From ed29d9671609d8506bfe2e84541c5fc8be361929 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Sat, 9 Aug 2025 12:24:26 +0200 Subject: [PATCH 1/3] Update to 0.2 ... and fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787. The following rpmlint warning was silenced: toolbox.spec: W: no-%check-section The timeout for the CI was increased to prevent it from timing out. The upstream CI runs the test suite in three parallel batches, with each batch having a timeout of 1 hour 45 minutes. The downstream CI doesn't run parallelly, so a timeout of 3 hours 30 minutes was chosen. https://bugzilla.redhat.com/show_bug.cgi?id=2375632 https://bugzilla.redhat.com/show_bug.cgi?id=2382220 https://src.fedoraproject.org/rpms/toolbox/pull-request/34 --- .gitignore | 1 + sources | 2 +- tests/main.fmf | 2 +- ...-migration-paths-for-coreos-toolbox-users.patch | 14 +++++++------- toolbox-Make-the-build-flags-match-Fedora.patch | 4 ++-- toolbox-Make-the-build-flags-match-RHEL-10.patch | 4 ++-- toolbox-Make-the-build-flags-match-RHEL-9.patch | 4 ++-- toolbox.rpmlintrc | 1 + toolbox.spec | 8 ++++++-- 9 files changed, 23 insertions(+), 17 deletions(-) create mode 100644 toolbox.rpmlintrc diff --git a/.gitignore b/.gitignore index 4222058..596c5d0 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ /toolbox-0.1.0-vendored.tar.xz /toolbox-0.1.1-vendored.tar.xz /toolbox-0.1.2-vendored.tar.xz +/toolbox-0.2-vendored.tar.xz diff --git a/sources b/sources index fc880e6..c80564e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.1.2-vendored.tar.xz) = 1d1b461b84d0c995c4f793eb154815c1ed68ce3545dfb8e711a0061484efb988e796bca43f7ada3c8d9eb0673c6c1fe9f923226eff6e7bc3de9e4b2e2e44485e +SHA512 (toolbox-0.2-vendored.tar.xz) = 670737a5911d62c0492fcc27cbee51fbfa909ad2f6dbc4ea035048b122857e8c0f37294db0ce29503c7e5c01e12eb90c30f7f6ce7b2e54662f3332c076cd77bd diff --git a/tests/main.fmf b/tests/main.fmf index 77df303..732cc1b 100644 --- a/tests/main.fmf +++ b/tests/main.fmf @@ -9,4 +9,4 @@ require: test: | rpm --erase p11-kit-server bash ./rootless-test.sh - duration: 150m + duration: 3h 30m diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch index c21625e..9ff5bb8 100644 --- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -1,4 +1,4 @@ -From 401abbfb6f820670bc14ca5c555151a0a657b67b Mon Sep 17 00:00:00 2001 +From b0f4d55b16e59375012ea0ffbfe31086cbef2fef Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 18 Aug 2021 17:55:21 +0200 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST @@ -10,7 +10,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037 1 file changed, 1 insertion(+) diff --git a/src/cmd/run.go b/src/cmd/run.go -index 7094c3a4eec9..f6c7acffe76a 100644 +index 389ea1615234..2e78a3ba3ecd 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go @@ -573,6 +573,7 @@ func constructExecArgs(container, preserveFDs string, @@ -22,10 +22,10 @@ index 7094c3a4eec9..f6c7acffe76a 100644 "--preserve-fds", preserveFDs, }...) -- -2.49.0 +2.50.1 -From a5d5fdfe8539af0a23af5a5503197389a0a4d0dd Mon Sep 17 00:00:00 2001 +From d4e03324f5d263fdb7c9b10270dd7ed251d5aa9e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 13:42:15 +0100 Subject: [PATCH 2/2] test/system: Update to test the migration path for @@ -42,10 +42,10 @@ ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit create mode 100644 test/system/100-root.bats diff --git a/test/system/002-help.bats b/test/system/002-help.bats -index 921c23b51a44..192603d71aba 100644 +index f7cd3f5480ab..7ad5f72e792f 100644 --- a/test/system/002-help.bats +++ b/test/system/002-help.bats -@@ -34,20 +34,6 @@ teardown_file() { +@@ -33,20 +33,6 @@ teardown_file() { cleanup_all } @@ -100,5 +100,5 @@ index 000000000000..cf35d60ac25c + skip "Testing of entering toolboxes is not implemented" +} -- -2.49.0 +2.50.1 diff --git a/toolbox-Make-the-build-flags-match-Fedora.patch b/toolbox-Make-the-build-flags-match-Fedora.patch index 92123b4..f536fde 100644 --- a/toolbox-Make-the-build-flags-match-Fedora.patch +++ b/toolbox-Make-the-build-flags-match-Fedora.patch @@ -1,4 +1,4 @@ -From 767c59c40128dda3d29191be8289ff16af888187 Mon Sep 17 00:00:00 2001 +From 2ad3ed22992dd74c3deb697bdf165bf1e37479ae Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} @@ -58,5 +58,5 @@ index a5a1a6a508fb..5978422e9aed 100755 exit "$?" -- -2.49.0 +2.50.1 diff --git a/toolbox-Make-the-build-flags-match-RHEL-10.patch b/toolbox-Make-the-build-flags-match-RHEL-10.patch index 5677d56..180135c 100644 --- a/toolbox-Make-the-build-flags-match-RHEL-10.patch +++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch @@ -1,4 +1,4 @@ -From 2090a139dc6b9be6d51fbd7875fda06b6502cda0 Mon Sep 17 00:00:00 2001 +From e39af9ab2105d7d7b49b22d22895b3799efee2ef Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags} @@ -67,5 +67,5 @@ index a5a1a6a508fb..5978422e9aed 100755 exit "$?" -- -2.49.0 +2.50.1 diff --git a/toolbox-Make-the-build-flags-match-RHEL-9.patch b/toolbox-Make-the-build-flags-match-RHEL-9.patch index 0804f78..867e860 100644 --- a/toolbox-Make-the-build-flags-match-RHEL-9.patch +++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch @@ -1,4 +1,4 @@ -From 3603ef5eff9615b7df2bf665fd5edc9434d99f6e Mon Sep 17 00:00:00 2001 +From 26bef6542102509a9706bf97122a7ff2130383f8 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags} @@ -46,5 +46,5 @@ index a5a1a6a508fb..0a2c7526f210 100755 exit "$?" -- -2.49.0 +2.50.1 diff --git a/toolbox.rpmlintrc b/toolbox.rpmlintrc new file mode 100644 index 0000000..150b710 --- /dev/null +++ b/toolbox.rpmlintrc @@ -0,0 +1 @@ +addFilter(r'no-%check-section') diff --git a/toolbox.spec b/toolbox.spec index f86b99d..2edf9fe 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.1.2 +Version: 0.2 %global goipath github.com/containers/%{name} @@ -17,7 +17,7 @@ Version: 0.1.2 %endif %endif -%global toolbx_go 1.21 +%global toolbx_go 1.22 %if 0%{?fedora} %global toolbx_go 1.23.9 @@ -188,6 +188,10 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Sat Aug 09 2025 Debarshi Ray - 0.2-1 +- Update to 0.2 +- Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787 + * Tue Jun 03 2025 Debarshi Ray - 0.1.2-1 - Update to 0.1.2 From 42fc7a6d5e05c582ae93a5d7caf00bbe3ae14c9c Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 17 Sep 2025 20:22:25 +0200 Subject: [PATCH 2/3] tests: Don't needlessly preserve environment variables in su(1) sessions The TMT namespaced environment variables are not referenced anywhere else and were recently removed from Podman too [1]. It's confusing to have a long list of variables, which are either unused or don't need to be explicitly preserved within the child session started by su(1). ROOTLESS_USER is used when invoking su(1) and there's no need for it within the child session started by su(1). [1] Fedora podman commit b972298be7d228f4 https://src.fedoraproject.org/rpms/podman/c/b972298be7d228f4 https://src.fedoraproject.org/rpms/toolbox/pull-request/37 --- tests/tmt-envvars | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/tmt-envvars b/tests/tmt-envvars index 6b4b747..6f3176e 100644 --- a/tests/tmt-envvars +++ b/tests/tmt-envvars @@ -1,18 +1 @@ -TMT_TREE -TMT_PLAN_DATA -TMT_VERSION -TMT_TEST_NAME -TMT_TEST_DATA -TMT_TEST_SERIAL_NUMBER -TMT_TEST_ITERATION_ID -TMT_TEST_METADATA -TMT_SOURCE_DIR -TMT_REBOOT_COUNT -TMT_TEST_RESTART_COUNT -TMT_TOPOLOGY_BASH -TMT_TOPOLOGY_YAML -TMT_TEST_PIDFILE -TMT_TEST_PIDFILE_LOCK -TMT_TEST_PIDFILE_ROOT -ROOTLESS_USER TMPDIR From 5d6440fe4a05b0ffcec29df39c660c103a94b42f Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 17 Sep 2025 21:41:04 +0200 Subject: [PATCH 3/3] Update to 0.3 ... and update the BuildRequires on golang to reflect reality. https://src.fedoraproject.org/rpms/toolbox/pull-request/40 --- .gitignore | 1 + sources | 2 +- ...dd-migration-paths-for-coreos-toolbox-users.patch | 12 ++++++------ toolbox-Make-the-build-flags-match-Fedora.patch | 4 ++-- toolbox-Make-the-build-flags-match-RHEL-10.patch | 4 ++-- toolbox-Make-the-build-flags-match-RHEL-9.patch | 4 ++-- toolbox.spec | 9 ++++++--- 7 files changed, 20 insertions(+), 16 deletions(-) diff --git a/.gitignore b/.gitignore index 596c5d0..2625054 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,4 @@ /toolbox-0.1.1-vendored.tar.xz /toolbox-0.1.2-vendored.tar.xz /toolbox-0.2-vendored.tar.xz +/toolbox-0.3-vendored.tar.xz diff --git a/sources b/sources index c80564e..f30b3d7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.2-vendored.tar.xz) = 670737a5911d62c0492fcc27cbee51fbfa909ad2f6dbc4ea035048b122857e8c0f37294db0ce29503c7e5c01e12eb90c30f7f6ce7b2e54662f3332c076cd77bd +SHA512 (toolbox-0.3-vendored.tar.xz) = e464aba1c40b37b0ed027a560a0685e5dc8f07684d33d0e2bac5f0ba8c2b2c2a4c585db8847b23bd0753e33d37e3e88c87ab71d3999c3afedf315717f468c0ba diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch index 9ff5bb8..aec1779 100644 --- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -1,4 +1,4 @@ -From b0f4d55b16e59375012ea0ffbfe31086cbef2fef Mon Sep 17 00:00:00 2001 +From 4649e50c28321185cbaa81a37efbd317b84ae840 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 18 Aug 2021 17:55:21 +0200 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST @@ -10,10 +10,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037 1 file changed, 1 insertion(+) diff --git a/src/cmd/run.go b/src/cmd/run.go -index 389ea1615234..2e78a3ba3ecd 100644 +index ceb277a3640a..72b673f506b3 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go -@@ -573,6 +573,7 @@ func constructExecArgs(container, preserveFDs string, +@@ -576,6 +576,7 @@ func constructExecArgs(container, preserveFDs string, execArgs = append(execArgs, envOptions...) execArgs = append(execArgs, []string{ @@ -22,10 +22,10 @@ index 389ea1615234..2e78a3ba3ecd 100644 "--preserve-fds", preserveFDs, }...) -- -2.50.1 +2.51.0 -From d4e03324f5d263fdb7c9b10270dd7ed251d5aa9e Mon Sep 17 00:00:00 2001 +From b2ba8445bee988143d546bc15fa3a8a8c019aa2e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 13:42:15 +0100 Subject: [PATCH 2/2] test/system: Update to test the migration path for @@ -100,5 +100,5 @@ index 000000000000..cf35d60ac25c + skip "Testing of entering toolboxes is not implemented" +} -- -2.50.1 +2.51.0 diff --git a/toolbox-Make-the-build-flags-match-Fedora.patch b/toolbox-Make-the-build-flags-match-Fedora.patch index f536fde..5ee5fd4 100644 --- a/toolbox-Make-the-build-flags-match-Fedora.patch +++ b/toolbox-Make-the-build-flags-match-Fedora.patch @@ -1,4 +1,4 @@ -From 2ad3ed22992dd74c3deb697bdf165bf1e37479ae Mon Sep 17 00:00:00 2001 +From a1bb7d53fab70899c991feb9276cf93a12280750 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} @@ -58,5 +58,5 @@ index a5a1a6a508fb..5978422e9aed 100755 exit "$?" -- -2.50.1 +2.51.0 diff --git a/toolbox-Make-the-build-flags-match-RHEL-10.patch b/toolbox-Make-the-build-flags-match-RHEL-10.patch index 180135c..9528088 100644 --- a/toolbox-Make-the-build-flags-match-RHEL-10.patch +++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch @@ -1,4 +1,4 @@ -From e39af9ab2105d7d7b49b22d22895b3799efee2ef Mon Sep 17 00:00:00 2001 +From f79f96fb8f3ec528952b9719f356e871837987df Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags} @@ -67,5 +67,5 @@ index a5a1a6a508fb..5978422e9aed 100755 exit "$?" -- -2.50.1 +2.51.0 diff --git a/toolbox-Make-the-build-flags-match-RHEL-9.patch b/toolbox-Make-the-build-flags-match-RHEL-9.patch index 867e860..492268a 100644 --- a/toolbox-Make-the-build-flags-match-RHEL-9.patch +++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch @@ -1,4 +1,4 @@ -From 26bef6542102509a9706bf97122a7ff2130383f8 Mon Sep 17 00:00:00 2001 +From 2d1b4b2492c65abd0d0bf0c71c971f550447412d Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags} @@ -46,5 +46,5 @@ index a5a1a6a508fb..0a2c7526f210 100755 exit "$?" -- -2.50.1 +2.51.0 diff --git a/toolbox.spec b/toolbox.spec index 2edf9fe..75663f5 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.2 +Version: 0.3 %global goipath github.com/containers/%{name} @@ -20,7 +20,7 @@ Version: 0.2 %global toolbx_go 1.22 %if 0%{?fedora} -%global toolbx_go 1.23.9 +%global toolbx_go 1.24.7 %endif %if 0%{?rhel} @@ -29,7 +29,7 @@ Version: 0.2 %elif 0%{?rhel} == 10 %global toolbx_go 1.22.5 %elif 0%{?rhel} > 10 -%global toolbx_go 1.24.3 +%global toolbx_go 1.24.4 %endif %endif @@ -188,6 +188,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Wed Sep 17 2025 Debarshi Ray - 0.3-1 +- Update to 0.3 + * Sat Aug 09 2025 Debarshi Ray - 0.2-1 - Update to 0.2 - Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787