From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A858D1581D0 for ; Thu, 8 Feb 2024 03:17:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C0B7CE2A3C; Thu, 8 Feb 2024 03:17:27 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A5781E2A2B for ; Thu, 8 Feb 2024 03:17:27 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id DA0DB3430B2 for ; Thu, 8 Feb 2024 03:17:26 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 1E0E4AE3 for ; Thu, 8 Feb 2024 03:17:25 +0000 (UTC) From: "Zac Medico" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Zac Medico" Message-ID: <1707362237.fe94090c6c36be4cf9ea7f989ee41e908b8019a2.zmedico@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-containers/buildah/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-containers/buildah/Manifest app-containers/buildah/buildah-1.33.5.ebuild X-VCS-Directories: app-containers/buildah/ X-VCS-Committer: zmedico X-VCS-Committer-Name: Zac Medico X-VCS-Revision: fe94090c6c36be4cf9ea7f989ee41e908b8019a2 X-VCS-Branch: master Date: Thu, 8 Feb 2024 03:17:25 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: ec22bff5-3950-4024-868a-f1570ac13ead X-Archives-Hash: 4fadb9f5e227d911fe46ca84dce86636 commit: fe94090c6c36be4cf9ea7f989ee41e908b8019a2 Author: Rahil Bhimjiani rahil rocks> AuthorDate: Sat Feb 3 00:57:28 2024 +0000 Commit: Zac Medico gentoo org> CommitDate: Thu Feb 8 03:17:17 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe94090c app-containers/buildah: add 1.33.5 This release addresses a number of Buildkit vulnerabilities including but not limited to: CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653. Bug: https://bugs.gentoo.org/923650 Signed-off-by: Rahil Bhimjiani rahil.rocks> Signed-off-by: Zac Medico gentoo.org> app-containers/buildah/Manifest | 1 + app-containers/buildah/buildah-1.33.5.ebuild | 125 +++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) diff --git a/app-containers/buildah/Manifest b/app-containers/buildah/Manifest index 8206af8e3067..0194044405ab 100644 --- a/app-containers/buildah/Manifest +++ b/app-containers/buildah/Manifest @@ -2,4 +2,5 @@ DIST buildah-1.30.0.tar.gz 15623786 BLAKE2B e0b2f6d26827cfe40f88a9915f12b6acb385 DIST buildah-1.32.2.tar.gz 18451694 BLAKE2B 885b940e804394d18451e5dce3e3af4097a8adf01e59d7a288dda7063a888759abd9a5c18d8f4522709c7d296fc9a2b5d61229143f3545a786dc59ac837214e2 SHA512 3a50e53e047aa0e23643d8751af1fb51a83fd51e5440111432eb34bdb07e95f24676a917b54409c223df444fe123c8df4aa9af435737cfdd02d0eda0d3f5bba1 DIST buildah-1.33.1.tar.gz 18635429 BLAKE2B 93883b02e6b790c029b03dd3ebb5f0d7c8e184989c987034cd429ea804d17b275a2b81c9f37bbaff1a54367bb93a9b0870af86293aa0332c3ccac1bbb6a750fe SHA512 4abab105f6b242dc38e443b53b6c0c90fd7897bceb6b491fd067cd56767616a3df4005bc0bd0d10f217df2e6716cf950d8662788b110929a826660f29516703e DIST buildah-1.33.2.tar.gz 18580150 BLAKE2B 523b75974a27695bbf818f4a1499d15e48e254934549f2ae191f462334aa4dd34a60c82b78b0d3351e05b297a40a8f8e2df94e75d22779a5c042dbd3dd307e4a SHA512 574c1a249d93edd5f89e106cd192da94235edcff097d9bce841e3b3b3a9588029deddaceb301505114b994e854016c72090cc0016a00ef027b25f3672a3fab32 +DIST buildah-1.33.5.tar.gz 18579521 BLAKE2B a59bfda3dea1f588a2f77a26b942da6ae02a00f1169008f776a2d7699b6b14f38ab29b46b7d0651e9fff3f007e5f95caed99952cc7585c25ea2a3153402958e9 SHA512 82ddfacd69918fb4ca8110d7d5279f4075385e5db5b64b58cf41a90c47e16093f1e65d8ef20136a4cd8f5c23ea8da7f35fb72581cec6472497b9c5b458023e9c DIST buildah-1.34.0.tar.gz 18751419 BLAKE2B 6584c5234e849f9b8cde5e4188791024c8ac5c0ba85859e289f3eb2ec32f97f722ebf25f1291f29e14edf4adc14e19d6a6a76630c820085e9f345736aeb3d4eb SHA512 a3836ce540058f418131969e157d548864727398535e4e99a693d883419b8d764da7166f9b9376c2b9686d8beac101687843c2e93198b16328ef333ad96d55db diff --git a/app-containers/buildah/buildah-1.33.5.ebuild b/app-containers/buildah/buildah-1.33.5.ebuild new file mode 100644 index 000000000000..d5fd4e7a796e --- /dev/null +++ b/app-containers/buildah/buildah-1.33.5.ebuild @@ -0,0 +1,125 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module linux-info + +DESCRIPTION="A tool that facilitates building OCI images" +HOMEPAGE="https://github.com/containers/buildah" + +# main pkg +LICENSE="Apache-2.0" +# deps +LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0" + +SLOT="0" +IUSE="apparmor btrfs +seccomp systemd doc test" +RESTRICT="test" +EXTRA_DOCS=( + "CHANGELOG.md" + "CONTRIBUTING.md" + "install.md" + "troubleshooting.md" + "docs/tutorials" +) + +if [[ ${PV} == 9999* ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/containers/buildah.git" +else + SRC_URI="https://github.com/containers/buildah/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~arm64" +fi + +RDEPEND=" + systemd? ( sys-apps/systemd ) + btrfs? ( sys-fs/btrfs-progs ) + seccomp? ( sys-libs/libseccomp:= ) + apparmor? ( sys-libs/libapparmor:= ) + app-containers/containers-common + app-crypt/gpgme:= + dev-libs/libgpg-error:= + dev-libs/libassuan:= + sys-apps/shadow:= +" +DEPEND="${RDEPEND}" + +pkg_pretend() { + local CONFIG_CHECK="" + use btrfs && CONFIG_CHECK+=" ~BTRFS_FS" + check_extra_config + + linux_config_exists || ewarn "Cannot determine configuration of your kernel." +} + +src_prepare() { + default + + # ensure all necessary files are there + local file + for file in docs/Makefile hack/libsubid_tag.sh hack/apparmor_tag.sh \ + hack/systemd_tag.sh btrfs_installed_tag.sh btrfs_tag.sh; do + [[ -f "${file}" ]] || die + done + + sed -i -e "s|/usr/local|/usr|g" Makefile docs/Makefile || die + echo -e '#!/usr/bin/env bash\necho libsubid' > hack/libsubid_tag.sh || die + + cat <<-EOF > hack/apparmor_tag.sh || die + #!/usr/bin/env bash + $(usex apparmor 'echo apparmor' echo) + EOF + + use seccomp || { + cat <<-'EOF' > "${T}/disable_seccomp.patch" + --- a/Makefile + +++ b/Makefile + @@ -5 +5 @@ + -SECURITYTAGS ?= seccomp $(APPARMORTAG) + +SECURITYTAGS ?= $(APPARMORTAG) + EOF + eapply "${T}/disable_seccomp.patch" || die + } + + cat <<-EOF > hack/systemd_tag.sh || die + #!/usr/bin/env bash + $(usex systemd 'echo systemd' echo) + EOF + + echo -e "#!/usr/bin/env bash\n echo" > btrfs_installed_tag.sh || die + cat <<-EOF > btrfs_tag.sh || die + #!/usr/bin/env bash + $(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion') + EOF + + use test || { + cat <<-'EOF' > "${T}/disable_tests.patch" + --- a/Makefile + +++ b/Makefile + @@ -54 +54 @@ + -all: bin/buildah bin/imgtype bin/copy bin/tutorial docs + +all: bin/buildah docs + EOF + eapply "${T}/disable_tests.patch" || die + } + +} + +src_compile() { + # For non-live versions, prevent git operations which causes sandbox violations + # https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493 + [[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT="" + + default +} + +src_test() { + emake test-unit +} + +src_install() { + emake DESTDIR="${ED}" install install.completions + einstalldocs + use doc && dodoc -r "${EXTRA_DOCS[@]}" +}