Update to 1.42.2 upstream release

Upstream tag: v1.42.2
Upstream commit: c0cc9725

Commit authored by Packit automation (https://packit.dev/)

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -720,3 +720,18 @@
 /v1.38.0.tar.gz
 /v1.38.1.tar.gz
 /v1.39.0.tar.gz
+/v1.39.1.tar.gz
+/v1.39.2.tar.gz
+/v1.39.3.tar.gz
+/v1.39.4.tar.gz
+/v1.40.0.tar.gz
+/v1.40.1.tar.gz
+/v1.41.0.tar.gz
+/v1.41.1.tar.gz
+/v1.41.2.tar.gz
+/v1.41.3.tar.gz
+/v1.41.4.tar.gz
+/v1.41.5.tar.gz
+/v1.42.0.tar.gz
+/v1.42.1.tar.gz
+/v1.42.2.tar.gz

.packit.yaml

@@ -5,6 +5,27 @@
 downstream_package_name: buildah
 upstream_tag_template: v{version}
 
+# These files get synced from upstream to downstream (Fedora / CentOS Stream) on every
+# propose-downstream job. This is done so tests maintained upstream can be run
+# downstream in Zuul CI and Bodhi.
+# Ref: https://packit.dev/docs/configuration#files_to_sync
+files_to_sync:
+  - src: rpm/gating.yaml
+    dest: gating.yaml
+    delete: true
+  - src: plans/
+    dest: plans/
+    delete: true
+    mkpath: true
+  - src: tests/tmt/
+    dest: tests/tmt/
+    delete: true
+    mkpath: true
+  - src: .fmf/
+    dest: .fmf/
+    delete: true
+  - .packit.yaml
+
 packages:
   buildah-fedora:
     pkg_tool: fedpkg
@@ -25,13 +46,19 @@ jobs:
     notifications: &copr_build_failure_notification
       failure_comment:
         message: "Ephemeral COPR build failed. @containers/packit-build please check."
-    targets:
+    # Fedora aliases documentation: https://packit.dev/docs/configuration#aliases
+    # python3-fedora-distro-aliases provides `resolve-fedora-aliases` command
+    targets: &fedora_copr_targets
       - fedora-all-x86_64
       - fedora-all-aarch64
     enable_net: true
+    # Disable osh diff scan until Go support is available
+    # Ref: https://github.com/openscanhub/known-false-positives/pull/30#issuecomment-2858698495
+    osh_diff_scan_after_copr_build: false
 
+  # Ignore until golang is updated in distro buildroot to 1.23.3+
   - job: copr_build
-    trigger: pull_request
+    trigger: ignore
     packages: [buildah-eln]
     notifications: *copr_build_failure_notification
     targets:
@@ -43,11 +70,12 @@ jobs:
           - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/aarch64/"
     enable_net: true
 
+  # Ignore until golang is updated in distro buildroot to 1.23.3+
   - job: copr_build
-    trigger: pull_request
+    trigger: ignore
     packages: [buildah-centos]
     notifications: *copr_build_failure_notification
-    targets:
+    targets: &centos_copr_targets
       - centos-stream-9-x86_64
       - centos-stream-9-aarch64
       - centos-stream-10-x86_64
@@ -66,6 +94,32 @@ jobs:
     project: podman-next
     enable_net: true
 
+  # Tests on Fedora for main branch PRs
+  - job: tests
+    trigger: pull_request
+    packages: [buildah-fedora]
+    targets:
+      - fedora-all-x86_64
+    tf_extra_params:
+      environments:
+        - artifacts:
+          - type: repository-file
+            id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo
+
+  # Ignore until golang is updated in distro buildroot to 1.23.3+
+  # Tests on CentOS Stream for main branch PRs
+  - job: tests
+    trigger: ignore
+    packages: [buildah-centos]
+    targets:
+      - centos-stream-9-x86_64
+      - centos-stream-10-x86_64
+    tf_extra_params:
+      environments:
+        - artifacts:
+          - type: repository-file
+            id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo
+
   # Sync to Fedora
   - job: propose_downstream
     trigger: release

README.packit

@@ -1,3 +1,3 @@
 This repository is maintained by packit.
 https://packit.dev/
-The file was generated using packit 1.1.0.
+The file was generated using packit 1.12.0.post1.dev20+g7d30dac21.

buildah.spec

@@ -11,6 +11,9 @@
 
 %if %{defined fedora}
 %define build_with_btrfs 1
+%if 0%{?fedora} >= 43
+%define sequoia 1
+%endif
 %endif
 
 %if %{defined rhel}
@@ -32,7 +35,7 @@ Epoch: 2
 # If that's what you're reading, Version must be 0, and will be updated by Packit for
 # copr and koji builds.
 # If you're reading this on dist-git, the version is automatically filled in by Packit.
-Version: 1.39.0
+Version: 1.42.2
 # The `AND` needs to be uppercase in the License for SPDX compatibility
 License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0
 Release: %autorelease
@@ -56,11 +59,11 @@ BuildRequires: go-rpm-macros
 BuildRequires: gpgme-devel
 BuildRequires: libassuan-devel
 BuildRequires: make
-BuildRequires: ostree-devel
 %if %{defined build_with_btrfs}
 BuildRequires: btrfs-progs-devel
 %endif
 BuildRequires: shadow-utils-subid-devel
+BuildRequires: sqlite-devel
 Requires: containers-common-extra
 %if %{defined fedora}
 BuildRequires: libseccomp-static
@@ -69,6 +72,9 @@ BuildRequires: libseccomp-devel
 %endif
 Requires: libseccomp >= 2.4.1-0
 Suggests: cpp
+%if %{defined sequoia}
+Requires: podman-sequoia
+%endif
 
 %description
 The %{name} package provides a command line tool which can be used to
@@ -79,12 +85,16 @@ or
 * save container's root file system layer to create a new image
 * delete a working container or an image
 
+# This subpackage is only intended for CI testing.
+# Not meant for end user/customer usage.
 %package tests
 Summary: Tests for %{name}
 
 Requires: %{name} = %{epoch}:%{version}-%{release}
-%if %{defined fedora}
+%if %{defined bats_epel}
 Requires: bats
+%else
+Recommends: bats
 %endif
 Requires: bzip2
 Requires: podman
@@ -119,20 +129,28 @@ export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
 export CNI_VERSION=`grep '^# github.com/containernetworking/cni ' src/modules.txt | sed 's,.* ,,'`
 export LDFLAGS="-X main.buildInfo=`date +%s` -X main.cniVersion=${CNI_VERSION}"
 
-export BUILDTAGS="seccomp $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)"
+export BUILDTAGS="seccomp $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh) libsqlite3"
 %if !%{defined build_with_btrfs}
-export BUILDTAGS+=" btrfs_noversion exclude_graphdriver_btrfs"
+export BUILDTAGS+=" exclude_graphdriver_btrfs"
 %endif
 
 %if %{defined fips}
 export BUILDTAGS+=" libtrust_openssl"
 %endif
 
+%if %{defined sequoia}
+export BUILDTAGS+=" containers_image_sequoia"
+%endif
+
 %gobuild -o bin/%{name} ./cmd/%{name}
 %gobuild -o bin/imgtype ./tests/imgtype
 %gobuild -o bin/copy ./tests/copy
 %gobuild -o bin/tutorial ./tests/tutorial
 %gobuild -o bin/inet ./tests/inet
+%gobuild -o bin/dumpspec ./tests/dumpspec
+%gobuild -o bin/passwd ./tests/passwd
+%gobuild -o bin/crash ./tests/crash
+%gobuild -o bin/wait ./tests/wait
 %{__make} docs
 
 %install
@@ -144,6 +162,10 @@ cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
 cp bin/copy    %{buildroot}/%{_bindir}/%{name}-copy
 cp bin/tutorial %{buildroot}/%{_bindir}/%{name}-tutorial
 cp bin/inet     %{buildroot}/%{_bindir}/%{name}-inet
+cp bin/dumpspec %{buildroot}/%{_bindir}/%{name}-dumpspec
+cp bin/passwd %{buildroot}/%{_bindir}/%{name}-passwd
+cp bin/crash %{buildroot}/%{_bindir}/%{name}-crash
+cp bin/wait %{buildroot}/%{_bindir}/%{name}-wait
 
 rm %{buildroot}%{_datadir}/%{name}/test/system/tools/build/*
 
@@ -168,15 +190,11 @@ rm %{buildroot}%{_datadir}/%{name}/test/system/tools/build/*
 %{_bindir}/%{name}-copy
 %{_bindir}/%{name}-tutorial
 %{_bindir}/%{name}-inet
+%{_bindir}/%{name}-dumpspec
+%{_bindir}/%{name}-passwd
+%{_bindir}/%{name}-crash
+%{_bindir}/%{name}-wait
 %{_datadir}/%{name}/test
 
 %changelog
-%if %{defined autochangelog}
 %autochangelog
-%else
-# NOTE: This changelog will be visible on CentOS 8 Stream builds
-# Other envs are capable of handling autochangelog
-* Fri Jun 16 2023 RH Container Bot <rhcontainerbot@fedoraproject.org>
-- Placeholder changelog for envs that are not autochangelog-ready.
-- Contact upstream if you need to report an issue with the build.
-%endif

gating.yaml

@@ -1,14 +1,16 @@
 --- !Policy
 product_versions:
   - fedora-*
-decision_context: bodhi_update_push_stable
+decision_contexts:
+  - bodhi_update_push_stable
+  - bodhi_update_push_testing
 subject_type: koji_build
 rules:
   - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
 --- !Policy
 product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_testing
-subject_type: koji_build
+  - rhel-*
+decision_context: osci_compose_gate
 rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

plans/main.fmf

@@ -0,0 +1,34 @@
+discover:
+    how: fmf
+
+execute:
+    how: tmt
+
+prepare:
+    - when: distro == centos-stream or distro == rhel
+      how: shell
+      script: |
+        dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm
+        dnf -y config-manager --set-enabled epel
+      order: 10
+    - when: initiator == packit
+      how: shell
+      script: |
+        COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo"
+        if compgen -G $COPR_REPO_FILE > /dev/null; then
+            sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE
+        fi
+        dnf -y upgrade --allowerasing
+      order: 20
+
+provision:
+    how: artemis
+    hardware:
+        memory: ">= 16 GB"
+        cpu:
+            cores: ">= 4"
+            threads: ">=8"
+        disk:
+            - size: ">= 512 GB"
+
+

sources

@@ -1 +1 @@
-SHA512 (v1.39.0.tar.gz) = 05b16bd00360551f02ad25d88fb24296c91ecc5f9bd930943e4f1e4aef803d8aa632dfda4bd43b36978e7a682d4bf6602611e5ec3feb0301240be47b7dd7f6e3
+SHA512 (v1.42.2.tar.gz) = adb1de700db9b589639f6fd02cad95d9bedacb9d0363838315f33c978a8c900570d55af95073992ff69cff4f2a9d18776c5d786af294aaa1604144580c957414

tests/test_buildah.sh

@@ -1,70 +0,0 @@
-#!/bin/bash -e
-
-# Log program and kernel versions
-echo "Important package versions:"
-(
-    uname -r
-    rpm -qa |\
-        egrep 'buildah|podman|conmon|containers-common|crun|runc|iptable|slirp|aardvark|netavark|containernetworking-plugins|systemd|container-selinux' |\
-        sort
-) | sed -e 's/^/  /'
-
-# Log environment; or at least the useful bits
-echo "Environment:"
-env | grep -v LS_COLORS= | sort | sed -e 's/^/  /'
-
-export BUILDAH_BINARY=/usr/bin/buildah
-export IMGTYPE_BINARY=/usr/bin/buildah-imgtype
-export COPY_BINARY=/usr/bin/buildah-copy
-export TUTORIAL_BINARY=/usr/bin/buildah-tutorial
-export INET_BINARY=/usr/bin/buildah-inet
-
-###############################################################################
-# BEGIN setup/teardown
-
-# Start a registry
-pre_bats_setup() {
-    REGISTRY_FQIN=quay.io/libpod/registry:2
-
-    AUTHDIR=/tmp/buildah-tests-auth.$$
-    mkdir -p $AUTHDIR
-
-    CERT=$AUTHDIR/domain.crt
-    if [ ! -e $CERT ]; then
-        openssl req -newkey rsa:4096 -nodes -sha256 \
-                -keyout $AUTHDIR/domain.key -x509 -days 2 \
-                -out $AUTHDIR/domain.crt \
-                -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
-                -addext subjectAltName=DNS:localhost
-    fi
-
-    if [ ! -e $AUTHDIR/htpasswd ]; then
-        htpasswd -Bbn testuser testpassword > $AUTHDIR/htpasswd
-    fi
-
-    podman rm -f registry || true
-    podman run -d -p 5000:5000 \
-           --name registry \
-           -v $AUTHDIR:/auth:Z \
-           -e "REGISTRY_AUTH=htpasswd" \
-           -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-           -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-           -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
-           -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
-           $REGISTRY_FQIN
-}
-
-post_bats_teardown() {
-    podman rm -f registry
-}
-
-# END   setup/teardown
-###############################################################################
-# BEGIN actual test
-
-pre_bats_setup
-bats /usr/share/buildah/test/system
-rc=$?
-post_bats_teardown
-
-exit $rc

tests/test_buildah.yml

@@ -1,18 +0,0 @@
----
-- hosts: localhost
-  environment:
-    TMPDIR: /var/tmp
-  roles:
-    - role: standard-test-basic
-      tags:
-        - classic
-        - container
-      required_packages:
-        - buildah
-        - buildah-tests
-        - slirp4netns
-      tests:
-        - root-test:
-            dir: ./
-            run: ./test_buildah.sh
-            timeout: 80m

tests/tests.yml

@@ -1 +0,0 @@
-- import_playbook: test_buildah.yml

tests/tmt/system.fmf

@@ -0,0 +1,24 @@
+require:
+    - buildah-tests
+    - git-daemon
+    - slirp4netns
+
+environment:
+    BUILDAH_BINARY: /usr/bin/buildah
+    IMGTYPE_BINARY: /usr/bin/buildah-imgtype
+    INET_BINARY: /usr/bin/buildah-inet
+    COPY_BINARY: /usr/bin/buildah-copy
+    TUTORIAL_BINARY: /usr/bin/buildah-tutorial
+    DUMPSPEC_BINARY: /usr/bin/buildah-dumpspec
+    PASSWD_BINARY: /usr/bin/buildah-passwd
+    TMPDIR: /var/tmp
+
+adjust:
+    - when: initiator != "packit"
+      environment+:
+        RELEASE_TESTING: true
+
+/local/root:
+    summary: System test
+    test: bash ./system.sh
+    duration: 60m

tests/tmt/system.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+uname -r
+
+rpm -q \
+    aardvark-dns \
+    buildah \
+    buildah-tests \
+    conmon \
+    container-selinux \
+    containers-common \
+    crun \
+    netavark \
+    systemd
+
+bats /usr/share/buildah/test/system