diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 069b25d..ae2c48c 100644 --- a/.gitignore +++ b/.gitignore @@ -697,3 +697,41 @@ /v1.30.0.tar.gz /v1.31.0.tar.gz /v1.31.1.tar.gz +/v1.31.2.tar.gz +/v1.31.3.tar.gz +/v1.32.0.tar.gz +/v1.32.1.tar.gz +/v1.32.2.tar.gz +/v1.33.2.tar.gz +/v1.34.0.tar.gz +/v1.34.1.tar.gz +/v1.35.0.tar.gz +/v1.35.1.tar.gz +/v1.35.2.tar.gz +/v1.35.3.tar.gz +/v1.35.4.tar.gz +/v1.36.0.tar.gz +/v1.37.0.tar.gz +/v1.37.1.tar.gz +/v1.37.2.tar.gz +/v1.37.3.tar.gz +/v1.37.4.tar.gz +/v1.37.5.tar.gz +/v1.38.0.tar.gz +/v1.38.1.tar.gz +/v1.39.0.tar.gz +/v1.39.1.tar.gz +/v1.39.2.tar.gz +/v1.39.3.tar.gz +/v1.39.4.tar.gz +/v1.40.0.tar.gz +/v1.40.1.tar.gz +/v1.41.0.tar.gz +/v1.41.1.tar.gz +/v1.41.2.tar.gz +/v1.41.3.tar.gz +/v1.41.4.tar.gz +/v1.41.5.tar.gz +/v1.42.0.tar.gz +/v1.42.1.tar.gz +/v1.42.2.tar.gz diff --git a/.packit.yaml b/.packit.yaml new file mode 100644 index 0000000..032e9e1 --- /dev/null +++ b/.packit.yaml @@ -0,0 +1,149 @@ +--- +# See the documentation for more information: +# https://packit.dev/docs/configuration/ + +downstream_package_name: buildah +upstream_tag_template: v{version} + +# These files get synced from upstream to downstream (Fedora / CentOS Stream) on every +# propose-downstream job. This is done so tests maintained upstream can be run +# downstream in Zuul CI and Bodhi. +# Ref: https://packit.dev/docs/configuration#files_to_sync +files_to_sync: + - src: rpm/gating.yaml + dest: gating.yaml + delete: true + - src: plans/ + dest: plans/ + delete: true + mkpath: true + - src: tests/tmt/ + dest: tests/tmt/ + delete: true + mkpath: true + - src: .fmf/ + dest: .fmf/ + delete: true + - .packit.yaml + +packages: + buildah-fedora: + pkg_tool: fedpkg + specfile_path: rpm/buildah.spec + buildah-centos: + pkg_tool: centpkg + specfile_path: rpm/buildah.spec + buildah-eln: + specfile_path: rpm/buildah.spec + +srpm_build_deps: + - make + +jobs: + - job: copr_build + trigger: pull_request + packages: [buildah-fedora] + notifications: &copr_build_failure_notification + failure_comment: + message: "Ephemeral COPR build failed. @containers/packit-build please check." + # Fedora aliases documentation: https://packit.dev/docs/configuration#aliases + # python3-fedora-distro-aliases provides `resolve-fedora-aliases` command + targets: &fedora_copr_targets + - fedora-all-x86_64 + - fedora-all-aarch64 + enable_net: true + # Disable osh diff scan until Go support is available + # Ref: https://github.com/openscanhub/known-false-positives/pull/30#issuecomment-2858698495 + osh_diff_scan_after_copr_build: false + + # Ignore until golang is updated in distro buildroot to 1.23.3+ + - job: copr_build + trigger: ignore + packages: [buildah-eln] + notifications: *copr_build_failure_notification + targets: + fedora-eln-x86_64: + additional_repos: + - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/x86_64/" + fedora-eln-aarch64: + additional_repos: + - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/aarch64/" + enable_net: true + + # Ignore until golang is updated in distro buildroot to 1.23.3+ + - job: copr_build + trigger: ignore + packages: [buildah-centos] + notifications: *copr_build_failure_notification + targets: ¢os_copr_targets + - centos-stream-9-x86_64 + - centos-stream-9-aarch64 + - centos-stream-10-x86_64 + - centos-stream-10-aarch64 + enable_net: true + + # Run on commit to main branch + - job: copr_build + trigger: commit + packages: [buildah-fedora] + notifications: + failure_comment: + message: "podman-next COPR build failed. @containers/packit-build please check." + branch: main + owner: rhcontainerbot + project: podman-next + enable_net: true + + # Tests on Fedora for main branch PRs + - job: tests + trigger: pull_request + packages: [buildah-fedora] + targets: + - fedora-all-x86_64 + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo + + # Ignore until golang is updated in distro buildroot to 1.23.3+ + # Tests on CentOS Stream for main branch PRs + - job: tests + trigger: ignore + packages: [buildah-centos] + targets: + - centos-stream-9-x86_64 + - centos-stream-10-x86_64 + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo + + # Sync to Fedora + - job: propose_downstream + trigger: release + packages: [buildah-fedora] + update_release: false + dist_git_branches: &fedora_targets + - fedora-all + + # Sync to CentOS Stream + - job: propose_downstream + trigger: release + packages: [buildah-centos] + update_release: false + dist_git_branches: + - c10s + + # Fedora Koji build + - job: koji_build + trigger: commit + packages: [buildah-fedora] + sidetag_group: podman-releases + # Dependents are not rpm dependencies, but the package whose bodhi update + # should include this package. + # Ref: https://packit.dev/docs/fedora-releases-guide/releasing-multiple-packages + dependents: + - podman + dist_git_branches: *fedora_targets diff --git a/README.packit b/README.packit new file mode 100644 index 0000000..b4b46e3 --- /dev/null +++ b/README.packit @@ -0,0 +1,3 @@ +This repository is maintained by packit. +https://packit.dev/ +The file was generated using packit 1.12.0.post1.dev20+g7d30dac21. diff --git a/buildah.spec b/buildah.spec index 7eeba61..9751b59 100644 --- a/buildah.spec +++ b/buildah.spec @@ -7,19 +7,17 @@ %global debug_package %{nil} %endif -# RHEL's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we -# set it separately here and do not depend on RHEL's go-[s]rpm-macros package -# until that's fixed. -# c9s bz: https://bugzilla.redhat.com/show_bug.cgi?id=2227328 -# c8s bz: https://bugzilla.redhat.com/show_bug.cgi?id=2227331 -%if %{defined rhel} -%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; -%endif - %global gomodulesmode GO111MODULE=on -%if 0%{defined fedora} +%if %{defined fedora} %define build_with_btrfs 1 +%if 0%{?fedora} >= 43 +%define sequoia 1 +%endif +%endif + +%if %{defined rhel} +%define fips 1 %endif %global git0 https://github.com/containers/%{name} @@ -28,6 +26,8 @@ Name: buildah # Set different Epoch for copr %if %{defined copr_username} Epoch: 102 +%else +Epoch: 2 %endif # DO NOT TOUCH the Version string! # The TRUE source of this specfile is: @@ -35,8 +35,9 @@ Epoch: 102 # If that's what you're reading, Version must be 0, and will be updated by Packit for # copr and koji builds. # If you're reading this on dist-git, the version is automatically filled in by Packit. -Version: 1.31.1 -License: Apache-2.0 and BSD-2-Clause and BSD-3-Clause and ISC and MIT and MPL-2.0 +Version: 1.42.2 +# The `AND` needs to be uppercase in the License for SPDX compatibility +License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 Release: %autorelease %if %{defined golang_arches_future} ExclusiveArch: %{golang_arches_future} @@ -58,11 +59,11 @@ BuildRequires: go-rpm-macros BuildRequires: gpgme-devel BuildRequires: libassuan-devel BuildRequires: make -BuildRequires: ostree-devel %if %{defined build_with_btrfs} BuildRequires: btrfs-progs-devel %endif BuildRequires: shadow-utils-subid-devel +BuildRequires: sqlite-devel Requires: containers-common-extra %if %{defined fedora} BuildRequires: libseccomp-static @@ -71,6 +72,9 @@ BuildRequires: libseccomp-devel %endif Requires: libseccomp >= 2.4.1-0 Suggests: cpp +%if %{defined sequoia} +Requires: podman-sequoia +%endif %description The %{name} package provides a command line tool which can be used to @@ -81,11 +85,17 @@ or * save container's root file system layer to create a new image * delete a working container or an image +# This subpackage is only intended for CI testing. +# Not meant for end user/customer usage. %package tests Summary: Tests for %{name} -Requires: %{name} = %{version}-%{release} +Requires: %{name} = %{epoch}:%{version}-%{release} +%if %{defined bats_epel} Requires: bats +%else +Recommends: bats +%endif Requires: bzip2 Requires: podman Requires: golang @@ -119,15 +129,28 @@ export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" export CNI_VERSION=`grep '^# github.com/containernetworking/cni ' src/modules.txt | sed 's,.* ,,'` export LDFLAGS="-X main.buildInfo=`date +%s` -X main.cniVersion=${CNI_VERSION}" -export BUILDTAGS='seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $hack/libsubid_tag.sh)' +export BUILDTAGS="seccomp $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh) libsqlite3" %if !%{defined build_with_btrfs} -export BUILDTAGS+=' btrfs_noversion exclude_graphdriver_btrfs' +export BUILDTAGS+=" exclude_graphdriver_btrfs" +%endif + +%if %{defined fips} +export BUILDTAGS+=" libtrust_openssl" +%endif + +%if %{defined sequoia} +export BUILDTAGS+=" containers_image_sequoia" %endif %gobuild -o bin/%{name} ./cmd/%{name} %gobuild -o bin/imgtype ./tests/imgtype %gobuild -o bin/copy ./tests/copy %gobuild -o bin/tutorial ./tests/tutorial +%gobuild -o bin/inet ./tests/inet +%gobuild -o bin/dumpspec ./tests/dumpspec +%gobuild -o bin/passwd ./tests/passwd +%gobuild -o bin/crash ./tests/crash +%gobuild -o bin/wait ./tests/wait %{__make} docs %install @@ -138,14 +161,22 @@ cp -pav tests/. %{buildroot}/%{_datadir}/%{name}/test/system cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype cp bin/copy %{buildroot}/%{_bindir}/%{name}-copy cp bin/tutorial %{buildroot}/%{_bindir}/%{name}-tutorial +cp bin/inet %{buildroot}/%{_bindir}/%{name}-inet +cp bin/dumpspec %{buildroot}/%{_bindir}/%{name}-dumpspec +cp bin/passwd %{buildroot}/%{_bindir}/%{name}-passwd +cp bin/crash %{buildroot}/%{_bindir}/%{name}-crash +cp bin/wait %{buildroot}/%{_bindir}/%{name}-wait rm %{buildroot}%{_datadir}/%{name}/test/system/tools/build/* #define license tag if not already defined %{!?_licensedir:%global license %doc} +# Include check to silence rpmlint. +%check + %files -%license LICENSE +%license LICENSE vendor/modules.txt %doc README.md %{_bindir}/%{name} %{_mandir}/man1/%{name}* @@ -158,15 +189,12 @@ rm %{buildroot}%{_datadir}/%{name}/test/system/tools/build/* %{_bindir}/%{name}-imgtype %{_bindir}/%{name}-copy %{_bindir}/%{name}-tutorial +%{_bindir}/%{name}-inet +%{_bindir}/%{name}-dumpspec +%{_bindir}/%{name}-passwd +%{_bindir}/%{name}-crash +%{_bindir}/%{name}-wait %{_datadir}/%{name}/test %changelog -%if %{defined autochangelog} %autochangelog -%else -# NOTE: This changelog will be visible on CentOS 8 Stream builds -# Other envs are capable of handling autochangelog -* Fri Jun 16 2023 RH Container Bot -- Placeholder changelog for envs that are not autochangelog-ready. -- Contact upstream if you need to report an issue with the build. -%endif diff --git a/gating.yaml b/gating.yaml index c8a218f..1fb3172 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,14 +1,16 @@ --- !Policy product_versions: - fedora-* -decision_context: bodhi_update_push_stable +decision_contexts: + - bodhi_update_push_stable + - bodhi_update_push_testing subject_type: koji_build rules: - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + --- !Policy product_versions: - - fedora-* -decision_context: bodhi_update_push_testing -subject_type: koji_build + - rhel-* +decision_context: osci_compose_gate rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..b982e76 --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,34 @@ +discover: + how: fmf + +execute: + how: tmt + +prepare: + - when: distro == centos-stream or distro == rhel + how: shell + script: | + dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm + dnf -y config-manager --set-enabled epel + order: 10 + - when: initiator == packit + how: shell + script: | + COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo" + if compgen -G $COPR_REPO_FILE > /dev/null; then + sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE + fi + dnf -y upgrade --allowerasing + order: 20 + +provision: + how: artemis + hardware: + memory: ">= 16 GB" + cpu: + cores: ">= 4" + threads: ">=8" + disk: + - size: ">= 512 GB" + + diff --git a/sources b/sources index 1be5825..c210586 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v1.31.1.tar.gz) = 7375877d964197d0690542e1da0636b0a67cdf01f30ddbdd69cced5cfe4f8bb370b37ec58f2dffd2c2f048b897470d8fb06cd9f70c8e75df2aa6b19f86610f7b +SHA512 (v1.42.2.tar.gz) = adb1de700db9b589639f6fd02cad95d9bedacb9d0363838315f33c978a8c900570d55af95073992ff69cff4f2a9d18776c5d786af294aaa1604144580c957414 diff --git a/tests/test_buildah.sh b/tests/test_buildah.sh deleted file mode 100755 index f8776bb..0000000 --- a/tests/test_buildah.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash -e - -# Log program and kernel versions -echo "Important package versions:" -( - uname -r - rpm -qa |\ - egrep 'buildah|podman|conmon|containers-common|crun|runc|iptable|slirp|aardvark|netavark|containernetworking-plugins|systemd|container-selinux' |\ - sort -) | sed -e 's/^/ /' - -# Log environment; or at least the useful bits -echo "Environment:" -env | grep -v LS_COLORS= | sort | sed -e 's/^/ /' - -export BUILDAH_BINARY=/usr/bin/buildah -export IMGTYPE_BINARY=/usr/bin/buildah-imgtype -export COPY_BINARY=/usr/bin/buildah-copy -export TUTORIAL_BINARY=/usr/bin/buildah-tutorial - -############################################################################### -# BEGIN setup/teardown - -# Start a registry -pre_bats_setup() { - REGISTRY_FQIN=quay.io/libpod/registry:2 - - AUTHDIR=/tmp/buildah-tests-auth.$$ - mkdir -p $AUTHDIR - - CERT=$AUTHDIR/domain.crt - if [ ! -e $CERT ]; then - openssl req -newkey rsa:4096 -nodes -sha256 \ - -keyout $AUTHDIR/domain.key -x509 -days 2 \ - -out $AUTHDIR/domain.crt \ - -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \ - -addext subjectAltName=DNS:localhost - fi - - if [ ! -e $AUTHDIR/htpasswd ]; then - htpasswd -Bbn testuser testpassword > $AUTHDIR/htpasswd - fi - - podman rm -f registry || true - podman run -d -p 5000:5000 \ - --name registry \ - -v $AUTHDIR:/auth:Z \ - -e "REGISTRY_AUTH=htpasswd" \ - -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ - -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ - -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \ - -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \ - $REGISTRY_FQIN -} - -post_bats_teardown() { - podman rm -f registry -} - -# END setup/teardown -############################################################################### -# BEGIN actual test - -pre_bats_setup -bats /usr/share/buildah/test/system -rc=$? -post_bats_teardown - -exit $rc diff --git a/tests/test_buildah.yml b/tests/test_buildah.yml deleted file mode 100644 index 8bb1ed0..0000000 --- a/tests/test_buildah.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- hosts: localhost - environment: - TMPDIR: /var/tmp - roles: - - role: standard-test-basic - tags: - - classic - - container - required_packages: - - buildah - - buildah-tests - tests: - - root-test: - dir: ./ - run: ./test_buildah.sh - timeout: 80m diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 596f735..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1 +0,0 @@ -- import_playbook: test_buildah.yml diff --git a/tests/tmt/system.fmf b/tests/tmt/system.fmf new file mode 100644 index 0000000..eb6b766 --- /dev/null +++ b/tests/tmt/system.fmf @@ -0,0 +1,24 @@ +require: + - buildah-tests + - git-daemon + - slirp4netns + +environment: + BUILDAH_BINARY: /usr/bin/buildah + IMGTYPE_BINARY: /usr/bin/buildah-imgtype + INET_BINARY: /usr/bin/buildah-inet + COPY_BINARY: /usr/bin/buildah-copy + TUTORIAL_BINARY: /usr/bin/buildah-tutorial + DUMPSPEC_BINARY: /usr/bin/buildah-dumpspec + PASSWD_BINARY: /usr/bin/buildah-passwd + TMPDIR: /var/tmp + +adjust: + - when: initiator != "packit" + environment+: + RELEASE_TESTING: true + +/local/root: + summary: System test + test: bash ./system.sh + duration: 60m diff --git a/tests/tmt/system.sh b/tests/tmt/system.sh new file mode 100644 index 0000000..73553aa --- /dev/null +++ b/tests/tmt/system.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +set -exo pipefail + +uname -r + +rpm -q \ + aardvark-dns \ + buildah \ + buildah-tests \ + conmon \ + container-selinux \ + containers-common \ + crun \ + netavark \ + systemd + +bats /usr/share/buildah/test/system