From ed8fcd83f35df5952180c53aa4af7776b35fc89b Mon Sep 17 00:00:00 2001 From: Packit Date: Wed, 28 Feb 2024 15:07:25 +0000 Subject: [PATCH 01/10] [packit] 2.229.1 upstream release Upstream tag: v2.229.1 Upstream commit: a023e9ee --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index ceb3a01..dd028fd 100644 --- a/.gitignore +++ b/.gitignore @@ -224,3 +224,4 @@ /v2.228.0.tar.gz /v2.228.1.tar.gz /v2.229.0.tar.gz +/v2.229.1.tar.gz diff --git a/README.packit b/README.packit index 115b422..31341b6 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.88.0.post1.dev4+gc070191b. +The file was generated using packit 0.93.0. diff --git a/container-selinux.spec b/container-selinux.spec index 70a34f3..3372761 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.229.0 +Version: 2.229.1 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 05ff519..9c53c37 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.229.0.tar.gz) = 1341e0a6996d1ff2b06a0095f6720595f0775dff27f1f45702b3e03ea78f3b45708f55400b4dc8bfc4586efec4f72528512e8fbe461629a55a18936f8e6df30d +SHA512 (v2.229.1.tar.gz) = 19a3434093c1e30ae4e09988169435489c054f5eb9e0fb2a6ddd511da1393340913abbc5d848da280dfff1b314b1ee88bdff8092e59c51da839ca8e0bead531e From 605d3429f3a09541feb3749091d38854736904c6 Mon Sep 17 00:00:00 2001 From: Packit Date: Sat, 2 Mar 2024 18:44:42 +0000 Subject: [PATCH 02/10] [packit] 2.230.0 upstream release Upstream tag: v2.230.0 Upstream commit: 5cec8532 --- .gitignore | 1 + container-selinux.spec | 2 +- sources | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index dd028fd..c22fbd6 100644 --- a/.gitignore +++ b/.gitignore @@ -225,3 +225,4 @@ /v2.228.1.tar.gz /v2.229.0.tar.gz /v2.229.1.tar.gz +/v2.230.0.tar.gz diff --git a/container-selinux.spec b/container-selinux.spec index 3372761..2aea4cd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -33,7 +33,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.229.1 +Version: 2.230.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 9c53c37..17706d2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.229.1.tar.gz) = 19a3434093c1e30ae4e09988169435489c054f5eb9e0fb2a6ddd511da1393340913abbc5d848da280dfff1b314b1ee88bdff8092e59c51da839ca8e0bead531e +SHA512 (v2.230.0.tar.gz) = 6534fb6e1360b6e64d6e49e674a976e711f42b8b75b0ad1dffb35f870e2ccf9fcfe38de5e4f695a7e2490c6fe880c36bb3c17c1510e4758d0d3aa877dea719a8 From a0e2cfe36690dd28e715c4966ac452bb997203c3 Mon Sep 17 00:00:00 2001 From: Packit Date: Wed, 24 Apr 2024 14:29:59 +0000 Subject: [PATCH 03/10] Update to 2.231.0 upstream release - Resolves: rhbz#2276827 Upstream tag: v2.231.0 Upstream commit: 5d983412 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + .packit.yaml | 4 ++-- README.packit | 2 +- container-selinux.spec | 14 +++++++++++++- sources | 2 +- 5 files changed, 18 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index c22fbd6..07fedca 100644 --- a/.gitignore +++ b/.gitignore @@ -226,3 +226,4 @@ /v2.229.0.tar.gz /v2.229.1.tar.gz /v2.230.0.tar.gz +/v2.231.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index 0f6b9fd..b066cb5 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -67,9 +67,9 @@ jobs: message: "podman e2e tests failed on RHEL. @containers/packit-build please check." targets: &pr_test_targets_rhel epel-9-x86_64: - distros: [RHEL-9.3.0-Nightly,RHEL-9.4.0-Nightly] + distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly] epel-8-x86_64: - distros: [RHEL-8.9.0-Nightly,RHEL-8.10.0-Nightly] + distros: [RHEL-8.9.0-Nightly,RHEL-8-Nightly] identifier: podman_e2e_test_internal tmt_plan: "/plans/podman_e2e_test" diff --git a/README.packit b/README.packit index 31341b6..bee8d88 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.93.0. +The file was generated using packit 0.95.0. diff --git a/container-selinux.spec b/container-selinux.spec index 2aea4cd..87bd464 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -18,6 +18,14 @@ %global _selinux_policy_version 3.14.3-80.el8 %endif +# RHEL < 10 and Fedora < 40 use file context entries in /var/run +%if %{defined rhel} && 0%{?rhel} < 10 +%define legacy_var_run 1 +%endif +%if %{defined fedora} && 0%{?fedora} < 40 +%define legacy_var_run 1 +%endif + # https://github.com/containers/container-selinux/issues/203 %if %{!defined fedora} && %{!defined rhel} || %{defined fedora} && 0%{?fedora} <= 37 || %{defined rhel} && 0%{?rhel} <= 9 %define no_user_namespace 1 @@ -33,7 +41,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.230.0 +Version: 2.231.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} @@ -82,6 +90,10 @@ sed -i '/^systemd_chat_resolved/d' container.te sed -i '/user_namespace/d' container.te %endif +%if %{defined legacy_var_run} +sed -i 's|^/run/|/var/run/|' container.fc +%endif + %build make diff --git a/sources b/sources index 17706d2..2755628 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.230.0.tar.gz) = 6534fb6e1360b6e64d6e49e674a976e711f42b8b75b0ad1dffb35f870e2ccf9fcfe38de5e4f695a7e2490c6fe880c36bb3c17c1510e4758d0d3aa877dea719a8 +SHA512 (v2.231.0.tar.gz) = 1e1cf48dda96e72330719ec6b679cbb832e002903c94afee3d3a4754196712026a050bbf619e9b0fdba6efbd1c56aaf1e687cd0436cc3386ac23d5b5a83f6352 From 25d8a0d1812f594896d712352cb7785ba165a7e8 Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 10 Jun 2024 17:33:19 +0000 Subject: [PATCH 04/10] Update to 2.232.1 upstream release Upstream tag: v2.232.1 Upstream commit: 4ff1a398 Commit authored by Packit automation (https://packit.dev/) --- .fmf/version | 1 + .gitignore | 1 + .packit.yaml | 113 +++++++++++++++++++++++++++-------------- README.packit | 2 +- container-selinux.spec | 35 ++++--------- gating.yaml | 6 +++ plans/all.fmf | 20 ++++++++ sources | 2 +- test/Makefile | 23 +++++++++ test/main.fmf | 29 +++++++++++ test/podman-tests.sh | 104 +++++++++++++++++++++++++++++++++++++ 11 files changed, 270 insertions(+), 66 deletions(-) create mode 100644 .fmf/version create mode 100644 plans/all.fmf create mode 100644 test/Makefile create mode 100644 test/main.fmf create mode 100644 test/podman-tests.sh diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 07fedca..c32ba2d 100644 --- a/.gitignore +++ b/.gitignore @@ -227,3 +227,4 @@ /v2.229.1.tar.gz /v2.230.0.tar.gz /v2.231.0.tar.gz +/v2.232.1.tar.gz diff --git a/.packit.yaml b/.packit.yaml index b066cb5..4b6cb92 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -2,16 +2,42 @@ # See the documentation for more information: # https://packit.dev/docs/configuration/ -specfile_path: rpm/container-selinux.spec +downstream_package_name: container-selinux upstream_tag_template: v{version} +# Ref: https://packit.dev/docs/configuration#files_to_sync +files_to_sync: + - src: rpm/gating.yaml + dest: gating.yaml + - src: plans/ + dest: plans/ + delete: true + - src: test/ + dest: test/ + delete: true + - src: .fmf/ + dest: .fmf/ + delete: true + - .packit.yaml + +packages: + container-selinux-fedora: + pkg_tool: fedpkg + specfile_path: rpm/container-selinux.spec + container-selinux-centos: + pkg_tool: centpkg + specfile_path: rpm/container-selinux.spec + container-selinux-rhel: + specfile_path: rpm/container-selinux.spec + srpm_build_deps: - make jobs: - job: copr_build trigger: pull_request - notifications: + packages: [container-selinux-fedora] + notifications: &copr_build_failure_notification failure_comment: message: "Ephemeral COPR build failed. @containers/packit-build please check." enable_net: true @@ -19,13 +45,29 @@ jobs: targets: - fedora-all - fedora-eln + + - job: copr_build + trigger: pull_request + packages: [container-selinux-centos] + notifications: *copr_build_failure_notification + enable_net: true + targets: + - centos-stream-9 + - centos-stream-10 + + - job: copr_build + trigger: pull_request + packages: [container-selinux-rhel] + notifications: *copr_build_failure_notification + enable_net: true + targets: - epel-9 - - epel-8 # Run on commit to main branch # Build targets managed in copr settings - job: copr_build trigger: commit + packages: [container-selinux-fedora] notifications: failure_comment: message: "podman-next COPR build failed. @containers/packit-build please check." @@ -35,67 +77,60 @@ jobs: enable_net: true # All tests specified in the `/plans/` subdir - # Podman e2e tests for Fedora and CentOS Stream + # Tests for Fedora - job: tests trigger: pull_request - notifications: + packages: [container-selinux-fedora] + notifications: &test_failure_notification failure_comment: - message: "podman e2e tests failed. @containers/packit-build please check." - targets: &pr_test_targets + message: "Tests failed. @containers/packit-build please check." + targets: - fedora-all - - epel-9 - - epel-8 - identifier: podman_e2e_test - tmt_plan: "/plans/podman_e2e_test" - # Podman system tests for Fedora and CentOS Stream + # Tests for CentOS Stream - job: tests trigger: pull_request - notifications: - failure_comment: - message: "podman system tests failed. @containers/packit-build please check." - targets: *pr_test_targets - identifier: podman_system_test - tmt_plan: "/plans/podman_system_test" + packages: [container-selinux-centos] + notifications: *test_failure_notification + targets: + - centos-stream-9 + - centos-stream-10 - # Podman e2e tests for RHEL + # Tests for RHEL - job: tests trigger: pull_request + packages: [container-selinux-rhel] use_internal_tf: true - notifications: - failure_comment: - message: "podman e2e tests failed on RHEL. @containers/packit-build please check." - targets: &pr_test_targets_rhel + notifications: *test_failure_notification + targets: epel-9-x86_64: distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly] - epel-8-x86_64: - distros: [RHEL-8.9.0-Nightly,RHEL-8-Nightly] - identifier: podman_e2e_test_internal - tmt_plan: "/plans/podman_e2e_test" - - # Podman system tests for RHEL - - job: tests - trigger: pull_request - use_internal_tf: true - notifications: - failure_comment: - message: "podman system tests failed on RHEL. @containers/packit-build please check." - targets: *pr_test_targets_rhel - identifier: podman_system_test_internal - tmt_plan: "/plans/podman_system_test" + # Use centos-stream-10 until we have epel-10 + # TODO: Enable after RHEL-10 gets selinux-policy >= 40.13.1 which is + # already on CentOS Stream 10. + #centos-stream-10-x86_64: + # distros: [RHEL-10-Beta-Nightly] - job: propose_downstream trigger: release - update_release: false + packages: [container-selinux-fedora] dist_git_branches: - fedora-all + - job: propose_downstream + trigger: release + packages: [container-selinux-centos] + dist_git_branches: + - c10s + - job: koji_build trigger: commit + packages: [container-selinux-fedora] dist_git_branches: - fedora-all - job: bodhi_update trigger: commit + packages: [container-selinux-fedora] dist_git_branches: - fedora-branched # rawhide updates are created automatically diff --git a/README.packit b/README.packit index bee8d88..d2b528d 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.95.0. +The file was generated using packit 0.97.1.post1.dev6+gc8c0314a. diff --git a/container-selinux.spec b/container-selinux.spec index 87bd464..a56b428 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -11,29 +11,24 @@ # Format must contain '$x' somewhere to do anything useful %global _format() export %1=""; for x in %{modulenames}; do %1+=%2; %1+=" "; done; -# RHEL 8 doesn't allow watch and systemd_chat_resolved -%if %{defined rhel} && 0%{?rhel} == 8 -%define no_watch 1 -%define no_systemd_chat_resolved 1 -%global _selinux_policy_version 3.14.3-80.el8 -%endif - # RHEL < 10 and Fedora < 40 use file context entries in /var/run -%if %{defined rhel} && 0%{?rhel} < 10 -%define legacy_var_run 1 -%endif -%if %{defined fedora} && 0%{?fedora} < 40 +%if %{defined rhel} && 0%{?rhel} < 10 || %{defined fedora} && 0%{?fedora} < 40 %define legacy_var_run 1 %endif # https://github.com/containers/container-selinux/issues/203 -%if %{!defined fedora} && %{!defined rhel} || %{defined fedora} && 0%{?fedora} <= 37 || %{defined rhel} && 0%{?rhel} <= 9 +%if %{!defined fedora} && %{!defined rhel} || %{defined rhel} && 0%{?rhel} <= 9 %define no_user_namespace 1 %endif +# copr_build is more intuitive than copr_username +%if %{defined copr_username} +%define copr_build 1 +%endif + Name: container-selinux # Set different Epochs for copr and koji -%if %{defined copr_username} +%if %{defined copr_build} Epoch: 102 %else Epoch: 2 @@ -41,7 +36,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.231.0 +Version: 2.232.1 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} @@ -75,17 +70,6 @@ SELinux policy modules for use with container runtimes. sed -i 's/^man: install-policy/man:/' Makefile sed -i 's/^install: man/install:/' Makefile -%if %{defined no_watch} -sed -i 's/watch watch_reads//' container.if -sed -i 's/watch watch_reads//' container.te -sed -i '/sysfs_t:dir watch/d' container.te -sed -i '/fifo_file watch/d' container.te -%endif - -%if %{defined no_systemd_chat_resolved} -sed -i '/^systemd_chat_resolved/d' container.te -%endif - %if %{defined no_user_namespace} sed -i '/user_namespace/d' container.te %endif @@ -138,6 +122,7 @@ fi %{_datadir}/selinux/* %dir %{_datadir}/containers/selinux %{_datadir}/containers/selinux/contexts +%dir %{_datadir}/udica %dir %{_datadir}/udica/templates/ %{_datadir}/udica/templates/* # Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 diff --git a/gating.yaml b/gating.yaml index c2182c7..dbb1d91 100644 --- a/gating.yaml +++ b/gating.yaml @@ -4,3 +4,9 @@ product_versions: decision_context: bodhi_update_push_stable rules: - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: [] diff --git a/plans/all.fmf b/plans/all.fmf new file mode 100644 index 0000000..b6ec398 --- /dev/null +++ b/plans/all.fmf @@ -0,0 +1,20 @@ +discover: + how: fmf +execute: + how: tmt + +/upstream: + summary: Run SELinux specific Podman tests on upstream PRs + discover+: + filter: tag:upstream + adjust+: + enabled: false + when: initiator is not defined or initiator != packit + +/downstream: + summary: Run SELinux specific Podman e2e tests on bodhi / errata and dist-git PRs + discover+: + filter: tag:downstream + adjust+: + enabled: false + when: initiator == packit diff --git a/sources b/sources index 2755628..07ddcc7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.231.0.tar.gz) = 1e1cf48dda96e72330719ec6b679cbb832e002903c94afee3d3a4754196712026a050bbf619e9b0fdba6efbd1c56aaf1e687cd0436cc3386ac23d5b5a83f6352 +SHA512 (v2.232.1.tar.gz) = babaf5f65b639493482392674717284574859e4bbb03e897843265708f4f5cceeb260712cdff09771076d99c18aa89718c0e95dc33839e72e809de9e80079ae2 diff --git a/test/Makefile b/test/Makefile new file mode 100644 index 0000000..083ca93 --- /dev/null +++ b/test/Makefile @@ -0,0 +1,23 @@ +.PHONY: basic_check +basic_check: + semodule --list=full | grep container + semodule -B + +.PHONY: podman_e2e_test_upstream +podman_e2e_test_upstream: + bash ./podman-tests.sh e2e upstream + +.PHONY: podman_e2e_test_downstream +podman_e2e_test_downstream: + bash ./podman-tests.sh e2e downstream + +.PHONY: podman_system_test_upstream +podman_system_test_upstream: + bash ./podman-tests.sh system upstream + +.PHONY: podman_system_test_downstream +podman_system_test_downstream: + bash ./podman-tests.sh system downstream + +clean: + rm -rf podman-*dev* podman.spec diff --git a/test/main.fmf b/test/main.fmf new file mode 100644 index 0000000..6543521 --- /dev/null +++ b/test/main.fmf @@ -0,0 +1,29 @@ +# Only common dependencies that are NOT required to run podman-tests.sh are +# specified here. Everything else is in podman-tests.sh. +require: + - cpio + - make + - policycoreutils + +/basic_check: + summary: Run basic checks + tag: [ upstream, downstream ] + test: make basic_check + +/upstream: + tag: upstream +/upstream/podman_e2e_test: + summary: Run SELinux specific Podman e2e tests on upstream PRs + test: make podman_e2e_test_upstream +/upstream/podman_system_test: + summary: Run SELinux specific Podman system tests on upstream PRs + test: make podman_system_test_upstream + +/downstream: + tag: downstream +/downstream/podman_e2e_test: + summary: Run SELinux specific Podman e2e tests on downstream bodhi / errata and dist-git PRs + test: make podman_e2e_test_downstream +/downstream/podman_system_test: + summary: Run SELinux specific Podman system tests on downstream bodhi / errata and dist-git PRs + test: make podman_system_test_downstream diff --git a/test/podman-tests.sh b/test/podman-tests.sh new file mode 100644 index 0000000..50a29e2 --- /dev/null +++ b/test/podman-tests.sh @@ -0,0 +1,104 @@ +#!/usr/bin/env bash + +set -exo pipefail + +if [[ "$(id -u)" -ne 0 ]];then + echo "Please run as superuser" + exit 1 +fi + +if [[ -z "$1" ]]; then + echo -e "Usage: podman-tests.sh TEST_TYPE STREAM\nTEST_TYPE can be 'e2e' or 'system'\nSTREAM can be 'upstream' or 'downstream'" + exit 1 +fi + +TEST_TYPE=$1 +STREAM=$2 + +# `rhel` macro exists on RHEL, CentOS Stream, and Fedora ELN +# `centos` macro exists only on CentOS Stream +CENTOS_VERSION=$(rpm --eval '%{?centos}') +RHEL_VERSION=$(rpm --eval '%{?rhel}') + +# For upstream tests, we need to test with podman and other packages from the +# podman-next copr. For downstream tests (bodhi, errata), we don't need any +# additional setup +if [[ "$STREAM" == "upstream" ]]; then + # Use CentOS Stream 10 copr target for RHEL-10 until EPEL 10 becomes + # available + if [[ -n $CENTOS_VERSION || $RHEL_VERSION -ge 10 ]]; then + dnf -y copr enable rhcontainerbot/podman-next centos-stream-$CENTOS_VERSION + else + dnf -y copr enable rhcontainerbot/podman-next + fi + echo "priority=5" >> /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:rhcontainerbot:podman-next.repo +fi + +# Remove testing-farm repos if they exist as these interfere with the packages +# we want to install, especially when podman-next copr is involved +rm -f /etc/yum.repos.d/tag-repository.repo + +# Fetch and extract latest podman source from the highest priority dnf repo +# NOTE: On upstream pull-requests, the srpm will be fetched from the +# podman-next copr while on bodhi updates, it will be fetched from Fedora's +# official repos. +PODMAN_DIR=$(mktemp -d) +pushd $PODMAN_DIR + +# Download podman and podman-tests rpms, along with podman srpm +dnf download podman podman-tests +# Download srpm, srpm opts differ between dnf and dnf5 +rpm -q dnf5 && dnf download --srpm podman || dnf download --source podman + +# Ensure podman-tests RPM and podman SRPM version-release match +# NOTE: podman RPM and podman-tests RPM matching is ensured by podman.spec so +# matching podman-tests and podman srpm is sufficient here. +PODMAN_TESTS_VERSION=$(ls podman-tests* | sed -e "s/.$(uname -m).rpm//" -e "s/podman-tests-//") +PODMAN_SRPM_VERSION=$(ls podman*.src.rpm | sed -e "s/.src.rpm//" -e "s/podman-//") +if [[ "$PODMAN_TESTS_VERSION" != "$PODMAN_SRPM_VERSION" ]]; then + echo "podman-tests and podman srpm version-release don't match" + exit 1 +fi + +# Install downloaded podman and podman-tests rpms +dnf -y install ./podman*.$(uname -m).rpm + +# Extract and untar podman source from srpm +rpm2cpio $(ls podman*.src.rpm) | cpio -di +tar zxf *.tar.gz + +popd + +# Enable EPEL on RHEL/CentOS Stream envs to fetch bats +if [[ -n $(rpm --eval '%{?rhel}') ]]; then + # Until EPEL 10 is available use epel-9 for all RHEL and CentOS Stream + dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm + sed -i 's/$releasever/9/g' /etc/yum.repos.d/epel.repo +fi + +# Install dependencies for running tests +dnf -y install bats golang + +# Print versions of distro and installed packages +cat /etc/redhat-release +rpm -q bats container-selinux golang podman podman-tests selinux-policy + +if [[ "$TEST_TYPE" == "e2e" ]]; then + # /tmp is often unsufficient + export TMPDIR=/var/tmp + + # dnf5 contains breaking changes + # Either of `dnf` OR `dnf5` will be installed, never both. + # To fetch srpm, dnf uses `--source`, dnf5 uses `--srpm`. + #rpm -q dnf5 && SRPM_OPTS="--srpm" || SRPM_OPTS="--source" + + # Run podman e2e tests + pushd $PODMAN_DIR/podman-*/test/e2e + PODMAN_BINARY=/usr/bin/podman go test -v config.go config_amd64.go common_test.go libpod_suite_test.go run_selinux_test.go + popd +fi + +if [[ "$TEST_TYPE" == "system" ]]; then + # Run podman system tests + bats /usr/share/podman/test/system/410-selinux.bats +fi From af48ab38a8e1577886283c0536ef5c779e064a64 Mon Sep 17 00:00:00 2001 From: Packit Date: Wed, 11 Sep 2024 14:00:17 +0000 Subject: [PATCH 05/10] Update to 2.233.0 upstream release Upstream tag: v2.233.0 Upstream commit: cc5da8a9 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + .packit.yaml | 29 ++++++++++++++++++++--------- README.packit | 2 +- container-selinux.spec | 2 +- plans/all.fmf | 2 +- sources | 2 +- test/Makefile | 20 ++++++-------------- test/main.fmf | 26 +++++++++----------------- test/podman-tests.sh | 33 ++++----------------------------- 9 files changed, 44 insertions(+), 73 deletions(-) diff --git a/.gitignore b/.gitignore index c32ba2d..1217f78 100644 --- a/.gitignore +++ b/.gitignore @@ -228,3 +228,4 @@ /v2.230.0.tar.gz /v2.231.0.tar.gz /v2.232.1.tar.gz +/v2.233.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index 4b6cb92..2f048d0 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -9,6 +9,7 @@ upstream_tag_template: v{version} files_to_sync: - src: rpm/gating.yaml dest: gating.yaml + delete: true - src: plans/ dest: plans/ delete: true @@ -51,7 +52,7 @@ jobs: packages: [container-selinux-centos] notifications: *copr_build_failure_notification enable_net: true - targets: + targets: ¢os_targets - centos-stream-9 - centos-stream-10 @@ -86,15 +87,23 @@ jobs: message: "Tests failed. @containers/packit-build please check." targets: - fedora-all + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo # Tests for CentOS Stream - job: tests trigger: pull_request packages: [container-selinux-centos] notifications: *test_failure_notification - targets: - - centos-stream-9 - - centos-stream-10 + targets: *centos_targets + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo # Tests for RHEL - job: tests @@ -105,11 +114,13 @@ jobs: targets: epel-9-x86_64: distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly] - # Use centos-stream-10 until we have epel-10 - # TODO: Enable after RHEL-10 gets selinux-policy >= 40.13.1 which is - # already on CentOS Stream 10. - #centos-stream-10-x86_64: - # distros: [RHEL-10-Beta-Nightly] + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/epel-$releasever/rhcontainerbot-podman-next-epel-$releasever.repo + - type: repository-file + id: https://src.fedoraproject.org/rpms/epel-release/raw/epel9/f/epel.repo - job: propose_downstream trigger: release diff --git a/README.packit b/README.packit index d2b528d..459869a 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.97.1.post1.dev6+gc8c0314a. +The file was generated using packit 0.101.0. diff --git a/container-selinux.spec b/container-selinux.spec index a56b428..cc61060 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -36,7 +36,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.232.1 +Version: 2.233.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/plans/all.fmf b/plans/all.fmf index b6ec398..9e0d10b 100644 --- a/plans/all.fmf +++ b/plans/all.fmf @@ -12,7 +12,7 @@ execute: when: initiator is not defined or initiator != packit /downstream: - summary: Run SELinux specific Podman e2e tests on bodhi / errata and dist-git PRs + summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs discover+: filter: tag:downstream adjust+: diff --git a/sources b/sources index 07ddcc7..e8e9fbc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.232.1.tar.gz) = babaf5f65b639493482392674717284574859e4bbb03e897843265708f4f5cceeb260712cdff09771076d99c18aa89718c0e95dc33839e72e809de9e80079ae2 +SHA512 (v2.233.0.tar.gz) = f79380a3312cb57953bc1286ba7dcdbf29ab95ce72de79c5bac1eb6c4401d2bcb0c9875802c7198a9680af19affb34170581c609180408b21cc27cf680c3feb4 diff --git a/test/Makefile b/test/Makefile index 083ca93..5fee1ea 100644 --- a/test/Makefile +++ b/test/Makefile @@ -3,21 +3,13 @@ basic_check: semodule --list=full | grep container semodule -B -.PHONY: podman_e2e_test_upstream -podman_e2e_test_upstream: - bash ./podman-tests.sh e2e upstream +.PHONY: podman_e2e_test +podman_e2e_test: + bash ./podman-tests.sh e2e -.PHONY: podman_e2e_test_downstream -podman_e2e_test_downstream: - bash ./podman-tests.sh e2e downstream - -.PHONY: podman_system_test_upstream -podman_system_test_upstream: - bash ./podman-tests.sh system upstream - -.PHONY: podman_system_test_downstream -podman_system_test_downstream: - bash ./podman-tests.sh system downstream +.PHONY: podman_system_test +podman_system_test: + bash ./podman-tests.sh system clean: rm -rf podman-*dev* podman.spec diff --git a/test/main.fmf b/test/main.fmf index 6543521..8c30075 100644 --- a/test/main.fmf +++ b/test/main.fmf @@ -6,24 +6,16 @@ require: - policycoreutils /basic_check: - summary: Run basic checks tag: [ upstream, downstream ] + summary: Run basic checks test: make basic_check -/upstream: - tag: upstream -/upstream/podman_e2e_test: - summary: Run SELinux specific Podman e2e tests on upstream PRs - test: make podman_e2e_test_upstream -/upstream/podman_system_test: - summary: Run SELinux specific Podman system tests on upstream PRs - test: make podman_system_test_upstream +/podman_e2e_test: + tag: [ upstream, downstream ] + summary: Run SELinux specific Podman e2e tests + test: make podman_e2e_test -/downstream: - tag: downstream -/downstream/podman_e2e_test: - summary: Run SELinux specific Podman e2e tests on downstream bodhi / errata and dist-git PRs - test: make podman_e2e_test_downstream -/downstream/podman_system_test: - summary: Run SELinux specific Podman system tests on downstream bodhi / errata and dist-git PRs - test: make podman_system_test_downstream +/podman_system_test: + tag: [ upstream, downstream ] + summary: Run SELinux specific Podman system tests + test: make podman_system_test diff --git a/test/podman-tests.sh b/test/podman-tests.sh index 50a29e2..b758cc8 100644 --- a/test/podman-tests.sh +++ b/test/podman-tests.sh @@ -2,37 +2,19 @@ set -exo pipefail +cat /etc/redhat-release + if [[ "$(id -u)" -ne 0 ]];then echo "Please run as superuser" exit 1 fi if [[ -z "$1" ]]; then - echo -e "Usage: podman-tests.sh TEST_TYPE STREAM\nTEST_TYPE can be 'e2e' or 'system'\nSTREAM can be 'upstream' or 'downstream'" + echo -e "Usage: $(basename ${BASH_SOURCE[0]}) TEST_TYPE\nTEST_TYPE can be 'e2e' or 'system'\n" exit 1 fi TEST_TYPE=$1 -STREAM=$2 - -# `rhel` macro exists on RHEL, CentOS Stream, and Fedora ELN -# `centos` macro exists only on CentOS Stream -CENTOS_VERSION=$(rpm --eval '%{?centos}') -RHEL_VERSION=$(rpm --eval '%{?rhel}') - -# For upstream tests, we need to test with podman and other packages from the -# podman-next copr. For downstream tests (bodhi, errata), we don't need any -# additional setup -if [[ "$STREAM" == "upstream" ]]; then - # Use CentOS Stream 10 copr target for RHEL-10 until EPEL 10 becomes - # available - if [[ -n $CENTOS_VERSION || $RHEL_VERSION -ge 10 ]]; then - dnf -y copr enable rhcontainerbot/podman-next centos-stream-$CENTOS_VERSION - else - dnf -y copr enable rhcontainerbot/podman-next - fi - echo "priority=5" >> /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:rhcontainerbot:podman-next.repo -fi # Remove testing-farm repos if they exist as these interfere with the packages # we want to install, especially when podman-next copr is involved @@ -69,18 +51,11 @@ tar zxf *.tar.gz popd -# Enable EPEL on RHEL/CentOS Stream envs to fetch bats -if [[ -n $(rpm --eval '%{?rhel}') ]]; then - # Until EPEL 10 is available use epel-9 for all RHEL and CentOS Stream - dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm - sed -i 's/$releasever/9/g' /etc/yum.repos.d/epel.repo -fi - # Install dependencies for running tests +# NOTE: bats will be fetched from Fedora repos on public testing-farm envs if EPEL repo is absent or disabled. dnf -y install bats golang # Print versions of distro and installed packages -cat /etc/redhat-release rpm -q bats container-selinux golang podman podman-tests selinux-policy if [[ "$TEST_TYPE" == "e2e" ]]; then From 3ba7e1207e7ec20e016905ba68f469b96f6fb4c0 Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 11 Nov 2024 12:08:56 +0000 Subject: [PATCH 06/10] Update to 2.234.1 upstream release Upstream tag: v2.234.1 Upstream commit: 8ba68ee9 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + .packit.yaml | 51 ++++++++++++++---------------------------- README.packit | 2 +- container-selinux.spec | 25 +++++++++++---------- sources | 2 +- test/Makefile | 1 + 6 files changed, 34 insertions(+), 48 deletions(-) diff --git a/.gitignore b/.gitignore index 1217f78..4c786db 100644 --- a/.gitignore +++ b/.gitignore @@ -229,3 +229,4 @@ /v2.231.0.tar.gz /v2.232.1.tar.gz /v2.233.0.tar.gz +/v2.234.1.tar.gz diff --git a/.packit.yaml b/.packit.yaml index 2f048d0..c9b56ad 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -28,7 +28,7 @@ packages: container-selinux-centos: pkg_tool: centpkg specfile_path: rpm/container-selinux.spec - container-selinux-rhel: + container-selinux-eln: specfile_path: rpm/container-selinux.spec srpm_build_deps: @@ -43,8 +43,18 @@ jobs: message: "Ephemeral COPR build failed. @containers/packit-build please check." enable_net: true # container-selinux is noarch so we only need to test on one arch + targets: &fedora_copr_targets + - fedora-development + - fedora-latest + - fedora-ltest-stable + - fedora-40 + + - job: copr_build + trigger: pull_request + packages: [container-selinux-eln] + notifications: *copr_build_failure_notification + enable_net: true targets: - - fedora-all - fedora-eln - job: copr_build @@ -52,18 +62,10 @@ jobs: packages: [container-selinux-centos] notifications: *copr_build_failure_notification enable_net: true - targets: ¢os_targets + targets: ¢os_copr_targets - centos-stream-9 - centos-stream-10 - - job: copr_build - trigger: pull_request - packages: [container-selinux-rhel] - notifications: *copr_build_failure_notification - enable_net: true - targets: - - epel-9 - # Run on commit to main branch # Build targets managed in copr settings - job: copr_build @@ -85,8 +87,7 @@ jobs: notifications: &test_failure_notification failure_comment: message: "Tests failed. @containers/packit-build please check." - targets: - - fedora-all + targets: *fedora_copr_targets tf_extra_params: environments: - artifacts: @@ -98,34 +99,17 @@ jobs: trigger: pull_request packages: [container-selinux-centos] notifications: *test_failure_notification - targets: *centos_targets + targets: *centos_copr_targets tf_extra_params: environments: - artifacts: - type: repository-file id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo - # Tests for RHEL - - job: tests - trigger: pull_request - packages: [container-selinux-rhel] - use_internal_tf: true - notifications: *test_failure_notification - targets: - epel-9-x86_64: - distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly] - tf_extra_params: - environments: - - artifacts: - - type: repository-file - id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/epel-$releasever/rhcontainerbot-podman-next-epel-$releasever.repo - - type: repository-file - id: https://src.fedoraproject.org/rpms/epel-release/raw/epel9/f/epel.repo - - job: propose_downstream trigger: release packages: [container-selinux-fedora] - dist_git_branches: + dist_git_branches: &fedora_targets - fedora-all - job: propose_downstream @@ -137,8 +121,7 @@ jobs: - job: koji_build trigger: commit packages: [container-selinux-fedora] - dist_git_branches: - - fedora-all + dist_git_branches: *fedora_targets - job: bodhi_update trigger: commit diff --git a/README.packit b/README.packit index 459869a..1b4760d 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.101.0. +The file was generated using packit 0.102.2.post1.dev4+g3142fcf8. diff --git a/container-selinux.spec b/container-selinux.spec index cc61060..646c38a 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -2,7 +2,6 @@ # container-selinux stuff (prefix with ds_ for version/release etc.) # Some bits borrowed from the openstack-selinux package -%global selinuxtype targeted %global moduletype services %global modulenames container @@ -36,7 +35,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.233.0 +Version: 2.234.1 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} @@ -51,7 +50,8 @@ BuildRequires: selinux-policy-devel >= %_selinux_policy_version # RE: rhbz#1195804 - ensure min NVR for selinux-policy Requires: selinux-policy >= %_selinux_policy_version Requires(post): selinux-policy-base >= %_selinux_policy_version -Requires(post): selinux-policy-targeted >= %_selinux_policy_version +Requires(post): selinux-policy-any >= %_selinux_policy_version +Recommends: selinux-policy-targeted >= %_selinux_policy_version Requires(post): policycoreutils Requires(post): libselinux-utils Requires(post): sed @@ -90,7 +90,7 @@ make rm %{buildroot}%{_mandir}/man8/container_selinux.8 %pre -%selinux_relabel_pre -s %{selinuxtype} +%selinux_relabel_pre %post # Install all modules in a single transaction @@ -98,21 +98,21 @@ if [ $1 -eq 1 ]; then %{_sbindir}/setsebool -P -N virt_use_nfs=1 virt_sandbox_use_all_caps=1 fi %_format MODULES %{_datadir}/selinux/packages/$x.pp.bz2 -%{_sbindir}/semodule -n -s %{selinuxtype} -r container 2> /dev/null -%{_sbindir}/semodule -n -s %{selinuxtype} -d docker 2> /dev/null -%{_sbindir}/semodule -n -s %{selinuxtype} -d gear 2> /dev/null -%selinux_modules_install -s %{selinuxtype} $MODULES . %{_sysconfdir}/selinux/config +%{_sbindir}/semodule -n -s ${SELINUXTYPE} -r container 2> /dev/null +%{_sbindir}/semodule -n -s ${SELINUXTYPE} -d docker 2> /dev/null +%{_sbindir}/semodule -n -s ${SELINUXTYPE} -d gear 2> /dev/null +%selinux_modules_install -s ${SELINUXTYPE} $MODULES sed -e "\|container_file_t|h; \${x;s|container_file_t||;{g;t};a\\" -e "container_file_t" -e "}" -i /etc/selinux/${SELINUXTYPE}/contexts/customizable_types matchpathcon -qV %{_sharedstatedir}/containers || restorecon -R %{_sharedstatedir}/containers &> /dev/null || : %postun if [ $1 -eq 0 ]; then - %selinux_modules_uninstall -s %{selinuxtype} %{modulenames} docker + %selinux_modules_uninstall %{modulenames} docker fi %posttrans -%selinux_relabel_post -s %{selinuxtype} +%selinux_relabel_post #define license tag if not already defined %{!?_licensedir:%global license %doc} @@ -127,8 +127,9 @@ fi %{_datadir}/udica/templates/* # Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 #%%{_mandir}/man8/container_selinux.8.gz -%{_sysconfdir}/selinux/targeted/contexts/users/* -%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulenames} +%{_sysconfdir}/selinux/targeted/contexts/users/container_u +%ghost %verify(not mode) %{_selinux_store_path}/targeted/active/modules/200/%{modulenames} +%ghost %verify(not mode) %{_selinux_store_path}/mls/active/modules/200/%{modulenames} %triggerpostun -- container-selinux < 2:2.162.1-3 if %{_sbindir}/selinuxenabled ; then diff --git a/sources b/sources index e8e9fbc..3c5862b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.233.0.tar.gz) = f79380a3312cb57953bc1286ba7dcdbf29ab95ce72de79c5bac1eb6c4401d2bcb0c9875802c7198a9680af19affb34170581c609180408b21cc27cf680c3feb4 +SHA512 (v2.234.1.tar.gz) = 6ffc70aa42134aec10eaf5f5b4b10a0481309e4285a419d65df9afabc033a34c86147fade0640e7b641b89aaaea3c525ae23700bea675ea6a1319c8fdb7a1859 diff --git a/test/Makefile b/test/Makefile index 5fee1ea..9088bd9 100644 --- a/test/Makefile +++ b/test/Makefile @@ -2,6 +2,7 @@ basic_check: semodule --list=full | grep container semodule -B + rpm -Vqf /var/lib/selinux/*/active/modules/200/container .PHONY: podman_e2e_test podman_e2e_test: From 2815c1b23811c5009c1b5ab4ad335059c60c9e4e Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 11 Nov 2024 14:11:52 +0000 Subject: [PATCH 07/10] Update to 2.234.2 upstream release Upstream tag: v2.234.2 Upstream commit: cd0a1758 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 7 ++----- sources | 2 +- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 4c786db..0e0c20b 100644 --- a/.gitignore +++ b/.gitignore @@ -230,3 +230,4 @@ /v2.232.1.tar.gz /v2.233.0.tar.gz /v2.234.1.tar.gz +/v2.234.2.tar.gz diff --git a/README.packit b/README.packit index 1b4760d..c18262a 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.102.2.post1.dev4+g3142fcf8. +The file was generated using packit 0.103.0. diff --git a/container-selinux.spec b/container-selinux.spec index 646c38a..e34b6fd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 2 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.234.1 +Version: 2.234.2 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} @@ -86,9 +86,6 @@ make %_format MODULES $x.pp.bz2 %{__make} DATADIR=%{buildroot}%{_datadir} SYSCONFDIR=%{buildroot}%{_sysconfdir} install install.udica-templates install.selinux-user -# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 -rm %{buildroot}%{_mandir}/man8/container_selinux.8 - %pre %selinux_relabel_pre @@ -126,7 +123,7 @@ fi %dir %{_datadir}/udica/templates/ %{_datadir}/udica/templates/* # Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2209120 -#%%{_mandir}/man8/container_selinux.8.gz +%{_mandir}/man8/container_selinux.8.gz %{_sysconfdir}/selinux/targeted/contexts/users/container_u %ghost %verify(not mode) %{_selinux_store_path}/targeted/active/modules/200/%{modulenames} %ghost %verify(not mode) %{_selinux_store_path}/mls/active/modules/200/%{modulenames} diff --git a/sources b/sources index 3c5862b..1703887 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.234.1.tar.gz) = 6ffc70aa42134aec10eaf5f5b4b10a0481309e4285a419d65df9afabc033a34c86147fade0640e7b641b89aaaea3c525ae23700bea675ea6a1319c8fdb7a1859 +SHA512 (v2.234.2.tar.gz) = 2ec931ca1bf3f62659944389ef9679c6bc283aa001c275ef84e5be0430e79090ec20a993cccd24c4122f7adc3bcf8338489e09b1e5ad548fde1eef840022281c From 8da3d9fb1e10fe91b0225a7f41291c9bafd0c632 Mon Sep 17 00:00:00 2001 From: Packit Date: Mon, 24 Feb 2025 10:43:26 +0000 Subject: [PATCH 08/10] Update to 2.235.0 upstream release Upstream tag: v2.235.0 Upstream commit: c9b3eca0 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + .packit.yaml | 17 ++++++----- README.packit | 2 +- container-selinux.spec | 4 +-- gating.yaml | 4 ++- plans/all.fmf | 20 ------------ plans/main.fmf | 20 ++++++++++++ sources | 2 +- test/Makefile | 16 ---------- test/main.fmf | 22 ++++++-------- test/podman-tests.sh | 69 ++---------------------------------------- 11 files changed, 50 insertions(+), 127 deletions(-) delete mode 100644 plans/all.fmf create mode 100644 plans/main.fmf delete mode 100644 test/Makefile diff --git a/.gitignore b/.gitignore index 0e0c20b..fa8d78b 100644 --- a/.gitignore +++ b/.gitignore @@ -231,3 +231,4 @@ /v2.233.0.tar.gz /v2.234.1.tar.gz /v2.234.2.tar.gz +/v2.235.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index c9b56ad..cc1d83b 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -13,9 +13,11 @@ files_to_sync: - src: plans/ dest: plans/ delete: true + mkpath: true - src: test/ dest: test/ delete: true + mkpath: true - src: .fmf/ dest: .fmf/ delete: true @@ -44,10 +46,8 @@ jobs: enable_net: true # container-selinux is noarch so we only need to test on one arch targets: &fedora_copr_targets - - fedora-development - - fedora-latest - - fedora-ltest-stable - - fedora-40 + - fedora-all-x86_64 + - fedora-all-aarch64 - job: copr_build trigger: pull_request @@ -55,7 +55,8 @@ jobs: notifications: *copr_build_failure_notification enable_net: true targets: - - fedora-eln + - fedora-eln-x86_64 + - fedora-eln-aarch64 - job: copr_build trigger: pull_request @@ -63,8 +64,10 @@ jobs: notifications: *copr_build_failure_notification enable_net: true targets: ¢os_copr_targets - - centos-stream-9 - - centos-stream-10 + - centos-stream-9-x86_64 + - centos-stream-9-aarch64 + - centos-stream-10-x86_64 + - centos-stream-10-aarch64 # Run on commit to main branch # Build targets managed in copr settings diff --git a/README.packit b/README.packit index c18262a..2cdc258 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.103.0. +The file was generated using packit 1.1.1.post1.dev1+g7c5e02df. diff --git a/container-selinux.spec b/container-selinux.spec index e34b6fd..6fd90dd 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -30,12 +30,12 @@ Name: container-selinux %if %{defined copr_build} Epoch: 102 %else -Epoch: 2 +Epoch: 4 %endif # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.234.2 +Version: 2.235.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/gating.yaml b/gating.yaml index dbb1d91..8f949e2 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,7 +1,9 @@ --- !Policy product_versions: - fedora-* -decision_context: bodhi_update_push_stable +decision_context: + - bodhi_update_push_stable + - bodhi_update_push_testing rules: - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/plans/all.fmf b/plans/all.fmf deleted file mode 100644 index 9e0d10b..0000000 --- a/plans/all.fmf +++ /dev/null @@ -1,20 +0,0 @@ -discover: - how: fmf -execute: - how: tmt - -/upstream: - summary: Run SELinux specific Podman tests on upstream PRs - discover+: - filter: tag:upstream - adjust+: - enabled: false - when: initiator is not defined or initiator != packit - -/downstream: - summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs - discover+: - filter: tag:downstream - adjust+: - enabled: false - when: initiator == packit diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..baa8b2f --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,20 @@ +discover: + how: fmf +execute: + how: tmt +prepare: + - when: distro == centos-stream or distro == rhel + how: shell + script: | + dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm + dnf -y config-manager --set-enabled epel + order: 10 + - when: initiator == packit + how: shell + script: | + COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo" + if compgen -G $COPR_REPO_FILE > /dev/null; then + sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE + fi + dnf -y upgrade --allowerasing + order: 20 diff --git a/sources b/sources index 1703887..1602c69 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.234.2.tar.gz) = 2ec931ca1bf3f62659944389ef9679c6bc283aa001c275ef84e5be0430e79090ec20a993cccd24c4122f7adc3bcf8338489e09b1e5ad548fde1eef840022281c +SHA512 (v2.235.0.tar.gz) = 5d422ffe69e994d2b30460bef39598ccac52d3607a23dd15e300374f1704c6e5883069aa74cb3b362b9545f4dd4e048b6e9893a6086cbba53e9d5f8185b2ffd2 diff --git a/test/Makefile b/test/Makefile deleted file mode 100644 index 9088bd9..0000000 --- a/test/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -.PHONY: basic_check -basic_check: - semodule --list=full | grep container - semodule -B - rpm -Vqf /var/lib/selinux/*/active/modules/200/container - -.PHONY: podman_e2e_test -podman_e2e_test: - bash ./podman-tests.sh e2e - -.PHONY: podman_system_test -podman_system_test: - bash ./podman-tests.sh system - -clean: - rm -rf podman-*dev* podman.spec diff --git a/test/main.fmf b/test/main.fmf index 8c30075..4b186d5 100644 --- a/test/main.fmf +++ b/test/main.fmf @@ -1,21 +1,17 @@ -# Only common dependencies that are NOT required to run podman-tests.sh are -# specified here. Everything else is in podman-tests.sh. require: - - cpio - - make + - attr + - bats + - container-selinux + - podman-tests - policycoreutils /basic_check: - tag: [ upstream, downstream ] summary: Run basic checks - test: make basic_check - -/podman_e2e_test: - tag: [ upstream, downstream ] - summary: Run SELinux specific Podman e2e tests - test: make podman_e2e_test + test: | + semodule --list=full | grep container + semodule -B + rpm -Vqf /var/lib/selinux/*/active/modules/200/container /podman_system_test: - tag: [ upstream, downstream ] summary: Run SELinux specific Podman system tests - test: make podman_system_test + test: bash ./podman-tests.sh diff --git a/test/podman-tests.sh b/test/podman-tests.sh index b758cc8..faa504b 100644 --- a/test/podman-tests.sh +++ b/test/podman-tests.sh @@ -9,71 +9,8 @@ if [[ "$(id -u)" -ne 0 ]];then exit 1 fi -if [[ -z "$1" ]]; then - echo -e "Usage: $(basename ${BASH_SOURCE[0]}) TEST_TYPE\nTEST_TYPE can be 'e2e' or 'system'\n" - exit 1 -fi - -TEST_TYPE=$1 - -# Remove testing-farm repos if they exist as these interfere with the packages -# we want to install, especially when podman-next copr is involved -rm -f /etc/yum.repos.d/tag-repository.repo - -# Fetch and extract latest podman source from the highest priority dnf repo -# NOTE: On upstream pull-requests, the srpm will be fetched from the -# podman-next copr while on bodhi updates, it will be fetched from Fedora's -# official repos. -PODMAN_DIR=$(mktemp -d) -pushd $PODMAN_DIR - -# Download podman and podman-tests rpms, along with podman srpm -dnf download podman podman-tests -# Download srpm, srpm opts differ between dnf and dnf5 -rpm -q dnf5 && dnf download --srpm podman || dnf download --source podman - -# Ensure podman-tests RPM and podman SRPM version-release match -# NOTE: podman RPM and podman-tests RPM matching is ensured by podman.spec so -# matching podman-tests and podman srpm is sufficient here. -PODMAN_TESTS_VERSION=$(ls podman-tests* | sed -e "s/.$(uname -m).rpm//" -e "s/podman-tests-//") -PODMAN_SRPM_VERSION=$(ls podman*.src.rpm | sed -e "s/.src.rpm//" -e "s/podman-//") -if [[ "$PODMAN_TESTS_VERSION" != "$PODMAN_SRPM_VERSION" ]]; then - echo "podman-tests and podman srpm version-release don't match" - exit 1 -fi - -# Install downloaded podman and podman-tests rpms -dnf -y install ./podman*.$(uname -m).rpm - -# Extract and untar podman source from srpm -rpm2cpio $(ls podman*.src.rpm) | cpio -di -tar zxf *.tar.gz - -popd - -# Install dependencies for running tests -# NOTE: bats will be fetched from Fedora repos on public testing-farm envs if EPEL repo is absent or disabled. -dnf -y install bats golang - # Print versions of distro and installed packages -rpm -q bats container-selinux golang podman podman-tests selinux-policy +rpm -q bats container-selinux podman podman-tests policycoreutils selinux-policy -if [[ "$TEST_TYPE" == "e2e" ]]; then - # /tmp is often unsufficient - export TMPDIR=/var/tmp - - # dnf5 contains breaking changes - # Either of `dnf` OR `dnf5` will be installed, never both. - # To fetch srpm, dnf uses `--source`, dnf5 uses `--srpm`. - #rpm -q dnf5 && SRPM_OPTS="--srpm" || SRPM_OPTS="--source" - - # Run podman e2e tests - pushd $PODMAN_DIR/podman-*/test/e2e - PODMAN_BINARY=/usr/bin/podman go test -v config.go config_amd64.go common_test.go libpod_suite_test.go run_selinux_test.go - popd -fi - -if [[ "$TEST_TYPE" == "system" ]]; then - # Run podman system tests - bats /usr/share/podman/test/system/410-selinux.bats -fi +# Run podman system tests +bats /usr/share/podman/test/system/410-selinux.bats From 1a838d74935b88ecb2442cf1a27011cd08f9d3be Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 24 Feb 2025 17:01:52 +0530 Subject: [PATCH 09/10] fix gating.yaml (cherry picked from commit a15b46699ba2930583bd677a292cfc1ce7df64e5) --- gating.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gating.yaml b/gating.yaml index 8f949e2..c692db7 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,7 +1,7 @@ --- !Policy product_versions: - fedora-* -decision_context: +decision_contexts: - bodhi_update_push_stable - bodhi_update_push_testing rules: From e250a0088da04153fb205cbe420b567fd5a20311 Mon Sep 17 00:00:00 2001 From: Packit Date: Thu, 13 Mar 2025 20:26:08 +0000 Subject: [PATCH 10/10] Update to 2.236.0 upstream release Upstream tag: v2.236.0 Upstream commit: 4244f856 Commit authored by Packit automation (https://packit.dev/) --- .gitignore | 1 + README.packit | 2 +- container-selinux.spec | 2 +- sources | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index fa8d78b..d119390 100644 --- a/.gitignore +++ b/.gitignore @@ -232,3 +232,4 @@ /v2.234.1.tar.gz /v2.234.2.tar.gz /v2.235.0.tar.gz +/v2.236.0.tar.gz diff --git a/README.packit b/README.packit index 2cdc258..f5cc99f 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 1.1.1.post1.dev1+g7c5e02df. +The file was generated using packit 1.2.0.post1.dev13+g55ed4527. diff --git a/container-selinux.spec b/container-selinux.spec index 6fd90dd..cf61d09 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -35,7 +35,7 @@ Epoch: 4 # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.235.0 +Version: 2.236.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} diff --git a/sources b/sources index 1602c69..f7b9b50 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.235.0.tar.gz) = 5d422ffe69e994d2b30460bef39598ccac52d3607a23dd15e300374f1704c6e5883069aa74cb3b362b9545f4dd4e048b6e9893a6086cbba53e9d5f8185b2ffd2 +SHA512 (v2.236.0.tar.gz) = 02f4cf1549bbe8c647fc2d2af9f239a23b47e67964d2ee66a45578b6494a9257185f210a61a3e666470489698760b6dd336db3e6a867002fdac68f64689d3841