commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2024-05-13 17:58:43 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1880 (New) Package is "apptainer" Mon May 13 17:58:43 2024 rev:28 rq:1173668 version:1.3.0 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2024-03-22 15:32:23.870920031 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1880/apptainer.changes 2024-05-13 17:59:12.676369476 +0200 @@ -1,0 +2,11 @@ +Mon May 13 05:36:38 UTC 2024 - Egbert Eich + +- Make sure, digest values handled by the Go library + github.com/opencontainers/go-digest and used throughout the + Go-implemented containers ecosystem are always validated. This + prevents attackers from triggering unexpected authenticated + registry accesses. + * Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch +(CVE-2024-3727, bsc#1224114). + +--- New: Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch BETA DEBUG BEGIN: New: registry accesses. * Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch (CVE-2024-3727, bsc#1224114). BETA DEBUG END: Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.b7wFq3/_old 2024-05-13 17:59:13.568402022 +0200 +++ /var/tmp/diff_new_pack.b7wFq3/_new 2024-05-13 17:59:13.568402022 +0200 @@ -42,6 +42,7 @@ Source20: %{name}-rpmlintrc Source21: vendor.tar.gz Patch1: Remove-signatures-from-Docker-images.patch +Patch100: Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch BuildRequires: cryptsetup BuildRequires: fdupes BuildRequires: gcc ++ Bump-github.com-containers-image-v5-from-5.30.0-to-5.30.1.patch ++ From: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri May 10 15:29:32 2024 + Subject: Bump github.com/containers/image/v5 from 5.30.0 to 5.30.1 Patch-mainline: Upstream Git-repo: https://github.com/apptainer/apptainer Git-commit: 37bcd30d64a934fa78acc838745f5868a4800706 References: bsc#1224114 Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.30.0 to 5.30.1. - [Release notes](https://github.com/containers/image/releases) - [Commits](https://github.com/containers/image/compare/v5.30.0...v5.30.1) Signed-off-by: Egbert Eich --- updated-dependencies: - dependency-name: github.com/containers/image/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8ee607d04..e540f5658 100644 --- a/go.mod +++ b/go.mod @@ -21 +21 @@ require ( - github.com/containers/image/v5 v5.30.0 + github.com/containers/image/v5 v5.30.1 diff --git a/go.sum b/go.sum index 5747de20d..73e76ddd9 100644 --- a/go.sum +++ b/go.sum @@ -88,2 +88,2 @@ github.com/containernetworking/plugins v1.4.1/go.mod h1:n6FFGKcaY4o2o5msgu/UImto -github.com/containers/image/v5 v5.30.0 h1:CmHeSwI6W2kTRWnUsxATDFY5TEX4b58gPkaQcEyrLIA= -github.com/containers/image/v5 v5.30.0/go.mod h1:gSD8MVOyqBspc0ynLsuiMR9qmt8UQ4jpVImjmK0uXfk= +github.com/containers/image/v5 v5.30.1 h1:AKrQMgOKI1oKx5FW5eoU2xoNyzACajHGx1O3qxobvFM= +github.com/containers/image/v5 v5.30.1/go.mod h1:gSD8MVOyqBspc0ynLsuiMR9qmt8UQ4jpVImjmK0uXfk= ++ vendor.tar.gz ++ /work/SRC/openSUSE:Factory/apptainer/vendor.tar.gz /work/SRC/openSUSE:Factory/.apptainer.new.1880/vendor.tar.gz differ: char 12, line 1
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2024-03-22 15:20:22 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1905 (New) Package is "apptainer" Fri Mar 22 15:20:22 2024 rev:27 rq:1160483 version:1.3.0 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2024-03-14 17:46:39.384914681 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1905/apptainer.changes 2024-03-22 15:32:23.870920031 +0100 @@ -1,0 +2,98 @@ +Fri Mar 15 11:20:14 UTC 2024 - Christian Goll + +- Updated apptainer to version 1.3.0 + * FUSE mounts are now supported in setuid mode, enabling full +functionality even when kernel filesystem mounts are insecure due to +unprivileged users having write access to raw filesystems in +containers. When allow `setuid-mount extfs = no` (the default) in +apptainer.conf, then the fuse2fs image driver will be used to mount +ext3 images in setuid mode instead of the kernel driver (ext3 images +are primarily used for the `--overlay` feature), restoring +functionality that was removed by default in Apptainer 1.1.8 because +of the security risk. +The allow `setuid-mount squashfs` configuration option in +`apptainer.conf` now has a new default called `iflimited` which allows +kernel squashfs mounts only if there is at least one `limit container` +option set or if Execution Control Lists are activated in ecl.toml. +If kernel squashfs mounts are are not allowed, then the squashfuse +image driver will be used instead. +`iflimited` is the default because if one of those limits are used +the system administrator ensures that unprivileged users do not have +write access to the containers, but on the other hand using FUSE +would enable a user to theoretically bypass the limits via `ptrace()` +because the FUSE process runs as that user. +The `fuse-overlayfs` image driver will also now be tried in setuid +mode if the kernel overlayfs driver does not work (for example if +one of the layers is a FUSE filesystem). In addition, if `allow +setuid-mount encrypted = no` then the unprivileged gocryptfs format +will be used for encrypting SIF files instead of the kernel +device-mapper. If a SIF file was encrypted using the gocryptfs +format, it can now be mounted in setuid mode in addition to +non-setuid mode. + * Change the default in user namespace mode to use either kernel +overlayfs or fuse-overlayfs instead of the underlay feature for the +purpose of adding bind mount points. That was already the default in +setuid mode; this change makes it consistent. The underlay feature +can still be used with the `--underlay` option, but it is deprecated +because the implementation is complicated and measurements have +shown that the performance of underlay is similar to overlayfs and +fuse-overlayfs. +For now the underlay feature can be made the default again with a +new `preferred` value on the `enable underlay` configuration option. +Also the `--underlay` option can be used in setuid mode or as the +root user, although it was ignored previously. + * Prefer again to use kernel overlayfs over fuse-overlayfs when a +lower layer is FUSE and there's no writable upper layer, undoing the +change from 1.2.0. Another workaround was found for the problem that +change addressed. This applies in both setuid mode and in user +namespace mode. + * `--cwd` is now the preferred form of the flag for setting the +container's working directory, though `--pwd` is still supported for +compatibility. + * The way `--home` is handled when running as root (e.g. sudo apptainer) +or with `--fakeroot` has changed. Previously, we were only modifying +the `HOME` environment variable in these cases, while leaving the +container's `/etc/passwd` file unchanged (with its homedir field +pointing to `/root`, regardless of the value passed to `--home`). With +this change, both value of HOME and the contents of `/etc/passwd` in +the container will reflect the value passed to `--home` if the +container is readonly. If the container is writable, the +`/etc/passwd` file is left alone because it can interfere with +commands that want to modify it. + * The `--vm` and related flags to start apptainer inside a VM have been +removed. This functionality was related to the retired Singularity Desktop +/ SyOS projects. + * The keyserver-related commands that were under `remote` have been moved to +their own, dedicated `keyserver` command. Run `apptainer help keyserver` +for more information. + * The commands
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2024-02-02 15:48:00 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1815 (New) Package is "apptainer" Fri Feb 2 15:48:00 2024 rev:25 rq:1143604 version:1.2.5 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2024-02-01 18:05:52.520149323 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1815/apptainer.changes 2024-02-02 15:48:37.571620043 +0100 @@ -29,0 +30 @@ +- Package .def templates separately for different SPs. Old: SLE.def leap.def New: Leap.def SLE-15SP5.def SUSE.def Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.t6ud2w/_old 2024-02-02 15:48:38.183642291 +0100 +++ /var/tmp/diff_new_pack.t6ud2w/_new 2024-02-02 15:48:38.183642291 +0100 @@ -35,9 +35,10 @@ Conflicts: singularity-runtime Source0: https://github.com/apptainer/apptainer/archive/v%{version}%{?vers_suffix}/apptainer-%{version}%{?vers_suffix}.tar.gz Source1:README.SUSE -Source2:SLE-15SP6.def -Source3:SLE.def -Source4:leap.def +Source2:SUSE.def +Source3:SLE-15SP5.def +Source4:SLE-15SP6.def +Source5:Leap.def Source20: %{name}-rpmlintrc Source21: vendor.tar.gz BuildRequires: cryptsetup @@ -56,6 +57,10 @@ Requires: squashfs Requires: squashfuse Recommends: fuse2fs +Requires: (apptainer-leap if product(Leap) = 15.5) +Requires: (apptainer-sle15_5 if product(SUSE_SLE) = 15.5) +Requires: (apptainer-sle15_6 if product(SUSE_SLE) = 15.6) + # Needed for container decryption in userspace, upstream rpms include this # but factory should have this seperately Recommends: gocryptfs @@ -68,9 +73,36 @@ Apptainer provides functionality to make portable containers that can be used across host environments. +%package sle15_5 +Summary:Apptainer Definition File Templates for SLE 15 SP5 +BuildArch: noarch +Requires: apptainer + +%description sle15_5 +The package provides a definition file template for Apptainer containers +based on SUSE Linux Enterprise 15 SP5. + +%package sle15_6 +Summary:Apptainer Definition File Templates for SLE 15 SP6 +BuildArch: noarch +Requires: apptainer + +%description sle15_6 +The package provides a definition file template for Apptainer containers +based on SUSE Linux Enterprise 15 SP6. + +%package leap +Summary:Apptainer Definition File Templates for current openSUSE Leap +BuildArch: noarch +Requires: apptainer + +%description leap +The package provides a definition file template for Apptainer containers +based on the latest openSUSE Leap release. + %prep %setup -q -n %{name}-%{version}%{?vers_suffix} -cp %{S:1} %{S:2} %{S:3} %{S:4} . +cp %{S:1} . %build @@ -105,6 +137,8 @@ export PATH=$GOPATH/bin:$PATH %make_install -C builddir V= +install -d -m 0755 %{buildroot}/%{_datarootdir}/apptainer/templates +install -m 0644 %{S:2} %{S:3} %{S:4} %{S:5} %{buildroot}/%{_datarootdir}/apptainer/templates %fdupes apptainer/examples %fdupes -s %buildroot @@ -116,8 +150,6 @@ %doc CHANGELOG.md %doc CONTRIBUTORS.md %doc %{basename:%{S:1}} -%doc %{basename:%{S:2}} -%doc %{basename:%{S:3}} %license LICENSE.md %license LICENSE_THIRD_PARTY.md %license LICENSE_DEPENDENCIES.md @@ -126,9 +158,12 @@ %dir %{_libexecdir}/apptainer/bin %dir %{_libexecdir}/apptainer/cni %dir %{_libexecdir}/apptainer/lib +%dir %{_datarootdir}/apptainer +%dir %{_datarootdir}/apptainer/templates %{_libexecdir}/apptainer/bin/starter %{_libexecdir}/apptainer/lib/offsetpreload.so %{_libexecdir}/apptainer/cni/* +%{_datarootdir}/apptainer/templates/%{basename:%{S:2}} %dir %{_sysconfdir}/apptainer %config(noreplace) %{_sysconfdir}/apptainer/capability.json %config(noreplace) %{_sysconfdir}/apptainer/cgroups @@ -147,3 +182,12 @@ %dir %{_localstatedir}/lib/apptainer/mnt/session %{_mandir}/man1/* +%files sle15_5 +%{_datarootdir}/apptainer/templates/%{basename:%{S:3}} + +%files sle15_6 +%{_datarootdir}/apptainer/templates/%{basename:%{S:4}} + +%files leap +%{_datarootdir}/apptainer/templates/%{basename:%{S:5}} + ++ Leap.def ++ Bootstrap: zypper MirrorURL: http://download.opensuse.org/distribution/openSUSE-stable/repo/oss Include: zypper %post echo "Hello from post boot strap" zypper in -y vim ++ README.SUSE ++ --- /var/tmp/diff_new_pack.t6ud2w/_old 2024-02-02 15:48:38.239644327 +0100 +++ /var/tmp/diff_new_pack.t6ud2w/_new 2024-02-02 15:48:38.243644472 +0100 @@ -12,15 +12,15 @@ SLE version and service
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-10-27 22:27:52 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.17445 (New) Package is "apptainer" Fri Oct 27 22:27:52 2023 rev:23 rq:1120777 version:1.2.3 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-09-28 00:30:23.663282854 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.17445/apptainer.changes 2023-10-27 22:28:14.075605571 +0200 @@ -1,0 +2,11 @@ +Tue Oct 24 06:02:44 UTC 2023 - Egbert Eich + +- Do not build squashfuse, require it as a dependency. + Removed: squashfuse-0.1.105.tar.gz, 70.patch +- Replace awkward 'Obsoletes: singularity-*' as well as the + 'Provides: Singularity' by 'Conflicts:' and drop the provides - + the versioning scheme does not match and we do not automatically + migrate from one to the other. +- Exclude platforms which do not provide all build dependencies. + +--- Old: 70.patch squashfuse-0.1.105.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.5oGWO2/_old 2023-10-27 22:28:14.791631833 +0200 +++ /var/tmp/diff_new_pack.5oGWO2/_new 2023-10-27 22:28:14.791631833 +0200 @@ -19,9 +19,6 @@ %define apptainerpath src/github.com/apptainer/ %define _buildshell /bin/bash -%global squashfuse_version 0.1.105 -#%%define vers_suffix -rc.1 - Summary:Application and environment virtualization # CRYPTOGAMS isn't known in OBS #License:BSD-3-Clause-LBNL and (OpenSSL or CRYPTOGAMS) @@ -32,8 +29,10 @@ Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org -Provides: singularity Obsoletes: singularity <= 3.8.5 +Conflicts: singularity +Conflicts: singularity-ce +Conflicts: singularity-runtime Source0: https://github.com/apptainer/apptainer/archive/v%{version}%{?vers_suffix}/apptainer-%{version}%{?vers_suffix}.tar.gz Source1:README.SUSE Source2:SLE-12SP5.def @@ -42,10 +41,6 @@ Source5:leap.def Source8:%{name}-rpmlintrc Source9:vendor.tar.gz -%if "%{?squashfuse_version}" != "" -Source10: https://github.com/vasi/squashfuse/archive/%{squashfuse_version}/squashfuse-%{squashfuse_version}.tar.gz -Patch10:https://github.com/vasi/squashfuse/pull/70.patch -%endif BuildRequires: cryptsetup BuildRequires: fdupes BuildRequires: gcc @@ -59,51 +54,26 @@ BuildRequires: binutils-gold %endif BuildRequires: libseccomp-devel -%if "%{?squashfuse_version}" != "" -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: fuse3-devel -BuildRequires: libtool -BuildRequires: pkgconfig -BuildRequires: pkgconfig(liblz4) -BuildRequires: pkgconfig(liblzma) -%endif Requires: squashfs +Requires: squashfuse Recommends: fuse2fs # Needed for container decryption in userspace, upstream rpms include this # but factory should have this seperately Recommends: gocryptfs PreReq: permissions -# there's no golang for ppc64, ppc64le does not have non pie builds -ExcludeArch:ppc64 ppc64le - -Obsoletes: singularity -Obsoletes: singularity-ce -Obsoletes: singularity-runtime +# there's no golang for ppc64 & %ix86, ppc64le does not have non pie builds +ExcludeArch:ppc64 ppc64le %ix86 s390 s390x %description -Singularity provides functionality to make portable +Apptainer provides functionality to make portable containers that can be used across host environments. %prep -%if "%{?squashfuse_version}" != "" -# the default directory for other steps is where the %prep section ends -# so do main package last -%setup -b 10 -n squashfuse-%{squashfuse_version} -%patch -P 10 -p1 -%endif %setup -q -n %{name}-%{version}%{?vers_suffix} cp %{S:1} %{S:2} %{S:3} %{S:4} %{S:5} . %build -%if "%{?squashfuse_version}" != "" -pushd ../squashfuse-%{squashfuse_version} -./autogen.sh -FLAGS=-std=c99 ./configure --enable-multithreading -%make_build squashfuse_ll -popd -%endif # create VERSION file echo %version > VERSION @@ -121,7 +91,7 @@ --includedir=%{_includedir} \ --libdir=%{_libdir} \ --libexecdir=%{_libexecdir} \ ---localstatedir=%{_localstatedir} \ +--localstatedir=%{_localstatedir}/lib \ --sharedstatedir=%{_sharedstatedir} \ --mandir=%{_mandir} \ --infodir=%{_infodir} \ @@ -137,10 +107,6 @@ %make_install -C builddir V= -%if "%{?squashfuse_version}" != "" -install -m 755 ../squashfuse-%{squashfuse_version}/squashfuse_ll
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-09-28 00:25:00 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.23327 (New) Package is "apptainer" Thu Sep 28 00:25:00 2023 rev:22 rq:1113853 version:1.2.3 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-07-28 22:20:42.209322419 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.23327/apptainer.changes 2023-09-28 00:30:23.663282854 +0200 @@ -1,0 +2,25 @@ +Wed Sep 27 10:17:11 UTC 2023 - Christian Goll + +- removed CRYPTOGAMS license as not known in OBS and OpenSSL is + also valid + +--- +Mon Sep 25 08:57:57 UTC 2023 - Christian Goll + +- updated to 1.2.3 with following changes: + * The apptainer push/pull commands now show a progress bar for the oras +protocol like there was for docker and library protocols. + * The --nv and --rocm flags can now be used simultaneously. + * Fix the use of APPTAINER_CONFIGDIR with apptainer instance start and action +commands that refer to instance://. + * Fix the issue that apptainer would not read credentials from the Docker +fallback path ~/.docker/config.json if missing in the apptainer +credentials. + +--- +Tue Aug 29 15:34:36 UTC 2023 - Lubos Kocman + +- Update license for the package to cover also OpenSSL and CRYPTOGAMS + part of chacha_ppc64le.s + +--- Old: apptainer-1.2.2.tar.gz New: apptainer-1.2.3.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.Lsb2Lg/_old 2023-09-28 00:30:25.435346818 +0200 +++ /var/tmp/diff_new_pack.Lsb2Lg/_new 2023-09-28 00:30:25.435346818 +0200 @@ -23,10 +23,12 @@ #%%define vers_suffix -rc.1 Summary:Application and environment virtualization -License:BSD-3-Clause-LBNL +# CRYPTOGAMS isn't known in OBS +#License:BSD-3-Clause-LBNL and (OpenSSL or CRYPTOGAMS) +License:BSD-3-Clause-LBNL AND OpenSSL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.2.2 +Version:1.2.3 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.2.2.tar.gz -> apptainer-1.2.3.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.2.2/.github/workflows/ci.yml new/apptainer-1.2.3/.github/workflows/ci.yml --- old/apptainer-1.2.2/.github/workflows/ci.yml2023-07-27 18:28:18.0 +0200 +++ new/apptainer-1.2.3/.github/workflows/ci.yml2023-09-14 17:00:48.0 +0200 @@ -324,7 +324,7 @@ # See https://github.com/apptainer/apptainer/issues/796 - name: Update fuse-overlayfs version run: | - sudo sh -c "echo 'deb http://archive.ubuntu.com/ubuntu kinetic universe' >/etc/apt/sources.list.d/kinetic.list" + sudo sh -c "echo 'deb http://old-releases.ubuntu.com/ubuntu kinetic universe' >/etc/apt/sources.list.d/kinetic.list" sudo apt-get -q update && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y fuse-overlayfs - name: Enable full cgroups v2 delegation diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.2.2/CHANGELOG.md new/apptainer-1.2.3/CHANGELOG.md --- old/apptainer-1.2.2/CHANGELOG.md2023-07-27 18:28:18.0 +0200 +++ new/apptainer-1.2.3/CHANGELOG.md2023-09-14 17:00:48.0 +0200 @@ -5,11 +5,24 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.2.3 - \[2023-09-14\] + +- The `apptainer push/pull` commands now show a progress bar for the oras + protocol like there was for docker and library protocols. +- The `--nv` and `--rocm` flags can now be used simultaneously. +- Fix the use of `APPTAINER_CONFIGDIR` with `apptainer instance start` + and action commands that refer to `instance://`. +- Ignore undefined macros, to fix yum bootstrap agent on el7. +- Fix the issue that apptainer would not read credentials from the Docker + fallback path `~/.docker/config.json` if missing in the apptainer + credentials. + ## v1.2.2 - \[2023-07-27\] - Fix `$APPTAINER_MESSAGELEVEL` to correctly set the logging level. - Fix build failures when in setuid mode and unprivileged user namespaces are unavailable and the `--fakeroot`
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-07-28 22:20:38 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.32662 (New) Package is "apptainer" Fri Jul 28 22:20:38 2023 rev:21 rq:1101201 version:1.2.2 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-07-26 13:26:04.000768301 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.32662/apptainer.changes 2023-07-28 22:20:42.209322419 +0200 @@ -1,0 +2,8 @@ +Fri Jul 28 13:39:30 UTC 2023 - Christian Goll + +- updated to 1.2.2 with following changes: + * Fix $APPTAINER_MESSAGELEVEL to correctly set the logging level. + * Fix build failures when in setuid mode and unprivileged user namespaces are +unavailable and the --fakeroot option is not selected. + +--- Old: apptainer-1.2.1.tar.gz New: apptainer-1.2.2.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.xST4X0/_old 2023-07-28 22:20:43.205328472 +0200 +++ /var/tmp/diff_new_pack.xST4X0/_new 2023-07-28 22:20:43.209328497 +0200 @@ -26,7 +26,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.2.1 +Version:1.2.2 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.2.1.tar.gz -> apptainer-1.2.2.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.2.1/CHANGELOG.md new/apptainer-1.2.2/CHANGELOG.md --- old/apptainer-1.2.1/CHANGELOG.md2023-07-24 22:33:41.0 +0200 +++ new/apptainer-1.2.2/CHANGELOG.md2023-07-27 18:28:18.0 +0200 @@ -5,6 +5,12 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.2.2 - \[2023-07-27\] + +- Fix `$APPTAINER_MESSAGELEVEL` to correctly set the logging level. +- Fix build failures when in setuid mode and unprivileged user namespaces + are unavailable and the `--fakeroot` option is not selected. + ## v1.2.1 - \[2023-07-24\] ### Security fix diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.2.1/INSTALL.md new/apptainer-1.2.2/INSTALL.md --- old/apptainer-1.2.1/INSTALL.md 2023-07-24 22:33:41.0 +0200 +++ new/apptainer-1.2.2/INSTALL.md 2023-07-27 18:28:18.0 +0200 @@ -137,7 +137,7 @@ for example: ```sh -git checkout v1.2.1 +git checkout v1.2.2 ``` ## Compiling Apptainer @@ -272,7 +272,7 @@ ```sh -VERSION=1.2.1 # this is the apptainer version, change as you need +VERSION=1.2.2 # this is the apptainer version, change as you need # Fetch the source wget https://github.com/apptainer/apptainer/releases/download/v${VERSION}/apptainer-${VERSION}.tar.gz ``` @@ -324,7 +324,7 @@ ```sh -VERSION=1.2.1 # this is the latest apptainer version, change as you need +VERSION=1.2.2 # this is the latest apptainer version, change as you need ./mconfig make -C builddir rpm sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/apptainer-$(echo $VERSION|tr - \~)*.x86_64.rpm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.2.1/cmd/internal/cli/apptainer.go new/apptainer-1.2.2/cmd/internal/cli/apptainer.go --- old/apptainer-1.2.1/cmd/internal/cli/apptainer.go 2023-07-24 22:33:41.0 +0200 +++ new/apptainer-1.2.2/cmd/internal/cli/apptainer.go 2023-07-27 18:28:18.0 +0200 @@ -15,11 +15,13 @@ "context" "fmt" "io" + "math" "os" "os/exec" "os/signal" "os/user" "path/filepath" + "strconv" "strings" "text/template" @@ -271,18 +273,26 @@ func setSylogMessageLevel() { var level int + l, err := strconv.Atoi(env.GetenvLegacy("MESSAGELEVEL", "MESSAGELEVEL")) + if err == nil { + level = l + } + if debug { level = 5 // Propagate debug flag to nested `apptainer` calls. os.Setenv("APPTAINER_DEBUG", "1") } else if verbose { level = 4 + os.Setenv("APPTAINER_VERBOSE", "1") } else if quiet { level = -1 + os.Setenv("APPTAINER_QUIET", "1") } else if silent { level = -3 + os.Setenv("APPTAINER_SILENT", "1") } else { - level = 1 +
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-07-26 13:24:51 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.15225 (New) Package is "apptainer" Wed Jul 26 13:24:51 2023 rev:20 rq:1100792 version:1.2.1 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-07-25 11:52:47.454045366 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.15225/apptainer.changes 2023-07-26 13:26:04.000768301 +0200 @@ -1,0 +2,6 @@ +Wed Jul 26 07:33:42 UTC 2023 - Christian Goll + +- updated to 1.2.1 to fix CVE-2023-38496 although not relevant as package is + compiled with setuid + +--- Old: apptainer-1.2.0.tar.gz New: apptainer-1.2.1.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.Yt9ahQ/_old 2023-07-26 13:26:04.784773032 +0200 +++ /var/tmp/diff_new_pack.Yt9ahQ/_new 2023-07-26 13:26:04.792773081 +0200 @@ -26,7 +26,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.2.0 +Version:1.2.1 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.2.0.tar.gz -> apptainer-1.2.1.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.2.0/CHANGELOG.md new/apptainer-1.2.1/CHANGELOG.md --- old/apptainer-1.2.0/CHANGELOG.md2023-07-18 17:19:51.0 +0200 +++ new/apptainer-1.2.1/CHANGELOG.md2023-07-24 22:33:41.0 +0200 @@ -5,6 +5,18 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.2.1 - \[2023-07-24\] + +### Security fix + +- Included a fix for + [security advisory GHSA-mmx5-32m4-wxvx](https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx) + which describes an ineffective privilege drop when requesting a + container network with a setuid installation of Apptainer. + The vulnerability allows an attacker to delete any directory on the + host filesystems with a crafted starter config. + Only affects v1.2.0-rc.2 and v1.2.0. + ## v1.2.0 - \[2023-07-18\] Changes since v1.1.9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.2.0/INSTALL.md new/apptainer-1.2.1/INSTALL.md --- old/apptainer-1.2.0/INSTALL.md 2023-07-18 17:19:51.0 +0200 +++ new/apptainer-1.2.1/INSTALL.md 2023-07-24 22:33:41.0 +0200 @@ -137,7 +137,7 @@ for example: ```sh -git checkout v1.2.0 +git checkout v1.2.1 ``` ## Compiling Apptainer @@ -272,7 +272,7 @@ ```sh -VERSION=1.2.0 # this is the apptainer version, change as you need +VERSION=1.2.1 # this is the apptainer version, change as you need # Fetch the source wget https://github.com/apptainer/apptainer/releases/download/v${VERSION}/apptainer-${VERSION}.tar.gz ``` @@ -324,7 +324,7 @@ ```sh -VERSION=1.2.0 # this is the latest apptainer version, change as you need +VERSION=1.2.1 # this is the latest apptainer version, change as you need ./mconfig make -C builddir rpm sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/apptainer-$(echo $VERSION|tr - \~)*.x86_64.rpm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.2.0/go.mod new/apptainer-1.2.1/go.mod --- old/apptainer-1.2.0/go.mod 2023-07-18 17:19:51.0 +0200 +++ new/apptainer-1.2.1/go.mod 2023-07-24 22:33:41.0 +0200 @@ -29,7 +29,7 @@ github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc4 github.com/opencontainers/runc v1.1.7 - github.com/opencontainers/runtime-spec v1.1.0-rc.3 + github.com/opencontainers/runtime-spec v1.1.0 github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 github.com/opencontainers/selinux v1.11.0 github.com/opencontainers/umoci v0.4.7 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.2.0/go.sum new/apptainer-1.2.1/go.sum --- old/apptainer-1.2.0/go.sum 2023-07-18 17:19:51.0 +0200 +++ new/apptainer-1.2.1/go.sum 2023-07-24 22:33:41.0 +0200 @@ -433,8 +433,8 @@ github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20200710190001-3e4195d92445/go.mod
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-07-25 11:51:03 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1467 (New) Package is "apptainer" Tue Jul 25 11:51:03 2023 rev:19 rq:1100359 version:1.2.0 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-07-18 22:07:44.262859304 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1467/apptainer.changes 2023-07-25 11:52:47.454045366 +0200 @@ -1,0 +2,78 @@ +Wed Jun 14 08:34:27 UTC 2023 - Christian Goll + +- update to 1.2.0 with following changes: + * binary is built reproducible which disables plugins + * Create the current working directory in a container when it doesn't exist. +This restores behavior as it was before singularity 3.6.0. As a result, +using --no-mount home won't have any effect when running apptainer from a +home directory and will require --no-mount home,cwd to avoid mounting that +directory. + * Handle current working directory paths containing symlinks both on the host +and in a container but pointing to different destinations. If detected, the +current working directory is not mounted when the destination directory in +the container exists. + * Destination mount points are now sorted by shortest path first to ensure +that a user bind doesn't override a previous bind path when set in +arbitrary order on the CLI. This is also applied to image binds. + * When the kernel supports unprivileged overlay mounts in a user namespace, +the container will be constructed by default using an overlay instead of an +underlay layout for bind mounts. A new --underlay action option can be used +to prefer underlay instead of overlay. + * sessiondir maxsize in apptainer.conf now defaults to 64 MiB for new +installations. This is an increase from 16 MiB in prior versions. + * The apptainer cache is now architecture aware, so the same home directory +cache can be shared by machines with different architectures. + * Overlay is blocked on the panfs filesystem, allowing sandbox directories to +be run from panfs without error. + * Lookup and store user/group information in stage one prior to entering any +namespaces, to fix an issue with winbind not correctly looking up +user/group information when using user namespaces. +- New features / functionalities + * Support for unprivileged encryption of SIF files using gocryptfs. This is +not compatible with privileged encryption, so containers encrypted by root +need to be rebuilt by an unprivileged user. + * Templating support for definition files. Users can now define variables in +definition files via a matching pair of double curly brackets. Variables of +the form {{ variable }} will be replaced by a value defined either by a +variable=value entry in the %arguments section of the definition file or +through new build options --build-arg or --build-arg-file. + * Add a new instance run command that will execute the runscript when an +instance is initiated instead of executing the startscript. + * The sign and verify commands now support signing and verification with +non-PGP key material by specifying the path to a private key via the --key +flag. + * The verify command now supports verification with X.509 certificates by +specifying the path to a certificate via the --certificate flag. By +default, the system root certificate pool is used as trust anchors unless +overridden via the --certificate-roots flag. A pool of intermediate +certificates that are not trust anchors, but can be used to form a +certificate chain, can also be specified via the +--certificate-intermediates flag. + * Support for online verification checks of X.509 certificates using OCSP +protocol via the new verify --ocsp-verify option. + * The instance stats command displays the resource usage every second. The +--no-stream option disables this interactive mode and shows the +point-in-time usage. + * Instances are now started in a cgroup by default, when run as root or when +unified cgroups v2 with systemd as manager is configured. This allows +apptainer instance stats to be supported by default when possible. + * The instance start command now accepts an optional --app argument +which invokes a start script within the %appstart section in the +definition file. The instance stop command still only requires the instance +name. + * The instance name is now available inside an instance via the new +APPTAINER_INSTANCE environment variable. + * The --no-mount flag now accepts the value bind-paths to disable mounting of +all
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-07-18 22:07:32 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.3193 (New) Package is "apptainer" Tue Jul 18 22:07:32 2023 rev:18 rq:1099096 version:1.1.9 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-04-28 16:24:39.822463887 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.3193/apptainer.changes 2023-07-18 22:07:44.262859304 +0200 @@ -1,0 +2,14 @@ +Tue Jun 13 14:00:33 UTC 2023 - Christian Goll + +- update to 1.1.9 with following changes: + * Remove warning about unknown xino=on option from fuse-overlayfs, introduced +in 1.1.8. + * Ignore extraneous warning from fuse-overlayfs about a readonly /proc. + * Fix dropped "n" characters on some platforms in definition file stored as +part of SIF metadata. + * Remove duplicated group ids. + * Fix not being able to handle multiple entries in LD_PRELOAD when binding +fakeroot into container during apptainer startup for --fakeroot with +fakeroot command. + +--- Old: apptainer-1.1.8.tar.gz New: apptainer-1.1.9.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.wuMuSO/_old 2023-07-18 22:07:44.978863307 +0200 +++ /var/tmp/diff_new_pack.wuMuSO/_new 2023-07-18 22:07:44.982863329 +0200 @@ -25,7 +25,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.1.8 +Version:1.1.9 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.1.8.tar.gz -> apptainer-1.1.9.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/CHANGELOG.md new/apptainer-1.1.9/CHANGELOG.md --- old/apptainer-1.1.8/CHANGELOG.md2023-04-25 17:50:20.0 +0200 +++ new/apptainer-1.1.9/CHANGELOG.md2023-06-07 17:51:35.0 +0200 @@ -5,11 +5,25 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.1.9 - \[2023-06-07\] + +### Bug fixes + +- Remove warning about unknown `xino=on` option from fuse-overlayfs, + introduced in 1.1.8. +- Ignore extraneous warning from fuse-overlayfs about a readonly `/proc`. +- Fix dropped "n" characters on some platforms in definition file stored as part + of SIF metadata. +- Remove duplicated group ids. +- Fix not being able to handle multiple entries in `LD_PRELOAD` when + binding fakeroot into container during apptainer startup for --fakeroot + with fakeroot command. + ## v1.1.8 - \[2023-04-25\] ### Security fix -- Included a fix for [CVE-2023-30549](https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7) +- Included a fix for [CVE-2023-30549](https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg) which is a vulnerability in setuid-root installations of Apptainer and Singularity that causes an elevation in severity of an existing ext4 filesystem driver vulnerability that is unpatched in several diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/CODE_OF_CONDUCT.md new/apptainer-1.1.9/CODE_OF_CONDUCT.md --- old/apptainer-1.1.8/CODE_OF_CONDUCT.md 2023-04-25 17:50:20.0 +0200 +++ new/apptainer-1.1.9/CODE_OF_CONDUCT.md 2023-06-07 17:51:35.0 +0200 @@ -55,7 +55,7 @@ ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project leader (gmkurt...@gmail.com). All +reported by contacting the project leader (`gmkurt...@gmail.com`). All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.8/CONTRIBUTORS.md new/apptainer-1.1.9/CONTRIBUTORS.md --- old/apptainer-1.1.8/CONTRIBUTORS.md 2023-04-25 17:50:20.0 +0200 +++ new/apptainer-1.1.9/CONTRIBUTORS.md 2023-06-07 17:51:35.0 +0200 @@ -81,6 +81,7 @@ - Satish Chebrolu - Shane Loretz , - Shengjing Zhu +- Subil Abraham - Tarcisio Fedrizzi - Thomas Hamel - Tim Wright <7im.wri...@protonmail.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore'
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-04-28 16:23:41 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1533 (New) Package is "apptainer" Fri Apr 28 16:23:41 2023 rev:17 rq:1083268 version:1.1.8 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-03-29 23:28:07.343752744 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1533/apptainer.changes 2023-04-28 16:24:39.822463887 +0200 @@ -1,0 +2,19 @@ +Thu Apr 27 12:59:22 UTC 2023 - Christian Goll + +- Included a fix for CVE-2023-30549 which is a vulnerability in setuid-root + installations of Apptainer iwhich was not active in the recent openSUSE + packages. Still this is included for completenss. The fix adds allow + setuid-mount configuration options encrypted, squashfs, and extfs, and makes + the default for extfs be "no". That disables the use of extfs mounts + including for overlays or binds while in the setuid-root mode, while leaving + it enabled for unprivileged user namespace mode. The default for encrypted + and squashfs is "yes". +- Other bug fixes: + * Fix loop device 'no such device or address' spurious errors when using shared +loop devices. + * Add xino=on mount option for writable kernel overlay mount points to fix +inode numbers consistency after kernel cache flush (not applicable to +fuse-overlayfs). + + +--- Old: apptainer-1.1.7.tar.gz New: apptainer-1.1.8.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.sMCmqG/_old 2023-04-28 16:24:43.114483102 +0200 +++ /var/tmp/diff_new_pack.sMCmqG/_new 2023-04-28 16:24:43.118483125 +0200 @@ -25,7 +25,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.1.7 +Version:1.1.8 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.1.7.tar.gz -> apptainer-1.1.8.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.7/CHANGELOG.md new/apptainer-1.1.8/CHANGELOG.md --- old/apptainer-1.1.7/CHANGELOG.md2023-03-28 22:17:08.0 +0200 +++ new/apptainer-1.1.8/CHANGELOG.md2023-04-25 17:50:20.0 +0200 @@ -5,6 +5,31 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.1.8 - \[2023-04-25\] + +### Security fix + +- Included a fix for [CVE-2023-30549](https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7) + which is a vulnerability in setuid-root installations of Apptainer + and Singularity that causes an elevation in severity of an existing + ext4 filesystem driver vulnerability that is unpatched in several + older but still actively supported operating systems including RHEL7, + Debian 10, Ubuntu 18.04 and Ubuntu 20.04. + The fix adds `allow setuid-mount` configuration options `encrypted`, + `squashfs`, and `extfs`, and makes the default for `extfs` be "no". + That disables the use of extfs mounts including for overlays or + binds while in the setuid-root mode, while leaving it enabled for + unprivileged user namespace mode. + The default for `encrypted` and `squashfs` is "yes". + +### Other changes + +- Fix loop device 'no such device or address' spurious errors when using shared + loop devices. +- Remove unwanted colors to STDERR. +- Add `xino=on` mount option for writable kernel overlay mount points to fix + inode numbers consistency after kernel cache flush (not applicable to fuse-overlayfs). + ## v1.1.7 - \[2023-03-28\] ### Changes since last release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.7/INSTALL.md new/apptainer-1.1.8/INSTALL.md --- old/apptainer-1.1.7/INSTALL.md 2023-03-28 22:17:08.0 +0200 +++ new/apptainer-1.1.8/INSTALL.md 2023-04-25 17:50:20.0 +0200 @@ -137,7 +137,7 @@ for example: ```sh -git checkout v1.1.7 +git checkout v1.1.8 ``` ## Compiling Apptainer @@ -259,7 +259,7 @@ ```sh -VERSION=1.1.7 # this is the apptainer version, change as you need +VERSION=1.1.8 # this is the apptainer version, change as you need # Fetch the source wget https://github.com/apptainer/apptainer/releases/download/v${VERSION}/apptainer-${VERSION}.tar.gz ``` @@ -308,7 +308,7 @@ ```sh -VERSION=1.1.7 # this is the
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-03-29 23:28:06 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.31432 (New) Package is "apptainer" Wed Mar 29 23:28:06 2023 rev:16 rq:1075177 version:1.1.7 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-03-08 14:54:18.891245285 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.31432/apptainer.changes 2023-03-29 23:28:07.343752744 +0200 @@ -1,0 +2,17 @@ +Wed Mar 29 08:14:47 UTC 2023 - Christian Goll + +- updated to 1.1.7 with following changes: + * removed simpler-sif-building.patch as this was incoperated upstream + * Allow gpu options such as --nv to be nested by always inheriting all +libraries bound in to a parent container's /.singularity.d/libs. + * Map the user's home directory to the root home directory by default in the +non-subuid fakeroot mode like it was in the subuid fakeroot mode, for both +action commands and building containers from definition files. + * Make the error message more helpful in another place where a remote is +found to have no library client. + * Avoid incorrect error when requesting fakeroot network. + * Pass computed LD_LIBRARY_PATH to wrapped unsquashfs. Fixes issues where +unsquashfs on host uses libraries in non-default paths. + + +--- Old: apptainer-1.1.6.tar.gz simpler-sif-building.patch New: apptainer-1.1.7.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.UfMsZv/_old 2023-03-29 23:28:08.047756506 +0200 +++ /var/tmp/diff_new_pack.UfMsZv/_new 2023-03-29 23:28:08.051756528 +0200 @@ -25,7 +25,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.1.6 +Version:1.1.7 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org @@ -39,7 +39,6 @@ Source5:leap.def Source8:%{name}-rpmlintrc Source9:vendor.tar.gz -Patch1: simpler-sif-building.patch %if "%{?squashfuse_version}" != "" Source10: https://github.com/vasi/squashfuse/archive/%{squashfuse_version}/squashfuse-%{squashfuse_version}.tar.gz Patch10:https://github.com/vasi/squashfuse/pull/70.patch @@ -63,7 +62,8 @@ BuildRequires: fuse3-devel BuildRequires: libtool BuildRequires: pkgconfig -BuildRequires: zlib-devel +BuildRequires: pkgconfig(liblz4) +BuildRequires: pkgconfig(liblzma) %endif Requires: squashfs Recommends: fuse2fs @@ -88,7 +88,6 @@ %patch -P 10 -p1 %endif %setup -q -n %{name}-%{version} -%patch1 -p 1 cp %{S:1} %{S:2} %{S:3} %{S:4} %{S:5} . %build ++ apptainer-1.1.6.tar.gz -> apptainer-1.1.7.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.6/CHANGELOG.md new/apptainer-1.1.7/CHANGELOG.md --- old/apptainer-1.1.6/CHANGELOG.md2023-02-14 18:57:18.0 +0100 +++ new/apptainer-1.1.7/CHANGELOG.md2023-03-28 22:17:08.0 +0200 @@ -5,6 +5,28 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.1.7 - \[2023-03-28\] + +### Changes since last release + +- Allow gpu options such as `--nv` to be nested by always inheriting all + libraries bound in to a parent container's `/.singularity.d/libs`. +- Map the user's home directory to the root home directory by default in the + non-subuid fakeroot mode like it was in the subuid fakeroot mode, for both + action commands and building containers from definition files. +- Avoid `unknown option` error when using a bare squashfs image with + an unpatched `squashfuse_ll`. +- Fix `GOCACHE` settings for golang build on PPA build environment. +- Make the error message more helpful in another place where a remote is found + to have no library client. +- Allow symlinks to the compiled prefix for suid installations. Fixes a + regression introduced in 1.1.4. +- Avoid incorrect error when requesting fakeroot network. +- Build via zypper on SLE systems will use repositories of host via + suseconnect-container. +- Pass computed `LD_LIBRARY_PATH` to wrapped unsquashfs. Fixes issues where + `unsquashfs` on host uses libraries in non-default paths. + ## v1.1.6 - \[2023-02-14\] ### Security fix diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.6/CONTRIBUTORS.md
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-03-08 14:54:18 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.31432 (New) Package is "apptainer" Wed Mar 8 14:54:18 2023 rev:15 rq:1070160 version:1.1.6 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-02-16 16:56:31.154860669 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.31432/apptainer.changes 2023-03-08 14:54:18.891245285 +0100 @@ -1,0 +2,9 @@ +Fri Feb 24 13:22:57 UTC 2023 - Christian Goll + +- added simple sif building for SLE systems via suseconnect-container +- added files: + * simpler-sif-building.patch + * SLE-12SP5.def + * leap.def + +--- Old: SLE-15SP3.def New: SLE-15SP5.def SLE.def leap.def simpler-sif-building.patch Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.EYqwC5/_old 2023-03-08 14:54:19.439248269 +0100 +++ /var/tmp/diff_new_pack.EYqwC5/_new 2023-03-08 14:54:19.443248291 +0100 @@ -34,9 +34,12 @@ Source0: https://github.com/apptainer/apptainer/archive/v%{version}%{?vers_suffix}/apptainer-%{version}%{?vers_suffix}.tar.gz Source1:README.SUSE Source2:SLE-12SP5.def -Source3:SLE-15SP3.def -Source5:%{name}-rpmlintrc +Source3:SLE-15SP5.def +Source4:SLE.def +Source5:leap.def +Source8:%{name}-rpmlintrc Source9:vendor.tar.gz +Patch1: simpler-sif-building.patch %if "%{?squashfuse_version}" != "" Source10: https://github.com/vasi/squashfuse/archive/%{squashfuse_version}/squashfuse-%{squashfuse_version}.tar.gz Patch10:https://github.com/vasi/squashfuse/pull/70.patch @@ -85,7 +88,8 @@ %patch -P 10 -p1 %endif %setup -q -n %{name}-%{version} -cp %{S:1} %{S:2} %{S:3} . +%patch1 -p 1 +cp %{S:1} %{S:2} %{S:3} %{S:4} %{S:5} . %build %if "%{?squashfuse_version}" != "" ++ README.SUSE ++ --- /var/tmp/diff_new_pack.EYqwC5/_old 2023-03-08 14:54:19.507248639 +0100 +++ /var/tmp/diff_new_pack.EYqwC5/_new 2023-03-08 14:54:19.511248661 +0100 @@ -6,20 +6,22 @@ 1. Create a bootdef file (for instance 'sle.def'), add BootStrap: zypper -2. Set the OS version: +2. Set the optional OS version: OSVersion: 15.0 The version number corresponds to the Leap version or the SLE version and service pack level: . Example: SLE-12 SP4 would be 12.4. The inital release of a major version corresponds to 0. -3. For openSUSE the following additional variables need to be +3. For openSUSE the following variables need to be specified: - * MirrorURL: URL to the installation repository. -Check 'man 8 zypper' for supported formats + * MirrorURL: URL to the installation repository. Following URL + should be work: + http://download.opensuse.org/distribution/openSUSE-stable/repo/oss * UpdateURL: (optional) URI of the update repository -4. For SLE, all required settings are obtained from SCC. - The following variables are recognized: +4. For SLE, all required settings are obtained from SCC via + suseconnect-container. If the container should be registered separately + the following variables are recognized: * Product: The product code: The following forms may be used: @@ -51,8 +53,8 @@ Examples -Example defintions for SLE12-SP5 and SLE15-SP3 are in the same -directory as README.SUSE +Example defintions for openSUSE leap, registration via suseconnect-container, SLE12-SP5 +and SLE15-SP5 are in the same directory as README.SUSE ProductPGP == ++ SLE-12SP5.def ++ --- /var/tmp/diff_new_pack.EYqwC5/_old 2023-03-08 14:54:19.531248771 +0100 +++ /var/tmp/diff_new_pack.EYqwC5/_new 2023-03-08 14:54:19.535248792 +0100 @@ -36,18 +36,6 @@ %post ln -s /etc/products.d/SLE-HPC.prod /etc/products.d/baseproduct -SUSEConnect -p PackageHub/12.5/x86_64 -zypper install -y bash coreutils e2fsprogs \ -ethtool filesystem findutils gawk grep \ -iputils iproute2 net-tools nfs-client pam psmisc rsync sed \ -rsyslog util-linux words wicked tar less \ -gzip which util-linux \ -pciutils vim strace sudo syslinux tcpdump timezone chrony cpio \ -wget openssh -# up to here, its a base container, line below can be used -# used for warewulf -zypper install -y ipmitool kernel-default - -systemctl enable sshd - +echo "Hello from post boot strap" +zypper install -y vim ++ SLE-15SP3.def -> SLE-15SP5.def ++ ---
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-02-16 16:56:15 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.22824 (New) Package is "apptainer" Thu Feb 16 16:56:15 2023 rev:14 rq:1065997 version:1.1.6 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2023-01-12 22:45:24.745241890 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.22824/apptainer.changes 2023-02-16 16:56:31.154860669 +0100 @@ -1,0 +2,30 @@ +Wed Feb 15 09:01:08 UTC 2023 - Christian Goll + +- update to 1.1.6 with following changes: + + * Included a fix for CVE-2022-23538 which potentially leaked user credentials +to a third-party S3 storage service when using the library:// protocol. See +the https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7 +for details. + * Make PS1 environment variable changeable via %environment section on +definition file that used to be only changeable via APPTAINERENV_PS1 +outside of container. This makes the container's prompt customizable. + * Fix the passing of nested bind mounts when there are multiple binds +separated by commas and some of them have colons separating sources and +destinations. + * Hide messages about SINGULARITY variables if corresponding APPTAINER +variables are defined. Fixes a regression introduced in 1.1.4. + * Print a warning if extra arguments are given to a shell action, and show in +the run action usage that arguments may be passed. + * Check for the existence of the runtime executable prefix, to avoid issues +when running under Slurm's srun. If it doesn't exist, fall back to the +compile-time prefix. + * Increase the timeout on image driver (that is, FUSE) mounts from 2 seconds +to 10 seconds. Instead, print an INFO message if it takes more than 2 +seconds. + * If a remote is defined both globally (i.e. system-wide) and individually, +change apptainer remote commands to print an info message instead of +exiting with a fatal error and to give precedence to the individual +configuration. + +--- Old: apptainer-1.1.5.tar.gz New: apptainer-1.1.6.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.EAeLfc/_old 2023-02-16 16:56:32.670866728 +0100 +++ /var/tmp/diff_new_pack.EAeLfc/_new 2023-02-16 16:56:32.674866745 +0100 @@ -25,7 +25,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.1.5 +Version:1.1.6 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.1.5.tar.gz -> apptainer-1.1.6.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.5/CHANGELOG.md new/apptainer-1.1.6/CHANGELOG.md --- old/apptainer-1.1.5/CHANGELOG.md2023-01-10 13:19:27.0 +0100 +++ new/apptainer-1.1.6/CHANGELOG.md2023-02-14 18:57:18.0 +0100 @@ -5,6 +5,44 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.1.6 - \[2023-02-14\] + +### Security fix + +- Included a fix for [CVE-2022-23538](https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7) + which potentially leaked user credentials to a third-party S3 storage + service when using the `library://` protocol. See the link for details. + +### Other changes + +- Restored the ability for running instances to be tracked when apptainer + is installed with tools/install-unprivileged.sh. Instance tracking + depends on argument 0 of the starter, which was not getting preserved. +- Fix `GOCACHE` environment variable settings when building debian source + package on PPA build environment. +- Make `PS1` environment variable changeable via `%environment` section on + definition file that used to be only changeable via `APPTAINERENV_PS1` + outside of container. This makes the container's prompt customizable. +- Fix the passing of nested bind mounts when there are multiple binds + separated by commas and some of them have colons separating sources + and destinations. +- Added `Provides: bundled(golang())` statements to the rpm packaging + for each bundled golang module. +- Hide messages about SINGULARITY variables if corresponding APPTAINER + variables are defined. Fixes a regression introduced in 1.1.4. +- Print a
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2023-01-12 22:45:13 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.32243 (New) Package is "apptainer" Thu Jan 12 22:45:13 2023 rev:13 rq:1058009 version:1.1.5 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-12-21 16:07:28.846826362 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.32243/apptainer.changes 2023-01-12 22:45:24.745241890 +0100 @@ -1,0 +2,15 @@ +Wed Jan 11 10:25:45 UTC 2023 - Christian Goll + +- Update to 1.1.5 with following changes: + * Fix the use of fakeroot, faked, and libfakeroot.so if they are not suffixed +by -sysv, as is for instance the case on Gentoo Linux. + * Prevent the use of a --libexecdir or --bindir mconfig option from making +apptainer think it was relocated and so preventing use of suid mode. The +bug was introduced in v1.1.4. + * Add helpful error message for build --remote option. + * Add more helpful error message when no library endpoint found. + * Avoid cleanup errors on exit when mountpoints are busy by doing a lazy +unmount if a regular unmount doesn't work after 10 tries. + * Make messages about using SINGULARITY variables less scary. + +--- Old: apptainer-1.1.4.tar.gz New: apptainer-1.1.5.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.84Qgdx/_old 2023-01-12 22:45:26.121249614 +0100 +++ /var/tmp/diff_new_pack.84Qgdx/_new 2023-01-12 22:45:26.133249681 +0100 @@ -1,7 +1,7 @@ # # spec file for package apptainer # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.1.4 +Version:1.1.5 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.1.4.tar.gz -> apptainer-1.1.5.tar.gz ++ 3567 lines of diff (skipped)
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-12-21 16:07:27 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1835 (New) Package is "apptainer" Wed Dec 21 16:07:27 2022 rev:12 rq:1044084 version:1.1.4 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-12-20 20:21:58.226365991 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1835/apptainer.changes 2022-12-21 16:07:28.846826362 +0100 @@ -1,0 +2,6 @@ +Wed Dec 21 13:17:54 UTC 2022 - Christian Goll + +- moved run dir from /var/lib/apptainer to /var/apptainer to be closer + to upstream + +--- Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.ypLtHd/_old 2022-12-21 16:07:29.490829836 +0100 +++ /var/tmp/diff_new_pack.ypLtHd/_new 2022-12-21 16:07:29.494829857 +0100 @@ -112,7 +112,7 @@ --includedir=%{_includedir} \ --libdir=%{_libdir} \ --libexecdir=%{_libexecdir} \ ---localstatedir=%{_localstatedir}/lib \ +--localstatedir=%{_localstatedir} \ --sharedstatedir=%{_sharedstatedir} \ --mandir=%{_mandir} \ --infodir=%{_infodir} \ @@ -168,9 +168,9 @@ %config(noreplace) %{_sysconfdir}/apptainer/rocmliblist.conf %config(noreplace) %{_sysconfdir}/apptainer/dmtcp-conf.yaml %{_datadir}/bash-completion/completions/* -%dir %{_localstatedir}/lib/apptainer -%dir %{_localstatedir}/lib/apptainer/mnt -%dir %{_localstatedir}/lib/apptainer/mnt/session +%dir %{_localstatedir}/apptainer +%dir %{_localstatedir}/apptainer/mnt +%dir %{_localstatedir}/apptainer/mnt/session %{_mandir}/man1/* %changelog
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-12-20 20:21:17 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1835 (New) Package is "apptainer" Tue Dec 20 20:21:17 2022 rev:11 rq:1043931 version:1.1.4 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-10-28 19:32:19.947474458 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1835/apptainer.changes 2022-12-20 20:21:58.226365991 +0100 @@ -1,0 +2,43 @@ +Tue Dec 20 14:14:43 UTC 2022 - Christian Goll + +- Update to 1.1.4 with following changes: + * Make the binaries built in the unprivileged apptainer package relocatable. +When moving the binaries to a new location, the /usr at the top of some of +the paths needs to be removed. Relocation is disallowed when the +starter-suid is present, for security reasons. + * Change the warning when an overlay image is not writable, introduced in +v1.1.3, back into a (more informative) fatal error because it doesn't +actually enter the container environment. + * Set the --net flag if --network or --network-args is set rather than +silently ignoring them if --net was not set. + * Do not hang on pull from http(s) source that doesn't provide a content-length. + * Avoid hang on fakeroot cleanup under high load seen on some distributions / kernels. + * Remove obsolete pacstrap -d in Arch packer. + * Adjust warning message for deprecated environment variables usage. + * Enable the --security uid:N and --security gid:N options to work when run +in non-suid mode. In non-suid mode they work with any user, not just root. +Unlike with root and suid mode, however, only one gid may be set in +non-suid mode. +- Changes from 1.1.3 + * Prefer the fakeroot-sysv command over the fakeroot command because the +latter can be linked to either fakeroot-sysv or fakeroot-tcp, but +fakeroot-sysv is much faster. + * Update the included squashfuse_ll to have -o uid=N and -o gid=N options and +changed the corresponding image driver to use them when available. This +makes files inside sif files appear to be owned by the user instead of by +the nobody id 65534 when running in non-setuid mode. + * Fix the locating of shared libraries when running unsquashfs from a non-standard location. + * Properly clean up temporary files if unsquashfs fails. + * Fix the creation of missing bind points when using image binding with underlay. + * Change the error when an overlay image is not writable into a warning that +suggests adding :ro to make it read only or using --fakeroot. + * Avoid permission denied errors during unprivileged builds without +/etc/subuid-based fakeroot when /var/lib/containers/sigstore is readable +only by root. + * Avoid failures with --writable-tmpfs in non-setuid mode when using +fuse-overlayfs versions 1.8 or greater by adding the fuse-overlayfs noacl +mount option to disable support for POSIX Access Control Lists. + * Fix the --rocm flag in combination with -c / -C by forwarding all +/dri/render* devices into the container. + +--- Old: apptainer-1.1.2.tar.gz New: apptainer-1.1.4.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.SowAKO/_old 2022-12-20 20:21:58.818369235 +0100 +++ /var/tmp/diff_new_pack.SowAKO/_new 2022-12-20 20:21:58.822369257 +0100 @@ -25,7 +25,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.1.2 +Version:1.1.4 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.1.2.tar.gz -> apptainer-1.1.4.tar.gz ++ 2935 lines of diff (skipped)
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-10-28 19:31:39 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.2275 (New) Package is "apptainer" Fri Oct 28 19:31:39 2022 rev:10 rq:1031911 version:1.1.2 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-10-11 18:05:47.666108534 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.2275/apptainer.changes 2022-10-28 19:32:19.947474458 +0200 @@ -1,0 +2,7 @@ +Fri Oct 28 08:54:51 UTC 2022 - Egbert Eich + +- Add Provides: and Obsoletes: to attempt to mark this as a possible + replacement for the original singularity package which has been + discontinued. + +--- Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.SM36hf/_old 2022-10-28 19:32:20.583477647 +0200 +++ /var/tmp/diff_new_pack.SM36hf/_new 2022-10-28 19:32:20.587477667 +0200 @@ -29,6 +29,8 @@ Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org +Provides: singularity +Obsoletes: singularity <= 3.8.5 Source0: https://github.com/apptainer/apptainer/archive/v%{version}%{?vers_suffix}/apptainer-%{version}%{?vers_suffix}.tar.gz Source1:README.SUSE Source2:SLE-12SP5.def
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-10-11 18:03:20 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.2275 (New) Package is "apptainer" Tue Oct 11 18:03:20 2022 rev:9 rq:1009744 version:1.1.2 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-10-08 01:26:15.478371807 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.2275/apptainer.changes 2022-10-11 18:05:47.666108534 +0200 @@ -1,0 +2,5 @@ +Tue Oct 11 08:19:01 UTC 2022 - Christian Goll + +- previous versions did not build squashfuse_ll, fixed this + +--- Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.cN9Wxg/_old 2022-10-11 18:05:48.202109400 +0200 +++ /var/tmp/diff_new_pack.cN9Wxg/_new 2022-10-11 18:05:48.206109407 +0200 @@ -61,6 +61,7 @@ BuildRequires: zlib-devel %endif Requires: squashfs +Recommends: fuse2fs PreReq: permissions # there's no golang for ppc64, ppc64le does not have non pie builds @@ -81,13 +82,18 @@ %setup -b 10 -n squashfuse-%{squashfuse_version} %patch -P 10 -p1 %endif -%setup -q -n gopath/%{apptainerpath} -c +%setup -q -n %{name}-%{version} cp %{S:1} %{S:2} %{S:3} . -mv %{name}-%{version}%{?vers_suffix} %{name} -cd %{_builddir}/gopath/%{apptainerpath}/apptainer %build -cd %{name} +%if "%{?squashfuse_version}" != "" +pushd ../squashfuse-%{squashfuse_version} +./autogen.sh +FLAGS=-std=c99 ./configure --enable-multithreading +%make_build squashfuse_ll +popd +%endif + # create VERSION file echo %version > VERSION # Not all of these parameters currently have an effect, but they might be @@ -109,50 +115,42 @@ --mandir=%{_mandir} \ --infodir=%{_infodir} \ --without-suid -cd builddir -make V="" old_config= + +%make_build -C builddir V="" %install export GOPATH=$PWD/gopath export GOFLAGS=-mod=vendor export PATH=$GOPATH/bin:$PATH -cd %{name}/builddir -make DESTDIR=$RPM_BUILD_ROOT install -cd ../.. +%make_install -C builddir V= + +%if "%{?squashfuse_version}" != "" +install -m 755 ../squashfuse-%{squashfuse_version}/squashfuse_ll %{buildroot}%{_libexecdir}/%{name}/bin/squashfuse_ll +%endif + %fdupes apptainer/examples -mkdir -p .tmp -for j in LICENSE.md LICENSE; do -for i in `find . -name $j`; do - k="`basename ${i/%\/$j/-$j}`" - if ! [[ $k =~ apptainer-.* ]]; then - cp $i .tmp/$k - fi -done -done - -%fdupes -s .tmp/ -mv .tmp/* . -rmdir .tmp %fdupes -s %buildroot %files -%doc apptainer/examples -%doc apptainer/CONTRIBUTING.md -%doc apptainer/README.md -%doc apptainer/CHANGELOG.md -%doc apptainer/CONTRIBUTORS.md +%doc examples +%doc CONTRIBUTING.md +%doc README.md +%doc CHANGELOG.md +%doc CONTRIBUTORS.md %doc %{basename:%{S:1}} %doc %{basename:%{S:2}} %doc %{basename:%{S:3}} -%license apptainer/LICENSE.md -%license *-LICENSE.md *-LICENSE +%license LICENSE.md +%license LICENSE_THIRD_PARTY.md +%license LICENSE_DEPENDENCIES.md %{_bindir}/* %dir %{_libexecdir}/apptainer %dir %{_libexecdir}/apptainer/bin %dir %{_libexecdir}/apptainer/cni %dir %{_libexecdir}/apptainer/lib %{_libexecdir}/apptainer/bin/starter +%{_libexecdir}/apptainer/bin/squashfuse_ll %{_libexecdir}/apptainer/lib/offsetpreload.so %{_libexecdir}/apptainer/cni/* %dir %{_sysconfdir}/apptainer
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-10-08 01:25:47 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.2275 (New) Package is "apptainer" Sat Oct 8 01:25:47 2022 rev:8 rq:1008781 version:1.1.2 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-09-29 18:13:05.843224806 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.2275/apptainer.changes 2022-10-08 01:26:15.478371807 +0200 @@ -1,0 +2,10 @@ +Fri Oct 7 12:42:57 UTC 2022 - Christian Goll + +- Udpated to 1.1.2 which fixed CVE-2022-39237 + * CVE-2022-39237: The sif dependency included in Apptainer before this +release does not verify that the hash algorithm(s) used are +cryptographically secure when verifying digital signatures. This release +updates to sif v2.8.1 which corrects this issue. See the linked advisory +for references and a workaround. + +--- Old: apptainer-1.1.0.tar.gz New: apptainer-1.1.2.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.fT7391/_old 2022-10-08 01:26:17.838377219 +0200 +++ /var/tmp/diff_new_pack.fT7391/_new 2022-10-08 01:26:17.842377228 +0200 @@ -25,7 +25,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.1.0 +Version:1.1.2 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.1.0.tar.gz -> apptainer-1.1.2.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.0/CHANGELOG.md new/apptainer-1.1.2/CHANGELOG.md --- old/apptainer-1.1.0/CHANGELOG.md2022-09-27 16:55:22.0 +0200 +++ new/apptainer-1.1.2/CHANGELOG.md2022-10-06 21:51:39.0 +0200 @@ -5,6 +5,19 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.1.2 - \[2022-10-06\] + +- [CVE-2022-39237](https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8): + The sif dependency included in Apptainer before this release does not + verify that the hash algorithm(s) used are cryptographically secure + when verifying digital signatures. This release updates to sif v2.8.1 + which corrects this issue. See the linked advisory for references and + a workaround. + +## v1.1.1 - \[2022-10-06\] + +Accidentally included no code changes. + ## v1.1.0 - \[2022-09-27\] ### Changed defaults / behaviours @@ -40,8 +53,6 @@ Persistent overlay works when the overlay path points to a regular filesystem (known as "sandbox" mode, which is not allowed when in setuid mode), or when it points to an EXT3 image. - Does not work with a SIF partition because that requires privileges to - mount as an ext3 image. - Extended the `--fakeroot` option to be useful when `/etc/subuid` and `/etc/subgid` mappings have not been set up. If they have not been set up, a root-mapped unprivileged user namespace diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.0/INSTALL.md new/apptainer-1.1.2/INSTALL.md --- old/apptainer-1.1.0/INSTALL.md 2022-09-27 16:55:22.0 +0200 +++ new/apptainer-1.1.2/INSTALL.md 2022-10-06 21:51:39.0 +0200 @@ -136,7 +136,7 @@ for example: ```sh -git checkout v1.1.0 +git checkout v1.1.2 ``` ## Compiling Apptainer @@ -250,7 +250,7 @@ ```sh -VERSION=1.1.0 # this is the apptainer version, change as you need +VERSION=1.1.2 # this is the apptainer version, change as you need # Fetch the source wget https://github.com/apptainer/apptainer/releases/download/v${VERSION}/apptainer-${VERSION}.tar.gz ``` @@ -299,7 +299,7 @@ ```sh -VERSION=1.1.0 # this is the latest apptainer version, change as you need +VERSION=1.1.2 # this is the latest apptainer version, change as you need ./mconfig make -C builddir rpm sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/apptainer-$(echo $VERSION|tr - \~)*.x86_64.rpm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.0/LICENSE_DEPENDENCIES.md new/apptainer-1.1.2/LICENSE_DEPENDENCIES.md --- old/apptainer-1.1.0/LICENSE_DEPENDENCIES.md 2022-09-27 16:55:22.0 +0200 +++ new/apptainer-1.1.2/LICENSE_DEPENDENCIES.md 2022-10-06 21:51:39.0 +0200 @@ -383,6 +383,12 @@ **License URL:**
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-09-29 18:12:50 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.2275 (New) Package is "apptainer" Thu Sep 29 18:12:50 2022 rev:7 rq:1006656 version:1.1.0 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-09-14 13:45:31.741976865 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.2275/apptainer.changes 2022-09-29 18:13:05.843224806 +0200 @@ -1,0 +2,5 @@ +Wed Sep 28 09:07:18 UTC 2022 - Christian Goll + +- updated to version 1.1.0 without changes to rc3 + +--- Old: apptainer-1.1.0-rc.3.tar.gz New: apptainer-1.1.0.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.CLVUaT/_old 2022-09-29 18:13:07.071227206 +0200 +++ /var/tmp/diff_new_pack.CLVUaT/_new 2022-09-29 18:13:07.071227206 +0200 @@ -19,7 +19,6 @@ %define apptainerpath src/github.com/apptainer/ %define _buildshell /bin/bash -%define vers_suffix -rc.3 %global squashfuse_version 0.1.105 Summary:Application and environment virtualization ++ apptainer-1.1.0-rc.3.tar.gz -> apptainer-1.1.0.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.0-rc.3/CHANGELOG.md new/apptainer-1.1.0/CHANGELOG.md --- old/apptainer-1.1.0-rc.3/CHANGELOG.md 2022-09-06 18:29:25.0 +0200 +++ new/apptainer-1.1.0/CHANGELOG.md2022-09-27 16:55:22.0 +0200 @@ -5,90 +5,7 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). -## v1.1.0-rc.3 - \[2022-09-06\] - -- Imply adding `${prefix}/libexec/apptainer/bin` to the `binary path` in - `apptainer.conf`, which is used for searching for helper executables. - It is implied as the first directory of `$PATH` if present (which is at - the beginning of `binary path` by default) or just as the first directory - if `$PATH` is not included in `binary path`. -- Change squash mounts to prefer to use `squashfuse_ll` instead of - `squashfuse`, if available, for improved performance. - `squashfuse_ll` is available on RHEL-based systems but not Debian as - part of the `squashfuse` package. - Also, for even better parallel performance, include a patched multithreaded - version of `squashfuse_ll` in rpm and debian packaging in - `${prefix}/libexec/apptainer/bin`. -- Add `--unsquash` action flag to temporarily convert a SIF file to a - sandbox before running. In previous versions this was the default when - running a SIF file without setuid or with fakeroot, but now the default - is to instead mount with squashfuse. -- Add `--sparse` flag to `overlay create` command to allow generation of a - sparse ext3 overlay image. -- Support for a custom hashbang in the `%test` section of an Apptainer recipe - (akin to the runscript and start sections). -- When using fakeroot in setuid mode, have the image drivers first enter the - the container's user namespace to avoid write errors with overlays. -- Skip trying to use kernel overlayfs when using writable overlay and the - lower layer is FUSE, because of a kernel bug introduced in kernel 5.15. -- Add additional hidden options to the action command for testing different fakeroot - modes with `--fakeroot`: `--ignore-subuid`, `--ignore-fakeroot-command`, - and `--ignore-userns`. -- Fix github release rpm to be installable on EL8 & EL9 by not requiring - the fuse2fs package which doesn't exist there. Instead, on EL7 cause an - install failure if /usr/*bin/fuse2fs is not installed with a message - explaining how to fix it. The EPEL build won't have this issue; there - EPEL7 will require the fuse2fs package. -- Fix ORAS image push to registries with authorization servers not supporting - multiple scope query parameter. - -## v1.1.0-rc.2 - \[2022-08-16\] - -### Changed defaults / behaviours - -- Fixed longstanding bug in the underlay logic when there are nested bind - points separated by more than one path level, for example `/var` and - `/var/lib/yum`, and the path didn't exist in the container image. - The bug only caused an error when there was a directory in the container - image that didn't exist on the host. -- Improved wildcard matching in the %files directive of build definition - files by replacing usage of sh with the mvdan.cc library. -- Replaced checks for compatible filesystem types when using fuse-overlayfs - with an INFO message when an incompatible filesystem
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-09-14 13:45:18 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.2083 (New) Package is "apptainer" Wed Sep 14 13:45:18 2022 rev:6 rq:1003477 version:1.1.0 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-08-19 17:59:19.980459320 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.2083/apptainer.changes 2022-09-14 13:45:31.741976865 +0200 @@ -1,0 +2,33 @@ +Fri Sep 9 08:50:33 UTC 2022 - Christian Goll + +- Updated to version 1.1.0-rc3 with following changes: + * added squashfuse-0.1.105.tar.gz and 70.patch for the build of squashfuse_ll +which will be removed as soon as the multithread patch is incoperated + * Change squash mounts to prefer to use squashfuse_ll instead of squashfuse, +if available, for improved performance. squashfuse_ll is not available +in factory. + * Also, for even better parallel performance, include a patched +multithreaded version of squashfuse_ll in + * Imply adding ${prefix}/libexec/apptainer/bin to the binary path in +apptainer.conf, which is used for searching for helper executables. It is +implied as the first directory of $PATH if present (which is at the +beginning of binary path by default) or just as the first directory if +$PATH is not included in binary path. +${prefix}/libexec/apptainer/bin. + * Add --unsquash action flag to temporarily convert a SIF file to a sandbox +before running. In previous versions this was the default when running a +SIF file without setuid or with fakeroot, but now the default is to instead +mount with squashfuse. + * Add --sparse flag to overlay create command to allow generation of a sparse +ext3 overlay image. + * Support for a custom hashbang in the %test section of an Apptainer recipe +(akin to the runscript and start sections). + * When using fakeroot in setuid mode, have the image drivers first enter the +the container's user namespace to avoid write errors with overlays. + * Skip trying to use kernel overlayfs when using writable overlay and the +lower layer is FUSE, because of a kernel bug introduced in kernel 5.15. + * Add additional hidden options to the action command for testing different +fakeroot modes with --fakeroot: --ignore-subuid, --ignore-fakeroot-command, +and --ignore-userns. + +--- @@ -4 +37 @@ -- Udpated to version 1.1.0-rc2 with following changes: +- Updated to version 1.1.0-rc2 with following changes: Old: apptainer-1.1.0-rc.2.tar.gz New: 70.patch apptainer-1.1.0-rc.3.tar.gz squashfuse-0.1.105.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.WnMpSw/_old 2022-09-14 13:45:32.573978960 +0200 +++ /var/tmp/diff_new_pack.WnMpSw/_new 2022-09-14 13:45:32.581978980 +0200 @@ -19,7 +19,8 @@ %define apptainerpath src/github.com/apptainer/ %define _buildshell /bin/bash -%define vers_suffix -rc.2 +%define vers_suffix -rc.3 +%global squashfuse_version 0.1.105 Summary:Application and environment virtualization License:BSD-3-Clause-LBNL @@ -34,7 +35,11 @@ Source2:SLE-12SP5.def Source3:SLE-15SP3.def Source5:%{name}-rpmlintrc -Source10: vendor.tar.gz +Source9:vendor.tar.gz +%if "%{?squashfuse_version}" != "" +Source10: https://github.com/vasi/squashfuse/archive/%{squashfuse_version}/squashfuse-%{squashfuse_version}.tar.gz +Patch10:https://github.com/vasi/squashfuse/pull/70.patch +%endif BuildRequires: cryptsetup BuildRequires: fdupes BuildRequires: gcc @@ -48,6 +53,14 @@ BuildRequires: binutils-gold %endif BuildRequires: libseccomp-devel +%if "%{?squashfuse_version}" != "" +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: fuse3-devel +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: zlib-devel +%endif Requires: squashfs PreReq: permissions @@ -63,6 +76,12 @@ containers that can be used across host environments. %prep +%if "%{?squashfuse_version}" != "" +# the default directory for other steps is where the %prep section ends +# so do main package last +%setup -b 10 -n squashfuse-%{squashfuse_version} +%patch -P 10 -p1 +%endif %setup -q -n gopath/%{apptainerpath} -c cp %{S:1} %{S:2} %{S:3} . mv %{name}-%{version}%{?vers_suffix} %{name} @@ -74,7 +93,7 @@ echo %version > VERSION # Not all of these parameters currently have an effect, but they might be # used someday. They are the same parameters as in the
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-08-19 17:56:44 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.2083 (New) Package is "apptainer" Fri Aug 19 17:56:44 2022 rev:5 rq:998138 version:1.1.0 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-08-05 19:51:54.573596430 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.2083/apptainer.changes 2022-08-19 17:59:19.980459320 +0200 @@ -1,0 +2,38 @@ +Fri Aug 19 10:07:20 UTC 2022 - Christian Goll + +- Udpated to version 1.1.0-rc2 with following changes: + * Fixed longstanding bug in the underlay logic when there are nested bind +points separated by more than one path level, for example /var and +/var/lib/yum, and the path didn't exist in the container image. The bug +only caused an error when there was a directory in the container image that +didn't exist on the host. + * Improved wildcard matching in the %files directive of build definition +files by replacing usage of sh with the mvdan.cc library. + * Replaced checks for compatible filesystem types when using fuse-overlayfs +with an INFO message when an incompatible filesystem type causes it to be +unwritable by a fakeroot user. + * The --nvccli option now works without --fakeroot. In that case the option +can be used with --writable-tmpfs instead of --writable, and +--writable-tmpfs is implied if neither option is given. Note that also +/usr/bin has to be writable by the user, so without --fakeroot that +probably requires a sandbox image that was built with --fix-perms. + * The --nvccli option implies --nv. + * Configure squashfuse to always show files to be owned by the current user. +That's especially important for fakeroot to prevent most of the files from +looking like they are owned by user 65534. + * The fakeroot command can now be used even if $PATH is empty in the +environment of the apptainer command. + * Allow the newuidmap command to be missing if the current user is not listed +in /etc/subuid. + * Require the uidmap package in Debian packaging. + * Improved error handling of unsupported pass protected PEM files with +encrypted containers. + * Ensure bootstrap_history directory is populated with previous definition +files, present in source containers used in a build. + * Add additional options to the build command for testing different fakeroot +modes: --userns like the action flag and hidden options --ignore-subuid, +--ignore-fakeroot-command, and --ignore-userns. + * Require root user early when building an encrypted container. +- removed upstream incorated patch fix-32bit-compilation.patch + +--- Old: apptainer-1.1.0-rc.1.tar.gz fix-32bit-compilation.patch New: apptainer-1.1.0-rc.2.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.8D1ROq/_old 2022-08-19 17:59:20.612460645 +0200 +++ /var/tmp/diff_new_pack.8D1ROq/_new 2022-08-19 17:59:20.616460653 +0200 @@ -19,7 +19,7 @@ %define apptainerpath src/github.com/apptainer/ %define _buildshell /bin/bash -%define vers_suffix -rc.1 +%define vers_suffix -rc.2 Summary:Application and environment virtualization License:BSD-3-Clause-LBNL @@ -35,7 +35,6 @@ Source3:SLE-15SP3.def Source5:%{name}-rpmlintrc Source10: vendor.tar.gz -Patch1: fix-32bit-compilation.patch BuildRequires: cryptsetup BuildRequires: fdupes BuildRequires: gcc @@ -68,7 +67,6 @@ cp %{S:1} %{S:2} %{S:3} . mv %{name}-%{version}%{?vers_suffix} %{name} cd %{_builddir}/gopath/%{apptainerpath}/apptainer -%patch1 -p1 %build cd %{name} ++ apptainer-1.1.0-rc.1.tar.gz -> apptainer-1.1.0-rc.2.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.1.0-rc.1/.github/workflows/ci.yml new/apptainer-1.1.0-rc.2/.github/workflows/ci.yml --- old/apptainer-1.1.0-rc.1/.github/workflows/ci.yml 2022-08-01 23:52:07.0 +0200 +++ new/apptainer-1.1.0-rc.2/.github/workflows/ci.yml 2022-08-17 13:47:34.0 +0200 @@ -169,7 +169,7 @@ go-version: 1.18.4 - name: Fetch deps -run: sudo apt-get -q update && sudo apt-get install -y build-essential squashfs-tools squashfuse fuse-overlayfs fakeroot libseccomp-dev cryptsetup +run: sudo apt-get -q update && sudo apt-get install -y build-essential squashfs-tools squashfuse fuse-overlayfs fakeroot fuse2fs libseccomp-dev cryptsetup - name:
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-08-05 19:50:55 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1521 (New) Package is "apptainer" Fri Aug 5 19:50:55 2022 rev:4 rq:993259 version:1.1.0 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-07-11 19:11:11.079764334 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1521/apptainer.changes 2022-08-05 19:51:54.573596430 +0200 @@ -1,0 +2,136 @@ +Thu Aug 4 12:31:33 UTC 2022 - Christian Goll + +- Updated to version 1.1.0-rc1 which enables apptainer to run without + suid and additional groups. Although this is a prerelease this is + a major advantage justifying its use. + * Added a squashfuse image driver that enables mounting SIF files without +using setuid-root. Requires the squashfuse command and unprivileged user +namespaces. + * Added a fuse2fs image driver that enables mounting EXT3 files and EXT3 SIF +overlay partitions without using setuid-root. Requires the fuse2fs command +and unprivileged user namespaces. + * Added the ability to use persistent overlay (--overlay) and +--writable-tmpfs without using setuid-root. This requires unprivileged user +namespaces and either a new enough kernel (>= 5.11) or the fuse-overlayfs +command. Persistent overlay works when the overlay path points to a regular +filesystem (known as "sandbox" mode, which is not allowed when in setuid +mode), or when it points to an EXT3 image. Does not work with a SIF +partition because that requires privileges to mount as an ext3 image. + * Extended the --fakeroot option to be useful when /etc/subuid and +/etc/subgid mappings have not been set up. If they have not been set up, a +root-mapped unprivileged user namespace (the equivalent of unshare -r) +and/or the fakeroot command from the host will be tried. Together they +emulate the mappings pretty well but they are simpler to administer. This +feature is especially useful with the --overlay and --writable-tmpfs +options and for building containers unprivileged, because they allow +installing packages that assume they're running as root. A limitation on +using it with --overlay and --writable-tmpfs however is that when only the +fakeroot command can be used (because there are no user namespaces +available, in suid mode) then the base image has to be a sandbox. This +feature works nested inside of an apptainer container, where another +apptainer command will also be in the fakeroot environment without +requesting the --fakeroot option again, or it can be used inside an +apptainer container that was not started with --fakeroot. However, the +fakeroot command uses LD_PRELOAD and so needs to be bound into the +container which requires a compatible libc. For that reason it doesn't work +when the host and container operating systems are of very different +vintages. If that's a problem and you want to use only an unprivileged +root-mapped namespace even when the fakeroot command is installed, just run +apptainer with unshare -r. + * Made the --fakeroot option be implied when an unprivileged user builds a +container from a definition file. When /etc/subuid and /etc/subgid mappings +are not available, all scriptlets are run in a root-mapped unprivileged +namespace (when possible) and the %post scriptlet is additionally run with +the fakeroot command. When unprivileged user namespaces are not available, +such that only the fakeroot command can be used, the --fix-perms option is +implied to allow writing into directories. + * Added a --fakeroot option to the apptainer overlay create command to make +an overlay EXT3 image file that works with the fakeroot that comes from +unprivileged root-mapped namespaces. This is not needed with the fakeroot +that comes with /etc/sub[ug]id mappings nor with the fakeroot that comes +with only the fakeroot command in suid flow. + * $HOME is now used to find the user's configuration and cache by default. If +that is not set it will fall back to the previous behavior of looking up +the home directory in the password file. The value of $HOME inside the +container still defaults to the home directory in the password file and can +still be overridden by the --home option. + * When starting a container, if the user has specified the cwd by using the +--pwd flag, if there is a problem an error is returned instead of +defaulting to a different directory. + * Nesting of bind mounts now works even when a --bind option specified a +different source and destination with a
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-07-11 19:09:49 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1523 (New) Package is "apptainer" Mon Jul 11 19:09:49 2022 rev:3 rq:988330 version:1.0.3 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-05-19 22:49:18.578334092 +0200 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1523/apptainer.changes 2022-07-11 19:11:11.079764334 +0200 @@ -1,0 +2,11 @@ +Mon Jul 11 09:38:45 UTC 2022 - Christian Goll + +- Update to version 1.0.3: + * Process redirects that can come from sregistry with a library:// URL. + * Fix inspect --deffile and inspect --all to correctly show definition files +in sandbox container images instead of empty output. This has a side effect +of also fixing the storing of definition files in the metadata of sif files +built by Apptainer, because that metadata is constructed by doing inspect +--all. + +--- Old: apptainer-1.0.2.tar.gz New: apptainer-1.0.3.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.6OCG86/_old 2022-07-11 19:11:11.591765077 +0200 +++ /var/tmp/diff_new_pack.6OCG86/_new 2022-07-11 19:11:11.595765083 +0200 @@ -25,7 +25,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.0.2 +Version:1.0.3 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.0.2.tar.gz -> apptainer-1.0.3.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.0.2/CHANGELOG.md new/apptainer-1.0.3/CHANGELOG.md --- old/apptainer-1.0.2/CHANGELOG.md2022-05-10 00:10:52.0 +0200 +++ new/apptainer-1.0.3/CHANGELOG.md2022-07-06 16:06:49.0 +0200 @@ -5,6 +5,17 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.0.3 - \[2022-07-06\] + +### Bug fixes + +- Process redirects that can come from sregistry with a `library://` URL. +- Fix `inspect --deffile` and `inspect --all` to correctly show definition + files in sandbox container images instead of empty output. + This has a side effect of also fixing the storing of definition files in + the metadata of sif files built by Apptainer, because that metadata is + constructed by doing `inspect --all`. + ## v1.0.2 - \[2022-05-09\] ### Bug fixes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.0.2/INSTALL.md new/apptainer-1.0.3/INSTALL.md --- old/apptainer-1.0.2/INSTALL.md 2022-05-10 00:10:52.0 +0200 +++ new/apptainer-1.0.3/INSTALL.md 2022-07-06 16:06:49.0 +0200 @@ -131,7 +131,7 @@ for example: ```sh -git checkout v1.0.2 +git checkout v1.0.3 ``` ## Compiling Apptainer @@ -201,7 +201,7 @@ ```sh -VERSION=1.0.2 # this is the apptainer version, change as you need +VERSION=1.0.3 # this is the apptainer version, change as you need # Fetch the source wget https://github.com/apptainer/apptainer/releases/download/v${VERSION}/apptainer-${VERSION}.tar.gz # Build the rpm from the source tar.gz @@ -223,7 +223,7 @@ ```sh -VERSION=1.0.2 # this is the latest apptainer version, change as you need +VERSION=1.0.3 # this is the latest apptainer version, change as you need ./mconfig make -C builddir rpm sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/apptainer-$(echo $VERSION|tr - \~)*.x86_64.rpm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.0.2/cmd/internal/cli/inspect.go new/apptainer-1.0.3/cmd/internal/cli/inspect.go --- old/apptainer-1.0.2/cmd/internal/cli/inspect.go 2022-05-10 00:10:52.0 +0200 +++ new/apptainer-1.0.3/cmd/internal/cli/inspect.go 2022-07-06 16:06:49.0 +0200 @@ -534,7 +534,7 @@ func (c *command) addDefinitionCommand() { deffile, err := inspectDeffilePartition(c.img) if err == errNoSIFMetadata || err == errNoSIF { - c.addSingleFileCommand("Apptainer", "deffile") + c.addSingleFileCommand("Singularity", "deffile") } else if err != nil { sylog.Warningf("Unable to inspect deffile: %s", err) } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.0.2/e2e/inspect/inspect.go
commit apptainer for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apptainer for openSUSE:Factory checked in at 2022-05-19 22:49:09 Comparing /work/SRC/openSUSE:Factory/apptainer (Old) and /work/SRC/openSUSE:Factory/.apptainer.new.1538 (New) Package is "apptainer" Thu May 19 22:49:09 2022 rev:2 rq:977939 version:1.0.2 Changes: --- /work/SRC/openSUSE:Factory/apptainer/apptainer.changes 2022-03-22 19:41:10.915151699 +0100 +++ /work/SRC/openSUSE:Factory/.apptainer.new.1538/apptainer.changes 2022-05-19 22:49:18.578334092 +0200 @@ -1,0 +2,12 @@ +Wed May 18 12:07:59 UTC 2022 - Dominique Leuenberger + +- Update to version 1.0.2: + + Fixed `FATAL` error thrown by user configuration migration code +that caused users with inaccessible home directories to be +unable to use `apptainer` commands. + + Do not truncate environment variables with commas. + + Use HEAD request when checking digest of remote OCI image +sources, with GET as a fall-back. Greatly reduces Apptainer's +impact on Docker Hub API limits. + +--- Old: apptainer-1.0.1.tar.gz New: apptainer-1.0.2.tar.gz Other differences: -- ++ apptainer.spec ++ --- /var/tmp/diff_new_pack.7miejY/_old 2022-05-19 22:49:19.482335250 +0200 +++ /var/tmp/diff_new_pack.7miejY/_new 2022-05-19 22:49:19.486335255 +0200 @@ -25,7 +25,7 @@ License:BSD-3-Clause-LBNL Group: Productivity/Clustering/Computing Name: apptainer -Version:1.0.1 +Version:1.0.2 Release:0 # https://spdx.org/licenses/BSD-3-Clause-LBNL.html URL:https://apptainer.org ++ apptainer-1.0.1.tar.gz -> apptainer-1.0.2.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.0.1/.github/workflows/ci.yml new/apptainer-1.0.2/.github/workflows/ci.yml --- old/apptainer-1.0.1/.github/workflows/ci.yml2022-03-16 13:16:03.0 +0100 +++ new/apptainer-1.0.2/.github/workflows/ci.yml2022-05-10 00:10:52.0 +0200 @@ -50,6 +50,7 @@ - name: Build Apptainer run: | + git config --global --add safe.directory $(pwd) ./mconfig -v -p /usr/local make -C ./builddir all @@ -66,6 +67,7 @@ - name: Build Apptainer run: | + git config --global --add safe.directory $(pwd) ./mconfig -v -p /usr/local make -C ./builddir all diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.0.1/CHANGELOG.md new/apptainer-1.0.2/CHANGELOG.md --- old/apptainer-1.0.1/CHANGELOG.md2022-03-16 13:16:03.0 +0100 +++ new/apptainer-1.0.2/CHANGELOG.md2022-05-10 00:10:52.0 +0200 @@ -5,6 +5,18 @@ and re-branded as Apptainer. For older changes see the [archived Singularity change log](https://github.com/apptainer/singularity/blob/release-3.8/CHANGELOG.md). +## v1.0.2 - \[2022-05-09\] + +### Bug fixes + +- Fixed `FATAL` error thrown by user configuration migration code that caused + users with inaccessible home directories to be unable to use `apptainer` + commands. +- The Debian package now conflicts with the singularity-container package. +- Do not truncate environment variables with commas. +- Use HEAD request when checking digest of remote OCI image sources, with GET as + a fall-back. Greatly reduces Apptainer's impact on Docker Hub API limits. + ## v1.0.1 - \[2022-03-15\] ### Bug fixes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.0.1/CONTRIBUTORS.md new/apptainer-1.0.2/CONTRIBUTORS.md --- old/apptainer-1.0.1/CONTRIBUTORS.md 2022-03-16 13:16:03.0 +0100 +++ new/apptainer-1.0.2/CONTRIBUTORS.md 2022-05-10 00:10:52.0 +0200 @@ -80,7 +80,7 @@ - Tim Wright <7im.wri...@protonmail.com> - Tru Huynh - Tyson Whitehead -- Vanessa Sochat +- Vanessa Sochat - Westley Kurtzer , - Yannick Cote , - Yaroslav Halchenko diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apptainer-1.0.1/INSTALL.md new/apptainer-1.0.2/INSTALL.md --- old/apptainer-1.0.1/INSTALL.md 2022-03-16 13:16:03.0 +0100 +++ new/apptainer-1.0.2/INSTALL.md 2022-05-10 00:10:52.0 +0200 @@ -131,7 +131,7 @@ for example: ```sh -git checkout v1.0.1 +git checkout v1.0.2 ``` ## Compiling Apptainer @@ -201,7 +201,7 @@ ```sh -VERSION=1.0.1 # this is the apptainer version, change as you need +VERSION=1.0.2 # this is the apptainer version, change as you need # Fetch the source wget