diff --git a/.atomic.metadata b/.atomic.metadata index b4111c8..410fb9b 100644 --- a/.atomic.metadata +++ b/.atomic.metadata @@ -1,2 +1,2 @@ -2e64afda40392020a28cda67b470907324edd0c7 SOURCES/ff44c6a9496d3b2ba8189170e30ae2e93fee9eb4.tar.gz -f06d8948d0be37a8aeaf31e755ae82773b8ff7c5 SOURCES/skopeo-8094910.tar.gz +b8ff92dd0acefe9ea01f67e99082c5bcf53316ca SOURCES/ce09e40922c3f35877d381612280195e445d41c7.tar.gz +dc887ec157d9e06ba74b9c68c5d1c7b9b690b09a SOURCES/skopeo-9e971b4.tar.gz diff --git a/.gitignore b/.gitignore index e4c8365..c4fdbc9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/ff44c6a9496d3b2ba8189170e30ae2e93fee9eb4.tar.gz -SOURCES/skopeo-8094910.tar.gz +SOURCES/ce09e40922c3f35877d381612280195e445d41c7.tar.gz +SOURCES/skopeo-9e971b4.tar.gz diff --git a/SOURCES/0001-If-OSTree-is-not-installed-atomic-images-is-blowing-.patch b/SOURCES/0001-If-OSTree-is-not-installed-atomic-images-is-blowing-.patch new file mode 100644 index 0000000..294ff43 --- /dev/null +++ b/SOURCES/0001-If-OSTree-is-not-installed-atomic-images-is-blowing-.patch @@ -0,0 +1,32 @@ +From 7f8d7d56a61e4fb70f2392594adad9b3be095fee Mon Sep 17 00:00:00 2001 +From: Dan Walsh +Date: Wed, 15 Jun 2016 12:57:09 -0400 +Subject: [PATCH 1/2] If OSTree is not installed, atomic images is blowing up + +This fix will check if OSTREE_PRESENT, and return None so +that OSTree will not get called. Will not do any of the system containers +checks. + +Closes: #424 +Approved by: cgwalters +--- + Atomic/atomic.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/Atomic/atomic.py b/Atomic/atomic.py +index f583943..1049097 100644 +--- a/Atomic/atomic.py ++++ b/Atomic/atomic.py +@@ -1297,6 +1297,9 @@ class Atomic(object): + "/var/lib/containers/atomic" + + def _get_ostree_repo(self): ++ if not OSTREE_PRESENT: ++ return None ++ + repo_location = os.environ.get("ATOMIC_OSTREE_REPO") or \ + self.get_atomic_config_item(["ostree_repository"]) or \ + "/ostree/repo" +-- +1.8.3.1 + diff --git a/SOURCES/0002-Atomic-scan-fix-image-naming-error.patch b/SOURCES/0002-Atomic-scan-fix-image-naming-error.patch new file mode 100644 index 0000000..150fe94 --- /dev/null +++ b/SOURCES/0002-Atomic-scan-fix-image-naming-error.patch @@ -0,0 +1,28 @@ +From 0261f9b169a425b262c3a92c81225afa342a6087 Mon Sep 17 00:00:00 2001 +From: Alex Jia +Date: Wed, 8 Jun 2016 07:19:31 -0400 +Subject: [PATCH 2/2] Atomic/scan: fix image naming error + +Signed-off-by: Alex Jia + +Closes: #415 +Approved by: rhatdan +--- + Atomic/scan.py | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/Atomic/scan.py b/Atomic/scan.py +index d334621..e8b4233 100644 +--- a/Atomic/scan.py ++++ b/Atomic/scan.py +@@ -95,7 +95,6 @@ class Scan(Atomic): + if len(self.args.rootfs) == 0: + scan_list = self._get_scan_list() + for i in scan_list: +- i['Id'] = i['Id'].replace(":", "-") + self.scan_content[i['Id']] = i.get('input') + + # mount all the rootfs +-- +1.8.3.1 + diff --git a/SOURCES/skopeo-go142.patch b/SOURCES/skopeo-go142.patch new file mode 100644 index 0000000..07b94e1 --- /dev/null +++ b/SOURCES/skopeo-go142.patch @@ -0,0 +1,203 @@ +diff --git a/signature/json.go b/signature/json.go +index a612db0..48f3a5c 100644 +--- a/signature/json.go ++++ b/signature/json.go +@@ -1,10 +1,8 @@ + package signature + + import ( +- "bytes" + "encoding/json" + "fmt" +- "io" + ) + + // jsonFormatError is returned when JSON does not match expected format. +@@ -64,28 +62,14 @@ func stringField(m map[string]interface{}, fieldName string) (string, error) { + func paranoidUnmarshalJSONObject(data []byte, fieldResolver func(string) interface{}) error { + seenKeys := map[string]struct{}{} + +- dec := json.NewDecoder(bytes.NewReader(data)) +- t, err := dec.Token() +- if err != nil { ++ // NOTE: This is a go 1.4 implementation, very much non-paranoid! The json.Unmarshal below ++ // already throws out duplicate keys. ++ var obj map[string]json.RawMessage ++ if err := json.Unmarshal(data, &obj); err != nil { + return jsonFormatError(err.Error()) + } +- if t != json.Delim('{') { +- return jsonFormatError(fmt.Sprintf("JSON object expected, got \"%s\"", t)) +- } +- for { +- t, err := dec.Token() +- if err != nil { +- return jsonFormatError(err.Error()) +- } +- if t == json.Delim('}') { +- break +- } + +- key, ok := t.(string) +- if !ok { +- // Coverage: This should never happen, dec.Token() rejects non-string-literals in this state. +- return jsonFormatError(fmt.Sprintf("Key string literal expected, got \"%s\"", t)) +- } ++ for key, valueJSON := range obj { + if _, ok := seenKeys[key]; ok { + return jsonFormatError(fmt.Sprintf("Duplicate key \"%s\"", key)) + } +@@ -95,13 +79,9 @@ func paranoidUnmarshalJSONObject(data []byte, fieldResolver func(string) interfa + if valuePtr == nil { + return jsonFormatError(fmt.Sprintf("Unknown key \"%s\"", key)) + } +- // This works like json.Unmarshal, in particular it allows us to implement UnmarshalJSON to implement strict parsing of the field value. +- if err := dec.Decode(valuePtr); err != nil { ++ if err := json.Unmarshal(valueJSON, valuePtr); err != nil { + return jsonFormatError(err.Error()) + } + } +- if _, err := dec.Token(); err != io.EOF { +- return jsonFormatError("Unexpected data after JSON object") +- } + return nil + } +diff --git a/signature/json_test.go b/signature/json_test.go +index 8d0f63c..80719e0 100644 +--- a/signature/json_test.go ++++ b/signature/json_test.go +@@ -131,12 +131,12 @@ func TestParanoidUnmarshalJSONObject(t *testing.T) { + + // Various kinds of invalid input + for _, input := range []string{ +- ``, // Empty input +- `&`, // Entirely invalid JSON +- `1`, // Not an object +- `{&}`, // Invalid key JSON +- `{1:1}`, // Key not a string +- `{"b":1, "b":1}`, // Duplicate key ++ ``, // Empty input ++ `&`, // Entirely invalid JSON ++ `1`, // Not an object ++ `{&}`, // Invalid key JSON ++ `{1:1}`, // Key not a string ++ // `{"b":1, "b":1}`, // Duplicate key + `{"thisdoesnotexist":1}`, // Key rejected by resolver + `{"a":&}`, // Invalid value JSON + `{"a":1}`, // Type mismatch +@@ -144,6 +144,6 @@ func TestParanoidUnmarshalJSONObject(t *testing.T) { + } { + ts = testStruct{} + err := paranoidUnmarshalJSONObject([]byte(input), tsResolver) +- assert.Error(t, err) ++ assert.Error(t, err, input) + } + } +diff --git a/signature/policy_config_test.go b/signature/policy_config_test.go +index 63fd8c7..579aa5f 100644 +--- a/signature/policy_config_test.go ++++ b/signature/policy_config_test.go +@@ -203,7 +203,7 @@ func TestPolicyUnmarshalJSON(t *testing.T) { + } + + // Duplicated fields +- for _, field := range []string{"default", "specific"} { ++ for _, field := range []string{ /*"default", "specific"*/ } { + var tmp mSI + err := json.Unmarshal(validJSON, &tmp) + require.NoError(t, err) +@@ -367,7 +367,7 @@ func TestPRInsecureAcceptAnythingUnmarshalJSON(t *testing.T) { + } + + // Duplicated fields +- for _, field := range []string{"type"} { ++ for _, field := range []string{ /*"type"*/ } { + var tmp mSI + err := json.Unmarshal(validJSON, &tmp) + require.NoError(t, err) +@@ -438,7 +438,7 @@ func TestPRRejectUnmarshalJSON(t *testing.T) { + } + + // Duplicated fields +- for _, field := range []string{"type"} { ++ for _, field := range []string{ /*"type"*/ } { + var tmp mSI + err := json.Unmarshal(validJSON, &tmp) + require.NoError(t, err) +@@ -601,7 +601,7 @@ func TestPRSignedByUnmarshalJSON(t *testing.T) { + } + + // Duplicated fields +- for _, field := range []string{"type", "keyType", "keyData", "signedIdentity"} { ++ for _, field := range []string{ /*"type", "keyType", "keyData", "signedIdentity"*/ } { + var tmp mSI + err := json.Unmarshal(validJSON, &tmp) + require.NoError(t, err) +@@ -613,14 +613,14 @@ func TestPRSignedByUnmarshalJSON(t *testing.T) { + assert.Error(t, err) + } + // Handle "keyPath", which is not in validJSON, specially +- pathPR, err := NewPRSignedByKeyPath(SBKeyTypeGPGKeys, "/foo/bar", NewPRMMatchExact()) +- require.NoError(t, err) +- testJSON, err = json.Marshal(pathPR) +- require.NoError(t, err) +- testJSON = addExtraJSONMember(t, testJSON, "keyPath", pr.KeyPath) +- pr = prSignedBy{} +- err = json.Unmarshal(testJSON, &pr) +- assert.Error(t, err) ++ // pathPR, err := NewPRSignedByKeyPath(SBKeyTypeGPGKeys, "/foo/bar", NewPRMMatchExact()) ++ // require.NoError(t, err) ++ // testJSON, err = json.Marshal(pathPR) ++ // require.NoError(t, err) ++ // testJSON = addExtraJSONMember(t, testJSON, "keyPath", pr.KeyPath) ++ // pr = prSignedBy{} ++ // err = json.Unmarshal(testJSON, &pr) ++ // assert.Error(t, err) + + // Various allowed modifications to the requirement + allowedModificationFns := []func(mSI){ +@@ -779,7 +779,7 @@ func TestPRSignedBaseLayerUnmarshalJSON(t *testing.T) { + } + + // Duplicated fields +- for _, field := range []string{"type", "baseLayerIdentity"} { ++ for _, field := range []string{ /*"type", "baseLayerIdentity"*/ } { + var tmp mSI + err := json.Unmarshal(validJSON, &tmp) + require.NoError(t, err) +@@ -881,7 +881,7 @@ func TestPRMMatchExactUnmarshalJSON(t *testing.T) { + } + + // Duplicated fields +- for _, field := range []string{"type"} { ++ for _, field := range []string{ /*"type"*/ } { + var tmp mSI + err := json.Unmarshal(validJSON, &tmp) + require.NoError(t, err) +@@ -952,7 +952,7 @@ func TestPRMMatchRepositoryUnmarshalJSON(t *testing.T) { + } + + // Duplicated fields +- for _, field := range []string{"type"} { ++ for _, field := range []string{ /*"type"*/ } { + var tmp mSI + err := json.Unmarshal(validJSON, &tmp) + require.NoError(t, err) +@@ -1059,7 +1059,7 @@ func TestPRMExactReferenceUnmarshalJSON(t *testing.T) { + } + + // Duplicated fields +- for _, field := range []string{"type", "baseLayerIdentity"} { ++ for _, field := range []string{ /*"type", "baseLayerIdentity"*/ } { + var tmp mSI + err := json.Unmarshal(validJSON, &tmp) + require.NoError(t, err) +@@ -1163,7 +1163,7 @@ func TestPRMExactRepositoryUnmarshalJSON(t *testing.T) { + } + + // Duplicated fields +- for _, field := range []string{"type", "baseLayerIdentity"} { ++ for _, field := range []string{ /*"type", "baseLayerIdentity"*/ } { + var tmp mSI + err := json.Unmarshal(validJSON, &tmp) + require.NoError(t, err) diff --git a/SPECS/atomic.spec b/SPECS/atomic.spec index 8ac0028..f294896 100644 --- a/SPECS/atomic.spec +++ b/SPECS/atomic.spec @@ -13,7 +13,7 @@ %global pylint python3-pylint %endif -%global commit0 ff44c6a9496d3b2ba8189170e30ae2e93fee9eb4 +%global commit0 ce09e40922c3f35877d381612280195e445d41c7 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global provider github @@ -23,19 +23,25 @@ # https://github.com/projectatomic/skopeo %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider_prefix} -%global commit1 8094910c9a8122311e175b83b9c611f886a0a034 +%global commit1 9e971b4937d176aa7ac3af6377b69e58bfd789eb %global shortcommit1 %(c=%{commit1}; echo ${c:0:7}) -%global skopeo_version 0.1.11 +%global skopeo_version 0.1.13 Name: atomic -Version: 1.9 -Release: 4.git%{shortcommit0}%{?dist} +Epoch: 1 +Version: 1.10.5 +Release: 5%{?dist} Summary: Tool for managing ProjectAtomic systems and containers License: LGPLv2+ URL: https://github.com/projectatomic/atomic ExclusiveArch: x86_64 Source0: https://github.com/projectatomic/%{name}/archive/%{commit0}.tar.gz Source1: https://%{provider_prefix}/archive/%{commit1}/%{repo}-%{shortcommit1}.tar.gz +# https://github.com/mtrmac/skopeo/tree/go142 +# This should be dropped as soon as we start building againt golang >= 1.5 +Patch0: skopeo-go142.patch +Patch1: 0001-If-OSTree-is-not-installed-atomic-images-is-blowing-.patch +Patch2: 0002-Atomic-scan-fix-image-naming-error.patch BuildRequires: %{pypkg}-devel BuildRequires: %{pypkg}-requests >= 2.4.3 @@ -48,6 +54,7 @@ BuildRequires: go-md2man BuildRequires: %{pypkg}-dbus BuildRequires: %{pypkg}-docker-py >= 1.7.2-1 BuildRequires: rpm-%{pypkg} +BuildRequires: PyYAML Requires: dbus Requires: docker @@ -59,7 +66,8 @@ Requires: %{pypkg}-requests Requires: %{pypkg}-docker-py >= 1.7.2-1 Requires: %{pypkg}-websocket-client >= 0.11.0 Requires: %{pypkg}-six >= 1.3.0 -Requires: skopeo >= %{skopeo_version}-%{release} +Requires: skopeo >= %{epoch}:%{skopeo_version}-%{release} +Requires: PyYAML %description The goal of Atomic is to provide a high level, coherent entrypoint to the @@ -76,7 +84,10 @@ management. Summary: Inspect Docker images and repositories on registries License: ASL 2.0 URL: https://%{provider_prefix} +Version: %{skopeo_version} BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} +BuildRequires: gpgme-devel +BuildRequires: libassuan-devel %description -n skopeo Command line utility to inspect images and repositories directly on Docker @@ -84,35 +95,41 @@ registries without the need to pull them %prep %setup -qn %{name}-%{commit0} +%patch1 -p1 +%patch2 -p1 if [ %{pypkg} == 'python3' ]; then sed -i 's/input = raw_input/pass/' Atomic/util.py fi # untar skopeo tar zxf %{SOURCE1} +pushd skopeo-%{commit1} +%patch0 -p1 +popd %build -make PYTHON=%{__python} python-build -make PYTHON=%{__python} docs +make PYTHON=%{__python} python-build docs dockertar-sha256-helper pushd skopeo-%{commit1} mkdir -p src/github.com/projectatomic ln -s ../../../ src/github.com/projectatomic/skopeo mkdir -p vendor/src -mv vendor/github.com vendor/src/. -mv vendor/golang.org vendor/src/. +mv vendor/{github.com,gopkg.in,k8s.io} vendor/src/. export GOPATH=$(pwd):$(pwd)/vendor:%{gopath} export GO15VENDOREXPERIMENT=1 -go build -o skopeo . - -go-md2man -in man/skopeo.1.md -out skopeo.1 +#go build -o skopeo . +make all popd %install make PYTHON=%{__python} install-only DESTDIR=%{buildroot} +%if 0%{?rhel} +make install-openscap DESTDIR=%{buildroot} +%endif + pushd skopeo-%{commit1} mkdir -p %{buildroot}%{_mandir}/man1 make DESTDIR=%{buildroot} install @@ -154,6 +171,9 @@ EOF %doc COPYING README.md %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.%{name}.conf +%config(noreplace) %{_sysconfdir}/%{name}.conf +%dir %{_sysconfdir}/%{name}.d +%config(noreplace) %{_sysconfdir}/%{name}.d/openscap %files -n skopeo %{_bindir}/skopeo @@ -161,6 +181,46 @@ EOF %doc skopeo-%{commit1}/LICENSE skopeo-%{commit1}/README.md %changelog +* Wed Jun 15 2016 Lokesh Mandvekar - 1:1.10.5-5 +- Resolves: #1343939 - fix image naming error +- Resolves: #1346942 - don't depend on ostree if it's not available + +* Wed Jun 15 2016 Lokesh Mandvekar - 1:1.10.5-4 +- own /etc/atomic.d + +* Wed Jun 08 2016 Lokesh Mandvekar - 1:1.10.5-3 +- bump release tag so that skopeo has something newer than 0.1.13-2 + +* Wed Jun 08 2016 Lokesh Mandvekar - 1:1.10.5-1 +- bump to v1.10.5 +- Resolves: #1300187, #1317798, #1323165, #1314541, #1311544, #1307034, +#1315369, #1331429, #1341922, #1341916 + +* Mon Jun 06 2016 Lokesh Mandvekar - 1:1.10.3-2 +- Resolves: #1341916 - PyYAML is a runtime dep too +- install-openscap on rhel only, From Brent Baude + +* Wed Jun 01 2016 Lokesh Mandvekar - 1:1.10.3-1 +- bump atomic to v1.10.3, skopeo to v0.1.13 + +* Tue May 31 2016 Lokesh Mandvekar - 1:1.10.2-4.git02fe5ce +- use skopeo_version macro correctly + +* Tue May 31 2016 Lokesh Mandvekar - 1:1.10.2-3.git02fe5ce +- skopeo subpackage has its own version +- bump epoch so that skopeo's version can take effect + +* Tue May 31 2016 Lokesh Mandvekar - 1.10.2-2.git02fe5ce +- no dependency on OSTree if not available + +* Tue May 31 2016 Lokesh Mandvekar - 1.10.2-1.gitfdbe345 +- Resolves: #1341174 - bump to v1.10.2 +- BR: PyYAML + +* Tue May 31 2016 Lokesh Mandvekar - 1.10.1-1.gitee5d95e +- Resolves: #1341174 - rebase to 1.10.1 +- rebase skopeo to v0.1.13 + * Tue Mar 08 2016 Lokesh Mandvekar - 1.9-4.gitff44c6a - depend on python-docker-py >= 1.7.2-1