From 959607314973a8890287b90a86ec147bc4c50fd2 Mon Sep 17 00:00:00 2001 From: Rahil Bhimjiani Date: Wed, 22 May 2024 16:11:43 +0530 Subject: [PATCH] app-containers/skopeo: update to 1.15.1 Addresses CVE-2024-3727 which allows unexpected authenticated registry accesses Bug: https://bugs.gentoo.org/932453 Signed-off-by: Rahil Bhimjiani --- app-containers/skopeo/Manifest | 1 + app-containers/skopeo/skopeo-1.15.1.ebuild | 69 ++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 app-containers/skopeo/skopeo-1.15.1.ebuild diff --git a/app-containers/skopeo/Manifest b/app-containers/skopeo/Manifest index 17b91a05315b3..f66fa103541ae 100644 --- a/app-containers/skopeo/Manifest +++ b/app-containers/skopeo/Manifest @@ -1,3 +1,4 @@ DIST skopeo-1.14.0.tar.gz 10548883 BLAKE2B 6ecf54d236405ce59bedf77acc124fa8b3bb12acefa24a679a1d2d85957ddf585b5a6ba163806b8b7b510485d936adbe1afd6eee8c92b267b948f7d78ac83d05 SHA512 59d329036a97cbeca4de20b15d9dd8adacd5201834b26ae5e5c88b05594b2a7101c22da91f22c35c07a98e41afa28f2c7103e660b3847c7f8c9691f27f4c4146 DIST skopeo-1.14.2.tar.gz 10547979 BLAKE2B bca47d82380ad714397dc8e36e365a3e81fc628b47519b022ecb5edd2a03ce8972c066af350cd1f0b5a3d9d6c1585f0729b32a1a829cfc4eaefc1c7fc9dc2667 SHA512 ffb3c00cdde05f7a916bd3980c9cec1bb82b3f3bf90058bfff1837d3a9902087ac011828e6164baec18210d4aeee1a5258b75405411fd15ea2470a2522a6da73 DIST skopeo-1.15.0.tar.gz 10710505 BLAKE2B b6804561ec96ce7f987ccdaf5a89aa7f5fd0ed2da1307467b4c1857386508d88e3fd28f066f49b136962e232b89594484610fc4f6b494be6a98b64908900865b SHA512 71fb94fd2cf9937bf2dd969c8b1b74f5b66eb2ac2bd9358e8c8983c3fd6548311ca274ed2f8c3f088c3c9d6032962075da1890449dcd25dcfd49882acbfa20de +DIST skopeo-1.15.1.tar.gz 10709125 BLAKE2B aa688197fe0d803b6cb1f4e7c5c998a917e7d588fa41b9e6ede6d60fd1ef12f209e2f119bc29143bf92ae3349c1168e33f79cb36d6c7f5a1a22bcbf3f4e51792 SHA512 686d17da4a84d9029d688cfca08724576564ce2a05aed9380bf55059c244c90cffa3b21c2dbe84b19b746773e98d5f26e5ceaca58f7be26b656125977685c663 diff --git a/app-containers/skopeo/skopeo-1.15.1.ebuild b/app-containers/skopeo/skopeo-1.15.1.ebuild new file mode 100644 index 0000000000000..ab892d6789a89 --- /dev/null +++ b/app-containers/skopeo/skopeo-1.15.1.ebuild @@ -0,0 +1,69 @@ +# Copyright 2023-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module linux-info + +DESCRIPTION="Work with remote container images registries" +HOMEPAGE="https://github.com/containers/skopeo" + +if [[ ${PV} == 9999* ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/containers/skopeo.git" +else + SRC_URI="https://github.com/containers/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm64" +fi + +# main +LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT" +SLOT="0" +IUSE="btrfs device-mapper rootless" + +COMMON_DEPEND=" + >=app-crypt/gpgme-1.5.5:= + >=dev-libs/libassuan-2.4.3:= + btrfs? ( >=sys-fs/btrfs-progs-4.0.1 ) + device-mapper? ( >=sys-fs/lvm2-2.02.145:= ) + rootless? ( sys-apps/shadow:= ) +" + +# TODO: Is this really needed? cause upstream doesnt mention it https://github.com/containers/skopeo/blob/main/install.md#building-from-source +# dev-libs/libgpg-error:= +DEPEND="${COMMON_DEPEND}" +RDEPEND=" + ${COMMON_DEPEND} + app-containers/containers-common +" +BDEPEND="dev-go/go-md2man" + +RESTRICT="test" + +pkg_setup() { + use btrfs && CONFIG_CHECK+=" ~BTRFS_FS" + use device-mapper && CONFIG_CHECK+=" ~MD" + linux-info_pkg_setup +} + +run_make() { + emake \ + BTRFS_BUILD_TAG="$(usex btrfs '' 'btrfs_noversion exclude_graphdriver_btrfs')" \ + CONTAINERSCONFDIR="${EPREFIX}/etc/containers" \ + LIBDM_BUILD_TAG="$(usex device-mapper '' 'libdm_no_deferred_remove exclude_graphdriver_devicemapper')" \ + LIBSUBID_BUILD_TAG="$(usex rootless 'libsubid' '')" \ + PREFIX="${EPREFIX}/usr" \ + $@ +} + +src_compile() { + run_make all completions +} + +src_install() { + # The install target in the Makefile tries to rebuild the binary and + # installs things that are already installed by containers-common. + dobin bin/skopeo + einstalldocs + doman docs/*.1 + run_make "DESTDIR=${D}" install-completions +}