opencontainers
diff --git a/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 0 additions & 23 deletions b/‎Dockerfile‎
Lines changed: 0 additions & 23 deletions
diff --git a/‎go.mod‎
Lines changed: 1 addition & 1 deletion b/‎go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 2 additions & 2 deletions b/‎go.sum‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎test/helpers.bash‎
Lines changed: 10 additions & 1 deletion b/‎test/helpers.bash‎
Lines changed: 10 additions & 1 deletion
@@ -20,6 +20,11 @@ features added to the specification (such as embedded-data descriptors and
 subject references used by OCI artifact images), but at the moment umoci does
 not yet support creating images utilising these features.
 
+In addition, umoci also now supports generating `config.json` blobs that are
+compliant with v1.2.1 of the OCI runtime specification. Note that we do not
+explicitly use any of the newer features, this is mostly a quality-of-life
+update to move away from our ancient pinned version of the runtime-spec.
+
 ### Breaking ###
 * The existing `ConfigExposedPorts` and `ConfigVolumes` methods of
   `github.com/opencontainers/umoci/oci/config/generate.Generator` now return a
 
@@ -26,28 +26,6 @@ RUN git clone -b umoci https://github.com/cyphar/go-mtree.git /tmp/gomtree
 RUN cd /tmp/gomtree && \
 	go install ./cmd/gomtree
 
-## TOOLS: oci-runtime-tool needs special handling.
-FROM golang:1.25 AS oci-runtime-tool
-# FIXME: We need to get an ancient version of oci-runtime-tools because the
-#        config.json conversion we do is technically not spec-compliant due to
-#        an oversight and new versions of oci-runtime-tools verify this.
-#        See <https://github.com/opencontainers/runtime-spec/pull/1197>.
-#
-#        In addition, there is no go.mod in all released versions up to v0.9.0,
-#        which means that we will pull the latest runtime-spec automatically
-#        (Go removed auto-conversion to go.mod in Go 1.22) which causes
-#        validation errors. But we need to forcefully pick runtime-spec v1.0.2.
-#        This is fine. See <https://github.com/opencontainers/runtime-tools/pull/774>.
-ENV SRCDIR=/tmp/oci-runtime-tool
-RUN git clone -b v0.5.0 https://github.com/opencontainers/runtime-tools.git $SRCDIR
-RUN cd $SRCDIR && \
-	go mod init github.com/opencontainers/runtime-tools && \
-	go mod tidy && \
-	go get github.com/opencontainers/[email protected] && \
-	go mod vendor
-RUN make -C $SRCDIR tool
-RUN install -Dm 0755 $SRCDIR/oci-runtime-tool /usr/bin/oci-runtime-tool
-
 ## CI: Pull the test image in a separate build stage.
 FROM quay.io/skopeo/stable:v1.20 AS test-image
 ENV SOURCE_IMAGE=/image SOURCE_TAG=latest
@@ -88,7 +66,6 @@ RUN git config --system --add safe.directory /go/src/github.com/opencontainers/u
 
 ENV GOPATH=/go PATH=/go/bin:$PATH
 COPY --from=go-binaries /go/bin /go/bin
-COPY --from=oci-runtime-tool /usr/bin/oci-runtime-tool /go/bin
 ENV SOURCE_IMAGE=/image SOURCE_TAG=latest
 COPY --from=test-image $SOURCE_IMAGE $SOURCE_IMAGE
 
 
@@ -32,7 +32,7 @@ require (
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
-	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
+	github.com/opencontainers/runtime-spec v1.2.1
 	github.com/rootless-containers/proto/go-proto v0.0.0-20230421021042-4cd87ebadd67
 	github.com/stretchr/testify v1.11.1
 	github.com/urfave/cli v1.22.12
 
@@ -71,8 +71,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
 github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww=
+github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 
@@ -169,7 +169,16 @@ function bundle-verify() {
 		args+=( --path="$arg" )
 	done
 
-	oci-runtime-tool validate "${args[@]}"
+	# FIXME: oci-runtime-tool has some incorrect validation logic (it disallows
+	#        certain org.opencontianers.* annotations) and there has not yet
+	#        been a release with go.mod. As such, using it causes issues and
+	#        has blocked us from being able to update runtime-spec versions for
+	#        years.
+	#
+	#        Ultimately, we do some smoke tests with runc (which does its own
+	#        specconv-based validation) and so our config.json does get some
+	#        validation in our tests.
+	#oci-runtime-tool validate "${args[@]}"
 	return $?
 }