354a7b5b77472 +SHA512 (v1.21.1.tar.gz) = 8fb30ed0948f898aef9a32c34d4b2a2e04a376257a73184ec01b67c770be1c3c87e46987ad001ececf2235cb5e17f9d0ff9e9f34be61ddd0935859c4e5b37d1f From e5d48a5b37b66e371254c5921de4583f019854ab Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 30 Jun 2021 09:10:42 -0400 Subject: [PATCH 11/26] buildah-1.21.2-1 - bump to v1.21.2 Signed-off-by: Lokesh Mandvekar --- .gitignore | 2 ++ buildah.spec | 9 ++++++--- sources | 3 ++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 359671e..9b767c3 100644 --- a/.gitignore +++ b/.gitignore @@ -602,3 +602,5 @@ /v1.20.1.tar.gz /v1.21.0.tar.gz /v1.21.1.tar.gz +/buildah-8d08247.tar.gz +/v1.21.2.tar.gz diff --git a/buildah.spec b/buildah.spec index ca8400f..c6ad5bb 100644 --- a/buildah.spec +++ b/buildah.spec @@ -27,12 +27,12 @@ # Used for comparing with latest upstream tag # to decide whether to autobuild (non-rawhide only) -%define built_tag v1.21.1 +%define built_tag v1.21.2 %define built_tag_strip %(b=%{built_tag}; echo ${b:1}) %define download_url %{git0}/archive/%{built_tag}.tar.gz Name: %{repo} -Version: 1.21.1 +Version: 1.21.2 Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 @@ -49,7 +49,7 @@ BuildRequires: libassuan-devel BuildRequires: make BuildRequires: ostree-devel BuildRequires: libseccomp-static -Requires: containers-common >= 4:1-15 +Requires: containers-common >= 4:1-20 Requires: libseccomp >= 2.4.1-0 Suggests: cpp # No btrfs for centos 8 @@ -144,6 +144,9 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Wed Jun 30 2021 Lokesh Mandvekar - 1.21.2-1 +- bump to v1.21.2 + * Tue Jun 08 2021 RH Container Bot - 1.21.1-1 - autobuilt v1.21.1 diff --git a/sources b/sources index 1b171bd..934a123 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -SHA512 (v1.21.1.tar.gz) = 8fb30ed0948f898aef9a32c34d4b2a2e04a376257a73184ec01b67c770be1c3c87e46987ad001ececf2235cb5e17f9d0ff9e9f34be61ddd0935859c4e5b37d1f +SHA512 (buildah-8d08247.tar.gz) = bf6fe1596bd186d64024ac28c8407e07391e5fc46a00c8a6a69d6c5fc15897fad73d6f1d44fb105c01ad17ec200cba514fa5f1a501fc37c02297429608eeb50f +SHA512 (v1.21.2.tar.gz) = 09b468c4a809c66b8dfd34d3a8a283b3fbf31116fecac61461a043858a692a83642516c50def1328139d710233e99279a3653050e8bb58c363434fab129b4225 From 1adb2fbaff6c35d57ec301ebce133aec700bbe0e Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 16 Jul 2021 13:09:53 -0400 Subject: [PATCH 12/26] buildah-1.21.3-1 - Resolves: #1969264, #1982880 - Security fix for CVE-2021-3602 - bump to v1.21.3 Signed-off-by: Lokesh Mandvekar --- .gitignore | 2 ++ buildah.spec | 22 ++++++++++------------ sources | 3 +-- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index 9b767c3..898287b 100644 --- a/.gitignore +++ b/.gitignore @@ -604,3 +604,5 @@ /v1.21.1.tar.gz /buildah-8d08247.tar.gz /v1.21.2.tar.gz +/buildah-ec35bc4.tar.gz +/v1.21.3.tar.gz diff --git a/buildah.spec b/buildah.spec index c6ad5bb..463cbe7 100644 --- a/buildah.spec +++ b/buildah.spec @@ -25,19 +25,16 @@ %global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global git0 https://%{import_path} -# Used for comparing with latest upstream tag -# to decide whether to autobuild (non-rawhide only) -%define built_tag v1.21.2 -%define built_tag_strip %(b=%{built_tag}; echo ${b:1}) -%define download_url %{git0}/archive/%{built_tag}.tar.gz +%global built_tag v1.21.3 +%global built_tag_strip %(b=%{built_tag}; echo ${b:1}) Name: %{repo} -Version: 1.21.2 +Version: 1.21.3 Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io -Source0: %{download_url} +Source0: %{git0}/archive/%{built_tag}.tar.gz BuildRequires: device-mapper-devel BuildRequires: golang BuildRequires: git @@ -101,13 +98,10 @@ mv vendor src export GOPATH=$(pwd)/_build:$(pwd) export CGO_CFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -ffat-lto-objects -fexceptions -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" %ifarch x86_64 -export CGO_CFLAGS="$CGO_CFLAGS -m64 -mtune=generic" -%if 0%{?fedora} || 0%{?centos} >= 8 -export CGO_CFLAGS="$CGO_CFLAGS -fcf-protection" -%endif +export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" %endif # These extra flags present in %%{optflags} have been skipped for now as they break the build -#export CGO_CFLAGS="$CGO_CFLAGS -flto=auto -Wp,D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" +#export CGO_CFLAGS+=" -flto=auto -Wp,D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" export BUILDTAGS='seccomp selinux' %if 0%{?centos} >= 8 @@ -144,6 +138,10 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Fri Jul 16 2021 Lokesh Mandvekar - 1.21.3-1 +- Resolves: #1969264, #1982880 - Security fix for CVE-2021-3602 +- bump to v1.21.3 + * Wed Jun 30 2021 Lokesh Mandvekar - 1.21.2-1 - bump to v1.21.2 diff --git a/sources b/sources index 934a123..eabaff3 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (buildah-8d08247.tar.gz) = bf6fe1596bd186d64024ac28c8407e07391e5fc46a00c8a6a69d6c5fc15897fad73d6f1d44fb105c01ad17ec200cba514fa5f1a501fc37c02297429608eeb50f -SHA512 (v1.21.2.tar.gz) = 09b468c4a809c66b8dfd34d3a8a283b3fbf31116fecac61461a043858a692a83642516c50def1328139d710233e99279a3653050e8bb58c363434fab129b4225 +SHA512 (v1.21.3.tar.gz) = 36db54522e8564f467eb4f0b3c7c7cfe3bc8b285a47e139d35b3d7952184d78111640ae3b36eb1ddb92e1af68b16c9d4f056884c1bb25941606ec6cfe7347295 From c2dd6d28a67da0af10a607aa42877aa8962752b6 Mon Sep 17 00:00:00 2001 From: Ed Santiago Date: Mon, 19 Jul 2021 08:52:33 -0600 Subject: [PATCH 13/26] Try to deal with buildah copy-helper nightmare Signed-off-by: Ed Santiago --- buildah.spec | 9 ++++++++- tests/test_buildah.sh | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/buildah.spec b/buildah.spec index 463cbe7..38665d3 100644 --- a/buildah.spec +++ b/buildah.spec @@ -30,7 +30,7 @@ Name: %{repo} Version: 1.21.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io @@ -109,6 +109,7 @@ export BUILDTAGS+=' exclude_graphdriver_btrfs' %endif %gobuild -o bin/%{name} %{import_path}/cmd/%{name} %gobuild -o bin/imgtype %{import_path}/tests/imgtype +%gobuild -o bin/copy %{import_path}/tests/copy GOMD2MAN=go-md2man %{__make} -C docs %install @@ -119,6 +120,7 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} -C docs install install -d -p %{buildroot}/%{_datadir}/%{name}/test/system cp -pav tests/. %{buildroot}/%{_datadir}/%{name}/test/system cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype +cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy #define license tag if not already defined %{!?_licensedir:%global license %doc} @@ -135,9 +137,14 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %files tests %license LICENSE %{_bindir}/%{name}-imgtype +%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +======= +* Thu Jul 22 2021 Eduardo Santiago - 1.21.3-2 +- Try to deal with new buildah-copy-helper nightmare + * Fri Jul 16 2021 Lokesh Mandvekar - 1.21.3-1 - Resolves: #1969264, #1982880 - Security fix for CVE-2021-3602 - bump to v1.21.3 diff --git a/tests/test_buildah.sh b/tests/test_buildah.sh index 13ac761..948e84c 100755 --- a/tests/test_buildah.sh +++ b/tests/test_buildah.sh @@ -13,6 +13,7 @@ env | grep -v LS_COLORS= | sort | sed -e 's/^/ /' export BUILDAH_BINARY=/usr/bin/buildah export IMGTYPE_BINARY=/usr/bin/buildah-imgtype +export COPY_BINARY=/usr/bin/buildah-copy ############################################################################### # BEGIN setup/teardown From 0a80230b9b40092b87e323dea5424427881e1dad Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 22 Jul 2021 14:47:37 -0400 Subject: [PATCH 14/26] test commit - dont push Signed-off-by: Lokesh Mandvekar --- buildah.spec | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/buildah.spec b/buildah.spec index 38665d3..744952d 100644 --- a/buildah.spec +++ b/buildah.spec @@ -24,17 +24,21 @@ # https://github.com/containers/buildah %global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global git0 https://%{import_path} +# To build random commit +%global commit0 baba8de3ddad18bb6eb7abd6d17972c8403f8f25 %global built_tag v1.21.3 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) Name: %{repo} Version: 1.21.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io -Source0: %{git0}/archive/%{built_tag}.tar.gz +#Source0: %%{git0}/archive/%%{built_tag}.tar.gz +# To build random commit +Source0: %{git0}/archive/%{commit0}.tar.gz BuildRequires: device-mapper-devel BuildRequires: golang BuildRequires: git @@ -82,7 +86,8 @@ Requires: nmap-ncat This package contains system tests for %{name} %prep -%autosetup -Sgit -n %{name}-%{built_tag_strip} +#%%autosetup -Sgit -n %%{name}-%%{built_tag_strip} +%autosetup -Sgit -n %{name}-%{commit0} sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile sed -i '/docs install/d' Makefile @@ -141,7 +146,9 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog -======= +* Thu Jul 22 2021 Lokesh Mandvekar - 1.21.3-3 +- try fix for copy-release + * Thu Jul 22 2021 Eduardo Santiago - 1.21.3-2 - Try to deal with new buildah-copy-helper nightmare From 3061f54f730ca8a68b4d3a635d7fb6ec5dad645d Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 23 Jul 2021 09:15:15 -0400 Subject: [PATCH 15/26] buildah-1.21.4-1 - bump to v1.21.4 - fix gating test issues Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + buildah.spec | 18 +++++++++++------- sources | 2 +- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 898287b..924c185 100644 --- a/.gitignore +++ b/.gitignore @@ -606,3 +606,4 @@ /v1.21.2.tar.gz /buildah-ec35bc4.tar.gz /v1.21.3.tar.gz +/v1.21.4.tar.gz diff --git a/buildah.spec b/buildah.spec index 744952d..f83b3f6 100644 --- a/buildah.spec +++ b/buildah.spec @@ -25,20 +25,20 @@ %global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global git0 https://%{import_path} # To build random commit -%global commit0 baba8de3ddad18bb6eb7abd6d17972c8403f8f25 +#%%global commit0 baba8de3ddad18bb6eb7abd6d17972c8403f8f25 -%global built_tag v1.21.3 +%global built_tag v1.21.4 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) Name: %{repo} -Version: 1.21.3 +Version: 1.21.4 Release: 3%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io -#Source0: %%{git0}/archive/%%{built_tag}.tar.gz +Source0: %{git0}/archive/%{built_tag}.tar.gz # To build random commit -Source0: %{git0}/archive/%{commit0}.tar.gz +#Source0: %%{git0}/archive/%%{commit0}.tar.gz BuildRequires: device-mapper-devel BuildRequires: golang BuildRequires: git @@ -86,8 +86,8 @@ Requires: nmap-ncat This package contains system tests for %{name} %prep -#%%autosetup -Sgit -n %%{name}-%%{built_tag_strip} -%autosetup -Sgit -n %{name}-%{commit0} +%autosetup -Sgit -n %{name}-%{built_tag_strip} +#%%autosetup -Sgit -n %%{name}-%%{commit0} sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile sed -i '/docs install/d' Makefile @@ -146,6 +146,10 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +* Fri Jul 23 2021 Lokesh Mandvekar - 1.21.4-1 +- bump to v1.21.4 +- fix gating test issues + * Thu Jul 22 2021 Lokesh Mandvekar - 1.21.3-3 - try fix for copy-release diff --git a/sources b/sources index eabaff3..5d968f4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.21.3.tar.gz) = 36db54522e8564f467eb4f0b3c7c7cfe3bc8b285a47e139d35b3d7952184d78111640ae3b36eb1ddb92e1af68b16c9d4f056884c1bb25941606ec6cfe7347295 +SHA512 (v1.21.4.tar.gz) = 67d0f7211774a91230b22189670767d33c4eeb5115ebd31a7f6256497072542f517860442eaae454f784123a464ce336ca6101cbec684fb2b9432bb9ca693316 From 2682f88ab2948448e19829ac6d5b6d35ea4c4fc2 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 23 Jul 2021 09:39:10 -0400 Subject: [PATCH 16/26] buildah-1.21.4-4 - ensure consistent version-release and changelog Signed-off-by: Lokesh Mandvekar --- buildah.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/buildah.spec b/buildah.spec index f83b3f6..31e2ac3 100644 --- a/buildah.spec +++ b/buildah.spec @@ -32,7 +32,7 @@ Name: %{repo} Version: 1.21.4 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io @@ -146,6 +146,9 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +* Fri Jul 23 2021 Lokesh Mandvekar - 1.21.4-4 +- ensure consistent version-release and changelog + * Fri Jul 23 2021 Lokesh Mandvekar - 1.21.4-1 - bump to v1.21.4 - fix gating test issues From 2e2b4038b274c8f6de34605080829d711a1c30af Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 2 Aug 2021 14:56:11 -0400 Subject: [PATCH 17/26] buildah-1.21.4-5 - Resolves: #1983596, #1987738 - Security fix for CVE-2021-34558 Signed-off-by: Lokesh Mandvekar --- buildah.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/buildah.spec b/buildah.spec index 31e2ac3..9c845db 100644 --- a/buildah.spec +++ b/buildah.spec @@ -32,7 +32,7 @@ Name: %{repo} Version: 1.21.4 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io @@ -40,7 +40,8 @@ Source0: %{git0}/archive/%{built_tag}.tar.gz # To build random commit #Source0: %%{git0}/archive/%%{commit0}.tar.gz BuildRequires: device-mapper-devel -BuildRequires: golang +BuildRequires: golang >= 1.16.6 +BuildRequires: go-rpm-macros BuildRequires: git BuildRequires: glib2-devel BuildRequires: glibc-static @@ -146,6 +147,9 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +* Mon Aug 02 2021 Lokesh Mandvekar - 1.21.4-5 +- Resolves: #1983596, #1987738 - Security fix for CVE-2021-34558 + * Fri Jul 23 2021 Lokesh Mandvekar - 1.21.4-4 - ensure consistent version-release and changelog From 6f71fa71231da94500f71915ccea2a1a6caf2c05 Mon Sep 17 00:00:00 2001 From: Ed Santiago Date: Tue, 3 Aug 2021 12:04:42 -0600 Subject: [PATCH 18/26] Gating tests: fetch registry image from quay ...to avoid throttling on docker.io Signed-off-by: Ed Santiago --- tests/test_buildah.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_buildah.sh b/tests/test_buildah.sh index 948e84c..663319d 100755 --- a/tests/test_buildah.sh +++ b/tests/test_buildah.sh @@ -20,7 +20,7 @@ export COPY_BINARY=/usr/bin/buildah-copy # Start a registry pre_bats_setup() { - REGISTRY_FQIN=docker.io/library/registry:2 + REGISTRY_FQIN=quay.io/libpod/registry:2 AUTHDIR=/tmp/buildah-tests-auth.$$ mkdir -p $AUTHDIR From 54d6fda5d89a429d638f15dff70dd279b788af94 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 3 Aug 2021 20:00:03 +0000 Subject: [PATCH 19/26] buildah-1.22.0-1 autobuilt v1.22.0 Signed-off-by: RH Container Bot --- .gitignore | 1 + buildah.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 924c185..691676e 100644 --- a/.gitignore +++ b/.gitignore @@ -607,3 +607,4 @@ /buildah-ec35bc4.tar.gz /v1.21.3.tar.gz /v1.21.4.tar.gz +/v1.22.0.tar.gz diff --git a/buildah.spec b/buildah.spec index 9c845db..6f5c294 100644 --- a/buildah.spec +++ b/buildah.spec @@ -27,12 +27,12 @@ # To build random commit #%%global commit0 baba8de3ddad18bb6eb7abd6d17972c8403f8f25 -%global built_tag v1.21.4 +%global built_tag v1.22.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) Name: %{repo} -Version: 1.21.4 -Release: 5%{?dist} +Version: 1.22.0 +Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io @@ -147,6 +147,9 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +* Tue Aug 03 2021 RH Container Bot - 1.22.0-1 +- autobuilt v1.22.0 + * Mon Aug 02 2021 Lokesh Mandvekar - 1.21.4-5 - Resolves: #1983596, #1987738 - Security fix for CVE-2021-34558 diff --git a/sources b/sources index 5d968f4..26e82f0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.21.4.tar.gz) = 67d0f7211774a91230b22189670767d33c4eeb5115ebd31a7f6256497072542f517860442eaae454f784123a464ce336ca6101cbec684fb2b9432bb9ca693316 +SHA512 (v1.22.0.tar.gz) = 372ba3740f22af82aac07d51b48737168061a25d7d5ab1db63a381833211dd967aefb36f80cc97a4770a04d8b95a7fe9d3a892c091a82f85579e993b403b270b From 7297554c12739ca6096edafb5906ac847cf967e7 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 5 Aug 2021 14:57:47 -0400 Subject: [PATCH 20/26] buildah-1.22.0-2 - Resolves: #1974086 - correct build date in buildah version Signed-off-by: Lokesh Mandvekar --- buildah.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/buildah.spec b/buildah.spec index 6f5c294..cbc3252 100644 --- a/buildah.spec +++ b/buildah.spec @@ -32,7 +32,7 @@ Name: %{repo} Version: 1.22.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io @@ -109,6 +109,9 @@ export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" # These extra flags present in %%{optflags} have been skipped for now as they break the build #export CGO_CFLAGS+=" -flto=auto -Wp,D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1" +export CNI_VERSION=`grep '^# github.com/containernetworking/cni ' src/modules.txt | sed 's,.* ,,'` +export LDFLAGS="-X main.buildInfo=`date +%s` -X main.cniVersion=${CNI_VERSION}" + export BUILDTAGS='seccomp selinux' %if 0%{?centos} >= 8 export BUILDTAGS+=' exclude_graphdriver_btrfs' @@ -147,6 +150,9 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +* Thu Aug 05 2021 Lokesh Mandvekar - 1.22.0-2 +- Resolves: #1974086 - correct build date in buildah version + * Tue Aug 03 2021 RH Container Bot - 1.22.0-1 - autobuilt v1.22.0 From fc512a493469504b547fd545f864aa913ab5a995 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Thu, 5 Aug 2021 19:04:30 +0000 Subject: [PATCH 21/26] buildah-1.22.0-1 autobuilt v1.22.0 Signed-off-by: RH Container Bot --- buildah.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/buildah.spec b/buildah.spec index cbc3252..10d5014 100644 --- a/buildah.spec +++ b/buildah.spec @@ -32,7 +32,7 @@ Name: %{repo} Version: 1.22.0 -Release: 2%{?dist} +Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io @@ -150,6 +150,9 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +* Thu Aug 05 2021 RH Container Bot - 1.22.0-1 +- autobuilt v1.22.0 + * Thu Aug 05 2021 Lokesh Mandvekar - 1.22.0-2 - Resolves: #1974086 - correct build date in buildah version From fed22e2fe4478e8b2c3909419cab44b84cdb6b14 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Wed, 25 Aug 2021 15:32:33 +0000 Subject: [PATCH 22/26] buildah-1.22.3-1 autobuilt v1.22.3 Signed-off-by: RH Container Bot --- .gitignore | 1 + buildah.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 691676e..5c67749 100644 --- a/.gitignore +++ b/.gitignore @@ -608,3 +608,4 @@ /v1.21.3.tar.gz /v1.21.4.tar.gz /v1.22.0.tar.gz +/v1.22.3.tar.gz diff --git a/buildah.spec b/buildah.spec index 10d5014..ac4d7f7 100644 --- a/buildah.spec +++ b/buildah.spec @@ -27,11 +27,11 @@ # To build random commit #%%global commit0 baba8de3ddad18bb6eb7abd6d17972c8403f8f25 -%global built_tag v1.22.0 +%global built_tag v1.22.3 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) Name: %{repo} -Version: 1.22.0 +Version: 1.22.3 Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 @@ -150,6 +150,9 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +* Wed Aug 25 2021 RH Container Bot - 1.22.3-1 +- autobuilt v1.22.3 + * Thu Aug 05 2021 RH Container Bot - 1.22.0-1 - autobuilt v1.22.0 diff --git a/sources b/sources index 26e82f0..4343216 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.22.0.tar.gz) = 372ba3740f22af82aac07d51b48737168061a25d7d5ab1db63a381833211dd967aefb36f80cc97a4770a04d8b95a7fe9d3a892c091a82f85579e993b403b270b +SHA512 (v1.22.3.tar.gz) = 373901e12c06e5fa5d2d7bf135314d29be658e8a1f449561de582dce835ecf26fc50b964374c6eeafdd7f10936049b2cde63081268f7dcda1dc1d8d540f51faa From 7dd64423063de5e8569218037d969f8bb6c08058 Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 14 Sep 2021 14:19:31 +0000 Subject: [PATCH 23/26] buildah-1.23.0-1 autobuilt v1.23.0 Signed-off-by: RH Container Bot (cherry picked from commit 5671e64d81bdad5d74c3c53196c5fd178e9cce6d) Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + buildah.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 5c67749..b8d044e 100644 --- a/.gitignore +++ b/.gitignore @@ -609,3 +609,4 @@ /v1.21.4.tar.gz /v1.22.0.tar.gz /v1.22.3.tar.gz +/v1.23.0.tar.gz diff --git a/buildah.spec b/buildah.spec index ac4d7f7..6924f17 100644 --- a/buildah.spec +++ b/buildah.spec @@ -27,11 +27,11 @@ # To build random commit #%%global commit0 baba8de3ddad18bb6eb7abd6d17972c8403f8f25 -%global built_tag v1.22.3 +%global built_tag v1.23.0 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) Name: %{repo} -Version: 1.22.3 +Version: 1.23.0 Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 @@ -150,6 +150,9 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +* Tue Sep 14 2021 RH Container Bot - 1.23.0-1 +- autobuilt v1.23.0 + * Wed Aug 25 2021 RH Container Bot - 1.22.3-1 - autobuilt v1.22.3 diff --git a/sources b/sources index 4343216..53023ee 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.22.3.tar.gz) = 373901e12c06e5fa5d2d7bf135314d29be658e8a1f449561de582dce835ecf26fc50b964374c6eeafdd7f10936049b2cde63081268f7dcda1dc1d8d540f51faa +SHA512 (v1.23.0.tar.gz) = 587b9d0a735124afd1f21985ae9d657d513b383bb8b7a5f4ea8911ebaf915c0bdb2bca4359cc9caf4e50cf64550f8f6ee596a0aa10acf6b59370b68b41b809f1 From 98ab9e2d7627165fdad768408a6e3ae0eda2fb2b Mon Sep 17 00:00:00 2001 From: RH Container Bot Date: Tue, 28 Sep 2021 18:08:48 +0000 Subject: [PATCH 24/26] buildah-1.23.1-1 autobuilt v1.23.1 Signed-off-by: RH Container Bot (cherry picked from commit 9c006763e0ed53370c8642fe2a8550a333d92088) --- .gitignore | 1 + buildah.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b8d044e..119df11 100644 --- a/.gitignore +++ b/.gitignore @@ -610,3 +610,4 @@ /v1.22.0.tar.gz /v1.22.3.tar.gz /v1.23.0.tar.gz +/v1.23.1.tar.gz diff --git a/buildah.spec b/buildah.spec index 6924f17..f25bcc1 100644 --- a/buildah.spec +++ b/buildah.spec @@ -27,11 +27,11 @@ # To build random commit #%%global commit0 baba8de3ddad18bb6eb7abd6d17972c8403f8f25 -%global built_tag v1.23.0 +%global built_tag v1.23.1 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) Name: %{repo} -Version: 1.23.0 +Version: 1.23.1 Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 @@ -150,6 +150,9 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +* Tue Sep 28 2021 RH Container Bot - 1.23.1-1 +- autobuilt v1.23.1 + * Tue Sep 14 2021 RH Container Bot - 1.23.0-1 - autobuilt v1.23.0 diff --git a/sources b/sources index 53023ee..8bfe3f8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.23.0.tar.gz) = 587b9d0a735124afd1f21985ae9d657d513b383bb8b7a5f4ea8911ebaf915c0bdb2bca4359cc9caf4e50cf64550f8f6ee596a0aa10acf6b59370b68b41b809f1 +SHA512 (v1.23.1.tar.gz) = 2ceb6df5adb671483557bb03937df583857d99c116be5d44aae533c155f560d5d454bebf25908ac02bb85e4c2ba31533adb99f0946ecc4f4830977c14f324b6f From 6c8ee02906cb6dffe6d47c5f6e6f0378dccaed75 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 30 Mar 2022 14:58:56 -0400 Subject: [PATCH 25/26] add CVE-2022-27651 patches Signed-off-by: Lokesh Mandvekar (cherry picked from commit 5d8aabe3fe5458681b1fbf87e784d6027f53fb20) Signed-off-by: Lokesh Mandvekar --- CVE-2022-27651-1.patch | 58 ++++++++++++++++++++++++++++++++++++++++++ CVE-2022-27651-2.patch | 54 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100644 CVE-2022-27651-1.patch create mode 100644 CVE-2022-27651-2.patch diff --git a/CVE-2022-27651-1.patch b/CVE-2022-27651-1.patch new file mode 100644 index 0000000..ee07d9d --- /dev/null +++ b/CVE-2022-27651-1.patch @@ -0,0 +1,58 @@ +From d16cb975d83acb5a30d3a4c3e2ef78b8070c6a7b Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Mon, 28 Feb 2022 10:38:48 +0100 +Subject: [PATCH 1/2] do not set the inheritable capabilities + +The kernel never sets the inheritable capabilities for a process, they +are only set by userspace. Emulate the same behavior. + +Closes: CVE-2022-27651 + +Signed-off-by: Giuseppe Scrivano +(cherry picked from commit e7e55c988c05dd74005184ceb64f097a0cfe645b) +Signed-off-by: Lokesh Mandvekar +--- + chroot/run.go | 2 +- + run_linux.go | 6 ------ + 2 files changed, 1 insertion(+), 7 deletions(-) + +diff --git a/chroot/run.go b/chroot/run.go +index e6f28e81..5634240a 100644 +--- a/chroot/run.go ++++ b/chroot/run.go +@@ -894,7 +894,7 @@ func setCapabilities(spec *specs.Spec, keepCaps ...string) error { + capMap := map[capability.CapType][]string{ + capability.BOUNDING: spec.Process.Capabilities.Bounding, + capability.EFFECTIVE: spec.Process.Capabilities.Effective, +- capability.INHERITABLE: spec.Process.Capabilities.Inheritable, ++ capability.INHERITABLE: []string{}, + capability.PERMITTED: spec.Process.Capabilities.Permitted, + capability.AMBIENT: spec.Process.Capabilities.Ambient, + } +diff --git a/run_linux.go b/run_linux.go +index 113c83ef..5905d888 100644 +--- a/run_linux.go ++++ b/run_linux.go +@@ -1935,9 +1935,6 @@ func setupCapAdd(g *generate.Generator, caps ...string) error { + if err := g.AddProcessCapabilityEffective(cap); err != nil { + return errors.Wrapf(err, "error adding %q to the effective capability set", cap) + } +- if err := g.AddProcessCapabilityInheritable(cap); err != nil { +- return errors.Wrapf(err, "error adding %q to the inheritable capability set", cap) +- } + if err := g.AddProcessCapabilityPermitted(cap); err != nil { + return errors.Wrapf(err, "error adding %q to the permitted capability set", cap) + } +@@ -1956,9 +1953,6 @@ func setupCapDrop(g *generate.Generator, caps ...string) error { + if err := g.DropProcessCapabilityEffective(cap); err != nil { + return errors.Wrapf(err, "error removing %q from the effective capability set", cap) + } +- if err := g.DropProcessCapabilityInheritable(cap); err != nil { +- return errors.Wrapf(err, "error removing %q from the inheritable capability set", cap) +- } + if err := g.DropProcessCapabilityPermitted(cap); err != nil { + return errors.Wrapf(err, "error removing %q from the permitted capability set", cap) + } +-- +2.35.1 + diff --git a/CVE-2022-27651-2.patch b/CVE-2022-27651-2.patch new file mode 100644 index 0000000..9de16d6 --- /dev/null +++ b/CVE-2022-27651-2.patch @@ -0,0 +1,54 @@ +From d190df39916fcb559798d0fc0ade6307ebe5f4cd Mon Sep 17 00:00:00 2001 +From: Nalin Dahyabhai +Date: Thu, 24 Mar 2022 16:32:47 -0400 +Subject: [PATCH 2/2] Add a test for CVE-2022-27651 + +Check that the inheritable capabilities are set to 0, even when we +explicitly try to add capabilities. + +Signed-off-by: Nalin Dahyabhai +(cherry picked from commit 90b3254c7404039c1c786999ac189654228f6e0e) +Signed-off-by: Lokesh Mandvekar +--- + tests/run.bats | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +diff --git a/tests/run.bats b/tests/run.bats +index 6044d673..c974018c 100644 +--- a/tests/run.bats ++++ b/tests/run.bats +@@ -687,3 +687,31 @@ _EOF + uncolored="$output" + [ "$colored" != "$uncolored" ] + } ++ ++@test "rootless on cgroupv2 and systemd runs under user.slice" { ++ skip_if_no_runtime ++ skip_if_cgroupsv1 ++ skip_if_in_container ++ if test "$DBUS_SESSION_BUS_ADDRESS" = ""; then ++ skip "${1:-test does not work when \$BUILDAH_ISOLATION = chroot}" ++ fi ++ _prefetch alpine ++ ++ run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine ++ cid=$output ++ run_buildah run --cgroupns=host $cid cat /proc/self/cgroup ++ expect_output --substring "/user.slice/" ++} ++ ++@test "run-inheritable-capabilities" { ++ skip_if_no_runtime ++ ++ _prefetch alpine ++ ++ run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine ++ cid=$output ++ run_buildah run $cid grep ^CapInh: /proc/self/status ++ expect_output "CapInh: 0000000000000000" ++ run_buildah run --cap-add=ALL $cid grep ^CapInh: /proc/self/status ++ expect_output "CapInh: 0000000000000000" ++} +-- +2.35.1 + From b39bb1f3581eae35cd747e61ffa8975bf224c98b Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 30 Mar 2022 17:02:04 -0400 Subject: [PATCH 26/26] Resolves: #2066840,#2070114 - Security fix for CVE-2022-27651 Signed-off-by: Lokesh Mandvekar --- .gitignore | 1 + buildah.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 119df11..b6a8154 100644 --- a/.gitignore +++ b/.gitignore @@ -611,3 +611,4 @@ /v1.22.3.tar.gz /v1.23.0.tar.gz /v1.23.1.tar.gz +/v1.23.3.tar.gz diff --git a/buildah.spec b/buildah.spec index f25bcc1..16ec325 100644 --- a/buildah.spec +++ b/buildah.spec @@ -27,16 +27,18 @@ # To build random commit #%%global commit0 baba8de3ddad18bb6eb7abd6d17972c8403f8f25 -%global built_tag v1.23.1 +%global built_tag v1.23.3 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) Name: %{repo} -Version: 1.23.1 +Version: 1.23.3 Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io Source0: %{git0}/archive/%{built_tag}.tar.gz +Patch0: CVE-2022-27651-1.patch +Patch1: CVE-2022-27651-2.patch # To build random commit #Source0: %%{git0}/archive/%%{commit0}.tar.gz BuildRequires: device-mapper-devel @@ -150,6 +152,9 @@ cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy %{_datadir}/%{name}/test %changelog +* Wed Mar 30 2022 Lokesh Mandvekar - 1.23.3-1 +- Resolves: #2066840,#2070114 - Security fix for CVE-2022-27651 + * Tue Sep 28 2021 RH Container Bot - 1.23.1-1 - autobuilt v1.23.1 diff --git a/sources b/sources index 8bfe3f8..feed550 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.23.1.tar.gz) = 2ceb6df5adb671483557bb03937df583857d99c116be5d44aae533c155f560d5d454bebf25908ac02bb85e4c2ba31533adb99f0946ecc4f4830977c14f324b6f +SHA512 (v1.23.3.tar.gz) = c3f42d580bafd5a359709d65ae41376ab83e4fa59fcfb4e2522e13f8ae343997512aece0691326b689250a13498c91f3d9a5043a761608c2f2ea6d9a77568399