import RHEL 10 Beta osbuild-composer-118-1.el10

2024-11-20 13:26:53 +00:00
6 changed files with 2565 additions and 1020 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/osbuild-composer-101.tar.gz
+osbuild-composer-118.tar.gz
--- a/.osbuild-composer.metadata
+++ b/.osbuild-composer.metadata
@ -1 +0,0 @@
 0feb86b5dcd146ce5b87816ae482eb50ed507c16 SOURCES/osbuild-composer-101.tar.gz
--- a/SOURCES/CVE-2025-30204.patch
+++ b/SOURCES/CVE-2025-30204.patch
@ -1,391 +0,0 @@
 diff --git a/go.mod b/go.mod
 index f571516..d3d329f 100644
 --- a/go.mod
 +++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/getkin/kin-openapi v0.93.0
 	github.com/getsentry/sentry-go v0.26.0
 	github.com/gobwas/glob v0.2.3
 -	github.com/golang-jwt/jwt/v4 v4.5.0
 +	github.com/golang-jwt/jwt/v4 v4.5.2
 	github.com/google/go-cmp v0.6.0
 	github.com/google/uuid v1.6.0
 	github.com/gophercloud/gophercloud v1.9.0
@@ -114,7 +114,7 @@ require (
 	github.com/go-openapi/validate v0.22.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 -	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
 +	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
 	github.com/golang/glog v1.1.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 diff --git a/go.sum b/go.sum
 index 5996751..488870b 100644
 --- a/go.sum
 +++ b/go.sum
@@ -251,10 +251,11 @@ github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keL
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 -github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
 -github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 +github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
 +github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 +github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
 +github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
 github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
 diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go
 index c0a6f69..0fc510a 100644
 --- a/vendor/github.com/golang-jwt/jwt/v4/parser.go
 +++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go
@@ -7,6 +7,8 @@ import (
 	"strings"
 )
 +const tokenDelimiter = "."
 +
 type Parser struct {
 	// If populated, only these methods will be considered valid.
 	//
@@ -36,19 +38,21 @@ func NewParser(options ...ParserOption) *Parser {
 	return p
 }
 -// Parse parses, validates, verifies the signature and returns the parsed token.
 -// keyFunc will receive the parsed token and should return the key for validating.
 +// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
 +// receive the parsed token and should return the key for validating.
 func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
 	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
 }
 -// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object implementing the Claims
 -// interface. This provides default values which can be overridden and allows a caller to use their own type, rather
 -// than the default MapClaims implementation of Claims.
 +// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
 +// implementing the Claims interface. This provides default values which can be overridden and
 +// allows a caller to use their own type, rather than the default MapClaims implementation of
 +// Claims.
 //
 -// Note: If you provide a custom claim implementation that embeds one of the standard claims (such as RegisteredClaims),
 -// make sure that a) you either embed a non-pointer version of the claims or b) if you are using a pointer, allocate the
 -// proper memory for it before passing in the overall claims, otherwise you might run into a panic.
 +// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
 +// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
 +// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
 +// claims, otherwise you might run into a panic.
 func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
 	token, parts, err := p.ParseUnverified(tokenString, claims)
 	if err != nil {
@@ -85,12 +89,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
 		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
 	}
 +	// Perform validation
 +	token.Signature = parts[2]
 +	if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
 +		return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
 +	}
 +
 	vErr := &ValidationError{}
 	// Validate Claims
 	if !p.SkipClaimsValidation {
 		if err := token.Claims.Valid(); err != nil {
 -
 			// If the Claims Valid returned an error, check if it is a validation error,
 			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
 			if e, ok := err.(*ValidationError); !ok {
@@ -98,22 +107,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
 			} else {
 				vErr = e
 			}
 +			return token, vErr
 		}
 	}
 -	// Perform validation
 -	token.Signature = parts[2]
 -	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
 -		vErr.Inner = err
 -		vErr.Errors |= ValidationErrorSignatureInvalid
 -	}
 -
 -	if vErr.valid() {
 -		token.Valid = true
 -		return token, nil
 -	}
 +	// No errors so far, token is valid.
 +	token.Valid = true
 -	return token, vErr
 +	return token, nil
 }
 // ParseUnverified parses the token but doesn't validate the signature.
@@ -123,9 +124,10 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
 // It's only ever useful in cases where you know the signature is valid (because it has
 // been checked previously in the stack) and you want to extract values from it.
 func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
 -	parts = strings.Split(tokenString, ".")
 -	if len(parts) != 3 {
 -		return nil, parts, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed)
 +	var ok bool
 +	parts, ok = splitToken(tokenString)
 +	if !ok {
 +		return nil, nil, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed)
 	}
 	token = &Token{Raw: tokenString}
@@ -175,3 +177,30 @@ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Toke
 	return token, parts, nil
 }
 +
 +// splitToken splits a token string into three parts: header, claims, and signature. It will only
 +// return true if the token contains exactly two delimiters and three parts. In all other cases, it
 +// will return nil parts and false.
 +func splitToken(token string) ([]string, bool) {
 +	parts := make([]string, 3)
 +	header, remain, ok := strings.Cut(token, tokenDelimiter)
 +	if !ok {
 +		return nil, false
 +	}
 +	parts[0] = header
 +	claims, remain, ok := strings.Cut(remain, tokenDelimiter)
 +	if !ok {
 +		return nil, false
 +	}
 +	parts[1] = claims
 +	// One more cut to ensure the signature is the last part of the token and there are no more
 +	// delimiters. This avoids an issue where malicious input could contain additional delimiters
 +	// causing unecessary overhead parsing tokens.
 +	signature, _, unexpected := strings.Cut(remain, tokenDelimiter)
 +	if unexpected {
 +		return nil, false
 +	}
 +	parts[2] = signature
 +
 +	return parts, true
 +}
 diff --git a/vendor/github.com/golang-jwt/jwt/v5/README.md b/vendor/github.com/golang-jwt/jwt/v5/README.md
 index 964598a..0bb636f 100644
 --- a/vendor/github.com/golang-jwt/jwt/v5/README.md
 +++ b/vendor/github.com/golang-jwt/jwt/v5/README.md
@@ -10,11 +10,11 @@ implementation of [JSON Web
 Tokens](https://datatracker.ietf.org/doc/html/rfc7519).
 Starting with [v4.0.0](https://github.com/golang-jwt/jwt/releases/tag/v4.0.0)
 -this project adds Go module support, but maintains backwards compatibility with
 +this project adds Go module support, but maintains backward compatibility with
 older `v3.x.y` tags and upstream `github.com/dgrijalva/jwt-go`. See the
 [`MIGRATION_GUIDE.md`](./MIGRATION_GUIDE.md) for more information. Version
 v5.0.0 introduces major improvements to the validation of tokens, but is not
 -entirely backwards compatible. 
 +entirely backward compatible. 
 > After the original author of the library suggested migrating the maintenance
 > of `jwt-go`, a dedicated team of open source maintainers decided to clone the
@@ -24,7 +24,7 @@ entirely backwards compatible.
 **SECURITY NOTICE:** Some older versions of Go have a security issue in the
 -crypto/elliptic. Recommendation is to upgrade to at least 1.15 See issue
 +crypto/elliptic. The recommendation is to upgrade to at least 1.15 See issue
 [dgrijalva/jwt-go#216](https://github.com/dgrijalva/jwt-go/issues/216) for more
 detail.
@@ -32,7 +32,7 @@ detail.
 what you
 expect](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/).
 This library attempts to make it easy to do the right thing by requiring key
 -types match the expected alg, but you should take the extra step to verify it in
 +types to match the expected alg, but you should take the extra step to verify it in
 your usage.  See the examples provided.
 ### Supported Go versions
@@ -41,7 +41,7 @@ Our support of Go versions is aligned with Go's [version release
 policy](https://golang.org/doc/devel/release#policy). So we will support a major
 version of Go until there are two newer major releases. We no longer support
 building jwt-go with unsupported Go versions, as these contain security
 -vulnerabilities which will not be fixed.
 +vulnerabilities that will not be fixed.
 ## What the heck is a JWT?
@@ -117,7 +117,7 @@ notable differences:
 This library is considered production ready.  Feedback and feature requests are
 appreciated.  The API should be considered stable.  There should be very few
 -backwards-incompatible changes outside of major version updates (and only with
 +backward-incompatible changes outside of major version updates (and only with
 good reason).
 This project uses [Semantic Versioning 2.0.0](http://semver.org).  Accepted pull
@@ -125,8 +125,8 @@ requests will land on `main`.  Periodically, versions will be tagged from
 `main`.  You can find all the releases on [the project releases
 page](https://github.com/golang-jwt/jwt/releases).
 -**BREAKING CHANGES:*** A full list of breaking changes is available in
 -`VERSION_HISTORY.md`.  See `MIGRATION_GUIDE.md` for more information on updating
 +**BREAKING CHANGES:** A full list of breaking changes is available in
 +`VERSION_HISTORY.md`.  See [`MIGRATION_GUIDE.md`](./MIGRATION_GUIDE.md) for more information on updating
 your code.
 ## Extensions
 diff --git a/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md b/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md
 index b08402c..2740597 100644
 --- a/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md
 +++ b/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md
@@ -2,11 +2,11 @@
 ## Supported Versions
 -As of February 2022 (and until this document is updated), the latest version `v4` is supported.
 +As of November 2024 (and until this document is updated), the latest version `v5` is supported. In critical cases, we might supply back-ported patches for `v4`.
 ## Reporting a Vulnerability
 -If you think you found a vulnerability, and even if you are not sure, please report it to jwt-go-security@googlegroups.com or one of the other [golang-jwt maintainers](https://github.com/orgs/golang-jwt/people). Please try be explicit, describe steps to reproduce the security issue with code example(s).
 +If you think you found a vulnerability, and even if you are not sure, please report it a [GitHub Security Advisory](https://github.com/golang-jwt/jwt/security/advisories/new). Please try be explicit, describe steps to reproduce the security issue with code example(s).
 You will receive a response within a timely manner. If the issue is confirmed, we will do our best to release a patch as soon as possible given the complexity of the problem.
 diff --git a/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
 index ca85659..c929e4a 100644
 --- a/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
 +++ b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
@@ -62,7 +62,7 @@ func (m *SigningMethodECDSA) Verify(signingString string, sig []byte, key interf
 	case *ecdsa.PublicKey:
 		ecdsaKey = k
 	default:
 -		return newError("ECDSA verify expects *ecsda.PublicKey", ErrInvalidKeyType)
 +		return newError("ECDSA verify expects *ecdsa.PublicKey", ErrInvalidKeyType)
 	}
 	if len(sig) != 2*m.KeySize {
@@ -96,7 +96,7 @@ func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) ([]byte
 	case *ecdsa.PrivateKey:
 		ecdsaKey = k
 	default:
 -		return nil, newError("ECDSA sign expects *ecsda.PrivateKey", ErrInvalidKeyType)
 +		return nil, newError("ECDSA sign expects *ecdsa.PrivateKey", ErrInvalidKeyType)
 	}
 	// Create the hasher
 diff --git a/vendor/github.com/golang-jwt/jwt/v5/hmac.go b/vendor/github.com/golang-jwt/jwt/v5/hmac.go
 index 96c6272..aca600c 100644
 --- a/vendor/github.com/golang-jwt/jwt/v5/hmac.go
 +++ b/vendor/github.com/golang-jwt/jwt/v5/hmac.go
@@ -91,7 +91,7 @@ func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interfa
 func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte, error) {
 	if keyBytes, ok := key.([]byte); ok {
 		if !m.Hash.Available() {
 -			return nil, newError("HMAC sign expects []byte", ErrInvalidKeyType)
 +			return nil, ErrHashUnavailable
 		}
 		hasher := hmac.New(m.Hash.New, keyBytes)
@@ -100,5 +100,5 @@ func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte,
 		return hasher.Sum(nil), nil
 	}
 -	return nil, ErrInvalidKeyType
 +	return nil, newError("HMAC sign expects []byte", ErrInvalidKeyType)
 }
 diff --git a/vendor/github.com/golang-jwt/jwt/v5/parser.go b/vendor/github.com/golang-jwt/jwt/v5/parser.go
 index ecf99af..054c7eb 100644
 --- a/vendor/github.com/golang-jwt/jwt/v5/parser.go
 +++ b/vendor/github.com/golang-jwt/jwt/v5/parser.go
@@ -8,6 +8,8 @@ import (
 	"strings"
 )
 +const tokenDelimiter = "."
 +
 type Parser struct {
 	// If populated, only these methods will be considered valid.
 	validMethods []string
@@ -136,9 +138,10 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
 // It's only ever useful in cases where you know the signature is valid (since it has already
 // been or will be checked elsewhere in the stack) and you want to extract values from it.
 func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
 -	parts = strings.Split(tokenString, ".")
 -	if len(parts) != 3 {
 -		return nil, parts, newError("token contains an invalid number of segments", ErrTokenMalformed)
 +	var ok bool
 +	parts, ok = splitToken(tokenString)
 +	if !ok {
 +		return nil, nil, newError("token contains an invalid number of segments", ErrTokenMalformed)
 	}
 	token = &Token{Raw: tokenString}
@@ -196,6 +199,33 @@ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Toke
 	return token, parts, nil
 }
 +// splitToken splits a token string into three parts: header, claims, and signature. It will only
 +// return true if the token contains exactly two delimiters and three parts. In all other cases, it
 +// will return nil parts and false.
 +func splitToken(token string) ([]string, bool) {
 +	parts := make([]string, 3)
 +	header, remain, ok := strings.Cut(token, tokenDelimiter)
 +	if !ok {
 +		return nil, false
 +	}
 +	parts[0] = header
 +	claims, remain, ok := strings.Cut(remain, tokenDelimiter)
 +	if !ok {
 +		return nil, false
 +	}
 +	parts[1] = claims
 +	// One more cut to ensure the signature is the last part of the token and there are no more
 +	// delimiters. This avoids an issue where malicious input could contain additional delimiters
 +	// causing unecessary overhead parsing tokens.
 +	signature, _, unexpected := strings.Cut(remain, tokenDelimiter)
 +	if unexpected {
 +		return nil, false
 +	}
 +	parts[2] = signature
 +
 +	return parts, true
 +}
 +
 // DecodeSegment decodes a JWT specific base64url encoding. This function will
 // take into account whether the [Parser] is configured with additional options,
 // such as [WithStrictDecoding] or [WithPaddingAllowed].
 diff --git a/vendor/github.com/golang-jwt/jwt/v5/token.go b/vendor/github.com/golang-jwt/jwt/v5/token.go
 index 352873a..9c7f4ab 100644
 --- a/vendor/github.com/golang-jwt/jwt/v5/token.go
 +++ b/vendor/github.com/golang-jwt/jwt/v5/token.go
@@ -75,7 +75,7 @@ func (t *Token) SignedString(key interface{}) (string, error) {
 }
 // SigningString generates the signing string.  This is the most expensive part
 -// of the whole deal.  Unless you need this for something special, just go
 +// of the whole deal. Unless you need this for something special, just go
 // straight for the SignedString.
 func (t *Token) SigningString() (string, error) {
 	h, err := json.Marshal(t.Header)
 diff --git a/vendor/modules.txt b/vendor/modules.txt
 index 35d0433..f49c006 100644
 --- a/vendor/modules.txt
 +++ b/vendor/modules.txt
@@ -568,10 +568,10 @@ github.com/gogo/protobuf/proto
 # github.com/golang-jwt/jwt v3.2.2+incompatible
 ## explicit
 github.com/golang-jwt/jwt
 -# github.com/golang-jwt/jwt/v4 v4.5.0
 +# github.com/golang-jwt/jwt/v4 v4.5.2
 ## explicit; go 1.16
 github.com/golang-jwt/jwt/v4
 -# github.com/golang-jwt/jwt/v5 v5.2.0
 +# github.com/golang-jwt/jwt/v5 v5.2.2
 ## explicit; go 1.18
 github.com/golang-jwt/jwt/v5
 # github.com/golang/glog v1.1.2
--- a/SPECS/osbuild-composer.spec
+++ b/SPECS/osbuild-composer.spec
@ -1,627 +0,0 @@
 # Do not build with tests by default
 # Pass --with tests to rpmbuild to override
 %bcond_with tests
 # When --with relax_requires is specified osbuild-composer-tests
 # will require osbuild-composer only by name, excluding version/release
 # This is used internally during nightly pipeline testing!
 %bcond_with relax_requires
 # The minimum required osbuild version
 %global min_osbuild_version 109
 %global goipath         github.com/osbuild/osbuild-composer
 Version:        101
 %gometa
 %global common_description %{expand:
 A service for building customized OS artifacts, such as VM images and OSTree
 commits, that uses osbuild under the hood. Besides building images for local
 usage, it can also upload images directly to cloud.
 It is compatible with composer-cli and cockpit-composer clients.
 }
 Name:           osbuild-composer
 Release:        4%{?dist}
 Summary:        An image building service based on osbuild
 # osbuild-composer doesn't have support for building i686 and armv7hl images
 ExcludeArch:    i686 armv7hl
 # Upstream license specification: Apache-2.0
 License:        Apache-2.0
 URL:            %{gourl}
 Source0:        %{gosource}
 Patch0:         CVE-2025-30204.patch
 BuildRequires:  %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
 BuildRequires:  systemd
 BuildRequires:  krb5-devel
 BuildRequires:  python3-docutils
 BuildRequires:  make
 # Build requirements of 'theproglottis/gpgme' package
 BuildRequires:  gpgme-devel
 BuildRequires:  libassuan-devel
 # Build requirements of 'github.com/containers/storage' package
 BuildRequires:  device-mapper-devel
 %if 0%{?fedora}
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  git
 # Build requirements of 'github.com/containers/storage' package
 BuildRequires:  btrfs-progs-devel
 # DO NOT REMOVE the BUNDLE_START and BUNDLE_END markers as they are used by 'tools/rpm_spec_add_provides_bundle.sh' to generate the Provides: bundled list
 # BUNDLE_START
 # BUNDLE_END
 %endif
 Requires: %{name}-core = %{version}-%{release}
 Requires: %{name}-worker = %{version}-%{release}
 Requires: systemd
 Provides: weldr
 %description
 %{common_description}
 %prep
 %if 0%{?rhel}
 %forgeautosetup -p1
 %else
 %goprep -k
 %endif
 %build
 export GOFLAGS="-buildmode=pie"
 %if 0%{?rhel}
 GO_BUILD_PATH=$PWD/_build
 install -m 0755 -vd $(dirname $GO_BUILD_PATH/src/%{goipath})
 ln -fs $PWD $GO_BUILD_PATH/src/%{goipath}
 cd $GO_BUILD_PATH/src/%{goipath}
 install -m 0755 -vd _bin
 export PATH=$PWD/_bin${PATH:+:$PATH}
 export GOPATH=$GO_BUILD_PATH:%{gopath}
 export GOFLAGS+=" -mod=vendor"
 %endif
 %if 0%{?fedora}
 # Fedora disables Go modules by default, but we want to use them.
 # Undefine the macro which disables it to use the default behavior.
 %undefine gomodulesmode
 %endif
 # btrfs-progs-devel is not available on RHEL
 %if 0%{?rhel}
 GOTAGS="exclude_graphdriver_btrfs"
 %endif
 # Set the commit hash so that composer can report what source version
 # was used to build it. This has to be set explicitly when calling rpmbuild,
 # this script will not attempt to automatically discover it.
 %if %{?commit:1}0
 export LDFLAGS="${LDFLAGS} -X 'github.com/osbuild/osbuild-composer/internal/common.GitRev=%{commit}'"
 %endif
 export LDFLAGS="${LDFLAGS} -X 'github.com/osbuild/osbuild-composer/internal/common.RpmVersion=%{name}-%{?epoch:%epoch:}%{version}-%{release}.%{_arch}'"
 %gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-composer %{goipath}/cmd/osbuild-composer
 %gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-worker %{goipath}/cmd/osbuild-worker
 %gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-jobsite-manager %{goipath}/cmd/osbuild-jobsite-manager
 %gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-jobsite-builder %{goipath}/cmd/osbuild-jobsite-builder
 make man
 %if %{with tests} || 0%{?rhel}
 # Build test binaries with `go test -c`, so that they can take advantage of
 # golang's testing package. The golang rpm macros don't support building them
 # directly. Thus, do it manually, taking care to also include a build id.
 #
 # On Fedora, also turn off go modules and set the path to the one into which
 # the golang-* packages install source code.
 %if 0%{?fedora}
 export GO111MODULE=off
 export GOPATH=%{gobuilddir}:%{gopath}
 %endif
 TEST_LDFLAGS="${LDFLAGS:-} -B 0x$(od -N 20 -An -tx1 -w100 /dev/urandom | tr -d ' ')"
 go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-cli-tests %{goipath}/cmd/osbuild-composer-cli-tests
 go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-dnf-json-tests %{goipath}/cmd/osbuild-dnf-json-tests
 go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-weldr-tests %{goipath}/internal/client/
 go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-image-tests %{goipath}/cmd/osbuild-image-tests
 go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-auth-tests %{goipath}/cmd/osbuild-auth-tests
 go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-koji-tests %{goipath}/cmd/osbuild-koji-tests
 go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-dbjobqueue-tests %{goipath}/cmd/osbuild-composer-dbjobqueue-tests
 go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-service-maintenance-tests %{goipath}/cmd/osbuild-service-maintenance
 go build -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-mock-openid-provider %{goipath}/cmd/osbuild-mock-openid-provider
 %endif
 %install
 install -m 0755 -vd                                                %{buildroot}%{_libexecdir}/osbuild-composer
 install -m 0755 -vp _bin/osbuild-composer                          %{buildroot}%{_libexecdir}/osbuild-composer/
 install -m 0755 -vp _bin/osbuild-worker                            %{buildroot}%{_libexecdir}/osbuild-composer/
 install -m 0755 -vp _bin/osbuild-jobsite-manager                   %{buildroot}%{_libexecdir}/osbuild-composer/
 install -m 0755 -vp _bin/osbuild-jobsite-builder                   %{buildroot}%{_libexecdir}/osbuild-composer/
 # Only include repositories for the distribution and release
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/osbuild-composer/repositories
 # CentOS also defines rhel so we check for centos first
 %if 0%{?centos}
 # CentOS 9 supports building for CentOS 8 and later
 %if 0%{?centos} >= 9
 install -m 0644 -vp repositories/centos-*                          %{buildroot}%{_datadir}/osbuild-composer/repositories/
 %else
 # CentOS 8 only supports building for CentOS 8
 install -m 0644 -vp repositories/centos-%{centos}*                 %{buildroot}%{_datadir}/osbuild-composer/repositories/
 install -m 0644 -vp repositories/centos-stream-%{centos}*          %{buildroot}%{_datadir}/osbuild-composer/repositories/
 %endif
 %else
 %if 0%{?rhel}
 # RHEL 9 supports building for RHEL 8 and later
 %if 0%{?rhel} >= 9
 install -m 0644 -vp repositories/rhel-*                            %{buildroot}%{_datadir}/osbuild-composer/repositories/
 %else
 # RHEL 8 only supports building for 8
 install -m 0644 -vp repositories/rhel-%{rhel}*                     %{buildroot}%{_datadir}/osbuild-composer/repositories/
 %endif
 %endif
 %endif
 # Fedora can build for all included fedora releases
 %if 0%{?fedora}
 install -m 0644 -vp repositories/fedora-*                          %{buildroot}%{_datadir}/osbuild-composer/repositories/
 %endif
 install -m 0755 -vd                                                %{buildroot}%{_unitdir}
 install -m 0644 -vp distribution/*.{service,socket}                %{buildroot}%{_unitdir}/
 install -m 0755 -vd                                                %{buildroot}%{_sysusersdir}
 install -m 0644 -vp distribution/osbuild-composer.conf             %{buildroot}%{_sysusersdir}/
 install -m 0755 -vd                                                %{buildroot}%{_localstatedir}/cache/osbuild-composer/dnf-cache
 install -m 0755 -vd                                                %{buildroot}%{_mandir}/man7
 install -m 0644 -vp docs/*.7                                       %{buildroot}%{_mandir}/man7/
 %if %{with tests} || 0%{?rhel}
 install -m 0755 -vd                                                %{buildroot}%{_libexecdir}/osbuild-composer-test
 install -m 0755 -vp _bin/osbuild-composer-cli-tests                %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp _bin/osbuild-weldr-tests                       %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp _bin/osbuild-dnf-json-tests                    %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp _bin/osbuild-image-tests                       %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp _bin/osbuild-auth-tests                        %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp _bin/osbuild-koji-tests                        %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp _bin/osbuild-composer-dbjobqueue-tests         %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp _bin/osbuild-service-maintenance-tests         %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp _bin/osbuild-mock-openid-provider              %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/define-compose-url.sh                    %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/provision.sh                             %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/gen-certs.sh                             %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/gen-ssh.sh                               %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/image-info                               %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/run-koji-container.sh                    %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/koji-compose.py                          %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/libvirt_test.sh                          %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/s3_test.sh                               %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/generic_s3_test.sh                       %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/generic_s3_https_test.sh                 %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/run-mock-auth-servers.sh                 %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vp tools/set-env-variables.sh                     %{buildroot}%{_libexecdir}/osbuild-composer-test/
 install -m 0755 -vd                                                %{buildroot}%{_libexecdir}/tests/osbuild-composer
 install -m 0755 -vp test/cases/*.sh                                %{buildroot}%{_libexecdir}/tests/osbuild-composer/
 install -m 0755 -vd                                                %{buildroot}%{_libexecdir}/tests/osbuild-composer/api
 install -m 0755 -vp test/cases/api/*.sh                            %{buildroot}%{_libexecdir}/tests/osbuild-composer/api/
 install -m 0755 -vd                                                %{buildroot}%{_libexecdir}/tests/osbuild-composer/api/common
 install -m 0755 -vp test/cases/api/common/*.sh                     %{buildroot}%{_libexecdir}/tests/osbuild-composer/api/common/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/ansible
 install -m 0644 -vp test/data/ansible/*                            %{buildroot}%{_datadir}/tests/osbuild-composer/ansible/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/azure
 install -m 0644 -vp test/data/azure/*                              %{buildroot}%{_datadir}/tests/osbuild-composer/azure/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/manifests
 install -m 0644 -vp test/data/manifests/*                          %{buildroot}%{_datadir}/tests/osbuild-composer/manifests/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/cloud-init
 install -m 0644 -vp test/data/cloud-init/*                         %{buildroot}%{_datadir}/tests/osbuild-composer/cloud-init/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/composer
 install -m 0644 -vp test/data/composer/*                           %{buildroot}%{_datadir}/tests/osbuild-composer/composer/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/worker
 install -m 0644 -vp test/data/worker/*                             %{buildroot}%{_datadir}/tests/osbuild-composer/worker/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/repositories
 install -m 0644 -vp test/data/repositories/*                       %{buildroot}%{_datadir}/tests/osbuild-composer/repositories/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/kerberos
 install -m 0644 -vp test/data/kerberos/*                           %{buildroot}%{_datadir}/tests/osbuild-composer/kerberos/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/keyring
 install -m 0644 -vp test/data/keyring/id_rsa.pub                   %{buildroot}%{_datadir}/tests/osbuild-composer/keyring/
 install -m 0600 -vp test/data/keyring/id_rsa                       %{buildroot}%{_datadir}/tests/osbuild-composer/keyring/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/koji
 install -m 0644 -vp test/data/koji/*                               %{buildroot}%{_datadir}/tests/osbuild-composer/koji/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/x509
 install -m 0644 -vp test/data/x509/*                               %{buildroot}%{_datadir}/tests/osbuild-composer/x509/
 install -m 0755 -vd                                                %{buildroot}%{_datadir}/tests/osbuild-composer/schemas
 install -m 0644 -vp pkg/jobqueue/dbjobqueue/schemas/*              %{buildroot}%{_datadir}/tests/osbuild-composer/schemas/
 install -m 0755 -vd                                               %{buildroot}%{_datadir}/tests/osbuild-composer/upgrade8to9
 install -m 0644 -vp test/data/upgrade8to9/*                       %{buildroot}%{_datadir}/tests/osbuild-composer/upgrade8to9/
 %endif
 %check
 export GOFLAGS="-buildmode=pie"
 %if 0%{?rhel}
 export GOFLAGS+=" -mod=vendor -tags=exclude_graphdriver_btrfs"
 export GOPATH=$PWD/_build:%{gopath}
 # cd inside GOPATH, otherwise go with GO111MODULE=off ignores vendor directory
 cd $PWD/_build/src/%{goipath}
 %gotest ./...
 %else
 %gocheck
 %endif
 %post
 %systemd_post osbuild-composer.service osbuild-composer.socket osbuild-composer-api.socket osbuild-composer-prometheus.socket osbuild-remote-worker.socket
 %preun
 %systemd_preun osbuild-composer.service osbuild-composer.socket osbuild-composer-api.socket osbuild-composer-prometheus.socket osbuild-remote-worker.socket
 %postun
 %systemd_postun_with_restart osbuild-composer.service osbuild-composer.socket osbuild-composer-api.socket osbuild-composer-prometheus.socket osbuild-remote-worker.socket
 %files
 %license LICENSE
 %doc README.md
 %{_mandir}/man7/%{name}.7*
 %{_unitdir}/osbuild-composer.service
 %{_unitdir}/osbuild-composer.socket
 %{_unitdir}/osbuild-composer-api.socket
 %{_unitdir}/osbuild-composer-prometheus.socket
 %{_unitdir}/osbuild-local-worker.socket
 %{_unitdir}/osbuild-remote-worker.socket
 %{_sysusersdir}/osbuild-composer.conf
 %package core
 Summary:    The core osbuild-composer binary
 Requires:   osbuild-depsolve-dnf >= %{min_osbuild_version}
 Provides:   %{name}-dnf-json = %{version}-%{release}
 Obsoletes:  %{name}-dnf-json < %{version}-%{release}
 %description core
 The core osbuild-composer binary. This is suitable both for spawning in containers and by systemd.
 %files core
 %{_libexecdir}/osbuild-composer/osbuild-composer
 %{_datadir}/osbuild-composer/
 %package worker
 Summary:    The worker for osbuild-composer
 Requires:   systemd
 Requires:   qemu-img
 Requires:   osbuild >= %{min_osbuild_version}
 Requires:   osbuild-ostree >= %{min_osbuild_version}
 Requires:   osbuild-lvm2 >= %{min_osbuild_version}
 Requires:   osbuild-luks2 >= %{min_osbuild_version}
 Requires:   osbuild-depsolve-dnf >= %{min_osbuild_version}
 Provides:   %{name}-dnf-json = %{version}-%{release}
 Obsoletes:  %{name}-dnf-json < %{version}-%{release}
 %description worker
 The worker for osbuild-composer
 %files worker
 %{_libexecdir}/osbuild-composer/osbuild-worker
 %{_libexecdir}/osbuild-composer/osbuild-jobsite-manager
 %{_libexecdir}/osbuild-composer/osbuild-jobsite-builder
 %{_unitdir}/osbuild-worker@.service
 %{_unitdir}/osbuild-remote-worker@.service
 %post worker
 %systemd_post osbuild-worker@.service osbuild-remote-worker@.service
 %preun worker
 # systemd_preun uses systemctl disable --now which doesn't work well with template services.
 # See https://github.com/systemd/systemd/issues/15620
 # The following lines mimicks its behaviour by running two commands.
 # The scriptlet is supposed to run only when the package is being removed.
 if [ $1 -eq 0 ] && [ -d /run/systemd/system ]; then
    # disable and stop all the worker services
    systemctl --no-reload disable osbuild-worker@.service osbuild-remote-worker@.service
    systemctl stop "osbuild-worker@*.service" "osbuild-remote-worker@*.service"
 fi
 %postun worker
 # restart all the worker services
 %systemd_postun_with_restart "osbuild-worker@*.service" "osbuild-remote-worker@*.service"
 %if %{with tests} || 0%{?rhel}
 %package tests
 Summary:    Integration tests
 %if %{with relax_requires}
 Requires:   %{name}
 %else
 Requires:   %{name} = %{version}-%{release}
 %endif
 Requires:   composer-cli
 Requires:   createrepo_c
 Requires:   xorriso
 Requires:   qemu-kvm-core
 Requires:   systemd-container
 Requires:   jq
 Requires:   unzip
 Requires:   container-selinux
 Requires:   dnsmasq
 Requires:   krb5-workstation
 Requires:   podman
 Requires:   python3
 Requires:   sssd-krb5
 Requires:   libvirt-client libvirt-daemon
 Requires:   libvirt-daemon-config-network
 Requires:   libvirt-daemon-config-nwfilter
 Requires:   libvirt-daemon-driver-interface
 Requires:   libvirt-daemon-driver-network
 Requires:   libvirt-daemon-driver-nodedev
 Requires:   libvirt-daemon-driver-nwfilter
 Requires:   libvirt-daemon-driver-qemu
 Requires:   libvirt-daemon-driver-secret
 Requires:   libvirt-daemon-driver-storage
 Requires:   libvirt-daemon-driver-storage-disk
 Requires:   libvirt-daemon-kvm
 Requires:   qemu-img
 Requires:   qemu-kvm
 Requires:   rpmdevtools
 Requires:   virt-install
 Requires:   expect
 Requires:   python3-lxml
 Requires:   httpd
 Requires:   mod_ssl
 Requires:   openssl
 Requires:   firewalld
 Requires:   podman-plugins
 Requires:   dnf-plugins-core
 Requires:   skopeo
 Requires:   make
 Requires:   python3-pip
 %if 0%{?fedora}
 # koji and ansible are not in RHEL repositories. Depending on them breaks RHEL
 # gating (see OSCI-1541). The test script must enable EPEL and install those
 # packages manually.
 Requires:   koji
 Requires:   ansible
 %endif
 %ifarch %{arm}
 Requires:   edk2-aarch64
 %endif
 %description tests
 Integration tests to be run on a pristine-dedicated system to test the osbuild-composer package.
 %files tests
 %{_libexecdir}/osbuild-composer-test/
 %{_libexecdir}/tests/osbuild-composer/
 %{_datadir}/tests/osbuild-composer/
 %endif
 %changelog
 * Tue Jun 24 2025 Ondřej Budai <obudai@redhat.com> - 101-4
 - Resolves: RHEL-89279 (CVE-2025-22871)
 * Tue Apr 22 2025 Tomáš Hozza <thozza@redhat.com> - 101-3
 - Resolve RHEL-84643 (CVE-2025-30204)
 * Wed Sep 25 2024 Tomáš Hozza <thozza@redhat.com> - 101-2
 - Rebuilt to fix:
  - CVE-2024-34156
  - CVE-2024-1394
  - RHEL-24303
  - RHEL-57905
 * Mon Feb 26 2024 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 101-1
 - New upstream release
 * Wed Feb 07 2024 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 100-1
 - New upstream release
 * Wed Jan 24 2024 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 99-1
 - New upstream release
 * Wed Jan 10 2024 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 98-1
 - New upstream release
 * Wed Dec 13 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 96-1
 - New upstream release
 * Wed Nov 29 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 95-1
 - New upstream release
 * Wed Nov 15 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 94-1
 - New upstream release
 * Wed Nov 01 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 93-1
 - New upstream release
 * Wed Oct 18 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 92-1
 - New upstream release
 * Wed Oct 04 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 91-1
 - New upstream release
 * Thu Sep 21 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 90-1
 - New upstream release
 * Wed Sep 06 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 89-1
 - New upstream release
 * Thu Aug 24 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 88-1
 - New upstream release
 * Wed Aug 09 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 87-1
 - New upstream release
 * Wed Jul 26 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 86-1
 - New upstream release
 * Fri Jul 14 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 85-1
 - New upstream release
 * Wed Jun 14 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 84-1
 - New upstream release
 * Wed May 17 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 82-1
 - New upstream release
 * Wed Apr 19 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 80-1
 - New upstream release
 * Wed Apr 05 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 79-1
 - New upstream release
 * Wed Mar 08 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 77-1
 - New upstream release
 * Wed Feb 22 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 75-1
 - New upstream release
 * Wed Feb 08 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 74-1
 - New upstream release
 * Wed Jan 25 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 73-1
 - New upstream release
 * Wed Jan 11 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 72-1
 - New upstream release
 * Wed Dec 28 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 71-1
 - New upstream release
 * Wed Dec 14 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 70-1
 - New upstream release
 * Wed Nov 30 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 69-1
 - New upstream release
 * Wed Nov 16 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 68-1
 - New upstream release
 * Wed Nov 02 2022 imagebuilder-bots+imagebuilder-bot@redhat.com <imagebuilder-bot> - 67-1
 - New upstream release
 * Mon Aug 29 2022 Ondřej Budai <ondrej@budai.cz> - 62-1
 - New upstream release
 * Wed Aug 24 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 60-1
 - New upstream release
 * Thu Aug 11 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 59-1
 - New upstream release
 * Thu Jul 28 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 58-1
 - New upstream release
 * Mon Jul 18 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 57-1
 - New upstream release
 * Wed Jun 15 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 55-1
 - New upstream release
 * Wed Jun 01 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 54-1
 - New upstream release
 * Mon May 23 2022 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 53-1
 - New upstream release
 * Wed May 04 2022 Ondřej Budai <ondrej@budai.cz> - 51-1
 - New upstream release
 * Tue Mar 01 2022 Ondřej Budai <ondrej@budai.cz> - 46-1
 - New upstream release
 * Sat Feb 19 2022 Ondřej Budai <ondrej@budai.cz> - 45-1
 - New upstream release
 * Mon Feb 14 2022 Thomas Lavocat <tlavocat@redhat.com> - 44-1
 - New upstream release
 * Mon Feb 07 2022 Thomas Lavocat <tlavocat@redhat.com> - 43-1
 - New upstream release
 * Tue Jan 18 2022 Thomas Lavocat <tlavocat@redhat.com> - 42-1
 - New upstream release
 * Thu Dec 09 2021 Ondřej Budai <ondrej@budai.cz> - 40-1
 - New upstream release
 * Fri Oct 15 2021 Achilleas Koutsou <achilleas@redhat.com> - 37-1
 - New upstream release
 * Fri Oct 15 2021 Achilleas Koutsou <achilleas@redhat.com> - 36-1
 - New upstream release
 * Mon Aug 30 2021 Tom Gundersen <teg@jklm.no> - 33-1
 - New upstream release
 * Sun Aug 29 2021 Tom Gundersen <teg@jklm.no> - 32-2
 - New upstream release
 * Thu Aug 12 2021 Ondřej Budai <ondrej@budai.cz> - 31-1
 - New upstream release
 * Sat Feb 20 2021 Martin Sehnoutka <msehnout@redhat.com> - 28-1
 - New upstream release
 * Fri Feb 05 2021 Ondrej Budai <obudai@redhat.com> - 27-1
 - New upstream release
 * Thu Dec 17 2020 Ondrej Budai <obudai@redhat.com> - 26-1
 - New upstream release
 * Mon Nov 30 2020 Ondrej Budai <obudai@redhat.com> - 25-1
 - New upstream release 25 (rhbz#1883481)
 * Thu Sep 03 2020 Tom Gundersen <tgunders@redhat.com> - 20.1-1
 - New upstream release 20.1 (rhbz#1872370)
 * Sun Aug 23 2020 Tom Gundersen <tgunders@redhat.com> - 20-1
 - New upstream release 20 (rhbz#1871184 and rhbz#1871179)
 * Thu Aug 13 2020 Tom Gundersen <tgunders@redhat.com> - 19-1
 - New upstream release 19 (rhbz#1866015 and rhbz#1866013)
 * Thu Jul 09 2020 Ondrej Budai <obudai@redhat.com> - 17-1
 - New upstream release 17 (rhbz#1831653)
 - Obsolete lorax-composer in favor of osbuild-composer (rhbz#1836844)
 * Mon Jun 29 2020 Ondrej Budai <obudai@redhat.com> - 16-1
 - New upstream release 16 (rhbz#1831653)
 * Fri Jun 12 2020 Ondrej Budai <obudai@redhat.com> - 15-1
 - New upstream release 15 (rhbz#1831653)
 * Thu Jun 04 2020 Ondrej Budai <obudai@redhat.com> - 14-1
 - New upstream release 14 (rhbz#1831653)
 * Thu May 28 2020 Ondrej Budai <obudai@redhat.com> - 13-1
 - New upstream release 13 (rhbz#1831653)
 * Tue May 05 2020 Ondrej Budai <obudai@redhat.com> - 11-1
 - Initial package (renamed from golang-github-osbuild-composer) (rhbz#1771887)
--- a/osbuild-composer.spec
+++ b/osbuild-composer.spec
--- a/1
+++ b/1
@ -0,0 +1 @@
 SHA512 (osbuild-composer-118.tar.gz) = be9a4b4080f19116dd1c3e885139a0b8ef58961d6a34c49d8c2b2c77b42ff7d99dabac72b232ed5bdfd599461cbc6b228785610eb22e139dcc2a803164c29a2a
`@ -1 +1 @@`
	`SOURCES/osbuild-composer-101.tar.gz`	`osbuild-composer-118.tar.gz`
		`@ -1 +0,0 @@`
			`0feb86b5dcd146ce5b87816ae482eb50ed507c16 SOURCES/osbuild-composer-101.tar.gz`
		`@ -0,0 +1 @@`
							`SHA512 (osbuild-composer-118.tar.gz) = be9a4b4080f19116dd1c3e885139a0b8ef58961d6a34c49d8c2b2c77b42ff7d99dabac72b232ed5bdfd599461cbc6b228785610eb22e139dcc2a803164c29a2a`