rpms/osbuild-composer
8
0
Fork 2
Code Issues Pull Requests Releases Activity

import CS osbuild-composer-149-1.el9

Browse Source
This commit is contained in:
eabdullin 2025-11-13 20:01:59 +00:00
parent 84943b6ba8
commit a47f7ffb1b
6 changed files with 51 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/osbuild-composer-132.2.tar.gz SOURCES/osbuild-composer-149.tar.gz

2
.osbuild-composer.metadata
View File

@ -1 +1 @@
7d3fc3e6143f79531868e9d96f27b4afbd61950b SOURCES/osbuild-composer-132.2.tar.gz ea59dc56a63899e6efb74dbc8b82ffa25012fbe3 SOURCES/osbuild-composer-149.tar.gz

40
SOURCES/fix-unclosed-logrus-logging-pipes.patch
View File

@ -1,40 +0,0 @@
From 0f97a1c1668827086dfa335c9fb427cbb28782b2 Mon Sep 17 00:00:00 2001
From: Lukas Zapletal <lzap+git@redhat.com>
Date: Thu, 11 Sep 2025 08:03:21 +0200
Subject: [PATCH] common: fix unclosed logrus logging pipes
This is a backport of 1cde7e3. The original patch was not separated into
individual commits unfortunately, there fore only the relevant line is
being brought in. The original analysis:
It looks like both CloudAPI and WeldrAPI consume memory, process can go
up to several gigabytes pretty quickly just by running a simple script.
while sleep 0.001; do
curl --unix-socket /run/weldr/api.socket -XGET http://localhost/api/
curl --unix-socket /run/cloudapi/api.socket -XGET http://localhost/api/
done
There is a logrus logger method called Write and WriteLevel which create
a new logging entry, create a PIPE and spawn a goroutine that is reading
from that PIPE. The caller is expected to close the PIPE writer which
was not done.
---
internal/common/echo_logrus.go | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/internal/common/echo_logrus.go b/internal/common/echo_logrus.go
index 198ce17310..600cce2d74 100644
--- a/internal/common/echo_logrus.go
+++ b/internal/common/echo_logrus.go
@@ -178,5 +178,9 @@ func (l *EchoLogrusLogger) Panicj(j lslog.JSON) {
}
func (l *EchoLogrusLogger) Write(p []byte) (n int, err error) {
- return l.Logger.WithContext(l.Ctx).Writer().Write(p)
+ // Writer() from logrus returns PIPE that needs to be closed
+ w := l.Logger.WithContext(l.Ctx).Writer()
+ defer w.Close()
+
+ return w.Write(p)
}

54
SOURCES/json-tailoring-conversion.patch
View File

@ -1,54 +0,0 @@
From 62822b56ae637ce512be4ace2ee062cabddcfa09 Mon Sep 17 00:00:00 2001
From: Gianluca Zuccarelli <gianlucazuccarelli@gmail.com>
Date: Mon, 8 Sep 2025 14:11:50 +0100
Subject: [PATCH] internal/blueprint: add JSON tailoring to bp conversion
The blueprint convert function was missing the json tailoring case. This meant that
if the json tailoring customization was provided in the blueprint, the customization
would get ignored and the tailoring profile would not be applied to the image.
---
internal/blueprint/blueprint.go | 4 ++++
internal/blueprint/blueprint_convert_test.go | 8 ++++++++
2 files changed, 12 insertions(+)
diff --git a/internal/blueprint/blueprint.go b/internal/blueprint/blueprint.go
index 63f8aa5b71..c01a2c6a48 100644
--- a/internal/blueprint/blueprint.go
+++ b/internal/blueprint/blueprint.go
@@ -253,6 +253,10 @@ func Convert(bp Blueprint) iblueprint.Blueprint {
itailoring := iblueprint.OpenSCAPTailoringCustomizations(*tailoring)
ioscap.Tailoring = &itailoring
}
+ if jsonTailoring := oscap.JSONTailoring; jsonTailoring != nil {
+ ijsonTailoring := iblueprint.OpenSCAPJSONTailoringCustomizations(*jsonTailoring)
+ ioscap.JSONTailoring = &ijsonTailoring
+ }
customizations.OpenSCAP = &ioscap
}
if ign := c.Ignition; ign != nil {
diff --git a/internal/blueprint/blueprint_convert_test.go b/internal/blueprint/blueprint_convert_test.go
index 520e18271d..2c652f0658 100644
--- a/internal/blueprint/blueprint_convert_test.go
+++ b/internal/blueprint/blueprint_convert_test.go
@@ -233,6 +233,10 @@ func TestConvert(t *testing.T) {
Selected: []string{"cloth"},
Unselected: []string{"leather"},
},
+ JSONTailoring: &OpenSCAPJSONTailoringCustomizations{
+ ProfileID: "tailored_profile",
+ Filepath: "path-to-json-file",
+ },
},
Ignition: &IgnitionCustomization{
Embedded: &EmbeddedIgnitionCustomization{
@@ -532,6 +536,10 @@ func TestConvert(t *testing.T) {
Selected: []string{"cloth"},
Unselected: []string{"leather"},
},
+ JSONTailoring: &iblueprint.OpenSCAPJSONTailoringCustomizations{
+ ProfileID: "tailored_profile",
+ Filepath: "path-to-json-file",
+ },
},
Ignition: &iblueprint.IgnitionCustomization{
Embedded: &iblueprint.EmbeddedIgnitionCustomization{

179
SOURCES/update-go-jose-dependency.patch
View File

@ -1,179 +0,0 @@
From 8e6381e3cfdebe5107949173a0994e7b8557a718 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Budai?= <ondrej@budai.cz>
Date: Tue, 26 Aug 2025 13:41:10 +0200
Subject: [PATCH 1/2] go.mod: update go-jose v4.0.5 to fix CVE-2025-27144
---
go.mod | 2 +-
go.sum | 4 ++--
vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md | 6 ------
vendor/github.com/go-jose/go-jose/v4/README.md | 10 +---------
vendor/github.com/go-jose/go-jose/v4/jwe.go | 5 +++--
vendor/github.com/go-jose/go-jose/v4/jwk.go | 4 ++--
vendor/github.com/go-jose/go-jose/v4/jws.go | 5 +++--
vendor/modules.txt | 2 +-
8 files changed, 13 insertions(+), 25 deletions(-)
diff --git a/go.mod b/go.mod
index 43cd13d2ae..b26e5dcbd4 100644
--- a/go.mod
+++ b/go.mod
@@ -133,7 +133,7 @@ require (
github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
- github.com/go-jose/go-jose/v4 v4.0.4 // indirect
+ github.com/go-jose/go-jose/v4 v4.0.5 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/analysis v0.23.0 // indirect
diff --git a/go.sum b/go.sum
index 16526b8d12..0445be92d9 100644
--- a/go.sum
+++ b/go.sum
@@ -252,8 +252,8 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME
github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
-github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
-github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
+github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
+github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
diff --git a/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md b/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md
index b63e1f8fee..4b4805add6 100644
--- a/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md
+++ b/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md
@@ -7,9 +7,3 @@ When submitting code, please make every effort to follow existing conventions
and style in order to keep the code as readable as possible. Please also make
sure all tests pass by running `go test`, and format your code with `go fmt`.
We also recommend using `golint` and `errcheck`.
-
-Before your code can be accepted into the project you must also sign the
-Individual Contributor License Agreement. We use [cla-assistant.io][1] and you
-will be prompted to sign once a pull request is opened.
-
-[1]: https://cla-assistant.io/
diff --git a/vendor/github.com/go-jose/go-jose/v4/README.md b/vendor/github.com/go-jose/go-jose/v4/README.md
index 79a7c5ecc8..02b5749546 100644
--- a/vendor/github.com/go-jose/go-jose/v4/README.md
+++ b/vendor/github.com/go-jose/go-jose/v4/README.md
@@ -9,14 +9,6 @@ Package jose aims to provide an implementation of the Javascript Object Signing
and Encryption set of standards. This includes support for JSON Web Encryption,
JSON Web Signature, and JSON Web Token standards.
-**Disclaimer**: This library contains encryption software that is subject to
-the U.S. Export Administration Regulations. You may not export, re-export,
-transfer or download this code or any part of it in violation of any United
-States law, directive or regulation. In particular this software may not be
-exported or re-exported in any form or on any media to Iran, North Sudan,
-Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any
-US maintained blocked list.
-
## Overview
The implementation follows the
@@ -109,6 +101,6 @@ allows attaching a key id.
Examples can be found in the Godoc
reference for this package. The
-[`jose-util`](https://github.com/go-jose/go-jose/tree/v4/jose-util)
+[`jose-util`](https://github.com/go-jose/go-jose/tree/main/jose-util)
subdirectory also contains a small command-line utility which might be useful
as an example as well.
diff --git a/vendor/github.com/go-jose/go-jose/v4/jwe.go b/vendor/github.com/go-jose/go-jose/v4/jwe.go
index 89f03ee3e1..9f1322dccc 100644
--- a/vendor/github.com/go-jose/go-jose/v4/jwe.go
+++ b/vendor/github.com/go-jose/go-jose/v4/jwe.go
@@ -288,10 +288,11 @@ func ParseEncryptedCompact(
keyAlgorithms []KeyAlgorithm,
contentEncryption []ContentEncryption,
) (*JSONWebEncryption, error) {
- parts := strings.Split(input, ".")
- if len(parts) != 5 {
+ // Five parts is four separators
+ if strings.Count(input, ".") != 4 {
return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
}
+ parts := strings.SplitN(input, ".", 5)
rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
if err != nil {
diff --git a/vendor/github.com/go-jose/go-jose/v4/jwk.go b/vendor/github.com/go-jose/go-jose/v4/jwk.go
index 8a52842106..9e57e93ba2 100644
--- a/vendor/github.com/go-jose/go-jose/v4/jwk.go
+++ b/vendor/github.com/go-jose/go-jose/v4/jwk.go
@@ -239,10 +239,10 @@ func (k *JSONWebKey) UnmarshalJSON(data []byte) (err error) {
keyPub = key
}
} else {
- err = fmt.Errorf("go-jose/go-jose: unknown curve %s'", raw.Crv)
+ return fmt.Errorf("go-jose/go-jose: unknown curve %s'", raw.Crv)
}
default:
- err = fmt.Errorf("go-jose/go-jose: unknown json web key type '%s'", raw.Kty)
+ return fmt.Errorf("go-jose/go-jose: unknown json web key type '%s'", raw.Kty)
}
if err != nil {
diff --git a/vendor/github.com/go-jose/go-jose/v4/jws.go b/vendor/github.com/go-jose/go-jose/v4/jws.go
index 3a912301af..d09d8ba507 100644
--- a/vendor/github.com/go-jose/go-jose/v4/jws.go
+++ b/vendor/github.com/go-jose/go-jose/v4/jws.go
@@ -327,10 +327,11 @@ func parseSignedCompact(
payload []byte,
signatureAlgorithms []SignatureAlgorithm,
) (*JSONWebSignature, error) {
- parts := strings.Split(input, ".")
- if len(parts) != 3 {
+ // Three parts is two separators
+ if strings.Count(input, ".") != 2 {
return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
}
+ parts := strings.SplitN(input, ".", 3)
if parts[1] != "" && payload != nil {
return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 06781a551d..0b64b482ea 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -690,7 +690,7 @@ github.com/getsentry/sentry-go/logrus
# github.com/ghodss/yaml v1.0.0
## explicit
github.com/ghodss/yaml
-# github.com/go-jose/go-jose/v4 v4.0.4
+# github.com/go-jose/go-jose/v4 v4.0.5
## explicit; go 1.21
github.com/go-jose/go-jose/v4
github.com/go-jose/go-jose/v4/cipher
From 8b1ed9f96f7434ead5683015b0ad78014be76ba2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Budai?= <ondrej@budai.cz>
Date: Tue, 26 Aug 2025 13:46:51 +0200
Subject: [PATCH 2/2] github: ignore unused functions in shellcheck
Seems to be a false positive (shellcheck doesn't understand traps).
---
.github/workflows/tests.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 54185df0c0..e11d7a39fb 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -212,9 +212,9 @@ jobs:
with:
ignore: vendor # We don't want to fix the code in vendored dependencies
env:
- # don't check /etc/os-release sourcing, allow useless cats to live inside our codebase, and
- # allow seemingly unreachable commands
- SHELLCHECK_OPTS: -e SC1091 -e SC2002 -e SC2317
+ # don't check /etc/os-release sourcing, allow useless cats to live inside our codebase,
+ # allow seemingly unreachable commands, and allow unused functions
+ SHELLCHECK_OPTS: -e SC1091 -e SC2002 -e SC2317 -e SC2329
- name: Do not doube trap signals inside test scripts
run: |

103
SPECS/osbuild-composer.spec
View File

@ -8,11 +8,11 @@
%bcond_with relax_requires %bcond_with relax_requires
# The minimum required osbuild version # The minimum required osbuild version
%global min_osbuild_version 139 %global min_osbuild_version 157
%global goipath github.com/osbuild/osbuild-composer %global goipath github.com/osbuild/osbuild-composer
Version: 132.2 Version: 149
%gometa %gometa
@ -25,7 +25,7 @@ It is compatible with composer-cli and cockpit-composer clients.
} }
Name: osbuild-composer Name: osbuild-composer
Release: 3%{?dist} Release: 1%{?dist}
Summary: An image building service based on osbuild Summary: An image building service based on osbuild
# osbuild-composer doesn't have support for building i686 and armv7hl images # osbuild-composer doesn't have support for building i686 and armv7hl images
@ -36,14 +36,6 @@ License: Apache-2.0
URL: %{gourl} URL: %{gourl}
Source0: %{gosource} Source0: %{gosource}
# https://github.com/osbuild/osbuild-composer/pull/4856
Patch0: json-tailoring-conversion.patch
# https://github.com/osbuild/osbuild-composer/pull/4860
Patch1: fix-unclosed-logrus-logging-pipes.patch
# https://github.com/osbuild/osbuild-composer/pull/4842
Patch2: update-go-jose-dependency.patch
BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
BuildRequires: systemd BuildRequires: systemd
@ -114,8 +106,6 @@ export LDFLAGS="${LDFLAGS} -X 'github.com/osbuild/osbuild-composer/internal/comm
%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-composer %{goipath}/cmd/osbuild-composer %gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-composer %{goipath}/cmd/osbuild-composer
%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-worker %{goipath}/cmd/osbuild-worker %gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-worker %{goipath}/cmd/osbuild-worker
%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-worker-executor %{goipath}/cmd/osbuild-worker-executor %gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-worker-executor %{goipath}/cmd/osbuild-worker-executor
%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-jobsite-manager %{goipath}/cmd/osbuild-jobsite-manager
%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-jobsite-builder %{goipath}/cmd/osbuild-jobsite-builder
make man make man
@ -124,13 +114,6 @@ make man
# Build test binaries with `go test -c`, so that they can take advantage of # Build test binaries with `go test -c`, so that they can take advantage of
# golang's testing package. The golang rpm macros don't support building them # golang's testing package. The golang rpm macros don't support building them
# directly. Thus, do it manually, taking care to also include a build id. # directly. Thus, do it manually, taking care to also include a build id.
#
# On Fedora, also turn off go modules and set the path to the one into which
# the golang-* packages install source code.
%if 0%{?fedora}
export GO111MODULE=off
export GOPATH=%{gobuilddir}:%{gopath}
%endif
TEST_LDFLAGS="${LDFLAGS:-} -B 0x$(od -N 20 -An -tx1 -w100 /dev/urandom | tr -d ' ')" TEST_LDFLAGS="${LDFLAGS:-} -B 0x$(od -N 20 -An -tx1 -w100 /dev/urandom | tr -d ' ')"
@ -141,7 +124,6 @@ GOTAGS="${GOTAGS:+$GOTAGS,}rhel%{rhel}"
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-cli-tests %{goipath}/cmd/osbuild-composer-cli-tests go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-cli-tests %{goipath}/cmd/osbuild-composer-cli-tests
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-dnf-json-tests %{goipath}/cmd/osbuild-dnf-json-tests go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-dnf-json-tests %{goipath}/cmd/osbuild-dnf-json-tests
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-weldr-tests %{goipath}/internal/client/ go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-weldr-tests %{goipath}/internal/client/
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-image-tests %{goipath}/cmd/osbuild-image-tests
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-auth-tests %{goipath}/cmd/osbuild-auth-tests go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-auth-tests %{goipath}/cmd/osbuild-auth-tests
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-koji-tests %{goipath}/cmd/osbuild-koji-tests go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-koji-tests %{goipath}/cmd/osbuild-koji-tests
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-dbjobqueue-tests %{goipath}/cmd/osbuild-composer-dbjobqueue-tests go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-dbjobqueue-tests %{goipath}/cmd/osbuild-composer-dbjobqueue-tests
@ -155,8 +137,6 @@ install -m 0755 -vd %{buildroot}%
install -m 0755 -vp _bin/osbuild-composer %{buildroot}%{_libexecdir}/osbuild-composer/ install -m 0755 -vp _bin/osbuild-composer %{buildroot}%{_libexecdir}/osbuild-composer/
install -m 0755 -vp _bin/osbuild-worker %{buildroot}%{_libexecdir}/osbuild-composer/ install -m 0755 -vp _bin/osbuild-worker %{buildroot}%{_libexecdir}/osbuild-composer/
install -m 0755 -vp _bin/osbuild-worker-executor %{buildroot}%{_libexecdir}/osbuild-composer/ install -m 0755 -vp _bin/osbuild-worker-executor %{buildroot}%{_libexecdir}/osbuild-composer/
install -m 0755 -vp _bin/osbuild-jobsite-manager %{buildroot}%{_libexecdir}/osbuild-composer/
install -m 0755 -vp _bin/osbuild-jobsite-builder %{buildroot}%{_libexecdir}/osbuild-composer/
# Only include repositories for the distribution and release # Only include repositories for the distribution and release
install -m 0755 -vd %{buildroot}%{_datadir}/osbuild-composer/repositories install -m 0755 -vd %{buildroot}%{_datadir}/osbuild-composer/repositories
@ -166,12 +146,13 @@ install -m 0755 -vd %{buildroot}%
# Latest CentOS supports building all CentOS versions # Latest CentOS supports building all CentOS versions
%if 0%{?centos} >= 10 %if 0%{?centos} >= 10
install -m 0644 -vp repositories/centos-* %{buildroot}%{_datadir}/osbuild-composer/repositories/ install -m 0644 -vp vendor/github.com/osbuild/images/data/repositories/centos-* %{buildroot}%{_datadir}/osbuild-composer/repositories/
%else %else
# All other CentOS versions support building for the same version # All other CentOS versions support building for the same version
install -m 0644 -vp repositories/centos-%{centos}* %{buildroot}%{_datadir}/osbuild-composer/repositories/ install -m 0644 -vp vendor/github.com/osbuild/images/data/repositories/centos-%{centos}* %{buildroot}%{_datadir}/osbuild-composer/repositories/
install -m 0644 -vp repositories/centos-stream-%{centos}* %{buildroot}%{_datadir}/osbuild-composer/repositories/ # centos-stream-* are symlinks
cp -a repositories/centos-stream-%{centos}* %{buildroot}%{_datadir}/osbuild-composer/repositories/
%endif %endif
%else %else
@ -179,7 +160,7 @@ install -m 0644 -vp repositories/centos-stream-%{centos}* %{buildroot}%
%if 0%{?rhel} %if 0%{?rhel}
# RHEL 10 supports building all RHEL versions # RHEL 10 supports building all RHEL versions
%if 0%{?rhel} >= 10 %if 0%{?rhel} >= 10
for REPO_FILE in $(ls repositories/rhel-* | grep -v 'no-aux-key'); do for REPO_FILE in $(ls vendor/github.com/osbuild/images/data/repositories/rhel-* ); do
install -m 0644 -vp ${REPO_FILE} %{buildroot}%{_datadir}/osbuild-composer/repositories/$(basename ${REPO_FILE}) install -m 0644 -vp ${REPO_FILE} %{buildroot}%{_datadir}/osbuild-composer/repositories/$(basename ${REPO_FILE})
done done
@ -190,13 +171,13 @@ done
%else %else
# All other RHEL versions support building for the same version # All other RHEL versions support building for the same version
for REPO_FILE in $(ls repositories/rhel-%{rhel}* | grep -v 'no-aux-key'); do for REPO_FILE in $(ls vendor/github.com/osbuild/images/data/repositories/rhel-%{rhel}* ); do
install -m 0644 -vp ${REPO_FILE} %{buildroot}%{_datadir}/osbuild-composer/repositories/$(basename ${REPO_FILE}) install -m 0644 -vp ${REPO_FILE} %{buildroot}%{_datadir}/osbuild-composer/repositories/$(basename ${REPO_FILE})
done done
# RHEL 9 supports building also for RHEL 8 # RHEL 9 supports building also for RHEL 8
%if 0%{?rhel} == 9 %if 0%{?rhel} == 9
for REPO_FILE in $(ls repositories/rhel-8* | grep -v 'no-aux-key'); do for REPO_FILE in $(ls vendor/github.com/osbuild/images/data/repositories/rhel-8* ); do
install -m 0644 -vp ${REPO_FILE} %{buildroot}%{_datadir}/osbuild-composer/repositories/$(basename ${REPO_FILE}) install -m 0644 -vp ${REPO_FILE} %{buildroot}%{_datadir}/osbuild-composer/repositories/$(basename ${REPO_FILE})
done done
%endif %endif
@ -207,7 +188,7 @@ done
# Fedora can build for all included fedora releases # Fedora can build for all included fedora releases
%if 0%{?fedora} %if 0%{?fedora}
install -m 0644 -vp repositories/fedora-* %{buildroot}%{_datadir}/osbuild-composer/repositories/ install -m 0644 -vp vendor/github.com/osbuild/images/data/repositories/fedora-* %{buildroot}%{_datadir}/osbuild-composer/repositories/
%endif %endif
install -m 0755 -vd %{buildroot}%{_unitdir} install -m 0755 -vd %{buildroot}%{_unitdir}
@ -227,7 +208,6 @@ install -m 0755 -vd %{buildroot}%
install -m 0755 -vp _bin/osbuild-composer-cli-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/ install -m 0755 -vp _bin/osbuild-composer-cli-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/
install -m 0755 -vp _bin/osbuild-weldr-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/ install -m 0755 -vp _bin/osbuild-weldr-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/
install -m 0755 -vp _bin/osbuild-dnf-json-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/ install -m 0755 -vp _bin/osbuild-dnf-json-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/
install -m 0755 -vp _bin/osbuild-image-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/
install -m 0755 -vp _bin/osbuild-auth-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/ install -m 0755 -vp _bin/osbuild-auth-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/
install -m 0755 -vp _bin/osbuild-koji-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/ install -m 0755 -vp _bin/osbuild-koji-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/
install -m 0755 -vp _bin/osbuild-composer-dbjobqueue-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/ install -m 0755 -vp _bin/osbuild-composer-dbjobqueue-tests %{buildroot}%{_libexecdir}/osbuild-composer-test/
@ -260,9 +240,6 @@ install -m 0644 -vp test/data/ansible/* %{buildroot}%
install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/azure install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/azure
install -m 0644 -vp test/data/azure/* %{buildroot}%{_datadir}/tests/osbuild-composer/azure/ install -m 0644 -vp test/data/azure/* %{buildroot}%{_datadir}/tests/osbuild-composer/azure/
install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/manifests
install -m 0644 -vp test/data/manifests/* %{buildroot}%{_datadir}/tests/osbuild-composer/manifests/
install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/cloud-init install -m 0755 -vd %{buildroot}%{_datadir}/tests/osbuild-composer/cloud-init
install -m 0644 -vp test/data/cloud-init/* %{buildroot}%{_datadir}/tests/osbuild-composer/cloud-init/ install -m 0644 -vp test/data/cloud-init/* %{buildroot}%{_datadir}/tests/osbuild-composer/cloud-init/
@ -299,14 +276,12 @@ install -m 0644 -vp test/data/rhel-upgrade/* %{buildroot}%
%check %check
export GOFLAGS="-buildmode=pie" export GOFLAGS="-buildmode=pie"
%if 0%{?rhel} %if 0%{?rhel}
export GOFLAGS+=" -mod=vendor -tags=exclude_graphdriver_btrfs" export GOFLAGS+=" -tags=exclude_graphdriver_btrfs"
%endif
export GOPATH=$PWD/_build:%{gopath} export GOPATH=$PWD/_build:%{gopath}
# cd inside GOPATH, otherwise go with GO111MODULE=off ignores vendor directory # cd inside GOPATH, otherwise go with GO111MODULE=off ignores vendor directory
cd $PWD/_build/src/%{goipath} cd $PWD/_build/src/%{goipath}
%gotest ./...
%else
%gocheck
%endif
%post %post
%systemd_post osbuild-composer.service osbuild-composer.socket osbuild-composer-api.socket osbuild-composer-prometheus.socket osbuild-remote-worker.socket %systemd_post osbuild-composer.service osbuild-composer.socket osbuild-composer-api.socket osbuild-composer-prometheus.socket osbuild-remote-worker.socket
@ -363,8 +338,6 @@ The worker for osbuild-composer
%files worker %files worker
%{_libexecdir}/osbuild-composer/osbuild-worker %{_libexecdir}/osbuild-composer/osbuild-worker
%{_libexecdir}/osbuild-composer/osbuild-worker-executor %{_libexecdir}/osbuild-composer/osbuild-worker-executor
%{_libexecdir}/osbuild-composer/osbuild-jobsite-manager
%{_libexecdir}/osbuild-composer/osbuild-jobsite-builder
%{_unitdir}/osbuild-worker@.service %{_unitdir}/osbuild-worker@.service
%{_unitdir}/osbuild-remote-worker@.service %{_unitdir}/osbuild-remote-worker@.service
@ -461,22 +434,44 @@ Integration tests to be run on a pristine-dedicated system to test the osbuild-c
%endif %endif
%changelog %changelog
* Wed Oct 15 2025 Gianluca Zuccarelli <gzuccare@redhat.com> - 132.2-3 * Thu Aug 21 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 149-1
- Fix json tailoring blueprint conversion - New upstream release
Resolves: RHEL-111314
- Fix unclosed logrus logging pipes
Resolves: RHEL-102832
- Update go-jose dependency
Resolves: RHEL-82968 (CVE-2025-27144)
* Tue Jun 24 2025 Ondřej Budai <obudai@redhat.com> - 132.2-2 * Wed Aug 06 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 147-1
- Resolves: RHEL-89319 (CVE-2025-22871) - New upstream release
* Tue Apr 22 2025 Tomáš Hozza <thozza@redhat.com> = 132.2-1 * Wed Jul 23 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 146-1
- Resolve RHEL-84642 - New upstream release
* Thu Apr 03 2025 Tomáš Hozza <thozza@redhat.com> = 132.1-1 * Sat Jul 12 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 145-1
- Resolve RHEL-83781 - New upstream release
* Wed Jun 25 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 144-1
- New upstream release
* Wed Jun 11 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 143-1
- New upstream release
* Thu Jun 05 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 142-1
- New upstream release
* Mon May 19 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 141-1
- New upstream release
* Wed Apr 23 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 139-1
- New upstream release
* Wed Apr 16 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 138-1
- New upstream release
* Thu Apr 03 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 137-1
- New upstream release
* Mon Mar 31 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 136-1
- New upstream release
* Wed Mar 05 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 135-1
- New upstream release
* Thu Feb 13 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 132-1 * Thu Feb 13 2025 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 132-1
- New upstream release - New upstream release