Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2025-01-05 15:30:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1881 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apptainer" Sun Jan 5 15:30:50 2025 rev:29 rq:1234922 version:1.3.6 Changes: -------- --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2024-05-13 17:59:12.676369476 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1881/apptainer.changes 2025-01-05 15:31:02.333225630 +0100 @@ -1,0 +2,109 @@ +Fri Jan 3 16:11:01 UTC 2025 - Egbert Eich <e...@suse.com> + +- Update to version 1.3.6 + * Avoid using kernel overlayfs when the lower layer is a sandbox + on an incompatible filesystem type such as GPFS or Lustre. + For those cases use fuse-overlayfs instead. This fixes a + regression introduced in 1.3.0. The regression didn't much + impact Lustre because kernel overlayfs refused to try to use + it and Apptainer proceeded to use fuse-overlayfs anyway, but + with GPFS the kernel overlayfs allowed mounting but returned + stale file handle errors. +- Version 1.3.5 + * Fix a regression introduced in 1.3.4 that overwrote existing + standard `/.singularity.d` files such as `runscript` in + container images even if they had been modified. + * Skip attempting to bind inaccessible mount points when + handling the `mount hostfs = yes` configuration option. + * Support parsing nested variables defined inside `%arguments` + section of definition files. + * Ignore invalid environment variables when pulling oci/docker + containers. +- Version 1.3.4 + * Fixed sif-embedded overlay partitions for containers that are + larger than 2 gigabytes. + * Fixed the apparmor profile that was added in v1.3.3 but didn't + work. An apparmor profile is applied in all Debian-based + apptainer packaging, but is only needed to enable user namespaces + for apptainer on a default-configured Ubuntu 23.10 or newer. + * Fixed the failure when starting apptainer with + `instance --fakeroot`. + * `apptainer build -B ...` can now be used to mount custom + resolv.conf and hosts files from non-standard outside locations. + This can be used to run `apptainer build` in a nix-build sandbox + that has no `/etc/resolv.conf`. + * Fixed failing builds from local images that have symbolic links + for paths that are part of the base container environment (e.g. + /var/tmp -> /tmp). + * Show info messages suggesting to use + `enable underlay = preferred` or the `--underlay` flag when + overlay is implied for bind mounts but the kernel is too old + to support fuse mounts in user namespaces and so tries to use + fusermount. + * When someone uses a `yum` bootstrap to build a container + without using subuid-based fakeroot or root, warn that it is + unlikely to work. + * Allow a writable `--overlay` to be used with `--nvccli` instead + of `--writable-tmpfs`. + * If an error "no descriptor found for reference" is seen while + getting an oci container, retry the operation up to five times. + * Make fakeroot Recommended for SUSE rpms instead of Required. + * Allow bind mounts onto existing files on r/o NFS filesystems. + * If an error is seen in the %post section when building a + container using fakeroot mode 3 (with the fakeroot command) + then show a message suggesting using `--ignore-fakeroot-command` + and referring to the documentation about how to install and use + it inside the container definition file. + * Show a more helpful error message when using fakeroot in suid + mode and there's an `/etc/subuid` mapping even though user + namespaces are not available (user namespaces are required for + `/etc/subuid` mapping). +- Version 1.3.3 + * Added libcudadebugger.so to nvliblist.conf to support cuda-gdb + in CUDA 12+. + * Ensure opened/kept file descriptors in stage 1 are not closed + during the Go garbage collection to avoid "bad file descriptor" + errors at startup. + * Fixed a segmentation violation issue when running Apptainer + checkpoint. + * Added apparmor profiles for ubuntu 24.04 or higher distros. + * Fixed an issue that Apptainer won't read default docker + credentials. +- Version 1.3.2 + * Fix for + [CVE-2024-3727](https://github.com/advisories/GHSA-6wvf-f2vw-3425) + in a dependent library which describes a flaw that can allow + attackers to trigger unexpected authenticated registry accesses + due to object digest values not being validated in all cases. + * Fixed the issue when nesting `apptainer instance start` inside + a container on cgroups-v2 capable host. + * Fixed the issue that oras download progress bar gets stuck + when downloading large images. +- Version 1.3.1 + * Make 'apptainer build' work with signed Docker containers. + * Fixed regression introduced in 1.3.0 that prevented closing + cryptsetup and the corresponding loop device after running + an encrypted sif container file in suid mode. + * Stopped binding over the default timezone in the container + with the host's timezone, which led to unexpected behavior if + the application changed timezones. + * Added progress bars for `oras://` push and pull. + * Hide `Instance stats will not be available` message under + `--sharens` mode. + * Fix problem where credentials locally stored with + `registry login` command were not usable in some execution + flows. Run `registry login` again with latest version to ensure + credentials are stored correctly. + * Make runscript timeout configurable. + * Return invalid bind path mount options during bind path + parsing. + * Make the INFO message more helpful when a running background + process at exit time causes a FUSE mount to not shut down + cleanly. + * Fixed the wrong mediaType in the oras push manifest. +- Add Apptainer definition template for SLE15-SP7. +- Obsoleted: + * Remove-signatures-from-Docker-images.patch + * Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch + +------------------------------------------------------------------- Old: ---- Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch Remove-signatures-from-Docker-images.patch apptainer-1.3.0.tar.gz New: ---- SLE-15SP7.def apptainer-1.3.6.tar.gz BETA DEBUG BEGIN: Old: * Remove-signatures-from-Docker-images.patch * Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch Old:- Obsoleted: * Remove-signatures-from-Docker-images.patch * Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apptainer.spec ++++++ --- /var/tmp/diff_new_pack.gViWWQ/_old 2025-01-05 15:31:03.137258700 +0100 +++ /var/tmp/diff_new_pack.gViWWQ/_new 2025-01-05 15:31:03.141258865 +0100 @@ -1,7 +1,7 @@ # # spec file for package apptainer # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ License: BSD-3-Clause-LBNL AND OpenSSL Group: Productivity/Clustering/Computing Name: apptainer -Version: 1.3.0 +Version: 1.3.6 Release: 0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL: https://apptainer.org @@ -38,11 +38,10 @@ Source2: SUSE.def Source3: SLE-15SP5.def Source4: SLE-15SP6.def -Source5: Leap.def +Source5: SLE-15SP7.def +Source10: Leap.def Source20: %{name}-rpmlintrc Source21: vendor.tar.gz -Patch1: Remove-signatures-from-Docker-images.patch -Patch100: Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch BuildRequires: cryptsetup BuildRequires: fdupes BuildRequires: gcc @@ -60,9 +59,10 @@ Requires: squashfuse Recommends: fuse2fs Recommends: gocryptfs -Requires: (apptainer-leap = %version if product(Leap) = 15.5) +Requires: (apptainer-leap = %version if product(Leap) >= 15.5) Requires: (apptainer-sle15_5 = %version if product(SUSE_SLE) = 15.5) Requires: (apptainer-sle15_6 = %version if product(SUSE_SLE) = 15.6) +Requires: (apptainer-sle15_7 = %version if product(SUSE_SLE) = 15.7) # Needed for container decryption in userspace, upstream rpms include this # but factory should have this seperately @@ -94,6 +94,15 @@ The package provides a definition file template for Apptainer containers based on SUSE Linux Enterprise 15 SP6. +%package sle15_7 +Summary: Apptainer Definition File Templates for SLE 15 SP7 +BuildArch: noarch +Requires: apptainer = %version + +%description sle15_7 +The package provides a definition file template for Apptainer containers +based on SUSE Linux Enterprise 15 SP7. + %package leap Summary: Apptainer Definition File Templates for current openSUSE Leap BuildArch: noarch @@ -142,7 +151,7 @@ %make_install -C builddir V= install -d -m 0755 %{buildroot}/%{_datarootdir}/apptainer/templates -install -m 0644 %{S:2} %{S:3} %{S:4} %{S:5} %{buildroot}/%{_datarootdir}/apptainer/templates +install -m 0644 %{S:2} %{S:3} %{S:4} %{S:5} %{S:10} %{buildroot}/%{_datarootdir}/apptainer/templates %fdupes apptainer/examples %fdupes -s %buildroot @@ -192,6 +201,9 @@ %files sle15_6 %{_datarootdir}/apptainer/templates/%{basename:%{S:4}} -%files leap +%files sle15_7 %{_datarootdir}/apptainer/templates/%{basename:%{S:5}} +%files leap +%{_datarootdir}/apptainer/templates/%{basename:%{S:10}} + ++++++ SLE-15SP7.def ++++++ BootStrap: zypper OSVersion: 15.7 Include: zypper Product: SLES/15.7/x86_64 User: EMAIL Regcode: REGCODE MirrorURL: https://updates.suse.com/SUSE/Products/SLE-BCI/15-SP7/x86_64/product/ # Just base modules here, other modules are installed in post Modules: \n\ sle-module-basesystem,\n\ sle-module-server-applications ProductPGP:\n\ SLEpgp: -----BEGIN PGP PUBLIC KEY BLOCK-----\n\ Version: rpm-4.11.2 (NSS-3)\n\ \n\ mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp\n\ YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY\n\ 91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma\n\ hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9\n\ vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8\n\ L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT\n\ aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYCGwMGCwkIBwMCBBUC\n\ CAMEFgIDAQIeAQIXgAUCWEfrHwUJDsIitAAKCRBwr56BOdt8gpqUB/wPSSS5BcDu\n\ Oi4n02cj4Hdt7WITKBjjo0lG1fXG1ppx1wOST+s8FertMVFY53TW6FGjcYtwVOIq\n\ rsMYiV6kf1NxUV/jcAy7VmC5EZnO0R/D3sT4Oh5hsLtERauZolK5BZmd0S51Qa8e\n\ TxZ5mX9PL2i3s/ShETc30drf83ugc7B4yZPNQWXNDPgGcC+hEeC5qw48RzHYIpUt\n\ RzHmefR5Z3ioTUbDlzy+SGP2uA7mhR4Lfk/df5fYxWfCoKlyGjtrvA65cB+Pksyn\n\ xrAeBuB+vBM+KnDrxW2Sn4AbWkzH//dfz9OJDJu4UM91hb7qxM0OkrXHQV3iNqzg\n\ MDEhky/9NqMy\n\ =GdP5\n\ -----END PGP PUBLIC KEY BLOCK----- %post update-ca-certificates echo "Hello from post boot strap" zypper in -y vim ++++++ apptainer-1.3.0.tar.gz -> apptainer-1.3.6.tar.gz ++++++ ++++ 4137 lines of diff (skipped) ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/apptainer/vendor.tar.gz /work/SRC/openSUSE:Factory/.apptainer.new.1881/vendor.tar.gz differ: char 5, line 1
