Update Info

openSUSE-2020-188


Recommended update for umoci


Type: recommended
Severity: moderate
Issued: 2020-02-08
Description:
This update for umoci fixes the following issues:

- Enable build for s390x on openSUSE

- Update to umoci v0.4.4.

  * Added full-stack verification of blob hashes and descriptors for all
    operations (improving our hardening against bad images).
  * For details, see CHANGELOG.md in the package.

- Update to umoci v0.4.3.

  * Added --no-history to all commands with --history.* flags.
    Should only be used for umoci-config(1).
  * Added `umoci insert --tag` to allow non-destructive modifications.
  * For details, see packaged /usr/share/doc/packages/umoci/CHANGELOG.md.

- Update to umoci v0.4.2.

  * umoci now has an exposed Go API
  * Added `umoci unpack --keep-dirlinks`
  * `umoci insert` now supports whiteouts two ways.
  * For details, see CHANGELOG.md in the package.

- Update to umoci v0.4.1.

  * Support more tags (the valid set of characters in tags has expanded).
  * Add 'umoci insert' and 'umoci raw unpack'.
  * 'umoci unpack' correctly handles out-of-order whiteouts now.
  * 'umoci unpack' and 'umoci repack' make sure of a more optimised gzip
	implementation now -- in some benchmarks 'umoci repack' can have a speedup
	of up to 3x.
  * For details, see CHANGELOG.md in the package.

- Update to umoci v0.4.0. Upstream changelog:

	+ `umoci repack` now supports `--refresh-bundle` which will update the
	  OCI bundle's metadata (mtree and umoci-specific manifests) after packing
	  the image tag. This means that the bundle can be used as a base layer for
	  future diffs without needing to unpack the image again.
	  openSUSE/umoci#196
	+ Added a website, and reworked the documentation to be better structured.
	  You can visit the website at [`umo.ci`][umo.ci]. openSUSE/umoci#188
	+ Added support for the `user.rootlesscontainers` specification, which
	  allows for persistent on-disk emulation of `chown(2)` inside rootless
	  containers. This implementation is interoperable with [@AkihiroSuda's
	  `PRoot` fork][as-proot-fork] (though we do not test its interoperability
	  at the moment) as both tools use [the same protobuf
	  specification][rootlesscontainers-proto]. openSUSE/umoci#227
	+ `umoci unpack` now has support for opaque whiteouts (whiteouts which
	  remove all children of a directory in the lower layer), though `umoci
	  repack` does not currently have support for generating them. While this
	  is technically a spec requirement, through testing we've never
	  encountered an actual user of these whiteouts. openSUSE/umoci#224
	  openSUSE/umoci#229
	+ `umoci unpack` will now use some rootless tricks inside user namespaces
	  for operations that are known to fail (such as `mknod(2)`) while other
	  operations will be carried out as normal (such as `lchown(2)`). It should
	  be noted that the `/proc/self/uid_map` checking we do can be tricked into
	  not detecting user namespaces, but you would need to be trying to break
	  it on purpose. openSUSE/umoci#171 openSUSE/umoci#230
	* Fix a bug in our "parent directory restore" code, which is responsible
	  for ensuring that the mtime and other similar properties of a directory
	  are not modified by extraction inside said directory. The bug would
	  manifest as xattrs not being restored properly in certain edge-cases
	  (which we incidentally hit in a test-case). openSUSE/umoci#161
	  openSUSE/umoci#162
	* `umoci unpack` will now "clean up" the bundle generated if an error
	  occurs during unpacking. Previously this didn't happen, which made
	  cleaning up the responsibility of the caller (which was quite difficult
	  if you were unprivileged). This is a breaking change, but is in the error
	  path so it's not critical. openSUSE/umoci#174 openSUSE/umoci#187
	* `umoci gc` now will no longer remove unknown files and directories that
	  aren't `flock(2)`ed, thus ensuring that any possible OCI image-spec
	  extensions or other users of an image being operated on will no longer
	  break. openSUSE/umoci#198
	* `umoci unpack --rootless` will now correctly handle regular file
	  unpacking when overwriting a file that `umoci` doesn't have write access
	  to. In addition, the semantics of pre-existing hardlinks to a clobbered
	  file are clarified (the hard-links will not refer to the new layer's
	  inode). openSUSE/umoci#222 openSUSE/umoci#223
	[as-proot-fork]: https://github.com/AkihiroSuda/runrootless
	[rootlesscontainers-proto]: https://rootlesscontaine.rs/proto/rootlesscontainers.proto
	[umo.ci]: https://umo.ci/

This update was imported from the SUSE:SLE-15:Update update project.
This update was imported from the openSUSE:Leap:15.1:Update update project.

              

References


No references

Packages


  • umoci-0.4.4-bp151.2.3.1