From abb89d298aaf82017f4ca2fdd9baef4fa12a0ad8 Mon Sep 17 00:00:00 2001 From: Marco Allegretti Date: Sun, 22 Feb 2026 19:36:26 +0100 Subject: [PATCH] pre-publish fixes: pin SBOM tool version, remove hardcoded paths, fix changelog - Pin cargo-cyclonedx@0.5.5 in scripts/generate-sbom.sh (matches CI) - Remove hardcoded /home/lateuf paths from .cargo/config.toml - Remove stale 'quick' command reference from CHANGELOG 0.1.0 --- .cargo/config.toml | 17 +++++++++-------- CHANGELOG.md | 1 - scripts/generate-sbom.sh | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index bbf16ee..dfa047e 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -11,11 +11,12 @@ [env] SOURCE_DATE_EPOCH = "0" -[build] -# Remap common local paths in release builds. -# These are best-effort for local dev — CI RUSTFLAGS override this entirely. -# The $HOME/.cargo/registry/src prefix covers most dependency crate paths. -rustflags = [ - "--remap-path-prefix", "/home/lateuf/.cargo/registry/src=crate", - "--remap-path-prefix", "/home/lateuf/Projects/Karapace=src", -] +# [build] +# Path remapping for local dev builds is optional. +# CI RUSTFLAGS override build.rustflags entirely. +# strip = true in profile.release removes debug paths from binaries. +# Uncomment and adjust for your system if you want local path remapping: +# rustflags = [ +# "--remap-path-prefix", "/home/YOU/.cargo/registry/src=crate", +# "--remap-path-prefix", "/home/YOU/Projects/Karapace=src", +# ] diff --git a/CHANGELOG.md b/CHANGELOG.md index a9eec95..d2550a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -57,7 +57,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). - **Lock file v2** — resolved packages with pinned versions, base image content digest (not tag), dual verification (integrity + manifest intent). - **Content-addressable store** — blake3 hashing, atomic writes (NamedTempFile + persist), integrity verification on read, reference counting, garbage collection with signal cancellation. - **CLI commands** — `build`, `rebuild`, `enter`, `exec`, `destroy`, `stop`, `freeze`, `archive`, `list`, `inspect`, `diff`, `snapshots`, `commit`, `restore`, `gc`, `verify-store`, `push`, `pull`, `rename`, `completions`, `man-pages`, `doctor`, `migrate`. -- **`quick` command** — one-step environment creation for casual users (`karapace quick rolling -p git,curl --enter`). Generates a real manifest + lock file, preserving determinism while matching Distrobox-like simplicity. - **Example manifests** — `examples/minimal.toml`, `examples/dev.toml`, `examples/gui-dev.toml`, `examples/ubuntu-dev.toml`, `examples/rust-dev.toml` for common use cases. - **Multi-distro image support** — openSUSE Tumbleweed/Leap, Ubuntu (20.04–24.10), Debian (Bookworm/Trixie/Sid), Fedora (40–42), Arch Linux, custom URLs. - **Runtime backends** — user namespace (`unshare` + `fuse-overlayfs` + `chroot`), OCI (`crun`/`runc`/`youki`), mock (for testing). diff --git a/scripts/generate-sbom.sh b/scripts/generate-sbom.sh index 5d2ff56..6e2c20f 100755 --- a/scripts/generate-sbom.sh +++ b/scripts/generate-sbom.sh @@ -3,7 +3,7 @@ set -euo pipefail command -v cargo-cyclonedx >/dev/null 2>&1 || { echo "Installing cargo-cyclonedx..." - cargo install cargo-cyclonedx --locked + cargo install cargo-cyclonedx@0.5.5 --locked } cargo cyclonedx --format json --output-prefix karapace