> go get github.com/containers/image/v5@main
> go mod tidy && go mod vendor
This updates c/image with a new version of x/exp.
That package has changed API in an incompatible way,
so just bumping x/exp (as in https://github.com/containers/skopeo/pull/2060 )
would break Skopeo builds.
This updates both c/image and x/exp in lockstep (and nothing
needs updating in Skopeo itself for the x/exp breakage).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This automatically the global --policy-path and --insecure-policy options,
which don't affect h.sysctx.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The pre-sync action constantly breaks and is currently not possible to
reliably test until the subsequent upstream release due to limitations
in packit.
The lines being added by the action script to the downstream Fedora spec
were only meant to keep Fedora happy. But given that they provide
no tangible benefit as github notifies us of security
issues in libraries mentioned in go.mod and go.sum, along with redhat
prodsec's own magic for creating security alerts, there's absolutely
no point to having the pre-sync action run and add a layer of uncertainty.
This commit removes the pre-sync action and
`rpm/update-spec-provides.sh`.
Ref: https://github.com/containers/podman/issues/19232
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
In PR review for a different issue, the question of what happens
if we hit overflow for the imageid serial was hit. This feels
pretty unlikely; if I did the math right, it'd require opening
an average of 136 images per second to overflow it in a year.
Nevertheless, in practice what we're sending on the wire is just a JSON
number, and if we extend this to the "max safe JSON number" of 2^53,
it'd take 285,616,414 images per second to overflow in a year, going
from implausible to probably impossible.
With a bit more work of course, we could make this a sparse mapping
and reuse freed numbers, but eh.
Signed-off-by: Colin Walters <walters@verbum.org>
The default Packit sandbox environment that runs Packit tasks for
downstream Fedora does not have golist installed by default and can't
run superuser tasks.
This commit will download and extract the golist binary from the Fedora
rpm and use it to provide golist.
The GOPATH mention in `rpm/update-spec-provides.sh` is only required for
golist to generate the gopaths and doesn't affect upstream or the rpm spec.
Currently, the only way to reliably test this is on an open github issue by running
`/packit propose-downstream`. This can't be run on an open PR.
The job-specific packit actions can only be tested via the packit
service and not via packit cli.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Distro conditionals have been rewritten in a cleaner
and easier to read way.
All `bcond` macros have been replaced with friendlier alternatives.
Also removed macros related to `import_path` as they are no longer
necessary.
update-spec-provides.sh has been updated to account for possible build
issues in downstream tasks which won't be noticed until a downstream
release.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
It's a bit cumbersome to manage a tooling version buried deep in a
command, let alone one also buried deep in a `Makefile`. Add a
variable to hold the version number so renovate can easily manage it.
This happens via a `regex` manager in the shared configuration
include `containers/automation//renovate/defaults.json5`. Also add a
helpful note/reminder to humans who may want to manually change the
version for some reason.
Depends on: https://github.com/containers/automation/pull/145
Signed-off-by: Chris Evich <cevich@redhat.com>
Assigning to a group isn't supported in github. Renove this section and
the golang section (all options moved into defaults.json5).
Signed-off-by: Chris Evich <cevich@redhat.com>
Get rid of `skopeo.spec.rpkg` in favour of
`rpm/skopeo.spec` which gets synced with fedora dist-git on every
upstream release. The version in the new spec file is set to `0` by
default and gets updated by packit automatically on every packit task.
Packit will automatically create a PR on fedora dist-git on every new
upstream release. A sample PR will look like:
https://src.fedoraproject.org/rpms/container-selinux/pull-request/10#
A dry run for this can be triggered using:
`$ packit propose-downstream --local-content`
To run this command locally, you would need to have your packit
user-configuration-file set.
Ref: https://packit.dev/docs/configuration/#user-configuration-file
along with a fedora api key created at:
https://src.fedoraproject.org/settings#nav-api-tab with sufficient ACLs.
This patch incurs zero additional cost to upstream as the downstream
tasks occur only after upstream release and do not block anything
upstream.
[NO NEW TESTS NEEDED]
Co-authored-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
