This fixes CVE-2020-8945 by incorporating proglottis/gpgme#23 .
Other changes included by the rebase:
- Support for gpgme_off_t (~no-op on Linux)
- Wrapping a few more GPGME functions (irrelevant if we don't call them)
Given how invasive the CVE fix is (affecting basically all binding
code), it seems safer to just update the package (and be verifiably
equivalent with upstream) than to backport and try to back out the few
other changes.
Performed by updating vendor conf,
$ vndr github.com/mtrmac/gpgme
and manually backing out unrelated deletions of files.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Bump github.com/containers/image to version
5e5b67d6b1cf43cc349128ec3ed7d5283a6cc0d1, which modifies copy.Image() to
add the new image's manifest to the values that it returns.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Needed to pick up this change:
ostree: use the same thread for ostree operations
Since https://github.com/ostreedev/ostree/pull/1555, locking is
enabled by default in OSTree. Unfortunately it uses thread-private
data and it breaks the Golang bindings. Force the same thread for the
write operations to the OSTree repository.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
skopeo is failing to build now on 32 bit systems. go-selinux update
should fix this. Also container/storage has had some cleanup fixes
to devicemapper support.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
containers/storage and storage.conf now support flags to allow users
to setup containers/storage to run on devicemapper.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
docker-archive and oci-archive now allow the image reference
for the destination to be empty.
Update tests for this new change.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Add multitag support when generating docker-archive tarballs via the
newly added '--aditional-tag' option, which can be specified multiple
times to add more than one tag. All specified tags will be added to the
RepoTags field in the docker-archive's manifest.json file.
This change requires to vendor the latest containers/image with
commit a1a9391830fd08637edbe45133fd0a8a2682ae75.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
containers/image returns a more detailed error message for oci and
oci-archive transports when the syntax given by the user is incorrect
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The dir transport has been changed to save the blobs without the .tar extension
Fixes the skopeo tests failing due to this change
Signed-off-by: umohnani8 <umohnani@redhat.com>
Anyone running (vndr) currently ends up with failing tests in OCI schema
validation because gojsonschema has fixed its "$ref" interpretation, exposing
inconsistent URI usage inside image-spec/schema.
So, this runs (vndr), and uses mtrmac/image-spec:id-based-loader
( https://github.com/opencontainers/image-spec/pull/739 ) to make the tests pass
again. As soon as that PR is merged we should revert to using the upstream
image-spec repo again.
Re-vendor containers/storage to current revision
0d32dfce498e06c132c60dac945081bf44c22464, and containers/image to
current revision c8bcd6aa11c62637c5a7da1420f43dd6a15f0e8d.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
PR #440 reverted the vendor.conf edits of #426. This passed CI
because the corresponding vendor/* subpackages were not modified.
Restore the vendor.conf changes, and re-run full (vndr) to ensure
the two are consistent again.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We want to get support into skopeo for handling
override_kernel_checks so that we can use overlay
backend on RHEL.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This requires re-vendoring a bunch of other things (as well as the old
Sirupsen/logrus path), the relevant commits being:
* github.com/xeipuuv/gojsonschema@0c8571ac0ce161a5feb57375a9cdf148c98c0f70
* github.com/xeipuuv/gojsonpointer@6fe8760cad3569743d51ddbb243b26f8456742dc
* github.com/xeipuuv/gojsonreference@e02fc20de94c78484cd5ffb007f8af96be030a45
* go4.org@034d17a462f7b2dcd1a4a73553ec5357ff6e6c6e
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Update containers/storage and containers/image to the
current-as-of-this-writing versions,
105f7c77aef0c797429e41552743bf5b03b63263 and
23bddaa64cc6bf3f3077cda0dbf1cdd7007434df respectively.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
