Hello community,
here is the log from the commit of package libcontainers-common for openSUSE:Factory checked in at 2019-09-30 15:50:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcontainers-common (Old)
and /work/SRC/openSUSE:Factory/.libcontainers-common.new.2352 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcontainers-common"
Mon Sep 30 15:50:34 2019 rev:19 rq:732772 version:20190923
Changes:
--------
--- /work/SRC/openSUSE:Factory/libcontainers-common/libcontainers-common.changes 2019-08-10 23:44:13.555633910 +0200
+++ /work/SRC/openSUSE:Factory/.libcontainers-common.new.2352/libcontainers-common.changes 2019-09-30 15:50:35.898621881 +0200
@@ -1,0 +2,16 @@
+Mon Sep 23 15:28:02 UTC 2019 - Richard Brown
+
+- Update to image 1.4.4
+ - Hard-code the kernel keyring use to be disabled for now
+- Update to libpod 1.5.1
+ - The hostname of pods is now set to the pod's name
+ - Minor bugfixes
+- Update to storage 1.12.16
+ - Ignore ro mount options in btrfs and windows drivers
+
+-------------------------------------------------------------------
+Mon Sep 23 12:01:53 UTC 2019 - Richard Brown
+
+- Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028)
+
+-------------------------------------------------------------------
Old:
----
image-3.0.0.tar.xz
libpod-1.4.4.tar.xz
storage-1.12.16.tar.xz
New:
----
image-3.0.2.tar.xz
libpod-1.5.1.tar.xz
storage-1.13.2.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libcontainers-common.spec ++++++
--- /var/tmp/diff_new_pack.YrYt3s/_old 2019-09-30 15:50:37.306618134 +0200
+++ /var/tmp/diff_new_pack.YrYt3s/_new 2019-09-30 15:50:37.310618123 +0200
@@ -16,16 +16,16 @@
#
# libpodver - version from containers/libpod
-%define libpodver 1.4.4
+%define libpodver 1.5.1
# storagever - version from containers/storage
-%define storagever 1.12.16
+%define storagever 1.13.2
# imagever - version from containers/image
-%define imagever 3.0.0
+%define imagever 3.0.2
Name: libcontainers-common
-Version: 20190802
+Version: 20190923
Release: 0
Summary: Configuration files common to github.com/containers
License: Apache-2.0 and GPL-3.0+
@@ -121,9 +121,11 @@
install -D -m 0644 libpod-%{libpodver}/pkg/hooks/docs/oci-hooks.5 %{buildroot}/%{_mandir}/man5/
%post
-# If installing, check if /var/lib is btrfs and set driver to "btrfs" if true
+# If installing, check if /var/lib/containers (or /var/lib in its defect) is btrfs and set driver
+# to "btrfs" if true
if [ $1 -eq 1 ] ; then
- if [ "`findmnt -o FSTYPE -l --target /var/lib|grep -v FSTYPE`" = "btrfs" ]; then
+ fstype=$((findmnt -o FSTYPE -l --target /var/lib/containers || findmnt -o FSTYPE -l --target /var/lib) | grep -v FSTYPE)
+ if [ "$fstype" = "btrfs" ]; then
sed -i 's/driver = ""/driver = "btrfs"/g' %{_sysconfdir}/containers/storage.conf
fi
fi
++++++ _service ++++++
--- /var/tmp/diff_new_pack.YrYt3s/_old 2019-09-30 15:50:37.358617995 +0200
+++ /var/tmp/diff_new_pack.YrYt3s/_new 2019-09-30 15:50:37.358617995 +0200
@@ -4,24 +4,24 @@
<param name="url">https://github.com/containers/storage.git</param>
<param name="scm">git</param>
<param name="filename">storage</param>
-<param name="versionformat">1.12.16</param>
-<param name="revision">v1.12.16</param>
+<param name="versionformat">1.13.2</param>
+<param name="revision">v1.13.2</param>
</service>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/containers/image.git</param>
<param name="scm">git</param>
<param name="filename">image</param>
-<param name="versionformat">3.0.0</param>
-<param name="revision">v3.0.0</param>
+<param name="versionformat">3.0.2</param>
+<param name="revision">v3.0.2</param>
</service>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/containers/libpod.git</param>
<param name="scm">git</param>
<param name="filename">libpod</param>
-<param name="versionformat">1.4.4</param>
-<param name="revision">v1.4.4</param>
+<param name="versionformat">1.5.1</param>
+<param name="revision">v1.5.1</param>
</service>
<service name="recompress" mode="disabled">
++++++ image-3.0.0.tar.xz -> image-3.0.2.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/image-3.0.0/ostree/ostree_src.go new/image-3.0.2/ostree/ostree_src.go
--- old/image-3.0.0/ostree/ostree_src.go 2019-08-02 11:13:02.000000000 +0200
+++ new/image-3.0.2/ostree/ostree_src.go 2019-08-08 00:54:04.000000000 +0200
@@ -59,9 +59,15 @@
return nil
}
-func (s *ostreeImageSource) getLayerSize(blob string) (int64, error) {
+func (s *ostreeImageSource) getBlobUncompressedSize(blob string, isCompressed bool) (int64, error) {
+ var metadataKey string
+ if isCompressed {
+ metadataKey = "docker.uncompressed_size"
+ } else {
+ metadataKey = "docker.size"
+ }
b := fmt.Sprintf("ociimage/%s", blob)
- found, data, err := readMetadata(s.repo, b, "docker.size")
+ found, data, err := readMetadata(s.repo, b, metadataKey)
if err != nil || !found {
return 0, err
}
@@ -275,8 +281,8 @@
}
}
- compressedBlob, found := s.compressed[info.Digest]
- if found {
+ compressedBlob, isCompressed := s.compressed[info.Digest]
+ if isCompressed {
blob = compressedBlob.Hex()
}
branch := fmt.Sprintf("ociimage/%s", blob)
@@ -289,7 +295,7 @@
s.repo = repo
}
- layerSize, err := s.getLayerSize(blob)
+ layerSize, err := s.getBlobUncompressedSize(blob, isCompressed)
if err != nil {
return nil, 0, err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/image-3.0.0/pkg/docker/config/config.go new/image-3.0.2/pkg/docker/config/config.go
--- old/image-3.0.0/pkg/docker/config/config.go 2019-08-02 11:13:02.000000000 +0200
+++ new/image-3.0.2/pkg/docker/config/config.go 2019-08-08 00:54:04.000000000 +0200
@@ -32,6 +32,8 @@
dockerHomePath = filepath.FromSlash(".docker/config.json")
dockerLegacyHomePath = ".dockercfg"
+ enableKeyring = false
+
// ErrNotLoggedIn is returned for users not logged into a registry
// that they are trying to logout of
ErrNotLoggedIn = errors.New("not logged in")
@@ -46,11 +48,11 @@
return false, setAuthToCredHelper(ch, registry, username, password)
}
- // Set the credentials to kernel keyring if sys.AuthFile is not specified.
+ // Set the credentials to kernel keyring if enableKeyring is true.
// The keyring might not work in all environments (e.g., missing capability) and isn't supported on all platforms.
// Hence, we want to fall-back to using the authfile in case the keyring failed.
- // However, if the sys.AuthFilePath is set, we want adhere to the user specification and not use the keyring.
- if sys.AuthFilePath == "" {
+ // However, if the enableKeyring is false, we want adhere to the user specification and not use the keyring.
+ if enableKeyring {
err := setAuthToKernelKeyring(registry, username, password)
if err == nil {
logrus.Debugf("credentials for (%s, %s) were stored in the kernel keyring\n", registry, username)
@@ -74,10 +76,12 @@
return sys.DockerAuthConfig.Username, sys.DockerAuthConfig.Password, nil
}
- username, password, err := getAuthFromKernelKeyring(registry)
- if err == nil {
- logrus.Debug("returning credentials from kernel keyring")
- return username, password, nil
+ if enableKeyring {
+ username, password, err := getAuthFromKernelKeyring(registry)
+ if err == nil {
+ logrus.Debug("returning credentials from kernel keyring")
+ return username, password, nil
+ }
}
dockerLegacyPath := filepath.Join(homedir.Get(), dockerLegacyHomePath)
@@ -117,13 +121,15 @@
return false, deleteAuthFromCredHelper(ch, registry)
}
- // Next try kernel keyring
- err := deleteAuthFromKernelKeyring(registry)
- if err == nil {
- logrus.Debugf("credentials for %s were deleted from the kernel keyring", registry)
- return false, nil
+ // Next if keyring is enabled try kernel keyring
+ if enableKeyring {
+ err := deleteAuthFromKernelKeyring(registry)
+ if err == nil {
+ logrus.Debugf("credentials for %s were deleted from the kernel keyring", registry)
+ return false, nil
+ }
+ logrus.Debugf("failed to delete credentials from the kernel keyring, falling back to authfiles")
}
- logrus.Debugf("failed to delete credentials from the kernel keyring, falling back to authfiles")
if _, ok := auths.AuthConfigs[registry]; ok {
delete(auths.AuthConfigs, registry)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/image-3.0.0/pkg/keyctl/key.go new/image-3.0.2/pkg/keyctl/key.go
--- old/image-3.0.0/pkg/keyctl/key.go 2019-08-02 11:13:02.000000000 +0200
+++ new/image-3.0.2/pkg/keyctl/key.go 2019-08-08 00:54:04.000000000 +0200
@@ -3,12 +3,11 @@
// license that can be found in the LICENSE file.
// +build linux
-// +build 386 amd64
package keyctl
import (
- "unsafe"
+ "golang.org/x/sys/unix"
)
// Key represents a single key linked to one or more kernel keyrings.
@@ -41,7 +40,7 @@
b = make([]byte, int(size))
sizeRead = size + 1
for sizeRead > size {
- r1, _, err := keyctl(keyctlRead, uintptr(k.id), uintptr(unsafe.Pointer(&b[0])), uintptr(size))
+ r1, err := unix.KeyctlBuffer(unix.KEYCTL_READ, int(k.id), b, size)
if err != nil {
return nil, err
}
@@ -60,6 +59,6 @@
// Unlink a key from the keyring it was loaded from (or added to). If the key
// is not linked to any other keyrings, it is destroyed.
func (k *Key) Unlink() error {
- _, _, err := keyctl(keyctlUnlink, uintptr(k.id), uintptr(k.ring))
+ _, err := unix.KeyctlInt(unix.KEYCTL_UNLINK, int(k.id), int(k.ring), 0, 0)
return err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/image-3.0.0/pkg/keyctl/keyring.go new/image-3.0.2/pkg/keyctl/keyring.go
--- old/image-3.0.0/pkg/keyctl/keyring.go 2019-08-02 11:13:02.000000000 +0200
+++ new/image-3.0.2/pkg/keyctl/keyring.go 2019-08-08 00:54:04.000000000 +0200
@@ -3,11 +3,17 @@
// license that can be found in the LICENSE file.
// +build linux
-// +build 386 amd64
// Package keyctl is a Go interface to linux kernel keyrings (keyctl interface)
+//
+// Deprecated: Most callers should use either golang.org/x/sys/unix directly,
+// or the original (and more extensive) github.com/jsipprell/keyctl .
package keyctl
+import (
+ "golang.org/x/sys/unix"
+)
+
// Keyring is the basic interface to a linux keyctl keyring.
type Keyring interface {
ID
@@ -26,7 +32,7 @@
// Add a new key to a keyring. The key can be searched for later by name.
func (kr *keyring) Add(name string, key []byte) (*Key, error) {
- r, err := addkey("user", name, key, int32(kr.id))
+ r, err := unix.AddKey("user", name, key, int(kr.id))
if err == nil {
key := &Key{Name: name, id: keyID(r), ring: kr.id}
return key, nil
@@ -38,9 +44,9 @@
// one. The key, if found, is linked to the top keyring that Search() was called
// from.
func (kr *keyring) Search(name string) (*Key, error) {
- id, err := searchKeyring(kr.id, name, "user")
+ id, err := unix.KeyctlSearch(int(kr.id), "user", name, 0)
if err == nil {
- return &Key{Name: name, id: id, ring: kr.id}, nil
+ return &Key{Name: name, id: keyID(id), ring: kr.id}, nil
}
return nil, err
}
@@ -52,22 +58,22 @@
// SessionKeyring returns the current login session keyring
func SessionKeyring() (Keyring, error) {
- return newKeyring(keySpecSessionKeyring)
+ return newKeyring(unix.KEY_SPEC_SESSION_KEYRING)
}
// UserKeyring returns the keyring specific to the current user.
func UserKeyring() (Keyring, error) {
- return newKeyring(keySpecUserKeyring)
+ return newKeyring(unix.KEY_SPEC_USER_KEYRING)
}
// Unlink an object from a keyring
func Unlink(parent Keyring, child ID) error {
- _, _, err := keyctl(keyctlUnlink, uintptr(child.ID()), uintptr(parent.ID()))
+ _, err := unix.KeyctlInt(unix.KEYCTL_UNLINK, int(child.ID()), int(parent.ID()), 0, 0)
return err
}
// Link a key into a keyring
func Link(parent Keyring, child ID) error {
- _, _, err := keyctl(keyctlLink, uintptr(child.ID()), uintptr(parent.ID()))
+ _, err := unix.KeyctlInt(unix.KEYCTL_LINK, int(child.ID()), int(parent.ID()), 0, 0)
return err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/image-3.0.0/pkg/keyctl/keyring_test.go new/image-3.0.2/pkg/keyctl/keyring_test.go
--- old/image-3.0.0/pkg/keyctl/keyring_test.go 2019-08-02 11:13:02.000000000 +0200
+++ new/image-3.0.2/pkg/keyctl/keyring_test.go 2019-08-08 00:54:04.000000000 +0200
@@ -1,5 +1,4 @@
// +build linux
-// +build 386 amd64
package keyctl
@@ -82,6 +81,9 @@
}
_, err = userKeyring.Search(testname)
+ if err == nil {
+ t.Fatalf("Expected error, but got key %v", testname)
+ }
ExpectedError := "required key not available"
if err.Error() != ExpectedError {
t.Fatal(err)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/image-3.0.0/pkg/keyctl/perm.go new/image-3.0.2/pkg/keyctl/perm.go
--- old/image-3.0.0/pkg/keyctl/perm.go 2019-08-02 11:13:02.000000000 +0200
+++ new/image-3.0.2/pkg/keyctl/perm.go 2019-08-08 00:54:04.000000000 +0200
@@ -6,6 +6,10 @@
package keyctl
+import (
+ "golang.org/x/sys/unix"
+)
+
// KeyPerm represents in-kernel access control permission to keys and keyrings
// as a 32-bit integer broken up into four permission sets, one per byte.
// In MSB order, the perms are: Processor, User, Group, Other.
@@ -24,6 +28,6 @@
// SetPerm sets the permissions on a key or keyring.
func SetPerm(k ID, p KeyPerm) error {
- _, _, err := keyctl(keyctlSetPerm, uintptr(k.ID()), uintptr(p))
+ err := unix.KeyctlSetperm(int(k.ID()), uint32(p))
return err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/image-3.0.0/pkg/keyctl/sys_linux.go new/image-3.0.2/pkg/keyctl/sys_linux.go
--- old/image-3.0.0/pkg/keyctl/sys_linux.go 2019-08-02 11:13:02.000000000 +0200
+++ new/image-3.0.2/pkg/keyctl/sys_linux.go 2019-08-08 00:54:04.000000000 +0200
@@ -3,119 +3,23 @@
// license that can be found in the LICENSE file.
// +build linux
-// +build 386 amd64
package keyctl
import (
- "syscall"
- "unsafe"
+ "golang.org/x/sys/unix"
)
-type keyctlCommand int
-
type keyID int32
-const (
- keySpecSessionKeyring keyID = -3
- keySpecUserKeyring keyID = -4
-)
-
-const (
- keyctlGetKeyringID keyctlCommand = 0
- keyctlSetPerm keyctlCommand = 5
- keyctlLink keyctlCommand = 8
- keyctlUnlink keyctlCommand = 9
- keyctlSearch keyctlCommand = 10
- keyctlRead keyctlCommand = 11
-)
-
-func (id keyID) ID() int32 {
- return int32(id)
-}
-
-func keyctl(cmd keyctlCommand, args ...uintptr) (r1 int32, r2 int32, err error) {
- a := make([]uintptr, 6)
- l := len(args)
- if l > 5 {
- l = 5
- }
- a[0] = uintptr(cmd)
- for idx, v := range args[:l] {
- a[idx+1] = v
- }
- v1, v2, errno := syscall.Syscall6(syscallKeyctl, a[0], a[1], a[2], a[3], a[4], a[5])
- if errno != 0 {
- err = errno
- return
- }
-
- r1 = int32(v1)
- r2 = int32(v2)
- return
-}
-
-func addkey(keyType, keyDesc string, payload []byte, id int32) (int32, error) {
- var (
- err error
- errno syscall.Errno
- b1, b2 *byte
- r1 uintptr
- pptr unsafe.Pointer
- )
-
- if b1, err = syscall.BytePtrFromString(keyType); err != nil {
- return 0, err
- }
-
- if b2, err = syscall.BytePtrFromString(keyDesc); err != nil {
- return 0, err
- }
-
- if len(payload) > 0 {
- pptr = unsafe.Pointer(&payload[0])
- }
- r1, _, errno = syscall.Syscall6(syscallAddKey,
- uintptr(unsafe.Pointer(b1)),
- uintptr(unsafe.Pointer(b2)),
- uintptr(pptr),
- uintptr(len(payload)),
- uintptr(id),
- 0)
-
- if errno != 0 {
- err = errno
- return 0, err
- }
- return int32(r1), nil
-}
-
func newKeyring(id keyID) (*keyring, error) {
- r1, _, err := keyctl(keyctlGetKeyringID, uintptr(id), uintptr(1))
+ r1, err := unix.KeyctlGetKeyringID(int(id), true)
if err != nil {
return nil, err
}
if id < 0 {
- r1 = int32(id)
+ r1 = int(id)
}
return &keyring{id: keyID(r1)}, nil
}
-
-func searchKeyring(id keyID, name, keyType string) (keyID, error) {
- var (
- r1 int32
- b1, b2 *byte
- err error
- )
-
- if b1, err = syscall.BytePtrFromString(keyType); err != nil {
- return 0, err
- }
- if b2, err = syscall.BytePtrFromString(name); err != nil {
- return 0, err
- }
-
- r1, _, err = keyctl(keyctlSearch, uintptr(id), uintptr(unsafe.Pointer(b1)), uintptr(unsafe.Pointer(b2)))
- return keyID(r1), err
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/image-3.0.0/pkg/keyctl/sys_linux_386.go new/image-3.0.2/pkg/keyctl/sys_linux_386.go
--- old/image-3.0.0/pkg/keyctl/sys_linux_386.go 2019-08-02 11:13:02.000000000 +0200
+++ new/image-3.0.2/pkg/keyctl/sys_linux_386.go 1970-01-01 01:00:00.000000000 +0100
@@ -1,12 +0,0 @@
-// Copyright 2015 Jesse Sipprell. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux
-
-package keyctl
-
-const (
- syscallKeyctl uintptr = 288
- syscallAddKey uintptr = 286
-)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/image-3.0.0/pkg/keyctl/sys_linux_amd64.go new/image-3.0.2/pkg/keyctl/sys_linux_amd64.go
--- old/image-3.0.0/pkg/keyctl/sys_linux_amd64.go 2019-08-02 11:13:02.000000000 +0200
+++ new/image-3.0.2/pkg/keyctl/sys_linux_amd64.go 1970-01-01 01:00:00.000000000 +0100
@@ -1,12 +0,0 @@
-// Copyright 2015 Jesse Sipprell. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux
-
-package keyctl
-
-const (
- syscallKeyctl uintptr = 250
- syscallAddKey uintptr = 248
-)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/image-3.0.0/version/version.go new/image-3.0.2/version/version.go
--- old/image-3.0.0/version/version.go 2019-08-02 11:13:02.000000000 +0200
+++ new/image-3.0.2/version/version.go 2019-08-08 00:54:04.000000000 +0200
@@ -8,7 +8,7 @@
// VersionMinor is for functionality in a backwards-compatible manner
VersionMinor = 0
// VersionPatch is for backwards-compatible bug fixes
- VersionPatch = 0
+ VersionPatch = 2
// VersionDev indicates development branch. Releases will be empty string.
VersionDev = ""
++++++ libpod-1.4.4.tar.xz -> libpod-1.5.1.tar.xz ++++++
++++ 114247 lines of diff (skipped)
++++++ storage-1.12.16.tar.xz -> storage-1.13.2.tar.xz ++++++
++++ 3113 lines of diff (skipped)