Compare commits
11 Commits
Author | SHA1 | Date | |
---|---|---|---|
fc1f93cd8d | |||
7c7b1657c8 | |||
dbe32ebfec | |||
a862e3e045 | |||
|
4d69243352 | ||
743d8c7c0e | |||
73d76d5042 | |||
|
6af3ca6b8c | ||
|
ce6870bc23 | ||
dc59d98b24 | |||
871d52df46 |
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/osbuild-composer-101.tar.gz
|
SOURCES/osbuild-composer-88.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
0feb86b5dcd146ce5b87816ae482eb50ed507c16 SOURCES/osbuild-composer-101.tar.gz
|
9566fbe6bba91c7b3aba1a57c900aa6c00f77397 SOURCES/osbuild-composer-88.tar.gz
|
||||||
|
@ -1,391 +0,0 @@
|
|||||||
diff --git a/go.mod b/go.mod
|
|
||||||
index f571516..d3d329f 100644
|
|
||||||
--- a/go.mod
|
|
||||||
+++ b/go.mod
|
|
||||||
@@ -23,7 +23,7 @@ require (
|
|
||||||
github.com/getkin/kin-openapi v0.93.0
|
|
||||||
github.com/getsentry/sentry-go v0.26.0
|
|
||||||
github.com/gobwas/glob v0.2.3
|
|
||||||
- github.com/golang-jwt/jwt/v4 v4.5.0
|
|
||||||
+ github.com/golang-jwt/jwt/v4 v4.5.2
|
|
||||||
github.com/google/go-cmp v0.6.0
|
|
||||||
github.com/google/uuid v1.6.0
|
|
||||||
github.com/gophercloud/gophercloud v1.9.0
|
|
||||||
@@ -114,7 +114,7 @@ require (
|
|
||||||
github.com/go-openapi/validate v0.22.1 // indirect
|
|
||||||
github.com/gogo/protobuf v1.3.2 // indirect
|
|
||||||
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
|
|
||||||
- github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
|
|
||||||
+ github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
|
|
||||||
github.com/golang/glog v1.1.2 // indirect
|
|
||||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
|
||||||
github.com/golang/protobuf v1.5.3 // indirect
|
|
||||||
diff --git a/go.sum b/go.sum
|
|
||||||
index 5996751..488870b 100644
|
|
||||||
--- a/go.sum
|
|
||||||
+++ b/go.sum
|
|
||||||
@@ -251,10 +251,11 @@ github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keL
|
|
||||||
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
|
|
||||||
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
|
|
||||||
github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
|
|
||||||
-github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
|
|
||||||
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
|
||||||
-github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
|
|
||||||
-github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
|
|
||||||
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
|
|
||||||
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
|
||||||
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
|
|
||||||
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
|
|
||||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
|
||||||
github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
|
|
||||||
github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
|
|
||||||
diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go
|
|
||||||
index c0a6f69..0fc510a 100644
|
|
||||||
--- a/vendor/github.com/golang-jwt/jwt/v4/parser.go
|
|
||||||
+++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go
|
|
||||||
@@ -7,6 +7,8 @@ import (
|
|
||||||
"strings"
|
|
||||||
)
|
|
||||||
|
|
||||||
+const tokenDelimiter = "."
|
|
||||||
+
|
|
||||||
type Parser struct {
|
|
||||||
// If populated, only these methods will be considered valid.
|
|
||||||
//
|
|
||||||
@@ -36,19 +38,21 @@ func NewParser(options ...ParserOption) *Parser {
|
|
||||||
return p
|
|
||||||
}
|
|
||||||
|
|
||||||
-// Parse parses, validates, verifies the signature and returns the parsed token.
|
|
||||||
-// keyFunc will receive the parsed token and should return the key for validating.
|
|
||||||
+// Parse parses, validates, verifies the signature and returns the parsed token. keyFunc will
|
|
||||||
+// receive the parsed token and should return the key for validating.
|
|
||||||
func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
|
||||||
return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
|
|
||||||
}
|
|
||||||
|
|
||||||
-// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object implementing the Claims
|
|
||||||
-// interface. This provides default values which can be overridden and allows a caller to use their own type, rather
|
|
||||||
-// than the default MapClaims implementation of Claims.
|
|
||||||
+// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object
|
|
||||||
+// implementing the Claims interface. This provides default values which can be overridden and
|
|
||||||
+// allows a caller to use their own type, rather than the default MapClaims implementation of
|
|
||||||
+// Claims.
|
|
||||||
//
|
|
||||||
-// Note: If you provide a custom claim implementation that embeds one of the standard claims (such as RegisteredClaims),
|
|
||||||
-// make sure that a) you either embed a non-pointer version of the claims or b) if you are using a pointer, allocate the
|
|
||||||
-// proper memory for it before passing in the overall claims, otherwise you might run into a panic.
|
|
||||||
+// Note: If you provide a custom claim implementation that embeds one of the standard claims (such
|
|
||||||
+// as RegisteredClaims), make sure that a) you either embed a non-pointer version of the claims or
|
|
||||||
+// b) if you are using a pointer, allocate the proper memory for it before passing in the overall
|
|
||||||
+// claims, otherwise you might run into a panic.
|
|
||||||
func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
|
|
||||||
token, parts, err := p.ParseUnverified(tokenString, claims)
|
|
||||||
if err != nil {
|
|
||||||
@@ -85,12 +89,17 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
|
|
||||||
return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
|
|
||||||
}
|
|
||||||
|
|
||||||
+ // Perform validation
|
|
||||||
+ token.Signature = parts[2]
|
|
||||||
+ if err := token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
|
|
||||||
+ return token, &ValidationError{Inner: err, Errors: ValidationErrorSignatureInvalid}
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
vErr := &ValidationError{}
|
|
||||||
|
|
||||||
// Validate Claims
|
|
||||||
if !p.SkipClaimsValidation {
|
|
||||||
if err := token.Claims.Valid(); err != nil {
|
|
||||||
-
|
|
||||||
// If the Claims Valid returned an error, check if it is a validation error,
|
|
||||||
// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
|
|
||||||
if e, ok := err.(*ValidationError); !ok {
|
|
||||||
@@ -98,22 +107,14 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
|
|
||||||
} else {
|
|
||||||
vErr = e
|
|
||||||
}
|
|
||||||
+ return token, vErr
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- // Perform validation
|
|
||||||
- token.Signature = parts[2]
|
|
||||||
- if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
|
|
||||||
- vErr.Inner = err
|
|
||||||
- vErr.Errors |= ValidationErrorSignatureInvalid
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if vErr.valid() {
|
|
||||||
- token.Valid = true
|
|
||||||
- return token, nil
|
|
||||||
- }
|
|
||||||
+ // No errors so far, token is valid.
|
|
||||||
+ token.Valid = true
|
|
||||||
|
|
||||||
- return token, vErr
|
|
||||||
+ return token, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// ParseUnverified parses the token but doesn't validate the signature.
|
|
||||||
@@ -123,9 +124,10 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
|
|
||||||
// It's only ever useful in cases where you know the signature is valid (because it has
|
|
||||||
// been checked previously in the stack) and you want to extract values from it.
|
|
||||||
func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
|
|
||||||
- parts = strings.Split(tokenString, ".")
|
|
||||||
- if len(parts) != 3 {
|
|
||||||
- return nil, parts, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed)
|
|
||||||
+ var ok bool
|
|
||||||
+ parts, ok = splitToken(tokenString)
|
|
||||||
+ if !ok {
|
|
||||||
+ return nil, nil, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed)
|
|
||||||
}
|
|
||||||
|
|
||||||
token = &Token{Raw: tokenString}
|
|
||||||
@@ -175,3 +177,30 @@ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Toke
|
|
||||||
|
|
||||||
return token, parts, nil
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+// splitToken splits a token string into three parts: header, claims, and signature. It will only
|
|
||||||
+// return true if the token contains exactly two delimiters and three parts. In all other cases, it
|
|
||||||
+// will return nil parts and false.
|
|
||||||
+func splitToken(token string) ([]string, bool) {
|
|
||||||
+ parts := make([]string, 3)
|
|
||||||
+ header, remain, ok := strings.Cut(token, tokenDelimiter)
|
|
||||||
+ if !ok {
|
|
||||||
+ return nil, false
|
|
||||||
+ }
|
|
||||||
+ parts[0] = header
|
|
||||||
+ claims, remain, ok := strings.Cut(remain, tokenDelimiter)
|
|
||||||
+ if !ok {
|
|
||||||
+ return nil, false
|
|
||||||
+ }
|
|
||||||
+ parts[1] = claims
|
|
||||||
+ // One more cut to ensure the signature is the last part of the token and there are no more
|
|
||||||
+ // delimiters. This avoids an issue where malicious input could contain additional delimiters
|
|
||||||
+ // causing unecessary overhead parsing tokens.
|
|
||||||
+ signature, _, unexpected := strings.Cut(remain, tokenDelimiter)
|
|
||||||
+ if unexpected {
|
|
||||||
+ return nil, false
|
|
||||||
+ }
|
|
||||||
+ parts[2] = signature
|
|
||||||
+
|
|
||||||
+ return parts, true
|
|
||||||
+}
|
|
||||||
diff --git a/vendor/github.com/golang-jwt/jwt/v5/README.md b/vendor/github.com/golang-jwt/jwt/v5/README.md
|
|
||||||
index 964598a..0bb636f 100644
|
|
||||||
--- a/vendor/github.com/golang-jwt/jwt/v5/README.md
|
|
||||||
+++ b/vendor/github.com/golang-jwt/jwt/v5/README.md
|
|
||||||
@@ -10,11 +10,11 @@ implementation of [JSON Web
|
|
||||||
Tokens](https://datatracker.ietf.org/doc/html/rfc7519).
|
|
||||||
|
|
||||||
Starting with [v4.0.0](https://github.com/golang-jwt/jwt/releases/tag/v4.0.0)
|
|
||||||
-this project adds Go module support, but maintains backwards compatibility with
|
|
||||||
+this project adds Go module support, but maintains backward compatibility with
|
|
||||||
older `v3.x.y` tags and upstream `github.com/dgrijalva/jwt-go`. See the
|
|
||||||
[`MIGRATION_GUIDE.md`](./MIGRATION_GUIDE.md) for more information. Version
|
|
||||||
v5.0.0 introduces major improvements to the validation of tokens, but is not
|
|
||||||
-entirely backwards compatible.
|
|
||||||
+entirely backward compatible.
|
|
||||||
|
|
||||||
> After the original author of the library suggested migrating the maintenance
|
|
||||||
> of `jwt-go`, a dedicated team of open source maintainers decided to clone the
|
|
||||||
@@ -24,7 +24,7 @@ entirely backwards compatible.
|
|
||||||
|
|
||||||
|
|
||||||
**SECURITY NOTICE:** Some older versions of Go have a security issue in the
|
|
||||||
-crypto/elliptic. Recommendation is to upgrade to at least 1.15 See issue
|
|
||||||
+crypto/elliptic. The recommendation is to upgrade to at least 1.15 See issue
|
|
||||||
[dgrijalva/jwt-go#216](https://github.com/dgrijalva/jwt-go/issues/216) for more
|
|
||||||
detail.
|
|
||||||
|
|
||||||
@@ -32,7 +32,7 @@ detail.
|
|
||||||
what you
|
|
||||||
expect](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/).
|
|
||||||
This library attempts to make it easy to do the right thing by requiring key
|
|
||||||
-types match the expected alg, but you should take the extra step to verify it in
|
|
||||||
+types to match the expected alg, but you should take the extra step to verify it in
|
|
||||||
your usage. See the examples provided.
|
|
||||||
|
|
||||||
### Supported Go versions
|
|
||||||
@@ -41,7 +41,7 @@ Our support of Go versions is aligned with Go's [version release
|
|
||||||
policy](https://golang.org/doc/devel/release#policy). So we will support a major
|
|
||||||
version of Go until there are two newer major releases. We no longer support
|
|
||||||
building jwt-go with unsupported Go versions, as these contain security
|
|
||||||
-vulnerabilities which will not be fixed.
|
|
||||||
+vulnerabilities that will not be fixed.
|
|
||||||
|
|
||||||
## What the heck is a JWT?
|
|
||||||
|
|
||||||
@@ -117,7 +117,7 @@ notable differences:
|
|
||||||
|
|
||||||
This library is considered production ready. Feedback and feature requests are
|
|
||||||
appreciated. The API should be considered stable. There should be very few
|
|
||||||
-backwards-incompatible changes outside of major version updates (and only with
|
|
||||||
+backward-incompatible changes outside of major version updates (and only with
|
|
||||||
good reason).
|
|
||||||
|
|
||||||
This project uses [Semantic Versioning 2.0.0](http://semver.org). Accepted pull
|
|
||||||
@@ -125,8 +125,8 @@ requests will land on `main`. Periodically, versions will be tagged from
|
|
||||||
`main`. You can find all the releases on [the project releases
|
|
||||||
page](https://github.com/golang-jwt/jwt/releases).
|
|
||||||
|
|
||||||
-**BREAKING CHANGES:*** A full list of breaking changes is available in
|
|
||||||
-`VERSION_HISTORY.md`. See `MIGRATION_GUIDE.md` for more information on updating
|
|
||||||
+**BREAKING CHANGES:** A full list of breaking changes is available in
|
|
||||||
+`VERSION_HISTORY.md`. See [`MIGRATION_GUIDE.md`](./MIGRATION_GUIDE.md) for more information on updating
|
|
||||||
your code.
|
|
||||||
|
|
||||||
## Extensions
|
|
||||||
diff --git a/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md b/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md
|
|
||||||
index b08402c..2740597 100644
|
|
||||||
--- a/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md
|
|
||||||
+++ b/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md
|
|
||||||
@@ -2,11 +2,11 @@
|
|
||||||
|
|
||||||
## Supported Versions
|
|
||||||
|
|
||||||
-As of February 2022 (and until this document is updated), the latest version `v4` is supported.
|
|
||||||
+As of November 2024 (and until this document is updated), the latest version `v5` is supported. In critical cases, we might supply back-ported patches for `v4`.
|
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
|
||||||
|
|
||||||
-If you think you found a vulnerability, and even if you are not sure, please report it to jwt-go-security@googlegroups.com or one of the other [golang-jwt maintainers](https://github.com/orgs/golang-jwt/people). Please try be explicit, describe steps to reproduce the security issue with code example(s).
|
|
||||||
+If you think you found a vulnerability, and even if you are not sure, please report it a [GitHub Security Advisory](https://github.com/golang-jwt/jwt/security/advisories/new). Please try be explicit, describe steps to reproduce the security issue with code example(s).
|
|
||||||
|
|
||||||
You will receive a response within a timely manner. If the issue is confirmed, we will do our best to release a patch as soon as possible given the complexity of the problem.
|
|
||||||
|
|
||||||
diff --git a/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
|
|
||||||
index ca85659..c929e4a 100644
|
|
||||||
--- a/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
|
|
||||||
+++ b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
|
|
||||||
@@ -62,7 +62,7 @@ func (m *SigningMethodECDSA) Verify(signingString string, sig []byte, key interf
|
|
||||||
case *ecdsa.PublicKey:
|
|
||||||
ecdsaKey = k
|
|
||||||
default:
|
|
||||||
- return newError("ECDSA verify expects *ecsda.PublicKey", ErrInvalidKeyType)
|
|
||||||
+ return newError("ECDSA verify expects *ecdsa.PublicKey", ErrInvalidKeyType)
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(sig) != 2*m.KeySize {
|
|
||||||
@@ -96,7 +96,7 @@ func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) ([]byte
|
|
||||||
case *ecdsa.PrivateKey:
|
|
||||||
ecdsaKey = k
|
|
||||||
default:
|
|
||||||
- return nil, newError("ECDSA sign expects *ecsda.PrivateKey", ErrInvalidKeyType)
|
|
||||||
+ return nil, newError("ECDSA sign expects *ecdsa.PrivateKey", ErrInvalidKeyType)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create the hasher
|
|
||||||
diff --git a/vendor/github.com/golang-jwt/jwt/v5/hmac.go b/vendor/github.com/golang-jwt/jwt/v5/hmac.go
|
|
||||||
index 96c6272..aca600c 100644
|
|
||||||
--- a/vendor/github.com/golang-jwt/jwt/v5/hmac.go
|
|
||||||
+++ b/vendor/github.com/golang-jwt/jwt/v5/hmac.go
|
|
||||||
@@ -91,7 +91,7 @@ func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interfa
|
|
||||||
func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte, error) {
|
|
||||||
if keyBytes, ok := key.([]byte); ok {
|
|
||||||
if !m.Hash.Available() {
|
|
||||||
- return nil, newError("HMAC sign expects []byte", ErrInvalidKeyType)
|
|
||||||
+ return nil, ErrHashUnavailable
|
|
||||||
}
|
|
||||||
|
|
||||||
hasher := hmac.New(m.Hash.New, keyBytes)
|
|
||||||
@@ -100,5 +100,5 @@ func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte,
|
|
||||||
return hasher.Sum(nil), nil
|
|
||||||
}
|
|
||||||
|
|
||||||
- return nil, ErrInvalidKeyType
|
|
||||||
+ return nil, newError("HMAC sign expects []byte", ErrInvalidKeyType)
|
|
||||||
}
|
|
||||||
diff --git a/vendor/github.com/golang-jwt/jwt/v5/parser.go b/vendor/github.com/golang-jwt/jwt/v5/parser.go
|
|
||||||
index ecf99af..054c7eb 100644
|
|
||||||
--- a/vendor/github.com/golang-jwt/jwt/v5/parser.go
|
|
||||||
+++ b/vendor/github.com/golang-jwt/jwt/v5/parser.go
|
|
||||||
@@ -8,6 +8,8 @@ import (
|
|
||||||
"strings"
|
|
||||||
)
|
|
||||||
|
|
||||||
+const tokenDelimiter = "."
|
|
||||||
+
|
|
||||||
type Parser struct {
|
|
||||||
// If populated, only these methods will be considered valid.
|
|
||||||
validMethods []string
|
|
||||||
@@ -136,9 +138,10 @@ func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyf
|
|
||||||
// It's only ever useful in cases where you know the signature is valid (since it has already
|
|
||||||
// been or will be checked elsewhere in the stack) and you want to extract values from it.
|
|
||||||
func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
|
|
||||||
- parts = strings.Split(tokenString, ".")
|
|
||||||
- if len(parts) != 3 {
|
|
||||||
- return nil, parts, newError("token contains an invalid number of segments", ErrTokenMalformed)
|
|
||||||
+ var ok bool
|
|
||||||
+ parts, ok = splitToken(tokenString)
|
|
||||||
+ if !ok {
|
|
||||||
+ return nil, nil, newError("token contains an invalid number of segments", ErrTokenMalformed)
|
|
||||||
}
|
|
||||||
|
|
||||||
token = &Token{Raw: tokenString}
|
|
||||||
@@ -196,6 +199,33 @@ func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Toke
|
|
||||||
return token, parts, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
+// splitToken splits a token string into three parts: header, claims, and signature. It will only
|
|
||||||
+// return true if the token contains exactly two delimiters and three parts. In all other cases, it
|
|
||||||
+// will return nil parts and false.
|
|
||||||
+func splitToken(token string) ([]string, bool) {
|
|
||||||
+ parts := make([]string, 3)
|
|
||||||
+ header, remain, ok := strings.Cut(token, tokenDelimiter)
|
|
||||||
+ if !ok {
|
|
||||||
+ return nil, false
|
|
||||||
+ }
|
|
||||||
+ parts[0] = header
|
|
||||||
+ claims, remain, ok := strings.Cut(remain, tokenDelimiter)
|
|
||||||
+ if !ok {
|
|
||||||
+ return nil, false
|
|
||||||
+ }
|
|
||||||
+ parts[1] = claims
|
|
||||||
+ // One more cut to ensure the signature is the last part of the token and there are no more
|
|
||||||
+ // delimiters. This avoids an issue where malicious input could contain additional delimiters
|
|
||||||
+ // causing unecessary overhead parsing tokens.
|
|
||||||
+ signature, _, unexpected := strings.Cut(remain, tokenDelimiter)
|
|
||||||
+ if unexpected {
|
|
||||||
+ return nil, false
|
|
||||||
+ }
|
|
||||||
+ parts[2] = signature
|
|
||||||
+
|
|
||||||
+ return parts, true
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
// DecodeSegment decodes a JWT specific base64url encoding. This function will
|
|
||||||
// take into account whether the [Parser] is configured with additional options,
|
|
||||||
// such as [WithStrictDecoding] or [WithPaddingAllowed].
|
|
||||||
diff --git a/vendor/github.com/golang-jwt/jwt/v5/token.go b/vendor/github.com/golang-jwt/jwt/v5/token.go
|
|
||||||
index 352873a..9c7f4ab 100644
|
|
||||||
--- a/vendor/github.com/golang-jwt/jwt/v5/token.go
|
|
||||||
+++ b/vendor/github.com/golang-jwt/jwt/v5/token.go
|
|
||||||
@@ -75,7 +75,7 @@ func (t *Token) SignedString(key interface{}) (string, error) {
|
|
||||||
}
|
|
||||||
|
|
||||||
// SigningString generates the signing string. This is the most expensive part
|
|
||||||
-// of the whole deal. Unless you need this for something special, just go
|
|
||||||
+// of the whole deal. Unless you need this for something special, just go
|
|
||||||
// straight for the SignedString.
|
|
||||||
func (t *Token) SigningString() (string, error) {
|
|
||||||
h, err := json.Marshal(t.Header)
|
|
||||||
diff --git a/vendor/modules.txt b/vendor/modules.txt
|
|
||||||
index 35d0433..f49c006 100644
|
|
||||||
--- a/vendor/modules.txt
|
|
||||||
+++ b/vendor/modules.txt
|
|
||||||
@@ -568,10 +568,10 @@ github.com/gogo/protobuf/proto
|
|
||||||
# github.com/golang-jwt/jwt v3.2.2+incompatible
|
|
||||||
## explicit
|
|
||||||
github.com/golang-jwt/jwt
|
|
||||||
-# github.com/golang-jwt/jwt/v4 v4.5.0
|
|
||||||
+# github.com/golang-jwt/jwt/v4 v4.5.2
|
|
||||||
## explicit; go 1.16
|
|
||||||
github.com/golang-jwt/jwt/v4
|
|
||||||
-# github.com/golang-jwt/jwt/v5 v5.2.0
|
|
||||||
+# github.com/golang-jwt/jwt/v5 v5.2.2
|
|
||||||
## explicit; go 1.18
|
|
||||||
github.com/golang-jwt/jwt/v5
|
|
||||||
# github.com/golang/glog v1.1.2
|
|
931
SOURCES/almalinux_support.patch
Normal file
931
SOURCES/almalinux_support.patch
Normal file
File diff suppressed because one or more lines are too long
11
SOURCES/remove_libreport.patch
Normal file
11
SOURCES/remove_libreport.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff -aruN osbuild-composer-88.3/vendor/github.com/osbuild/images/pkg/distro/rhel8/bare_metal.go osbuild-composer-88.3.alma/vendor/github.com/osbuild/images/pkg/distro/rhel8/bare_metal.go
|
||||||
|
--- osbuild-composer-88.3/vendor/github.com/osbuild/images/pkg/distro/rhel8/bare_metal.go 2023-11-17 21:41:59
|
||||||
|
+++ osbuild-composer-88.3.alma/vendor/github.com/osbuild/images/pkg/distro/rhel8/bare_metal.go 2024-02-07 15:13:07
|
||||||
|
@@ -214,7 +214,6 @@
|
||||||
|
"libibverbs",
|
||||||
|
"libreport-plugin-bugzilla",
|
||||||
|
"libreport-plugin-reportuploader",
|
||||||
|
- "libreport-rhel-anaconda-bugzilla",
|
||||||
|
"librsvg2",
|
||||||
|
"linux-firmware",
|
||||||
|
"lklug-fonts",
|
@ -7,12 +7,9 @@
|
|||||||
# This is used internally during nightly pipeline testing!
|
# This is used internally during nightly pipeline testing!
|
||||||
%bcond_with relax_requires
|
%bcond_with relax_requires
|
||||||
|
|
||||||
# The minimum required osbuild version
|
|
||||||
%global min_osbuild_version 109
|
|
||||||
|
|
||||||
%global goipath github.com/osbuild/osbuild-composer
|
%global goipath github.com/osbuild/osbuild-composer
|
||||||
|
|
||||||
Version: 101
|
Version: 88
|
||||||
|
|
||||||
%gometa
|
%gometa
|
||||||
|
|
||||||
@ -25,7 +22,7 @@ It is compatible with composer-cli and cockpit-composer clients.
|
|||||||
}
|
}
|
||||||
|
|
||||||
Name: osbuild-composer
|
Name: osbuild-composer
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}.alma.3
|
||||||
Summary: An image building service based on osbuild
|
Summary: An image building service based on osbuild
|
||||||
|
|
||||||
# osbuild-composer doesn't have support for building i686 and armv7hl images
|
# osbuild-composer doesn't have support for building i686 and armv7hl images
|
||||||
@ -36,7 +33,8 @@ License: Apache-2.0
|
|||||||
URL: %{gourl}
|
URL: %{gourl}
|
||||||
Source0: %{gosource}
|
Source0: %{gosource}
|
||||||
|
|
||||||
Patch0: CVE-2025-30204.patch
|
Patch100: almalinux_support.patch
|
||||||
|
Patch101: remove_libreport.patch
|
||||||
|
|
||||||
BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
|
BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang}
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
@ -46,13 +44,9 @@ BuildRequires: make
|
|||||||
# Build requirements of 'theproglottis/gpgme' package
|
# Build requirements of 'theproglottis/gpgme' package
|
||||||
BuildRequires: gpgme-devel
|
BuildRequires: gpgme-devel
|
||||||
BuildRequires: libassuan-devel
|
BuildRequires: libassuan-devel
|
||||||
# Build requirements of 'github.com/containers/storage' package
|
|
||||||
BuildRequires: device-mapper-devel
|
|
||||||
%if 0%{?fedora}
|
%if 0%{?fedora}
|
||||||
BuildRequires: systemd-rpm-macros
|
BuildRequires: systemd-rpm-macros
|
||||||
BuildRequires: git
|
BuildRequires: git
|
||||||
# Build requirements of 'github.com/containers/storage' package
|
|
||||||
BuildRequires: btrfs-progs-devel
|
|
||||||
# DO NOT REMOVE the BUNDLE_START and BUNDLE_END markers as they are used by 'tools/rpm_spec_add_provides_bundle.sh' to generate the Provides: bundled list
|
# DO NOT REMOVE the BUNDLE_START and BUNDLE_END markers as they are used by 'tools/rpm_spec_add_provides_bundle.sh' to generate the Provides: bundled list
|
||||||
# BUNDLE_START
|
# BUNDLE_START
|
||||||
# BUNDLE_END
|
# BUNDLE_END
|
||||||
@ -86,16 +80,6 @@ export PATH=$PWD/_bin${PATH:+:$PATH}
|
|||||||
export GOPATH=$GO_BUILD_PATH:%{gopath}
|
export GOPATH=$GO_BUILD_PATH:%{gopath}
|
||||||
export GOFLAGS+=" -mod=vendor"
|
export GOFLAGS+=" -mod=vendor"
|
||||||
%endif
|
%endif
|
||||||
%if 0%{?fedora}
|
|
||||||
# Fedora disables Go modules by default, but we want to use them.
|
|
||||||
# Undefine the macro which disables it to use the default behavior.
|
|
||||||
%undefine gomodulesmode
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# btrfs-progs-devel is not available on RHEL
|
|
||||||
%if 0%{?rhel}
|
|
||||||
GOTAGS="exclude_graphdriver_btrfs"
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Set the commit hash so that composer can report what source version
|
# Set the commit hash so that composer can report what source version
|
||||||
# was used to build it. This has to be set explicitly when calling rpmbuild,
|
# was used to build it. This has to be set explicitly when calling rpmbuild,
|
||||||
@ -105,10 +89,8 @@ export LDFLAGS="${LDFLAGS} -X 'github.com/osbuild/osbuild-composer/internal/comm
|
|||||||
%endif
|
%endif
|
||||||
export LDFLAGS="${LDFLAGS} -X 'github.com/osbuild/osbuild-composer/internal/common.RpmVersion=%{name}-%{?epoch:%epoch:}%{version}-%{release}.%{_arch}'"
|
export LDFLAGS="${LDFLAGS} -X 'github.com/osbuild/osbuild-composer/internal/common.RpmVersion=%{name}-%{?epoch:%epoch:}%{version}-%{release}.%{_arch}'"
|
||||||
|
|
||||||
%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-composer %{goipath}/cmd/osbuild-composer
|
%gobuild -o _bin/osbuild-composer %{goipath}/cmd/osbuild-composer
|
||||||
%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-worker %{goipath}/cmd/osbuild-worker
|
%gobuild -o _bin/osbuild-worker %{goipath}/cmd/osbuild-worker
|
||||||
%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-jobsite-manager %{goipath}/cmd/osbuild-jobsite-manager
|
|
||||||
%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-jobsite-builder %{goipath}/cmd/osbuild-jobsite-builder
|
|
||||||
|
|
||||||
make man
|
make man
|
||||||
|
|
||||||
@ -127,15 +109,15 @@ export GOPATH=%{gobuilddir}:%{gopath}
|
|||||||
|
|
||||||
TEST_LDFLAGS="${LDFLAGS:-} -B 0x$(od -N 20 -An -tx1 -w100 /dev/urandom | tr -d ' ')"
|
TEST_LDFLAGS="${LDFLAGS:-} -B 0x$(od -N 20 -An -tx1 -w100 /dev/urandom | tr -d ' ')"
|
||||||
|
|
||||||
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-cli-tests %{goipath}/cmd/osbuild-composer-cli-tests
|
go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-cli-tests %{goipath}/cmd/osbuild-composer-cli-tests
|
||||||
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-dnf-json-tests %{goipath}/cmd/osbuild-dnf-json-tests
|
go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-dnf-json-tests %{goipath}/cmd/osbuild-dnf-json-tests
|
||||||
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-weldr-tests %{goipath}/internal/client/
|
go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-weldr-tests %{goipath}/internal/client/
|
||||||
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-image-tests %{goipath}/cmd/osbuild-image-tests
|
go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-image-tests %{goipath}/cmd/osbuild-image-tests
|
||||||
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-auth-tests %{goipath}/cmd/osbuild-auth-tests
|
go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-auth-tests %{goipath}/cmd/osbuild-auth-tests
|
||||||
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-koji-tests %{goipath}/cmd/osbuild-koji-tests
|
go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-koji-tests %{goipath}/cmd/osbuild-koji-tests
|
||||||
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-dbjobqueue-tests %{goipath}/cmd/osbuild-composer-dbjobqueue-tests
|
go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-dbjobqueue-tests %{goipath}/cmd/osbuild-composer-dbjobqueue-tests
|
||||||
go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-service-maintenance-tests %{goipath}/cmd/osbuild-service-maintenance
|
go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-service-maintenance-tests %{goipath}/cmd/osbuild-service-maintenance
|
||||||
go build -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-mock-openid-provider %{goipath}/cmd/osbuild-mock-openid-provider
|
go build -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-mock-openid-provider %{goipath}/cmd/osbuild-mock-openid-provider
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -143,34 +125,15 @@ go build -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _b
|
|||||||
install -m 0755 -vd %{buildroot}%{_libexecdir}/osbuild-composer
|
install -m 0755 -vd %{buildroot}%{_libexecdir}/osbuild-composer
|
||||||
install -m 0755 -vp _bin/osbuild-composer %{buildroot}%{_libexecdir}/osbuild-composer/
|
install -m 0755 -vp _bin/osbuild-composer %{buildroot}%{_libexecdir}/osbuild-composer/
|
||||||
install -m 0755 -vp _bin/osbuild-worker %{buildroot}%{_libexecdir}/osbuild-composer/
|
install -m 0755 -vp _bin/osbuild-worker %{buildroot}%{_libexecdir}/osbuild-composer/
|
||||||
install -m 0755 -vp _bin/osbuild-jobsite-manager %{buildroot}%{_libexecdir}/osbuild-composer/
|
install -m 0755 -vp dnf-json %{buildroot}%{_libexecdir}/osbuild-composer/
|
||||||
install -m 0755 -vp _bin/osbuild-jobsite-builder %{buildroot}%{_libexecdir}/osbuild-composer/
|
|
||||||
|
|
||||||
# Only include repositories for the distribution and release
|
# Only include repositories for the distribution and release
|
||||||
install -m 0755 -vd %{buildroot}%{_datadir}/osbuild-composer/repositories
|
install -m 0755 -vd %{buildroot}%{_datadir}/osbuild-composer/repositories
|
||||||
# CentOS also defines rhel so we check for centos first
|
%if 0%{?almalinux}
|
||||||
%if 0%{?centos}
|
%if 0%{?almalinux} >= 9
|
||||||
|
install -m 0644 -vp repositories/almalinux-* %{buildroot}%{_datadir}/osbuild-composer/repositories/
|
||||||
# CentOS 9 supports building for CentOS 8 and later
|
|
||||||
%if 0%{?centos} >= 9
|
|
||||||
install -m 0644 -vp repositories/centos-* %{buildroot}%{_datadir}/osbuild-composer/repositories/
|
|
||||||
%else
|
%else
|
||||||
# CentOS 8 only supports building for CentOS 8
|
install -m 0644 -vp repositories/almalinux-8* %{buildroot}%{_datadir}/osbuild-composer/repositories/
|
||||||
install -m 0644 -vp repositories/centos-%{centos}* %{buildroot}%{_datadir}/osbuild-composer/repositories/
|
|
||||||
install -m 0644 -vp repositories/centos-stream-%{centos}* %{buildroot}%{_datadir}/osbuild-composer/repositories/
|
|
||||||
|
|
||||||
%endif
|
|
||||||
%else
|
|
||||||
%if 0%{?rhel}
|
|
||||||
# RHEL 9 supports building for RHEL 8 and later
|
|
||||||
%if 0%{?rhel} >= 9
|
|
||||||
install -m 0644 -vp repositories/rhel-* %{buildroot}%{_datadir}/osbuild-composer/repositories/
|
|
||||||
|
|
||||||
%else
|
|
||||||
# RHEL 8 only supports building for 8
|
|
||||||
install -m 0644 -vp repositories/rhel-%{rhel}* %{buildroot}%{_datadir}/osbuild-composer/repositories/
|
|
||||||
|
|
||||||
%endif
|
|
||||||
%endif
|
%endif
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -215,6 +178,7 @@ install -m 0755 -vp tools/generic_s3_test.sh %{buildroot}%
|
|||||||
install -m 0755 -vp tools/generic_s3_https_test.sh %{buildroot}%{_libexecdir}/osbuild-composer-test/
|
install -m 0755 -vp tools/generic_s3_https_test.sh %{buildroot}%{_libexecdir}/osbuild-composer-test/
|
||||||
install -m 0755 -vp tools/run-mock-auth-servers.sh %{buildroot}%{_libexecdir}/osbuild-composer-test/
|
install -m 0755 -vp tools/run-mock-auth-servers.sh %{buildroot}%{_libexecdir}/osbuild-composer-test/
|
||||||
install -m 0755 -vp tools/set-env-variables.sh %{buildroot}%{_libexecdir}/osbuild-composer-test/
|
install -m 0755 -vp tools/set-env-variables.sh %{buildroot}%{_libexecdir}/osbuild-composer-test/
|
||||||
|
install -m 0755 -vp tools/test-case-generators/generate-test-cases %{buildroot}%{_libexecdir}/osbuild-composer-test/
|
||||||
install -m 0755 -vd %{buildroot}%{_libexecdir}/tests/osbuild-composer
|
install -m 0755 -vd %{buildroot}%{_libexecdir}/tests/osbuild-composer
|
||||||
install -m 0755 -vp test/cases/*.sh %{buildroot}%{_libexecdir}/tests/osbuild-composer/
|
install -m 0755 -vp test/cases/*.sh %{buildroot}%{_libexecdir}/tests/osbuild-composer/
|
||||||
|
|
||||||
@ -269,7 +233,7 @@ install -m 0644 -vp test/data/upgrade8to9/* %{buildroot}%{
|
|||||||
%check
|
%check
|
||||||
export GOFLAGS="-buildmode=pie"
|
export GOFLAGS="-buildmode=pie"
|
||||||
%if 0%{?rhel}
|
%if 0%{?rhel}
|
||||||
export GOFLAGS+=" -mod=vendor -tags=exclude_graphdriver_btrfs"
|
export GOFLAGS+=" -mod=vendor"
|
||||||
export GOPATH=$PWD/_build:%{gopath}
|
export GOPATH=$PWD/_build:%{gopath}
|
||||||
# cd inside GOPATH, otherwise go with GO111MODULE=off ignores vendor directory
|
# cd inside GOPATH, otherwise go with GO111MODULE=off ignores vendor directory
|
||||||
cd $PWD/_build/src/%{goipath}
|
cd $PWD/_build/src/%{goipath}
|
||||||
@ -301,9 +265,7 @@ cd $PWD/_build/src/%{goipath}
|
|||||||
|
|
||||||
%package core
|
%package core
|
||||||
Summary: The core osbuild-composer binary
|
Summary: The core osbuild-composer binary
|
||||||
Requires: osbuild-depsolve-dnf >= %{min_osbuild_version}
|
Requires: %{name}-dnf-json = %{version}-%{release}
|
||||||
Provides: %{name}-dnf-json = %{version}-%{release}
|
|
||||||
Obsoletes: %{name}-dnf-json < %{version}-%{release}
|
|
||||||
|
|
||||||
%description core
|
%description core
|
||||||
The core osbuild-composer binary. This is suitable both for spawning in containers and by systemd.
|
The core osbuild-composer binary. This is suitable both for spawning in containers and by systemd.
|
||||||
@ -316,21 +278,17 @@ The core osbuild-composer binary. This is suitable both for spawning in containe
|
|||||||
Summary: The worker for osbuild-composer
|
Summary: The worker for osbuild-composer
|
||||||
Requires: systemd
|
Requires: systemd
|
||||||
Requires: qemu-img
|
Requires: qemu-img
|
||||||
Requires: osbuild >= %{min_osbuild_version}
|
Requires: osbuild >= 93
|
||||||
Requires: osbuild-ostree >= %{min_osbuild_version}
|
Requires: osbuild-ostree >= 93
|
||||||
Requires: osbuild-lvm2 >= %{min_osbuild_version}
|
Requires: osbuild-lvm2 >= 93
|
||||||
Requires: osbuild-luks2 >= %{min_osbuild_version}
|
Requires: osbuild-luks2 >= 93
|
||||||
Requires: osbuild-depsolve-dnf >= %{min_osbuild_version}
|
Requires: %{name}-dnf-json = %{version}-%{release}
|
||||||
Provides: %{name}-dnf-json = %{version}-%{release}
|
|
||||||
Obsoletes: %{name}-dnf-json < %{version}-%{release}
|
|
||||||
|
|
||||||
%description worker
|
%description worker
|
||||||
The worker for osbuild-composer
|
The worker for osbuild-composer
|
||||||
|
|
||||||
%files worker
|
%files worker
|
||||||
%{_libexecdir}/osbuild-composer/osbuild-worker
|
%{_libexecdir}/osbuild-composer/osbuild-worker
|
||||||
%{_libexecdir}/osbuild-composer/osbuild-jobsite-manager
|
|
||||||
%{_libexecdir}/osbuild-composer/osbuild-jobsite-builder
|
|
||||||
%{_unitdir}/osbuild-worker@.service
|
%{_unitdir}/osbuild-worker@.service
|
||||||
%{_unitdir}/osbuild-remote-worker@.service
|
%{_unitdir}/osbuild-remote-worker@.service
|
||||||
|
|
||||||
@ -352,6 +310,25 @@ fi
|
|||||||
# restart all the worker services
|
# restart all the worker services
|
||||||
%systemd_postun_with_restart "osbuild-worker@*.service" "osbuild-remote-worker@*.service"
|
%systemd_postun_with_restart "osbuild-worker@*.service" "osbuild-remote-worker@*.service"
|
||||||
|
|
||||||
|
%package dnf-json
|
||||||
|
Summary: The dnf-json binary used by osbuild-composer and the workers
|
||||||
|
|
||||||
|
# Conflicts with older versions of composer that provide the same files
|
||||||
|
# this can be removed when RHEL 8 reaches EOL
|
||||||
|
Conflicts: osbuild-composer <= 35
|
||||||
|
|
||||||
|
%description dnf-json
|
||||||
|
The dnf-json binary used by osbuild-composer and the workers.
|
||||||
|
|
||||||
|
%files dnf-json
|
||||||
|
%{_libexecdir}/osbuild-composer/dnf-json
|
||||||
|
|
||||||
|
%post dnf-json
|
||||||
|
# Fix ownership of the rpmmd cache files from previous versions where it was owned by root:root
|
||||||
|
if [ -e /var/cache/osbuild-composer/rpmmd ]; then
|
||||||
|
chown -f -R --from root:root _osbuild-composer:_osbuild-composer /var/cache/osbuild-composer/rpmmd
|
||||||
|
fi
|
||||||
|
|
||||||
%if %{with tests} || 0%{?rhel}
|
%if %{with tests} || 0%{?rhel}
|
||||||
|
|
||||||
%package tests
|
%package tests
|
||||||
@ -423,55 +400,18 @@ Integration tests to be run on a pristine-dedicated system to test the osbuild-c
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Apr 22 2025 Tomáš Hozza <thozza@redhat.com> - 101-3
|
* Wed Feb 07 2024 Eduard Abdullin <eabdullin@almalinux.org> - 88-1.alma.3
|
||||||
- Resolve RHEL-84643 (CVE-2025-30204)
|
- Remove libreport-rhel-bugzilla from package set
|
||||||
|
|
||||||
* Wed Sep 25 2024 Tomáš Hozza <thozza@redhat.com> - 101-2
|
* Wed Feb 07 2024 Eduard Abdullin <eabdullin@almalinux.org> - 88-1.alma.2
|
||||||
- Rebuilt to fix:
|
- Add new AlmaLinux-8 key
|
||||||
- CVE-2024-34156
|
|
||||||
- CVE-2024-1394
|
|
||||||
- RHEL-24303
|
|
||||||
- RHEL-57905
|
|
||||||
|
|
||||||
* Mon Feb 26 2024 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 101-1
|
* Wed Sep 27 2023 Eduard Abdullin <eabdullin@almalinux.org> - 88-1.alma
|
||||||
- New upstream release
|
- Install AlmaLinux repositories
|
||||||
|
- Add AlmaLinux support
|
||||||
* Wed Feb 07 2024 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 100-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Jan 24 2024 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 99-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Jan 10 2024 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 98-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Dec 13 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 96-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Nov 29 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 95-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Nov 15 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 94-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Nov 01 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 93-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Oct 18 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 92-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Oct 04 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 91-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Thu Sep 21 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 90-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Sep 06 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 89-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Thu Aug 24 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 88-1
|
* Thu Aug 24 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 88-1
|
||||||
- New upstream release
|
- New upstream release
|
||||||
|
|
||||||
* Wed Aug 09 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 87-1
|
* Wed Aug 09 2023 imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> - 87-1
|
||||||
- New upstream release
|
- New upstream release
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user