commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2020-10-20 16:17:55
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.3486 (New)
Package is "singularity"
Tue Oct 20 16:17:55 2020 rev:21 rq:842715 version:3.6.4
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2020-09-21
17:31:09.768357685 +0200
+++ /work/SRC/openSUSE:Factory/.singularity.new.3486/singularity.changes
2020-10-20 16:24:23.478407021 +0200
@@ -1,0 +2,11 @@
+Tue Oct 20 07:56:37 UTC 2020 - Ana Guerrero Lopez
+
+- New version 3.6.4 addresses a security issue:
+ - CVE-2020-15229, bsc#1177901
+ Due to insecure handling of path traversal and the lack of path
+ sanitization within unsquashfs, it is possible to overwrite/create
+ files on the host filesystem during the extraction of a crafted
+ squashfs filesystem. Affects unprivileged execution of SIF/SquashFS
+ images, and image builds from SIF/SquashFS images.
+
+---
Old:
singularity-3.6.3.tar.gz
New:
singularity-3.6.4.tar.gz
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.r8Hxhn/_old 2020-10-20 16:24:25.238407855 +0200
+++ /var/tmp/diff_new_pack.r8Hxhn/_new 2020-10-20 16:24:25.238407855 +0200
@@ -23,7 +23,7 @@
License:BSD-3-Clause-LBNL
Group: Productivity/Clustering/Computing
Name: singularity
-Version:3.6.3
+Version:3.6.4
Release:0
# https://spdx.org/licenses/BSD-3-Clause-LBNL.html
URL:https://github.com/hpcng/singularity
++ singularity-3.6.3.tar.gz -> singularity-3.6.4.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/singularity/CHANGELOG.md new/singularity/CHANGELOG.md
--- old/singularity/CHANGELOG.md2020-09-15 16:05:03.0 +0200
+++ new/singularity/CHANGELOG.md2020-10-13 16:36:52.0 +0200
@@ -9,6 +9,27 @@
_The old changelog can be found in the `release-2.6` branch_
+# v3.6.4 - [2020-10-13]
+
+## Security related fixes
+
+Singularity 3.6.4 addresses the following security issue.
+
+ -
[CVE-2020-15229](https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9):
+Due to insecure handling of path traversal and the lack of path
+sanitization within unsquashfs (a distribution provided utility
+used by Singularity), it is possible to overwrite/create files on
+the host filesystem during the extraction of a crafted squashfs
+filesystem. Affects unprivileged execution of SIF / SquashFS
+images, and image builds from SIF / SquashFS images.
+
+## Bug Fixes
+
+ - Update scs-library-client to support `library://` backends using an
+3rd party S3 object store that does not strictly conform to v4
+signature spec.
+
+
# v3.6.3 - [2020-09-15]
## Security related fixes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/singularity/INSTALL.md new/singularity/INSTALL.md
--- old/singularity/INSTALL.md 2020-09-15 16:05:03.0 +0200
+++ new/singularity/INSTALL.md 2020-10-13 16:36:52.0 +0200
@@ -89,7 +89,7 @@
To build a stable version of Singularity, check out a [release
tag](https://github.com/sylabs/singularity/tags) before compiling:
```
-$ git checkout v3.6.3
+$ git checkout v3.6.4
```
## Compiling Singularity
@@ -132,7 +132,7 @@
and use it to install the RPM like this:
```
-$ export VERSION=3.6.3 # this is the singularity version, change as you need
+$ export VERSION=3.6.4 # this is the singularity version, change as you need
$ wget
https://github.com/sylabs/singularity/releases/download/v${VERSION}/singularity-${VERSION}.tar.gz
&& \
rpmbuild -tb singularity-${VERSION}.tar.gz && \
@@ -148,7 +148,7 @@
$ cd $GOPATH/src/github.com/sylabs/singularity && \
./mconfig && \
make -C builddir rpm && \
- sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/singularity-3.6.2*.x86_64.rpm # or
whatever version you built
+ sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/singularity-3.6.4*.x86_64.rpm # or
whatever version you built
```
To build an rpm with an alternative install prefix set RPMPREFIX on the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/singularity/VERSION new/singularity/VERSION
--- old/singularity/VERSION 2020-09-15 16:11:54.0 +0200
+++ new/singularity/VERSION 2020-10-13 16:39:02.0 +0200
@@ -1 +1 @@
-3.6.3
+3.6.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/singularity/go.mod
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2020-09-21 17:26:50 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.4249 (New) Package is "singularity" Mon Sep 21 17:26:50 2020 rev:20 rq:835372 version:3.6.3 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2020-09-15 16:28:28.322607236 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.4249/singularity.changes 2020-09-21 17:31:09.768357685 +0200 @@ -1,0 +2,22 @@ +Fri Sep 18 07:29:10 UTC 2020 - Ana Guerrero Lopez + +- New version 3.6.3, addresses the following security issues: + - CVE-2020-25039, bsc#1176705 + When a Singularity action command (run, shell, exec) is run with + the fakeroot or user namespace option, Singularity will extract + a container image to a temporary sandbox directory. + Due to insecure permissions on the temporary directory it is possible + for any user with access to the system to read the contents of the image. + Additionally, if the image contains a world-writable file or directory, + it is possible for a user to inject arbitrary content into the running + container. + - CVE-2020-25040, bsc#1176707 + When a Singularity command that results in a container + build operation is executed, it is possible for a user with access + to the system to read the contents of the image during the build. + Additionally, if the image contains a world-writable file or directory, + it is possible for a user to inject arbitrary content into the running + build, which in certain circumstances may enable arbitrary code execution + during the build and/or when the built container is run. + +--- Old: singularity-3.6.2.tar.gz New: singularity-3.6.3.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.EhsKrW/_old 2020-09-21 17:31:15.168362782 +0200 +++ /var/tmp/diff_new_pack.EhsKrW/_new 2020-09-21 17:31:15.172362785 +0200 @@ -23,7 +23,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.6.2 +Version:3.6.3 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://github.com/hpcng/singularity ++ singularity-3.6.2.tar.gz -> singularity-3.6.3.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/singularity/CHANGELOG.md new/singularity/CHANGELOG.md --- old/singularity/CHANGELOG.md2020-08-25 20:50:09.0 +0200 +++ new/singularity/CHANGELOG.md2020-09-15 16:05:03.0 +0200 @@ -9,6 +9,43 @@ _The old changelog can be found in the `release-2.6` branch_ +# v3.6.3 - [2020-09-15] + +## Security related fixes + +Singularity 3.6.3 addresses the following security issues. + + - [CVE-2020-25039](https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7): +When a Singularity action command (run, shell, exec) is run with +the fakeroot or user namespace option, Singularity will extract a +container image to a temporary sandbox directory. Due to insecure +permissions on the temporary directory it is possible for any user +with access to the system to read the contents of the +image. Additionally, if the image contains a world-writable file +or directory, it is possible for a user to inject arbitrary +content into the running container. + + - [CVE-2020-25040](https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762): +When a Singularity command that results in a container build +operation is executed, it is possible for a user with access to +the system to read the contents of the image during the +build. Additionally, if the image contains a world-writable file +or directory, it is possible for a user to inject arbitrary +content into the running build, which in certain circumstances may +enable arbitrary code execution during the build and/or when the +built container is run. + +## Bug Fixes + + - Add CAP_MKNOD in capability bounding set of RPC to fix issue with +cryptsetup when decrypting image from within a docker container. + - Fix decryption issue when using both IPC and PID namespaces. + - Fix unsupported builtins panic from shell interpreter and add umask +support for definition file scripts. + - Do not load keyring in prepare_linux if ECL not enabled. + - Ensure sandbox option overrides remote build destination. + + # v3.6.2 - [2020-08-25] ## New features / functionalities diff -urN
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2020-09-15 16:28:16
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.4249 (New)
Package is "singularity"
Tue Sep 15 16:28:16 2020 rev:19 rq:834272 version:3.6.2
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2020-07-16
12:18:50.722988537 +0200
+++ /work/SRC/openSUSE:Factory/.singularity.new.4249/singularity.changes
2020-09-15 16:28:28.322607236 +0200
@@ -1,0 +2,32 @@
+Mon Sep 14 08:26:12 UTC 2020 - Ana Guerrero Lopez
+
+- New version 3.6.2, new features / functionalities:
+ -Add --force option to singularity delete for non-interactive
+ workflows.
+ -Support compilation with FORTIFY_SOURCE=2 and build in pie mode
+ with fstack-protector enabled
+ - Changed defaults / behaviours
+ -Default to current architecture for singularity delete.
+ - Bug Fixes
+ -Respect current remote for singularity delete command.
+ -Allow rw as a (noop) bind option.
+ -Fix capability handling regression in overlay mount.
+ -Fix LD_LIBRARY_PATH environment override regression with --nv/--rocm.
+ -Fix environment variable duplication within singularity engine.
+ -Use -user-xattrs for unsquashfs to avoid error with rootless
+extraction using unsquashfs 3.4
+ -Correct --no-home message for 3.6 CWD behavior.
+ -Don't fail if parent of cache dir not accessible.
+ -Fix tests for Go 1.15 Ctty handling.
+ -Fix additional issues with test images on ARM64.
+ -Fix FUSE e2e tests to use container ssh_config.
+ -Provide advisory message r.e. need for upper and work to exist
+in overlay images.
+ -Use squashfs mem and processor limits in squashfs gzip check.
+ -Ensure build destination path is not an empty string - do not
+overwrite CWD.
+ -Don't unset PATH when interpreting legacy /environment files.
+- Remove patch, this change is now in upstream:
+ * build-position-independent-binaries.patch
+
+---
Old:
build-position-independent-binaries.patch
singularity-3.6.0.tar.gz
New:
singularity-3.6.2.tar.gz
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.iAezCy/_old 2020-09-15 16:28:28.994607879 +0200
+++ /var/tmp/diff_new_pack.iAezCy/_new 2020-09-15 16:28:28.998607883 +0200
@@ -23,14 +23,13 @@
License:BSD-3-Clause-LBNL
Group: Productivity/Clustering/Computing
Name: singularity
-Version:3.6.0
+Version:3.6.2
Release:0
# https://spdx.org/licenses/BSD-3-Clause-LBNL.html
URL:https://github.com/hpcng/singularity
Source0:
https://github.com/hpcng/singularity/releases/download/v%{version}/singularity-%{version}.tar.gz
Source1:README.SUSE
Source5:%{name}-rpmlintrc
-Patch0: build-position-independent-binaries.patch
Patch1: useful_error_message.patch
BuildRequires: cryptsetup
BuildRequires: fdupes
@@ -58,7 +57,6 @@
%prep
%setup -q -n gopath/%{singgopath} -c
-%patch0 -p 4
%patch1 -p 4
cp %{S:1} .
++ singularity-3.6.0.tar.gz -> singularity-3.6.2.tar.gz ++
4860 lines of diff (skipped)
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2020-07-16 12:17:08 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.3592 (New) Package is "singularity" Thu Jul 16 12:17:08 2020 rev:18 rq:821083 version:3.6.0 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2020-02-19 12:42:48.907887397 +0100 +++ /work/SRC/openSUSE:Factory/.singularity.new.3592/singularity.changes 2020-07-16 12:18:50.722988537 +0200 @@ -1,0 +2,85 @@ +Wed Jul 15 07:29:39 UTC 2020 - Ana Guerrero Lopez + +- New version 3.6.0. This version introduces a new signature format +for SIF images, and changes to the signing / verification code to address +the following security problems: + - CVE-2020-13845, bsc#1174150 + In Singularity 3.x versions below 3.6.0, issues allow the ECL to + be bypassed by a malicious user. + - CVE-2020-13846, bsc#1174148 + In Singularity 3.5 the --all / -a option to singularity verify + returns success even when some objects in a SIF container are not signed, + or cannot be verified. + - CVE-2020-13847, bsc#1174152 + In Singularity 3.x versions below 3.6.0, Singularity's sign and verify + commands do not sign metadata found in the global header or data object + descriptors of a SIF file, allowing an attacker to cause unexpected + behavior. A signed container may verify successfully, even when it has + been modified in ways that could be exploited to cause malicious behavior. +- New features / functionalities + - A new '--legacy-insecure' flag to verify allows verification of SIF + signatures in the old, insecure format. + - A new '-l / --logs' flag for instance list that shows the paths + to instance STDERR / STDOUT log files. + - The --json output of instance list now include paths to + STDERR / STDOUT log files. +- Changed defaults / behaviours + - New signature format (see security fixes above). + - Fixed spacing of singularity instance list to be dynamically changing + based off of input lengths instead of fixed number of spaces to account + for long instance names. +- Deprecate -a / --all option to sign/verify as new signature behavior + makes this the default. +- For more information about upstream changes, please check: + https://github.com/hpcng/singularity/blob/master/CHANGELOG.md + +--- +Mon May 25 12:41:38 UTC 2020 - Ana Guerrero Lopez + +- New pre-version 3.6.0 rc5 with many changes: +- New features / functionalities + - Singularity now supports the execution of minimal Docker/OCI + containers that do not contain /bin/sh, e.g. docker://hello-world. + - A new cache structure is used that is concurrency safe on a filesystem that + supports atomic rename. If you downgrade to Singularity 3.5 or older after + using 3.6 you will need to run singularity cache clean. + - A plugin system rework adds new hook points that will allow the + development of plugins that modify behavior of the runtime. An image driver + concept is introduced for plugins to support new ways of handling image and + overlay mounts. Plugins built for <=3.5 are not compatible with 3.6. + - The --bind flag can now bind directories from a SIF or ext3 image into a + container. + - The --fusemount feature to mount filesystems to a container via FUSE + drivers is now a supported feature (previously an experimental hidden flag). + - This permits users to mount e.g. sshfs and cvmfs filesystems to the + container at runtime. + - A new -c/--config flag allows an alternative singularity.conf to be + specified by the root user, or all users in an unprivileged installation. + - A new --env flag allows container environment variables to be set via the + Singularity command line. + - A new --env-file flag allows container environment variables to be set from + a specified file. + - A new --days flag for cache clean allows removal of items older than a + specified number of days. Replaces the --name flag which is not generally + useful as the cache entries are stored by hash, not a friendly name. +- Changed defaults / behaviours + - Environment variables prefixed with SINGULARITYENV_ always take + precedence over variables without SINGULARITYENV_ prefix. + - The %post build section inherits environment variables from the base image. + - %files from ... will now follow symlinks for sources that are directly + specified, or directly resolved from a glob pattern. It will not follow + symlinks found through directory traversal. This mirrors Docker multi-stage + COPY behaviour. + - Restored the CWD mount behaviour of v2, implying that CWD path is not recreated + inside container and any symlinks in the CWD path are not resolved
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2020-02-19 12:42:40
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.26092 (New)
Package is "singularity"
Wed Feb 19 12:42:40 2020 rev:17 rq:776224 version:3.5.3
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-12-21
12:30:30.903338518 +0100
+++ /work/SRC/openSUSE:Factory/.singularity.new.26092/singularity.changes
2020-02-19 12:42:48.907887397 +0100
@@ -1,0 +2,12 @@
+Wed Feb 19 07:36:23 UTC 2020 - Ana Guerrero Lopez
+
+- New version 3.5.3. Main changes:
+ * Container action scripts are no longer bound in from `etc/actions.d` on the
+host. They are created dynamically and inserted at container startup.
+ * `%files from ...` will no longer follow symlinks when copying between
+stages in a multi stage build, as symlinks should be copied so that they
+resolve identically in later stages. Copying `%files` from the host will
+still maintain previous behavior of following links.
+ * Many bug fixes, please read CHANGELOG.md
+
+---
Old:
singularity-3.5.2.tar.gz
New:
singularity-3.5.3.tar.gz
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.Qmz6Hl/_old 2020-02-19 12:42:50.843891125 +0100
+++ /var/tmp/diff_new_pack.Qmz6Hl/_new 2020-02-19 12:42:50.843891125 +0100
@@ -1,7 +1,7 @@
#
# spec file for package singularity
#
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,7 +23,7 @@
License:BSD-3-Clause-LBNL
Group: Productivity/Clustering/Computing
Name: singularity
-Version:3.5.2
+Version:3.5.3
Release:0
# https://spdx.org/licenses/BSD-3-Clause-LBNL.html
URL:https://www.sylabs.io/singularity/
@@ -94,7 +94,6 @@
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
make DESTDIR=$RPM_BUILD_ROOT install man
-chmod 644 $RPM_BUILD_ROOT%{_sysconfdir}/singularity/actions/*
# move bash completion to the right place
mkdir -pv %{buildroot}/%{_datadir}/bash-completion/completions/
mv %{buildroot}/%{_sysconfdir}/bash_completion.d/singularity \
@@ -143,12 +142,6 @@
%{_libexecdir}/singularity/bin/starter
%{_libexecdir}/singularity/cni/*
%dir %{_sysconfdir}/singularity
-%dir %{_sysconfdir}/singularity/actions/
-%config(noreplace) %attr(755, root, singularity)
%{_sysconfdir}/singularity/actions/exec
-%config(noreplace) %attr(755, root, singularity)
%{_sysconfdir}/singularity/actions/run
-%config(noreplace) %attr(755, root, singularity)
%{_sysconfdir}/singularity/actions/shell
-%config(noreplace) %attr(755, root, singularity)
%{_sysconfdir}/singularity/actions/start
-%config(noreplace) %attr(755, root, singularity)
%{_sysconfdir}/singularity/actions/test
%config(noreplace) %{_sysconfdir}/singularity/capability.json
%config(noreplace) %{_sysconfdir}/singularity/cgroups
%config(noreplace) %{_sysconfdir}/singularity/ecl.toml
++ singularity-3.5.2.tar.gz -> singularity-3.5.3.tar.gz ++
/work/SRC/openSUSE:Factory/singularity/singularity-3.5.2.tar.gz
/work/SRC/openSUSE:Factory/.singularity.new.26092/singularity-3.5.3.tar.gz
differ: char 5, line 1
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2019-12-21 12:30:16
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.6675 (New)
Package is "singularity"
Sat Dec 21 12:30:16 2019 rev:16 rq:758322 version:3.5.2
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-12-14
12:23:41.683196465 +0100
+++ /work/SRC/openSUSE:Factory/.singularity.new.6675/singularity.changes
2019-12-21 12:30:30.903338518 +0100
@@ -1,0 +2,16 @@
+Thu Dec 19 14:12:49 UTC 2019 - Ana Guerrero Lopez
+
+- New version 3.5.2. Main change is a fix for a security issue related
+ to incorrect file permissions (CVE-2019-19724) on user configuration
+ and cache directories. (boo#1159550)
+ For other minor bug fixes please read CHANGELOG.md
+
+---
+Thu Dec 19 08:21:59 UTC 2019 - Ana Guerrero Lopez
+
+- Update wording in SUSE.README
+- New patch, to get a more clear error message when user doesn't
+ belong to the singularity group
+ * useful_error_message.patch
+
+---
Old:
singularity-3.5.1.tar.gz
New:
singularity-3.5.2.tar.gz
useful_error_message.patch
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.3xVX3l/_old 2019-12-21 12:30:31.907338996 +0100
+++ /var/tmp/diff_new_pack.3xVX3l/_new 2019-12-21 12:30:31.915338999 +0100
@@ -23,7 +23,7 @@
License:BSD-3-Clause-LBNL
Group: Productivity/Clustering/Computing
Name: singularity
-Version:3.5.1
+Version:3.5.2
Release:0
# https://spdx.org/licenses/BSD-3-Clause-LBNL.html
URL:https://www.sylabs.io/singularity/
@@ -31,7 +31,7 @@
Source1:README.SUSE
Source5:%{name}-rpmlintrc
Patch0: build-position-independent-binaries.patch
-
+Patch1: useful_error_message.patch
BuildRequires: cryptsetup
BuildRequires: fdupes
BuildRequires: gcc
@@ -59,6 +59,7 @@
%prep
%setup -q -n gopath/%{singgopath} -c
%patch0 -p 4
+%patch1 -p 4
cp %{S:1} .
%build
++ README.SUSE ++
--- /var/tmp/diff_new_pack.3xVX3l/_old 2019-12-21 12:30:31.967339024 +0100
+++ /var/tmp/diff_new_pack.3xVX3l/_new 2019-12-21 12:30:31.967339024 +0100
@@ -1,8 +1,13 @@
openSUSE/SUSE specific Settings
===
-Different from the upstream default, the SUID root binaries
-are executible only by users belonging to the group 'singularity'.
+openSUSE and SUSE have a small difference with upstream default.
+This means the SUID root binaries distributed by singularty are
+executable only by users belonging to the group 'singularity'.
+
+Otherwise, users will get an error message like this one:
+
+FATAL: while executing /usr/lib/singularity/bin/starter-suid: permission
denied
To add a user to the group singularity, execute (as root):
++ singularity-3.5.1.tar.gz -> singularity-3.5.2.tar.gz ++
/work/SRC/openSUSE:Factory/singularity/singularity-3.5.1.tar.gz
/work/SRC/openSUSE:Factory/.singularity.new.6675/singularity-3.5.2.tar.gz
differ: char 5, line 1
++ useful_error_message.patch ++
Subject: Add an useful error message when the user doesn't belong to the
singularity group
Date: 2019.12.19
diff -Nrua
src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go
src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go
--- a/src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go
2019-12-03 23:07:06.0 +0100
+++ b/src/github.com/sylabs/singularity/internal/pkg/util/starter/starter.go
2019-12-18 00:48:35.670565337 +0100
@@ -90,7 +90,7 @@
return fmt.Errorf("while initializing starter command: %s", err)
}
err := unix.Exec(c.path, []string{name}, c.env)
- return fmt.Errorf("while executing %s: %s", c.path, err)
+ return fmt.Errorf("while executing %s: %s\nPlease read
/usr/share/doc/packages/singularity/README.SUSE to get help\n", c.path, err)
}
// Run executes the starter binary and returns once starter
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2019-12-14 12:20:12
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.4691 (New)
Package is "singularity"
Sat Dec 14 12:20:12 2019 rev:15 rq:756885 version:3.5.1
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-11-07
23:21:05.964830675 +0100
+++ /work/SRC/openSUSE:Factory/.singularity.new.4691/singularity.changes
2019-12-14 12:23:41.683196465 +0100
@@ -1,0 +2,13 @@
+Fri Dec 13 09:46:13 UTC 2019 - Ana Guerrero Lopez
+
+- New version 3.5.1. Many changes since 3.4.2, for the full changelog
+ please read CHANGELOG.md. Changes relevant to the package:
+ * New support for AMD GPUs via --rocm, install new configuration file
+rocmliblist.conf
+ * Requires Go 1.13
+- Update Source to download the release tarball that includes
+ the vendored modules.
+- Update patch:
+ * build-position-independent-binaries.patch
+
+---
Old:
singularity-3.4.2.tar.gz
New:
singularity-3.5.1.tar.gz
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.NboPUw/_old 2019-12-14 12:23:42.239196381 +0100
+++ /var/tmp/diff_new_pack.NboPUw/_new 2019-12-14 12:23:42.239196381 +0100
@@ -1,7 +1,7 @@
#
# spec file for package singularity
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,25 +23,20 @@
License:BSD-3-Clause-LBNL
Group: Productivity/Clustering/Computing
Name: singularity
-Version:3.4.2
+Version:3.5.1
Release:0
# https://spdx.org/licenses/BSD-3-Clause-LBNL.html
URL:https://www.sylabs.io/singularity/
-Source0:
https://github.com/sylabs/singularity/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0:
https://github.com/sylabs/singularity/releases/download/v%{version}/singularity-%{version}.tar.gz
Source1:README.SUSE
Source5:%{name}-rpmlintrc
Patch0: build-position-independent-binaries.patch
-BuildRequires: gcc
-# Remove after brokenness has been fixed
-%if 0%{?suse_version} > 1500
-BuildRequires: go >= 1.11
-%else
-BuildRequires: go1.11
-%endif
BuildRequires: cryptsetup
BuildRequires: fdupes
+BuildRequires: gcc
BuildRequires: git
+BuildRequires: go1.13
BuildRequires: libuuid-devel
BuildRequires: make
BuildRequires: openssl-devel
@@ -63,7 +58,6 @@
%prep
%setup -q -n gopath/%{singgopath} -c
-mv %{name}-%{version} %{name}
%patch0 -p 4
cp %{S:1} .
@@ -162,6 +156,7 @@
%config(noreplace) %{_sysconfdir}/singularity/seccomp-profiles
%config(noreplace) %{_sysconfdir}/singularity/singularity.conf
%config(noreplace) %{_sysconfdir}/singularity/remote.yaml
+%config(noreplace) %{_sysconfdir}/singularity/rocmliblist.conf
%{_datadir}/bash-completion/completions/singularity
%dir %{_localstatedir}/lib/singularity
%dir %{_localstatedir}/lib/singularity/mnt
++ build-position-independent-binaries.patch ++
--- /var/tmp/diff_new_pack.NboPUw/_old 2019-12-14 12:23:42.267196377 +0100
+++ /var/tmp/diff_new_pack.NboPUw/_new 2019-12-14 12:23:42.267196377 +0100
@@ -1,11 +1,5 @@
-From: Egbert Eich
-Date: Fri May 17 11:15:57 2019 +0200
Subject: build position independent binaries
-Patch-mainline: Not yet
-Git-commit: a083559a1c42459142e3501a33581089cb35e6d2
-References:
-
-Signed-off-by: Egbert Eich
+Date: 2019.12.13
---
src/github.com/sylabs/singularity/mlocal/frags/go_common_opts.mk | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
@@ -13,16 +7,12 @@
index 87359af..045563a 100644
--- a/src/github.com/sylabs/singularity/mlocal/frags/go_common_opts.mk
+++ b/src/github.com/sylabs/singularity/mlocal/frags/go_common_opts.mk
-@@ -3,10 +3,10 @@
+@@ -3,7 +3,7 @@
GO_TAGS := containers_image_openpgp sylog imgbuild_engine oci_engine
singularity_engine fakeroot_engine
GO_TAGS_SUID := containers_image_openpgp sylog singularity_engine
fakeroot_engine
GO_LDFLAGS :=
-GO_BUILDMODE := -buildmode=default
+GO_BUILDMODE := -buildmode=pie
- GO_GCFLAGS := -gcflags=all=-trimpath=$(SOURCEDIR)
- GO_ASMFLAGS := -asmflags=all=-trimpath=$(SOURCEDIR)
--GO_MODFLAGS :=
-+GO_MODFLAGS := -x -v -work
- GOFLAGS := -mod=vendor
-
- export GOFLAGS GO111MODULE
+ GO_GCFLAGS :=
+ GO_ASMFLAGS :=
+ GO_MODFLAGS := $(if $(wildcard
$(SOURCEDIR)/vendor/modules.txt),-mod=vendor,-mod=readonly)
++ singularity-3.4.2.tar.gz -> singularity-3.5.1.tar.gz
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-11-07 23:20:50 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.2990 (New) Package is "singularity" Thu Nov 7 23:20:50 2019 rev:14 rq:746206 version:3.4.2 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-09-26 20:40:23.430677722 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.2990/singularity.changes 2019-11-07 23:21:05.964830675 +0100 @@ -1,0 +2,10 @@ +Thu Nov 7 09:48:06 UTC 2019 - Ana Guerrero Lopez + +- New version 3.4.2, this release addresses the following issues: +- Sets workable permissions on OCI -> sandbox rootless builds +- Fallback correctly to user namespace for non setuid installation +- Correctly handle the starter-suid binary for non-root installs +- Creates CACHEDIR if it doesn't exist +- Set apex loglevel for umoci to match singularity loglevel + +--- Old: singularity-3.4.1.tar.gz New: singularity-3.4.2.tar.gz Other differences: -- ++ singularity.spec ++ --- /var/tmp/diff_new_pack.0gMVHW/_old 2019-11-07 23:21:06.648831409 +0100 +++ /var/tmp/diff_new_pack.0gMVHW/_new 2019-11-07 23:21:06.656831417 +0100 @@ -23,7 +23,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: singularity -Version:3.4.1 +Version:3.4.2 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://www.sylabs.io/singularity/ ++ singularity-3.4.1.tar.gz -> singularity-3.4.2.tar.gz ++ /work/SRC/openSUSE:Factory/singularity/singularity-3.4.1.tar.gz /work/SRC/openSUSE:Factory/.singularity.new.2990/singularity-3.4.2.tar.gz differ: char 16, line 1
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2019-09-26 20:40:15
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.2352 (New)
Package is "singularity"
Thu Sep 26 20:40:15 2019 rev:13 rq:733023 version:3.4.1
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-09-07
11:53:50.814270592 +0200
+++ /work/SRC/openSUSE:Factory/.singularity.new.2352/singularity.changes
2019-09-26 20:40:23.430677722 +0200
@@ -1,0 +2,23 @@
+Tue Sep 24 16:51:53 UTC 2019 - Egbert Eich
+
+- New version 3.4.1
+- This point release addresses the following issues:
+- Fixes an issue where a PID namespace was always being used
+- Fixes compilation on non 64-bit architectures
+- Allows fakeroot builds for zypper, pacstrap, and debootstrap
+- Correctly detects seccomp on OpenSUSE
+- Honors GO_MODFLAGS properly in the mconfig generated makefile
+- Passes the Mac hostname to the VM in MacOS Singularity builds
+- Handles temporary EAGAIN failures when setting up loop devices on
+ recent kernels.
+ * Removed obsoleted patches:
+- fix_build_in_32_bits.patch
+- fix_flags_order.patch
+
+---
+Mon Sep 23 09:15:14 UTC 2019 - Ana Guerrero Lopez
+
+- Fix build failure in i586. The patch is taken from upstream and should
+ be removed with the next release update.
+ * fix_build_in_32_bits.patch
+---
Old:
fix_flags_order.patch
singularity-3.4.0.tar.gz
New:
singularity-3.4.1.tar.gz
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.1efZsT/_old 2019-09-26 20:40:24.134675841 +0200
+++ /var/tmp/diff_new_pack.1efZsT/_new 2019-09-26 20:40:24.138675830 +0200
@@ -23,7 +23,7 @@
License:BSD-3-Clause-LBNL
Group: Productivity/Clustering/Computing
Name: singularity
-Version:3.4.0
+Version:3.4.1
Release:0
# https://spdx.org/licenses/BSD-3-Clause-LBNL.html
URL:https://www.sylabs.io/singularity/
@@ -31,7 +31,6 @@
Source1:README.SUSE
Source5:%{name}-rpmlintrc
Patch0: build-position-independent-binaries.patch
-Patch1: fix_flags_order.patch
BuildRequires: gcc
# Remove after brokenness has been fixed
@@ -66,7 +65,6 @@
%setup -q -n gopath/%{singgopath} -c
mv %{name}-%{version} %{name}
%patch0 -p 4
-%patch1 -p 4
cp %{S:1} .
%build
++ singularity-3.4.0.tar.gz -> singularity-3.4.1.tar.gz ++
/work/SRC/openSUSE:Factory/singularity/singularity-3.4.0.tar.gz
/work/SRC/openSUSE:Factory/.singularity.new.2352/singularity-3.4.1.tar.gz
differ: char 13, line 1
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2019-09-07 11:53:44
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.7948 (New)
Package is "singularity"
Sat Sep 7 11:53:44 2019 rev:12 rq:728714 version:3.4.0
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-07-22
12:20:25.251663888 +0200
+++ /work/SRC/openSUSE:Factory/.singularity.new.7948/singularity.changes
2019-09-07 11:53:50.814270592 +0200
@@ -1,0 +2,18 @@
+Tue Sep 3 14:39:35 UTC 2019 - Ana Guerrero Lopez
+
+- New version 3.4.0. Many changes since 3.2.1, for the full changelog
+ please read CHANGELOG.md
+- Add new BuildRequires on cryptsetup.
+- Patches refreshed:
+ * build-position-independent-binaries.patch
+- Patches removed, merged upstream:
+ * zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch
+ * Handle-zypper-error-code-correctly.patch
+ * Support-multi-line-bootdef-settings.patch
+ * Add-support-for-numbered-variables.patch
+ * Improve-zypper-integration.patch
+ * Add-unit-tests-for-zypper-installation-on-SLE.patch
+ * Fix-pgp-key-version-strings-and-paths.patch
+- Patches added, fix an issue with the flags order provided by the Makefile
+ * fix_flags_order.patch
+---
Old:
Add-support-for-numbered-variables.patch
Add-unit-tests-for-zypper-installation-on-SLE.patch
Fix-pgp-key-version-strings-and-paths.patch
Handle-zypper-error-code-correctly.patch
Improve-zypper-integration.patch
Support-multi-line-bootdef-settings.patch
singularity-3.2.1.tar.gz
zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch
New:
fix_flags_order.patch
singularity-3.4.0.tar.gz
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.21iQal/_old 2019-09-07 11:53:52.718270322 +0200
+++ /var/tmp/diff_new_pack.21iQal/_new 2019-09-07 11:53:52.718270322 +0200
@@ -23,7 +23,7 @@
License:BSD-3-Clause-LBNL
Group: Productivity/Clustering/Computing
Name: singularity
-Version:3.2.1
+Version:3.4.0
Release:0
# https://spdx.org/licenses/BSD-3-Clause-LBNL.html
URL:https://www.sylabs.io/singularity/
@@ -31,13 +31,7 @@
Source1:README.SUSE
Source5:%{name}-rpmlintrc
Patch0: build-position-independent-binaries.patch
-Patch1:
zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch
-Patch2: Handle-zypper-error-code-correctly.patch
-Patch3: Support-multi-line-bootdef-settings.patch
-Patch4: Add-support-for-numbered-variables.patch
-Patch5: Improve-zypper-integration.patch
-Patch6: Add-unit-tests-for-zypper-installation-on-SLE.patch
-Patch7: Fix-pgp-key-version-strings-and-paths.patch
+Patch1: fix_flags_order.patch
BuildRequires: gcc
# Remove after brokenness has been fixed
@@ -46,6 +40,7 @@
%else
BuildRequires: go1.11
%endif
+BuildRequires: cryptsetup
BuildRequires: fdupes
BuildRequires: git
BuildRequires: libuuid-devel
@@ -72,12 +67,6 @@
mv %{name}-%{version} %{name}
%patch0 -p 4
%patch1 -p 4
-%patch2 -p 4
-%patch3 -p 4
-%patch4 -p 4
-%patch5 -p 4
-%patch6 -p 4
-%patch7 -p 4
cp %{S:1} .
%build
++ build-position-independent-binaries.patch ++
--- /var/tmp/diff_new_pack.21iQal/_old 2019-09-07 11:53:52.746270318 +0200
+++ /var/tmp/diff_new_pack.21iQal/_new 2019-09-07 11:53:52.746270318 +0200
@@ -13,9 +13,9 @@
index 87359af..045563a 100644
--- a/src/github.com/sylabs/singularity/mlocal/frags/go_common_opts.mk
+++ b/src/github.com/sylabs/singularity/mlocal/frags/go_common_opts.mk
-@@ -2,10 +2,10 @@
- GO111MODULE := on
- GO_TAGS := containers_image_openpgp sylog
+@@ -3,10 +3,10 @@
+ GO_TAGS := containers_image_openpgp sylog imgbuild_engine oci_engine
singularity_engine fakeroot_engine
+ GO_TAGS_SUID := containers_image_openpgp sylog singularity_engine
fakeroot_engine
GO_LDFLAGS :=
-GO_BUILDMODE := -buildmode=default
+GO_BUILDMODE := -buildmode=pie
++ fix_flags_order.patch ++
From: Ana Guerrero Lopez
Date: Wed Sep 4 11:28:43 CEST 2019
Subject: Fix flags order
Patch-mainline: Not yet
References: https://github.com/sylabs/singularity/pull/4375
GO_MODFLAGS should be provided to the go subcommand, and not directly
to go.
Signed-off-by: Ana Guerrero Lopez
--- a/src/github.com/sylabs/singularity/mlocal/frags/build_scripts.mk.orig
2019-09-04 11:17:26.293034517 +0200
+++ b/src/github.com/sylabs/singularity/mlocal/frags/build_scripts.mk
2019-09-04 11:19:04.977038577 +0200
@@ -7,7 +7,7 @@
$(SOURCEDIR)/scripts/go-test:
commit singularity for openSUSE:Factory
Hello community, here is the log from the commit of package singularity for openSUSE:Factory checked in at 2019-07-22 12:20:23 Comparing /work/SRC/openSUSE:Factory/singularity (Old) and /work/SRC/openSUSE:Factory/.singularity.new.4126 (New) Package is "singularity" Mon Jul 22 12:20:23 2019 rev:11 rq:717250 version:3.2.1 Changes: --- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-05-16 22:08:30.090366518 +0200 +++ /work/SRC/openSUSE:Factory/.singularity.new.4126/singularity.changes 2019-07-22 12:20:25.251663888 +0200 @@ -2 +2 @@ -Wed May 15 14:18:54 UTC 2019 - Egbert Eich +Sat Jul 20 18:20:40 UTC 2019 - Egbert Eich @@ -4 +4,2 @@ -- Fix a typo in the SUSE Integration. +- Fix-pgp-key-version-strings-and-paths.patch + Fixing pgp key, version strings and paths. @@ -7 +8 @@ -Sun Apr 28 06:32:08 UTC 2019 - Egbert Eich +Tue Jun 11 14:49:00 UTC 2019 - Egbert Eich @@ -9,23 +10,119 @@ -- Improve support for openSUSE/SLE Singularity image creation: - * Add-support-for-SLE.patch -Add support for SLE. - * Create-chroot-only-after-settings-have-been-verified.patch -Create chroot only after settings have been verified. - * Don-t-hard-code-OS-version-if-non-is-specified.patch -Don't hard code OS version if non is specified. - * Handle-zypper-error-code-correctly.patch -Do not consider installation scriptlet failures an installation -failure. - * Support-multi-line-bootdef-settings.patch -If lines are separated by a '\' in a bootdef setting definition -concatenate them. If the characters before the trailing '\' are -'\n', replace by a newline. - * When-writing-a-file-to-the-container-unlink-if-it-exists-as-link-or-directory.patch -If a link or a directory exists with the same name as a file to -be written to the container, remove it before writing the the file. -Removing a link avoids issues if the link target cannot be written -to. - * Update README.SUSE: Describe bootdef variables. -- Fix rpmlint warning: - * api.py-Remove-shbang-not-meant-for-direct-execution.patch -Remove shbang - not meant for direct execution. +- Update to version 3.2.1: + This point release fixes the following bugs: + * Allows users to join instances with non-suid workflow + * Removes false warning when seccomp is disabled on the host + * Fixes an issue in the terminal when piping output to commands + * Binds NVIDIA persistenced socket when `--nv` is invoked + +--- +Thu Jun 6 14:10:47 UTC 2019 - Egbert Eich + +- Improve integration with SUSE Products: add support to create + Singularity images with SLE. + * build-position-independent-binaries.patch: +Make sure, the built binaries adhere to the packaging guidelines. + * zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch: +Newer SUSE versions use a different path for the RPM database. + * Handle-zypper-error-code-correctly.patch: +When the installation succeeds by an installation scriptlet fails +zypper returns error code 107. Don't treat this as an error. + * Support-multi-line-bootdef-settings.patch: +In order to specify a repository GPG key, add support for +multi line variables. + * Add-support-for-numbered-variables.patch: +In order to specify a list of additional repos, add support +to 'indexed' variables. + * Improve-zypper-integration.patch: +Improve handling of SUSE repositires: +- For SLE, use SUSEConnect to get all product repos. +- Allow to specify a repository GPG key. +- Allow to specify additional installation repositories. + * Add-unit-tests-for-zypper-installation-on-SLE.patch +Add unit tests. + +--- +Sat May 18 15:42:45 UTC 2019 - Egbert Eich + +- Add group 'singularity', fix ownerships. + +--- +Thu May 16 07:03:34 UTC 2019 - Egbert Eich + +- Updated to singularity v3.2.0 + * [Security related fix](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11328) + Instance files are now stored in user's home directory for privacy and + many checks have been added to ensure that a user can't manipulate files + to change `starter-suid` behavior when instances are joined (many thanks + to Matthias Gerstner from the SUSE security team for finding and securely + reporting this vulnerability) + (CVE-2019-11328, bsc#1128598) + * New features / functionalities + - Introduced a new basic framework for creating and managing plugins + - Added the ability to create containers through multi-stage builds + - Created the concept of a Sylabs Cloud "remote" endpoint and added the + ability for users and admins to set them through CLI
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2019-05-16 22:08:28
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.5148 (New)
Package is "singularity"
Thu May 16 22:08:28 2019 rev:10 rq:703166 version:2.6.1
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-05-02
19:16:42.857351503 +0200
+++ /work/SRC/openSUSE:Factory/.singularity.new.5148/singularity.changes
2019-05-16 22:08:30.090366518 +0200
@@ -1,0 +2,5 @@
+Wed May 15 14:18:54 UTC 2019 - Egbert Eich
+
+- Fix a typo in the SUSE Integration.
+
+---
Other differences:
--
++ Add-support-for-SLE.patch ++
--- /var/tmp/diff_new_pack.j64YUv/_old 2019-05-16 22:08:31.470365264 +0200
+++ /var/tmp/diff_new_pack.j64YUv/_new 2019-05-16 22:08:31.470365264 +0200
@@ -65,7 +65,7 @@
+tmp=${OSVERSION#*.}
+if [ $tmp -gt 0 ]; then
+ OSSERVICEPACK=-SP${tmp}
-+ OSMINOR=".%{tmp}"
++ OSMINOR=".${tmp}"
+else
+ OSSERVICEPACK=
+ OSMINOR=
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2019-05-02 19:16:41
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.5148 (New)
Package is "singularity"
Thu May 2 19:16:41 2019 rev:9 rq:699554 version:2.6.1
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-02-19
12:02:40.305067650 +0100
+++ /work/SRC/openSUSE:Factory/.singularity.new.5148/singularity.changes
2019-05-02 19:16:42.857351503 +0200
@@ -1,0 +2,27 @@
+Sun Apr 28 06:32:08 UTC 2019 - Egbert Eich
+
+- Improve support for openSUSE/SLE Singularity image creation:
+ * Add-support-for-SLE.patch
+Add support for SLE.
+ * Create-chroot-only-after-settings-have-been-verified.patch
+Create chroot only after settings have been verified.
+ * Don-t-hard-code-OS-version-if-non-is-specified.patch
+Don't hard code OS version if non is specified.
+ * Handle-zypper-error-code-correctly.patch
+Do not consider installation scriptlet failures an installation
+failure.
+ * Support-multi-line-bootdef-settings.patch
+If lines are separated by a '\' in a bootdef setting definition
+concatenate them. If the characters before the trailing '\' are
+'\n', replace by a newline.
+ *
When-writing-a-file-to-the-container-unlink-if-it-exists-as-link-or-directory.patch
+If a link or a directory exists with the same name as a file to
+be written to the container, remove it before writing the the file.
+Removing a link avoids issues if the link target cannot be written
+to.
+ * Update README.SUSE: Describe bootdef variables.
+- Fix rpmlint warning:
+ * api.py-Remove-shbang-not-meant-for-direct-execution.patch
+Remove shbang - not meant for direct execution.
+
+---
New:
Add-support-for-SLE.patch
Create-chroot-only-after-settings-have-been-verified.patch
Don-t-hard-code-OS-version-if-non-is-specified.patch
Handle-zypper-error-code-correctly.patch
Support-multi-line-bootdef-settings.patch
When-writing-a-file-to-the-container-unlink-if-it-exists-as-link-or-directory.patch
api.py-Remove-shbang-not-meant-for-direct-execution.patch
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.DZMAQU/_old 2019-05-02 19:16:43.749353142 +0200
+++ /var/tmp/diff_new_pack.DZMAQU/_new 2019-05-02 19:16:43.749353142 +0200
@@ -42,6 +42,14 @@
Source1:README.SUSE
Source5:singularity-rpmlintrc
Patch1:
zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch
+Patch2: Handle-zypper-error-code-correctly.patch
+Patch3:
When-writing-a-file-to-the-container-unlink-if-it-exists-as-link-or-directory.patch
+Patch4: Support-multi-line-bootdef-settings.patch
+Patch5: api.py-Remove-shbang-not-meant-for-direct-execution.patch
+Patch6: Add-support-for-SLE.patch
+Patch7: Don-t-hard-code-OS-version-if-non-is-specified.patch
+Patch8: Create-chroot-only-after-settings-have-been-verified.patch
+
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -87,6 +95,13 @@
%prep
%setup -q -n %{name}-%{github_ref}
%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
cp %{S:1} .
%build
++ Add-support-for-SLE.patch ++
From: Egbert Eich
Date: Sun Apr 28 07:36:08 2019 +0200
Subject: Add support for SLE
Patch-mainline: Not yet
Git-commit: da37d2c1863e019a0d187f0c25620bc91649aac1
References:
SLE uses SUSEConnect to register a product and find its repositories.
SLE-15 requires the installer to be present as well as a list of modules.
Signed-off-by: Egbert Eich
---
singularity-2.6.0/bootstrap-scripts/deffile-driver-zypper.sh | 116
++---
1 file changed, 103 insertions(+), 13 deletions(-)
diff --git
a/singularity-2.6.0/libexec/bootstrap-scripts/deffile-driver-zypper.sh
b/singularity-2.6.0/libexec/bootstrap-scripts/deffile-driver-zypper.sh
index 3052a52..d744d9e 100644
--- a/libexec/bootstrap-scripts/deffile-driver-zypper.sh
+++ b/libexec/bootstrap-scripts/deffile-driver-zypper.sh
@@ -37,6 +37,7 @@ if [ -z "${SINGULARITY_ROOTFS:-}" ]; then
exit 1
fi
+BASE_PACKAGE_LIST=aaa_base
## BEGIN BOOTSTRAP SCRIPT ##
@@ -88,17 +89,68 @@ if [ -z "${OSVERSION:-}" ]; then
fi
fi
-MIRROR=`echo "${MIRRORURL:-}" | sed -r "s/%\{?OSVERSION\}?/$OSVERSION/gi"`
-MIRROR_META=`echo "${METALINK:-}" | sed -r "s/%\{?OSVERSION\}?/$OSVERSION/gi"`
-if [ -z "${MIRROR:-}" ] && [ -z "${MIRROR_META:-}" ]; then
-message ERROR "No 'MirrorURL' or 'MetaLink' defined
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2019-02-19 12:02:08
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.28833 (New)
Package is "singularity"
Tue Feb 19 12:02:08 2019 rev:8 rq:677135 version:2.6.1
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2019-01-05
14:42:50.076455974 +0100
+++ /work/SRC/openSUSE:Factory/.singularity.new.28833/singularity.changes
2019-02-19 12:02:40.305067650 +0100
@@ -1,0 +2,7 @@
+Fri Feb 15 18:42:02 UTC 2019 - Egbert Eich
+
+- On Leap 42 or SLE 12 / PackageHub12 do not check the
+ permissions version: unfortunately the version number
+ has no relation to the patch set applied (bsc#1125369).
+
+---
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.CwA3AZ/_old 2019-02-19 12:02:41.209067186 +0100
+++ /var/tmp/diff_new_pack.CwA3AZ/_new 2019-02-19 12:02:41.213067184 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -52,7 +52,13 @@
BuildRequires: libarchive-devel
BuildRequires: python
%{?allow_suid:Requires(pre): shadow}
+%if 0%{?sle_version} >= 120200 && 0%{?sle_version} < 15
+# On SLE 12 there is no way to check if the proper version has
+# been installed. Trust that the user has done updates.
+PreReq: permissions
+%else
PreReq: permissions >= 20170922
+%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2019-01-05 14:42:48
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new.28833 (New)
Package is "singularity"
Sat Jan 5 14:42:48 2019 rev:7 rq:662782 version:2.6.1
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2018-11-01
14:40:06.466903282 +0100
+++ /work/SRC/openSUSE:Factory/.singularity.new.28833/singularity.changes
2019-01-05 14:42:50.076455974 +0100
@@ -1,0 +2,15 @@
+Fri Jan 4 11:05:14 UTC 2019 - e...@suse.com
+
+- Change from /var/singularity to /var/lib/singularity
+- zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch:
+ Fix the RPM db path for later versions of SUSE.
+- Fix warning on bash-completion file about non-executible script.
+
+---
+Mon Dec 17 09:48:05 UTC 2018 - cg...@suse.com
+
+- Updated to 2.6.1 to fix CVE-2018-19295 (bsc#411).
+ * mount points are not mounted with shared mount propagation by
+default anymore, as this may result in privilege escalation.
+
+---
@@ -7,0 +23,6 @@
+
+---
+Tue Oct 30 16:13:05 UTC 2018 - e...@suse.com
+
+- Add bash completions directory to file list for suse_version < 1500
+ to keep the build checker happy.
Old:
singularity-2.6.0.tar.gz
New:
singularity-2.6.1.tar.gz
zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.xVv8WD/_old 2019-01-05 14:42:50.616455516 +0100
+++ /var/tmp/diff_new_pack.xVv8WD/_new 2019-01-05 14:42:50.620455513 +0100
@@ -1,7 +1,7 @@
#
# spec file for package singularity
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
#
%define libsingularity libsingularity1
-%define git_version 2.6.0
+%define git_version 2.6.1
# slurm build broken
%define have_slurm 0
@@ -41,6 +41,7 @@
Source:
https://github.com/singularityware/%{name}/archive/%{github_ref}.tar.gz#/%{name}-%{version}.tar.gz
Source1:README.SUSE
Source5:singularity-rpmlintrc
+Patch1:
zypper-install-Fix-dbpath-for-newer-versions-of-SUSE-Linux.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -79,11 +80,13 @@
%prep
%setup -q -n %{name}-%{github_ref}
+%patch1 -p1
cp %{S:1} .
%build
./autogen.sh
%configure \
+ --localstatedir=%{_localstatedir}/lib \
%{!?allow_suid:--disable-suid} \
--with-userns \
--with-gnu-ld \
@@ -104,6 +107,8 @@
mkdir -p %{buildroot}/%{_datadir}/bash-completion/completions/
mv %{buildroot}/%{_sysconfdir}/bash_completion.d/%{name} \
%{buildroot}/%{_datadir}/bash-completion/completions/%{name}
+sed -i -e '/#\!/d' %{buildroot}/%{_datadir}/bash-completion/completions/%{name}
+for file in $(find %{buildroot}/%{_libexecdir} -name \*.py); do grep
"/usr/bin/env" $file && sed -i 's@/usr/bin/env python@/usr/bin/python@' $file;
done
%fdupes %{buildroot}
%post -n %{libsingularity} -p /sbin/ldconfig
@@ -150,6 +155,10 @@
%config(noreplace) %{_sysconfdir}/%{name}/init
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/%{name}/nvliblist.conf
+%if 0%{?suse_version} < 1500
+%dir %{_datadir}/bash-completion
+%dir %{_datadir}/bash-completion/completions
+%endif
%{_datadir}/bash-completion/completions/%{name}
%{_bindir}/%{name}
%{_bindir}/run-%{name}
@@ -157,7 +166,7 @@
%exclude %{_libdir}/%{name}/lib%{name}-*.so*
%{?allow_suid:%verify(not mode) %attr(4750,root,%{name})
%{_libexecdir}/%{name}/bin/*-suid}
%{_mandir}/man1/%{name}.1.gz
-%{_var}/%{name}
+%{_localstatedir}/lib/%{name}
%files -n %{libsingularity}
%defattr(-,root,root)
++ singularity-2.6.0.tar.gz -> singularity-2.6.1.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/singularity-2.6.0/CHANGELOG.md
new/singularity-2.6.1/CHANGELOG.md
--- old/singularity-2.6.0/CHANGELOG.md 2018-08-04 03:00:49.0 +0200
+++ new/singularity-2.6.1/CHANGELOG.md 2018-12-11 15:24:13.0 +0100
@@ -12,8 +12,17 @@
- migration guidance (how to convert images?)
- changed behaviour (recipe sections work differently)
+## [v2.6.1]
+
+### [Security related
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2018-11-01 14:40:05
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new (New)
Package is "singularity"
Thu Nov 1 14:40:05 2018 rev:6 rq:645743 version:2.6.0
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2018-10-15
10:49:41.254989828 +0200
+++ /work/SRC/openSUSE:Factory/.singularity.new/singularity.changes
2018-11-01 14:40:06.466903282 +0100
@@ -1,0 +2,8 @@
+Wed Oct 31 12:11:34 UTC 2018 - matthias.gerst...@suse.com
+
+- Also package the directory tree rooted at /var/singularity/.
+ Otherwise running a container fails with:
+
+ 'Failed to resolve path to /var/singularity/mnt/container: No such file or
directory'
+
+---
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.1EQbnh/_old 2018-11-01 14:40:07.126903216 +0100
+++ /var/tmp/diff_new_pack.1EQbnh/_new 2018-11-01 14:40:07.130903215 +0100
@@ -157,6 +157,7 @@
%exclude %{_libdir}/%{name}/lib%{name}-*.so*
%{?allow_suid:%verify(not mode) %attr(4750,root,%{name})
%{_libexecdir}/%{name}/bin/*-suid}
%{_mandir}/man1/%{name}.1.gz
+%{_var}/%{name}
%files -n %{libsingularity}
%defattr(-,root,root)
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2018-10-15 10:49:35
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new (New)
Package is "singularity"
Mon Oct 15 10:49:35 2018 rev:5 rq:641910 version:2.6.0
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2017-11-07
10:04:51.679362472 +0100
+++ /work/SRC/openSUSE:Factory/.singularity.new/singularity.changes
2018-10-15 10:49:41.254989828 +0200
@@ -1,0 +2,62 @@
+Sun Oct 14 09:03:26 UTC 2018 - e...@suse.com
+
+- Update to version 2.6.0
+ * Allow admin to specify a non-standard location for mksquashfs binary at
+build time with '--with-mksquashfs' option #1662
+ * '--nv' option will use
+[nvidia-container-cli](https://github.com/NVIDIA/libnvidia-container) if
+installed #1681
+ * [nvliblist.conf]
+
(https://github.com/singularityware/singularity/blob/master/etc/nvliblist.conf)
+now has a section for binaries #1681
+ * '--nv' can be made default with all action commands in singularity.conf
+#1681
+ * '--nv' can be controlled by env vars '$SINGULARITY_NV' and
+'$SINGULARITY_NV_OFF' #1681
+ * Refactored travis build and packaging tests #1601
+ * Added build and packaging tests for Debian 8/9 and openSUSE 42.3/15.0 #1713
+ * Restore shim init process for proper signal handling and child reaping when
+container is initiated in its own PID namespace #1221
+ * Add '-i' option to image.create to specify the inode ratio. #1759
+ * Bind '/dev/nvidia*' into the container when the '--nv' flag is used in
+conjuction with the '--contain' flag #1358
+ * Add '--no-home' option to not mount user $HOME if it is not the $CWD and
+'mount home = yes' is set. #1761
+ * Added support for OAUTH2 Docker registries like Azure Container Registry
+#1622
+ ### Bug fixes
+ * Fix 404 when using Arch Linux bootstrap #1731
+ * Fix environment variables clearing while starting instances #1766
+
+---
+Mon Jul 9 16:37:37 UTC 2018 - e...@suse.com
+
+- Use %license instead of %doc for license files on newer products.
+- Fix bash completion path.
+
+---
+Fri Jul 6 08:20:06 UTC 2018 - cg...@suse.com
+
+- Updated from 2.3.2 to 2.5.2
+- Fix security issues for incorrect access control on systems
+ supporting overlay file system descirbed in CVE-2018-12021 and
+ bsc#1100333
+ Highlights of 2.5.2
+ * a new `build` command was added to replace `create` +
+`bootstrap`
+ * default image format is squashfs, eliminating the need to
+specify a size
+ * a `localimage` can be used as a build base, including ext3,
+sandbox, and other squashfs images
+ * singularity hub can now be used as a base with the uri
+ * Restore docker-extract aufs whiteout handling that implements
+correct extraction of docker container layers.
+ * several bug fixes, see CHANGELOG.md for details
+- Removed: singularity-2.3.2.tar.gz
+- Added: singularity-2.5.2.tar.gz
+- Removed 'notyet' if conditions in specfile to allow files
+ introduced in v2.5.2
+- Fixed access control on systems supporting overlay file system
+ (CVE-2018-12021, boo#1100333).
+
+---
Old:
singularity-2.3.2.tar.gz
New:
singularity-2.6.0.tar.gz
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.onGB6i/_old 2018-10-15 10:49:42.750988232 +0200
+++ /var/tmp/diff_new_pack.onGB6i/_new 2018-10-15 10:49:42.750988232 +0200
@@ -1,7 +1,7 @@
#
# spec file for package singularity
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,8 +19,7 @@
#
%define libsingularity libsingularity1
-%define git_version 2.3.2
-#%%define not_yet 0
+%define git_version 2.6.0
# slurm build broken
%define have_slurm 0
@@ -49,6 +48,7 @@
BuildRequires: slurm-devel
%endif
BuildRequires: fdupes
+BuildRequires: libarchive-devel
BuildRequires: python
%{?allow_suid:Requires(pre): shadow}
PreReq: permissions >= 20170922
@@ -101,6 +101,9 @@
# fix broken permissions
chmod a-x %{buildroot}/%{_libexecdir}/%{name}/python/docker/__init__.py
chmod a-x %{buildroot}/%{_libexecdir}/%{name}/python/__init__.py
+mkdir -p %{buildroot}/%{_datadir}/bash-completion/completions/
+mv %{buildroot}/%{_sysconfdir}/bash_completion.d/%{name} \
+
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2017-11-07 10:04:28
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new (New)
Package is "singularity"
Tue Nov 7 10:04:28 2017 rev:4 rq:539325 version:2.3.2
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2017-11-04
10:25:24.751349608 +0100
+++ /work/SRC/openSUSE:Factory/.singularity.new/singularity.changes
2017-11-07 10:04:51.679362472 +0100
@@ -1,0 +2,6 @@
+Mon Nov 6 09:48:19 UTC 2017 - e...@suse.com
+
+- Restrict permissions file version to a version which has
+ the required singularity entries.
+
+---
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.SdrkL1/_old 2017-11-07 10:04:54.443262192 +0100
+++ /var/tmp/diff_new_pack.SdrkL1/_new 2017-11-07 10:04:54.443262192 +0100
@@ -51,7 +51,7 @@
BuildRequires: fdupes
BuildRequires: python
%{?allow_suid:Requires(pre): shadow}
-PreReq: permissions
+PreReq: permissions >= 20170922
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2017-11-04 10:25:19
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new (New)
Package is "singularity"
Sat Nov 4 10:25:19 2017 rev:3 rq:538588 version:2.3.2
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2017-10-06
11:05:01.759015755 +0200
+++ /work/SRC/openSUSE:Factory/.singularity.new/singularity.changes
2017-11-04 10:25:24.751349608 +0100
@@ -1,0 +2,8 @@
+Thu Nov 2 09:05:09 UTC 2017 - e...@suse.com
+
+- Update to 2.3.2:
+ * Fix for a change that Docker implemented to their registry
+RESTful API which broke compatibility with Singularity.
+ * Several other low minor fixes.
+
+---
Old:
singularity-2.3.1.tar.gz
New:
singularity-2.3.2.tar.gz
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.tZJKuL/_old 2017-11-04 10:25:25.535321080 +0100
+++ /var/tmp/diff_new_pack.tZJKuL/_new 2017-11-04 10:25:25.539320935 +0100
@@ -19,7 +19,8 @@
#
%define libsingularity libsingularity1
-%define git_version 2.3.1
+%define git_version 2.3.2
+#%%define not_yet 0
# slurm build broken
%define have_slurm 0
@@ -118,6 +119,9 @@
%set_permissions %{_libexecdir}/%{name}/bin/action-suid
%set_permissions %{_libexecdir}/%{name}/bin/export-suid
%set_permissions %{_libexecdir}/%{name}/bin/import-suid
+%if 0%{?not_yet:1}
+%set_permissions %{_libexecdir}/%{name}/bin/start-suid
+%endif
%verifyscript
%verify_permissions %{_libexecdir}/%{name}/bin/expand-suid
@@ -126,15 +130,26 @@
%verify_permissions %{_libexecdir}/%{name}/bin/action-suid
%verify_permissions %{_libexecdir}/%{name}/bin/export-suid
%verify_permissions %{_libexecdir}/%{name}/bin/import-suid
+%if 0%{?not_yet:1}
+%set_permissions %{_libexecdir}/%{name}/bin/start-suid
+%endif
%endif
%files
%defattr(-,root,root)
-%doc examples AUTHORS.md CONTRIBUTING.md LICENSE-LBNL.md README.md
%{basename:%{S:1}}
+%doc examples CONTRIBUTING.md LICENSE-LBNL.md README.md %{basename:%{S:1}}
+%if 0%{?not_yet:1}
+%doc COPYRIGHT.md CONTRIBUTORS.md LICENSE.md
+%else
+%doc AUTHORS.md
+%endif
%attr(0755,root,root) %dir %{_sysconfdir}/%{name}
-%config %{_sysconfdir}/%{name}/default-nsswitch.conf
-%config %{_sysconfdir}/%{name}/init
+%config(noreplace) %{_sysconfdir}/%{name}/default-nsswitch.conf
+%config(noreplace) %{_sysconfdir}/%{name}/init
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
+%if 0%{?not_yet:1}
+%config(noreplace) %{_sysconfdir}/%{name}/nvliblist.conf
+%endif
%{_sysconfdir}/bash_completion.d/%{name}
%{_bindir}/%{name}
%{_bindir}/run-%{name}
++ singularity-2.3.1.tar.gz -> singularity-2.3.2.tar.gz ++
3576 lines of diff (skipped)
commit singularity for openSUSE:Factory
Hello community,
here is the log from the commit of package singularity for openSUSE:Factory
checked in at 2017-10-06 11:04:58
Comparing /work/SRC/openSUSE:Factory/singularity (Old)
and /work/SRC/openSUSE:Factory/.singularity.new (New)
Package is "singularity"
Fri Oct 6 11:04:58 2017 rev:2 rq:531762 version:2.3.1
Changes:
--- /work/SRC/openSUSE:Factory/singularity/singularity.changes 2017-10-05
11:57:54.567992569 +0200
+++ /work/SRC/openSUSE:Factory/.singularity.new/singularity.changes
2017-10-06 11:05:01.759015755 +0200
@@ -1,0 +2,9 @@
+Thu Oct 5 10:12:04 UTC 2017 - e...@suse.com
+
+- Removed:
+ Do-chdir-before-duing-chroot.patch:
+ After checking with the security team that there are no concerns
+ about doing the chdir() after the chroot(), remove this patch and
+ add a filter to keep rpmlint from complaining (bsc#1028304).
+
+---
Old:
Do-chdir-before-duing-chroot.patch
Other differences:
--
++ singularity.spec ++
--- /var/tmp/diff_new_pack.aDKYOP/_old 2017-10-06 11:05:02.394919577 +0200
+++ /var/tmp/diff_new_pack.aDKYOP/_new 2017-10-06 11:05:02.394919577 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package slurm
+# spec file for package singularity
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
@@ -14,6 +14,9 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+
+
+#
%define libsingularity libsingularity1
%define git_version 2.3.1
@@ -38,9 +41,8 @@
Source:
https://github.com/singularityware/%{name}/archive/%{github_ref}.tar.gz#/%{name}-%{version}.tar.gz
Source1:README.SUSE
Source5:singularity-rpmlintrc
-Patch1: Do-chdir-before-duing-chroot.patch
-BuildRequires: automake
BuildRequires: autoconf
+BuildRequires: automake
BuildRequires: libtool
%if 0%{?have_slurm}
BuildRequires: slurm-devel
@@ -76,7 +78,6 @@
%prep
%setup -q -n %{name}-%{github_ref}
-%patch1 -p1
cp %{S:1} .
%build
@@ -101,7 +102,6 @@
chmod a-x %{buildroot}/%{_libexecdir}/%{name}/python/__init__.py
%fdupes %{buildroot}
-
%post -n %{libsingularity} -p /sbin/ldconfig
%postun -n %{libsingularity} -p /sbin/ldconfig
++ singularity-rpmlintrc ++
--- /var/tmp/diff_new_pack.aDKYOP/_old 2017-10-06 11:05:02.474907479 +0200
+++ /var/tmp/diff_new_pack.aDKYOP/_new 2017-10-06 11:05:02.482906270 +0200
@@ -2,3 +2,4 @@
# devel:openSUSE:Factory:rpmlint/rpmlint is in
# Factory
addFilter(".*non-standard-gid.*")
+addFilter(".*missing-call-to-chdir-with-chroot.*")
