Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libcontainers-common for
openSUSE:Factory checked in at 2023-06-07 23:06:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcontainers-common (Old)
and /work/SRC/openSUSE:Factory/.libcontainers-common.new.15902 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcontainers-common"
Wed Jun 7 23:06:25 2023 rev:61 rq:1091092 version:20230214
Changes:
--------
---
/work/SRC/openSUSE:Factory/libcontainers-common/libcontainers-common.changes
2023-05-17 10:52:52.211263079 +0200
+++
/work/SRC/openSUSE:Factory/.libcontainers-common.new.15902/libcontainers-common.changes
2023-06-07 23:06:55.287168959 +0200
@@ -1,0 +2,7 @@
+Mon Jun 5 12:04:33 UTC 2023 - Danish Prakash <[email protected]>
+
+- Enforce BCI verification via Podman on openSUSE distributions
+ using the already shipped container signing keys.
+ (bsc#1197030)
+
+-------------------------------------------------------------------
New:
----
openSUSE-policy.json
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libcontainers-common.spec ++++++
--- /var/tmp/diff_new_pack.YEykOj/_old 2023-06-07 23:06:56.047173372 +0200
+++ /var/tmp/diff_new_pack.YEykOj/_new 2023-06-07 23:06:56.051173395 +0200
@@ -51,11 +51,13 @@
Source9: containers.conf
Source10: %{name}.rpmlintrc
Source11:
https://raw.githubusercontent.com/containers/shortnames/v%{shortnamesver}/shortnames.conf
+Source12: openSUSE-policy.json
BuildRequires: go-go-md2man
Requires(post): %{_bindir}/grep
Requires(post): %{_bindir}/sed
# add SLE-specific mounts for only SLES systems
Requires: (libcontainers-sles-mounts if sles-release)
+Requires: libcontainers-policy >= %{version}
Provides: libcontainers-image = %{version}
Provides: libcontainers-storage = %{version}
Obsoletes: libcontainers-image < %{version}
@@ -72,6 +74,26 @@
%description -n libcontainers-sles-mounts
Updates /etc/containers/mounts.conf with default mounts for SLE distributions
+%package -n libcontainers-openSUSE-policy
+Summary: Policy to enforce image verification for SLE BCI
+Provides: libcontainers-policy = %{version}-%{release}
+
+RemovePathPostfixes: .openSUSE
+Conflicts: libcontainers-default-policy
+
+%description -n libcontainers-openSUSE-policy
+This package ships a /etc/containers/policy.json which enforces image
verification for SLE BCI.
+
+%package -n libcontainers-default-policy
+Summary: Default containers policy.json
+Provides: libcontainers-policy = %{version}-%{release}
+
+RemovePathPostfixes: .default
+Conflicts: libcontainers-openSUSE-policy
+
+%description -n libcontainers-default-policy
+This package ships the default /etc/containers/policy.json
+
%prep
%setup -q -Tcq -b0 -b1 -b8
# copy the LICENSE file in the build root
@@ -124,7 +146,8 @@
install -d -m 0755 %{buildroot}/%{_sysconfdir}/containers/systemd
install -d -m 0755 %{buildroot}/%{_datadir}/containers/systemd
-install -D -m 0644 %{SOURCE3}
%{buildroot}/%{_sysconfdir}/containers/policy.json
+install -D -m 0644 %{SOURCE3}
%{buildroot}/%{_sysconfdir}/containers/policy.json.default
+install -D -m 0644 %{SOURCE3}
%{buildroot}/%{_sysconfdir}/containers/policy.json.openSUSE
install -D -m 0644 %{SOURCE4}
%{buildroot}/%{_sysconfdir}/containers/storage.conf
install -D -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/containers/mounts.conf
install -D -m 0644 %{SOURCE5}
%{buildroot}/%{_sysconfdir}/containers/mounts.conf
@@ -146,6 +169,9 @@
install -D -m 0644 common-%{commonver}/docs/containers-mounts.conf.5
%{buildroot}/%{_mandir}/man5/
install -D -m 0644 common-%{commonver}/docs/containers.conf.5
%{buildroot}/%{_mandir}/man5/
+install -D -m 0644 %{SOURCE12}
%{buildroot}/%{_sysconfdir}/containers/policy.json.openSUSE
+install -D -m 0644 %{SOURCE3}
%{buildroot}/%{_sysconfdir}/containers/policy.json.default
+
%post
# Comment out ostree_repo if it's blank [boo#1189893]
sed -i 's/ostree_repo = ""/\#ostree_repo = ""/g'
%{_sysconfdir}/containers/storage.conf
@@ -162,7 +188,6 @@
%dir %{_datadir}/containers/oci/hooks.d
%dir %{_datadir}/containers/systemd
-%config(noreplace) %{_sysconfdir}/containers/policy.json
%config(noreplace) %{_sysconfdir}/containers/storage.conf
%config(noreplace) %{_sysconfdir}/containers/registries.conf
%config(noreplace) %{_sysconfdir}/containers/seccomp.json
@@ -179,4 +204,10 @@
%config(noreplace) %{_sysconfdir}/containers/mounts.conf
%{_datadir}/containers/mounts.conf
+%files -n libcontainers-openSUSE-policy
+%config(noreplace) %{_sysconfdir}/containers/policy.json.openSUSE
+
+%files -n libcontainers-default-policy
+%config(noreplace) %{_sysconfdir}/containers/policy.json.default
+
%changelog
++++++ openSUSE-policy.json ++++++
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports": {
"docker-daemon": {
"": [{"type":"insecureAcceptAnything"}]
},
"docker": {
"registry.suse.com/bci": [{
"type": "sigstoreSigned",
"keyPath": "/usr/share/pki/containers/suse-container-key.pem",
"signedIdentity": {
"type": "matchRepository"
}
}]
}
}
}
