Skip to content

Commit 1f0fbe5

Browse files
committed
merge #641 into opencontainers/umoci:main
Aleksa Sarai (2): deps: update to runtime-spec v1.2.1 test: disable oci-runtime-tool validation LGTMs: cyphar
2 parents f38c033 + 21806cb commit 1f0fbe5

File tree

8 files changed

+262
-54
lines changed

8 files changed

+262
-54
lines changed

CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,11 @@ features added to the specification (such as embedded-data descriptors and
2020
subject references used by OCI artifact images), but at the moment umoci does
2121
not yet support creating images utilising these features.
2222

23+
In addition, umoci also now supports generating `config.json` blobs that are
24+
compliant with v1.2.1 of the OCI runtime specification. Note that we do not
25+
explicitly use any of the newer features, this is mostly a quality-of-life
26+
update to move away from our ancient pinned version of the runtime-spec.
27+
2328
### Breaking ###
2429
* The existing `ConfigExposedPorts` and `ConfigVolumes` methods of
2530
`github.com/opencontainers/umoci/oci/config/generate.Generator` now return a

Dockerfile

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -26,28 +26,6 @@ RUN git clone -b umoci https://github.com/cyphar/go-mtree.git /tmp/gomtree
2626
RUN cd /tmp/gomtree && \
2727
go install ./cmd/gomtree
2828

29-
## TOOLS: oci-runtime-tool needs special handling.
30-
FROM golang:1.25 AS oci-runtime-tool
31-
# FIXME: We need to get an ancient version of oci-runtime-tools because the
32-
# config.json conversion we do is technically not spec-compliant due to
33-
# an oversight and new versions of oci-runtime-tools verify this.
34-
# See <https://github.com/opencontainers/runtime-spec/pull/1197>.
35-
#
36-
# In addition, there is no go.mod in all released versions up to v0.9.0,
37-
# which means that we will pull the latest runtime-spec automatically
38-
# (Go removed auto-conversion to go.mod in Go 1.22) which causes
39-
# validation errors. But we need to forcefully pick runtime-spec v1.0.2.
40-
# This is fine. See <https://github.com/opencontainers/runtime-tools/pull/774>.
41-
ENV SRCDIR=/tmp/oci-runtime-tool
42-
RUN git clone -b v0.5.0 https://github.com/opencontainers/runtime-tools.git $SRCDIR
43-
RUN cd $SRCDIR && \
44-
go mod init github.com/opencontainers/runtime-tools && \
45-
go mod tidy && \
46-
go get github.com/opencontainers/[email protected] && \
47-
go mod vendor
48-
RUN make -C $SRCDIR tool
49-
RUN install -Dm 0755 $SRCDIR/oci-runtime-tool /usr/bin/oci-runtime-tool
50-
5129
## CI: Pull the test image in a separate build stage.
5230
FROM quay.io/skopeo/stable:v1.20 AS test-image
5331
ENV SOURCE_IMAGE=/image SOURCE_TAG=latest
@@ -88,7 +66,6 @@ RUN git config --system --add safe.directory /go/src/github.com/opencontainers/u
8866

8967
ENV GOPATH=/go PATH=/go/bin:$PATH
9068
COPY --from=go-binaries /go/bin /go/bin
91-
COPY --from=oci-runtime-tool /usr/bin/oci-runtime-tool /go/bin
9269
ENV SOURCE_IMAGE=/image SOURCE_TAG=latest
9370
COPY --from=test-image $SOURCE_IMAGE $SOURCE_IMAGE
9471

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ require (
3232
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
3333
github.com/opencontainers/go-digest v1.0.0
3434
github.com/opencontainers/image-spec v1.1.1
35-
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
35+
github.com/opencontainers/runtime-spec v1.2.1
3636
github.com/rootless-containers/proto/go-proto v0.0.0-20230421021042-4cd87ebadd67
3737
github.com/stretchr/testify v1.11.1
3838
github.com/urfave/cli v1.22.12

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
7171
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
7272
github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
7373
github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
74-
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc=
75-
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
74+
github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU8lpJfSlR0xww=
75+
github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
7676
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
7777
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
7878
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

test/helpers.bash

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,16 @@ function bundle-verify() {
169169
args+=( --path="$arg" )
170170
done
171171

172-
oci-runtime-tool validate "${args[@]}"
172+
# FIXME: oci-runtime-tool has some incorrect validation logic (it disallows
173+
# certain org.opencontianers.* annotations) and there has not yet
174+
# been a release with go.mod. As such, using it causes issues and
175+
# has blocked us from being able to update runtime-spec versions for
176+
# years.
177+
#
178+
# Ultimately, we do some smoke tests with runc (which does its own
179+
# specconv-based validation) and so our config.json does get some
180+
# validation in our tests.
181+
#oci-runtime-tool validate "${args[@]}"
173182
return $?
174183
}
175184

0 commit comments

Comments
 (0)