These changes substantially mirror similar updates made recently to both
podman and buildah. Besides renaming `Dockerfile` -> `Containerfile`,
there are much needed updates to docs, and the build instructions.
Signed-off-by: Chris Evich <cevich@redhat.com>
The github actions workflow for this operation is complex and difficult
to maintain. For several months now a replacement has been running well
in the podman repository. It's scripts/components are centralized,
versioned, unit, and integration tested. Add cirrus tasks to run the
build, and another task to allow test builds in a PR.
This also adds support for a new magic CI string: `[CI:BUILD]`.
With this string in the PR title, automation will only do basic build
verification, and enable testing of the multi-arch build process.
Otherwise, many tasks were updated to not be created when running the
cirrus-cron multi-arch image builds, since this would simply be a waste
of time and invitation for flakes.
Lastly, since only native tooling is used in the new build process,
rename all the recipes to `Containerfile`.
Signed-off-by: Chris Evich <cevich@redhat.com>
For whatever reason, the comment rearrangement is
required for vim rpm synatx highlighting to work.
Also added a comment pointing out where additional comments
should go. :)
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The new file `skopeo.spec.rpkg` along with a webhook will automatically
build rpms on every PR merge on the main branch.
Run `rpkg local` or `make rpm` to generate the rpm.
Known issue: Doesn't yet build for EL8 environments.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
We expect schema1 images to work. Also, docker/distribution
doesn't provide useful errors for rejected schema1 images
( https://github.com/distribution/distribution/issues/2925 ),
which makes it impractical for Skopeo to automatically convert
schema1 to schema2.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The k8s.gcr.io/coredns/coredns repo now contains an OCI
artifact, which we can't copy; so, use a different
repo to test syncing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... to silence Dependabot alerts about CVE-2022-29162 = GHSA-f3fp-gc8g-vw66.
Note that the vulnerable code is not actually included in Skopeo at all,
this is purely to silence imprecise vulnerability checkers.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The {a,b} syntax is not POSIX compatible. The Makefile should run with
all POSIX shells so we cannot use shell specific features like this.
Fixes#1657
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
... to include a fix for CVE-2022-28948 = GHSA-hp87-p4gw-j4gq .
Note that the package is only used for Skopeo's tests, so
Skopeo's users can't reach the vulnerable code.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Make sure skopeo copy/inspect/delete show the transport names when shell
completion is used to not regress compared to the old bash completion
script.
In theory I would highly recommend to set completion functions for
every flag and command. This can be ensured with a test like this:
https://github.com/containers/podman/blob/main/cmd/podman/shell_completion_test.go
But this is a lot of work to get right and I am neither a skopeo user or
maintainer so I am missing a lot of context for most options. I think
this would be better handled by a person who knows skopeo better.
Normally options should either use AutocompleteNone() or
AutocompleteDefault() from c/common/pkg/completion.
Even better would be to add custom completion functions for arguments
that only accept fixed values, see AutocompleteSupportedTransports() in
this commit.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
As of the just-updated github.com/proglottis/gpgme 0.1.2,
the gpgme subpackage uses CGo's native #cgo pkg-config support
to find the relevant libraries, and we no longer need to manually set
CGO_CFLAGS and CGO_LDFLAGS. So stop doing that.
Note that the proglottis/gpgme update (implied by vendoring c/image)
means the minimal supported version of GPGME is 1.13.0.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
