Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2025-10-02 19:21:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.11973 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apptainer" Thu Oct 2 19:21:30 2025 rev:36 rq:1308562 version:1.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2025-06-06 22:45:00.829670023 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.11973/apptainer.changes 2025-10-02 19:22:43.480795136 +0200 @@ -1,0 +2,59 @@ +Thu Oct 2 07:57:18 UTC 2025 - Christian Goll <[email protected]> + +- Update to 1.4.3 + * Corrected the mconfig -s option for statically building apptainer + and starter binaries. + * Resolved an issue where the Makefile generated by mconfig -b + failed when the build directory was not a subdirectory of the + Apptainer source code. + * Fixed %files in definition files to correctly copy symlinks + pointing above the destination directory but within the + destination stage root filesystem. + * Addressed a typo in nvliblist.conf ( libnvoptix.so.1 was + corrected to libnvoptix.so). + * Prevented timeouts during cleanup after building + gocryptfs-encrypted SIF files. + * Fixed a bug that prevented build with --passphrase or --pem-path + (without --encrypt) from implying fakeroot. + * Resolved a hang when copying files between build stages while + using suid mode without user namespaces. + * Fixed issues with running and building containers of different + architectures than the host via binfmt_misc when using rootless + fakeroot. + * Corrected "target: no such file or directory" errors when + extracting layers from certain OCI images that manipulate hard + links across layers. + * Fixed a crash when executing a privilege-encrypted container as + root. + * Improved documentation for the remote list command. + * Removed the fakerootcallback functionality. + * Updated the default pacman confURL for Bootstrap: arch container + builds. + * Updated bundled fuse programs to their latest releases. + * Changed the default message level from silent to normal in + nested apptainer executions of a build's %post section, and + suppressed an unnecessary warning. + * Invalid environment variables are now ignored when pulling + oci/docker containers. +- Add definition file for SLE 16 (SLE-16.def). +- Remove definition files for SLE15 SP5 (SLE-15SP5.def) and + SP6 (SLE-15SP6.def). + +------------------------------------------------------------------- +Sun Sep 7 15:09:52 UTC 2025 - Andrea Manzini <[email protected]> + +- Update to 1.4.2 + * Restore looking for registry mirrors in /etc/containers/registry.conf + and related files. This had been inadvertently dropped beginning in 1.4.0. + * Fix use of the image cache when the home directory contains @ characters. + Previously it would assume that it was the start of a digest in the oci-dir. + * Fix signature verification failures on unsigned images. + * Add additional .deb packages to the release assets that include the label + trixie+ to indicate that they are for installing on Debian 13 or later. + Those packages are necessary to work with the new libfuse3 library in + Debian13. They also support libsubid, unlike the default packages because + they are built on Debian 11 which doesn't have that library. + * Add automatic triggering of Ubuntu PPA builds whenever there's a new + apptainer release. + +------------------------------------------------------------------- Old: ---- SLE-15SP5.def SLE-15SP6.def apptainer-1.4.1.tar.gz New: ---- SLE-16.def apptainer-1.4.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apptainer.spec ++++++ --- /var/tmp/diff_new_pack.ffXJUj/_old 2025-10-02 19:22:44.576840986 +0200 +++ /var/tmp/diff_new_pack.ffXJUj/_new 2025-10-02 19:22:44.580841154 +0200 @@ -2,6 +2,7 @@ # spec file for package apptainer # # Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +26,7 @@ License: BSD-3-Clause-LBNL AND OpenSSL Group: Productivity/Clustering/Computing Name: apptainer -Version: 1.4.1 +Version: 1.4.2 Release: 0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL: https://apptainer.org @@ -36,9 +37,8 @@ Source0: https://github.com/apptainer/apptainer/archive/v%{version}%{?vers_suffix}/apptainer-%{version}%{?vers_suffix}.tar.gz Source1: README.SUSE Source2: SUSE.def -Source3: SLE-15SP5.def -Source4: SLE-15SP6.def Source5: SLE-15SP7.def +Source6: SLE-16.def Source10: Leap.def Source20: %{name}-rpmlintrc Source21: vendor.tar.gz @@ -60,9 +60,8 @@ Recommends: fuse2fs Recommends: gocryptfs Requires: (apptainer-leap = %version if product(Leap) >= 15.5) -Requires: (apptainer-sle15_5 = %version if product(SUSE_SLE) = 15.5) -Requires: (apptainer-sle15_6 = %version if product(SUSE_SLE) = 15.6) Requires: (apptainer-sle15_7 = %version if product(SUSE_SLE) = 15.7) +Requires: (apptainer-sle16 = %version if product(SUSE_SLE) = 16.0) # Needed for container decryption in userspace, upstream rpms include this # but factory should have this seperately @@ -76,32 +75,23 @@ Apptainer provides functionality to make portable containers that can be used across host environments. -%package sle15_5 -Summary: Apptainer Definition File Templates for SLE 15 SP5 -BuildArch: noarch -Requires: apptainer = %version - -%description sle15_5 -The package provides a definition file template for Apptainer containers -based on SUSE Linux Enterprise 15 SP5. - -%package sle15_6 -Summary: Apptainer Definition File Templates for SLE 15 SP6 +%package sle15_7 +Summary: Apptainer Definition File Templates for SLE 15 SP7 BuildArch: noarch Requires: apptainer = %version -%description sle15_6 +%description sle15_7 The package provides a definition file template for Apptainer containers -based on SUSE Linux Enterprise 15 SP6. +based on SUSE Linux Enterprise 15 SP7. -%package sle15_7 -Summary: Apptainer Definition File Templates for SLE 15 SP7 +%package sle16 +Summary: Apptainer Definition File Templates for SLE 16 BuildArch: noarch Requires: apptainer = %version -%description sle15_7 +%description sle16 The package provides a definition file template for Apptainer containers -based on SUSE Linux Enterprise 15 SP7. +based on SUSE Linux Enterprise 16. %package leap Summary: Apptainer Definition File Templates for current openSUSE Leap @@ -149,7 +139,7 @@ %make_install -C builddir V= install -d -m 0755 %{buildroot}/%{_datarootdir}/apptainer/templates -install -m 0644 %{S:2} %{S:3} %{S:4} %{S:5} %{S:10} %{buildroot}/%{_datarootdir}/apptainer/templates +install -m 0644 %{S:2} %{S:5} %{S:6} %{S:10} %{buildroot}/%{_datarootdir}/apptainer/templates %fdupes apptainer/examples %fdupes -s %buildroot @@ -193,15 +183,12 @@ %dir %{_localstatedir}/lib/apptainer/mnt/session %{_mandir}/man1/* -%files sle15_5 -%{_datarootdir}/apptainer/templates/%{basename:%{S:3}} - -%files sle15_6 -%{_datarootdir}/apptainer/templates/%{basename:%{S:4}} - %files sle15_7 %{_datarootdir}/apptainer/templates/%{basename:%{S:5}} +%files sle16 +%{_datarootdir}/apptainer/templates/%{basename:%{S:6}} + %files leap %{_datarootdir}/apptainer/templates/%{basename:%{S:10}} ++++++ SLE-15SP5.def -> SLE-16.def ++++++ --- /work/SRC/openSUSE:Factory/apptainer/SLE-15SP5.def 2024-02-02 15:48:37.543619025 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.11973/SLE-16.def 2025-10-02 19:22:42.932772211 +0200 @@ -1,10 +1,10 @@ BootStrap: zypper -OSVersion: 15.5 +OSVersion: 16.0 Include: zypper -Product: SLES/15.5/x86_64 +Product: SLES/16.0/x86_64 User: EMAIL Regcode: REGCODE -MirrorURL: https://updates.suse.com/SUSE/Products/SLE-BCI/15-SP5/x86_64/product/ +MirrorURL: https://updates.suse.com/SUSE/Products/SLE-Product-SLES/16.0/x86_64/product # Just base modules here, other modules are installed in post Modules: \n\ sle-module-basesystem,\n\ ++++++ apptainer-1.4.1.tar.gz -> apptainer-1.4.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/.github/workflows/release.yml new/apptainer-1.4.2/.github/workflows/release.yml --- old/apptainer-1.4.1/.github/workflows/release.yml 2025-05-15 04:49:58.000000000 +0200 +++ new/apptainer-1.4.2/.github/workflows/release.yml 2025-08-08 02:12:28.000000000 +0200 @@ -46,9 +46,8 @@ ./scripts/ci-docker-run cp *.tar.gz *.rpm .. cd .. - sha256sum *.tar.gz *.rpm > sha256sums - - name: Make deb packages + - name: Make standard deb packages if: env.do_release env: OS_TYPE: debian @@ -62,7 +61,23 @@ ./scripts/ci-docker-run cp *.deb .. cd .. - sha256sum *.deb >> sha256sums + + - name: Make trixie deb packages + if: env.do_release + env: + OS_TYPE: debian + # once released, this version should change to 13 + OS_VERSION: trixie + GO_ARCH: linux-amd64 + run: | + # Make another new copy of the source files for this build + set -x + sudo rm -rf `basename apptainer-*.tar.gz .tar.gz` + tar xf apptainer-*.tar.gz + cd `basename apptainer-*.tar.gz .tar.gz` + ./scripts/ci-docker-run + for d in *.deb; do cp $d ../`echo $d|sed 's/\(_[^_]*$\)/-trixie+\1/'`; done + cd .. - name: Release if: env.do_release @@ -72,7 +87,6 @@ *.tar.gz *.rpm *.deb - sha256sums release_container_images: name: release_container_images @@ -122,6 +136,10 @@ username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Get golang version + id: min-go-version + run: echo "GOLANG_VERSION=$(scripts/get-min-go-version)" >> "$GITHUB_OUTPUT" + - name: Build and push if: env.do_release uses: docker/build-push-action@v5 @@ -131,6 +149,7 @@ file: dist/docker/Dockerfile build-args: | VERSION=${{ env.git_tag }} + GOLANG_VERSION=${{ steps.min-go-version.outputs.GOLANG_VERSION }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/.github/workflows/ubuntu-ppa-release.yml new/apptainer-1.4.2/.github/workflows/ubuntu-ppa-release.yml --- old/apptainer-1.4.1/.github/workflows/ubuntu-ppa-release.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/apptainer-1.4.2/.github/workflows/ubuntu-ppa-release.yml 2025-08-08 02:12:28.000000000 +0200 @@ -0,0 +1,142 @@ +name: ubuntu-ppa + +on: + workflow_dispatch: + inputs: + tag: + type: string + description: 'apptainer published tag (e.g. 1.4.1), this is used for retrieving tagged source code)' + required: true + revision: + type: number + description: 'publish revision number (default: 1)' + required: false + default: 1 + sub_tag: + type: string + description: 'sub tags to append (e.g. stable => 1.4.1-stable),this will add sub tags to the above main tag to create different changelogs and uploads' + required: false +jobs: + prepare: + name: prepare + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - run: git fetch --prune --unshallow --tags --force + + - name: Prepare the apptainer source package + run: | + if [ -z "${{ inputs.tag }}"]; then + echo "Skipping because no apptainer tag is defined" + # terminate the job + exit 1 + fi + + APPTAINER_VERSION="${{ inputs.tag }}" + + # download released apptainer-{APPTAINER_VERSION}.tar.gz from github + URL="https://github.com/apptainer/apptainer/releases/download/v$APPTAINER_VERSION/apptainer-$APPTAINER_VERSION.tar.gz"; + wget -O "apptainer-$APPTAINER_VERSION.tar.gz" "$URL" && tar -xzvf "apptainer-$APPTAINER_VERSION.tar.gz" && rm -rf "apptainer-$APPTAINER_VERSION.tar.gz" + + # update scripts/ci-deb-build-test script + new_content=$(cat << 'EOF' + su testuser -c ' + set -x + set -e + mv dist/debian . + MIN_VERSION="$(scripts/get-min-go-version)" + GOSRC="go$MIN_VERSION.src.tar.gz" + GOBIN_AMD64="go$MIN_VERSION.linux-amd64.tar.gz" + GOBIN_ARM64="go$MIN_VERSION.linux-arm64.tar.gz" + curl -f -L -sS -o debian/$GOBIN_AMD64 https://golang.org/dl/$GOBIN_AMD64 + curl -f -L -sS -o debian/$GOBIN_ARM64 https://golang.org/dl/$GOBIN_ARM64 + if [ -n "'$GO_ARCH'" ]; then + # Download and install binary too to avoid debuild having to compile the + # go toolchain from source + GOBIN="$(echo "$GOSRC"|sed "s/\.src./.'$GO_ARCH'./")" + tar -xzf debian/"$GOBIN" -C /local + PATH=/local/go/bin:$PATH + fi + go version + ./scripts/download-dependencies debian + find debian/ -type f -name "*.tar.gz" -printf "debian/%f\n" >> debian/source/include-binaries + export DEB_FULLNAME="'"${DEB_FULLNAME:-CI Test}"'" + export DEBEMAIL="'${DEBEMAIL:[email protected]}'" + debuild --prepend-path $PATH -S -uc -us --lintian-opts --display-info --show-overrides + ' + EOF + ) + + sed -i "69,95d" "apptainer-$APPTAINER_VERSION/scripts/ci-deb-build-test" + echo "$new_content" >> "apptainer-$APPTAINER_VERSION/scripts/ci-deb-build-test" + sed -i '49c mv .??* !(src|*.orig.tar.gz) src' "apptainer-$APPTAINER_VERSION/scripts/ci-deb-build-test" + + # copy the latest scripts/ubuntu-ppa into the orig.tar.gz + cp scripts/ubuntu-ppa "apptainer-$APPTAINER_VERSION/scripts/ubuntu-ppa" + + # retar the apptainer folder to create .orig.tar.gz file for debuild to use + tar --exclude="apptainer-$APPTAINER_VERSION/dist/debian" -czf "apptainer_$APPTAINER_VERSION.orig.tar.gz" -C "apptainer-$APPTAINER_VERSION/" . + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: apptainer-artifact + path: "*.orig.tar.gz" + + ubuntu-ppa-release: + runs-on: ubuntu-22.04 + needs: prepare + strategy: + matrix: + include: + - version: '24.04' + name: noble + - version: '22.04' + name: jammy + - version: '20.04' + name: focal + steps: + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: apptainer-artifact + + - name: Build and push to Ubuntu PPA + env: + OS_TYPE: ubuntu + OS_VERSION: ${{matrix.version}} + OS_NAME: ${{matrix.name}} + GO_ARCH: linux-amd64 + run: | + APPTAINER_VERSION="${{ inputs.tag }}" + BUILD_VERSION="${{ inputs.tag }}" + if [ -n "${{ inputs.sub_tag }}" ]; then + BUILD_VERSION="${{ inputs.tag }}-${{ inputs.sub_tag }}" + fi + APPTAINER_REVISION="${{ inputs.revision }}" + + # install necessary packages + sudo apt update && sudo apt install -y devscripts + + # set target_ppa environment variable + export TARGET_PPA="${{ vars.TARGET_PPA }}" + + # set PPA_SIGN_KEY environment variable + export PPA_SIGN_KEY="${{ vars.PPA_SIGN_KEY }}" + + # set gpg keys + echo "${{ secrets.APPTAINER_UBUNTU_PPA_PRIVATE_KEY }}" | gpg --batch --import --passphrase "${{ secrets.APPTAINER_UBUNTU_PPA_PRIVATE_KEY_PASSPHRASE }}" + export GPG_PASSPHRASE="${{ secrets.APPTAINER_UBUNTU_PPA_PRIVATE_KEY_PASSPHRASE }}" + gpg --list-keys + + # uncompress the apptainer source code + mkdir -p "apptainer-$APPTAINER_VERSION" + tar -xzvf "apptainer_$APPTAINER_VERSION.orig.tar.gz" -C "apptainer-$APPTAINER_VERSION/" + mv "apptainer_$APPTAINER_VERSION.orig.tar.gz" "apptainer-$APPTAINER_VERSION/apptainer_$BUILD_VERSION.orig.tar.gz" + cd "apptainer-$APPTAINER_VERSION" + + # call real script to build and push + ./scripts/ubuntu-ppa "$BUILD_VERSION" "$APPTAINER_REVISION" + + # cleanup + unset GPG_PASSPHRASE \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/.markdownlint.yml new/apptainer-1.4.2/.markdownlint.yml --- old/apptainer-1.4.1/.markdownlint.yml 2025-05-15 04:49:58.000000000 +0200 +++ new/apptainer-1.4.2/.markdownlint.yml 2025-08-08 02:12:28.000000000 +0200 @@ -11,3 +11,5 @@ MD013: # Disable line-length check inside code blocks code_blocks: false +# Allow non-descriptive link texts. +MD059: false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/CHANGELOG.md new/apptainer-1.4.2/CHANGELOG.md --- old/apptainer-1.4.1/CHANGELOG.md 2025-05-15 04:49:58.000000000 +0200 +++ new/apptainer-1.4.2/CHANGELOG.md 2025-08-08 02:12:28.000000000 +0200 @@ -5,6 +5,21 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.4.2 - \[2025-07-07\] + +- Restore looking for registry mirrors in `/etc/containers/registry.conf` + and related files. This had been inadvertently dropped beginning in 1.4.0. +- Fix use of the image cache when the home directory contains `@` characters. + Previously it would assume that it was the start of a digest in the oci-dir. +- Fix signature verification failures on unsigned images. +- Add additional `.deb` packages to the release assets that include the label + `trixie+` to indicate that they are for installing on Debian 13 or later. + Those packages are necessary to work with the new libfuse3 library in Debian + 13. They also support libsubid, unlike the default packages because they are + built on Debian 11 which doesn't have that library. +- Add automatic triggering of Ubuntu PPA builds whenever there's a new + apptainer release. + ## v1.4.1 - \[2025-05-14\] - Fix the use of libsubid which had been broken by the revision applied in diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/INSTALL.md new/apptainer-1.4.2/INSTALL.md --- old/apptainer-1.4.1/INSTALL.md 2025-05-15 04:49:58.000000000 +0200 +++ new/apptainer-1.4.2/INSTALL.md 2025-08-08 02:12:28.000000000 +0200 @@ -66,9 +66,7 @@ openssl-devel \ fakeroot \ cryptsetup sysuser-tools \ - wget git go -# Install these before devel tools to avoid clashing busybox pkgs on Tumbleweed -sudo zypper install -y diffutils which + diffutils wget which git go # Install basic tools for compiling # --replacefiles is needed to avoid pam conflict on Tumbleweed sudo zypper install -y --replacefiles --allow-downgrade -t pattern devel_basis @@ -77,7 +75,7 @@ For libsubid support (requires openSUSE Tumbleweed): ```sh -sudo zypper install -y libsubid-devel +sudo zypper install -y --allow-downgrade libsubid-devel ``` ## Install Go @@ -155,7 +153,7 @@ for example: ```sh -git checkout v1.4.1 +git checkout v1.4.2 ``` ## Compiling Apptainer @@ -211,8 +209,8 @@ On SLE/openSUSE: ```sh -sudo zypper install -y gzip fuse3-devel lzo-devel liblz4-devel \ - xz-devel libzstd-devel +sudo zypper install -y --allow-downgrade gzip fuse3-devel \ + lzo-devel liblz4-devel xz-devel libzstd-devel ``` To download the source code from the top level of the Apptainer source @@ -324,7 +322,7 @@ <!-- markdownlint-disable MD013 --> ```sh -VERSION=1.4.1 # this is the apptainer version, change as you need +VERSION=1.4.2 # this is the apptainer version, change as you need # Fetch the source wget https://github.com/apptainer/apptainer/releases/download/v${VERSION}/apptainer-${VERSION}.tar.gz ``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/dist/docker/Dockerfile new/apptainer-1.4.2/dist/docker/Dockerfile --- old/apptainer-1.4.1/dist/docker/Dockerfile 2025-05-15 04:49:58.000000000 +0200 +++ new/apptainer-1.4.2/dist/docker/Dockerfile 2025-08-08 02:12:28.000000000 +0200 @@ -1,5 +1,6 @@ ARG BASE_IMAGE=debian:bookworm-slim -ARG GOLANG_IMAGE=golang:1.23.5-bookworm +ARG GOLANG_VERSION="pass-in-as-build-arg" +ARG GOLANG_IMAGE=golang:${GOLANG_VERSION}-bookworm FROM --platform=${TARGETPLATFORM} ${BASE_IMAGE} AS debian-target FROM --platform=${BUILDPLATFORM} ${GOLANG_IMAGE} AS build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/internal/pkg/client/library/pull.go new/apptainer-1.4.2/internal/pkg/client/library/pull.go --- old/apptainer-1.4.1/internal/pkg/client/library/pull.go 2025-05-15 04:49:58.000000000 +0200 +++ new/apptainer-1.4.2/internal/pkg/client/library/pull.go 2025-08-08 02:12:28.000000000 +0200 @@ -137,11 +137,6 @@ return "", fmt.Errorf("error fetching image: %v", err) } - if err := signature.Verify(ctx, src, signature.OptVerifyWithPGP(opts.KeyClientOpts...)); err != nil { - sylog.Warningf("%v", err) - return pullTo, ErrLibraryPullUnsigned - } - if directTo == "" && !sandbox { // mode is before umask if pullTo doesn't exist err = fs.CopyFileAtomic(src, pullTo, 0o777) @@ -150,6 +145,11 @@ } } + if err := signature.Verify(ctx, src, signature.OptVerifyWithPGP(opts.KeyClientOpts...)); err != nil { + sylog.Warningf("%v", err) + return pullTo, ErrLibraryPullUnsigned + } + if sandbox { if err := client.ConvertSifToSandbox(directTo, src, pullTo); err != nil { return "", err diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/internal/pkg/ociimage/sourcesink.go new/apptainer-1.4.2/internal/pkg/ociimage/sourcesink.go --- old/apptainer-1.4.1/internal/pkg/ociimage/sourcesink.go 2025-05-15 04:49:58.000000000 +0200 +++ new/apptainer-1.4.2/internal/pkg/ociimage/sourcesink.go 2025-08-08 02:12:28.000000000 +0200 @@ -12,11 +12,15 @@ import ( "context" "fmt" + "path/filepath" "strings" progressClient "github.com/apptainer/apptainer/internal/pkg/client" "github.com/apptainer/apptainer/internal/pkg/util/ociauth" "github.com/apptainer/apptainer/pkg/sylog" + "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/pkg/sysregistriesv2" + "github.com/containers/image/v5/types" "github.com/docker/docker/client" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" @@ -48,6 +52,57 @@ return nil, err } + // See if there's a mirror to use for this registry by applying + // containers/image library functions. + // This may one day be done automatically by go-containerregistry. + // If that happens we can remove this code. + // See https://github.com/apptainer/apptainer/issues/2919 + host := srcRef.Context().Registry.Name() + var regctx types.SystemContext + registry, _ := sysregistriesv2.FindRegistry(®ctx, host) + if host == "index.docker.io" { + // This is the default registry; if it failed to find a mirror, + // instead try the equivalent shorter version that might be + // defined with a mirror. + host = "docker.io" + if registry == nil { + registry, _ = sysregistriesv2.FindRegistry(®ctx, host) + } + } + if (registry != nil) && (len(registry.Mirrors) > 0) { + mirror := registry.Mirrors[0].Location + nameOpts = []name.Option{} + if registry.Mirrors[0].Insecure { + nameOpts = append(nameOpts, name.Insecure) + } + mirrorSrc := src + // Normalize the src, for example by prefixing docker.io and + // adding library/ for standard docker.io containers, because + // mirrors expect this to already be done. + normalizedRef, err := reference.ParseNormalizedNamed(mirrorSrc) + if err != nil { + sylog.Debugf("Normalizing %s failed, using as-is: %v", mirrorSrc, err) + } else { + mirrorSrc = normalizedRef.String() + } + // remove the first component if it was an explicit registry + mirrorParts := strings.Split(mirrorSrc, "/") + if (host != "docker.io") || strings.HasSuffix(mirrorParts[0], host) { + // this should always happen unless normalizing + // failed and the src is missing a registry name + mirrorSrc = strings.Join(mirrorParts[1:], "/") + } + // then add the mirror in its place + mirrorSrc = mirror + "/" + mirrorSrc + sylog.Debugf("Using %s mirror in place of %s", mirrorSrc, src) + mirrorRef, err := name.ParseReference(mirrorSrc, nameOpts...) + if err != nil { + sylog.Warningf("Error parsing registry mirror reference %s, skipping mirror: %v", mirrorSrc, err) + } else { + srcRef = mirrorRef + } + } + pullOpts := []remote.Option{ remote.WithContext(ctx), } @@ -69,9 +124,11 @@ // If no digest is provided, and there is only one image in the layout, it will be returned. // A digest must be specified when retrieving an image from a layout containing multiple images. func getOCIImage(src string, tOpts *TransportOptions) (v1.Image, error) { - refParts := strings.SplitN(src, "@", 2) + dir, base := filepath.Split(src) + refParts := strings.SplitN(base, "@", 2) - lp, err := layout.FromPath(refParts[0]) + file := filepath.Join(dir, refParts[0]) + lp, err := layout.FromPath(file) if err != nil { return nil, err } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/scripts/ci-deb-build-test new/apptainer-1.4.2/scripts/ci-deb-build-test --- old/apptainer-1.4.1/scripts/ci-deb-build-test 2025-05-15 04:49:58.000000000 +0200 +++ new/apptainer-1.4.2/scripts/ci-deb-build-test 2025-08-08 02:12:28.000000000 +0200 @@ -7,7 +7,7 @@ # this script runs as root under docker --privileged OS_MAJOR=$(grep ^VERSION_ID /etc/os-release | cut -d'=' -f2 | sed 's/\"//gI' | cut -d'.' -f1) -OS_NAME=$(grep ^NAME /etc/os-release | cut -d '=' -f2 | sed 's/\"//gI') +OS_NAME=$(grep ^NAME /etc/os-release | cut -d '=' -f2 | sed 's/\"//gI;s/ .*//') OS_VERSION=$(grep ^VERSION_ID /etc/os-release | cut -d'=' -f2 | sed 's/\"//gI') # install dependencies diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/scripts/ci-rpm-build-test new/apptainer-1.4.2/scripts/ci-rpm-build-test --- old/apptainer-1.4.1/scripts/ci-rpm-build-test 2025-05-15 04:49:58.000000000 +0200 +++ new/apptainer-1.4.2/scripts/ci-rpm-build-test 2025-08-08 02:12:28.000000000 +0200 @@ -10,8 +10,8 @@ if [[ $OS_TYPE == *suse* ]]; then zypper install -y --allow-downgrade \ libseccomp-devel libuuid-devel openssl-devel \ - fakeroot cryptsetup sysuser-tools wget git go - zypper install -y diffutils + fakeroot cryptsetup sysuser-tools \ + diffutils wget which git go zypper install -y --replacefiles --allow-downgrade -t pattern devel_basis if [[ $OS_TYPE == *tumbleweed* ]]; then zypper install -y --allow-downgrade libsubid-devel diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.4.1/scripts/ubuntu-ppa new/apptainer-1.4.2/scripts/ubuntu-ppa --- old/apptainer-1.4.1/scripts/ubuntu-ppa 1970-01-01 01:00:00.000000000 +0100 +++ new/apptainer-1.4.2/scripts/ubuntu-ppa 2025-08-08 02:12:28.000000000 +0200 @@ -0,0 +1,70 @@ +#!/bin/bash + +set -e + +if [ $# -ne 2 ];then + echo "Should be exactly two args passed" + exit 1 +fi + +if [ -z $1 ]; then + echo "Apptainer version is empty" + exit 1 +fi + +APPTAINER_VERSION=$1 +APPTAINER_REVISION=$2 + +if [ -z "${OS_TYPE}" ]; then + echo "OS_TYPE is unset" + exit 1 +fi + +if [ -z "${OS_VERSION}" ]; then + echo "OS_VERSION is unset" + exit 1 +fi + +if [ -z "${OS_NAME}" ]; then + echo "OS_NAME is unset" + exit 1 +fi + +if [ -z "${TARGET_PPA}" ]; then + echo "TARGET_PPA is unset" + exit 1 +fi + +if [ -z "${PPA_SIGN_KEY}" ]; then + echo "PPA_SIGN_KEY is unset" + exit 1 +fi + +if [ -z "${GO_ARCH}" ]; then + GO_ARCH="linux-amd64" +fi + +BUILD_VERSION="$APPTAINER_VERSION-$APPTAINER_REVISION~$OS_NAME" + +# replace debian related stuffs for debuild +sed -i "s/0.1.0-1/$BUILD_VERSION/g" dist/debian/changelog +sed -i "s/unstable/$OS_NAME/g" dist/debian/changelog +sed -i "s/Placeholder/rebuild for $OS_NAME/g" dist/debian/changelog + +sed -i '82,83d' dist/debian/rules +sed -i "81c \ \ \ \ \ \ \ \ \ \ \ \ tar -xf \$\$HERE/debian/go\$(MINGO_VERSION).\$(GO_ARCH).tar.gz; \\\\" dist/debian/rules +# sed -i '81c \ \ \ tar -xf $$HERE/debian/go$(MINGO_VERSION).$(GO_ARCH).tar.gz; \\' dist/debian/rules +sed -i '31i GOMODCACHE = $${TMPDIR:-/tmp}/appdebgo/modcache' dist/debian/rules +sed -i '9i GO_ARCH := linux-$(shell dpkg --print-architecture)' dist/debian/rules +sed -i 's/GOCACHE=\$(GOCACHE)/GOCACHE=\$(GOCACHE) GOMODCACHE=\$(GOMODCACHE)/g' dist/debian/rules + +# real build +./scripts/ci-docker-run + +# change permission, sign the changes and upload via dput +sudo chown "$USER:$USER" . +sudo chown "$USER:$USER" .. +find . -maxdepth 1 -type f -exec sudo chown -R "$USER:$USER" {} \; +sed -i "s/Changed-By: Gregory M\. Kurtzer <gmkurtzer@gmail\.com>/Changed-By: TSC <tsc@apptainer\.org>/" "apptainer_${BUILD_VERSION}_source.changes" +debsign -p "gpg --pinentry-mode loopback --passphrase $GPG_PASSPHRASE" -S -k "${PPA_SIGN_KEY}" "apptainer_${BUILD_VERSION}_source.changes" +dput -f -U "${TARGET_PPA}" "apptainer_${BUILD_VERSION}_source.changes" ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/apptainer/vendor.tar.gz /work/SRC/openSUSE:Factory/.apptainer.new.11973/vendor.tar.gz differ: char 5, line 1
