buildah-1.23.0-1

autobuilt v1.23.0

Signed-off-by: RH Container Bot <rhcontainerbot@fedoraproject.org>
(cherry picked from commit 5671e64d81)

.gitignore

@@ -484,3 +484,28 @@
 /buildah-0ac2a67.tar.gz
 /buildah-f7a3515.tar.gz
 /buildah-2c46b4b.tar.gz
+/buildah-295b825.tar.gz
+/v1.16.1.tar.gz
+/v1.16.2.tar.gz
+/v1.16.4.tar.gz
+/v1.16.5.tar.gz
+/v1.17.0.tar.gz
+/v1.18.0.tar.gz
+/v1.19.0.tar.gz
+/v1.19.1.tar.gz
+/v1.19.2.tar.gz
+/v1.19.3.tar.gz
+/buildah-6002877.tar.gz
+/v1.19.4.tar.gz
+/v1.19.6.tar.gz
+/v1.19.8.tar.gz
+/v1.20.1.tar.gz
+/v1.21.0.tar.gz
+/v1.21.1.tar.gz
+/v1.21.2.tar.gz
+/buildah-ec35bc4.tar.gz
+/v1.21.3.tar.gz
+/v1.21.4.tar.gz
+/v1.22.0.tar.gz
+/v1.22.3.tar.gz
+/v1.23.0.tar.gz

buildah.spec

@@ -13,7 +13,7 @@
 %global debug_package   %{nil}
 %endif
 
-%if ! 0%{?gobuild:1}
+%if ! 0%{?gobuild:1} || 0%{?centos}
 %define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**};
 %endif
 
@@ -24,24 +24,23 @@
 # https://github.com/containers/buildah
 %global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
 %global git0 https://%{import_path}
-%global commit0 2c46b4bf2d078fa3f18038fab8467e8c9ffac23c
-%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
+# To build random commit
+#%%global commit0 baba8de3ddad18bb6eb7abd6d17972c8403f8f25
 
-# Used for comparing with latest upstream tag
-# to decide whether to autobuild (non-rawhide only)
-%define built_tag v1.14.9
-%define built_tag_strip %(b=%{built_tag}; echo ${b:1})
-%define download_url https://%{import_path}/archive/%{built_tag}.tar.gz
+%global built_tag v1.23.0
+%global built_tag_strip %(b=%{built_tag}; echo ${b:1})
 
 Name: %{repo}
-Version: 1.15.0
-Release: 0.68.dev.git%{shortcommit0}%{?dist}
+Version: 1.23.0
+Release: 1%{?dist}
 Summary: A command line tool used for creating OCI Images
 License: ASL 2.0
 URL: https://%{name}.io
-Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
+Source0: %{git0}/archive/%{built_tag}.tar.gz
+# To build random commit
+#Source0: %%{git0}/archive/%%{commit0}.tar.gz
 BuildRequires: device-mapper-devel
-BuildRequires: golang
+BuildRequires: golang >= 1.15.14
 BuildRequires: git
 BuildRequires: glib2-devel
 BuildRequires: glibc-static
@@ -49,24 +48,23 @@ BuildRequires: go-md2man
 BuildRequires: gpgme-devel
 BuildRequires: libassuan-devel
 BuildRequires: make
-Requires: crun >= 0.10-1
-Requires: containers-common
-Requires: libseccomp >= 2.4.1-0
-# No ostree for centos 7
-%if 0%{?fedora} || 0%{?centos} >= 8
+%if 0%{?fedora} || 0%{?centos} >= 8 || 0%{?eln}
 BuildRequires: ostree-devel
+Requires: containers-common >= 4:1-18
+%else
+Requires: runc
 %endif
 # No btrfs for centos 8
 %if 0%{?fedora} || 0%{?centos} <= 7
 BuildRequires: btrfs-progs-devel
 %endif
-%if 0%{?fedora}
+%if 0%{?fedora} || 0%{?eln}
 BuildRequires: libseccomp-static
-Recommends: container-selinux
-Recommends: slirp4netns >= 0.3-0
-Recommends: fuse-overlayfs
+Requires: libseccomp >= 2.4.1-0
+Suggests: cpp
 %else
 BuildRequires: libseccomp-devel
+Requires: libseccomp
 Requires: container-selinux
 Requires: slirp4netns >= 0.3-0
 %endif
@@ -90,6 +88,8 @@ Requires: podman
 Requires: golang
 Requires: jq
 Requires: httpd-tools
+Requires: openssl
+Requires: nmap-ncat
 
 %description tests
 %{summary}
@@ -97,7 +97,8 @@ Requires: httpd-tools
 This package contains system tests for %{name}
 
 %prep
-%autosetup -Sgit -n %{name}-%{commit0}
+%autosetup -Sgit -n %{name}-%{built_tag_strip}
+#%%autosetup -Sgit -n %%{name}-%%{commit0}
 sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile
 sed -i '/docs install/d' Makefile
 
@@ -110,13 +111,21 @@ popd
 
 mv vendor src
 
+export CGO_CFLAGS="-O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -ffat-lto-objects -fexceptions -fasynchronous-unwind-tables -fstack-protector-strong -fstack-clash-protection -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
+%ifarch x86_64
+export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
+%endif
+# These extra flags present in %%{optflags} have been skipped for now as they break the build
+#export CGO_CFLAGS+=" -flto=auto -Wp,D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1"
+
 export GOPATH=$(pwd)/_build:$(pwd)
 export BUILDTAGS='seccomp selinux'
 %if 0%{?centos} >= 8
 export BUILDTAGS+=' exclude_graphdriver_btrfs'
 %endif
-%gobuild -o %{name} %{import_path}/cmd/%{name}
-%gobuild -o imgtype %{import_path}/tests/imgtype
+%gobuild -o bin/%{name} %{import_path}/cmd/%{name}
+%gobuild -o bin/imgtype %{import_path}/tests/imgtype
+%gobuild -o bin/copy    %{import_path}/tests/copy
 GOMD2MAN=go-md2man %{__make} -C docs
 
 %install
@@ -126,7 +135,8 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} -C docs install
 
 install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
 cp -pav tests/. %{buildroot}/%{_datadir}/%{name}/test/system
-cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
+cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
+cp bin/copy    %{buildroot}/%{_bindir}/%{name}-copy
 
 #define license tag if not already defined
 %{!?_licensedir:%global license %doc}
@@ -143,9 +153,144 @@ cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
 %files tests
 %license LICENSE
 %{_bindir}/%{name}-imgtype
+%{_bindir}/%{name}-copy
 %{_datadir}/%{name}/test
 
 %changelog
+* Tue Sep 14 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.23.0-1
+- autobuilt v1.23.0
+
+* Wed Aug 25 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.22.3-1
+- autobuilt v1.22.3
+
+* Tue Aug 10 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.22.0-1
+- autobuilt v1.22.0
+
+* Mon Aug 02 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.21.4-5
+- Resolves: #1983596, #1987738 - Security fix for CVE-2021-34558
+
+* Fri Jul 23 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.21.4-4
+- ensure consistent version-release and changelog
+
+* Fri Jul 23 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.21.4-1
+- bump to v1.21.4
+- fix gating test issues
+
+* Thu Jul 22 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.21.3-3
+- try fix for copy-release
+
+* Thu Jul 22 2021 Eduardo Santiago <santiago@redhat.com> - 1.21.3-2
+- Try to deal with new buildah-copy-helper nightmare
+
+* Fri Jul 16 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.21.3-1
+- Resolves: #1969264, #1982880 - Security fix for CVE-2021-3602
+- bump to v1.21.3
+
+* Wed Jun 30 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.21.2-1
+- bump to v1.21.2
+
+* Tue Jun 08 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.21.1-1
+- autobuilt v1.21.1
+
+* Fri May 21 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.21.0-1
+- autobuilt v1.21.0
+
+* Thu Apr 22 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.20.1-4
+- fix gating tests
+
+* Mon Apr 19 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.20.1-3
+- update containers-common dependency
+- container-selinux, oci-runtime, slirp4netns and fuse-overlayfs handled in
+containers-common
+
+* Fri Apr 16 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.20.1-2
+- rebuild for buildah-tests
+
+* Wed Apr 14 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.20.1-1
+- autobuilt v1.20.1
+
+* Mon Mar 29 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.20.0-1
+- bump to v1.20.0
+
+* Thu Mar 18 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.19.8-1
+- autobuilt v1.19.8
+
+* Thu Feb 25 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.19.6-3
+- bump for centos
+
+* Mon Feb 22 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.19.6-2
+- bump timeout for buildah gating tests
+- Suggested by Ed Santiago <santiago@redhat.com>
+
+* Fri Feb 19 2021 Dan Walsh <dwalsh5@fedoraproject.org> - 1.19.6-1
+- Fix gating test and bum to 1.19.6
+
+* Fri Feb 12 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.19.4-3
+- adjust buildtags for centos
+
+* Thu Feb 11 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.19.4-2
+- bump for centos
+
+* Tue Feb 09 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.19.4-1
+- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206
+- bump to v1.19.4
+- adjust dependencies
+
+* Fri Jan 29 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.19.3-1
+- autobuilt v1.19.3
+
+* Fri Jan 15 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.19.2-1
+- autobuilt v1.19.2
+
+* Thu Jan 14 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.19.1-1
+- autobuilt v1.19.1
+
+* Sat Jan  9 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.19.0-1
+- autobuilt v1.19.0
+
+* Mon Dec  7 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.18.0-3
+- bump release tag for centos OBS
+
+* Mon Dec 07 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.18.0-2
+- harden cgo based go binaries
+- Reported-by: Wade Mealing <wmealing@gmail.com>
+
+* Mon Nov 16 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.18.0-1
+- autobuilt v1.18.0
+
+* Mon Nov  9 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.17.0-2
+- rebuild
+
+* Mon Nov 2 2020 Dan Walsh <dwalsh@redhat.com> - 1.17.0-1
+- Build 1.17.0
+
+* Thu Oct 22 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.16.5-1
+- autobuilt v1.16.5
+
+* Fri Oct  2 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.16.4-1
+- autobuilt v1.16.4
+
+* Tue Sep 22 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.16.2-1
+- autobuilt v1.16.2
+
+* Mon Sep 21 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.16.1-3
+- bump release to not lag f32
+
+* Mon Sep 21 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.16.1-2
+- adjust deps for centos7
+
+* Fri Sep 11 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.16.1-1
+- autobuilt v1.16.1
+
+* Wed Sep 09 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.16.0-2
+- fix gating tests
+
+* Mon Sep 7 2020 Dan Walsh <dwalsh@redhat.com> - 1.16.0-1
+- Bump to next major release
+
+* Thu Sep  3 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1.15.2-1
+- autobuilt v1.15.2
+
 * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-0.68.dev.git2c46b4b
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 

sources

@@ -1,2 +1 @@
-SHA512 (buildah-2c46b4b.tar.gz) = 1de4a3e775379a9104fe84bac3a8c255f6fae7f2c49971261b5f1a580507921e9d78875581ac0ae117a7b2281b85a35919e5b6285bc87cf8425d9c444a37c2b0
-SHA512 (buildah-843d15d.tar.gz) = ca383aff62f7a26e1bfcc3d7d7592be939c413a49f891a69139166a6c16306f38ea2d618c9e37e9f412fa7735ee4ae933dd3dcab45c06e455882aa8cc4e585b3
+SHA512 (v1.23.0.tar.gz) = 587b9d0a735124afd1f21985ae9d657d513b383bb8b7a5f4ea8911ebaf915c0bdb2bca4359cc9caf4e50cf64550f8f6ee596a0aa10acf6b59370b68b41b809f1

tests/test_buildah.sh

@@ -13,13 +13,14 @@ env | grep -v LS_COLORS= | sort | sed -e 's/^/  /'
 
 export BUILDAH_BINARY=/usr/bin/buildah
 export IMGTYPE_BINARY=/usr/bin/buildah-imgtype
+export COPY_BINARY=/usr/bin/buildah-copy
 
 ###############################################################################
 # BEGIN setup/teardown
 
 # Start a registry
 pre_bats_setup() {
-    REGISTRY_FQIN=docker.io/library/registry:2
+    REGISTRY_FQIN=quay.io/libpod/registry:2
 
     AUTHDIR=/tmp/buildah-tests-auth.$$
     mkdir -p $AUTHDIR
@@ -29,7 +30,8 @@ pre_bats_setup() {
         openssl req -newkey rsa:4096 -nodes -sha256 \
                 -keyout $AUTHDIR/domain.key -x509 -days 2 \
                 -out $AUTHDIR/domain.crt \
-                -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"
+                -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
+                -addext subjectAltName=DNS:localhost
     fi
 
     if [ ! -e $AUTHDIR/htpasswd ]; then

tests/test_buildah.yml

@@ -1,5 +1,7 @@
 ---
 - hosts: localhost
+  environment:
+    TMPDIR: /var/tmp
   roles:
     - role: standard-test-basic
       tags:
@@ -12,4 +14,4 @@
         - root-test:
             dir: ./
             run: ./test_buildah.sh
-            timeout: 60m
+            timeout: 90m