Update to 2.245.0 upstream release

Upstream tag: v2.245.0
Upstream commit: 3f7c37e9

Commit authored by Packit automation (https://packit.dev/)

.gitignore

@@ -232,3 +232,14 @@
 /v2.233.0.tar.gz
 /v2.234.1.tar.gz
 /v2.234.2.tar.gz
+/v2.235.0.tar.gz
+/v2.236.0.tar.gz
+/v2.237.0.tar.gz
+/v2.238.0.tar.gz
+/v2.239.0.tar.gz
+/v2.240.0.tar.gz
+/v2.241.0.tar.gz
+/v2.242.0.tar.gz
+/v2.243.0.tar.gz
+/v2.244.0.tar.gz
+/v2.245.0.tar.gz

.packit.yaml

@@ -13,9 +13,11 @@ files_to_sync:
   - src: plans/
     dest: plans/
     delete: true
+    mkpath: true
   - src: test/
     dest: test/
     delete: true
+    mkpath: true
   - src: .fmf/
     dest: .fmf/
     delete: true
@@ -44,18 +46,17 @@ jobs:
     enable_net: true
     # container-selinux is noarch so we only need to test on one arch
     targets: &fedora_copr_targets
-      - fedora-development
-      - fedora-latest
-      - fedora-ltest-stable
-      - fedora-40
+      - fedora-all-x86_64
+      - fedora-all-aarch64
 
   - job: copr_build
     trigger: pull_request
     packages: [container-selinux-eln]
     notifications: *copr_build_failure_notification
     enable_net: true
-    targets:
-      - fedora-eln
+    targets: &eln_copr_targets
+      - fedora-eln-x86_64
+      - fedora-eln-aarch64
 
   - job: copr_build
     trigger: pull_request
@@ -63,8 +64,10 @@ jobs:
     notifications: *copr_build_failure_notification
     enable_net: true
     targets: &centos_copr_targets
-      - centos-stream-9
-      - centos-stream-10
+      - centos-stream-9-x86_64
+      - centos-stream-9-aarch64
+      - centos-stream-10-x86_64
+      - centos-stream-10-aarch64
 
   # Run on commit to main branch
   # Build targets managed in copr settings
@@ -94,6 +97,18 @@ jobs:
           - type: repository-file
             id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo
 
+  # Tests for Fedora
+  - job: tests
+    trigger: pull_request
+    packages: [container-selinux-eln]
+    notifications: *test_failure_notification
+    targets: *eln_copr_targets
+    tf_extra_params:
+      environments:
+        - artifacts:
+          - type: repository-file
+            id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-eln/rhcontainerbot-podman-next-fedora-eln.repo
+
   # Tests for CentOS Stream
   - job: tests
     trigger: pull_request

README.packit

@@ -1,3 +1,3 @@
 This repository is maintained by packit.
 https://packit.dev/
-The file was generated using packit 0.103.0.
+The file was generated using packit 1.13.0.

container-selinux.spec

@@ -20,22 +20,22 @@
 %define no_user_namespace 1
 %endif
 
-# copr_build is more intuitive than copr_username
-%if %{defined copr_username}
-%define copr_build 1
+# set copr_build is more intuitive than copr_username
+%if %{defined copr_username} && "%{copr_username}" == "rhcontainerbot" && "%{copr_projectname}" == "podman-next"
+%define next_build 1
 %endif
 
 Name: container-selinux
-# Set different Epochs for copr and koji
-%if %{defined copr_build}
+# Set different Epoch for rhcontainerbot/podman-next copr build
+%if %{defined next_build}
 Epoch: 102
 %else
-Epoch: 2
+Epoch: 4
 %endif
 # Keep Version in upstream specfile at 0. It will be automatically set
 # to the correct value by Packit for copr and koji builds.
 # IGNORE this comment if you're looking at it in dist-git.
-Version: 2.234.2
+Version: 2.245.0
 Release: %autorelease
 License: GPL-2.0-only
 URL: https://github.com/containers/%{name}
@@ -111,6 +111,9 @@ fi
 %posttrans
 %selinux_relabel_post
 
+# Empty placeholder check to silence rpmlint
+%check
+
 #define license tag if not already defined
 %{!?_licensedir:%global license %doc}
 

gating.yaml

@@ -1,7 +1,9 @@
 --- !Policy
 product_versions:
   - fedora-*
-decision_context: bodhi_update_push_stable
+decision_contexts:
+  - bodhi_update_push_stable
+  - bodhi_update_push_testing
 rules:
   - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
 

plans/main.fmf

@@ -2,39 +2,29 @@ discover:
     how: fmf
 execute:
     how: tmt
-adjust:
+prepare:
+    - how: feature
+      epel: enabled
+    # TODO: Revisit this once https://github.com/teemtee/tmt/issues/3990 is in place.
+    # FIXME: For whatever reason, CentOS Stream envs end up upgrading container-selinux
+    # from podman-next instead of using the one installed by Packit. This apparently should
+    # be easier to handle once tmt#3990 is done. Things work as expected on Fedora already.
     - when: initiator == packit
-      because: "We need to test with updated packages from rhcontainerbot/podman-next copr"
-      prepare+:
-        how: shell
-        script: |
-            sed -i -n '/^priority=/!p;$apriority=1' /etc/yum.repos.d/*podman-next*.repo
-            dnf -y upgrade --allowerasing
-    # FIXME: Use epel10 once bats is available there
-    - when: distro == centos-stream-10 or distro == rhel-10
-      because: "bats isn't yet available on epel10"
-      prepare+:
-        how: install
-        copr: rhcontainerbot/bats-el10
-        package: bats
-    - when: distro == centos-stream-9 or distro == rhel-9
-      because: "bats is present on EPEL on rhel9 / c9s"
-      prepare+:
-        how: feature
-        epel: enabled
+      how: shell
+      script: |
+        COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo"
+        if compgen -G $COPR_REPO_FILE > /dev/null; then
+            sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE
+        fi
 
-/upstream:
-    summary: Run SELinux specific Podman tests on upstream PRs
+/basic_check:
     discover+:
-        filter: tag:upstream
-    adjust+:
-        - enabled: false
-          when: initiator is not defined or initiator != packit
+        test: /test/basic_check
 
-/downstream:
-    summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs
+/podman_rootful_system:
     discover+:
-        filter: tag:downstream
-    adjust+:
-        - enabled: false
-          when: initiator == packit
+        test: /test/podman_rootful_system
+
+/podman_rootless_system:
+    discover+:
+        test: /test/podman_rootless_system

plans/tmt.fmf

@@ -0,0 +1,9 @@
+/:
+  inherit: false
+
+summary: Run tmt's integration tests
+plan:
+  import:
+    url: https://github.com/teemtee/tmt
+    path: /plans/friends
+    name: /podman

sources

@@ -1 +1 @@
-SHA512 (v2.234.2.tar.gz) = 2ec931ca1bf3f62659944389ef9679c6bc283aa001c275ef84e5be0430e79090ec20a993cccd24c4122f7adc3bcf8338489e09b1e5ad548fde1eef840022281c
+SHA512 (v2.245.0.tar.gz) = 0bc85980780631ceccb38f2fde64ff7f3792be18d4501806532f097deedde70f446e2389c543dd78e9087b45cd1a6916c0e096e6ea42dd77ac377ad4111b7db2

test/Makefile

@@ -1,16 +0,0 @@
-.PHONY: basic_check
-basic_check:
-	semodule --list=full | grep container
-	semodule -B
-	rpm -Vqf /var/lib/selinux/*/active/modules/200/container
-
-.PHONY: podman_e2e_test
-podman_e2e_test:
-	bash ./podman-tests.sh e2e
-
-.PHONY: podman_system_test
-podman_system_test:
-	bash ./podman-tests.sh system
-
-clean:
-	rm -rf podman-*dev* podman.spec

test/main.fmf

@@ -1,19 +1,34 @@
 require:
-    - bats
+    - attr
     - container-selinux
-    - cpio
-    - golang
-    - make
-    - podman
     - podman-tests
     - policycoreutils
+recommend:
+    - bats
 
 /basic_check:
-    tag: [ upstream, downstream ]
     summary: Run basic checks
-    test: make basic_check
+    test: |
+        semodule --list=full | grep container
+        semodule -B
+        rpm -Vqf /var/lib/selinux/*/active/modules/200/container
 
-/podman_system_test:
-    tag: [ upstream, downstream ]
+/podman_rootful_system:
     summary: Run SELinux specific Podman system tests
-    test: make podman_system_test
+    test: bash ./podman-rootful-tests.sh
+
+/podman_rootless_system:
+    summary: Run rootless Podman system tests
+    test: bash ./podman-rootless-tests.sh
+    require+:
+        - passt
+        - passt-selinux
+    environment:
+        ROOTLESS_USER: "fedora"
+    adjust:
+        - when: distro == centos-stream
+          environment+:
+            ROOTLESS_USER: "ec2-user"
+        - when: distro == rhel
+          environment+:
+            ROOTLESS_USER: "cloud-user"

test/podman-rootful-tests.sh

@@ -10,7 +10,7 @@ if [[ "$(id -u)" -ne 0 ]];then
 fi
 
 # Print versions of distro and installed packages
-rpm -q bats container-selinux golang podman podman-tests selinux-policy
+rpm -q bats container-selinux podman podman-tests policycoreutils selinux-policy
 
 # Run podman system tests
 bats /usr/share/podman/test/system/410-selinux.bats

test/podman-rootless-tests.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+cat /etc/redhat-release
+
+# Print versions of distro and installed packages
+rpm -q bats container-selinux passt passt-selinux podman podman-tests policycoreutils selinux-policy
+
+loginctl enable-linger "$ROOTLESS_USER"
+
+# Run podman system tests
+su - "$ROOTLESS_USER" -c "bats /usr/share/podman/test/system/410-selinux.bats"
+su - "$ROOTLESS_USER" -c "bats /usr/share/podman/test/system/500-networking.bats"
+su - "$ROOTLESS_USER" -c "bats /usr/share/podman/test/system/505-networking-pasta.bats"