commit libcontainers-common for openSUSE:Factory

Source-Sync Wed, 07 Jun 2023 14:07:11 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libcontainers-common for 
openSUSE:Factory checked in at 2023-06-07 23:06:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcontainers-common (Old)
 and      /work/SRC/openSUSE:Factory/.libcontainers-common.new.15902 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libcontainers-common"

Wed Jun  7 23:06:25 2023 rev:61 rq:1091092 version:20230214

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/libcontainers-common/libcontainers-common.changes    
    2023-05-17 10:52:52.211263079 +0200
+++ 
/work/SRC/openSUSE:Factory/.libcontainers-common.new.15902/libcontainers-common.changes
     2023-06-07 23:06:55.287168959 +0200
@@ -1,0 +2,7 @@
+Mon Jun  5 12:04:33 UTC 2023 - Danish Prakash <danish.prak...@suse.com>
+
+- Enforce BCI verification via Podman on openSUSE distributions
+  using the already shipped container signing keys.
+  (bsc#1197030)
+
+-------------------------------------------------------------------

New:
----
  openSUSE-policy.json

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libcontainers-common.spec ++++++
--- /var/tmp/diff_new_pack.YEykOj/_old  2023-06-07 23:06:56.047173372 +0200
+++ /var/tmp/diff_new_pack.YEykOj/_new  2023-06-07 23:06:56.051173395 +0200
@@ -51,11 +51,13 @@
 Source9:        containers.conf
 Source10:       %{name}.rpmlintrc
 Source11:       
https://raw.githubusercontent.com/containers/shortnames/v%{shortnamesver}/shortnames.conf
+Source12:       openSUSE-policy.json
 BuildRequires:  go-go-md2man
 Requires(post): %{_bindir}/grep
 Requires(post): %{_bindir}/sed
 # add SLE-specific mounts for only SLES systems
 Requires:       (libcontainers-sles-mounts if sles-release)
+Requires:       libcontainers-policy >= %{version}
 Provides:       libcontainers-image = %{version}
 Provides:       libcontainers-storage = %{version}
 Obsoletes:      libcontainers-image < %{version}
@@ -72,6 +74,26 @@
 %description -n libcontainers-sles-mounts
 Updates /etc/containers/mounts.conf with default mounts for SLE distributions
 
+%package -n libcontainers-openSUSE-policy
+Summary:        Policy to enforce image verification for SLE BCI
+Provides:       libcontainers-policy = %{version}-%{release}
+
+RemovePathPostfixes: .openSUSE
+Conflicts:      libcontainers-default-policy
+
+%description -n libcontainers-openSUSE-policy
+This package ships a /etc/containers/policy.json which enforces image 
verification for SLE BCI.
+
+%package -n libcontainers-default-policy
+Summary:        Default containers policy.json
+Provides:       libcontainers-policy = %{version}-%{release}
+
+RemovePathPostfixes: .default
+Conflicts:      libcontainers-openSUSE-policy
+
+%description -n libcontainers-default-policy
+This package ships the default /etc/containers/policy.json
+
 %prep
 %setup -q -Tcq -b0 -b1 -b8
 # copy the LICENSE file in the build root
@@ -124,7 +146,8 @@
 install -d -m 0755 %{buildroot}/%{_sysconfdir}/containers/systemd
 install -d -m 0755 %{buildroot}/%{_datadir}/containers/systemd
 
-install -D -m 0644 %{SOURCE3} 
%{buildroot}/%{_sysconfdir}/containers/policy.json
+install -D -m 0644 %{SOURCE3} 
%{buildroot}/%{_sysconfdir}/containers/policy.json.default
+install -D -m 0644 %{SOURCE3} 
%{buildroot}/%{_sysconfdir}/containers/policy.json.openSUSE
 install -D -m 0644 %{SOURCE4} 
%{buildroot}/%{_sysconfdir}/containers/storage.conf
 install -D -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/containers/mounts.conf
 install -D -m 0644 %{SOURCE5} 
%{buildroot}/%{_sysconfdir}/containers/mounts.conf
@@ -146,6 +169,9 @@
 install -D -m 0644 common-%{commonver}/docs/containers-mounts.conf.5 
%{buildroot}/%{_mandir}/man5/
 install -D -m 0644 common-%{commonver}/docs/containers.conf.5 
%{buildroot}/%{_mandir}/man5/
 
+install -D -m 0644 %{SOURCE12} 
%{buildroot}/%{_sysconfdir}/containers/policy.json.openSUSE
+install -D -m 0644 %{SOURCE3} 
%{buildroot}/%{_sysconfdir}/containers/policy.json.default
+
 %post
 # Comment out ostree_repo if it's blank [boo#1189893]
 sed -i 's/ostree_repo = ""/\#ostree_repo = ""/g' 
%{_sysconfdir}/containers/storage.conf
@@ -162,7 +188,6 @@
 %dir %{_datadir}/containers/oci/hooks.d
 %dir %{_datadir}/containers/systemd
 
-%config(noreplace) %{_sysconfdir}/containers/policy.json
 %config(noreplace) %{_sysconfdir}/containers/storage.conf
 %config(noreplace) %{_sysconfdir}/containers/registries.conf
 %config(noreplace) %{_sysconfdir}/containers/seccomp.json
@@ -179,4 +204,10 @@
 %config(noreplace) %{_sysconfdir}/containers/mounts.conf
 %{_datadir}/containers/mounts.conf
 
+%files -n libcontainers-openSUSE-policy
+%config(noreplace) %{_sysconfdir}/containers/policy.json.openSUSE
+
+%files -n libcontainers-default-policy
+%config(noreplace) %{_sysconfdir}/containers/policy.json.default
+
 %changelog


++++++ openSUSE-policy.json ++++++
{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports": {
        "docker-daemon": {
            "": [{"type":"insecureAcceptAnything"}]
        },
        "docker": {
            "registry.suse.com/bci": [{
                "type": "sigstoreSigned",
                "keyPath": "/usr/share/pki/containers/suse-container-key.pem",
                "signedIdentity": {
                    "type": "matchRepository"
                }
            }]
        }
    }
}

commit libcontainers-common for openSUSE:Factory

Reply via email to