diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 6787941..2625054 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,9 @@ /toolbox-0.0.99.3-vendor.tar.xz /toolbox-0.0.99.4-vendored.tar.xz /toolbox-0.0.99.5-vendored.tar.xz +/toolbox-0.0.99.6-vendored.tar.xz +/toolbox-0.1.0-vendored.tar.xz +/toolbox-0.1.1-vendored.tar.xz +/toolbox-0.1.2-vendored.tar.xz +/toolbox-0.2-vendored.tar.xz +/toolbox-0.3-vendored.tar.xz diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..e6427de --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,4 @@ +discover: + how: fmf +execute: + how: tmt diff --git a/rpminspect.yaml b/rpminspect.yaml index 924e431..f0d9c5c 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -4,7 +4,11 @@ --- annocheck: - - hardened: --ignore-unknown --verbose --skip-run-path + extra_opts: + hardened: --skip-run-path --skip-stack-prot + +elf: + exclude_path: /usr/bin/toolbox runpath: allowed_paths: diff --git a/sources b/sources index df91c99..f30b3d7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.5-vendored.tar.xz) = d82666e9abcbac2d01de440dfb8d57801bb97ec0854a9859c64689c47c6a1344b846fb151ffa9371d0a9a2c85c8f61c96cf8f546449ec63c9a44d85ef328b745 +SHA512 (toolbox-0.3-vendored.tar.xz) = e464aba1c40b37b0ed027a560a0685e5dc8f07684d33d0e2bac5f0ba8c2b2c2a4c585db8847b23bd0753e33d37e3e88c87ab71d3999c3afedf315717f468c0ba diff --git a/tests/main.fmf b/tests/main.fmf new file mode 100644 index 0000000..25a6fe7 --- /dev/null +++ b/tests/main.fmf @@ -0,0 +1,12 @@ +environment: + ROOTLESS_USER: "fedora" + TMPDIR: /var/tmp +require: + - toolbox-tests + +/rootless: + summary: rootless test + test: | + rpm --erase p11-kit-server + bash ./rootless-test.sh + duration: 4h diff --git a/tests/roles/nonroot_user/tasks/main.yml b/tests/roles/nonroot_user/tasks/main.yml deleted file mode 100644 index 51bf44a..0000000 --- a/tests/roles/nonroot_user/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: create nonroot user - user: - name: testuser - shell: /bin/bash -- name: enable linger - command: loginctl enable-linger testuser diff --git a/tests/roles/run_bats_tests/files/run_bats_tests.sh b/tests/roles/run_bats_tests/files/run_bats_tests.sh deleted file mode 100755 index e9f5f5f..0000000 --- a/tests/roles/run_bats_tests/files/run_bats_tests.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -# -# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman -# -# This is invoked by the 'run_bats_tests' role; we assume that -# the package foo has a foo-tests subpackage which provides the -# directory /usr/share/foo/test/system, containing one or more .bats -# test files. -# - -export PATH=/usr/local/bin:/usr/sbin:/usr/bin - -FULL_LOG=/tmp/test.debug.log -BATS_LOG=/tmp/test.bats.log -rm -f $FULL_LOG $BATS_LOG -touch $FULL_LOG $BATS_LOG - -exec &> $FULL_LOG - -# Log program versions -echo "Packages:" -rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests - -echo "------------------------------" -printenv | sort - -testdir=/usr/share/${TEST_PACKAGE}/test/system - -if ! cd $testdir; then - echo "FAIL ${TEST_NAME} : cd $testdir" >> /tmp/test.log - exit 0 -fi - -if [ -e /tmp/helper.sh ]; then - echo "------------------------------" - echo ". /tmp/helper.sh" - . /tmp/helper.sh -fi - -if [ "$(type -t setup)" = "function" ]; then - echo "------------------------------" - echo "\$ setup" - setup - if [ $? -ne 0 ]; then - echo "FAIL ${TEST_NAME} : setup" >> /tmp/test.log - exit 0 - fi -fi - -echo "------------------------------" -echo "\$ bats ." -bats . &> $BATS_LOG -rc=$? - -echo "------------------------------" -echo "bats completed with status $rc" - -status=PASS -if [ $rc -ne 0 ]; then - status=FAIL -fi - -echo "${status} ${TEST_NAME}" >> /tmp/test.log - -if [ "$(type -t teardown)" = "function" ]; then - echo "------------------------------" - echo "\$ teardown" - teardown -fi - -# FIXME: for CI purposes, always exit 0. This allows subsequent tests. -exit 0 diff --git a/tests/roles/run_bats_tests/tasks/main.yml b/tests/roles/run_bats_tests/tasks/main.yml deleted file mode 100644 index da79a4c..0000000 --- a/tests/roles/run_bats_tests/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Create empty results file, world-writable -- name: initialize test.log file - copy: dest=/tmp/test.log content='' force=yes mode=0666 - -- name: execute tests - include: run_one_test.yml - with_items: "{{ tests }}" - loop_control: - loop_var: test - -- name: pull test.log results - fetch: - src: "/tmp/test.log" - dest: "{{ artifacts }}/test.log" - flat: yes - -# Copied from standard-test-basic -- name: check results - shell: grep "^FAIL" /tmp/test.log - register: test_fails - # Never fail at this step. Just store result of tests. - failed_when: False - -- name: preserve results - set_fact: - role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}" - role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}" - -- name: display results - vars: - msg: | - Tests failed: {{ role_result_failed|d('Undefined') }} - Tests msg: {{ role_result_msg|d('None') }} - debug: - msg: "{{ msg.split('\n') }}" - failed_when: "role_result_failed|bool" diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml deleted file mode 100644 index b44ed42..0000000 --- a/tests/roles/run_bats_tests/tasks/run_one_test.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: "{{ test.name }} | install test packages" - dnf: name="{{ test.package }}-tests" state=installed - -- name: "{{ test.name }} | define helper variables" - set_fact: - test_name_oneword: "{{ test.name | replace(' ','-') }}" - -# UGH. This is necessary because our caller sets some environment variables -# and we need to set a few more based on other caller variables; then we -# need to combine the two dicts when running the test. This seems to be -# the only way to do it in ansible. -- name: "{{ test.name }} | define local environment" - set_fact: - local_environment: - TEST_NAME: "{{ test.name }}" - TEST_PACKAGE: "{{ test.package }}" - TEST_ENV: "{{ test.environment }}" - -- name: "{{ test.name }} | setup/teardown helper | see if exists" - local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh - register: helper - -- name: "{{ test.name }} | setup/teardown helper | install" - copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh - when: helper.stat.exists - -- name: "{{ test.name }} | run test" - script: ./run_bats_tests.sh - args: - chdir: /usr/share/{{ test.package }}/test/system - become: "{{ true if test.become is defined else false }}" - become_user: testuser - environment: "{{ local_environment | combine(test.environment) }}" - -- name: "{{ test.name }} | pull logs" - fetch: - src: "/tmp/test.{{ item }}.log" - dest: "{{ artifacts }}/test.{{ test_name_oneword }}.{{ item }}.log" - flat: yes - with_items: - - bats - - debug - -- name: "{{ test.name }} | remove remote logs and helpers" - file: - dest=/tmp/{{ item }} - state=absent - with_items: - - test.bats.log - - test.debug.log - - helper.sh diff --git a/tests/rootless-test.sh b/tests/rootless-test.sh new file mode 100644 index 0000000..16da9fe --- /dev/null +++ b/tests/rootless-test.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -exo pipefail + +uname -r + +loginctl enable-linger "$ROOTLESS_USER" + +rpm -q containers-common-extra podman toolbox + +su --whitelist-environment=$(cat ./tmt-envvars | tr '\n' ',') - "$ROOTLESS_USER" -c "whoami && cd /usr/share/toolbox/test/system && bats ." diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index e7ff188..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: localhost - tags: classic - vars: - - artifacts: ./artifacts - roles: - - role: nonroot_user - - role: run_bats_tests - tests: - - name: toolbox - package: toolbox - become: true diff --git a/tests/tmt-envvars b/tests/tmt-envvars new file mode 100644 index 0000000..6f3176e --- /dev/null +++ b/tests/tmt-envvars @@ -0,0 +1 @@ +TMPDIR diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch index 88003a3..aec1779 100644 --- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -1,4 +1,4 @@ -From d461caa5b1a278124d039df93140d2d5bf4eabe7 Mon Sep 17 00:00:00 2001 +From 4649e50c28321185cbaa81a37efbd317b84ae840 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 18 Aug 2021 17:55:21 +0200 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST @@ -10,10 +10,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037 1 file changed, 1 insertion(+) diff --git a/src/cmd/run.go b/src/cmd/run.go -index 7657ffa50821..23d422623b14 100644 +index ceb277a3640a..72b673f506b3 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go -@@ -501,6 +501,7 @@ func constructExecArgs(container, preserveFDs string, +@@ -576,6 +576,7 @@ func constructExecArgs(container, preserveFDs string, execArgs = append(execArgs, envOptions...) execArgs = append(execArgs, []string{ @@ -22,10 +22,10 @@ index 7657ffa50821..23d422623b14 100644 "--preserve-fds", preserveFDs, }...) -- -2.39.2 +2.51.0 -From 3c2c67752e8f88f72058799cbce3612fc937b230 Mon Sep 17 00:00:00 2001 +From b2ba8445bee988143d546bc15fa3a8a8c019aa2e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 13:42:15 +0100 Subject: [PATCH 2/2] test/system: Update to test the migration path for @@ -36,36 +36,39 @@ This reverts the changes to the tests made in commit ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit 3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed. --- - test/system/002-help.bats | 11 ----------- + test/system/002-help.bats | 14 -------------- test/system/100-root.bats | 27 +++++++++++++++++++++++++++ - 2 files changed, 27 insertions(+), 11 deletions(-) + 2 files changed, 27 insertions(+), 14 deletions(-) create mode 100644 test/system/100-root.bats diff --git a/test/system/002-help.bats b/test/system/002-help.bats -index 7e4565e9d23d..58a4c2c87ece 100644 +index f7cd3f5480ab..7ad5f72e792f 100644 --- a/test/system/002-help.bats +++ b/test/system/002-help.bats -@@ -23,17 +23,6 @@ setup() { - _setup_environment +@@ -33,20 +33,6 @@ teardown_file() { + cleanup_all } --@test "help: Try to run toolbox with no command" { -- run $TOOLBOX +-@test "help: Smoke test" { +- run --keep-empty-lines --separate-stderr "$TOOLBX" - - assert_failure +- assert [ ${#lines[@]} -eq 0 ] +- lines=("${stderr_lines[@]}") - assert_line --index 0 "Error: missing command" -- assert_line --index 1 "create Create a new toolbox container" -- assert_line --index 2 "enter Enter an existing toolbox container" -- assert_line --index 3 "list List all existing toolbox containers and images" -- assert_line --index 4 "Run 'toolbox --help' for usage." +- assert_line --index 2 "create Create a new Toolbx container" +- assert_line --index 3 "enter Enter an existing Toolbx container" +- assert_line --index 4 "list List all existing Toolbx containers and images" +- assert_line --index 6 "Run 'toolbox --help' for usage." +- assert [ ${#stderr_lines[@]} -eq 7 ] -} - - @test "help: Run command 'help'" { + @test "help: Command 'help'" { if ! command -v man 2>/dev/null; then - skip "Test works only if man is in PATH" + skip "not found man(1)" diff --git a/test/system/100-root.bats b/test/system/100-root.bats new file mode 100644 -index 000000000000..32d87904213e +index 000000000000..cf35d60ac25c --- /dev/null +++ b/test/system/100-root.bats @@ -0,0 +1,27 @@ @@ -77,15 +80,15 @@ index 000000000000..32d87904213e + +setup() { + _setup_environment -+ cleanup_containers ++ cleanup_all +} + +teardown() { -+ cleanup_containers ++ cleanup_all +} + +@test "root: Try to enter the default container with no containers created" { -+ run $TOOLBOX <<< "n" ++ run "$TOOLBX" <<< "n" + + assert_success + assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command." @@ -97,5 +100,5 @@ index 000000000000..32d87904213e + skip "Testing of entering toolboxes is not implemented" +} -- -2.39.2 +2.51.0 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch deleted file mode 100644 index 35ecc83..0000000 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 4f8b443ab925c84d059d894ddcfcf4dcf66a747e Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} - for PPC64 - -The Go toolchain also doesn't like the LDFLAGS environment variable as -exported by Fedora's %{meson} RPM macro. - -Note that these flags are only meant for the "ppc64" CPU architecture, -and should be kept updated to match Fedora's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..cae2de426a96 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,16 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.43.0 - diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch deleted file mode 100644 index c290d36..0000000 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 3175ef2fab1f61f5784361070ac338dabda3c04e Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} - -The Go toolchain doesn't like the LDFLAGS environment variable as -exported by Fedora's %{meson} RPM macro. - -Note that these flags are meant for every CPU architecture other than -PPC64, and should be kept updated to match Fedora's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..0e6a2efa6853 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,17 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -buildmode pie \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.43.0 - diff --git a/toolbox-Make-the-build-flags-match-Fedora.patch b/toolbox-Make-the-build-flags-match-Fedora.patch new file mode 100644 index 0000000..5ee5fd4 --- /dev/null +++ b/toolbox-Make-the-build-flags-match-Fedora.patch @@ -0,0 +1,62 @@ +From a1bb7d53fab70899c991feb9276cf93a12280750 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} + +These reflect the defaults for Fedora 39, which is the oldest supported +Fedora, barring some exceptions mentioned below. + +The change to use the RPM's %{name}, %{version}, %{release} and the +SOURCE_DATE_EPOCH environment variable [1], instead of /dev/urandom, to +generate the build ID annotation for the toolbox(1) binary [2] was left +out. It will need more work to propagate the RPM's %{name}, %{version} +and %{release} to Meson. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match Fedora's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. + +[1] https://reproducible-builds.org/docs/source-date-epoch/ + +[2] go-rpm-macros commit 1980932bf3a21890 + https://pagure.io/go-rpm-macros/c/1980932bf3a21890 + https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..5978422e9aed 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.51.0 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-10.patch b/toolbox-Make-the-build-flags-match-RHEL-10.patch new file mode 100644 index 0000000..9528088 --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch @@ -0,0 +1,71 @@ +From f79f96fb8f3ec528952b9719f356e871837987df Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags} + +These reflect the defaults for RHEL 10.0 Beta, because RHEL 10.0 is +still early in its development cycle and the defaults may be in a state +of flux. Some exceptions are mentioned below. + +The '-z pack-relative-relocs' linker flag was left out. It's currently +not supported on s390x, so using it would require architecture specific +patches, which is a hassle. Support for aarch64 was recently added [1], +so hopefully s390x will also be supported soon. + +The change to use the RPM's %{name}, %{version}, %{release} and the +SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to +generate the build ID annotation for the toolbox(1) binary [2] was left +out. It will need more work to propagate the RPM's %{name}, %{version} +and %{release} to Meson. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL 10's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. + +[1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b + https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b + https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42 + https://issues.redhat.com/browse/RHEL-40379 + +[2] go-rpm-macros commit 1980932bf3a21890 + https://pagure.io/go-rpm-macros/c/1980932bf3a21890 + https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..5978422e9aed 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.51.0 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-9.patch b/toolbox-Make-the-build-flags-match-RHEL-9.patch new file mode 100644 index 0000000..492268a --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch @@ -0,0 +1,50 @@ +From 2d1b4b2492c65abd0d0bf0c71c971f550447412d Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags} + +These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early +in its development cycle and the defaults may be in a state of flux. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..0a2c7526f210 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.51.0 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch deleted file mode 100644 index 15b52a8..0000000 --- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 973600219168f3c4efeb627c103085555327eaa5 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} for - PPC64 - -The Go toolchain also doesn't like the LDFLAGS environment variable as -exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't -like the compressed DWARF data generated by the Go toolchain. - -Note that these flags are only meant for the "ppc64" CPU architecture, -and should be kept updated to match RHEL's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..86f174716608 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,16 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.39.2 - diff --git a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch deleted file mode 100644 index 1fed4da..0000000 --- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch +++ /dev/null @@ -1,55 +0,0 @@ -From aeaa8cd30a8c5ad33ee1fe6b9e84ecbb28f7264c Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} - -The Go toolchain doesn't like the LDFLAGS environment variable as -exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't -like the compressed DWARF data generated by the Go toolchain. - -Note that these flags are meant for every CPU architecture other than -PPC64, and should be kept updated to match RHEL's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..d39764fda0c1 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,17 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -buildmode pie \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.39.2 - diff --git a/toolbox.rpmlintrc b/toolbox.rpmlintrc new file mode 100644 index 0000000..150b710 --- /dev/null +++ b/toolbox.rpmlintrc @@ -0,0 +1 @@ +addFilter(r'no-%check-section') diff --git a/toolbox.spec b/toolbox.spec index e9fdfc0..09e3785 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,16 @@ %global __brp_check_rpaths %{nil} +%if 0%{?rhel} +%if 0%{?rhel} <= 9 +%{!?bash_completions_dir: %global bash_completions_dir %{_datadir}/bash-completion/completions} +%{!?fish_completions_dir: %global fish_completions_dir %{_datadir}/fish/vendor_completions.d} +%{!?zsh_completions_dir: %global zsh_completions_dir %{_datadir}/zsh/site-functions} +%endif +%endif + + Name: toolbox -Version: 0.0.99.5 +Version: 0.3 %global goipath github.com/containers/%{name} @@ -17,10 +26,26 @@ Version: 0.0.99.5 %endif %endif -Release: 1%{?dist} +%global toolbx_go 1.22 + +%if 0%{?fedora} +%global toolbx_go 1.24.7 +%endif + +%if 0%{?rhel} +%if 0%{?rhel} == 9 +%global toolbx_go 1.22.5 +%elif 0%{?rhel} == 10 +%global toolbx_go 1.22.5 +%elif 0%{?rhel} > 10 +%global toolbx_go 1.24.4 +%endif +%endif + +Release: 2%{?dist} Summary: Tool for interactive command line environments on Linux -License: ASL 2.0 +License: Apache-2.0 URL: https://containertoolbx.org/ Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz @@ -28,154 +53,71 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version Source1: %{name}.conf # Fedora specific -Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch -Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +Patch100: toolbox-Make-the-build-flags-match-Fedora.patch # RHEL specific -Patch200: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch -Patch201: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +Patch200: toolbox-Make-the-build-flags-match-RHEL-9.patch +Patch201: toolbox-Make-the-build-flags-match-RHEL-10.patch Patch202: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch BuildRequires: gcc BuildRequires: go-md2man -BuildRequires: golang >= 1.20 +BuildRequires: golang >= %{toolbx_go} BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) -BuildRequires: shadow-utils-subid-devel +BuildRequires: shadow-utils-subid-devel >= 4.16.0 BuildRequires: systemd BuildRequires: systemd-rpm-macros %if ! 0%{?rhel} -BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1 -BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0 -BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0 -BuildRequires: golang(github.com/docker/go-units) >= 0.5.0 -BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1 -BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6 -BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1 -BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0 -BuildRequires: golang(github.com/spf13/viper) >= 1.10.1 -BuildRequires: golang(golang.org/x/sys/unix) >= 0.1.0 -BuildRequires: golang(golang.org/x/text) >= 0.3.8 -BuildRequires: golang(gopkg.in/yaml.v3) >= 3.0.0 BuildRequires: pkgconfig(fish) # for tests # BuildRequires: codespell -# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 # BuildRequires: ShellCheck %endif +Recommends: p11-kit-server Recommends: skopeo -Recommends: subscription-manager +%if ! 0%{?rhel} +Recommends: fuse-overlayfs +%endif Requires: containers-common -Requires: podman >= 1.6.4 -%if ! 0%{?rhel} Requires: flatpak-session-helper -%endif +Requires: podman >= 1.6.4 +Requires: shadow-utils-subid%{?_isa} >= 4.16.0 %description Toolbx is a tool for Linux, which allows the use of interactive command line -environments for development and troubleshooting the host operating system, -without having to install software on the host. It is built on top of Podman -and other standard container technologies from OCI. +environments for software development and troubleshooting the host operating +system, without having to install software on the host. It is built on top of +Podman and other standard container technologies from OCI. Toolbx environments have seamless access to the user's home directory, the Wayland and X11 sockets, networking (including Avahi), removable devices (like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev database, etc.. -%if ! 0%{?rhel} - -# The list of requires packages for -support and -experience should be in sync with: -# https://github.com/containers/toolbox/blob/master/images/fedora/f33/extra-packages -%package support -Summary: Required packages for the container image to support %{name} - -# These are really required to make the image work with toolbox -Requires: passwd -Requires: shadow-utils -Requires: util-linux -Requires: vte-profile - -%description support -The %{name}-support package contains all the required packages that are needed -to be installed in the OCI image to make it work with %{name}. - -The %{name}-support package should be typically installed from the Dockerfile -if the image isn't based on the fedora-toolbox image. - - -%package experience -Summary: Set of packages to enhance the %{name} experience - -Requires: %{name}-support = %{version}-%{release} -Requires: bash-completion -Requires: bc -Requires: bzip2 -Requires: diffutils -Requires: dnf-plugins-core -Requires: findutils -Requires: flatpak-spawn -Requires: fpaste -Requires: git -Requires: gnupg -Requires: gnupg2-smime -Requires: gvfs-client -Requires: hostname -Requires: iproute -Requires: iputils -Requires: jwhois -Requires: keyutils -Requires: krb5-libs -Requires: less -Requires: lsof -Requires: man-db -Requires: man-pages -Requires: mtr -Requires: nano-default-editor -Requires: nss-mdns -Requires: openssh-clients -Requires: pigz -Requires: procps-ng -Requires: rsync -Requires: sudo -Requires: tcpdump -Requires: time -Requires: traceroute -Requires: tree -Requires: unzip -Requires: wget -Requires: which -Requires: words -Requires: xorg-x11-xauth -Requires: xz -Requires: zip - -%description experience -The %{name}-experience package contains all the packages that should be -installed in the container to provide the same default experience as working -on the host. - -The %{name}-experience package should be typically installed from the -Dockerfile if the image isn't based on the fedora-toolbox image. - -%endif %package tests Summary: Tests for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} Requires: coreutils +Requires: diffutils +# for gdbus(1) +Requires: glib2 Requires: grep -# for htpasswd +# for htpasswd(1) Requires: httpd-tools Requires: openssl +Requires: python3 Requires: skopeo %if ! 0%{?rhel} -Requires: bats >= 1.7.0 +Requires: bats >= 1.10.0 %endif + %description tests The %{name}-tests package contains system tests for %{name}. @@ -184,43 +126,39 @@ The %{name}-tests package contains system tests for %{name}. %setup -q %if 0%{?fedora} -%ifnarch ppc64 -%patch100 -p1 -%else -%patch101 -p1 -%endif +%patch -P100 -p1 %endif %if 0%{?rhel} -%ifnarch ppc64 -%patch200 -p1 -%else -%patch201 -p1 +%if 0%{?rhel} == 9 +%patch -P200 -p1 +%endif + +%if 0%{?rhel} >= 10 +%patch -P201 -p1 %endif %if 0%{?rhel} <= 9 -%patch202 -p1 +%patch -P202 -p1 %endif %endif -%gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k} +%gomkdir -s %{_builddir}/%{extractdir}/src -k %build -export %{gomodulesmode} -export GOPATH=%{gobuilddir}:%{gopath} export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" %meson \ %if 0%{?rhel} - -Dfish_completions_dir=%{_datadir}/fish/vendor_completions.d \ + -Dfish_completions_dir=%{fish_completions_dir} \ %if 0%{?rhel} <= 9 -Dmigration_path_for_coreos_toolbox=true \ %endif %endif -Dprofile_dir=%{_sysconfdir}/profile.d \ -Dtmpfiles_dir=%{_tmpfilesdir} \ - -Dzsh_completions_dir=%{_datadir}/zsh/site-functions + -Dzsh_completions_dir=%{zsh_completions_dir} %meson_build @@ -240,32 +178,127 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %files -%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md -%license COPYING %{?rhel:src/vendor/modules.txt} +%doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md +%license COPYING src/vendor/modules.txt %{_bindir}/%{name} -%{_datadir}/bash-completion -%{_datadir}/fish -%{_datadir}/zsh %{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{name}-*.1* %{_mandir}/man5/%{name}.conf.5* %config(noreplace) %{_sysconfdir}/containers/%{name}.conf %{_sysconfdir}/profile.d/%{name}.sh %{_tmpfilesdir}/%{name}.conf +%{bash_completions_dir}/%{name}.bash +%{fish_completions_dir}/%{name}.fish +%{zsh_completions_dir}/_%{name} -%if ! 0%{?rhel} - -%files support - -%files experience - -%endif %files tests %{_datadir}/%{name} %changelog +* Fri Oct 10 2025 Alejandro Sáez - 0.3-2 +- rebuild + +* Wed Sep 17 2025 Debarshi Ray - 0.3-1 +- Update to 0.3 + +* Fri Aug 15 2025 Maxwell G - 0.2-2 +- Rebuild for golang-1.25.0 + +* Sat Aug 09 2025 Debarshi Ray - 0.2-1 +- Update to 0.2 +- Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787 + +* Fri Jul 25 2025 Fedora Release Engineering - 0.1.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Tue Jun 03 2025 Debarshi Ray - 0.1.2-1 +- Update to 0.1.2 + +* Wed Jan 22 2025 Debarshi Ray - 0.1.1-3 +- Use RPM macros for shell completions and clean up directory ownership + +* Sun Jan 19 2025 Fedora Release Engineering - 0.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Mon Nov 04 2024 Debarshi Ray - 0.1.1-1 +- Update to 0.1.1 + +* Tue Oct 22 2024 Debarshi Ray - 0.1.0-1 +- Update to 0.1.0 + +* Wed Oct 16 2024 Debarshi Ray - 0.0.99.6-6 +- Recommend fuse-overlayfs because old containers created with it need it + +* Mon Oct 07 2024 Debarshi Ray - 0.0.99.6-5 +- Don't use slirp4netns(1) in tests to work around bug in pasta(1) + +* Fri Oct 04 2024 Debarshi Ray - 0.0.99.6-4 +- Use the fedora-toolbox:40 image for Fedora Asahi Remix hosts + +* Thu Oct 03 2024 Debarshi Ray - 0.0.99.6-3 +- Unbreak the downstream Fedora CI + +* Wed Oct 02 2024 Debarshi Ray - 0.0.99.6-2 +- Silence 'rpminspect --tests=elf' + +* Mon Sep 30 2024 Debarshi Ray - 0.0.99.6-1 +- Update to 0.0.99.6 + +* Thu Sep 12 2024 Debarshi Ray - 0.0.99.5-18 +- Rebuild against shadow-utils-subid ABI version 5.0.0 + +* Thu Aug 08 2024 Debarshi Ray - 0.0.99.5-17 +- Ensure slirp4netns(1) is installed + +* Wed Jul 31 2024 Debarshi Ray - 0.0.99.5-16 +- Avoid running out of storage space when running the tests + +* Fri Jul 26 2024 Adam Williamson - 0.0.99.5-15 +- Fix CI test (hopefully) + +* Sat Jul 20 2024 Fedora Release Engineering - 0.0.99.5-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-13 +- Silence 'rpminspect --tests=stack-prot' + +* Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-12 +- Silence 'rpminspect --tests=annocheck' (part 2) + +* Tue May 07 2024 Debarshi Ray - 0.0.99.5-11 +- Unbreak the tests with Podman 5.0 + +* Tue Mar 26 2024 Debarshi Ray - 0.0.99.5-10 +- Specify the golang versions for RHEL 9 and 10 + +* Tue Mar 05 2024 Debarshi Ray - 0.0.99.5-9 +- Conditionalize the BuildRequires on golang + +* Tue Feb 27 2024 Debarshi Ray - 0.0.99.5-8 +- Unbreak Podman's downstream Fedora CI (part 2) +- Backport some new upstream tests + +* Tue Feb 13 2024 Debarshi Ray - 0.0.99.5-7 +- Unbreak Podman's downstream Fedora CI +- Update the BuildRequires on golang to reflect reality + +* Sun Feb 11 2024 Maxwell G - 0.0.99.5-6 +- Rebuild for golang 1.22.0 + +* Wed Feb 07 2024 Debarshi Ray - 0.0.99.5-5 +- Migrate to SPDX license + +* Sat Jan 27 2024 Fedora Release Engineering - 0.0.99.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 11 2024 Debarshi Ray - 0.0.99.5-3 +- Drop 'Recommends: subscription-manager' + +* Tue Dec 19 2023 Debarshi Ray - 0.0.99.5-2 +- Drop the experience and support subpackages + * Tue Dec 19 2023 Debarshi Ray - 0.0.99.5-1 - Update to 0.0.99.5