%global with_debug 1 %global with_check 0 %if 0%{?with_debug} %global _find_debuginfo_dwz_opts %{nil} %global _dwz_low_mem_die_limit 0 %else %global debug_package %{nil} %endif %if ! 0%{?gobuild:1} %define gobuild(o:) \ scl enable go-toolset-1.12 -- go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; %endif %global provider github %global provider_tld com %global project containers %global repo skopeo # https://github.com/containers/skopeo %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider_prefix} %global git0 https://%{import_path} %global commit0 be6146b0a8471b02e776134119a2c37dfb70d414 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Epoch: 1 Name: %{repo} Version: 0.1.40 Release: 7%{?dist} Summary: Inspect container images and repositories on registries ExcludeArch: %{ix86} s390 ppc ppc64 License: ASL 2.0 URL: %{git0} Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source1: storage.conf Source2: containers-storage.conf.5.md Source3: mounts.conf Source4: containers-registries.conf.5.md Source5: registries.conf Source6: containers-policy.json.5.md Source7: seccomp.json Source8: containers-mounts.conf.5.md Source9: containers-signature.5.md Patch0: skopeo-1792243.patch # tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8945 # patch: https://github.com/containers/skopeo/pull/825.patch Patch1: skopeo-CVE-2020-8945.patch Source10: containers-transports.5.md Source11: containers-certs.d.5.md Source12: containers-registries.d.5.md BuildRequires: go-toolset-1.12 BuildRequires: git BuildRequires: go-md2man BuildRequires: gpgme-devel BuildRequires: libassuan-devel BuildRequires: pkgconfig(devmapper) BuildRequires: ostree-devel BuildRequires: glib2-devel BuildRequires: make Requires: containers-common = %{epoch}:%{version}-%{release} Provides: bundled(golang(github.com/beorn7/perks)) = 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9 Provides: bundled(golang(github.com/BurntSushi/toml)) = master Provides: bundled(golang(github.com/containerd/continuity)) = d8fb8589b0e8e85b8c8bbaa8840226d0dfeb7371 Provides: bundled(golang(github.com/containers/image)) = master Provides: bundled(golang(github.com/containers/storage)) = master Provides: bundled(golang(github.com/davecgh/go-spew)) = master Provides: bundled(golang(github.com/docker/distribution)) = master Provides: bundled(golang(github.com/docker/docker-credential-helpers)) = d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 Provides: bundled(golang(github.com/docker/docker)) = da99009bbb1165d1ac5688b5c81d2f589d418341 Provides: bundled(golang(github.com/docker/go-connections)) = 7beb39f0b969b075d1325fecb092faf27fd357b6 Provides: bundled(golang(github.com/docker/go-metrics)) = 399ea8c73916000c64c2c76e8da00ca82f8387ab Provides: bundled(golang(github.com/docker/go-units)) = 8a7beacffa3009a9ac66bad506b18ffdd110cf97 Provides: bundled(golang(github.com/docker/libtrust)) = master Provides: bundled(golang(github.com/ghodss/yaml)) = 73d445a93680fa1a78ae23a5839bad48f32ba1ee Provides: bundled(golang(github.com/go-check/check)) = v1 Provides: bundled(golang(github.com/gogo/protobuf)) = fcdc5011193ff531a548e9b0301828d5a5b97fd8 Provides: bundled(golang(github.com/golang/glog)) = 44145f04b68cf362d9c4df2182967c2275eaefed Provides: bundled(golang(github.com/golang/protobuf)) = 8d92cf5fc15a4382f8964b08e1f42a75c0591aa3 Provides: bundled(golang(github.com/gorilla/context)) = 14f550f51a Provides: bundled(golang(github.com/gorilla/mux)) = e444e69cbd Provides: bundled(golang(github.com/imdario/mergo)) = 6633656539c1639d9d78127b7d47c622b5d7b6dc Provides: bundled(golang(github.com/kr/pretty)) = v0.1.0 Provides: bundled(golang(github.com/kr/text)) = v0.1.0 Provides: bundled(golang(github.com/matttproud/golang_protobuf_extensions)) = c12348ce28de40eed0136aa2b644d0ee0650e56c Provides: bundled(golang(github.com/mistifyio/go-zfs)) = 22c9b32c84eb0d0c6f4043b6e90fc94073de92fa Provides: bundled(golang(github.com/mtrmac/gpgme)) = master Provides: bundled(golang(github.com/opencontainers/go-digest)) = master Provides: bundled(golang(github.com/opencontainers/image-spec)) = 149252121d044fddff670adcdc67f33148e16226 Provides: bundled(golang(github.com/opencontainers/image-tools)) = 6d941547fa1df31900990b3fb47ec2468c9c6469 Provides: bundled(golang(github.com/opencontainers/runc)) = master Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.0 Provides: bundled(golang(github.com/opencontainers/selinux)) = master Provides: bundled(golang(github.com/ostreedev/ostree-go)) = aeb02c6b6aa2889db3ef62f7855650755befd460 Provides: bundled(golang(github.com/pborman/uuid)) = v1.0 Provides: bundled(golang(github.com/pkg/errors)) = master Provides: bundled(golang(github.com/pmezard/go-difflib)) = master Provides: bundled(golang(github.com/pquerna/ffjson)) = d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac Provides: bundled(golang(github.com/prometheus/client_golang)) = c332b6f63c0658a65eca15c0e5247ded801cf564 Provides: bundled(golang(github.com/prometheus/client_model)) = 99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c Provides: bundled(golang(github.com/prometheus/common)) = 89604d197083d4781071d3c65855d24ecfb0a563 Provides: bundled(golang(github.com/prometheus/procfs)) = cb4147076ac75738c9a7d279075a253c0cc5acbd Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.0.0 Provides: bundled(golang(github.com/stretchr/testify)) = v1.1.3 Provides: bundled(golang(github.com/syndtr/gocapability)) = master Provides: bundled(golang(github.com/tchap/go-patricia)) = v2.2.6 Provides: bundled(golang(github.com/ulikunitz/xz)) = v0.5.4 Provides: bundled(golang(github.com/urfave/cli)) = v1.17.0 Provides: bundled(golang(github.com/vbatts/tar-split)) = v0.10.2 Provides: bundled(golang(github.com/xeipuuv/gojsonpointer)) = master Provides: bundled(golang(github.com/xeipuuv/gojsonreference)) = master Provides: bundled(golang(github.com/xeipuuv/gojsonschema)) = master Provides: bundled(golang(go4.org)) = master Provides: bundled(golang(golang.org/x/crypto)) = master Provides: bundled(golang(golang.org/x/net)) = master Provides: bundled(golang(golang.org/x/sys)) = master Provides: bundled(golang(golang.org/x/text)) = master Provides: bundled(golang(gopkg.in/cheggaaa/pb.v1)) = ad4efe000aa550bb54918c06ebbadc0ff17687b9 Provides: bundled(golang(gopkg.in/yaml.v2)) = d466437aa4adc35830964cffc5b5f262c63ddcb4 Provides: bundled(golang(k8s.io/client-go)) = master %description Command line utility to inspect images and repositories directly on Docker registries without the need to pull them %package -n containers-common Summary: Configuration files for working with image signatures Obsoletes: atomic <= 1:1.13.1-2 Conflicts: atomic-registries <= 1:1.22.1-1 Obsoletes: docker-rhsubscription <= 2:1.13.1-31 Provides: %{name}-containers = %{epoch}:%{version}-%{release} Obsoletes: %{name}-containers <= 1:0.1.31-3 Requires: fuse-overlayfs Requires: slirp4netns Requires: subscription-manager %description -n containers-common This package installs a default signature store configuration and a default policy under `/etc/containers/`. %package tests Summary: Tests for %{name} Requires: %{name} = %{epoch}:%{version}-%{release} #Requires: bats (which RHEL8 doesn't have. If it ever does, un-comment this) Requires: gnupg Requires: jq Requires: podman %description tests %{summary} This package contains system tests for %{name} %prep %autosetup -Sgit -n %{name}-%{commit0} %build mkdir -p src/github.com/containers ln -s ../../../ src/%{import_path} mkdir -p vendor/src for v in vendor/*; do if test ${v} = vendor/src; then continue; fi if test -d ${v}; then mv ${v} vendor/src/ fi done export GOPATH=$(pwd):$(pwd)/vendor export GO111MODULE=off export BUILDTAGS="exclude_graphdriver_btrfs btrfs_noversion $(hack/libdm_tag.sh) $(hack/ostree_tag.sh)" %gobuild -o %{name} ./cmd/%{name} %{__make} docs %install make \ DESTDIR=%{buildroot} \ SIGSTOREDIR=%{buildroot}%{_sharedstatedir}/containers/sigstore \ install mkdir -p %{buildroot}%{_sysconfdir} mkdir -p %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d} mkdir -p %{buildroot}%{_mandir}/man5 install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf install -p -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/ go-md2man -in %{SOURCE2} -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5 go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5 go-md2man -in %{SOURCE6} -out %{buildroot}%{_mandir}/man5/containers-policy.json.5 go-md2man -in %{SOURCE8} -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5 go-md2man -in %{SOURCE9} -out %{buildroot}%{_mandir}/man5/containers-signature.5 go-md2man -in %{SOURCE10} -out %{buildroot}%{_mandir}/man5/containers-transports.5 go-md2man -in %{SOURCE11} -out %{buildroot}%{_mandir}/man5/containers-certs.d.5 go-md2man -in %{SOURCE12} -out %{buildroot}%{_mandir}/man5/containers-registries.d.5 mkdir -p %{buildroot}%{_datadir}/containers install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf install -m0644 %{SOURCE7} %{buildroot}%{_datadir}/containers/seccomp.json # install secrets patch directory install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets # rhbz#1110876 - update symlinks for subscription management ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo # system tests install -d -p %{buildroot}/%{_datadir}/%{name}/test/system cp -pav systemtest/* %{buildroot}/%{_datadir}/%{name}/test/system/ %check %if 0%{?with_check} export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %gotest %{import_path}/integration %endif #define license tag if not already defined %{!?_licensedir:%global license %doc} %files -n containers-common %dir %{_sysconfdir}/containers %dir %{_sysconfdir}/containers/certs.d %dir %{_sysconfdir}/containers/registries.d %dir %{_sysconfdir}/containers/oci %dir %{_sysconfdir}/containers/oci/hooks.d %config(noreplace) %{_sysconfdir}/containers/policy.json %config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml %config(noreplace) %{_sysconfdir}/containers/storage.conf %config(noreplace) %{_sysconfdir}/containers/registries.conf %dir %{_sharedstatedir}/containers/sigstore %{_mandir}/man5/* %dir %{_datadir}/containers %{_datadir}/containers/mounts.conf %{_datadir}/containers/seccomp.json %dir %{_datadir}/rhel/secrets %{_datadir}/rhel/secrets/* %files %license LICENSE %doc README.md %{_bindir}/%{name} %{_mandir}/man1/%{name}* %dir %{_datadir}/bash-completion %dir %{_datadir}/bash-completion/completions %{_datadir}/bash-completion/completions/%{name} %files tests %license LICENSE %{_datadir}/%{name}/test %changelog * Mon Mar 02 2020 Jindrich Novy - 1:0.1.40-7 - fix "CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull" - Resolves: #1806944 * Fri Jan 24 2020 Jindrich Novy - 1:0.1.40-6 - resurrect s390x arch as kernel there now has the renameat2 syscall (#1773504) * Mon Jan 20 2020 Jindrich Novy - 1:0.1.40-5 - Fix thread safety of gpgme (#1792243) * Thu Jan 16 2020 Jindrich Novy - 1:0.1.40-4 - temporary disable s390x arch due to #1773504 causing fuse-overlayfs failing to build - skopeo/contaners-common requires it * Wed Jan 15 2020 Jindrich Novy - 1:0.1.40-3 - increment version to avoid dist tag clash with RHAOS * Thu Jan 02 2020 Jindrich Novy - 1:0.1.40-2 - change the search order of registries and remove quay.io (#1784265) * Wed Dec 04 2019 Jindrich Novy - 1:0.1.40-1 - update to v0.1.40 - Related: RHELPLAN-26239 * Thu Sep 12 2019 Jindrich Novy - 1:0.1.37-4 - Fix CVE-2019-10214. * Fri Aug 02 2019 Jindrich Novy - 1:0.1.37-3 - rebase to 0.1.37 for RHEL7u7 * Mon Jun 24 2019 Lokesh Mandvekar - 1:0.1.37-1 - bump to v0.1.37 * Fri Jun 07 2019 Lokesh Mandvekar - 1:0.1.36-2 - Resolves: #1693961 - /usr/share/rhel/secrets is 755 * Fri Jun 07 2019 Lokesh Mandvekar - 1:0.1.36-1 - Resolves: #1717921 - rebase to v0.1.36 * Wed Mar 27 2019 Frantisek Kluknavsky - 1:0.1.35-2.git404c5bd - rebase * Fri Jan 18 2019 Lokesh Mandvekar - 1:0.1.31-8.gitb0b750d - Resolves: #1667289 - install /usr/share/containers/seccomp.json * Mon Nov 19 2018 Lokesh Mandvekar - 1:0.1.31-7.gitb0b750d - change obsoletes conditional for skopeo-containers * Mon Nov 19 2018 Lokesh Mandvekar - 1:0.1.31-6.gitb0b750d - properly obsolete 1:0.1.31-1 * Fri Nov 09 2018 Frantisek Kluknavsky - 1:0.1.31-5.gitb0b750d - macros for centos * Tue Nov 06 2018 Frantisek Kluknavsky - 1:0.1.31-4.gitb0b750d - rebase * Wed Jul 25 2018 dwalsh - 0.1.31-2.gite3034e1 - add statx to seccomp.json to containers-config - Change skopeo-containers to containers-common * Wed Jul 11 2018 Lokesh Mandvekar - 0.1.31-1.dev.gitae64ff7 - Resolves: #1599980, #1599224 - bump to v0.1.31-dev - built commit ae64ff7 * Sun May 20 2018 dwalsh - 0.1.30-14.gitca3bff6 - Add devicemapper support * Tue Apr 10 2018 Lokesh Mandvekar - 1:0.1.29-3.git7add6fc - move registries.conf to skopeo-containers from atomic * Thu Mar 29 2018 dwalsh - 0.1.29-2.git - bump to 0.1.29-1 - Updated containers/image docker-archive generates docker legacy compatible images Do not create $DiffID subdirectories for layers with no configs Ensure the layer IDs in legacy docker/tarfile metadata are unique docker-archive: repeated layers are symlinked in the tar file sysregistries: remove all trailing slashes Improve docker/* error messages Fix failure to make auth directory Create a new slice in Schema1.UpdateLayerInfos Drop unused storageImageDestination.{image,systemContext} Load a *storage.Image only once in storageImageSource Support gzip for docker-archive files Remove .tar extension from blob and config file names ostree, src: support copy of compressed layers ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size image: fix docker schema v1 -> OCI conversion Add /etc/containers/certs.d as default certs directory * Wed Mar 21 2018 Lokesh Mandvekar - 1:0.1.29-1.dev,gitb08350d - Resolves: #1543707 * Thu Feb 01 2018 Frantisek Kluknavsky - 1:0.1.28-1.git0270e56 - rebased to 0.1.28 * Mon Dec 11 2017 Frantisek Kluknavsky - 1:0.1.27-3.dev.git14245f2 - rebased to 0.1.27-3.dev.git14245f2 * Thu Nov 16 2017 Frantisek Kluknavsky - 1:0.1.26-2.dev.git2e8377a - bump changelog * Wed Nov 15 2017 dwalsh - 0.1.25-2.git2e8377a7 - Add manifest type conversion to skopeo copy - User can select from 3 manifest types: oci, v2s1, or v2s2 - e.g skopeo copy --format v2s1 --compress-blobs docker-archive:alp.tar dir:my-directory * Wed Nov 8 2017 dwalsh - 0.1.25-2.git7fd6f66b - Force storage.conf to default to overlay * Wed Nov 8 2017 dwalsh - 0.1.25-1.git7fd6f66b - Fix CVE in tar-split - copy: add shared blob directory support for OCI sources/destinations - Aligning Docker version between containers/image and skopeo - Update image-tools, and remove the duplicate Sirupsen/logrus vendor - makefile: use -buildmode=pie * Tue Nov 7 2017 dwalsh - 1:0.1.24-8.git28d4e08a - Add /usr/share/containers/mounts.conf * Mon Oct 23 2017 Frantisek Kluknavsky - 1:0.1.24-5.gitdd2c3e3 - built commit dd2c3e3a8e33b849f3625f4f56fa229c76448629 * Thu Oct 19 2017 Lokesh Mandvekar - 1:0.1.24-3.dev.git28d4e08 - add rhel subscription secrets date to skopeo-containers - skopeo-containers conflicts with docker >= 2:1.13.1-61 * Thu Oct 12 2017 Lokesh Mandvekar - 1:0.1.24-2.dev.git28d4e08 - Update container/storage.conf and containers-storage.conf man page - Default override to true so it is consistent with RHEL. * Fri Oct 06 2017 Lokesh Mandvekar - 1:0.1.24-1.dev.git28d4e08 - Resolves: #1499274 - built commit 28d4e08 * Mon Aug 07 2017 Lokesh Mandvekar - 1:0.1.23-1.git1bbd87f - Resolves: #1455575, #1478416, #1387217 - bump to v0.1.23 * Fri Jun 30 2017 Ryan Hartman - 1:0.1.20-2.1.gite802625 - bump release to 2.1 - built commit e802625b7cb7f4af9ab77bd2be9eb441ff2f28a2 * Tue Jun 06 2017 Lokesh Mandvekar - 1:0.1.20-1.1.gite802625 - built commit e802625b7cb7f4af9ab77bd2be9eb441ff2f28a2 * Thu Mar 30 2017 Lokesh Mandvekar - 1:0.1.19-1.1.git62e3747 - bump to v0.1.19 - built commit 62e3747 * Thu Mar 30 2017 Lokesh Mandvekar - 1:0.1.18-1.2 - build for all available arches (previous build didn't do this) * Mon Mar 27 2017 Lokesh Mandvekar - 1:0.1.18-1.1 - rebuilt for all arches on extras 7.4 - enable debuginfo package * Fri Feb 03 2017 Frantisek Kluknavsky - 1:0.1.18-1 - btrfs-progs-devel, device-mapper-devel added to build dependencies - built commit b08008c * Tue Dec 13 2016 Lokesh Mandvekar - 1:0.1.17-1 - Resolves: #1404274 - ship upstream v0.1.17 release - built commit b3b4e2b * Tue Nov 22 2016 Lokesh Mandvekar - 1:0.1.17-0.7.git1f655f3 - runtime dep was missing epoch value, added now * Fri Nov 18 2016 Lokesh Mandvekar - 1:0.1.17-0.6.git1f655f3 - Resolves: #1396531 - list skopeo runtime requirements correctly * Mon Oct 31 2016 Lokesh Mandvekar - 1:0.1.17-0.5 - built commit 1f655f3 * Tue Oct 18 2016 Lokesh Mandvekar - 1:0.1.17-0.4 - Resolves: #1386386 - skopeo-containers conflicts with atomic <= 1.13.1-1 - use correct bug number, #1385584 was for atomic * Tue Oct 18 2016 Lokesh Mandvekar - 1:0.1.17-0.3 - Resolves: #1385584 - skopeo-containers conflicts with atomic <= 1.13.1-1 * Mon Oct 17 2016 Frantisek Kluknavsky - 1:0.1.17-0.2 - obsoletes atomic, fixed dependencies - %%{_sysconfdir}/containers/ owned only by skopeo-containers * Fri Oct 14 2016 Frantisek Kluknavsky - 1:0.1.17-0.1 - rebase, skopeo-containers subpackage added * Tue Sep 20 2016 Lokesh Mandvekar - 1:0.1.14-0.6 - built mtrmac/integrate-all-the-things commit d830391 * Fri Sep 16 2016 Lokesh Mandvekar - 1:0.1.14-0.5 - built mtrmac/integrate-all-the-things commit 85e4551 * Tue Sep 13 2016 Lokesh Mandvekar - 1:0.1.14-0.4 - built mtrmac/integrate-all-the-things commit 02b9f8b * Tue Sep 13 2016 Lokesh Mandvekar - 1:0.1.14-0.3 - built mtrmac/integrate-all-the-things commit b3fcce0 * Tue Sep 06 2016 Frantisek Kluknavsky - 1:0.1.14-0.2.dev - own the whole bash-completion dir (https://fedoraproject.org/wiki/Packaging:Guidelines) * Tue Sep 06 2016 Frantisek Kluknavsky - 1:0.1.14-0.1.dev - update to 0.1.14-dev * Tue Jul 26 2016 Lokesh Mandvekar - 1:0.1.13-8 - bump release, srpm issues in previous build * Tue Jul 12 2016 Lokesh Mandvekar - 1:0.1.13-7 - build with golang >= 1.6.2 * Fri Jun 24 2016 Lokesh Mandvekar - 1:0.1.13-6 - Bump Epoch to 1 since that's what skopeo had when it was an atomic subpackage * Tue Jun 21 2016 Lokesh Mandvekar - 0.1.13-5 - include go-srpm-macros and compiler(go-compiler) in fedora conditionals - define %%gobuild if not already - add patch to build with older version of golang * Thu Jun 02 2016 Antonio Murdaca - 0.1.13-4 - update to v0.1.12 * Tue May 31 2016 Antonio Murdaca - 0.1.12-3 - fix go build source path * Fri May 27 2016 Antonio Murdaca - 0.1.12-2 - update to v0.1.12 * Tue Mar 08 2016 Antonio Murdaca - 0.1.11-1 - update to v0.1.11 * Tue Mar 08 2016 Antonio Murdaca - 0.1.10-1 - update to v0.1.10 - change runcom -> projectatomic * Mon Feb 29 2016 Antonio Murdaca - 0.1.9-1 - update to v0.1.9 * Mon Feb 29 2016 Antonio Murdaca - 0.1.8-1 - update to v0.1.8 * Mon Feb 22 2016 Fedora Release Engineering - 0.1.4-2 - https://fedoraproject.org/wiki/Changes/golang1.6 * Fri Jan 29 2016 Antonio Murdaca - 0.1.4 - First package for Fedora