Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/skopeo.git#ee7648ddc1a7a64babd5880e973cceb3724d119e
2020-11-30 20:34:46 +00:00 · 2020-11-30 20:34:46 +00:00 · 3d7a00972d
commit 3d7a00972d
parent 33ca4cb7b7
11 changed files with 96 additions and 30 deletions
--- a/.gitignore
+++ b/.gitignore
@ -203,3 +203,13 @@
 /skopeo-a13b581.tar.gz
 /skopeo-c4998eb.tar.gz
 /skopeo-ae26454.tar.gz
 /skopeo-662f9ac.tar.gz
 /skopeo-23cb1b7.tar.gz
 /skopeo-5dd09d7.tar.gz
 /skopeo-45a9efb.tar.gz
 /skopeo-12ab19f.tar.gz
 /skopeo-bbd800f.tar.gz
 /skopeo-77293ff.tar.gz
 /skopeo-8151b89.tar.gz
 /skopeo-44beab6.tar.gz
 /skopeo-6dabefa.tar.gz
--- a/containers-policy.json.5.md
+++ b/containers-policy.json.5.md
@ -177,7 +177,7 @@ One of the following alternatives are supported:
  ```json
  {"type":"matchRepoDigestOrExact"}
  ```
- The identity in the signature must be in the same repository as the image identity.  This is useful e.g. to pull an image using the `:latest` tag when the image is signed with a tag specifing an exact image version.
+- The identity in the signature must be in the same repository as the image identity.  This is useful e.g. to pull an image using the `:latest` tag when the image is signed with a tag specifying an exact image version.
  ```json
  {"type":"matchRepository"}
--- a/containers-registries.d.5.md
+++ b/containers-registries.d.5.md
@ -12,7 +12,7 @@ The registries configuration directory contains configuration for various regist
 so that the configuration does not have to be provided in command-line options over and over for every command,
 and so that it can be shared by all users of containers/image.
-By default (unless overridden at compile-time), the registries configuration directory is `/etc/containers/registries.d`;
+By default, the registries configuration directory is `$HOME/.config/containers/registries.d` if it exists, otherwise `/etc/containers/registries.d` (unless overridden at compile-time);
 applications may allow using a different directory instead.
 ## Directory Structure
--- a/containers-signature.5.md
+++ b/containers-signature.5.md
@ -224,7 +224,7 @@ The contents of this string is not defined in detail; however each implementatio
 Consumers of container signatures MAY recognize specific values or sets of values of `optional.creator`
 (perhaps augmented with `optional.timestamp`),
 and MAY change their processing of the signature based on these values
-(usually to acommodate violations of this specification in past versions of the signing software which cannot be fixed retroactively),
+(usually to accommodate violations of this specification in past versions of the signing software which cannot be fixed retroactively),
 as long as the semantics of the invalid document, as created by such an implementation, is clear.
 If consumers of signatures do change their behavior based on the `optional.creator` value,
--- a/containers-storage.conf.5.md
+++ b/containers-storage.conf.5.md
@ -75,7 +75,7 @@ The `storage.options` table supports the following options:
     remap-group = "containers"
 **root-auto-userns-user**=""
-  Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file.  These ranges will be partioned to containers configured to create automatically a user namespace.  Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set.  This setting is ignored when running as rootless.
+  Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file.  These ranges will be partitioned to containers configured to create automatically a user namespace.  Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set.  This setting is ignored when running as rootless.
 **auto-userns-min-size**=1024
  Auto-userns-min-size is the minimum size for a user namespace created automatically.
--- a/containers-transports.5.md
+++ b/containers-transports.5.md
@ -41,10 +41,14 @@ If `name` does not contain a slash, it is treated as `docker.io/library/name`.
 Otherwise, the component before the first slash is checked if it is recognized as a `hostname[:port]` (i.e., it contains either a . or a :, or the component is exactly localhost).
 If the first component of name is not recognized as a `hostname[:port]`, `name` is treated as `docker.io/name`.
-### **docker-archive:**_path[:docker-reference]_
+### **docker-archive:**_path[:{docker-reference|@source-index}]_
 An image is stored in the docker-save(1) formatted file.
-_docker-reference_ is only used when creating such a file, and it must not contain a digest.
+_docker-reference_ must not contain a digest.
 Alternatively, for reading archives, @_source-index_ is a zero-based index in archive manifest
 (to access untagged images).
 If neither _docker-reference_ nor @_source_index is specified when reading an archive, the archive must contain exactly one image.
 It is further possible to copy data to stdin by specifying `docker-archive:/dev/stdin` but note that the used file must be seekable.
 ### **docker-daemon:**_docker-reference|algo:digest_
--- a/containers.conf
+++ b/containers.conf
@ -59,29 +59,27 @@
 # List of default capabilities for containers. If it is empty or commented out,
 # the default capabilities defined in the container engine will be added.
 #
-# default_capabilities = [
+default_capabilities = [
-#    "AUDIT_WRITE",
+    "AUDIT_WRITE",
-#    "CHOWN",
+    "CHOWN",
-#    "DAC_OVERRIDE",
+    "DAC_OVERRIDE",
-#    "FOWNER",
+    "FOWNER",
-#    "FSETID",
+    "FSETID",
-#    "KILL",
+    "KILL",
-#    "MKNOD",
+    "NET_BIND_SERVICE",
-#    "NET_BIND_SERVICE",
+    "SETGID",
-#    "NET_RAW",
+    "SETPCAP",
-#    "SETGID",
+    "SETUID",
-#    "SETPCAP",
+    "SYS_CHROOT"
-#    "SETUID",
+]
 #    "SYS_CHROOT",
 # ]
 # A list of sysctls to be set in containers by default,
 # specified as "name=value",
 # for example:"net.ipv4.ping_group_range = 0 1000".
 #
-# default_sysctls = [
+default_sysctls = [
-#  "net.ipv4.ping_group_range=0 1000",
+ "net.ipv4.ping_group_range=0 1",
-# ]
+]
 # A list of ulimits to be set in containers by default, specified as
 # "<ulimit name>=<soft limit>:<hard limit>", for example:
--- a/seccomp.json
+++ b/seccomp.json
@ -93,6 +93,7 @@
 				"exit",
 				"exit_group",
 				"faccessat",
 				"faccessat2",
 				"fadvise64",
 				"fadvise64_64",
 				"fallocate",
@ -220,6 +221,7 @@
 				"newfstatat",
 				"open",
 				"openat",
 				"openat2",
 				"pause",
 				"pipe",
 				"pipe2",
--- a/skopeo.spec
+++ b/skopeo.spec
@ -28,7 +28,7 @@
 %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
 %global import_path %{provider_prefix}
 %global git0 https://%{import_path}
-%global commit0 ae2645401405f0894861ecb23f3058a706d6c9b7
+%global commit0 6dabefa9db30a172d68267d2ed864712d2d25aa1
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 # Used for comparing with latest upstream tag
@ -45,8 +45,8 @@ Epoch: 1
 %else
 Epoch: 2
 %endif
-Version: 1.1.1
+Version: 1.2.1
-Release: 38.dev.git%{shortcommit0}%{?dist}
+Release: 3.dev.git%{shortcommit0}%{?dist}
 Summary: Inspect container images and repositories on registries
 License: ASL 2.0
 URL: %{git0}
@ -447,6 +447,58 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %{_datadir}/%{name}/test
 %changelog
 * Wed Sep 30 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.2.1-3.dev.git6dabefa
 - autobuilt 6dabefa
 * Fri Sep 25 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.2.1-2.dev.git44beab6
 - bump to 1.2.1
 - autobuilt 44beab6
 * Fri Sep 25 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.1.1-51.dev.git5d5756c
 - Modify the range of groups used in net.ipv4.ping_group_range to be 1 so that
 - it will work more easily with User Namespaces
 - Also turn back on AUDIT_WRITE until seccomp.json file is fixed
 * Mon Sep 21 18:12:41 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-50.dev.git8151b89
 - autobuilt 8151b89
 * Mon Sep 21 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.1.1-49.dev.git5d5756c
 - Add SYS_CHROOT back into default capabilities
 * Mon Sep 21 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.1.1-48.dev.git5d5756c
 - Remove fchmodat2 from seccomp.json (This syscall does not exist yet)
 * Fri Sep 18 20:12:04 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-47.dev.git77293ff
 - autobuilt 77293ff
 * Thu Sep 17 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.1.1-46.dev.git5d5756c
 - Remove NET_RAW, SYS_CHROOT, MKNOD and AUDIT_WRITE from default list of capabilities
 - Turn on ping for 65k users
 * Tue Sep 15 11:13:22 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-45.dev.gitbbd800f
 - autobuilt bbd800f
 * Mon Sep 14 16:12:20 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-44.dev.git12ab19f
 - autobuilt 12ab19f
 * Sat Sep 12 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.1.1-43.dev.git5d5756c
 - update man pages
 - Update seccomp rules
 - Update configuration files in containers-common
 - Update configuration files in containers-storage
 * Fri Sep 11 19:12:27 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-42.dev.git45a9efb
 - autobuilt 45a9efb
 * Wed Sep  9 20:12:20 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-41.dev.git5dd09d7
 - autobuilt 5dd09d7
 * Wed Sep  9 09:11:56 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-40.dev.git23cb1b7
 - autobuilt 23cb1b7
 * Wed Sep  2 18:10:52 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-39.dev.git662f9ac
 - autobuilt 662f9ac
 * Wed Sep  2 17:11:26 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-38.dev.gitae26454
 - autobuilt ae26454
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (skopeo-ae26454.tar.gz) = 67e0cee421fdb8dac9f17f113e8e72eb81b94b5aba35b6a318cd9c5f559382ef957b8f867ee021334b9c1df0f5fa427cd99de3cbdfd1429259c5ce8d83e5e78c
+SHA512 (skopeo-6dabefa.tar.gz) = 637b23a4df7c97e5fe49771be004813ef8e59f2b18e949239239772bb7ea7aa6d6f6e75a3daff74b985e870756a5f4cf46ff47214efe4ce2800e65fa858f0bb1
--- a/storage.conf
+++ b/storage.conf
@ -47,7 +47,7 @@ additionalimagestores = [
 # remap-group = "containers"
 # Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
-# ranges in the /etc/subuid and /etc/subgid file.  These ranges will be partioned
+# ranges in the /etc/subuid and /etc/subgid file.  These ranges will be partitioned
 # to containers configured to create automatically a user namespace.  Containers
 # configured to automatically create a user namespace can still overlap with containers
 # having an explicit mapping set.
`@ -1 +1 @@`
	`SHA512 (skopeo-ae26454.tar.gz) = 67e0cee421fdb8dac9f17f113e8e72eb81b94b5aba35b6a318cd9c5f559382ef957b8f867ee021334b9c1df0f5fa427cd99de3cbdfd1429259c5ce8d83e5e78c`	`SHA512 (skopeo-6dabefa.tar.gz) = 637b23a4df7c97e5fe49771be004813ef8e59f2b18e949239239772bb7ea7aa6d6f6e75a3daff74b985e870756a5f4cf46ff47214efe4ce2800e65fa858f0bb1`