diff --git a/.gitignore b/.gitignore index 58b6875..f779712 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/v1.0.0.tar.gz +SOURCES/v1.1.1.tar.gz diff --git a/.skopeo.metadata b/.skopeo.metadata index 69d4913..389cd1b 100644 --- a/.skopeo.metadata +++ b/.skopeo.metadata @@ -1 +1 @@ -453eb3e74cf43acaefe92790ea06d15609073cf8 SOURCES/v1.0.0.tar.gz +997b1d28c341f37e655d19534d29073aca424cd4 SOURCES/v1.1.1.tar.gz diff --git a/SOURCES/containers-auth.json.5.md b/SOURCES/containers-auth.json.5.md index 16e4d7b..4921f01 100644 --- a/SOURCES/containers-auth.json.5.md +++ b/SOURCES/containers-auth.json.5.md @@ -5,15 +5,16 @@ containers-auth.json - syntax for the registry authentication file # DESCRIPTION -A credentials file stored at `${XDG_RUNTIME_DIR}/containers/auth.json` in -json format used to authenticate against container image registries. +A credentials file in JSON format used to authenticate against container image registries. +On Linux it is stored at `${XDG_RUNTIME_DIR}/containers/auth.json`; +on Windows and macOS, at `$HOME/.config/containers/auth.json` ## FORMAT The auth.json file stores encrypted authentication information for the user to container image registries. The file can have zero to many entries and -is created by a `login` command from a container tool such as `podman login` or -`buildah login`. Each entry includes the name of the registry and then an auth +is created by a `login` command from a container tool such as `podman login`, +`buildah login` or `skopeo login`. Each entry includes the name of the registry and then an auth token in the form of a base64 encoded string from the concatenation of the username, a colon, and the password. @@ -36,8 +37,28 @@ their accounts on quay.io and docker.io: An entry can be removed by using a `logout` command from a container tool such as `podman logout` or `buildah logout`. +In addition, credential helpers can be configured for specific registries and the credentials-helper +software can be used to manage the credentials in a more secure way than depending on the base64 encoded authentication +provided by `login`. If the credential helpers are configured for specific registries, the base64 encoded authentication will not be used +for operations concerning credentials of the specified registries. + +When the credential helper is in use on a Linux platform, the auth.json file would contain keys that specify the registry domain, and values that specify the suffix of the program to use (i.e. everything after docker-credential-). For example: + +``` +{ + "auths": { + "localhost:5001": {} + }, + "credHelpers": { + "registry.example.com": "secretservice" + } +} +``` + +For more information on credential helpers, please reference the [GitHub docker-credential-helpers project](https://github.com/docker/docker-credential-helpers/releases). + # SEE ALSO - buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1) + buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1), skopeo-login(1), skopeo-logout(1) # HISTORY Feb 2020, Originally compiled by Tom Sweeney diff --git a/SOURCES/containers-storage.conf.5.md b/SOURCES/containers-storage.conf.5.md index aa328a4..5ea362f 100644 --- a/SOURCES/containers-storage.conf.5.md +++ b/SOURCES/containers-storage.conf.5.md @@ -138,6 +138,9 @@ The `storage.options.thinpool` table supports the following options for the `dev 6: LogLevelInfo 7: LogLevelDebug +**metadata_size**="" + metadata_size is used to set the `pvcreate --metadatasize` options when creating thin devices. (Default 128k) + **min_free_space**="" Specifies the min free space percent in a thin pool required for new device creation to succeed. Valid values are from 0% - 99%. Value 0% disables. (default: 10%) @@ -198,6 +201,9 @@ The `storage.options.zfs` table supports the following options: **mountopt**="" Comma separated list of default options to be used to mount container images. Suggested value "nodev". Mount options are documented in the mount(8) man page. +**skip_mount_home=""** + Tell storage drivers to not create a PRIVATE bind mount on their home directory. + **size**="" Maximum size of a container image. This flag can be used to set quota on the size of container images. (format: [], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) diff --git a/SOURCES/containers.conf b/SOURCES/containers.conf index a029aed..780df2a 100644 --- a/SOURCES/containers.conf +++ b/SOURCES/containers.conf @@ -92,7 +92,7 @@ # Ulimits has limits for non privileged container engines. # # default_ulimits = [ -# “nofile”=”1280:2560”, +# "nofile"="1280:2560", # ] # List of default DNS options to be added to /etc/resolv.conf inside of the container. @@ -105,7 +105,7 @@ # Set default DNS servers. # This option can be used to override the DNS configuration passed to the -# container. The special value “none” can be specified to disable creation of +# container. The special value "none" can be specified to disable creation of # /etc/resolv.conf in the container. # The /etc/resolv.conf file in the image will be used without changes. # @@ -125,7 +125,7 @@ # Path to OCI hooks directories for automatically executed hooks. # # hooks_dir = [ -# “/usr/share/containers/oci/hooks.d”, +# "/usr/share/containers/oci/hooks.d", # ] # Default proxy environment variables passed into the container. @@ -205,6 +205,15 @@ # # shm_size = "65536k" +# Set timezone in container. Takes IANA timezones as well as "local", +# which sets the timezone in the container to match the host machine. +# +# tz = "" + +# Set umask inside the container +# +# umask="0022" + # Default way to to create a UTS namespace for the container # Options are: # `private` Create private UTS Namespace for the container. @@ -220,7 +229,7 @@ # userns = "host" # Number of UIDs to allocate for the automatic container creation. -# UIDs are allocated from the “container” UIDs listed in +# UIDs are allocated from the "container" UIDs listed in # /etc/subuid & /etc/subgid # # userns_size=65536 @@ -241,7 +250,7 @@ [engine] # Cgroup management implementation used for the runtime. -# Valid options “systemd” or “cgroupfs” +# Valid options "systemd" or "cgroupfs" # # cgroup_manager = "systemd" @@ -279,6 +288,12 @@ # # enable_port_reservation = true +# Environment variables to be used when running the container engine (e.g., Podman, Buildah). +# For example "http_proxy=internal.proxy.company.com". +# Note these environment variables will not be used within the container. +# Set the env section under [containers] table, if you want to set environment variables for the container. +# env = [] + # Selects which logging mechanism to use for container engine events. # Valid values are `journald`, `file` and `none`. # @@ -364,6 +379,25 @@ # # runtime_supports_kvm = ["kata"] +# Number of seconds to wait for container to exit before sending kill signal. +# stop_timeout = 10 + +# Index to the active service +# active_service = production + +# map of service destinations +# [service_destinations] +# [service_destinations.production] +# URI to access the Podman service +# Examples: +# rootless "unix://run/user/$UID/podman/podman.sock" (Default) +# rootfull "unix://run/podman/podman.sock (Default) +# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock +# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock +# uri="ssh://user@production.example.com/run/user/1001/podman/podman.sock" +# Path to file containing ssh identity key +# identity = "~/.ssh/id_rsa" + # Paths to look for a valid OCI runtime (runc, runv, kata, etc) [engine.runtimes] # runc = [ @@ -397,9 +431,6 @@ # "/usr/bin/kata-fc", # ] -# Number of seconds to wait for container to exit before sending kill signal. -#stop_timeout = 10 - # The [engine.runtimes] table MUST be the last entry in this file. # (Unless another table is added) # TOML does not provide a way to end a table other than a further table being diff --git a/SOURCES/containers.conf.5.md b/SOURCES/containers.conf.5.md index 7b2051b..88a0067 100644 --- a/SOURCES/containers.conf.5.md +++ b/SOURCES/containers.conf.5.md @@ -195,6 +195,16 @@ than `0`. If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `65536k`. +**tz=**"" + Set timezone in container. Takes IANA timezones as well as `local`, which sets the timezone in the container to match the host machine. + If not set, then containers will run with the time zone specified in the image. + Examples: + `tz="local"` + `tz="America/New_York"` + +**umask**="0022" + Sets umask inside the container. + **utsns**="private" Default way to to create a UTS namespace for the container. Options are: @@ -271,6 +281,11 @@ they cannot be reused by other programs on the host. However, this can cause significant memory usage if a container has many ports forwarded to it. Disabling this can save memory. +**env**=[] +Environment variables to be used when running the container engine (e.g., Podman, Buildah). For example "http_proxy=internal.proxy.company.com". +Note these environment variables will not be used within the container. Set the env section under [containers] table, +if you want to set environment variables for the container. + **events_logger**="journald" Default method to use when logging events. Valid values: `file`, `journald`, and `none`. @@ -310,6 +325,24 @@ pod consumes one lock. The default number available is 2048. If this is changed, a lock renumbering must be performed, using the `podman system renumber` command. +**active_service**="" + Name of destination for accessing the Podman service. + +**[service_destinations]** + +**[service_destinations.{name}]** + **uri="ssh://user@production.example.com/run/user/1001/podman/podman.sock"** + + Example URIs: + +- **rootless local** - unix://run/user/1000/podman/podman.sock +- **rootless remote** - ssh://user@engineering.lab.company.com/run/user/1000/podman/podman.sock +- **rootfull local** - unix://run/podman/podman.sock +- **rootfull remote** - ssh://root@10.10.1.136:22/run/podman/podman.sock + + **identity="~/.ssh/id_rsa** + Path to file containing ssh identity key + **pull_policy**="always"|"missing"|"never" Pull image before running or creating a container. The default is **missing**. diff --git a/SOURCES/seccomp.json b/SOURCES/seccomp.json index f060bea..d2cedab 100644 --- a/SOURCES/seccomp.json +++ b/SOURCES/seccomp.json @@ -52,6 +52,8 @@ "syscalls": [ { "names": [ + "_llseek", + "_newselect", "accept", "accept4", "access", @@ -120,6 +122,8 @@ "ftruncate64", "futex", "futimesat", + "get_robust_list", + "get_thread_area", "getcpu", "getcwd", "getdents", @@ -145,12 +149,10 @@ "getresuid", "getresuid32", "getrlimit", - "get_robust_list", "getrusage", "getsid", "getsockname", "getsockopt", - "get_thread_area", "gettid", "gettimeofday", "getuid", @@ -161,15 +163,15 @@ "inotify_init1", "inotify_rm_watch", "io_cancel", - "ioctl", "io_destroy", "io_getevents", - "ioprio_get", - "ioprio_set", "io_setup", "io_submit", + "ioctl", + "ioprio_get", + "ioprio_set", "ipc", - "keyctl", + "keyctl", "kill", "lchown", "lchown32", @@ -179,7 +181,6 @@ "listen", "listxattr", "llistxattr", - "_llseek", "lremovexattr", "lseek", "lsetxattr", @@ -197,6 +198,7 @@ "mlockall", "mmap", "mmap2", + "mount", "mprotect", "mq_getsetattr", "mq_notify", @@ -213,9 +215,9 @@ "munlock", "munlockall", "munmap", + "name_to_handle_at", "nanosleep", "newfstatat", - "_newselect", "open", "openat", "pause", @@ -238,6 +240,7 @@ "readlink", "readlinkat", "readv", + "reboot", "recv", "recvfrom", "recvmmsg", @@ -257,11 +260,11 @@ "rt_sigsuspend", "rt_sigtimedwait", "rt_tgsigqueueinfo", + "sched_get_priority_max", + "sched_get_priority_min", "sched_getaffinity", "sched_getattr", "sched_getparam", - "sched_get_priority_max", - "sched_get_priority_min", "sched_getscheduler", "sched_rr_get_interval", "sched_setaffinity", @@ -281,6 +284,9 @@ "sendmmsg", "sendmsg", "sendto", + "set_robust_list", + "set_thread_area", + "set_tid_address", "setfsgid", "setfsgid32", "setfsuid", @@ -301,11 +307,8 @@ "setreuid", "setreuid32", "setrlimit", - "set_robust_list", "setsid", "setsockopt", - "set_thread_area", - "set_tid_address", "setuid", "setuid32", "setxattr", @@ -339,21 +342,24 @@ "time", "timer_create", "timer_delete", - "timerfd_create", - "timerfd_gettime", - "timerfd_settime", "timer_getoverrun", "timer_gettime", "timer_settime", + "timerfd_create", + "timerfd_gettime", + "timerfd_settime", "times", "tkill", "truncate", "truncate64", "ugetrlimit", "umask", + "umount", + "umount2", "uname", "unlink", "unlinkat", + "unshare", "utime", "utimensat", "utimes", @@ -363,12 +369,7 @@ "waitid", "waitpid", "write", - "writev", - "mount", - "umount2", - "reboot", - "name_to_handle_at", - "unshare" + "writev" ], "action": "SCMP_ACT_ALLOW", "args": [], @@ -530,8 +531,7 @@ "names": [ "s390_pci_mmio_read", "s390_pci_mmio_write", - "s390_runtime_instr", - "clone" + "s390_runtime_instr" ], "action": "SCMP_ACT_ALLOW", "args": [], @@ -748,9 +748,7 @@ "names": [ "settimeofday", "stime", - "clock_settime", - "clock_adjtime", - "adjtimex" + "clock_settime" ], "action": "SCMP_ACT_ALLOW", "args": [], @@ -775,6 +773,111 @@ ] }, "excludes": {} + }, + { + "names": [ + "socket" + ], + "action": "SCMP_ACT_ERRNO", + "args": [ + { + "index": 0, + "value": 16, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + }, + { + "index": 2, + "value": 9, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_AUDIT_WRITE" + ] + }, + "errnoRet": 22 + }, + { + "names": [ + "socket" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 2, + "value": 9, + "valueTwo": 0, + "op": "SCMP_CMP_NE" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_AUDIT_WRITE" + ] + } + }, + { + "names": [ + "socket" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 16, + "valueTwo": 0, + "op": "SCMP_CMP_NE" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_AUDIT_WRITE" + ] + } + }, + { + "names": [ + "socket" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 2, + "value": 9, + "valueTwo": 0, + "op": "SCMP_CMP_NE" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_AUDIT_WRITE" + ] + } + }, + { + "names": [ + "socket" + ], + "action": "SCMP_ACT_ALLOW", + "args": null, + "comment": "", + "includes": { + "caps": [ + "CAP_AUDIT_WRITE" + ] + }, + "excludes": {} } ] } diff --git a/SOURCES/storage.conf b/SOURCES/storage.conf index 6dafb34..f6eeeb1 100644 --- a/SOURCES/storage.conf +++ b/SOURCES/storage.conf @@ -67,7 +67,7 @@ additionalimagestores = [ # squashed down to the default uid in the container. These images will have no # separation between the users in the container. Only supported for the overlay # and vfs drivers. -#ignore_chown_errors = false +#ignore_chown_errors = "false" # Path to an helper program to use for mounting the file system instead of mounting it # directly. @@ -76,6 +76,9 @@ additionalimagestores = [ # mountopt specifies comma separated list of extra mount options mountopt = "nodev,metacopy=on" +# Set to skip a PRIVATE bind mount on the storage home directory. +# skip_mount_home = "false" + # Size is used to set a maximum size of the container image. # size = "" diff --git a/SPECS/skopeo.spec b/SPECS/skopeo.spec index b0b1ab9..4380621 100644 --- a/SPECS/skopeo.spec +++ b/SPECS/skopeo.spec @@ -25,11 +25,13 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl Epoch: 1 Name: %{repo} -Version: 1.0.0 -Release: 1%{?dist} +Version: 1.1.1 +Release: 3%{?dist} Summary: Inspect container images and repositories on registries License: ASL 2.0 URL: %{git0} +# Build fails with: No matching package to install: 'golang >= 1.12.12-4' on i686 +ExcludeArch: i686 Source0: %{git0}/archive/v%{version}.tar.gz #Source1: https://raw.githubusercontent.com/containers/storage/%%{branch}/storage.conf Source1: https://src.fedoraproject.org/rpms/skopeo/raw/master/f/storage.conf @@ -85,6 +87,7 @@ Requires: %{name} = %{epoch}:%{version}-%{release} Requires: gnupg Requires: jq Requires: podman +Requires: httpd-tools %description tests %{summary} @@ -108,6 +111,7 @@ done export GOPATH=$(pwd):$(pwd)/vendor:%{gopath} export GO111MODULE=off +export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" export BUILDTAGS="exclude_graphdriver_btrfs btrfs_noversion $(hack/libdm_tag.sh) $(hack/ostree_tag.sh)" %gobuild -o %{name} ./cmd/%{name} %{__make} docs @@ -193,30 +197,362 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/%{name}/test %changelog +* Tue Aug 11 2020 Jindrich Novy - 1:1.1.1-3 +- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization +- Related: #1821193 + +* Wed Jul 29 2020 Jindrich Novy - 1:1.1.1-2 +- drop applied patches +- Related: #1821193 + +* Wed Jul 29 2020 Jindrich Novy - 1:1.1.1-1 +- update to https://github.com/containers/skopeo/releases/tag/v1.1.1 +- Related: #1821193 + +* Thu Jul 23 2020 Eduardo Santiago - 1:1.1.0-3 +- fix broken gating tests: docker unexpectedly removed htpasswd from + their 'registry:2' image, so we now use htpasswd from httpd-tools on host. + +* Fri Jul 17 2020 Jindrich Novy - 1:1.1.0-2 +- fix "CVE-2020-14040 skopeo: golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash [rhel-8]" +- Resolves: #1854719 + +* Fri Jun 19 2020 Jindrich Novy - 1:1.1.0-1 +- update to https://github.com/containers/skopeo/releases/tag/v1.1.0 +- Related: #1821193 + +* Wed Jun 10 2020 Jindrich Novy - 1:1.0.0-2 +- exclude i686 arch +- Related: #1821193 + * Tue May 19 2020 Jindrich Novy - 1:1.0.0-1 - update to https://github.com/containers/skopeo/releases/tag/v1.0.0 -- Related: RHELPLAN-39206 +- Related: #1821193 + +* Tue May 12 2020 Jindrich Novy - 1:0.2.0-6 +- synchronize containter-tools 8.3.0 with 8.2.1 +- Related: #1821193 + +* Mon Apr 06 2020 Jindrich Novy - 1:0.1.41-1 +- update to 0.1.41 +- Related: #1821193 + +* Fri Mar 06 2020 Jindrich Novy - 1:0.1.40-10 +- modify registries.conf default configuration to be more secure by default +- Resolves: #1810053 + +* Fri Feb 14 2020 Jindrich Novy - 1:0.1.40-9 +- Fix CVE-2020-1702. +- Resolves: #1801922 + +* Thu Jan 02 2020 Jindrich Novy - 1:0.1.40-8 +- change the search order of registries and remove quay.io (#1784267) + +* Wed Dec 11 2019 Jindrich Novy - 1:0.1.40-7 +- compile in FIPS mode +- Related: RHELPLAN-25139 + +* Mon Dec 09 2019 Jindrich Novy - 1:0.1.40-6 +- be sure to use golang >= 1.12.12-4 +- Related: RHELPLAN-25139 + +* Wed Dec 04 2019 Jindrich Novy - 1:0.1.40-5 +- fix file list +- Related: RHELPLAN-25139 + +* Wed Dec 04 2019 Jindrich Novy - 1:0.1.40-4 +- fix symlinks in /usr/share/rhel/secrets and make + subscription-manager soft dependency to make them work +- Related: RHELPLAN-25139 + +* Thu Nov 28 2019 Jindrich Novy - 1:0.1.40-3 +- rebuild because of CVE-2019-9512 and CVE-2019-9514 +- Resolves: #1772132, #1772137 + +* Wed Nov 20 2019 Jindrich Novy - 1:0.1.40-2 +- comment out mountopt option in order to fix gating tests + see bug 1769769 +- Related: RHELPLAN-25139 + +* Wed Nov 06 2019 Jindrich Novy - 1:0.1.40-1 +- update to 0.1.40 +- Related: RHELPLAN-25139 + +* Thu Sep 12 2019 Jindrich Novy - 1:0.1.37-5 +- Fix CVE-2019-10214 (#1734651). + +* Thu Aug 15 2019 Jindrich Novy - 1:0.1.37-4 +- fix permissions of rhel/secrets + Resolves: #1691543 + +* Fri Jun 14 2019 Lokesh Mandvekar - 1:0.1.37-3 +- Resolves: #1719994 - add registry.access.redhat.com to registries.conf + +* Fri Jun 14 2019 Lokesh Mandvekar - 1:0.1.37-2 +- Resolves: #1721247 - enable fips mode + +* Fri Jun 14 2019 Lokesh Mandvekar - 1:0.1.37-1 +- Resolves: #1720654 - rebase to v0.1.37 + +* Tue Jun 4 2019 Eduardo Santiago - 1:0.1.36-1.git6307635 +- built upstream tag v0.1.36, including system tests + +* Tue Apr 30 2019 Lokesh Mandvekar - 1:0.1.32-4.git1715c90 +- Fixes @openshift/machine-config-operator#669 +- install /etc/containers/oci/hooks.d and /etc/containers/certs.d + +* Tue Dec 18 2018 Frantisek Kluknavsky - 1:0.1.32-3.git1715c90 +- rebase + +* Mon Dec 17 2018 Frantisek Kluknavsky - 1:0.1.32-2.git1715c90 +- re-enable debuginfo + +* Mon Dec 17 2018 Frantisek Kluknavsky - 1:0.1.31-12.gitb0b750d +- go tools not in scl anymore + +* Fri Sep 21 2018 Lokesh Mandvekar - 1:0.1.31-11.gitb0b750d +- Resolves: #1615609 +- built upstream tag v0.1.31 + +* Thu Aug 23 2018 Lokesh Mandvekar - 1:0.1.31-10.git0144aa8 +- Resolves: #1616069 - correct order of registries + +* Mon Aug 13 2018 Lokesh Mandvekar - 1:0.1.31-9.git0144aa8 +- Resolves: #1615609 - rebuild with gobuild tag 'no_openssl' + +* Fri Aug 10 2018 Lokesh Mandvekar - 1:0.1.31-8.git0144aa8 +- Resolves: #1614934 - containers-common soft dep on slirp4netns and +fuse-overlayfs + +* Wed Aug 08 2018 Lokesh Mandvekar - 1:0.1.31-7.git0144aa8 +- build with %%gobuild +- use scl-ized go-toolset as dep +- disable i686 builds temporarily because of go-toolset issues + +* Wed Jul 18 2018 dwalsh - 1:0.1.31-6.git0144aa8 +- add statx to seccomp.json to containers-config +- add seccomp.json to containers-config + +* Tue Jul 03 2018 Lokesh Mandvekar - 1:0.1.31-4.git0144aa8 +- Resolves: #1597629 - handle dependency issue for skopeo-containers +- rename skopeo-containers to containers-common as in Fedora + +* Mon Jun 25 2018 Lokesh Mandvekar - 1:0.1.31-3.git0144aa8 +- Resolves: #1583762 - btrfs dep removal needs exclude_graphdriver_btrfs +buildtag + +* Wed Jun 13 2018 Lokesh Mandvekar - 1:0.1.31-2.git0144aa8 +- correct bz in previous changelog + +* Wed Jun 13 2018 Lokesh Mandvekar - 1:0.1.31-1.git0144aa8 +- Resolves: #1580938 - resolve FTBFS +- Resolves: #1583762 - remove dependency on btrfs-progs-devel +- bump to v0.1.31 (from master) +- built commit ca3bff6 +- use go-toolset deps for rhel8 + +* Tue Apr 03 2018 baude - 0.1.29-5.git7add6fc +- Fix small typo in registries.conf + +* Tue Apr 3 2018 dwalsh - 0.1.29-4.git +- Add policy.json.5 + +* Mon Apr 2 2018 dwalsh - 0.1.29-3.git +- Add registries.conf + +* Mon Apr 2 2018 dwalsh - 0.1.29-2.git +- Add registries.conf man page + +* Thu Mar 29 2018 dwalsh - 0.1.29-1.git +- bump to 0.1.29-1 +- Updated containers/image + docker-archive generates docker legacy compatible images + Do not create $DiffID subdirectories for layers with no configs + Ensure the layer IDs in legacy docker/tarfile metadata are unique + docker-archive: repeated layers are symlinked in the tar file + sysregistries: remove all trailing slashes + Improve docker/* error messages + Fix failure to make auth directory + Create a new slice in Schema1.UpdateLayerInfos + Drop unused storageImageDestination.{image,systemContext} + Load a *storage.Image only once in storageImageSource + Support gzip for docker-archive files + Remove .tar extension from blob and config file names + ostree, src: support copy of compressed layers + ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size + image: fix docker schema v1 -> OCI conversion + Add /etc/containers/certs.d as default certs directory + +* Fri Feb 09 2018 Fedora Release Engineering - 0.1.28-2.git0270e56 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 2 2018 dwalsh - 0.1.28-1.git +- Vendor in fixed libraries in containers/image and containers/storage + +* Tue Nov 21 2017 dwalsh - 0.1.27-1.git +- Fix Conflicts to Obsoletes +- Add better docs to man pages. +- Use credentials from authfile for skopeo commands +- Support storage="" in /etc/containers/storage.conf +- Add global --override-arch and --override-os options + +* Wed Nov 15 2017 dwalsh - 0.1.25-2.git2e8377a7 +- Add manifest type conversion to skopeo copy +- User can select from 3 manifest types: oci, v2s1, or v2s2 +- e.g skopeo copy --format v2s1 --compress-blobs docker-archive:alp.tar dir:my-directory + +* Wed Nov 8 2017 dwalsh - 0.1.25-2.git7fd6f66b +- Force storage.conf to default to overlay + +* Wed Nov 8 2017 dwalsh - 0.1.25-1.git7fd6f66b +- Fix CVE in tar-split +- copy: add shared blob directory support for OCI sources/destinations +- Aligning Docker version between containers/image and skopeo +- Update image-tools, and remove the duplicate Sirupsen/logrus vendor +- makefile: use -buildmode=pie + +* Tue Nov 7 2017 dwalsh - 0.1.24-8.git28d4e08a +- Add /usr/share/containers/mounts.conf + +* Sun Oct 22 2017 dwalsh - 0.1.24-7.git28d4e08a +- Bug fixes +- Update to release + +* Tue Oct 17 2017 Lokesh Mandvekar - 0.1.24-6.dev.git28d4e08 +- skopeo-containers conflicts with docker-rhsubscription <= 2:1.13.1-31 + +* Tue Oct 17 2017 dwalsh - 0.1.24-5.dev.git28d4e08 +- Add rhel subscription secrets data to skopeo-containers + +* Thu Oct 12 2017 dwalsh - 0.1.24-4.dev.git28d4e08 +- Update container/storage.conf and containers-storage.conf man page +- Default override to true so it is consistent with RHEL. + +* Tue Oct 10 2017 Lokesh Mandvekar - 0.1.24-3.dev.git28d4e08 +- built commit 28d4e08 + +* Mon Sep 18 2017 Lokesh Mandvekar - 0.1.24-2.dev.git875dd2e +- built commit 875dd2e +- Resolves: gh#416 + +* Tue Sep 12 2017 Lokesh Mandvekar - 0.1.24-1.dev.gita41cd0 +- bump to 0.1.24-dev +- correct a prior bogus date +- fix macro in comment warning + +* Mon Aug 21 2017 dwalsh - 0.1.23-6.dev.git1bbd87 +- Change name of storage.conf.5 man page to containers-storage.conf.5, since +it conflicts with inn package +- Also remove default to "overalay" in the configuration, since we should +- allow containers storage to pick the best default for the platform. + +* Thu Aug 03 2017 Fedora Release Engineering - 0.1.23-5.git1bbd87f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Sun Jul 30 2017 Florian Weimer - 0.1.23-4.git1bbd87f +- Rebuild with binutils fix for ppc64le (#1475636) + +* Thu Jul 27 2017 Fedora Release Engineering - 0.1.23-3.git1bbd87f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 25 2017 dwalsh - 0.1.23-2.dev.git1bbd87 +- Fix storage.conf man page to be storage.conf.5.gz so that it works. + +* Fri Jul 21 2017 dwalsh - 0.1.23-1.dev.git1bbd87 +- Support for OCI V1.0 Images +- Update to image-spec v1.0.0 and revendor +- Fixes for authentication + +* Sat Jul 01 2017 Lokesh Mandvekar - 0.1.22-2.dev.git5d24b67 +- Epoch: 1 for CentOS as CentOS Extras' build already has epoch set to 1 + +* Wed Jun 21 2017 dwalsh - 0.1.22-1.dev.git5d24b67 +- Give more useful help when explaining usage +- Also specify container-storage as a valid transport +- Remove docker reference wherever possible +- vendor in ostree fixes + +* Thu Jun 15 2017 dwalsh - 0.1.21-1.dev.git0b73154 +- Add support for storage.conf and storage-config.5.md from github container storage package +- Bump to the latest version of skopeo +- vendor.conf: add ostree-go +- it is used by containers/image for pulling images to the OSTree storage. +- fail early when image os does not match host os +- Improve documentation on what to do with containers/image failures in test-skopeo +- We now have the docker-archive: transport +- Integration tests with built registries also exist +- Support /etc/docker/certs.d +- update image-spec to v1.0.0-rc6 + +* Tue May 23 2017 bbaude - 0.1.20-1.dev.git0224d8c +- BZ #1380078 - New release + +* Tue Apr 25 2017 bbaude - 0.1.19-2.dev.git0224d8c +- No golang support for ppc64. Adding exclude arch. BZ #1445490 + +* Tue Feb 28 2017 Lokesh Mandvekar - 0.1.19-1.dev.git0224d8c +- bump to v0.1.19-dev +- built commit 0224d8c + +* Sat Feb 11 2017 Fedora Release Engineering - 0.1.17-3.dev.git2b3af4a +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Dec 10 2016 Igor Gnatenko - 0.1.17-2.dev.git2b3af4a +- Rebuild for gpgme 1.18 + +* Tue Dec 06 2016 Lokesh Mandvekar - 0.1.17-1.dev.git2b3af4a +- bump to 0.1.17-dev + +* Fri Nov 04 2016 Antonio Murdaca - 0.1.14-6.git550a480 +- Fix BZ#1391932 + +* Tue Oct 18 2016 Antonio Murdaca - 0.1.14-5.git550a480 +- Conflicts with atomic in skopeo-containers + +* Wed Oct 12 2016 Antonio Murdaca - 0.1.14-4.git550a480 +- built skopeo-containers + +* Wed Sep 21 2016 Lokesh Mandvekar - 0.1.14-3.gitd830391 +- built mtrmac/integrate-all-the-things commit d830391 + +* Thu Sep 08 2016 Lokesh Mandvekar - 0.1.14-2.git362bfc5 +- built commit 362bfc5 + +* Thu Aug 11 2016 Lokesh Mandvekar - 0.1.14-1.gitffe92ed +- build origin/master commit ffe92ed + +* Thu Jul 21 2016 Fedora Release Engineering - 0.1.13-6 +- https://fedoraproject.org/wiki/Changes/golang1.7 + +* Tue Jun 21 2016 Lokesh Mandvekar - 0.1.13-5 +- include go-srpm-macros and compiler(go-compiler) in fedora conditionals +- define %%gobuild if not already +- add patch to build with older version of golang + +* Thu Jun 02 2016 Antonio Murdaca - 0.1.13-4 +- update to v0.1.12 + +* Tue May 31 2016 Antonio Murdaca - 0.1.12-3 +- fix go build source path + +* Fri May 27 2016 Antonio Murdaca - 0.1.12-2 +- update to v0.1.12 -* Fri Apr 24 2020 Jindrich Novy - 1:0.2.0-5 -- follow Dan's suggestion to deliver seccomp.json and storage.conf - from Fedora and not directly from upstream yet -- Related: RHELPLAN-39206 +* Tue Mar 08 2016 Antonio Murdaca - 0.1.11-1 +- update to v0.1.11 -* Fri Apr 24 2020 Jindrich Novy - 1:0.2.0-4 -- re-include ppc64 arch, golang doesn't seem broken there any more -- synchronize man pages and config files with upstream -- Related: RHELPLAN-39206 +* Tue Mar 08 2016 Antonio Murdaca - 0.1.10-1 +- update to v0.1.10 +- change runcom -> projectatomic -* Thu Apr 23 2020 Jindrich Novy - 1:0.2.0-3 -- include and ship containers.conf -- Resolves: #1826486 +* Mon Feb 29 2016 Antonio Murdaca - 0.1.9-1 +- update to v0.1.9 -* Tue Apr 21 2020 Jindrich Novy - 1:0.2.0-2 -- add docker.io into the default registry list -- Related: RHELPLAN-39206 +* Mon Feb 29 2016 Antonio Murdaca - 0.1.8-1 +- update to v0.1.8 -* Fri Apr 10 2020 Jindrich Novy - 1:0.2.0-1 -- update to https://github.com/containers/skopeo/releases/tag/v0.2.0 -- initial rhel8-8.2.1 build -- Related: RHELPLAN-39206 +* Mon Feb 22 2016 Fedora Release Engineering - 0.1.4-2 +- https://fedoraproject.org/wiki/Changes/golang1.6 +* Fri Jan 29 2016 Antonio Murdaca - 0.1.4 +- First package for Fedora