import skopeo-1.2.2-10.module+el8.5.0+11808+4e1db630

2021-10-05 23:12:29 -04:00 · 2021-10-05 23:12:29 -04:00 · 51f9e3959b
commit 51f9e3959b
parent 6886c1e670
7 changed files with 1028 additions and 1749 deletions
--- a/SOURCES/containers-policy.json.5.md
+++ b/SOURCES/containers-policy.json.5.md
@ -65,7 +65,8 @@ The `atomic:` transport refers to images in an Atomic Registry.
 Supported scopes use the form _hostname_[`:`_port_][`/`_namespace_[`/`_imagestream_ [`:`_tag_]]],
 i.e. either specifying a complete name of a tagged image, or prefix denoting
-a host/namespace/image stream.
+a host/namespace/image stream or a wildcarded expression for matching all
 subdomains. For wildcarded subdomain matching, `*.example.com` is a valid case, but `example*.*.com` is not.
 *Note:* The _hostname_ and _port_ refer to the Docker registry host and port (the one used
 e.g. for `docker pull`), _not_ to the OpenShift API host and port.
@ -90,7 +91,9 @@ Scopes matching individual images are named Docker references *in the fully expa
 using a tag or digest. For example, `docker.io/library/busybox:latest` (*not* `busybox:latest`).
 More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest),
-a repository namespace, or a registry host (by only specifying the host name).
+a repository namespace, or a registry host (by only specifying the host name)
 or a wildcarded expression for matching all subdomains. For wildcarded subdomain
 matching, `*.example.com` is a valid case, but `example*.*.com` is not.
 ### `oci:`
@ -253,6 +256,8 @@ selectively allow individual transports and scopes as desired.
            /* Similarly, allow installing the “official” busybox images.  Note how the fully expanded
               form, with the explicit /library/, must be used. */
            "docker.io/library/busybox": [{"type": "insecureAcceptAnything"}]
            /* Allow installing images from all subdomains */
            "*.temporary-project.example.com": [{"type": "insecureAcceptAnything"}]
            /* Other docker: images use the global default policy and are rejected */
        },
        "dir": {
--- a/SOURCES/containers-registries.conf.5.md
+++ b/SOURCES/containers-registries.conf.5.md
@ -164,10 +164,10 @@ If `short-name-mode` is not specified at all or left empty, default to the
 `permissive` mode.  If the user-specified short name was not aliased already,
 the `enforcing` and `permissive` mode if prompted, will record a new alias
 after a successful pull.  Note that the recorded alias will be written to
-`$XDG_CONFIG_HOME/containers/short-name-aliases.conf` to have a clear
+`/var/cache/containers/short-name-aliases.conf` for root to have a clear
 separation between possibly human-edited registries.conf files and the
-machine-generated `short-name-aliases-conf`.  Note that `$HOME/.config` is used
+machine-generated `short-name-aliases-conf`.  Note that `$HOME/.cache` is used
-if `$XDG_CONFIG_HOME` is not set.  If an alias is specified in a
+for rootless users.  If an alias is specified in a
 `registries.conf` file and also the machine-generated
 `short-name-aliases.conf`, the `short-name-aliases.conf` file has precedence.
--- a/SOURCES/containers.conf
+++ b/SOURCES/containers.conf
@ -299,6 +299,7 @@ default_sysctls = [
 # Selects which logging mechanism to use for container engine events.
 # Valid values are `journald`, `file` and `none`.
 #
 # events_logger = "journald"
 events_logger = "file"
 # Path to OCI hooks directories for automatically executed hooks.
@ -321,6 +322,7 @@ events_logger = "file"
 # reserving the pods resources for the lifetime of the pod.
 #
 # infra_image = "k8s.gcr.io/pause:3.2"
 infra_image = "registry.access.redhat.com/ubi8/pause"
 # Specify the locking mechanism to use; valid values are "shm" and "file".
 # Change the default only if you are sure of what you are doing, in general
@ -393,6 +395,7 @@ events_logger = "file"
 # Default OCI runtime
 #
 # runtime = "crun"
 runtime = "runc"
 # List of the OCI runtimes that support --format=json.  When json is supported
 # engine will use it for reporting nicer errors.
--- a/SOURCES/rhel-shortnames.conf
+++ b/SOURCES/rhel-shortnames.conf
--- a/SOURCES/seccomp.json
+++ b/SOURCES/seccomp.json
@ -89,6 +89,7 @@
 				"epoll_ctl",
 				"epoll_ctl_old",
 				"epoll_pwait",
 				"epoll_pwait2",
 				"epoll_wait",
 				"epoll_wait_old",
 				"eventfd",
@ -117,7 +118,11 @@
 				"flock",
 				"fork",
 				"fremovexattr",
 				"fsconfig",
 				"fsetxattr",
 				"fsmount",
 				"fsopen",
 				"fspick",
 				"fstat",
 				"fstat64",
 				"fstatat64",
@ -205,6 +210,7 @@
 				"mmap",
 				"mmap2",
 				"mount",
 				"move_mount",
 				"mprotect",
 				"mq_getsetattr",
 				"mq_notify",
@ -227,6 +233,7 @@
 				"open",
 				"openat",
 				"openat2",
 				"open_tree",
 				"pause",
 				"pidfd_getfd",
 				"pidfd_open",
@ -730,6 +737,7 @@
 		{
 			"names": [
 				"kcmp",
 				"process_madvise",
 				"process_vm_readv",
 				"process_vm_writev",
 				"ptrace"
--- a/SOURCES/shortnames.conf
+++ b/SOURCES/shortnames.conf
@ -24,6 +24,8 @@
  "tumbleweed-dnf" = "registry.opensuse.org/opensuse/tumbleweed-dnf"
  "tumbleweed-microdnf" = "registry.opensuse.org/opensuse/tumbleweed-microdnf"
  "leap" = "registry.opensuse.org/opensuse/leap"
  "leap-dnf" = "registry.opensuse.org/opensuse/leap-dnf"
  "leap-microdnf" = "registry.opensuse.org/opensuse/leap-microdnf"
  "tw-busybox" = "registry.opensuse.org/opensuse/busybox"
  # SUSE
  "suse/sle15" = "registry.suse.com/suse/sle15"
@ -51,5 +53,13 @@
  "ubi8/ubi-micro" = "registry.access.redhat.com/ubi8-micro"
  # Debian
  "debian" = "docker.io/library/debian"
  # Ubuntu
  "ubuntu" = "docker.io/library/ubuntu"
  # Oracle Linux
-  "oraclelinux" = "container-registry.oracle.com/os/oraclelinux"
+  "oraclelinux" = "docker.io/library/oraclelinux"
  # busybox
  "busybox" = "docker.io/library/busybox"
  # php
  "php" = "docker.io/library/php"
  #python
  "python" = "docker.io/library/python"
--- a/SPECS/skopeo.spec
+++ b/SPECS/skopeo.spec
@ -18,9 +18,9 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
 # pick the oldest version on c/image, c/common, c/storage vendored in
 # podman/skopeo/podman.
 %global podman_branch v3.0
-%global image_branch  v5.9.0
+%global image_branch v5.10.2
-%global common_branch v0.33.0
+%global common_branch v0.33.4
-%global storage_branch v1.24.5
+%global storage_branch v1.24.6
 %global shortnames_branch main
 %global commit0 e72dd9c5c834f3cd7fb8b1aab4021d9d4412f305
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
@ -28,7 +28,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
 Epoch: 1
 Name: skopeo
 Version: 1.2.2
-Release: 2%{?dist}
+Release: 10%{?dist}
 Summary: Inspect container images and repositories on registries
 License: ASL 2.0
 URL: %{git0}
@ -233,9 +233,11 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %{_datadir}/%{name}/test
 %changelog
-* Tue Mar 02 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.2-2
+* Thu Jul 15 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.2-10
- update rhel-shortnames.conf to include only trusted registries
+- update shortnames from Pyxis
- Resolves: #1931785
+- sync with the vendored versions in 3.0-8.5.0
 - bump release to assure upgrade path from 3.0-8.4.0
 - Related: #1934415
 * Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.2-1
 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.2