skopeo-1.2.0-6.el9

- unify vendored branches
- add validation script

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
Jindrich Novy 2020-12-07 14:16:02 +01:00
parent f114552b3c
commit c056adfab1
11 changed files with 220 additions and 1308 deletions

217
.gitignore vendored
View File

@ -1,216 +1 @@
/skopeo-98aca9c.tar.gz
/skopeo-3eefe21.tar.gz
/skopeo-30db2ad.tar.gz
/skopeo-82b121c.tar.gz
/skopeo-8094910.tar.gz
/skopeo-015f1c8.tar.gz
/skopeo-9e971b4.tar.gz
/skopeo-ffe92ed.tar.gz
/skopeo-362bfc5.tar.gz
/skopeo-d830391.tar.gz
/skopeo-550a480.tar.gz
/skopeo-2b3af4a.tar.gz
/skopeo-0224d8c.tar.gz
/skopeo-e802625.tar.gz
/skopeo-0b73154.tar.gz
/skopeo-d5e34c1.tar.gz
/skopeo-5d24b67.tar.gz
/skopeo-1bbd87f.tar.gz
/skopeo-a41cd0a.tar.gz
/skopeo-875dd2e.tar.gz
/skopeo-28d4e08.tar.gz
/skopeo-dd2c3e3.tar.gz
/skopeo-7fd6f66.tar.gz
/skopeo-2e8377a.tar.gz
/skopeo-93876ac.tar.gz
/skopeo-0270e56.tar.gz
/skopeo-7add6fc.tar.gz
/skopeo-28080c8.tar.gz
/skopeo-ab2bc6e.tar.gz
/skopeo-1f11b8b.tar.gz
/skopeo-c4808f0.tar.gz
/skopeo-79225f2.tar.gz
/skopeo-2d04db9.tar.gz
/skopeo-7e9a664.tar.gz
/skopeo.spec
/skopeo-ca3bff6.tar.gz
/skopeo-5c61108.tar.gz
/skopeo-f9baaa6.tar.gz
/skopeo-0144aa8.tar.gz
/skopeo-6e23a32.tar.gz
/skopeo-196bc48.tar.gz
/skopeo-ae64ff7.tar.gz
/skopeo-e3034e1.tar.gz
/skopeo-e814f96.tar.gz
/skopeo-5aa217f.tar.gz
/skopeo-761a681.tar.gz
/skopeo-fbc2e4f.tar.gz
/skopeo-41d8dd8.tar.gz
/skopeo-a51e38e.tar.gz
/skopeo-ecd675e.tar.gz
/skopeo-05212df.tar.gz
/skopeo-3e98377.tar.gz
/skopeo-17bea86.tar.gz
/skopeo-f7c608e.tar.gz
/skopeo-42b01df.tar.gz
/skopeo-bba2874.tar.gz
/skopeo-b329dd0.tar.gz
/skopeo-b8b9913.tar.gz
/skopeo-fee5981.tar.gz
/skopeo-932b037.tar.gz
/skopeo-2134209.tar.gz
/skopeo-2031e17.tar.gz
/skopeo-0490018.tar.gz
/skopeo-94728fb.tar.gz
/skopeo-d93a581.tar.gz
/skopeo-0975497.tar.gz
/skopeo-854f766.tar.gz
/skopeo-c73bcba.tar.gz
/skopeo-81c5e94.tar.gz
/skopeo-18ee5f8.tar.gz
/skopeo-e255ccc.tar.gz
/skopeo-2af7114.tar.gz
/skopeo-0fa335c.tar.gz
/skopeo-565dbf3.tar.gz
/skopeo-5f45112.tar.gz
/skopeo-b58088a.tar.gz
/skopeo-8a9641c.tar.gz
/skopeo-2ad9ae5.tar.gz
/skopeo-19025f5.tar.gz
/skopeo-65b3aa9.tar.gz
/skopeo-bf8089c.tar.gz
/skopeo-202c1ea.tar.gz
/skopeo-c040b28.tar.gz
/skopeo-44bc4a9.tar.gz
/skopeo-ee9e9df.tar.gz
/skopeo-481bb94.tar.gz
/skopeo-1e2d6f6.tar.gz
/skopeo-c4b0c7c.tar.gz
/skopeo-9019e27.tar.gz
/skopeo-18f0e1e.tar.gz
/skopeo-5ae6b16.tar.gz
/skopeo-7eb5f39.tar.gz
/skopeo-fa6e580.tar.gz
/skopeo-881edbf.tar.gz
/skopeo-f72e39f.tar.gz
/skopeo-5b0a789.tar.gz
/skopeo-5f9a6ea.tar.gz
/skopeo-4b6a5da.tar.gz
/skopeo-8057da7.tar.gz
/skopeo-a263b35.tar.gz
/skopeo-153520e.tar.gz
/skopeo-02432cf.tar.gz
/skopeo-10d0ebb.tar.gz
/skopeo-75b7d1e.tar.gz
/skopeo-1094c7d.tar.gz
/skopeo-307d9c2.tar.gz
/skopeo-332bb45.tar.gz
/skopeo-24f4f82.tar.gz
/skopeo-39540db.tar.gz
/skopeo-34ab4c4.tar.gz
/skopeo-912b7e1.tar.gz
/skopeo-ce6ec77.tar.gz
/skopeo-2bfa895.tar.gz
/skopeo-73248bd.tar.gz
/skopeo-3ed6e83.tar.gz
/skopeo-9c402f3.tar.gz
/skopeo-e8d49d6.tar.gz
/skopeo-407f2e9.tar.gz
/skopeo-5291aac.tar.gz
/skopeo-c3e6b4f.tar.gz
/skopeo-8652b65.tar.gz
/skopeo-e955849.tar.gz
/skopeo-763e488.tar.gz
/skopeo-4489ddd.tar.gz
/skopeo-7cbb8ad.tar.gz
/skopeo-7a0a8c2.tar.gz
/skopeo-b541fef.tar.gz
/skopeo-7170702.tar.gz
/skopeo-12865fd.tar.gz
/skopeo-7fee7d5.tar.gz
/skopeo-e31d5a0.tar.gz
/skopeo-501452a.tar.gz
/skopeo-a6f5ef1.tar.gz
/skopeo-018a010.tar.gz
/skopeo-eb199dc.tar.gz
/skopeo-6db5626.tar.gz
/skopeo-bd20786.tar.gz
/skopeo-3e9d8ae.tar.gz
/skopeo-5d512e2.tar.gz
/skopeo-8fa3326.tar.gz
/skopeo-71a8ff0.tar.gz
/skopeo-6ac3dce.tar.gz
/skopeo-9d63c7c.tar.gz
/skopeo-9d21b48.tar.gz
/skopeo-101901a.tar.gz
/skopeo-2d91b93.tar.gz
/skopeo-2415f3f.tar.gz
/skopeo-b230a50.tar.gz
/skopeo-e7a7f01.tar.gz
/skopeo-1ddb736.tar.gz
/skopeo-42f68c1.tar.gz
/skopeo-a6ab229.tar.gz
/skopeo-8936e76.tar.gz
/skopeo-71a14d7.tar.gz
/skopeo-4ca9b13.tar.gz
/skopeo-2af1726.tar.gz
/skopeo-fbf0612.tar.gz
/skopeo-0d9939d.tar.gz
/skopeo-a214a30.tar.gz
/skopeo-dcaee94.tar.gz
/skopeo-91a88de.tar.gz
/skopeo-96353f2.tar.gz
/skopeo-3a94432.tar.gz
/skopeo-8b4b954.tar.gz
/skopeo-a2c1d46.tar.gz
/skopeo-c6b488a.tar.gz
/skopeo-f9b0d93.tar.gz
/skopeo-161ef5a.tar.gz
/skopeo-827293a.tar.gz
/skopeo-0bd78a0.tar.gz
/skopeo-b70dfae.tar.gz
/skopeo-091f924.tar.gz
/skopeo-6b78619.tar.gz
/skopeo-96bd4a0.tar.gz
/skopeo-233e61c.tar.gz
/skopeo-7815c8a.tar.gz
/skopeo-ba8cbf5.tar.gz
/skopeo-ac6b871.tar.gz
/skopeo-6182aa3.tar.gz
/skopeo-ee72e80.tar.gz
/skopeo-840c487.tar.gz
/skopeo-dc5f68f.tar.gz
/skopeo-f63685f.tar.gz
/skopeo-6e295a2.tar.gz
/skopeo-6284ceb.tar.gz
/skopeo-2fa7b99.tar.gz
/skopeo-29eec32.tar.gz
/skopeo-89fb89a.tar.gz
/skopeo-494d237.tar.gz
/skopeo-153f18d.tar.gz
/skopeo-6252c22.tar.gz
/skopeo-62fd5a7.tar.gz
/skopeo-5e88eb5.tar.gz
/skopeo-c052ed7.tar.gz
/skopeo-78d2f67.tar.gz
/skopeo-baeaad6.tar.gz
/skopeo-0f94dbc.tar.gz
/skopeo-0c2c7f4.tar.gz
/skopeo-ea10e61.tar.gz
/skopeo-88c8c47.tar.gz
/skopeo-5d5756c.tar.gz
/skopeo-87484a1.tar.gz
/skopeo-a13b581.tar.gz
/skopeo-c4998eb.tar.gz
/skopeo-ae26454.tar.gz
/skopeo-662f9ac.tar.gz
/skopeo-23cb1b7.tar.gz
/skopeo-5dd09d7.tar.gz
/skopeo-45a9efb.tar.gz
/skopeo-12ab19f.tar.gz
/skopeo-bbd800f.tar.gz
/skopeo-77293ff.tar.gz
/skopeo-8151b89.tar.gz
/skopeo-44beab6.tar.gz
/skopeo-6dabefa.tar.gz
/skopeo-d8bc8b6.tar.gz
/*.tar.gz

View File

@ -10,7 +10,7 @@ The mounts.conf file specifies volume mount directories that are automatically m
The format of the mounts.conf is the volume format `/SRC:/DEST`, one mount per line. For example, a mounts.conf with the line `/usr/share/secrets:/run/secrets` would cause the contents of the `/usr/share/secrets` directory on the host to be mounted on the `/run/secrets` directory inside the container. Setting mountpoints allows containers to use the files of the host, for instance, to use the host's subscription to some enterprise Linux distribution.
## FILES
Some distributions may provide a `/usr/share/containers/mounts.conf` file to provide default mounts, but users can create a `/etc/containers/mounts.conf`, to specify their own special volumes to mount in the container.
Some distributions may provide a `/usr/share/containers/mounts.conf` file to provide default mounts, but users can create a `/etc/containers/mounts.conf`, to specify their own special volumes to mount in the container. When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` will override the default if it exists.
## HISTORY
Aug 2018, Originally compiled by Valentin Rothberg <vrothberg@suse.com>

View File

@ -177,7 +177,7 @@ One of the following alternatives are supported:
```json
{"type":"matchRepoDigestOrExact"}
```
- The identity in the signature must be in the same repository as the image identity. This is useful e.g. to pull an image using the `:latest` tag when the image is signed with a tag specifying an exact image version.
- The identity in the signature must be in the same repository as the image identity. This is useful e.g. to pull an image using the `:latest` tag when the image is signed with a tag specifing an exact image version.
```json
{"type":"matchRepository"}

View File

@ -224,7 +224,7 @@ The contents of this string is not defined in detail; however each implementatio
Consumers of container signatures MAY recognize specific values or sets of values of `optional.creator`
(perhaps augmented with `optional.timestamp`),
and MAY change their processing of the signature based on these values
(usually to accommodate violations of this specification in past versions of the signing software which cannot be fixed retroactively),
(usually to acommodate violations of this specification in past versions of the signing software which cannot be fixed retroactively),
as long as the semantics of the invalid document, as created by such an implementation, is clear.
If consumers of signatures do change their behavior based on the `optional.creator` value,

View File

@ -75,7 +75,7 @@ The `storage.options` table supports the following options:
remap-group = "containers"
**root-auto-userns-user**=""
Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned to containers configured to create automatically a user namespace. Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set. This setting is ignored when running as rootless.
Root-auto-userns-user is a user name which can be used to look up one or more UID/GID ranges in the /etc/subuid and /etc/subgid file. These ranges will be partioned to containers configured to create automatically a user namespace. Containers configured to automatically create a user namespace can still overlap with containers having an explicit mapping set. This setting is ignored when running as rootless.
**auto-userns-min-size**=1024
Auto-userns-min-size is the minimum size for a user namespace created automatically.

View File

@ -59,27 +59,29 @@
# List of default capabilities for containers. If it is empty or commented out,
# the default capabilities defined in the container engine will be added.
#
default_capabilities = [
"CHOWN",
"DAC_OVERRIDE",
"FOWNER",
"FSETID",
"KILL",
"NET_BIND_SERVICE",
"SETFCAP",
"SETGID",
"SETPCAP",
"SETUID",
"SYS_CHROOT"
]
# default_capabilities = [
# "AUDIT_WRITE",
# "CHOWN",
# "DAC_OVERRIDE",
# "FOWNER",
# "FSETID",
# "KILL",
# "MKNOD",
# "NET_BIND_SERVICE",
# "NET_RAW",
# "SETGID",
# "SETPCAP",
# "SETUID",
# "SYS_CHROOT",
# ]
# A list of sysctls to be set in containers by default,
# specified as "name=value",
# for example:"net.ipv4.ping_group_range = 0 1000".
#
default_sysctls = [
"net.ipv4.ping_group_range=0 1",
]
# default_sysctls = [
# "net.ipv4.ping_group_range=0 1000",
# ]
# A list of ulimits to be set in containers by default, specified as
# "<ulimit name>=<soft limit>:<hard limit>", for example:

View File

@ -1,25 +1,68 @@
# For more information on this configuration file, see containers-registries.conf(5).
#
# There are multiple versions of the configuration syntax available, where the
# second iteration is backwards compatible to the first one. Mixing up both
# formats will result in an runtime error.
#
# The initial configuration format looks like this:
#
# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES
# We recommend always using fully qualified image names including the registry
# server (full dns name), namespace, image name, and tag
# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,
# quay.io/repository/name@digest) further eliminates the ambiguity of tags.
# When using short names, there is always an inherent risk that the image being
# pulled could be spoofed. For example, a user wants to pull an image named
# `foobar` from a registry and expects it to come from myregistry.com. If
# myregistry.com is not first in the search list, an attacker could place a
# different `foobar` image at a registry earlier in the search list. The user
# would accidentally pull and run the attacker's image and code rather than the
# intended content. We recommend only adding registries which are completely
# trusted (i.e., registries which don't allow unknown or anonymous users to
# create accounts with arbitrary names). This will prevent an image from being
# spoofed, squatted or otherwise made insecure. If it is necessary to use one
# of these registries, it should be added at the end of the list.
# Red Hat recommends always using fully qualified image names including the registry server (full dns name),
# namespace, image name, and tag (ex. registry.redhat.io/ubi8/ubu:latest). When using short names, there is
# always an inherent risk that the image being pulled could be spoofed. For example, a user wants to.
# pull an image named `foobar` from a registry and expects it to come from myregistry.com. If myregistry.com
# is not first in the search list, an attacker could place a different `foobar` image at a registry earlier
# in the search list. The user would accidentally pull and run the attacker's image and code rather than the
# intended content. Red Hat recommends only adding registries which are completely trusted, i.e. registries
# which don't allow unknown or anonymous users to create accounts with arbitrary names. This will prevent
# an image from being spoofed, squatted or otherwise made insecure. If it is necessary to use one of these
# registries, it should be added at the end of the list.
#
# It is recommended to use fully-qualified images for pulling as the
# destination registry is unambiguous. Pulling by digest
# (i.e., quay.io/repository/name@digest) further eliminates the ambiguity of
# tags.
# The following registries are a set of secure defaults provided by Red Hat.
# Each of these registries provides container images curated, patched
# and maintained by Red Hat and its partners
#[registries.search]
#registries = ['registry.access.redhat.com', 'registry.redhat.io']
# To ensure compatibility with docker we've included docker.io in the default search list. However Red Hat
# does not curate, patch or maintain container images from the docker.io registry.
[registries.search]
registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io']
# The following registries entry can be used for convenience but includes
# container images built by the community. This set of content comes with all
# of the risks of any user generated content including security and performance
# issues. To use this list first comment out the default list, then uncomment
# the following list
#[registries.search]
#registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io', 'quay.io']
# Registries that do not use TLS when pulling images or uses self-signed
# certificates.
[registries.insecure]
registries = []
# Blocked Registries, blocks the `docker daemon` from pulling from the blocked registry. If you specify
# "*", then the docker daemon will only be allowed to pull from registries listed above in the search
# registries. Blocked Registries is deprecated because other container runtimes and tools will not use it.
# It is recommended that you use the trust policy file /etc/containers/policy.json to control which
# registries you want to allow users to pull and push from. policy.json gives greater flexibility, and
# supports all container runtimes and tools including the docker daemon, cri-o, buildah ...
# The atomic CLI `atomic trust` can be used to easily configure the policy.json file.
[registries.block]
registries = []
# The second version of the configuration format allows to specify registry
# mirrors:
#
# # An array of host[:port] registries to try when pulling an unqualified image, in order.
unqualified-search-registries = ['registry.fedoraproject.org', 'registry.access.redhat.com', 'registry.centos.org', 'docker.io']
unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
#
# [[registry]]
# # The "prefix" field is used to choose the relevant [[registry]] TOML table;
# # (only) the TOML table with the longest match for the input image name
@ -66,5 +109,5 @@ unqualified-search-registries = ['registry.fedoraproject.org', 'registry.access.
# # Given the above, a pull of example.com/foo/image:latest will try:
# # 1. example-mirror-0.local/mirror-for-foo/image:latest
# # 2. example-mirror-1.local/mirrors/foo/image:latest
# # 3. internal-registry-for-example.net/bar/image:latest
# # 3. internal-registry-for-example.net/bar/myimage:latest
# # in order, and use the first one that exists.

View File

@ -101,6 +101,7 @@
"fchdir",
"fchmod",
"fchmodat",
"fchmodat2",
"fchown",
"fchown32",
"fchownat",

File diff suppressed because it is too large Load Diff

View File

@ -1 +1 @@
SHA512 (skopeo-d8bc8b6.tar.gz) = 04c3fcb4a61df01aad6fb2c938009524cce3476759d868c75b24641013a998db3c7f8a910b2a350f84d74c1bc5471fc20c5ea7939175faa25dccf17353d57823
a5ed58289138f56752f5d8ff5c9b836d skopeo-1.2.0-2b4097b.tar.gz

View File

@ -47,7 +47,7 @@ additionalimagestores = [
# remap-group = "containers"
# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned
# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partioned
# to containers configured to create automatically a user namespace. Containers
# configured to automatically create a user namespace can still overlap with containers
# having an explicit mapping set.