commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2020-10-20 16:17:55 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.3486 (New) Package is "singularity" Tue Oct 20 16:17:55 2020 rev:21 rq:842715 version:3.6.4 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2020-09-21 17:31:09.768357685 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.3486/singularity.changes 2020-10-20 16:24:23.478407021 +0200 @@ -1,0 +2,11 @@ +Tue Oct 20 07:56:37 UTC 2020 - Ana Guerrero Lopez + +- New version 3.6.4 addresses a security issue: + - CVE-2020-15229, bsc#1177901 + Due to insecure handling of path traversal and the lack of path + sanitization within unsquashfs, it is possible to overwrite/create + files on the host filesystem during the extraction of a crafted + squashfs filesystem. Affects unprivileged execution of SIF/SquashFS + images, and image builds from SIF/SquashFS images. + +--- Old: singularity-3.6.3.tar.gz New: singularity-3.6.4.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.r8Hxhn/_old 2020-10-20 16:24:25.238407855 +0200 +++ /var/tmp/diff_new_pack.r8Hxhn/_new 2020-10-20 16:24:25.238407855 +0200 @@ -23,7 +23,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.6.3 +Version:3.6.4 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://github.com/hpcng/singularity ++ singularity-3.6.3.tar.gz -> singularity-3.6.4.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/singularity/CHANGELOG.md new/singularity/CHANGELOG.md --- old/singularity/CHANGELOG.md2020-09-15 16:05:03.0 +0200 +++ new/singularity/CHANGELOG.md2020-10-13 16:36:52.0 +0200 @@ -9,6 +9,27 @@ _The old changelog can be found in the `release-2.6` branch_ +# v3.6.4 - [2020-10-13] + +## Security related fixes + +Singularity 3.6.4 addresses the following security issue. + + - [CVE-2020-15229](https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9): +Due to insecure handling of path traversal and the lack of path +sanitization within unsquashfs (a distribution provided utility +used by Singularity), it is possible to overwrite/create files on +the host filesystem during the extraction of a crafted squashfs +filesystem. Affects unprivileged execution of SIF / SquashFS +images, and image builds from SIF / SquashFS images. + +## Bug Fixes + + - Update scs-library-client to support `library://` backends using an +3rd party S3 object store that does not strictly conform to v4 +signature spec. + + # v3.6.3 - [2020-09-15] ## Security related fixes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/singularity/INSTALL.md new/singularity/INSTALL.md --- old/singularity/INSTALL.md 2020-09-15 16:05:03.0 +0200 +++ new/singularity/INSTALL.md 2020-10-13 16:36:52.0 +0200 @@ -89,7 +89,7 @@ To build a stable version of Singularity, check out a [release tag](https://github.com/sylabs/singularity/tags) before compiling: ``` -$ git checkout v3.6.3 +$ git checkout v3.6.4 ``` ## Compiling Singularity @@ -132,7 +132,7 @@ and use it to install the RPM like this: ``` -$ export VERSION=3.6.3 # this is the singularity version, change as you need +$ export VERSION=3.6.4 # this is the singularity version, change as you need $ wget https://github.com/sylabs/singularity/releases/download/v${VERSION}/singularity-${VERSION}.tar.gz && \ rpmbuild -tb singularity-${VERSION}.tar.gz && \ @@ -148,7 +148,7 @@ $ cd $GOPATH/src/github.com/sylabs/singularity && \ ./mconfig && \ make -C builddir rpm && \ - sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/singularity-3.6.2*.x86_64.rpm # or whatever version you built + sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/singularity-3.6.4*.x86_64.rpm # or whatever version you built ``` To build an rpm with an alternative install prefix set RPMPREFIX on the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/singularity/VERSION new/singularity/VERSION --- old/singularity/VERSION 2020-09-15 16:11:54.0 +0200 +++ new/singularity/VERSION 2020-10-13 16:39:02.0 +0200 @@ -1 +1 @@ -3.6.3 +3.6.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/singularity/go.mod
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2020-09-21 17:26:50 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.4249 (New) Package is "singularity" Mon Sep 21 17:26:50 2020 rev:20 rq:835372 version:3.6.3 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2020-09-15 16:28:28.322607236 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.4249/singularity.changes 2020-09-21 17:31:09.768357685 +0200 @@ -1,0 +2,22 @@ +Fri Sep 18 07:29:10 UTC 2020 - Ana Guerrero Lopez + +- New version 3.6.3, addresses the following security issues: + - CVE-2020-25039, bsc#1176705 + When a Singularity action command (run, shell, exec) is run with + the fakeroot or user namespace option, Singularity will extract + a container image to a temporary sandbox directory. + Due to insecure permissions on the temporary directory it is possible + for any user with access to the system to read the contents of the image. + Additionally, if the image contains a world-writable file or directory, + it is possible for a user to inject arbitrary content into the running + container. + - CVE-2020-25040, bsc#1176707 + When a Singularity command that results in a container + build operation is executed, it is possible for a user with access + to the system to read the contents of the image during the build. + Additionally, if the image contains a world-writable file or directory, + it is possible for a user to inject arbitrary content into the running + build, which in certain circumstances may enable arbitrary code execution + during the build and/or when the built container is run. + +--- Old: singularity-3.6.2.tar.gz New: singularity-3.6.3.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.EhsKrW/_old 2020-09-21 17:31:15.168362782 +0200 +++ /var/tmp/diff_new_pack.EhsKrW/_new 2020-09-21 17:31:15.172362785 +0200 @@ -23,7 +23,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.6.2 +Version:3.6.3 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://github.com/hpcng/singularity ++ singularity-3.6.2.tar.gz -> singularity-3.6.3.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/singularity/CHANGELOG.md new/singularity/CHANGELOG.md --- old/singularity/CHANGELOG.md2020-08-25 20:50:09.0 +0200 +++ new/singularity/CHANGELOG.md2020-09-15 16:05:03.0 +0200 @@ -9,6 +9,43 @@ _The old changelog can be found in the `release-2.6` branch_ +# v3.6.3 - [2020-09-15] + +## Security related fixes + +Singularity 3.6.3 addresses the following security issues. + + - [CVE-2020-25039](https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7): +When a Singularity action command (run, shell, exec) is run with +the fakeroot or user namespace option, Singularity will extract a +container image to a temporary sandbox directory. Due to insecure +permissions on the temporary directory it is possible for any user +with access to the system to read the contents of the +image. Additionally, if the image contains a world-writable file +or directory, it is possible for a user to inject arbitrary +content into the running container. + + - [CVE-2020-25040](https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762): +When a Singularity command that results in a container build +operation is executed, it is possible for a user with access to +the system to read the contents of the image during the +build. Additionally, if the image contains a world-writable file +or directory, it is possible for a user to inject arbitrary +content into the running build, which in certain circumstances may +enable arbitrary code execution during the build and/or when the +built container is run. + +## Bug Fixes + + - Add CAP_MKNOD in capability bounding set of RPC to fix issue with +cryptsetup when decrypting image from within a docker container. + - Fix decryption issue when using both IPC and PID namespaces. + - Fix unsupported builtins panic from shell interpreter and add umask +support for definition file scripts. + - Do not load keyring in prepare_linux if ECL not enabled. + - Ensure sandbox option overrides remote build destination. + + # v3.6.2 - [2020-08-25] ## New features / functionalities diff -urN
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2020-09-15 16:28:16 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.4249 (New) Package is "singularity" Tue Sep 15 16:28:16 2020 rev:19 rq:834272 version:3.6.2 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2020-07-16 12:18:50.722988537 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.4249/singularity.changes 2020-09-15 16:28:28.322607236 +0200 @@ -1,0 +2,32 @@ +Mon Sep 14 08:26:12 UTC 2020 - Ana Guerrero Lopez + +- New version 3.6.2, new features / functionalities: + -Add --force option to singularity delete for non-interactive + workflows. + -Support compilation with FORTIFY_SOURCE=2 and build in pie mode + with fstack-protector enabled + - Changed defaults / behaviours + -Default to current architecture for singularity delete. + - Bug Fixes + -Respect current remote for singularity delete command. + -Allow rw as a (noop) bind option. + -Fix capability handling regression in overlay mount. + -Fix LD_LIBRARY_PATH environment override regression with --nv/--rocm. + -Fix environment variable duplication within singularity engine. + -Use -user-xattrs for unsquashfs to avoid error with rootless +extraction using unsquashfs 3.4 + -Correct --no-home message for 3.6 CWD behavior. + -Don't fail if parent of cache dir not accessible. + -Fix tests for Go 1.15 Ctty handling. + -Fix additional issues with test images on ARM64. + -Fix FUSE e2e tests to use container ssh_config. + -Provide advisory message r.e. need for upper and work to exist +in overlay images. + -Use squashfs mem and processor limits in squashfs gzip check. + -Ensure build destination path is not an empty string - do not +overwrite CWD. + -Don't unset PATH when interpreting legacy /environment files. +- Remove patch, this change is now in upstream: + * build-position-independent-binaries.patch + +--- Old: build-position-independent-binaries.patch singularity-3.6.0.tar.gz New: singularity-3.6.2.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.iAezCy/_old 2020-09-15 16:28:28.994607879 +0200 +++ /var/tmp/diff_new_pack.iAezCy/_new 2020-09-15 16:28:28.998607883 +0200 @@ -23,14 +23,13 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.6.0 +Version:3.6.2 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://github.com/hpcng/singularity Source0: https://github.com/hpcng/singularity/releases/download/v%{version}/singularity-%{version}.tar.gz Source1:README.SUSE Source5:%{name}-rpmlintrc -Patch0: build-position-independent-binaries.patch Patch1: useful_error_message.patch BuildRequires: cryptsetup BuildRequires: fdupes @@ -58,7 +57,6 @@ %prep %setup -q -n gopath/%{singgopath} -c -%patch0 -p 4 %patch1 -p 4 cp %{S:1} . ++ singularity-3.6.0.tar.gz -> singularity-3.6.2.tar.gz ++ 4860 lines of diff (skipped)
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2020-07-16 12:17:08 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.3592 (New) Package is "singularity" Thu Jul 16 12:17:08 2020 rev:18 rq:821083 version:3.6.0 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2020-02-19 12:42:48.907887397 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new.3592/singularity.changes 2020-07-16 12:18:50.722988537 +0200 @@ -1,0 +2,85 @@ +Wed Jul 15 07:29:39 UTC 2020 - Ana Guerrero Lopez + +- New version 3.6.0. This version introduces a new signature format +for SIF images, and changes to the signing / verification code to address +the following security problems: + - CVE-2020-13845, bsc#1174150 + In Singularity 3.x versions below 3.6.0, issues allow the ECL to + be bypassed by a malicious user. + - CVE-2020-13846, bsc#1174148 + In Singularity 3.5 the --all / -a option to singularity verify + returns success even when some objects in a SIF container are not signed, + or cannot be verified. + - CVE-2020-13847, bsc#1174152 + In Singularity 3.x versions below 3.6.0, Singularity's sign and verify + commands do not sign metadata found in the global header or data object + descriptors of a SIF file, allowing an attacker to cause unexpected + behavior. A signed container may verify successfully, even when it has + been modified in ways that could be exploited to cause malicious behavior. +- New features / functionalities + - A new '--legacy-insecure' flag to verify allows verification of SIF + signatures in the old, insecure format. + - A new '-l / --logs' flag for instance list that shows the paths + to instance STDERR / STDOUT log files. + - The --json output of instance list now include paths to + STDERR / STDOUT log files. +- Changed defaults / behaviours + - New signature format (see security fixes above). + - Fixed spacing of singularity instance list to be dynamically changing + based off of input lengths instead of fixed number of spaces to account + for long instance names. +- Deprecate -a / --all option to sign/verify as new signature behavior + makes this the default. +- For more information about upstream changes, please check: + https://github.com/hpcng/singularity/blob/master/CHANGELOG.md + +--- +Mon May 25 12:41:38 UTC 2020 - Ana Guerrero Lopez + +- New pre-version 3.6.0 rc5 with many changes: +- New features / functionalities + - Singularity now supports the execution of minimal Docker/OCI + containers that do not contain /bin/sh, e.g. docker://hello-world. + - A new cache structure is used that is concurrency safe on a filesystem that + supports atomic rename. If you downgrade to Singularity 3.5 or older after + using 3.6 you will need to run singularity cache clean. + - A plugin system rework adds new hook points that will allow the + development of plugins that modify behavior of the runtime. An image driver + concept is introduced for plugins to support new ways of handling image and + overlay mounts. Plugins built for <=3.5 are not compatible with 3.6. + - The --bind flag can now bind directories from a SIF or ext3 image into a + container. + - The --fusemount feature to mount filesystems to a container via FUSE + drivers is now a supported feature (previously an experimental hidden flag). + - This permits users to mount e.g. sshfs and cvmfs filesystems to the + container at runtime. + - A new -c/--config flag allows an alternative singularity.conf to be + specified by the root user, or all users in an unprivileged installation. + - A new --env flag allows container environment variables to be set via the + Singularity command line. + - A new --env-file flag allows container environment variables to be set from + a specified file. + - A new --days flag for cache clean allows removal of items older than a + specified number of days. Replaces the --name flag which is not generally + useful as the cache entries are stored by hash, not a friendly name. +- Changed defaults / behaviours + - Environment variables prefixed with SINGULARITYENV_ always take + precedence over variables without SINGULARITYENV_ prefix. + - The %post build section inherits environment variables from the base image. + - %files from ... will now follow symlinks for sources that are directly + specified, or directly resolved from a glob pattern. It will not follow + symlinks found through directory traversal. This mirrors Docker multi-stage + COPY behaviour. + - Restored the CWD mount behaviour of v2, implying that CWD path is not recreated + inside container and any symlinks in the CWD path are not resolved
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2020-02-19 12:42:40 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.26092 (New) Package is "singularity" Wed Feb 19 12:42:40 2020 rev:17 rq:776224 version:3.5.3 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-12-21 12:30:30.903338518 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new.26092/singularity.changes 2020-02-19 12:42:48.907887397 +0100 @@ -1,0 +2,12 @@ +Wed Feb 19 07:36:23 UTC 2020 - Ana Guerrero Lopez + +- New version 3.5.3. Main changes: + * Container action scripts are no longer bound in from `etc/actions.d` on the +host. They are created dynamically and inserted at container startup. + * `%files from ...` will no longer follow symlinks when copying between +stages in a multi stage build, as symlinks should be copied so that they +resolve identically in later stages. Copying `%files` from the host will +still maintain previous behavior of following links. + * Many bug fixes, please read CHANGELOG.md + +--- Old: singularity-3.5.2.tar.gz New: singularity-3.5.3.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.Qmz6Hl/_old 2020-02-19 12:42:50.843891125 +0100 +++ /var/tmp/diff_new_pack.Qmz6Hl/_new 2020-02-19 12:42:50.843891125 +0100 @@ -1,7 +1,7 @@ # # spec file for package singularity # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.5.2 +Version:3.5.3 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://www.sylabs.io/singularity/ @@ -94,7 +94,6 @@ mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1 make DESTDIR=$RPM_BUILD_ROOT install man -chmod 644 $RPM_BUILD_ROOT%{_sysconfdir}/singularity/actions/* # move bash completion to the right place mkdir -pv %{buildroot}/%{_datadir}/bash-completion/completions/ mv %{buildroot}/%{_sysconfdir}/bash_completion.d/singularity \ @@ -143,12 +142,6 @@ %{_libexecdir}/singularity/bin/starter %{_libexecdir}/singularity/cni/* %dir %{_sysconfdir}/singularity -%dir %{_sysconfdir}/singularity/actions/ -%config(noreplace) %attr(755, root, singularity) %{_sysconfdir}/singularity/actions/exec -%config(noreplace) %attr(755, root, singularity) %{_sysconfdir}/singularity/actions/run -%config(noreplace) %attr(755, root, singularity) %{_sysconfdir}/singularity/actions/shell -%config(noreplace) %attr(755, root, singularity) %{_sysconfdir}/singularity/actions/start -%config(noreplace) %attr(755, root, singularity) %{_sysconfdir}/singularity/actions/test %config(noreplace) %{_sysconfdir}/singularity/capability.json %config(noreplace) %{_sysconfdir}/singularity/cgroups %config(noreplace) %{_sysconfdir}/singularity/ecl.toml ++ singularity-3.5.2.tar.gz -> singularity-3.5.3.tar.gz ++ /work/SRC/openSUSE:Factory/singularity/singularity-3.5.2.tar.gz /work/SRC/openSUSE:Factory/.singularity.new.26092/singularity-3.5.3.tar.gz differ: char 5, line 1
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-12-21 12:30:16 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.6675 (New) Package is "singularity" Sat Dec 21 12:30:16 2019 rev:16 rq:758322 version:3.5.2 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-12-14 12:23:41.683196465 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new.6675/singularity.changes 2019-12-21 12:30:30.903338518 +0100 @@ -1,0 +2,16 @@ +Thu Dec 19 14:12:49 UTC 2019 - Ana Guerrero Lopez + +- New version 3.5.2. Main change is a fix for a security issue related + to incorrect file permissions (CVE-2019-19724) on user configuration + and cache directories. (boo#1159550) + For other minor bug fixes please read CHANGELOG.md + +--- +Thu Dec 19 08:21:59 UTC 2019 - Ana Guerrero Lopez + +- Update wording in SUSE.README +- New patch, to get a more clear error message when user doesn't + belong to the singularity group + * useful_error_message.patch + +--- Old: singularity-3.5.1.tar.gz New: singularity-3.5.2.tar.gz useful_error_message.patch Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.3xVX3l/_old 2019-12-21 12:30:31.907338996 +0100 +++ /var/tmp/diff_new_pack.3xVX3l/_new 2019-12-21 12:30:31.915338999 +0100 @@ -23,7 +23,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.5.1 +Version:3.5.2 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://www.sylabs.io/singularity/ @@ -31,7 +31,7 @@ Source1:README.SUSE Source5:%{name}-rpmlintrc Patch0: build-position-independent-binaries.patch - +Patch1: useful_error_message.patch BuildRequires: cryptsetup BuildRequires: fdupes BuildRequires: gcc @@ -59,6 +59,7 @@ %prep %setup -q -n gopath/%{singgopath} -c %patch0 -p 4 +%patch1 -p 4 cp %{S:1} . %build ++ README.SUSE ++ --- /var/tmp/diff_new_pack.3xVX3l/_old 2019-12-21 12:30:31.967339024 +0100 +++ /var/tmp/diff_new_pack.3xVX3l/_new 2019-12-21 12:30:31.967339024 +0100 @@ -1,8 +1,13 @@ openSUSE/SUSE specific Settings === -Different from the upstream default, the SUID root binaries -are executible only by users belonging to the group 'singularity'. +openSUSE and SUSE have a small difference with upstream default. +This means the SUID root binaries distributed by singularty are +executable only by users belonging to the group 'singularity'. + +Otherwise, users will get an error message like this one: + +FATAL: while executing /usr/lib/singularity/bin/starter-suid: permission denied To add a user to the group singularity, execute (as root): ++ singularity-3.5.1.tar.gz -> singularity-3.5.2.tar.gz ++ /work/SRC/openSUSE:Factory/singularity/singularity-3.5.1.tar.gz /work/SRC/openSUSE:Factory/.singularity.new.6675/singularity-3.5.2.tar.gz differ: char 5, line 1 ++ useful_error_message.patch ++ Subject: Add an useful error message when the user doesn't belong to the singularity group Date: 2019.12.19 diff -Nrua src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go --- a/src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go 2019-12-03 23:07:06.0 +0100 +++ b/src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go 2019-12-18 00:48:35.670565337 +0100 @@ -90,7 +90,7 @@ return fmt.Errorf("while initializing starter command: %s", err) } err := unix.Exec(c.path, []string{name}, c.env) - return fmt.Errorf("while executing %s: %s", c.path, err) + return fmt.Errorf("while executing %s: %s\nPlease read /usr/share/doc/packages/singularity/README.SUSE to get help\n", c.path, err) } // Run executes the starter binary and returns once starter
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-12-14 12:20:12 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.4691 (New) Package is "singularity" Sat Dec 14 12:20:12 2019 rev:15 rq:756885 version:3.5.1 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-11-07 23:21:05.964830675 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new.4691/singularity.changes 2019-12-14 12:23:41.683196465 +0100 @@ -1,0 +2,13 @@ +Fri Dec 13 09:46:13 UTC 2019 - Ana Guerrero Lopez + +- New version 3.5.1. Many changes since 3.4.2, for the full changelog + please read CHANGELOG.md. Changes relevant to the package: + * New support for AMD GPUs via --rocm, install new configuration file +rocmliblist.conf + * Requires Go 1.13 +- Update Source to download the release tarball that includes + the vendored modules. +- Update patch: + * build-position-independent-binaries.patch + +--- Old: singularity-3.4.2.tar.gz New: singularity-3.5.1.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.NboPUw/_old 2019-12-14 12:23:42.239196381 +0100 +++ /var/tmp/diff_new_pack.NboPUw/_new 2019-12-14 12:23:42.239196381 +0100 @@ -1,7 +1,7 @@ # # spec file for package singularity # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,25 +23,20 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.4.2 +Version:3.5.1 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://www.sylabs.io/singularity/ -Source0: https://github.com/sylabs/singularity/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source0: https://github.com/sylabs/singularity/releases/download/v%{version}/singularity-%{version}.tar.gz Source1:README.SUSE Source5:%{name}-rpmlintrc Patch0: build-position-independent-binaries.patch -BuildRequires: gcc -# Remove after brokenness has been fixed -%if 0%{?suse_version} > 1500 -BuildRequires: go >= 1.11 -%else -BuildRequires: go1.11 -%endif BuildRequires: cryptsetup BuildRequires: fdupes +BuildRequires: gcc BuildRequires: git +BuildRequires: go1.13 BuildRequires: libuuid-devel BuildRequires: make BuildRequires: openssl-devel @@ -63,7 +58,6 @@ %prep %setup -q -n gopath/%{singgopath} -c -mv %{name}-%{version} %{name} %patch0 -p 4 cp %{S:1} . @@ -162,6 +156,7 @@ %config(noreplace) %{_sysconfdir}/singularity/seccomp-profiles %config(noreplace) %{_sysconfdir}/singularity/singularity.conf %config(noreplace) %{_sysconfdir}/singularity/remote.yaml +%config(noreplace) %{_sysconfdir}/singularity/rocmliblist.conf %{_datadir}/bash-completion/completions/singularity %dir %{_localstatedir}/lib/singularity %dir %{_localstatedir}/lib/singularity/mnt ++ build-position-independent-binaries.patch ++ --- /var/tmp/diff_new_pack.NboPUw/_old 2019-12-14 12:23:42.267196377 +0100 +++ /var/tmp/diff_new_pack.NboPUw/_new 2019-12-14 12:23:42.267196377 +0100 @@ -1,11 +1,5 @@ -From: Egbert Eich -Date: Fri May 17 11:15:57 2019 +0200 Subject: build position independent binaries -Patch-mainline: Not yet -Git-commit: a083559a1c42459142e3501a33581089cb35e6d2 -References: - -Signed-off-by: Egbert Eich +Date: 2019.12.13 --- src/github.com/sylabs/singularity/mlocal/frags/go_common_opts.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) @@ -13,16 +7,12 @@ index 87359af..045563a 100644 --- a/src/github.com/sylabs/singularity/mlocal/frags/go_common_opts.mk +++ b/src/github.com/sylabs/singularity/mlocal/frags/go_common_opts.mk -@@ -3,10 +3,10 @@ +@@ -3,7 +3,7 @@ GO_TAGS := containers_image_openpgp sylog imgbuild_engine oci_engine singularity_engine fakeroot_engine GO_TAGS_SUID := containers_image_openpgp sylog singularity_engine fakeroot_engine GO_LDFLAGS := -GO_BUILDMODE := -buildmode=default +GO_BUILDMODE := -buildmode=pie - GO_GCFLAGS := -gcflags=all=-trimpath=$(SOURCEDIR) - GO_ASMFLAGS := -asmflags=all=-trimpath=$(SOURCEDIR) --GO_MODFLAGS := -+GO_MODFLAGS := -x -v -work - GOFLAGS := -mod=vendor - - export GOFLAGS GO111MODULE + GO_GCFLAGS := + GO_ASMFLAGS := + GO_MODFLAGS := $(if $(wildcard $(SOURCEDIR)/vendor/modules.txt),-mod=vendor,-mod=readonly) ++ singularity-3.4.2.tar.gz -> singularity-3.5.1.tar.gz
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-11-07 23:20:50 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.2990 (New) Package is "singularity" Thu Nov 7 23:20:50 2019 rev:14 rq:746206 version:3.4.2 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-09-26 20:40:23.430677722 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.2990/singularity.changes 2019-11-07 23:21:05.964830675 +0100 @@ -1,0 +2,10 @@ +Thu Nov 7 09:48:06 UTC 2019 - Ana Guerrero Lopez + +- New version 3.4.2, this release addresses the following issues: +- Sets workable permissions on OCI -> sandbox rootless builds +- Fallback correctly to user namespace for non setuid installation +- Correctly handle the starter-suid binary for non-root installs +- Creates CACHEDIR if it doesn't exist +- Set apex loglevel for umoci to match singularity loglevel + +--- Old: singularity-3.4.1.tar.gz New: singularity-3.4.2.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.0gMVHW/_old 2019-11-07 23:21:06.648831409 +0100 +++ /var/tmp/diff_new_pack.0gMVHW/_new 2019-11-07 23:21:06.656831417 +0100 @@ -23,7 +23,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.4.1 +Version:3.4.2 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://www.sylabs.io/singularity/ ++ singularity-3.4.1.tar.gz -> singularity-3.4.2.tar.gz ++ /work/SRC/openSUSE:Factory/singularity/singularity-3.4.1.tar.gz /work/SRC/openSUSE:Factory/.singularity.new.2990/singularity-3.4.2.tar.gz differ: char 16, line 1
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-09-26 20:40:15 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.2352 (New) Package is "singularity" Thu Sep 26 20:40:15 2019 rev:13 rq:733023 version:3.4.1 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-09-07 11:53:50.814270592 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.2352/singularity.changes 2019-09-26 20:40:23.430677722 +0200 @@ -1,0 +2,23 @@ +Tue Sep 24 16:51:53 UTC 2019 - Egbert Eich + +- New version 3.4.1 +- This point release addresses the following issues: +- Fixes an issue where a PID namespace was always being used +- Fixes compilation on non 64-bit architectures +- Allows fakeroot builds for zypper, pacstrap, and debootstrap +- Correctly detects seccomp on OpenSUSE +- Honors GO_MODFLAGS properly in the mconfig generated makefile +- Passes the Mac hostname to the VM in MacOS Singularity builds +- Handles temporary EAGAIN failures when setting up loop devices on + recent kernels. + * Removed obsoleted patches: +- fix_build_in_32_bits.patch +- fix_flags_order.patch + +--- +Mon Sep 23 09:15:14 UTC 2019 - Ana Guerrero Lopez + +- Fix build failure in i586. The patch is taken from upstream and should + be removed with the next release update. + * fix_build_in_32_bits.patch +--- Old: fix_flags_order.patch singularity-3.4.0.tar.gz New: singularity-3.4.1.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.1efZsT/_old 2019-09-26 20:40:24.134675841 +0200 +++ /var/tmp/diff_new_pack.1efZsT/_new 2019-09-26 20:40:24.138675830 +0200 @@ -23,7 +23,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.4.0 +Version:3.4.1 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://www.sylabs.io/singularity/ @@ -31,7 +31,6 @@ Source1:README.SUSE Source5:%{name}-rpmlintrc Patch0: build-position-independent-binaries.patch -Patch1: fix_flags_order.patch BuildRequires: gcc # Remove after brokenness has been fixed @@ -66,7 +65,6 @@ %setup -q -n gopath/%{singgopath} -c mv %{name}-%{version} %{name} %patch0 -p 4 -%patch1 -p 4 cp %{S:1} . %build ++ singularity-3.4.0.tar.gz -> singularity-3.4.1.tar.gz ++ /work/SRC/openSUSE:Factory/singularity/singularity-3.4.0.tar.gz /work/SRC/openSUSE:Factory/.singularity.new.2352/singularity-3.4.1.tar.gz differ: char 13, line 1
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-09-07 11:53:44 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.7948 (New) Package is "singularity" Sat Sep 7 11:53:44 2019 rev:12 rq:728714 version:3.4.0 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-07-22 12:20:25.251663888 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.7948/singularity.changes 2019-09-07 11:53:50.814270592 +0200 @@ -1,0 +2,18 @@ +Tue Sep 3 14:39:35 UTC 2019 - Ana Guerrero Lopez + +- New version 3.4.0. Many changes since 3.2.1, for the full changelog + please read CHANGELOG.md +- Add new BuildRequires on cryptsetup. +- Patches refreshed: + * build-position-independent-binaries.patch +- Patches removed, merged upstream: + * zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch + * Handle-zypper-error-code-correctly.patch + * Support-multi-line-bootdef-settings.patch + * Add-support-for-numbered-variables.patch + * Improve-zypper-integration.patch + * Add-unit-tests-for-zypper-installation-on-SLE.patch + * Fix-pgp-key-version-strings-and-paths.patch +- Patches added, fix an issue with the flags order provided by the Makefile + * fix_flags_order.patch +--- Old: Add-support-for-numbered-variables.patch Add-unit-tests-for-zypper-installation-on-SLE.patch Fix-pgp-key-version-strings-and-paths.patch Handle-zypper-error-code-correctly.patch Improve-zypper-integration.patch Support-multi-line-bootdef-settings.patch singularity-3.2.1.tar.gz zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch New: fix_flags_order.patch singularity-3.4.0.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.21iQal/_old 2019-09-07 11:53:52.718270322 +0200 +++ /var/tmp/diff_new_pack.21iQal/_new 2019-09-07 11:53:52.718270322 +0200 @@ -23,7 +23,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.2.1 +Version:3.4.0 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://www.sylabs.io/singularity/ @@ -31,13 +31,7 @@ Source1:README.SUSE Source5:%{name}-rpmlintrc Patch0: build-position-independent-binaries.patch -Patch1: zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch -Patch2: Handle-zypper-error-code-correctly.patch -Patch3: Support-multi-line-bootdef-settings.patch -Patch4: Add-support-for-numbered-variables.patch -Patch5: Improve-zypper-integration.patch -Patch6: Add-unit-tests-for-zypper-installation-on-SLE.patch -Patch7: Fix-pgp-key-version-strings-and-paths.patch +Patch1: fix_flags_order.patch BuildRequires: gcc # Remove after brokenness has been fixed @@ -46,6 +40,7 @@ %else BuildRequires: go1.11 %endif +BuildRequires: cryptsetup BuildRequires: fdupes BuildRequires: git BuildRequires: libuuid-devel @@ -72,12 +67,6 @@ mv %{name}-%{version} %{name} %patch0 -p 4 %patch1 -p 4 -%patch2 -p 4 -%patch3 -p 4 -%patch4 -p 4 -%patch5 -p 4 -%patch6 -p 4 -%patch7 -p 4 cp %{S:1} . %build ++ build-position-independent-binaries.patch ++ --- /var/tmp/diff_new_pack.21iQal/_old 2019-09-07 11:53:52.746270318 +0200 +++ /var/tmp/diff_new_pack.21iQal/_new 2019-09-07 11:53:52.746270318 +0200 @@ -13,9 +13,9 @@ index 87359af..045563a 100644 --- a/src/github.com/sylabs/singularity/mlocal/frags/go_common_opts.mk +++ b/src/github.com/sylabs/singularity/mlocal/frags/go_common_opts.mk -@@ -2,10 +2,10 @@ - GO111MODULE := on - GO_TAGS := containers_image_openpgp sylog +@@ -3,10 +3,10 @@ + GO_TAGS := containers_image_openpgp sylog imgbuild_engine oci_engine singularity_engine fakeroot_engine + GO_TAGS_SUID := containers_image_openpgp sylog singularity_engine fakeroot_engine GO_LDFLAGS := -GO_BUILDMODE := -buildmode=default +GO_BUILDMODE := -buildmode=pie ++ fix_flags_order.patch ++ From: Ana Guerrero Lopez Date: Wed Sep 4 11:28:43 CEST 2019 Subject: Fix flags order Patch-mainline: Not yet References: https://github.com/sylabs/singularity/pull/4375 GO_MODFLAGS should be provided to the go subcommand, and not directly to go. Signed-off-by: Ana Guerrero Lopez --- a/src/github.com/sylabs/singularity/mlocal/frags/build_scripts.mk.orig 2019-09-04 11:17:26.293034517 +0200 +++ b/src/github.com/sylabs/singularity/mlocal/frags/build_scripts.mk 2019-09-04 11:19:04.977038577 +0200 @@ -7,7 +7,7 @@ $(SOURCEDIR)/scripts/go-test:
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-07-22 12:20:23 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.4126 (New) Package is "singularity" Mon Jul 22 12:20:23 2019 rev:11 rq:717250 version:3.2.1 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-05-16 22:08:30.090366518 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.4126/singularity.changes 2019-07-22 12:20:25.251663888 +0200 @@ -2 +2 @@ -Wed May 15 14:18:54 UTC 2019 - Egbert Eich +Sat Jul 20 18:20:40 UTC 2019 - Egbert Eich @@ -4 +4,2 @@ -- Fix a typo in the SUSE Integration. +- Fix-pgp-key-version-strings-and-paths.patch + Fixing pgp key, version strings and paths. @@ -7 +8 @@ -Sun Apr 28 06:32:08 UTC 2019 - Egbert Eich +Tue Jun 11 14:49:00 UTC 2019 - Egbert Eich @@ -9,23 +10,119 @@ -- Improve support for openSUSE/SLE Singularity image creation: - * Add-support-for-SLE.patch -Add support for SLE. - * Create-chroot-only-after-settings-have-been-verified.patch -Create chroot only after settings have been verified. - * Don-t-hard-code-OS-version-if-non-is-specified.patch -Don't hard code OS version if non is specified. - * Handle-zypper-error-code-correctly.patch -Do not consider installation scriptlet failures an installation -failure. - * Support-multi-line-bootdef-settings.patch -If lines are separated by a '\' in a bootdef setting definition -concatenate them. If the characters before the trailing '\' are -'\n', replace by a newline. - * When-writing-a-file-to-the-container-unlink-if-it-exists-as-link-or-directory.patch -If a link or a directory exists with the same name as a file to -be written to the container, remove it before writing the the file. -Removing a link avoids issues if the link target cannot be written -to. - * Update README.SUSE: Describe bootdef variables. -- Fix rpmlint warning: - * api.py-Remove-shbang-not-meant-for-direct-execution.patch -Remove shbang - not meant for direct execution. +- Update to version 3.2.1: + This point release fixes the following bugs: + * Allows users to join instances with non-suid workflow + * Removes false warning when seccomp is disabled on the host + * Fixes an issue in the terminal when piping output to commands + * Binds NVIDIA persistenced socket when `--nv` is invoked + +--- +Thu Jun 6 14:10:47 UTC 2019 - Egbert Eich + +- Improve integration with SUSE Products: add support to create + Singularity images with SLE. + * build-position-independent-binaries.patch: +Make sure, the built binaries adhere to the packaging guidelines. + * zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch: +Newer SUSE versions use a different path for the RPM database. + * Handle-zypper-error-code-correctly.patch: +When the installation succeeds by an installation scriptlet fails +zypper returns error code 107. Don't treat this as an error. + * Support-multi-line-bootdef-settings.patch: +In order to specify a repository GPG key, add support for +multi line variables. + * Add-support-for-numbered-variables.patch: +In order to specify a list of additional repos, add support +to 'indexed' variables. + * Improve-zypper-integration.patch: +Improve handling of SUSE repositires: +- For SLE, use SUSEConnect to get all product repos. +- Allow to specify a repository GPG key. +- Allow to specify additional installation repositories. + * Add-unit-tests-for-zypper-installation-on-SLE.patch +Add unit tests. + +--- +Sat May 18 15:42:45 UTC 2019 - Egbert Eich + +- Add group 'singularity', fix ownerships. + +--- +Thu May 16 07:03:34 UTC 2019 - Egbert Eich + +- Updated to singularity v3.2.0 + * [Security related fix](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11328) + Instance files are now stored in user's home directory for privacy and + many checks have been added to ensure that a user can't manipulate files + to change `starter-suid` behavior when instances are joined (many thanks + to Matthias Gerstner from the SUSE security team for finding and securely + reporting this vulnerability) + (CVE-2019-11328, bsc#1128598) + * New features / functionalities + - Introduced a new basic framework for creating and managing plugins + - Added the ability to create containers through multi-stage builds + - Created the concept of a Sylabs Cloud "remote" endpoint and added the + ability for users and admins to set them through CLI
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-05-16 22:08:28 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.5148 (New) Package is "singularity" Thu May 16 22:08:28 2019 rev:10 rq:703166 version:2.6.1 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-05-02 19:16:42.857351503 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.5148/singularity.changes 2019-05-16 22:08:30.090366518 +0200 @@ -1,0 +2,5 @@ +Wed May 15 14:18:54 UTC 2019 - Egbert Eich + +- Fix a typo in the SUSE Integration. + +--- Other differences: -- ++ Add-support-for-SLE.patch ++ --- /var/tmp/diff_new_pack.j64YUv/_old 2019-05-16 22:08:31.470365264 +0200 +++ /var/tmp/diff_new_pack.j64YUv/_new 2019-05-16 22:08:31.470365264 +0200 @@ -65,7 +65,7 @@ +tmp=${OSVERSION#*.} +if [ $tmp -gt 0 ]; then + OSSERVICEPACK=-SP${tmp} -+ OSMINOR=".%{tmp}" ++ OSMINOR=".${tmp}" +else + OSSERVICEPACK= + OSMINOR=
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-05-02 19:16:41 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.5148 (New) Package is "singularity" Thu May 2 19:16:41 2019 rev:9 rq:699554 version:2.6.1 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-02-19 12:02:40.305067650 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new.5148/singularity.changes 2019-05-02 19:16:42.857351503 +0200 @@ -1,0 +2,27 @@ +Sun Apr 28 06:32:08 UTC 2019 - Egbert Eich + +- Improve support for openSUSE/SLE Singularity image creation: + * Add-support-for-SLE.patch +Add support for SLE. + * Create-chroot-only-after-settings-have-been-verified.patch +Create chroot only after settings have been verified. + * Don-t-hard-code-OS-version-if-non-is-specified.patch +Don't hard code OS version if non is specified. + * Handle-zypper-error-code-correctly.patch +Do not consider installation scriptlet failures an installation +failure. + * Support-multi-line-bootdef-settings.patch +If lines are separated by a '\' in a bootdef setting definition +concatenate them. If the characters before the trailing '\' are +'\n', replace by a newline. + * When-writing-a-file-to-the-container-unlink-if-it-exists-as-link-or-directory.patch +If a link or a directory exists with the same name as a file to +be written to the container, remove it before writing the the file. +Removing a link avoids issues if the link target cannot be written +to. + * Update README.SUSE: Describe bootdef variables. +- Fix rpmlint warning: + * api.py-Remove-shbang-not-meant-for-direct-execution.patch +Remove shbang - not meant for direct execution. + +--- New: Add-support-for-SLE.patch Create-chroot-only-after-settings-have-been-verified.patch Don-t-hard-code-OS-version-if-non-is-specified.patch Handle-zypper-error-code-correctly.patch Support-multi-line-bootdef-settings.patch When-writing-a-file-to-the-container-unlink-if-it-exists-as-link-or-directory.patch api.py-Remove-shbang-not-meant-for-direct-execution.patch Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.DZMAQU/_old 2019-05-02 19:16:43.749353142 +0200 +++ /var/tmp/diff_new_pack.DZMAQU/_new 2019-05-02 19:16:43.749353142 +0200 @@ -42,6 +42,14 @@ Source1:README.SUSE Source5:singularity-rpmlintrc Patch1: zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch +Patch2: Handle-zypper-error-code-correctly.patch +Patch3: When-writing-a-file-to-the-container-unlink-if-it-exists-as-link-or-directory.patch +Patch4: Support-multi-line-bootdef-settings.patch +Patch5: api.py-Remove-shbang-not-meant-for-direct-execution.patch +Patch6: Add-support-for-SLE.patch +Patch7: Don-t-hard-code-OS-version-if-non-is-specified.patch +Patch8: Create-chroot-only-after-settings-have-been-verified.patch + BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -87,6 +95,13 @@ %prep %setup -q -n %{name}-%{github_ref} %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 cp %{S:1} . %build ++ Add-support-for-SLE.patch ++ From: Egbert Eich Date: Sun Apr 28 07:36:08 2019 +0200 Subject: Add support for SLE Patch-mainline: Not yet Git-commit: da37d2c1863e019a0d187f0c25620bc91649aac1 References: SLE uses SUSEConnect to register a product and find its repositories. SLE-15 requires the installer to be present as well as a list of modules. Signed-off-by: Egbert Eich --- singularity-2.6.0/bootstrap-scripts/deffile-driver-zypper.sh | 116 ++--- 1 file changed, 103 insertions(+), 13 deletions(-) diff --git a/singularity-2.6.0/libexec/bootstrap-scripts/deffile-driver-zypper.sh b/singularity-2.6.0/libexec/bootstrap-scripts/deffile-driver-zypper.sh index 3052a52..d744d9e 100644 --- a/libexec/bootstrap-scripts/deffile-driver-zypper.sh +++ b/libexec/bootstrap-scripts/deffile-driver-zypper.sh @@ -37,6 +37,7 @@ if [ -z "${SINGULARITY_ROOTFS:-}" ]; then exit 1 fi +BASE_PACKAGE_LIST=aaa_base ## BEGIN BOOTSTRAP SCRIPT ## @@ -88,17 +89,68 @@ if [ -z "${OSVERSION:-}" ]; then fi fi -MIRROR=`echo "${MIRRORURL:-}" | sed -r "s/%\{?OSVERSION\}?/$OSVERSION/gi"` -MIRROR_META=`echo "${METALINK:-}" | sed -r "s/%\{?OSVERSION\}?/$OSVERSION/gi"` -if [ -z "${MIRROR:-}" ] && [ -z "${MIRROR_META:-}" ]; then -message ERROR "No 'MirrorURL' or 'MetaLink' defined
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-02-19 12:02:08 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.28833 (New) Package is "singularity" Tue Feb 19 12:02:08 2019 rev:8 rq:677135 version:2.6.1 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-01-05 14:42:50.076455974 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new.28833/singularity.changes 2019-02-19 12:02:40.305067650 +0100 @@ -1,0 +2,7 @@ +Fri Feb 15 18:42:02 UTC 2019 - Egbert Eich + +- On Leap 42 or SLE 12 / PackageHub12 do not check the + permissions version: unfortunately the version number + has no relation to the patch set applied (bsc#1125369). + +--- Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.CwA3AZ/_old 2019-02-19 12:02:41.209067186 +0100 +++ /var/tmp/diff_new_pack.CwA3AZ/_new 2019-02-19 12:02:41.213067184 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -52,7 +52,13 @@ BuildRequires: libarchive-devel BuildRequires: python %{?allow_suid:Requires(pre): shadow} +%if 0%{?sle_version} >= 120200 && 0%{?sle_version} < 15 +# On SLE 12 there is no way to check if the proper version has +# been installed. Trust that the user has done updates. +PreReq: permissions +%else PreReq: permissions >= 20170922 +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-01-05 14:42:48 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.28833 (New) Package is "singularity" Sat Jan 5 14:42:48 2019 rev:7 rq:662782 version:2.6.1 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2018-11-01 14:40:06.466903282 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new.28833/singularity.changes 2019-01-05 14:42:50.076455974 +0100 @@ -1,0 +2,15 @@ +Fri Jan 4 11:05:14 UTC 2019 - e...@suse.com + +- Change from /var/singularity to /var/lib/singularity +- zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch: + Fix the RPM db path for later versions of SUSE. +- Fix warning on bash-completion file about non-executible script. + +--- +Mon Dec 17 09:48:05 UTC 2018 - cg...@suse.com + +- Updated to 2.6.1 to fix CVE-2018-19295 (bsc#411). + * mount points are not mounted with shared mount propagation by +default anymore, as this may result in privilege escalation. + +--- @@ -7,0 +23,6 @@ + +--- +Tue Oct 30 16:13:05 UTC 2018 - e...@suse.com + +- Add bash completions directory to file list for suse_version < 1500 + to keep the build checker happy. Old: singularity-2.6.0.tar.gz New: singularity-2.6.1.tar.gz zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.xVv8WD/_old 2019-01-05 14:42:50.616455516 +0100 +++ /var/tmp/diff_new_pack.xVv8WD/_new 2019-01-05 14:42:50.620455513 +0100 @@ -1,7 +1,7 @@ # # spec file for package singularity # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ # %define libsingularity libsingularity1 -%define git_version 2.6.0 +%define git_version 2.6.1 # slurm build broken %define have_slurm 0 @@ -41,6 +41,7 @@ Source: https://github.com/singularityware/%{name}/archive/%{github_ref}.tar.gz#/%{name}-%{version}.tar.gz Source1:README.SUSE Source5:singularity-rpmlintrc +Patch1: zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -79,11 +80,13 @@ %prep %setup -q -n %{name}-%{github_ref} +%patch1 -p1 cp %{S:1} . %build ./autogen.sh %configure \ + --localstatedir=%{_localstatedir}/lib \ %{!?allow_suid:--disable-suid} \ --with-userns \ --with-gnu-ld \ @@ -104,6 +107,8 @@ mkdir -p %{buildroot}/%{_datadir}/bash-completion/completions/ mv %{buildroot}/%{_sysconfdir}/bash_completion.d/%{name} \ %{buildroot}/%{_datadir}/bash-completion/completions/%{name} +sed -i -e '/#\!/d' %{buildroot}/%{_datadir}/bash-completion/completions/%{name} +for file in $(find %{buildroot}/%{_libexecdir} -name \*.py); do grep "/usr/bin/env" $file && sed -i 's@/usr/bin/env python@/usr/bin/python@' $file; done %fdupes %{buildroot} %post -n %{libsingularity} -p /sbin/ldconfig @@ -150,6 +155,10 @@ %config(noreplace) %{_sysconfdir}/%{name}/init %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %config(noreplace) %{_sysconfdir}/%{name}/nvliblist.conf +%if 0%{?suse_version} < 1500 +%dir %{_datadir}/bash-completion +%dir %{_datadir}/bash-completion/completions +%endif %{_datadir}/bash-completion/completions/%{name} %{_bindir}/%{name} %{_bindir}/run-%{name} @@ -157,7 +166,7 @@ %exclude %{_libdir}/%{name}/lib%{name}-*.so* %{?allow_suid:%verify(not mode) %attr(4750,root,%{name}) %{_libexecdir}/%{name}/bin/*-suid} %{_mandir}/man1/%{name}.1.gz -%{_var}/%{name} +%{_localstatedir}/lib/%{name} %files -n %{libsingularity} %defattr(-,root,root) ++ singularity-2.6.0.tar.gz -> singularity-2.6.1.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/singularity-2.6.0/CHANGELOG.md new/singularity-2.6.1/CHANGELOG.md --- old/singularity-2.6.0/CHANGELOG.md 2018-08-04 03:00:49.0 +0200 +++ new/singularity-2.6.1/CHANGELOG.md 2018-12-11 15:24:13.0 +0100 @@ -12,8 +12,17 @@ - migration guidance (how to convert images?) - changed behaviour (recipe sections work differently) +## [v2.6.1] + +### [Security related
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2018-11-01 14:40:05 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new (New) Package is "singularity" Thu Nov 1 14:40:05 2018 rev:6 rq:645743 version:2.6.0 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2018-10-15 10:49:41.254989828 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new/singularity.changes 2018-11-01 14:40:06.466903282 +0100 @@ -1,0 +2,8 @@ +Wed Oct 31 12:11:34 UTC 2018 - matthias.gerst...@suse.com + +- Also package the directory tree rooted at /var/singularity/. + Otherwise running a container fails with: + + 'Failed to resolve path to /var/singularity/mnt/container: No such file or directory' + +--- Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.1EQbnh/_old 2018-11-01 14:40:07.126903216 +0100 +++ /var/tmp/diff_new_pack.1EQbnh/_new 2018-11-01 14:40:07.130903215 +0100 @@ -157,6 +157,7 @@ %exclude %{_libdir}/%{name}/lib%{name}-*.so* %{?allow_suid:%verify(not mode) %attr(4750,root,%{name}) %{_libexecdir}/%{name}/bin/*-suid} %{_mandir}/man1/%{name}.1.gz +%{_var}/%{name} %files -n %{libsingularity} %defattr(-,root,root)
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2018-10-15 10:49:35 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new (New) Package is "singularity" Mon Oct 15 10:49:35 2018 rev:5 rq:641910 version:2.6.0 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2017-11-07 10:04:51.679362472 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new/singularity.changes 2018-10-15 10:49:41.254989828 +0200 @@ -1,0 +2,62 @@ +Sun Oct 14 09:03:26 UTC 2018 - e...@suse.com + +- Update to version 2.6.0 + * Allow admin to specify a non-standard location for mksquashfs binary at +build time with '--with-mksquashfs' option #1662 + * '--nv' option will use +[nvidia-container-cli](https://github.com/NVIDIA/libnvidia-container) if +installed #1681 + * [nvliblist.conf] + (https://github.com/singularityware/singularity/blob/master/etc/nvliblist.conf) +now has a section for binaries #1681 + * '--nv' can be made default with all action commands in singularity.conf +#1681 + * '--nv' can be controlled by env vars '$SINGULARITY_NV' and +'$SINGULARITY_NV_OFF' #1681 + * Refactored travis build and packaging tests #1601 + * Added build and packaging tests for Debian 8/9 and openSUSE 42.3/15.0 #1713 + * Restore shim init process for proper signal handling and child reaping when +container is initiated in its own PID namespace #1221 + * Add '-i' option to image.create to specify the inode ratio. #1759 + * Bind '/dev/nvidia*' into the container when the '--nv' flag is used in +conjuction with the '--contain' flag #1358 + * Add '--no-home' option to not mount user $HOME if it is not the $CWD and +'mount home = yes' is set. #1761 + * Added support for OAUTH2 Docker registries like Azure Container Registry +#1622 + ### Bug fixes + * Fix 404 when using Arch Linux bootstrap #1731 + * Fix environment variables clearing while starting instances #1766 + +--- +Mon Jul 9 16:37:37 UTC 2018 - e...@suse.com + +- Use %license instead of %doc for license files on newer products. +- Fix bash completion path. + +--- +Fri Jul 6 08:20:06 UTC 2018 - cg...@suse.com + +- Updated from 2.3.2 to 2.5.2 +- Fix security issues for incorrect access control on systems + supporting overlay file system descirbed in CVE-2018-12021 and + bsc#1100333 + Highlights of 2.5.2 + * a new `build` command was added to replace `create` + +`bootstrap` + * default image format is squashfs, eliminating the need to +specify a size + * a `localimage` can be used as a build base, including ext3, +sandbox, and other squashfs images + * singularity hub can now be used as a base with the uri + * Restore docker-extract aufs whiteout handling that implements +correct extraction of docker container layers. + * several bug fixes, see CHANGELOG.md for details +- Removed: singularity-2.3.2.tar.gz +- Added: singularity-2.5.2.tar.gz +- Removed 'notyet' if conditions in specfile to allow files + introduced in v2.5.2 +- Fixed access control on systems supporting overlay file system + (CVE-2018-12021, boo#1100333). + +--- Old: singularity-2.3.2.tar.gz New: singularity-2.6.0.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.onGB6i/_old 2018-10-15 10:49:42.750988232 +0200 +++ /var/tmp/diff_new_pack.onGB6i/_new 2018-10-15 10:49:42.750988232 +0200 @@ -1,7 +1,7 @@ # # spec file for package singularity # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,8 +19,7 @@ # %define libsingularity libsingularity1 -%define git_version 2.3.2 -#%%define not_yet 0 +%define git_version 2.6.0 # slurm build broken %define have_slurm 0 @@ -49,6 +48,7 @@ BuildRequires: slurm-devel %endif BuildRequires: fdupes +BuildRequires: libarchive-devel BuildRequires: python %{?allow_suid:Requires(pre): shadow} PreReq: permissions >= 20170922 @@ -101,6 +101,9 @@ # fix broken permissions chmod a-x %{buildroot}/%{_libexecdir}/%{name}/python/docker/__init__.py chmod a-x %{buildroot}/%{_libexecdir}/%{name}/python/__init__.py +mkdir -p %{buildroot}/%{_datadir}/bash-completion/completions/ +mv %{buildroot}/%{_sysconfdir}/bash_completion.d/%{name} \ +
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2017-11-07 10:04:28 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new (New) Package is "singularity" Tue Nov 7 10:04:28 2017 rev:4 rq:539325 version:2.3.2 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2017-11-04 10:25:24.751349608 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new/singularity.changes 2017-11-07 10:04:51.679362472 +0100 @@ -1,0 +2,6 @@ +Mon Nov 6 09:48:19 UTC 2017 - e...@suse.com + +- Restrict permissions file version to a version which has + the required singularity entries. + +--- Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.SdrkL1/_old 2017-11-07 10:04:54.443262192 +0100 +++ /var/tmp/diff_new_pack.SdrkL1/_new 2017-11-07 10:04:54.443262192 +0100 @@ -51,7 +51,7 @@ BuildRequires: fdupes BuildRequires: python %{?allow_suid:Requires(pre): shadow} -PreReq: permissions +PreReq: permissions >= 20170922 BuildRoot: %{_tmppath}/%{name}-%{version}-build %description
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2017-11-04 10:25:19 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new (New) Package is "singularity" Sat Nov 4 10:25:19 2017 rev:3 rq:538588 version:2.3.2 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2017-10-06 11:05:01.759015755 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new/singularity.changes 2017-11-04 10:25:24.751349608 +0100 @@ -1,0 +2,8 @@ +Thu Nov 2 09:05:09 UTC 2017 - e...@suse.com + +- Update to 2.3.2: + * Fix for a change that Docker implemented to their registry +RESTful API which broke compatibility with Singularity. + * Several other low minor fixes. + +--- Old: singularity-2.3.1.tar.gz New: singularity-2.3.2.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.tZJKuL/_old 2017-11-04 10:25:25.535321080 +0100 +++ /var/tmp/diff_new_pack.tZJKuL/_new 2017-11-04 10:25:25.539320935 +0100 @@ -19,7 +19,8 @@ # %define libsingularity libsingularity1 -%define git_version 2.3.1 +%define git_version 2.3.2 +#%%define not_yet 0 # slurm build broken %define have_slurm 0 @@ -118,6 +119,9 @@ %set_permissions %{_libexecdir}/%{name}/bin/action-suid %set_permissions %{_libexecdir}/%{name}/bin/export-suid %set_permissions %{_libexecdir}/%{name}/bin/import-suid +%if 0%{?not_yet:1} +%set_permissions %{_libexecdir}/%{name}/bin/start-suid +%endif %verifyscript %verify_permissions %{_libexecdir}/%{name}/bin/expand-suid @@ -126,15 +130,26 @@ %verify_permissions %{_libexecdir}/%{name}/bin/action-suid %verify_permissions %{_libexecdir}/%{name}/bin/export-suid %verify_permissions %{_libexecdir}/%{name}/bin/import-suid +%if 0%{?not_yet:1} +%set_permissions %{_libexecdir}/%{name}/bin/start-suid +%endif %endif %files %defattr(-,root,root) -%doc examples AUTHORS.md CONTRIBUTING.md LICENSE-LBNL.md README.md %{basename:%{S:1}} +%doc examples CONTRIBUTING.md LICENSE-LBNL.md README.md %{basename:%{S:1}} +%if 0%{?not_yet:1} +%doc COPYRIGHT.md CONTRIBUTORS.md LICENSE.md +%else +%doc AUTHORS.md +%endif %attr(0755,root,root) %dir %{_sysconfdir}/%{name} -%config %{_sysconfdir}/%{name}/default-nsswitch.conf -%config %{_sysconfdir}/%{name}/init +%config(noreplace) %{_sysconfdir}/%{name}/default-nsswitch.conf +%config(noreplace) %{_sysconfdir}/%{name}/init %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%if 0%{?not_yet:1} +%config(noreplace) %{_sysconfdir}/%{name}/nvliblist.conf +%endif %{_sysconfdir}/bash_completion.d/%{name} %{_bindir}/%{name} %{_bindir}/run-%{name} ++ singularity-2.3.1.tar.gz -> singularity-2.3.2.tar.gz ++ 3576 lines of diff (skipped)
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2017-10-06 11:04:58 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new (New) Package is "singularity" Fri Oct 6 11:04:58 2017 rev:2 rq:531762 version:2.3.1 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2017-10-05 11:57:54.567992569 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new/singularity.changes 2017-10-06 11:05:01.759015755 +0200 @@ -1,0 +2,9 @@ +Thu Oct 5 10:12:04 UTC 2017 - e...@suse.com + +- Removed: + Do-chdir-before-duing-chroot.patch: + After checking with the security team that there are no concerns + about doing the chdir() after the chroot(), remove this patch and + add a filter to keep rpmlint from complaining (bsc#1028304). + +--- Old: Do-chdir-before-duing-chroot.patch Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.aDKYOP/_old 2017-10-06 11:05:02.394919577 +0200 +++ /var/tmp/diff_new_pack.aDKYOP/_new 2017-10-06 11:05:02.394919577 +0200 @@ -1,5 +1,5 @@ # -# spec file for package slurm +# spec file for package singularity # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # @@ -14,6 +14,9 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + + +# %define libsingularity libsingularity1 %define git_version 2.3.1 @@ -38,9 +41,8 @@ Source: https://github.com/singularityware/%{name}/archive/%{github_ref}.tar.gz#/%{name}-%{version}.tar.gz Source1:README.SUSE Source5:singularity-rpmlintrc -Patch1: Do-chdir-before-duing-chroot.patch -BuildRequires: automake BuildRequires: autoconf +BuildRequires: automake BuildRequires: libtool %if 0%{?have_slurm} BuildRequires: slurm-devel @@ -76,7 +78,6 @@ %prep %setup -q -n %{name}-%{github_ref} -%patch1 -p1 cp %{S:1} . %build @@ -101,7 +102,6 @@ chmod a-x %{buildroot}/%{_libexecdir}/%{name}/python/__init__.py %fdupes %{buildroot} - %post -n %{libsingularity} -p /sbin/ldconfig %postun -n %{libsingularity} -p /sbin/ldconfig ++ singularity-rpmlintrc ++ --- /var/tmp/diff_new_pack.aDKYOP/_old 2017-10-06 11:05:02.474907479 +0200 +++ /var/tmp/diff_new_pack.aDKYOP/_new 2017-10-06 11:05:02.482906270 +0200 @@ -2,3 +2,4 @@ # devel:openSUSE:Factory:rpmlint/rpmlint is in # Factory addFilter(".*non-standard-gid.*") +addFilter(".*missing-call-to-chdir-with-chroot.*")