From a460b1be7c4ee6fb283910f1cd9bb1536d43c56b Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 12 2021 10:15:06 +0000
Subject: import skopeo-1.2.0-9.module+el8.3.1+9380+85743958


---

diff --git a/SOURCES/containers-mounts.conf.5.md b/SOURCES/containers-mounts.conf.5.md
index 130c1c5..74492c8 100644
--- a/SOURCES/containers-mounts.conf.5.md
+++ b/SOURCES/containers-mounts.conf.5.md
@@ -10,7 +10,7 @@ The mounts.conf file specifies volume mount directories that are automatically m
 The format of the mounts.conf is the volume format `/SRC:/DEST`, one mount per line. For example, a mounts.conf with the line `/usr/share/secrets:/run/secrets` would cause the contents of the `/usr/share/secrets` directory on the host to be mounted on the `/run/secrets` directory inside the container. Setting mountpoints allows containers to use the files of the host, for instance, to use the host's subscription to some enterprise Linux distribution.
 
 ## FILES
-Some distributions may provide a `/usr/share/containers/mounts.conf` file to provide default mounts, but users can create a `/etc/containers/mounts.conf`, to specify their own special volumes to mount in the container.
+Some distributions may provide a `/usr/share/containers/mounts.conf` file to provide default mounts, but users can create a `/etc/containers/mounts.conf`, to specify their own special volumes to mount in the container. When Podman runs in rootless mode, the file `$HOME/.config/containers/mounts.conf` will override the default if it exists.
 
 ## HISTORY
 Aug 2018, Originally compiled by Valentin Rothberg <vrothberg@suse.com>
diff --git a/SOURCES/registries.conf b/SOURCES/registries.conf
index 703f453..4f20fba 100644
--- a/SOURCES/registries.conf
+++ b/SOURCES/registries.conf
@@ -61,7 +61,7 @@ registries = []
 # mirrors:
 #
 # # An array of host[:port] registries to try when pulling an unqualified image, in order.
-# unqualified-search-registries = ["example.com"]
+unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
 #
 # [[registry]]
 # # The "prefix" field is used to choose the relevant [[registry]] TOML table;
diff --git a/SOURCES/seccomp.json b/SOURCES/seccomp.json
index 07cdd6c..ebac9b9 100644
--- a/SOURCES/seccomp.json
+++ b/SOURCES/seccomp.json
@@ -68,9 +68,13 @@
 				"chown",
 				"chown32",
 				"clock_adjtime",
+				"clock_adjtime64",
 				"clock_getres",
+				"clock_getres_time64",
 				"clock_gettime",
+				"clock_gettime64",
 				"clock_nanosleep",
+				"clock_nanosleep_time64",
 				"clone",
 				"close",
 				"connect",
@@ -223,17 +227,20 @@
 				"openat",
 				"openat2",
 				"pause",
+				"pidfd_getfd",
 				"pipe",
 				"pipe2",
 				"pivot_root",
 				"poll",
 				"ppoll",
+				"ppoll_time64",
 				"prctl",
 				"pread64",
 				"preadv",
 				"preadv2",
 				"prlimit64",
 				"pselect6",
+				"pselect6_time64",
 				"pwrite64",
 				"pwritev",
 				"pwritev2",
@@ -324,6 +331,7 @@
 				"signalfd4",
 				"sigreturn",
 				"socket",
+				"socket",
 				"socketcall",
 				"socketpair",
 				"splice",
@@ -346,10 +354,13 @@
 				"timer_delete",
 				"timer_getoverrun",
 				"timer_gettime",
+				"timer_gettime64",
 				"timer_settime",
 				"timerfd_create",
 				"timerfd_gettime",
+				"timerfd_gettime64",
 				"timerfd_settime",
+				"timerfd_settime64",
 				"times",
 				"tkill",
 				"truncate",
@@ -364,6 +375,7 @@
 				"unshare",
 				"utime",
 				"utimensat",
+				"utimensat_time64",
 				"utimes",
 				"vfork",
 				"vmsplice",
@@ -750,7 +762,8 @@
 			"names": [
 				"settimeofday",
 				"stime",
-				"clock_settime"
+				"clock_settime",
+				"clock_settime64"
 			],
 			"action": "SCMP_ACT_ALLOW",
 			"args": [],
diff --git a/SOURCES/storage.conf b/SOURCES/storage.conf
index a341e25..9477b56 100644
--- a/SOURCES/storage.conf
+++ b/SOURCES/storage.conf
@@ -82,6 +82,39 @@ mountopt = "nodev,metacopy=on"
 # Size is used to set a maximum size of the container image.
 # size = ""
 
+# ForceMask specifies the permissions mask that is used for new files and
+# directories.
+#
+# The values "shared" and "private" are accepted.
+# Octal permission masks are also accepted.
+#
+#  "": No value specified.
+#     All files/directories, get set with the permissions identified within the
+#     image.
+#  "private": it is equivalent to 0700.
+#     All files/directories get set with 0700 permissions.  The owner has rwx
+#     access to the files. No other users on the system can access the files.
+#     This setting could be used with networked based homedirs.
+#  "shared": it is equivalent to 0755.
+#     The owner has rwx access to the files and everyone else can read, access
+#     and execute them. This setting is useful for sharing containers storage
+#     with other users.  For instance have a storage owned by root but shared
+#     to rootless users as an additional store.
+#     NOTE:  All files within the image are made readable and executable by any
+#     user on the system. Even /etc/shadow within your image is now readable by
+#     any user.
+#
+#   OCTAL: Users can experiment with other OCTAL Permissions.
+#
+#  Note: The force_mask Flag is an experimental feature, it could change in the
+#  future.  When "force_mask" is set the original permission mask is stored in
+#  the "user.containers.override_stat" xattr and the "mount_program" option must
+#  be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
+#  extended attribute permissions to processes within containers rather then the
+#  "force_mask"  permissions.
+#
+# force_mask = ""
+
 [storage.options.thinpool]
 # Storage Options for thinpool
 
diff --git a/SPECS/skopeo.spec b/SPECS/skopeo.spec
index fc3e2a8..c2f24ce 100644
--- a/SPECS/skopeo.spec
+++ b/SPECS/skopeo.spec
@@ -1,42 +1,34 @@
-%global with_debug 1
 %global with_check 0
 
-%if 0%{?with_debug}
 %global _find_debuginfo_dwz_opts %{nil}
 %global _dwz_low_mem_die_limit 0
-%else
-%global debug_package %{nil}
-%endif
 
 %if 0%{?rhel} > 7 && ! 0%{?fedora}
 %define gobuild(o:) \
-go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
 %else
-%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**};
+%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**};
 %endif
 
 %global import_path github.com/containers/skopeo
 %global branch release-1.2
-%if 0%{?branch:1}
-%global podman_branch v2.1.1-rhel
+# Bellow definitions are used to deliver config files from a particular branch
+# of c/image, c/common, c/storage vendored in all podman, skopeo, buildah.
+# These vendored components must have the same version. If it is not the case,
+# pick the oldest version on c/image, c/common, c/storage vendored in
+# podman/skopeo/podman.
+%global podman_branch v2.2.1-rhel
 %global image_branch  v5.6.0
 %global common_branch v0.22.0
 %global storage_branch v1.23.5
 %global fedora_branch f32
-%else
-%global podman_branch master
-%global image_branch  master
-%global common_branch master
-%global storage_branch master
-%global fedora_branch master
-%endif
 %global commit0 2b4097bc13e7ba1d16a5225e2292a5cf88072f63
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 
 Epoch: 1
 Name: skopeo
 Version: 1.2.0
-Release: 4%{?dist}
+Release: 9%{?dist}
 Summary: Inspect container images and repositories on registries
 License: ASL 2.0
 URL: %{git0}
@@ -219,6 +211,31 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %{_datadir}/%{name}/test
 
 %changelog
+* Mon Jan 11 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.0-9
+- upload proper source tarball
+- Related: #1888571
+
+* Mon Jan 11 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.0-8
+- revert back to version aimed at 8.3.1 - skopeo-1.2.0
+- also downgrade versions of vendored libraries
+- Related: #1888571
+
+* Mon Jan 11 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.1-1
+- update vendored component versions
+- update to the latest content of https://github.com/containers/skopeo/tree/release-1.2
+  (https://github.com/containers/skopeo/commit/2e90a8a)
+- Related: #1888571
+
+* Fri Jan 08 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.0-6
+- always build with debuginfo
+- use less verbose output when compiling
+- Related: #1888571
+
+* Thu Jan 07 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.0-5
+- re-sync config files
+- assure events_logger = "file"
+- Related: #1888571
+
 * Thu Nov 05 2020 Jindrich Novy <jnovy@redhat.com> - 1:1.2.0-4
 - change default logging mechanism to use for container engine events
   in containers.conf to be events_logger = "file" - it should fix