diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 3db2fe9..2625054 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,10 @@ /toolbox-0.0.99.3.tar.xz /toolbox-0.0.99.3-vendor.tar.xz /toolbox-0.0.99.4-vendored.tar.xz +/toolbox-0.0.99.5-vendored.tar.xz +/toolbox-0.0.99.6-vendored.tar.xz +/toolbox-0.1.0-vendored.tar.xz +/toolbox-0.1.1-vendored.tar.xz +/toolbox-0.1.2-vendored.tar.xz +/toolbox-0.2-vendored.tar.xz +/toolbox-0.3-vendored.tar.xz diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..e6427de --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,4 @@ +discover: + how: fmf +execute: + how: tmt diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..f0d9c5c --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,16 @@ +# https://github.com/rpminspect/rpminspect/blob/master/data/generic.yaml +# https://github.com/rpminspect/rpminspect-data-fedora/blob/main/fedora.yaml + +--- + +annocheck: + extra_opts: + hardened: --skip-run-path --skip-stack-prot + +elf: + exclude_path: /usr/bin/toolbox + +runpath: + allowed_paths: + - /run/host/usr/lib + - /run/host/usr/lib64 diff --git a/sources b/sources index a8351c5..f30b3d7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.4-vendored.tar.xz) = 882cd6ec1c1a193af8774dfdfd0aff72d376c4fec3e0cc702e2d524353c051e408eab2ac3fb43ec00fe622b46ac89fdbe97aca2f7cfbe3822e5d3ff1743f2fd0 +SHA512 (toolbox-0.3-vendored.tar.xz) = e464aba1c40b37b0ed027a560a0685e5dc8f07684d33d0e2bac5f0ba8c2b2c2a4c585db8847b23bd0753e33d37e3e88c87ab71d3999c3afedf315717f468c0ba diff --git a/tests/main.fmf b/tests/main.fmf new file mode 100644 index 0000000..25a6fe7 --- /dev/null +++ b/tests/main.fmf @@ -0,0 +1,12 @@ +environment: + ROOTLESS_USER: "fedora" + TMPDIR: /var/tmp +require: + - toolbox-tests + +/rootless: + summary: rootless test + test: | + rpm --erase p11-kit-server + bash ./rootless-test.sh + duration: 4h diff --git a/tests/roles/nonroot_user/tasks/main.yml b/tests/roles/nonroot_user/tasks/main.yml deleted file mode 100644 index 51bf44a..0000000 --- a/tests/roles/nonroot_user/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: create nonroot user - user: - name: testuser - shell: /bin/bash -- name: enable linger - command: loginctl enable-linger testuser diff --git a/tests/roles/run_bats_tests/files/run_bats_tests.sh b/tests/roles/run_bats_tests/files/run_bats_tests.sh deleted file mode 100755 index e9f5f5f..0000000 --- a/tests/roles/run_bats_tests/files/run_bats_tests.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -# -# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman -# -# This is invoked by the 'run_bats_tests' role; we assume that -# the package foo has a foo-tests subpackage which provides the -# directory /usr/share/foo/test/system, containing one or more .bats -# test files. -# - -export PATH=/usr/local/bin:/usr/sbin:/usr/bin - -FULL_LOG=/tmp/test.debug.log -BATS_LOG=/tmp/test.bats.log -rm -f $FULL_LOG $BATS_LOG -touch $FULL_LOG $BATS_LOG - -exec &> $FULL_LOG - -# Log program versions -echo "Packages:" -rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests - -echo "------------------------------" -printenv | sort - -testdir=/usr/share/${TEST_PACKAGE}/test/system - -if ! cd $testdir; then - echo "FAIL ${TEST_NAME} : cd $testdir" >> /tmp/test.log - exit 0 -fi - -if [ -e /tmp/helper.sh ]; then - echo "------------------------------" - echo ". /tmp/helper.sh" - . /tmp/helper.sh -fi - -if [ "$(type -t setup)" = "function" ]; then - echo "------------------------------" - echo "\$ setup" - setup - if [ $? -ne 0 ]; then - echo "FAIL ${TEST_NAME} : setup" >> /tmp/test.log - exit 0 - fi -fi - -echo "------------------------------" -echo "\$ bats ." -bats . &> $BATS_LOG -rc=$? - -echo "------------------------------" -echo "bats completed with status $rc" - -status=PASS -if [ $rc -ne 0 ]; then - status=FAIL -fi - -echo "${status} ${TEST_NAME}" >> /tmp/test.log - -if [ "$(type -t teardown)" = "function" ]; then - echo "------------------------------" - echo "\$ teardown" - teardown -fi - -# FIXME: for CI purposes, always exit 0. This allows subsequent tests. -exit 0 diff --git a/tests/roles/run_bats_tests/tasks/main.yml b/tests/roles/run_bats_tests/tasks/main.yml deleted file mode 100644 index da79a4c..0000000 --- a/tests/roles/run_bats_tests/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Create empty results file, world-writable -- name: initialize test.log file - copy: dest=/tmp/test.log content='' force=yes mode=0666 - -- name: execute tests - include: run_one_test.yml - with_items: "{{ tests }}" - loop_control: - loop_var: test - -- name: pull test.log results - fetch: - src: "/tmp/test.log" - dest: "{{ artifacts }}/test.log" - flat: yes - -# Copied from standard-test-basic -- name: check results - shell: grep "^FAIL" /tmp/test.log - register: test_fails - # Never fail at this step. Just store result of tests. - failed_when: False - -- name: preserve results - set_fact: - role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}" - role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}" - -- name: display results - vars: - msg: | - Tests failed: {{ role_result_failed|d('Undefined') }} - Tests msg: {{ role_result_msg|d('None') }} - debug: - msg: "{{ msg.split('\n') }}" - failed_when: "role_result_failed|bool" diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml deleted file mode 100644 index b44ed42..0000000 --- a/tests/roles/run_bats_tests/tasks/run_one_test.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: "{{ test.name }} | install test packages" - dnf: name="{{ test.package }}-tests" state=installed - -- name: "{{ test.name }} | define helper variables" - set_fact: - test_name_oneword: "{{ test.name | replace(' ','-') }}" - -# UGH. This is necessary because our caller sets some environment variables -# and we need to set a few more based on other caller variables; then we -# need to combine the two dicts when running the test. This seems to be -# the only way to do it in ansible. -- name: "{{ test.name }} | define local environment" - set_fact: - local_environment: - TEST_NAME: "{{ test.name }}" - TEST_PACKAGE: "{{ test.package }}" - TEST_ENV: "{{ test.environment }}" - -- name: "{{ test.name }} | setup/teardown helper | see if exists" - local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh - register: helper - -- name: "{{ test.name }} | setup/teardown helper | install" - copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh - when: helper.stat.exists - -- name: "{{ test.name }} | run test" - script: ./run_bats_tests.sh - args: - chdir: /usr/share/{{ test.package }}/test/system - become: "{{ true if test.become is defined else false }}" - become_user: testuser - environment: "{{ local_environment | combine(test.environment) }}" - -- name: "{{ test.name }} | pull logs" - fetch: - src: "/tmp/test.{{ item }}.log" - dest: "{{ artifacts }}/test.{{ test_name_oneword }}.{{ item }}.log" - flat: yes - with_items: - - bats - - debug - -- name: "{{ test.name }} | remove remote logs and helpers" - file: - dest=/tmp/{{ item }} - state=absent - with_items: - - test.bats.log - - test.debug.log - - helper.sh diff --git a/tests/rootless-test.sh b/tests/rootless-test.sh new file mode 100644 index 0000000..16da9fe --- /dev/null +++ b/tests/rootless-test.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -exo pipefail + +uname -r + +loginctl enable-linger "$ROOTLESS_USER" + +rpm -q containers-common-extra podman toolbox + +su --whitelist-environment=$(cat ./tmt-envvars | tr '\n' ',') - "$ROOTLESS_USER" -c "whoami && cd /usr/share/toolbox/test/system && bats ." diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 0048a3e..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- hosts: localhost - tags: classic - vars: - - artifacts: ./artifacts - roles: - - role: nonroot_user - - role: run_bats_tests - tests: - - name: toolbox - package: toolbox - environment: - PODMAN: /usr/bin/podman - become: true - \ No newline at end of file diff --git a/tests/tmt-envvars b/tests/tmt-envvars new file mode 100644 index 0000000..6f3176e --- /dev/null +++ b/tests/tmt-envvars @@ -0,0 +1 @@ +TMPDIR diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch new file mode 100644 index 0000000..aec1779 --- /dev/null +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -0,0 +1,104 @@ +From 4649e50c28321185cbaa81a37efbd317b84ae840 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 18 Aug 2021 17:55:21 +0200 +Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST + environment variable + +https://bugzilla.redhat.com/show_bug.cgi?id=1940037 +--- + src/cmd/run.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmd/run.go b/src/cmd/run.go +index ceb277a3640a..72b673f506b3 100644 +--- a/src/cmd/run.go ++++ b/src/cmd/run.go +@@ -576,6 +576,7 @@ func constructExecArgs(container, preserveFDs string, + execArgs = append(execArgs, envOptions...) + + execArgs = append(execArgs, []string{ ++ "--env", "HOST=/run/host", + "--interactive", + "--preserve-fds", preserveFDs, + }...) +-- +2.51.0 + + +From b2ba8445bee988143d546bc15fa3a8a8c019aa2e Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Fri, 10 Dec 2021 13:42:15 +0100 +Subject: [PATCH 2/2] test/system: Update to test the migration path for + coreos/toolbox users + +This reverts the changes to the tests made in commit +411147988b730dabf8b9e761a5426e12d648f008 by restoring commit +ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit +3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed. +--- + test/system/002-help.bats | 14 -------------- + test/system/100-root.bats | 27 +++++++++++++++++++++++++++ + 2 files changed, 27 insertions(+), 14 deletions(-) + create mode 100644 test/system/100-root.bats + +diff --git a/test/system/002-help.bats b/test/system/002-help.bats +index f7cd3f5480ab..7ad5f72e792f 100644 +--- a/test/system/002-help.bats ++++ b/test/system/002-help.bats +@@ -33,20 +33,6 @@ teardown_file() { + cleanup_all + } + +-@test "help: Smoke test" { +- run --keep-empty-lines --separate-stderr "$TOOLBX" +- +- assert_failure +- assert [ ${#lines[@]} -eq 0 ] +- lines=("${stderr_lines[@]}") +- assert_line --index 0 "Error: missing command" +- assert_line --index 2 "create Create a new Toolbx container" +- assert_line --index 3 "enter Enter an existing Toolbx container" +- assert_line --index 4 "list List all existing Toolbx containers and images" +- assert_line --index 6 "Run 'toolbox --help' for usage." +- assert [ ${#stderr_lines[@]} -eq 7 ] +-} +- + @test "help: Command 'help'" { + if ! command -v man 2>/dev/null; then + skip "not found man(1)" +diff --git a/test/system/100-root.bats b/test/system/100-root.bats +new file mode 100644 +index 000000000000..cf35d60ac25c +--- /dev/null ++++ b/test/system/100-root.bats +@@ -0,0 +1,27 @@ ++#!/usr/bin/env bats ++ ++load 'libs/bats-support/load' ++load 'libs/bats-assert/load' ++load 'libs/helpers' ++ ++setup() { ++ _setup_environment ++ cleanup_all ++} ++ ++teardown() { ++ cleanup_all ++} ++ ++@test "root: Try to enter the default container with no containers created" { ++ run "$TOOLBX" <<< "n" ++ ++ assert_success ++ assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command." ++ assert_line --index 1 "Run 'toolbox --help' for usage." ++} ++ ++# TODO: Write the test ++@test "root: Enter the default container when 1 non-default container is present" { ++ skip "Testing of entering toolboxes is not implemented" ++} +-- +2.51.0 + diff --git a/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch b/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch deleted file mode 100644 index 85c7289..0000000 --- a/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch +++ /dev/null @@ -1,89 +0,0 @@ -From fc5f568c5d82f4a16982268fa67092e52be91fbe Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Tue, 28 Feb 2023 17:12:04 +0100 -Subject: [PATCH] cmd/root: Don't use podman(1) when generating the completions - -Ever since commit bafbbe81c9220cb3, the shell completions are generated -while building Toolbx using the 'completion' command. This involves -running toolbox(1) itself, and hence invoking 'podman version' to decide -if 'podman system migrate' is needed or not. - -Unfortunately, some build environments, like Fedora's, are set up inside -a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may -not work because it does various things with namespaces(7) and clone(2) -that can, under certain circumstances, encounter an EPERM. - -Therefore, it's better to avoid using podman(1) when generating the -shell completions, especially, since they are generated by Cobra itself -and podman(1) is not involved at all. - -Note that podman(1) is needed when the generated shell completions are -actually used in interactive command line environments. The shell -completions invoke the hidden '__complete' command to get the results -that are presented to the user, and, if needed, 'podman system migrate' -will continue to be run as part of that. - -This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011 -because podman(1) is now only an optional runtime dependency for the -system tests. - -https://github.com/containers/podman/issues/17657 ---- - meson.build | 2 +- - src/cmd/root.go | 9 +++++++-- - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/meson.build b/meson.build -index 6f044bb204e3..653a3d3ac588 100644 ---- a/meson.build -+++ b/meson.build -@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h']) - - go = find_program('go') - go_md2man = find_program('go-md2man') --podman = find_program('podman') - - bats = find_program('bats', required: false) - codespell = find_program('codespell', required: false) - htpasswd = find_program('htpasswd', required: false) - openssl = find_program('openssl', required: false) -+podman = find_program('podman', required: false) - shellcheck = find_program('shellcheck', required: false) - skopeo = find_program('skopeo', required: false) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 304b03dcd889..9975ccc7a4c8 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error { - - logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath) - -- if err := migrate(); err != nil { -+ if err := migrate(cmd, args); err != nil { - return err - } - -@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error { - return rootRunImpl(cmd, args) - } - --func migrate() error { -+func migrate(cmd *cobra.Command, args []string) error { - logrus.Debug("Migrating to newer Podman") - - if utils.IsInsideContainer() { - return nil - } - -+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { -+ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName) -+ return nil -+ } -+ - configDir, err := os.UserConfigDir() - if err != nil { - logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err) --- -2.39.1 - diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch deleted file mode 100644 index f658031..0000000 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 17a0e519fd9b1e721b35a823bd244a28e3f87a4a Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} for - PPC64 - -The Go toolchain doesn't play well with passing compiler and linker -flags via environment variables. The linker flags require a second -level of quoting, which leaves the build system without a quote level -to assign the flags to an environment variable like GOFLAGS. - -This is one reason why Fedora doesn't have a RPM macro with only the -flags. The %{gobuild} RPM macro includes the entire 'go build ...' -invocation. - -The Go toolchain also doesn't like the LDFLAGS environment variable as -exported by Fedora's %{meson} RPM macro. - -Note that these flags are only meant for the "ppc64" CPU architecture, -and should be kept updated to match Fedora's Go guidelines. Use -'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. ---- - src/go-build-wrapper | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..cae2de426a96 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,16 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.39.1 - diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch deleted file mode 100644 index 7105cb5..0000000 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ /dev/null @@ -1,63 +0,0 @@ -From fd03e31c7d789413700db84af02894d5be70b5ee Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} - -The Go toolchain doesn't play well with passing compiler and linker -flags via environment variables. The linker flags require a second -level of quoting, which leaves the build system without a quote level -to assign the flags to an environment variable like GOFLAGS. - -This is one reason why Fedora doesn't have a RPM macro with only the -flags. The %{gobuild} RPM macro includes the entire 'go build ...' -invocation. - -The Go toolchain also doesn't like the LDFLAGS environment variable as -exported by Fedora's %{meson} RPM macro. - -Note that these flags are meant for every CPU architecture other than -PPC64, and should be kept updated to match Fedora's Go guidelines. Use -'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. ---- - src/go-build-wrapper | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..0e6a2efa6853 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,17 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -buildmode pie \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.39.1 - diff --git a/toolbox-Make-the-build-flags-match-Fedora.patch b/toolbox-Make-the-build-flags-match-Fedora.patch new file mode 100644 index 0000000..5ee5fd4 --- /dev/null +++ b/toolbox-Make-the-build-flags-match-Fedora.patch @@ -0,0 +1,62 @@ +From a1bb7d53fab70899c991feb9276cf93a12280750 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} + +These reflect the defaults for Fedora 39, which is the oldest supported +Fedora, barring some exceptions mentioned below. + +The change to use the RPM's %{name}, %{version}, %{release} and the +SOURCE_DATE_EPOCH environment variable [1], instead of /dev/urandom, to +generate the build ID annotation for the toolbox(1) binary [2] was left +out. It will need more work to propagate the RPM's %{name}, %{version} +and %{release} to Meson. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match Fedora's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. + +[1] https://reproducible-builds.org/docs/source-date-epoch/ + +[2] go-rpm-macros commit 1980932bf3a21890 + https://pagure.io/go-rpm-macros/c/1980932bf3a21890 + https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..5978422e9aed 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.51.0 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-10.patch b/toolbox-Make-the-build-flags-match-RHEL-10.patch new file mode 100644 index 0000000..9528088 --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch @@ -0,0 +1,71 @@ +From f79f96fb8f3ec528952b9719f356e871837987df Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags} + +These reflect the defaults for RHEL 10.0 Beta, because RHEL 10.0 is +still early in its development cycle and the defaults may be in a state +of flux. Some exceptions are mentioned below. + +The '-z pack-relative-relocs' linker flag was left out. It's currently +not supported on s390x, so using it would require architecture specific +patches, which is a hassle. Support for aarch64 was recently added [1], +so hopefully s390x will also be supported soon. + +The change to use the RPM's %{name}, %{version}, %{release} and the +SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to +generate the build ID annotation for the toolbox(1) binary [2] was left +out. It will need more work to propagate the RPM's %{name}, %{version} +and %{release} to Meson. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL 10's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. + +[1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b + https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b + https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42 + https://issues.redhat.com/browse/RHEL-40379 + +[2] go-rpm-macros commit 1980932bf3a21890 + https://pagure.io/go-rpm-macros/c/1980932bf3a21890 + https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..5978422e9aed 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.51.0 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-9.patch b/toolbox-Make-the-build-flags-match-RHEL-9.patch new file mode 100644 index 0000000..492268a --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch @@ -0,0 +1,50 @@ +From 2d1b4b2492c65abd0d0bf0c71c971f550447412d Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags} + +These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early +in its development cycle and the defaults may be in a state of flux. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..0a2c7526f210 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.51.0 + diff --git a/toolbox.conf b/toolbox.conf new file mode 100644 index 0000000..f612e2f --- /dev/null +++ b/toolbox.conf @@ -0,0 +1,17 @@ +[general] +# Create a toolbox container for a different operating system distro than the +# host. Cannot be used with 'image'. +## distro = "fedora" + +# Create a toolbox container for a different operating system release than the +# host. Cannot be used with 'image'. +## release = "33" + +# Change the name of the image used to create the toolbox container. This is +# useful for creating containers from custom-built images. Cannot be used with +# 'distro' or 'release'. +# +# If the name does not contain a registry, the local image storage will be +# consulted, and if it's not present there then it will be pulled from a +# suitable remote registry. +image = "registry.access.redhat.com/ubi9/toolbox:latest" diff --git a/toolbox.rpmlintrc b/toolbox.rpmlintrc new file mode 100644 index 0000000..150b710 --- /dev/null +++ b/toolbox.rpmlintrc @@ -0,0 +1 @@ +addFilter(r'no-%check-section') diff --git a/toolbox.spec b/toolbox.spec index b27a7a5..09e3785 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,153 +1,122 @@ %global __brp_check_rpaths %{nil} +%if 0%{?rhel} +%if 0%{?rhel} <= 9 +%{!?bash_completions_dir: %global bash_completions_dir %{_datadir}/bash-completion/completions} +%{!?fish_completions_dir: %global fish_completions_dir %{_datadir}/fish/vendor_completions.d} +%{!?zsh_completions_dir: %global zsh_completions_dir %{_datadir}/zsh/site-functions} +%endif +%endif + + Name: toolbox -Version: 0.0.99.4 +Version: 0.3 %global goipath github.com/containers/%{name} -%if 0%{?rhel} == 9 +%if 0%{?fedora} +%gometa -f +%endif + +%if 0%{?rhel} +%if 0%{?rhel} <= 9 %gometa %else %gometa -f %endif +%endif -Release: 1%{?dist} -Summary: Tool for containerized command line environments on Linux +%global toolbx_go 1.22 -License: ASL 2.0 +%if 0%{?fedora} +%global toolbx_go 1.24.7 +%endif + +%if 0%{?rhel} +%if 0%{?rhel} == 9 +%global toolbx_go 1.22.5 +%elif 0%{?rhel} == 10 +%global toolbx_go 1.22.5 +%elif 0%{?rhel} > 10 +%global toolbx_go 1.24.4 +%endif +%endif + +Release: 2%{?dist} +Summary: Tool for interactive command line environments on Linux + +License: Apache-2.0 URL: https://containertoolbx.org/ Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz -# Upstream -Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch +# RHEL specific +Source1: %{name}.conf # Fedora specific -Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch -Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +Patch100: toolbox-Make-the-build-flags-match-Fedora.patch + +# RHEL specific +Patch200: toolbox-Make-the-build-flags-match-RHEL-9.patch +Patch201: toolbox-Make-the-build-flags-match-RHEL-10.patch +Patch202: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch BuildRequires: gcc BuildRequires: go-md2man -BuildRequires: golang >= 1.18.9 -%if ! 0%{?rhel} -BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1 -BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0 -BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0 -BuildRequires: golang(github.com/docker/go-units) >= 0.4.0 -BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1 -BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6 -BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1 -BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0 -BuildRequires: golang(github.com/spf13/viper) >= 1.10.1 -BuildRequires: golang(golang.org/x/sys/unix) -BuildRequires: golang(golang.org/x/term) -# for tests -# BuildRequires: codespell -# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 -# BuildRequires: ShellCheck -%endif +BuildRequires: golang >= %{toolbx_go} BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) -BuildRequires: pkgconfig(fish) -BuildRequires: shadow-utils-subid-devel +BuildRequires: shadow-utils-subid-devel >= 4.16.0 BuildRequires: systemd BuildRequires: systemd-rpm-macros +%if ! 0%{?rhel} +BuildRequires: pkgconfig(fish) +# for tests +# BuildRequires: codespell +# BuildRequires: ShellCheck +%endif + +Recommends: p11-kit-server +Recommends: skopeo +%if ! 0%{?rhel} +Recommends: fuse-overlayfs +%endif Requires: containers-common Requires: flatpak-session-helper -Requires: podman >= 1.4.0 +Requires: podman >= 1.6.4 +Requires: shadow-utils-subid%{?_isa} >= 4.16.0 %description -Toolbox is a tool for Linux operating systems, which allows the use of -containerized command line environments. It is built on top of Podman and -other standard container technologies from OCI. +Toolbx is a tool for Linux, which allows the use of interactive command line +environments for software development and troubleshooting the host operating +system, without having to install software on the host. It is built on top of +Podman and other standard container technologies from OCI. -%if ! 0%{?rhel} +Toolbx environments have seamless access to the user's home directory, the +Wayland and X11 sockets, networking (including Avahi), removable devices (like +USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev +database, etc.. -# The list of requires packages for -support and -experience should be in sync with: -# https://github.com/containers/toolbox/blob/master/images/fedora/f33/extra-packages -%package support -Summary: Required packages for the container image to support %{name} - -# These are really required to make the image work with toolbox -Requires: passwd -Requires: shadow-utils -Requires: util-linux -Requires: vte-profile - -%description support -The %{name}-support package contains all the required packages that are needed -to be installed in the OCI image to make it work with %{name}. - -The %{name}-support package should be typically installed from the Dockerfile -if the image isn't based on the fedora-toolbox image. - - -%package experience -Summary: Set of packages to enhance the %{name} experience - -Requires: %{name}-support = %{version}-%{release} -Requires: bash-completion -Requires: bc -Requires: bzip2 -Requires: diffutils -Requires: dnf-plugins-core -Requires: findutils -Requires: flatpak-spawn -Requires: fpaste -Requires: git -Requires: gnupg -Requires: gnupg2-smime -Requires: gvfs-client -Requires: hostname -Requires: iproute -Requires: iputils -Requires: jwhois -Requires: keyutils -Requires: krb5-libs -Requires: less -Requires: lsof -Requires: man-db -Requires: man-pages -Requires: mtr -Requires: nano-default-editor -Requires: nss-mdns -Requires: openssh-clients -Requires: pigz -Requires: procps-ng -Requires: rsync -Requires: sudo -Requires: tcpdump -Requires: time -Requires: traceroute -Requires: tree -Requires: unzip -Requires: wget -Requires: which -Requires: words -Requires: xorg-x11-xauth -Requires: xz -Requires: zip - -%description experience -The %{name}-experience package contains all the packages that should be -installed in the container to provide the same default experience as working -on the host. - -The %{name}-experience package should be typically installed from the -Dockerfile if the image isn't based on the fedora-toolbox image. - -%endif %package tests Summary: Tests for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: bats Requires: coreutils -Requires: gawk +Requires: diffutils +# for gdbus(1) +Requires: glib2 Requires: grep +# for htpasswd(1) +Requires: httpd-tools +Requires: openssl +Requires: python3 Requires: skopeo +%if ! 0%{?rhel} +Requires: bats >= 1.10.0 +%endif + %description tests The %{name}-tests package contains system tests for %{name}. @@ -155,26 +124,42 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q -%patch0 -p1 -%ifnarch ppc64 -%patch100 -p1 -%else -%patch101 -p1 +%if 0%{?fedora} +%patch -P100 -p1 %endif -%gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k} +%if 0%{?rhel} +%if 0%{?rhel} == 9 +%patch -P200 -p1 +%endif + +%if 0%{?rhel} >= 10 +%patch -P201 -p1 +%endif + +%if 0%{?rhel} <= 9 +%patch -P202 -p1 +%endif +%endif + +%gomkdir -s %{_builddir}/%{extractdir}/src -k %build -export %{gomodulesmode} -export GOPATH=%{gobuilddir}:%{gopath} export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" %meson \ +%if 0%{?rhel} + -Dfish_completions_dir=%{fish_completions_dir} \ +%if 0%{?rhel} <= 9 + -Dmigration_path_for_coreos_toolbox=true \ +%endif +%endif -Dprofile_dir=%{_sysconfdir}/profile.d \ -Dtmpfiles_dir=%{_tmpfilesdir} \ - -Dzsh_completions_dir=%{_datadir}/zsh/site-functions + -Dzsh_completions_dir=%{zsh_completions_dir} + %meson_build @@ -185,49 +170,187 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ %install %meson_install +%if 0%{?rhel} +%if 0%{?rhel} <= 9 +install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf +%endif +%endif + %files -%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md -%license COPYING %{?rhel:src/vendor/modules.txt} +%doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md +%license COPYING src/vendor/modules.txt %{_bindir}/%{name} -%{_datadir}/bash-completion -%{_datadir}/fish -%{_datadir}/zsh %{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{name}-*.1* %{_mandir}/man5/%{name}.conf.5* %config(noreplace) %{_sysconfdir}/containers/%{name}.conf %{_sysconfdir}/profile.d/%{name}.sh %{_tmpfilesdir}/%{name}.conf +%{bash_completions_dir}/%{name}.bash +%{fish_completions_dir}/%{name}.fish +%{zsh_completions_dir}/_%{name} -%if ! 0%{?rhel} - -%files support - -%files experience - -%endif %files tests %{_datadir}/%{name} %changelog +* Fri Oct 10 2025 Alejandro Sáez - 0.3-2 +- rebuild + +* Wed Sep 17 2025 Debarshi Ray - 0.3-1 +- Update to 0.3 + +* Fri Aug 15 2025 Maxwell G - 0.2-2 +- Rebuild for golang-1.25.0 + +* Sat Aug 09 2025 Debarshi Ray - 0.2-1 +- Update to 0.2 +- Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787 + +* Fri Jul 25 2025 Fedora Release Engineering - 0.1.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Tue Jun 03 2025 Debarshi Ray - 0.1.2-1 +- Update to 0.1.2 + +* Wed Jan 22 2025 Debarshi Ray - 0.1.1-3 +- Use RPM macros for shell completions and clean up directory ownership + +* Sun Jan 19 2025 Fedora Release Engineering - 0.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Mon Nov 04 2024 Debarshi Ray - 0.1.1-1 +- Update to 0.1.1 + +* Tue Oct 22 2024 Debarshi Ray - 0.1.0-1 +- Update to 0.1.0 + +* Wed Oct 16 2024 Debarshi Ray - 0.0.99.6-6 +- Recommend fuse-overlayfs because old containers created with it need it + +* Mon Oct 07 2024 Debarshi Ray - 0.0.99.6-5 +- Don't use slirp4netns(1) in tests to work around bug in pasta(1) + +* Fri Oct 04 2024 Debarshi Ray - 0.0.99.6-4 +- Use the fedora-toolbox:40 image for Fedora Asahi Remix hosts + +* Thu Oct 03 2024 Debarshi Ray - 0.0.99.6-3 +- Unbreak the downstream Fedora CI + +* Wed Oct 02 2024 Debarshi Ray - 0.0.99.6-2 +- Silence 'rpminspect --tests=elf' + +* Mon Sep 30 2024 Debarshi Ray - 0.0.99.6-1 +- Update to 0.0.99.6 + +* Thu Sep 12 2024 Debarshi Ray - 0.0.99.5-18 +- Rebuild against shadow-utils-subid ABI version 5.0.0 + +* Thu Aug 08 2024 Debarshi Ray - 0.0.99.5-17 +- Ensure slirp4netns(1) is installed + +* Wed Jul 31 2024 Debarshi Ray - 0.0.99.5-16 +- Avoid running out of storage space when running the tests + +* Fri Jul 26 2024 Adam Williamson - 0.0.99.5-15 +- Fix CI test (hopefully) + +* Sat Jul 20 2024 Fedora Release Engineering - 0.0.99.5-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-13 +- Silence 'rpminspect --tests=stack-prot' + +* Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-12 +- Silence 'rpminspect --tests=annocheck' (part 2) + +* Tue May 07 2024 Debarshi Ray - 0.0.99.5-11 +- Unbreak the tests with Podman 5.0 + +* Tue Mar 26 2024 Debarshi Ray - 0.0.99.5-10 +- Specify the golang versions for RHEL 9 and 10 + +* Tue Mar 05 2024 Debarshi Ray - 0.0.99.5-9 +- Conditionalize the BuildRequires on golang + +* Tue Feb 27 2024 Debarshi Ray - 0.0.99.5-8 +- Unbreak Podman's downstream Fedora CI (part 2) +- Backport some new upstream tests + +* Tue Feb 13 2024 Debarshi Ray - 0.0.99.5-7 +- Unbreak Podman's downstream Fedora CI +- Update the BuildRequires on golang to reflect reality + +* Sun Feb 11 2024 Maxwell G - 0.0.99.5-6 +- Rebuild for golang 1.22.0 + +* Wed Feb 07 2024 Debarshi Ray - 0.0.99.5-5 +- Migrate to SPDX license + +* Sat Jan 27 2024 Fedora Release Engineering - 0.0.99.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 11 2024 Debarshi Ray - 0.0.99.5-3 +- Drop 'Recommends: subscription-manager' + +* Tue Dec 19 2023 Debarshi Ray - 0.0.99.5-2 +- Drop the experience and support subpackages + +* Tue Dec 19 2023 Debarshi Ray - 0.0.99.5-1 +- Update to 0.0.99.5 + +* Tue Dec 19 2023 Debarshi Ray - 0.0.99.4-10 +- Require openssl(1) for the system tests in the tests subpackage + +* Wed Dec 06 2023 Adam Williamson - 0.0.99.4-9 +- tests subpackage: require httpd-tools for htpasswd + +* Tue Dec 05 2023 Debarshi Ray - 0.0.99.4-8 +- Fix the conditionals for 'if RHEL <= 9' + +* Thu Nov 30 2023 Debarshi Ray - 0.0.99.4-7 +- Track the active container on Fedora Linux Asahi Remix + +* Thu Nov 09 2023 Debarshi Ray - 0.0.99.4-6 +- Drop the custom /etc/containers/toolbox.conf from RHEL 10 onwards + +* Mon Oct 02 2023 Debarshi Ray - 0.0.99.4-5 +- Drop github.com/coreos/toolbox compatibility from RHEL 10 onwards + +* Mon Oct 02 2023 Debarshi Ray - 0.0.99.4-4 +- Be aware of security hardened mount points +- Simplify removing the user's password + +* Sat Jul 22 2023 Fedora Release Engineering - 0.0.99.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Mar 8 2023 Nieves Montero - 0.0.99.4-2 +- Sprinkle a debug log + * Wed Feb 22 2023 Debarshi Ray - 0.0.99.4-1 - Update to 0.0.99.4 -* Wed Feb 22 2023 Martin Jackson - 0.0.99.3-10 +* Wed Feb 22 2023 Martin Jackson - 0.0.99.3-12 - Fix the ExclusiveArch -* Tue Feb 21 2023 Debarshi Ray - 0.0.99.3-9 +* Tue Feb 21 2023 Debarshi Ray - 0.0.99.3-11 - Add ExclusiveArch to match Podman -* Thu Feb 02 2023 Yaakov Selkowitz - 0.0.99.3-8 +* Thu Feb 02 2023 Yaakov Selkowitz - 0.0.99.3-10 - Sync packaging changes from CentOS Stream -* Thu Dec 22 2022 Yaakov Selkowitz - 0.0.99.3-7 +* Sat Jan 21 2023 Fedora Release Engineering - 0.0.99.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Dec 22 2022 Yaakov Selkowitz - 0.0.99.3-8 - Use vendored dependencies for RHEL/ELN builds +* Sat Jul 23 2022 Fedora Release Engineering - 0.0.99.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Tue Jul 19 2022 Maxwell G - 0.0.99.3-6 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang