import skopeo-0.1.41-4.module+el8.4.0+9935+d4945f3f
This commit is contained in:
parent
d6e2356432
commit
d9a45d881e
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/skopeo-be6146b.tar.gz
|
||||
SOURCES/skopeo-7d080ca.tar.gz
|
||||
|
@ -1 +1 @@
|
||||
8c5b5615a62d4e504d90c6c40ee957114f5de6b1 SOURCES/skopeo-be6146b.tar.gz
|
||||
419bdfb62f8ac3f94cff70bc107e1f4656073c72 SOURCES/skopeo-7d080ca.tar.gz
|
||||
|
@ -1,390 +0,0 @@
|
||||
From e92e288c169563b6367c53d55805f0a588e75b64 Mon Sep 17 00:00:00 2001
|
||||
From: Valentin Rothberg <rothberg@redhat.com>
|
||||
Date: Thu, 6 Feb 2020 12:59:07 +0100
|
||||
Subject: [PATCH] [0.1.40] update github.com/containers/image
|
||||
|
||||
Note that this includes fixes for
|
||||
https://access.redhat.com/security/cve/CVE-2020-1702.
|
||||
|
||||
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
||||
---
|
||||
go.mod | 2 +-
|
||||
go.sum | 2 +
|
||||
.../image/v5/docker/docker_client.go | 6 +-
|
||||
.../image/v5/docker/docker_image_dest.go | 3 +-
|
||||
.../image/v5/docker/docker_image_src.go | 10 ++--
|
||||
.../image/v5/docker/tarfile/dest.go | 3 +-
|
||||
.../containers/image/v5/docker/tarfile/src.go | 9 +--
|
||||
.../image/v5/image/docker_schema2.go | 4 +-
|
||||
.../containers/image/v5/image/oci.go | 4 +-
|
||||
.../image/v5/internal/iolimits/iolimits.go | 60 +++++++++++++++++++
|
||||
.../image/v5/openshift/openshift.go | 4 +-
|
||||
vendor/modules.txt | 3 +-
|
||||
12 files changed, 89 insertions(+), 21 deletions(-)
|
||||
create mode 100644 vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go
|
||||
|
||||
diff --git a/go.mod b/go.mod
|
||||
index 86a6afba5..788827569 100644
|
||||
--- a/go.mod
|
||||
+++ b/go.mod
|
||||
@@ -4,7 +4,7 @@ go 1.12
|
||||
|
||||
require (
|
||||
github.com/containers/buildah v1.8.4
|
||||
- github.com/containers/image/v5 v5.0.0
|
||||
+ github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0
|
||||
github.com/containers/storage v1.13.4
|
||||
github.com/docker/docker v0.0.0-20180522102801-da99009bbb11
|
||||
github.com/dsnet/compress v0.0.1 // indirect
|
||||
diff --git a/go.sum b/go.sum
|
||||
index 7ee83f6f7..c04f6f3a2 100644
|
||||
--- a/go.sum
|
||||
+++ b/go.sum
|
||||
@@ -19,6 +19,8 @@ github.com/containers/image/v4 v4.0.2-0.20191021195858-69340234bfc6 h1:sFL2cwC0x
|
||||
github.com/containers/image/v4 v4.0.2-0.20191021195858-69340234bfc6/go.mod h1:0ASJH1YgJiX/eqFZObqepgsvIA4XjCgpyfwn9pDGafA=
|
||||
github.com/containers/image/v5 v5.0.0 h1:arnXgbt1ucsC/ndtSpiQY87rA0UjhF+/xQnPzqdBDn4=
|
||||
github.com/containers/image/v5 v5.0.0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY=
|
||||
+github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0 h1:iV4aHKRoPcHp5BISsuiPMyaCjGJfLKp/FUMAG1NeqvE=
|
||||
+github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY=
|
||||
github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE=
|
||||
github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
|
||||
github.com/containers/storage v1.13.4 h1:j0bBaJDKbUHtAW1MXPFnwXJtqcH+foWeuXK1YaBV5GA=
|
||||
diff --git a/vendor/github.com/containers/image/v5/docker/docker_client.go b/vendor/github.com/containers/image/v5/docker/docker_client.go
|
||||
index 0b012c703..bff077a40 100644
|
||||
--- a/vendor/github.com/containers/image/v5/docker/docker_client.go
|
||||
+++ b/vendor/github.com/containers/image/v5/docker/docker_client.go
|
||||
@@ -6,7 +6,6 @@ import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
- "io/ioutil"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
@@ -17,6 +16,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
+ "github.com/containers/image/v5/internal/iolimits"
|
||||
"github.com/containers/image/v5/pkg/docker/config"
|
||||
"github.com/containers/image/v5/pkg/sysregistriesv2"
|
||||
"github.com/containers/image/v5/pkg/tlsclientconfig"
|
||||
@@ -597,7 +597,7 @@ func (c *dockerClient) getBearerToken(ctx context.Context, challenge challenge,
|
||||
default:
|
||||
return nil, errors.Errorf("unexpected http code: %d (%s), URL: %s", res.StatusCode, http.StatusText(res.StatusCode), authReq.URL)
|
||||
}
|
||||
- tokenBlob, err := ioutil.ReadAll(res.Body)
|
||||
+ tokenBlob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxAuthTokenBodySize)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -690,7 +690,7 @@ func (c *dockerClient) getExtensionsSignatures(ctx context.Context, ref dockerRe
|
||||
return nil, errors.Wrapf(clientLib.HandleErrorResponse(res), "Error downloading signatures for %s in %s", manifestDigest, ref.ref.Name())
|
||||
}
|
||||
|
||||
- body, err := ioutil.ReadAll(res.Body)
|
||||
+ body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureListBodySize)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
|
||||
index 417d97aec..ce8a1f357 100644
|
||||
--- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
|
||||
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
+ "github.com/containers/image/v5/internal/iolimits"
|
||||
"github.com/containers/image/v5/manifest"
|
||||
"github.com/containers/image/v5/pkg/blobinfocache/none"
|
||||
"github.com/containers/image/v5/types"
|
||||
@@ -620,7 +621,7 @@ sigExists:
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if res.StatusCode != http.StatusCreated {
|
||||
- body, err := ioutil.ReadAll(res.Body)
|
||||
+ body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxErrorBodySize)
|
||||
if err == nil {
|
||||
logrus.Debugf("Error body %s", string(body))
|
||||
}
|
||||
diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_src.go b/vendor/github.com/containers/image/v5/docker/docker_image_src.go
|
||||
index 35beb30e5..5436d9b7d 100644
|
||||
--- a/vendor/github.com/containers/image/v5/docker/docker_image_src.go
|
||||
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_src.go
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"strconv"
|
||||
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
+ "github.com/containers/image/v5/internal/iolimits"
|
||||
"github.com/containers/image/v5/manifest"
|
||||
"github.com/containers/image/v5/pkg/sysregistriesv2"
|
||||
"github.com/containers/image/v5/types"
|
||||
@@ -156,7 +157,8 @@ func (s *dockerImageSource) fetchManifest(ctx context.Context, tagOrDigest strin
|
||||
if res.StatusCode != http.StatusOK {
|
||||
return nil, "", errors.Wrapf(client.HandleErrorResponse(res), "Error reading manifest %s in %s", tagOrDigest, s.ref.ref.Name())
|
||||
}
|
||||
- manblob, err := ioutil.ReadAll(res.Body)
|
||||
+
|
||||
+ manblob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxManifestBodySize)
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
@@ -342,7 +344,7 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) (
|
||||
} else if res.StatusCode != http.StatusOK {
|
||||
return nil, false, errors.Errorf("Error reading signature from %s: status %d (%s)", url.String(), res.StatusCode, http.StatusText(res.StatusCode))
|
||||
}
|
||||
- sig, err := ioutil.ReadAll(res.Body)
|
||||
+ sig, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureBodySize)
|
||||
if err != nil {
|
||||
return nil, false, err
|
||||
}
|
||||
@@ -401,7 +403,7 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere
|
||||
return err
|
||||
}
|
||||
defer get.Body.Close()
|
||||
- manifestBody, err := ioutil.ReadAll(get.Body)
|
||||
+ manifestBody, err := iolimits.ReadAtMost(get.Body, iolimits.MaxManifestBodySize)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -424,7 +426,7 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere
|
||||
}
|
||||
defer delete.Body.Close()
|
||||
|
||||
- body, err := ioutil.ReadAll(delete.Body)
|
||||
+ body, err := iolimits.ReadAtMost(delete.Body, iolimits.MaxErrorBodySize)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
diff --git a/vendor/github.com/containers/image/v5/docker/tarfile/dest.go b/vendor/github.com/containers/image/v5/docker/tarfile/dest.go
|
||||
index b02c60bb3..9748ca112 100644
|
||||
--- a/vendor/github.com/containers/image/v5/docker/tarfile/dest.go
|
||||
+++ b/vendor/github.com/containers/image/v5/docker/tarfile/dest.go
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
+ "github.com/containers/image/v5/internal/iolimits"
|
||||
"github.com/containers/image/v5/internal/tmpdir"
|
||||
"github.com/containers/image/v5/manifest"
|
||||
"github.com/containers/image/v5/types"
|
||||
@@ -135,7 +136,7 @@ func (d *Destination) PutBlob(ctx context.Context, stream io.Reader, inputInfo t
|
||||
}
|
||||
|
||||
if isConfig {
|
||||
- buf, err := ioutil.ReadAll(stream)
|
||||
+ buf, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize)
|
||||
if err != nil {
|
||||
return types.BlobInfo{}, errors.Wrap(err, "Error reading Config file stream")
|
||||
}
|
||||
diff --git a/vendor/github.com/containers/image/v5/docker/tarfile/src.go b/vendor/github.com/containers/image/v5/docker/tarfile/src.go
|
||||
index ad0a3d2cb..bbf604da6 100644
|
||||
--- a/vendor/github.com/containers/image/v5/docker/tarfile/src.go
|
||||
+++ b/vendor/github.com/containers/image/v5/docker/tarfile/src.go
|
||||
@@ -11,6 +11,7 @@ import (
|
||||
"path"
|
||||
"sync"
|
||||
|
||||
+ "github.com/containers/image/v5/internal/iolimits"
|
||||
"github.com/containers/image/v5/internal/tmpdir"
|
||||
"github.com/containers/image/v5/manifest"
|
||||
"github.com/containers/image/v5/pkg/compression"
|
||||
@@ -187,13 +188,13 @@ func findTarComponent(inputFile io.Reader, path string) (*tar.Reader, *tar.Heade
|
||||
}
|
||||
|
||||
// readTarComponent returns full contents of componentPath.
|
||||
-func (s *Source) readTarComponent(path string) ([]byte, error) {
|
||||
+func (s *Source) readTarComponent(path string, limit int) ([]byte, error) {
|
||||
file, err := s.openTarComponent(path)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "Error loading tar component %s", path)
|
||||
}
|
||||
defer file.Close()
|
||||
- bytes, err := ioutil.ReadAll(file)
|
||||
+ bytes, err := iolimits.ReadAtMost(file, limit)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -224,7 +225,7 @@ func (s *Source) ensureCachedDataIsPresentPrivate() error {
|
||||
}
|
||||
|
||||
// Read and parse config.
|
||||
- configBytes, err := s.readTarComponent(tarManifest[0].Config)
|
||||
+ configBytes, err := s.readTarComponent(tarManifest[0].Config, iolimits.MaxConfigBodySize)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -250,7 +251,7 @@ func (s *Source) ensureCachedDataIsPresentPrivate() error {
|
||||
// loadTarManifest loads and decodes the manifest.json.
|
||||
func (s *Source) loadTarManifest() ([]ManifestItem, error) {
|
||||
// FIXME? Do we need to deal with the legacy format?
|
||||
- bytes, err := s.readTarComponent(manifestFileName)
|
||||
+ bytes, err := s.readTarComponent(manifestFileName, iolimits.MaxTarFileManifestSize)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
diff --git a/vendor/github.com/containers/image/v5/image/docker_schema2.go b/vendor/github.com/containers/image/v5/image/docker_schema2.go
|
||||
index 254c13f78..29c5047d7 100644
|
||||
--- a/vendor/github.com/containers/image/v5/image/docker_schema2.go
|
||||
+++ b/vendor/github.com/containers/image/v5/image/docker_schema2.go
|
||||
@@ -7,10 +7,10 @@ import (
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
- "io/ioutil"
|
||||
"strings"
|
||||
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
+ "github.com/containers/image/v5/internal/iolimits"
|
||||
"github.com/containers/image/v5/manifest"
|
||||
"github.com/containers/image/v5/pkg/blobinfocache/none"
|
||||
"github.com/containers/image/v5/types"
|
||||
@@ -102,7 +102,7 @@ func (m *manifestSchema2) ConfigBlob(ctx context.Context) ([]byte, error) {
|
||||
return nil, err
|
||||
}
|
||||
defer stream.Close()
|
||||
- blob, err := ioutil.ReadAll(stream)
|
||||
+ blob, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
diff --git a/vendor/github.com/containers/image/v5/image/oci.go b/vendor/github.com/containers/image/v5/image/oci.go
|
||||
index 18a38d463..406da262f 100644
|
||||
--- a/vendor/github.com/containers/image/v5/image/oci.go
|
||||
+++ b/vendor/github.com/containers/image/v5/image/oci.go
|
||||
@@ -4,9 +4,9 @@ import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
- "io/ioutil"
|
||||
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
+ "github.com/containers/image/v5/internal/iolimits"
|
||||
"github.com/containers/image/v5/manifest"
|
||||
"github.com/containers/image/v5/pkg/blobinfocache/none"
|
||||
"github.com/containers/image/v5/types"
|
||||
@@ -67,7 +67,7 @@ func (m *manifestOCI1) ConfigBlob(ctx context.Context) ([]byte, error) {
|
||||
return nil, err
|
||||
}
|
||||
defer stream.Close()
|
||||
- blob, err := ioutil.ReadAll(stream)
|
||||
+ blob, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
diff --git a/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go b/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go
|
||||
new file mode 100644
|
||||
index 000000000..3fed1995c
|
||||
--- /dev/null
|
||||
+++ b/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go
|
||||
@@ -0,0 +1,60 @@
|
||||
+package iolimits
|
||||
+
|
||||
+import (
|
||||
+ "io"
|
||||
+ "io/ioutil"
|
||||
+
|
||||
+ "github.com/pkg/errors"
|
||||
+)
|
||||
+
|
||||
+// All constants below are intended to be used as limits for `ReadAtMost`. The
|
||||
+// immediate use-case for limiting the size of in-memory copied data is to
|
||||
+// protect against OOM DOS attacks as described inCVE-2020-1702. Instead of
|
||||
+// copying data until running out of memory, we error out after hitting the
|
||||
+// specified limit.
|
||||
+const (
|
||||
+ // megaByte denotes one megabyte and is intended to be used as a limit in
|
||||
+ // `ReadAtMost`.
|
||||
+ megaByte = 1 << 20
|
||||
+ // MaxManifestBodySize is the maximum allowed size of a manifest. The limit
|
||||
+ // of 4 MB aligns with the one of a Docker registry:
|
||||
+ // https://github.com/docker/distribution/blob/a8371794149d1d95f1e846744b05c87f2f825e5a/registry/handlers/manifests.go#L30
|
||||
+ MaxManifestBodySize = 4 * megaByte
|
||||
+ // MaxAuthTokenBodySize is the maximum allowed size of an auth token.
|
||||
+ // The limit of 1 MB is considered to be greatly sufficient.
|
||||
+ MaxAuthTokenBodySize = megaByte
|
||||
+ // MaxSignatureListBodySize is the maximum allowed size of a signature list.
|
||||
+ // The limit of 4 MB is considered to be greatly sufficient.
|
||||
+ MaxSignatureListBodySize = 4 * megaByte
|
||||
+ // MaxSignatureBodySize is the maximum allowed size of a signature.
|
||||
+ // The limit of 4 MB is considered to be greatly sufficient.
|
||||
+ MaxSignatureBodySize = 4 * megaByte
|
||||
+ // MaxErrorBodySize is the maximum allowed size of an error-response body.
|
||||
+ // The limit of 1 MB is considered to be greatly sufficient.
|
||||
+ MaxErrorBodySize = megaByte
|
||||
+ // MaxConfigBodySize is the maximum allowed size of a config blob.
|
||||
+ // The limit of 4 MB is considered to be greatly sufficient.
|
||||
+ MaxConfigBodySize = 4 * megaByte
|
||||
+ // MaxOpenShiftStatusBody is the maximum allowed size of an OpenShift status body.
|
||||
+ // The limit of 4 MB is considered to be greatly sufficient.
|
||||
+ MaxOpenShiftStatusBody = 4 * megaByte
|
||||
+ // MaxTarFileManifestSize is the maximum allowed size of a (docker save)-like manifest (which may contain multiple images)
|
||||
+ // The limit of 1 MB is considered to be greatly sufficient.
|
||||
+ MaxTarFileManifestSize = megaByte
|
||||
+)
|
||||
+
|
||||
+// ReadAtMost reads from reader and errors out if the specified limit (in bytes) is exceeded.
|
||||
+func ReadAtMost(reader io.Reader, limit int) ([]byte, error) {
|
||||
+ limitedReader := io.LimitReader(reader, int64(limit+1))
|
||||
+
|
||||
+ res, err := ioutil.ReadAll(limitedReader)
|
||||
+ if err != nil {
|
||||
+ return nil, err
|
||||
+ }
|
||||
+
|
||||
+ if len(res) > limit {
|
||||
+ return nil, errors.Errorf("exceeded maximum allowed size of %d bytes", limit)
|
||||
+ }
|
||||
+
|
||||
+ return res, nil
|
||||
+}
|
||||
diff --git a/vendor/github.com/containers/image/v5/openshift/openshift.go b/vendor/github.com/containers/image/v5/openshift/openshift.go
|
||||
index 016de4803..c37e1b751 100644
|
||||
--- a/vendor/github.com/containers/image/v5/openshift/openshift.go
|
||||
+++ b/vendor/github.com/containers/image/v5/openshift/openshift.go
|
||||
@@ -7,13 +7,13 @@ import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
- "io/ioutil"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"github.com/containers/image/v5/docker"
|
||||
"github.com/containers/image/v5/docker/reference"
|
||||
+ "github.com/containers/image/v5/internal/iolimits"
|
||||
"github.com/containers/image/v5/manifest"
|
||||
"github.com/containers/image/v5/types"
|
||||
"github.com/containers/image/v5/version"
|
||||
@@ -102,7 +102,7 @@ func (c *openshiftClient) doRequest(ctx context.Context, method, path string, re
|
||||
return nil, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
- body, err := ioutil.ReadAll(res.Body)
|
||||
+ body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxOpenShiftStatusBody)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
diff --git a/vendor/modules.txt b/vendor/modules.txt
|
||||
index dee0327e7..013f7f5ec 100644
|
||||
--- a/vendor/modules.txt
|
||||
+++ b/vendor/modules.txt
|
||||
@@ -26,7 +26,7 @@ github.com/VividCortex/ewma
|
||||
github.com/containerd/continuity/pathdriver
|
||||
# github.com/containers/buildah v1.8.4
|
||||
github.com/containers/buildah/pkg/unshare
|
||||
-# github.com/containers/image/v5 v5.0.0
|
||||
+# github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0
|
||||
github.com/containers/image/v5/copy
|
||||
github.com/containers/image/v5/directory
|
||||
github.com/containers/image/v5/docker
|
||||
@@ -42,6 +42,7 @@ github.com/containers/image/v5/transports/alltransports
|
||||
github.com/containers/image/v5/types
|
||||
github.com/containers/image/v5/directory/explicitfilepath
|
||||
github.com/containers/image/v5/docker/policyconfiguration
|
||||
+github.com/containers/image/v5/internal/iolimits
|
||||
github.com/containers/image/v5/pkg/blobinfocache/none
|
||||
github.com/containers/image/v5/pkg/docker/config
|
||||
github.com/containers/image/v5/pkg/sysregistriesv2
|
35
SOURCES/skopeo-test-fix.patch
Normal file
35
SOURCES/skopeo-test-fix.patch
Normal file
@ -0,0 +1,35 @@
|
||||
diff --git a/systemtest/010-inspect.bats b/systemtest/010-inspect.bats
|
||||
index 26d8364..dea2c7d 100644
|
||||
--- a/systemtest/010-inspect.bats
|
||||
+++ b/systemtest/010-inspect.bats
|
||||
@@ -107,7 +107,7 @@ END_EXPECT
|
||||
remote_image=docker://docker.io/$arch/golang
|
||||
run_skopeo inspect --tls-verify=false --raw $remote_image
|
||||
remote=$(echo "$output" | jq -r '.manifests[0]["platform"]')
|
||||
- expect=$(echo "{\"architecture\":\"$arch\",\"os\":\"linux\"}" | jq)
|
||||
+ expect=$(echo "{\"architecture\":\"$arch\",\"os\":\"linux\"}" | jq .)
|
||||
expect_output --from="$remote" --substring "$expect" \
|
||||
"platform arch is not expected"
|
||||
done
|
||||
diff --git a/systemtest/helpers.bash b/systemtest/helpers.bash
|
||||
index 5e69d0d..765286a 100644
|
||||
--- a/systemtest/helpers.bash
|
||||
+++ b/systemtest/helpers.bash
|
||||
@@ -299,7 +299,7 @@ start_registry() {
|
||||
fi
|
||||
|
||||
if ! egrep -q "^$testuser:" $AUTHDIR/htpasswd; then
|
||||
- log_and_run $PODMAN run --rm --entrypoint htpasswd registry:2 \
|
||||
+ log_and_run $PODMAN run --rm --entrypoint htpasswd registry:2.6 \
|
||||
-Bbn $testuser $testpassword >> $AUTHDIR/htpasswd
|
||||
fi
|
||||
|
||||
@@ -332,7 +332,7 @@ start_registry() {
|
||||
log_and_run cp $CERT $TESTDIR/client-auth/
|
||||
fi
|
||||
|
||||
- log_and_run $PODMAN run -d --name $name "${reg_args[@]}" registry:2
|
||||
+ log_and_run $PODMAN run -d --name $name "${reg_args[@]}" registry:2.6
|
||||
|
||||
# Wait for registry to actually come up
|
||||
timeout=10
|
@ -21,7 +21,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
|
||||
%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
|
||||
%global import_path %{provider_prefix}
|
||||
%global git0 https://%{import_path}
|
||||
%global commit0 be6146b0a8471b02e776134119a2c37dfb70d414
|
||||
%global commit0 7d080caaa32327ca063276f477a64af0fd4617ba
|
||||
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
|
||||
|
||||
# e.g. el6 has ppc64 arch without gcc-go, so EA tag is required
|
||||
@ -30,11 +30,13 @@ ExcludeArch: ppc64
|
||||
|
||||
Epoch: 1
|
||||
Name: %{repo}
|
||||
Version: 0.1.40
|
||||
Release: 9%{?dist}
|
||||
Version: 0.1.41
|
||||
Release: 4%{?dist}
|
||||
Summary: Inspect container images and repositories on registries
|
||||
License: ASL 2.0
|
||||
URL: %{git0}
|
||||
# Build fails with: No matching package to install: 'golang >= 1.12.12-4' on i686
|
||||
ExcludeArch: i686
|
||||
Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
|
||||
Source1: storage.conf
|
||||
Source2: containers-storage.conf.5.md
|
||||
@ -48,8 +50,7 @@ Source9: containers-signature.5.md
|
||||
Source10: containers-transports.5.md
|
||||
Source11: containers-certs.d.5.md
|
||||
Source12: containers-registries.d.5.md
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1801928
|
||||
Patch0: https://github.com/containers/skopeo/commit/e92e288c169563b6367c53d55805f0a588e75b64.patch
|
||||
Patch0: skopeo-test-fix.patch
|
||||
|
||||
BuildRequires: git
|
||||
BuildRequires: golang >= 1.12.12-4
|
||||
@ -251,9 +252,21 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
|
||||
%{_datadir}/%{name}/test
|
||||
|
||||
%changelog
|
||||
* Mon Apr 20 2020 Jindrich Novy <jnovy@redhat.com> - 1:0.1.40-9
|
||||
* Tue Jan 12 2021 Jindrich Novy <jnovy@redhat.com> - 1:0.1.41-4
|
||||
- add docker.io into the default registry list
|
||||
- Related: #1810053
|
||||
- Resolves: #1883324
|
||||
|
||||
* Thu Jul 16 2020 Eduardo Santiago <santiago@redhat.com> - 1:0.1.41-3
|
||||
- patch broken gating tests: improper 'jq' usage, and use 'registry:2.6'
|
||||
(instead of :2) to work around broken image pushed by docker
|
||||
|
||||
* Thu Jul 16 2020 Jindrich Novy <jnovy@redhat.com> - 1:0.1.41-2
|
||||
- exclude i686 arch
|
||||
- Related: #1821193
|
||||
|
||||
* Mon Apr 06 2020 Jindrich Novy <jnovy@redhat.com> - 1:0.1.41-1
|
||||
- update to 0.1.41
|
||||
- Related: #1821193
|
||||
|
||||
* Fri Mar 06 2020 Jindrich Novy <jnovy@redhat.com> - 1:0.1.40-8
|
||||
- modify registries.conf default configuration to be more secure by default
|
||||
|
Loading…
Reference in New Issue
Block a user