Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package umoci for openSUSE:Factory checked in at 2025-09-08 09:56:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/umoci (Old) and /work/SRC/openSUSE:Factory/.umoci.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "umoci" Mon Sep 8 09:56:30 2025 rev:22 rq:1303107 version:0.5.1 Changes: -------- --- /work/SRC/openSUSE:Factory/umoci/umoci.changes 2025-05-26 18:31:59.094472727 +0200 +++ /work/SRC/openSUSE:Factory/.umoci.new.1977/umoci.changes 2025-09-08 09:56:45.820496573 +0200 @@ -1,0 +2,33 @@ +Mon Sep 8 02:26:12 UTC 2025 - Aleksa Sarai <[email protected]> + +- Add smoke-test for "umoci --version" in %check. + +------------------------------------------------------------------- +Sat Sep 6 18:01:57 UTC 2025 - Aleksa Sarai <[email protected]> + +- Add %check section to run "go test". +- Add backport of <https://github.com/opencontainers/umoci/pull/617> to let "go + test" run in OBS (where /etc/resolv.conf doesn't exist). + + 0001-oci-config-gracefully-fallback-if-etc-resolv.conf-do.patch + +------------------------------------------------------------------- +Sat Sep 6 17:20:18 UTC 2025 - Aleksa Sarai <[email protected]> + +- Update to umoci v0.5.1. Upstream changelog is available from + <https://github.com/opencontainers/umoci/releases/tag/v0.5.1> + + * For images with an empty index.json, umoci will no longer incorrectly set + the manifests entry to null. + * umoci will now produce an error for images with negative-sized descriptors, + based on recent discussions in the upstream image-spec. + * Use go:embed to fill umoci --version information from VERSION. + * Stop using oci-image-tools for integration tests, instead use some smoke + tests and the docker-library-maintained meta-scripts. + + This release is dedicated to our cat Yuki who sadly passed away on Friday. + Most of the code I've written in the past four years was written with him + purring away on my chest, and he was the most loving cat I've ever met. Rest + in peace, little buddy. I hope you enjoyed your time with us, and I'll always + keep you in my heart. + +------------------------------------------------------------------- Old: ---- umoci-0.5.0.tar.xz umoci-0.5.0.tar.xz.asc New: ---- 0001-oci-config-gracefully-fallback-if-etc-resolv.conf-do.patch umoci-0.5.1.tar.xz umoci-0.5.1.tar.xz.asc ----------(New B)---------- New: test" run in OBS (where /etc/resolv.conf doesn't exist). + 0001-oci-config-gracefully-fallback-if-etc-resolv.conf-do.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ umoci.spec ++++++ --- /var/tmp/diff_new_pack.d1l4pC/_old 2025-09-08 09:56:46.348518520 +0200 +++ /var/tmp/diff_new_pack.d1l4pC/_new 2025-09-08 09:56:46.348518520 +0200 @@ -1,7 +1,7 @@ # # spec file for package umoci # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ %define project github.com/opencontainers/umoci Name: umoci -Version: 0.5.0 +Version: 0.5.1 Release: 0 Summary: Open Container Image manipulation tool License: Apache-2.0 @@ -29,6 +29,8 @@ Source0: https://github.com/opencontainers/umoci/releases/download/v%{version}/umoci.tar.xz#/%{name}-%{version}.tar.xz Source1: https://github.com/opencontainers/umoci/releases/download/v%{version}/umoci.tar.xz.asc#/%{name}-%{version}.tar.xz.asc Source2: https://umo.ci/%{name}.keyring +# UPSTREAM-FIX: <https://github.com/opencontainers/umoci/pull/617> +Patch1: https://github.com/opencontainers/umoci/commit/44f6ab82ea71aefaf979d0e0d0626f2f2685f80b.patch#/0001-oci-config-gracefully-fallback-if-etc-resolv.conf-do.patch BuildRequires: fdupes BuildRequires: go >= 1.23 BuildRequires: go-go-md2man @@ -41,15 +43,11 @@ %prep %setup -q +%autopatch -p1 %build -export VERSION="$(cat ./VERSION)" -if [ "$VERSION" != "%{version}" ]; then - # Append "_suse" if the version is not an upstream one. - VERSION="%{version}_suse" -fi # Build umoci and docs. -make VERSION="$VERSION" umoci docs +make umoci docs # Make sure that our keyring copy is identical to upstream. our_keyring=$(sha256sum <"%{SOURCE2}") @@ -71,6 +69,14 @@ %fdupes %{buildroot} +%check +# make sure umoci --version is useful +tmpfile="$(mktemp --tmpdir umoci-version.XXXXXX)" +./umoci --version | tee "$tmpfile" +grep -q '^umoci version %{version}$' "$tmpfile" +# unit tests +go test -timeout 3m -v ./... + %files %defattr(-,root,root) %doc README.md CHANGELOG.md doc/* ++++++ 0001-oci-config-gracefully-fallback-if-etc-resolv.conf-do.patch ++++++ >From 44f6ab82ea71aefaf979d0e0d0626f2f2685f80b Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <[email protected]> Date: Sun, 7 Sep 2025 03:37:28 +1000 Subject: [PATCH] oci: config: gracefully fallback if /etc/resolv.conf doesn't exist When adding a %check section to umoci.spec, I noticed that the rootless configuration generation would fail if /etc/resolv.conf doesn't exist. There's no need to be so drastic in this case. Signed-off-by: Aleksa Sarai <[email protected]> --- oci/config/convert/default.go | 41 +++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/oci/config/convert/default.go b/oci/config/convert/default.go index e0c5856f..cebdbd72 100644 --- a/oci/config/convert/default.go +++ b/oci/config/convert/default.go @@ -22,8 +22,10 @@ import ( "fmt" "strings" + "github.com/apex/log" "github.com/blang/semver/v4" rspec "github.com/opencontainers/runtime-spec/specs-go" + "golang.org/x/sys/unix" ) // FIXME: We currently use an unreleased version of the runtime-spec and so we @@ -240,23 +242,30 @@ func ToRootless(spec *rspec.Spec) error { }) // Add /etc/resolv.conf as an rbind. const resolvConf = "/etc/resolv.conf" - // If we are using user namespaces, then we must make sure that we don't - // drop any of the CL_UNPRIVILEGED "locked" flags of the source "mount" - // when we bind-mount. The reason for this is that at the point when runc - // sets up the root filesystem, it is already inside a user namespace, and - // thus cannot change any flags that are locked. - unprivOpts, err := getUnprivilegedMountFlags(resolvConf) - if err != nil { - return fmt.Errorf("inspecting mount flags of %s: %w", resolvConf, err) + if err := unix.Access(resolvConf, unix.F_OK); err != nil { + // If /etc/resolv.conf doesn't exist (such as inside OBS), just log a + // warning and continue on. In the worst case, you'll just end up with + // a non-networked container. + log.Warnf("rootless configuration: automatic bind-mount for %q cannot be added as the source doesn't exist", resolvConf) + } else { + // If we are using user namespaces, then we must make sure that we don't + // drop any of the CL_UNPRIVILEGED "locked" flags of the source "mount" + // when we bind-mount. The reason for this is that at the point when runc + // sets up the root filesystem, it is already inside a user namespace, and + // thus cannot change any flags that are locked. + unprivOpts, err := getUnprivilegedMountFlags(resolvConf) + if err != nil { + return fmt.Errorf("inspecting mount flags of %s: %w", resolvConf, err) + } + mounts = append(mounts, rspec.Mount{ + // NOTE: "type: bind" is silly here, see opencontainers/runc#2035. + Type: "bind", + Destination: resolvConf, + Source: resolvConf, + Options: append(unprivOpts, []string{"rbind", "ro"}...), + }) + spec.Mounts = mounts } - mounts = append(mounts, rspec.Mount{ - // NOTE: "type: bind" is silly here, see opencontainers/runc#2035. - Type: "bind", - Destination: resolvConf, - Source: resolvConf, - Options: append(unprivOpts, []string{"rbind", "ro"}...), - }) - spec.Mounts = mounts // Remove cgroup settings. spec.Linux.Resources = nil ++++++ umoci-0.5.0.tar.xz -> umoci-0.5.1.tar.xz ++++++ ++++ 12011 lines of diff (skipped)
