Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2025-06-06 22:44:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.19631 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apptainer" Fri Jun 6 22:44:23 2025 rev:35 rq:1283596 version:1.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2025-03-21 20:22:19.650523416 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.19631/apptainer.changes 2025-06-06 22:45:00.829670023 +0200 @@ -1,0 +2,128 @@ +Mon Jun 2 10:13:00 UTC 2025 - Christian Goll <cg...@suse.com> +- Update to 1.4.1 + * Fix the use of libsubid which had been broken by the revision + applied in 1.4.0-rc.2. + * Fix a bug introduced in 1.4.0 that caused arm64 to be + mis-converted to arm64v8 and resulted in a failure when pulling + OCI containers. + * Fix user database lookup in master process preventing instance + from starting correctly on systems using winbind. + * Check for existence of `/run/systemd/system` when verifying + cgroups can be used via systemd manager. + * Add a clear error message if someone tries to use privileged + network options while not using setuid mode. + * Allow multi-arch oci-archive files that have a nested index + with the manifest. This is the default format (both for Docker + and OCI) when using `nerdctl save`. + * Test if docker-archive is actually an oci-archive (since Docker + version 25), and if it is oci then use the OCI parser to avoid + bugs in the Docker parser. Save the daemon-daemon references + to a temporary docker-archive, to benefit from the same + improvements also for those references. Parse as oci-archive. +- New Features & Functionality in from ineherited 1.4.0 + * Add new build option `--mksquashfs-args` to pass additional + arguments to the `mksquashfs` command when building SIF files. + If a compression method other than gzip is selected, the SIF + file might not work with older installations of Apptainer + or Singularity, so an INFO message about that is printed. On + the other hand, an INFO message that was printed (twice) when + running an image with non-gzip compression has been removed. + * If the `mksquashfs` version is new enough (version 4.6 in + Leaep 16.0), then show a percentage progress bar (with ETA) + during SIF creation in the default log level. If the `mksquashfs` + version is older, then in verbose or debug log level show the + output of mksquashfs with its own progress bar. + * Statistics are now normally available for instances that are + started by non-root users on cgroups v2 systems. The instance + will be started in the current cgroup. Information about + configuration issues that prevent collection of statistics are + displayed as INFO messages by default. + * Add a `--sandbox` option to `apptainer pull`. + * Add configuration file binding to the `--nv` option. Files + that are recognized in the NVIDIA Container Toolkit, including + files for EGL ICD, were added to the default `nvliblist.conf`. + * It is now possible to use multiple environment variable files + using the `--env-file` flag. Files can be specified as a + comma-separated list or by using the flag multiple times. + Variables defined in later files take precedence over earlier + files. + * The registry login and registry logout commands now support a + `--authfile <path>` option, which causes OCI credentials to be + written to / removed from a custom file located at `<path>` + instead of the default location (`$HOME/.apptainer/docker-config.json`). + The commands `pull`, `push`, `run`, `exec`, `shell` and + instance start can now also be passed a `--authfile <path>` + option, to read OCI registry credentials from this custom file. + * A new `--netns-path` option takes a path to a network + namespace to join when starting a container. The root user + may join any network namespace. An unprivileged user can only + join a network namespace specified in the new `allow netns + paths` directive in `apptainer.conf`, if they are also listed + in `allow net users` / `allow net groups` and apptainer is + installed with setuid privileges. Not supported with + `--fakeroot`. + * `apptainer.conf` now accepts setting the following options: + `allow ipc ns` -- Default value is `yes`; when set to `no`, + it will disable the use of the `--ipc` flag. + `allow uts ns` -- Default value is `yes`; when set to `no`, + it will invalidate the use of the `--uts` and `--hostname` + flags. + `allow user ns` -- Default value is `yes`; when set to + `no`, it will disable creation of user namespaces. Note + that this will prevent execution of containers with the + `--userns` or `--fakeroot` flags and with unprivileged + installations of Apptainer. +- Changed defaults / behaviours + * Label the starter process seen in `ps` with the image filename, + for example: Apptainer runtime parent: `example.sif`. + * Remove runtime and compute libraries from `rocmliblist.conf`. + They should instead be provided by the container image. + * Allow overriding the build architecture with `--arch` and + `--arch-variant`, to build images for another architecture + than the current host arch. This requires that the host has + been set up to support multiple architectures (`binfmt_misc`). + * Complete the previously partial support for the riscv64 + architecture. + * Show a warning message if changing directory to the cwd + fails, instead of silently switching to the home directory + or `/`. + * Write starter messages to stderr when an instance fails to + start. Previously they were incorrectly written to stdout. + * Skip attempting to bind inaccessible mount points when + handling the `mount hostfs = yes` configuration option. + * Fix storage of credentials for `docker.io` to behave the same + as for `index.docker.io`. + * Change message log level from warning to debug when environment + variables set inside a container or by `APPTAINERENV` have a + different value than the environment variable on the host. + * Change the default message level from silent to the normal + level in the nested apptainer that executes a build's `%post` + section, and suppress an unnecessary warning message. + * Ignore invalid environment variables when pulling oci/docker + containers. + * Remove the little-known `fakerootcallback` functionality. + * Update the default pacman confURL for `Bootstrap: arch` + container builds. + * Update the bundled fuse programs to their latest releases. +- Bug fixes + * Fix the `mconfig -s` option to build the apptainer and starter + binaries statically as documented. + * `%files from` in a definition file will now correctly copy + symlinks that `%point` to a target above the destination + directory but inside the `%destination` stage root filesystem. + * Fixed typo in `nvliblist.conf` (`libnvoptix.so.1` -> `libnvoptix.so`). + * Avoid timeouts when cleaning up from building gocryptfs-encrypted + SIF files. + * Fix bug that prevented build with `--passphrase` or + `--pem-path` but without `--encrypt` from implying fakeroot. + * Fix hang when copying files between build stages while using + suid mode without user namespaces. + * Fix running and building containers of different architectures + than the host via binfmt_misc when using rootless fakeroot. + * Fix `target: no such file or directory` error when extracting + layers from certain OCI images that manipulate hard links + across layers. + * Fix the crash that happened when executing a privilege-encrypted + container as root. + +------------------------------------------------------------------- Old: ---- apptainer-1.3.6.tar.gz New: ---- apptainer-1.4.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apptainer.spec ++++++ --- /var/tmp/diff_new_pack.MJMfmL/_old 2025-06-06 22:45:02.633744788 +0200 +++ /var/tmp/diff_new_pack.MJMfmL/_new 2025-06-06 22:45:02.637744954 +0200 @@ -25,7 +25,7 @@ License: BSD-3-Clause-LBNL AND OpenSSL Group: Productivity/Clustering/Computing Name: apptainer -Version: 1.3.6 +Version: 1.4.1 Release: 0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL: https://apptainer.org @@ -33,8 +33,7 @@ Conflicts: singularity Conflicts: singularity-ce Conflicts: singularity-runtime -#Source0: https://github.com/apptainer/apptainer/archive/v%{version}%{?vers_suffix}/apptainer-%{version}%{?vers_suffix}.tar.gz -Source0: apptainer-%{version}%{?vers_suffix}.tar.gz +Source0: https://github.com/apptainer/apptainer/archive/v%{version}%{?vers_suffix}/apptainer-%{version}%{?vers_suffix}.tar.gz Source1: README.SUSE Source2: SUSE.def Source3: SLE-15SP5.def @@ -114,13 +113,8 @@ based on the latest openSUSE Leap release. %prep -%setup -q -n %{name}-%{version}%{?vers_suffix} -%autopatch -p1 +%autosetup -n %{name}-%{version}%{?vers_suffix} -a21 cp %{S:1} . -# For reproducible builds derive the GNU build ID from the Go one. -# See discussion in https://github.com/apptainer/apptainer/issues/1623 -# as well as https://pkg.go.dev/cmd/link -sed -i -e "s/\(GO_LDFLAGS += -ldflags=\"\).*\(\"\)/\1-B gobuildid\2/" mlocal/frags/go_normal_opts.mk %build @@ -128,7 +122,6 @@ echo %version > VERSION # Not all of these parameters currently have an effect, but they might be # used someday. They are the same parameters as in the configure macro. -tar xzf %{S:21} ./mconfig -V %{version}-%{release} \ -P release \ --prefix=%{_prefix} \ ++++++ apptainer-1.3.6.tar.gz -> apptainer-1.4.1.tar.gz ++++++ ++++ 39397 lines of diff (skipped) ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/apptainer/vendor.tar.gz /work/SRC/openSUSE:Factory/.apptainer.new.19631/vendor.tar.gz differ: char 5, line 1
