2417 Commits

Author SHA1 Message Date
Tom Sweeney
1fc131e715 [release-1.11] Bump Skopeo to v1.11.5
Bump Skopeo to v1.11.5

Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
v1.11.5
2026-05-11 19:26:49 -04:00
Tom Sweeney
16a8af6d92 [release-1.11] Bump Fedora to 39 in cirrus
The lastest Go Jose is calling functions first introduced in Go 1.20.
Bumping the CI to Fedora 1.39 where Go 1.20 first appeared in Fedora.

Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
2026-05-11 19:26:49 -04:00
Tom Sweeney
523fcf7494 [release-1.11] Bump Go Jose to v3.0.5, CVE-2026-34986
Bump Go Jose to v3.0.5 to address CVE-2026-34986

Fixes: https://redhat.atlassian.net/browse/OCPBUGS-81778,
https://redhat.atlassian.net/browse/OCPBUGS-81771,
https://redhat.atlassian.net/browse/OCPBUGS-81767,
https://redhat.atlassian.net/browse/OCPBUGS-81764,
https://redhat.atlassian.net/browse/RHEL-164982, https://redhat.atlassian.net/browse/RHEL-164980

Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
2026-05-07 19:58:29 -04:00
Miloslav Trmač
38d9c8eb1a Merge pull request #2789 from TomSweeneyRedHat/dev/tsweeney/logrus-release-1.11
[release-1.11] CVE-2025-65637 Logrus
2026-01-21 20:24:01 +01:00
tomsweeneyredhat
71a153aba4 [release-1.11] Bump Skopeo to 1.11.4
As the title says!

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
v1.11.4
2026-01-20 18:03:17 -05:00
tomsweeneyredhat
9beaf17536 [release-1.11] CVE-2025-65637, logrus to 1.9.3
Bump sirupsen/logrus to v1.9.3 to address CVE-2025-65637

Fixes: https://issues.redhat.com/browse/OCPBUGS-67731,
https://issues.redhat.com/browse/OCPBUGS-67898,
https://issues.redhat.com/browse/OCPBUGS-68038,
https://issues.redhat.com/browse/RHEL-135829,
https://issues.redhat.com/browse/RHEL-135814

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2026-01-20 18:02:50 -05:00
Tom Sweeney
a32fb6f5f8 Merge pull request #2675 from cevich/release-1.11_remove_dev
[release-1.11] Bump to release version 1.11.3
2025-08-12 16:14:57 -04:00
Chris Evich
85ce427969 [release-1.11] Bump to release version 1.11.3
This branch is utilized for RHEL releases and therefore should never
ever represent a `-dev` development release.  Bump the version
number to account for the change.

Resolves: RHEL-97092 RHEL-97090

Signed-off-by: Chris Evich <cevich@redhat.com>
v1.11.3
2025-08-11 15:38:31 -04:00
Miloslav Trmač
c8ef2dcce3 Merge pull request #2643 from cevich/release-1.11_add_release_test
[release-1.11] Add conditional release-checking system test
2025-07-04 17:13:02 +02:00
Chris Evich
b5b0a9cd81 [release-1.11] Add conditional release-checking system test
Unfortunately on a number of occasions, Skopeo has been released
officially with a `-dev` suffix in the version number.  Assist in
catching this mistake at release time by the addition of a simple
conditional test.  Note that it must be positively enabled by a
magic env. var. before executing the system tests.

Original PR: https://github.com/containers/skopeo/pull/2631

Signed-off-by: Chris Evich <cevich@redhat.com>
2025-07-02 14:30:14 -04:00
Miloslav Trmač
e0171abca9 Merge pull request #2611 from cevich/release-1.11-multiarch_registry
[release-1.11] Support CI testing on non-x86_64
2025-05-28 20:43:09 +02:00
Chris Evich
4773bf1895 Support CI testing on non-x86_64
Previously, internal CI gating tests sometimes fail because the required
registry container image only supports x86_64.  Update to the `2.8.2`
image tag with support for all primary architectures.

Signed-off-by: Chris Evich <cevich@redhat.com>
2025-05-28 14:25:03 -04:00
Miloslav Trmač
7602ac68f8 Merge pull request #2424 from TomSweeneyRedHat/dev/tsweeney/v1.11-cve-2024-3727
[release-1.11] CVE-2024-3727
2024-09-19 21:34:15 +02:00
tomsweeneyredhat
7f996f3bdb [release-1.11] CVE-2024-3727
Addresses CVE-2024-3727 by bumping c/common to v0.51.4 and c/image
to v5.24.3

Fixes: https://issues.redhat.com/browse/OCPBUGS-37020
https://issues.redhat.com/browse/OCPBUGS-37022
https://issues.redhat.com/browse/OCPBUGS-37023

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2024-09-19 14:11:24 -04:00
Colin Walters
78dc389125 Merge pull request #2359 from mtrmac/k8s.gcr.io-11
[release-1.11] Refer to registry.k8s.io instead of k8s.gcr.io
2024-06-19 19:41:22 -04:00
Miloslav Trmač
34ed1100de Refer to registry.k8s.io instead of k8s.gcr.io
... per https://kubernetes.io/blog/2023/02/06/k8s-gcr-io-freeze-announcement/ .

We are seeing intermittent failures (sufficient to reliably cause a test suite failure)
pulling from k8s.gcr.io, let's see if using the newer one improves things.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2024-06-19 17:50:41 +02:00
Miloslav Trmač
051898442c Merge pull request #2292 from TomSweeneyRedHat/dev/tsweeney/cve-jose-1.11
[release-1.11] Bump ocicrypt and go-jose CVE-2024-28180
2024-04-18 00:58:42 +02:00
tomsweeneyredhat
89cd9b89b6 [release-1.11] Bump ocicrypt and go-jose CVE-2024-28180
Bump github.com/go-jose/go-jose to v3.0.0 and
github.com/containers/ocicrypt to v1.1.10

Addresses: CVE-2024-28180
https://issues.redhat.com/browse/OCPBUGS-30789
https://issues.redhat.com/browse/OCPBUGS-30790
https://issues.redhat.com/browse/OCPBUGS-30791

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2024-04-17 18:15:23 -04:00
Miloslav Trmač
df2b9aedc8 Merge pull request #2286 from mtrmac/integration-update-1.11
[release-1.11] Backport #2280
2024-04-10 20:01:14 +02:00
Miloslav Trmač
6f884cd817 Freeze the fedora-minimal image reference at Fedora 38
... because the tests are assuming a v2s2 image, but
as of Fedora 39, the image uses the OCI format.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2024-04-08 19:55:14 +02:00
Miloslav Trmač
7e11ab4ada Merge pull request #1991 from cevich/release_1.11_add_self_destruct
[release-1.11] Cirrus: Add CI self-destruct condition on EOL date
2023-05-09 16:09:47 +02:00
Chris Evich
9b087c653c [release-1.11] Cirrus: Add CI self-destruct condition on EOL date
This branch will never receive any security-backports when the
associated RHEL release reaches EOL.  Add a condition to force CI to
break with a helpful message, after this RHEL EOL date.

Signed-off-by: Chris Evich <cevich@redhat.com>
2023-05-03 11:18:19 -04:00
Miloslav Trmač
d79588e6c1 Bump to v1.11.3-dev
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-04-03 07:51:38 -04:00
Miloslav Trmač
dc1e14f7a7 Release 1.11.2
Updates golang.org/x/net to v0.7.0 to resolve CVE-2022-41723.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
v1.11.2
2023-04-03 07:51:38 -04:00
Miloslav Trmač
8191ef3ea1 Merge pull request #1948 from lsm5/release-1.11-CVE-2022-41723
[release-1.11] bump golang.org/x/net to v0.7.0
2023-03-24 22:44:49 +01:00
Lokesh Mandvekar
902506dd73 bump golang.org/x/net to v0.7.0
Resolves: CVE-2022-41723
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41723

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2023-03-24 09:54:45 +05:30
Miloslav Trmač
3f98753bfd Merge pull request #1912 from TomSweeneyRedHat/dev/tsweeney/1.11.1
[release-1.11] Bump to v1.11.1
2023-02-16 23:21:39 +01:00
tomsweeneyredhat
b2884205e7 [release-1.11] Bump to v1.11.2-dev
As the title says

[NO NEW TESTS NEEDEDED]

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2023-02-16 15:16:10 -05:00
tomsweeneyredhat
fb1ade6d9e [release-1.11] Bump to v1.11.1
As the title says.  To ready for RHEL 8.8/9.2

[NO NEW TESTS NEEDED]

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
v1.11.1
2023-02-15 17:27:51 -05:00
Valentin Rothberg
0d212fc3b5 Merge pull request #1902 from mtrmac/c-image-eof-1.11
[release-1.11] Update to c/image 5.24.1
2023-02-13 09:01:03 +01:00
Miloslav Trmač
40dd6507df Update to c/image 5.24.1
... to include an unexpected EOF workaround.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-02-09 21:12:48 +01:00
Daniel J Walsh
cc958d3e5d Move to v1.11.1-dev
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-01-26 15:34:30 -05:00
Daniel J Walsh
9d036f3053 Bump to v1.11.0
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2023-01-26 15:34:30 -05:00
Daniel J Walsh
7b886d11bb Merge pull request #1871 from TomSweeneyRedHat/dev/tsweeney/fixlang
Touch up conscious language issues
2023-01-26 15:33:46 -05:00
Valentin Rothberg
17df36a3e6 Merge pull request #1879 from sstosh/fix-docs
[CI:DOCS] Format manual page documents
2023-01-26 08:05:00 +01:00
Toshiki Sonoda
83bcd13659 [CI:DOCS] Format manual page documents
- Add a prompt to the skopeo commands.

- Add a "console" identifier to fenced code
blocks which has a prompt, not "sh".

Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-25 17:10:11 +09:00
Miloslav Trmač
b3b2c73764 Merge pull request #1877 from containers/renovate/github.com-containers-common-0.x
Update module github.com/containers/common to v0.51.0
2023-01-24 17:57:41 +01:00
renovate[bot]
afbdaf8ecb Update module github.com/containers/common to v0.51.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2023-01-24 17:39:17 +01:00
Miloslav Trmač
fe15a36ed9 Merge pull request #1876 from containers/renovate/github.com-containers-image-v5-5.x
Update module github.com/containers/image/v5 to v5.24.0
2023-01-23 22:56:19 +01:00
renovate[bot]
c91142485e Update module github.com/containers/image/v5 to v5.24.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2023-01-23 21:30:51 +00:00
Valentin Rothberg
61c519dcf2 Merge pull request #1869 from mtrmac/generate-keys
Add (skopeo generate-sigstore-key)
2023-01-23 17:54:34 +01:00
Miloslav Trmač
0fad119375 Add (skopeo generate-sigstore-key)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-01-23 17:39:09 +01:00
Miloslav Trmač
48b9d94c87 Update c/image after https://github.com/containers/image/pull/1810
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-01-23 17:39:09 +01:00
Daniel J Walsh
47919520f5 Merge pull request #1868 from mtrmac/developer-system-tests
Fix `make test-system` when run as an unprivileged user (containerized)
2023-01-23 11:13:50 -05:00
Valentin Rothberg
e0a5df297d Merge pull request #1864 from mtrmac/storage-big-hammer
Fix storage.conf overrides in test-system in CI, update c/storage
2023-01-23 10:06:00 +01:00
tomsweeneyredhat
80e3fd1095 Touch up conscious language issues
Touch up a few issues with language in the project to
make it more inclusive.

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2023-01-21 17:13:25 -05:00
Miloslav Trmač
9f04dfdec9 Partially fix removal of temporary data in (make test-system)
Use (podman unshare) as already suggested, it is necessary for an unprivileged
user to remove the temporary c/storage state.  OTOH it doesn't work with Docker at all.

Don't use the - prefix, it only works at the _start_ of a rule, not in the middle of
a multi-line shell script.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-01-20 20:07:45 +01:00
Miloslav Trmač
36c480f643 Don't affect $XDG_RUNTIME_DIR of Podman starting the registry
Otherwise $XDG_RUNTIME_DIR/netns gets created and mounted,
breaking (rm -rf).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-01-20 20:06:08 +01:00
renovate[bot]
850bc49d27 Update module github.com/containers/storage to v1.45.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2023-01-20 17:46:01 +01:00
Miloslav Trmač
a98c137243 Fix storage.conf setup in test-system
- Don't do it at all for the CI VM: We can use the
  VM's global Podman configuration, and use faster overlay
  instead of vfs, so let's do that.
- For the developer-run (make test-system):
  - Add graphroot and runroot paths to make the configuration minimally valid
  - Explicitly point CONTAINERS_STORAGE_CONF at the configutation
    to be certain it will get used.

Then drop the (podman pull ...) in runner.sh:_podman_reset that seemed to
previously workaround the invalid /etc/containers/storage.conf .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-01-20 17:43:21 +01:00