diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 4cecead..2625054 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,29 @@ /toolbox-0.0.16.tar.xz /toolbox-0.0.17.tar.xz /toolbox-0.0.18.tar.xz +/toolbox-0.0.91.tar.xz +/toolbox-0.0.92.tar.xz +/toolbox-0.0.93.tar.xz +/toolbox-0.0.94.tar.xz +/toolbox-0.0.95.tar.xz +/toolbox-0.0.96.tar.xz +/toolbox-0.0.97.tar.xz +/toolbox-0.0.98.tar.xz +/toolbox-0.0.98.1.tar.xz +/toolbox-0.0.99.tar.xz +/toolbox-0.0.99.1.tar.xz +/toolbox-0.0.99.2.tar.xz +/toolbox-0.0.99.2-1.git9820550c82bb.tar.xz +/toolbox-0.0.99.2^1.git9820550c82bb.tar.xz +/toolbox-0.0.99.2^2.git40fbd377ed0b.tar.xz +/toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz +/toolbox-0.0.99.3.tar.xz +/toolbox-0.0.99.3-vendor.tar.xz +/toolbox-0.0.99.4-vendored.tar.xz +/toolbox-0.0.99.5-vendored.tar.xz +/toolbox-0.0.99.6-vendored.tar.xz +/toolbox-0.1.0-vendored.tar.xz +/toolbox-0.1.1-vendored.tar.xz +/toolbox-0.1.2-vendored.tar.xz +/toolbox-0.2-vendored.tar.xz +/toolbox-0.3-vendored.tar.xz diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..5ab3627 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,9 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: + - bodhi_update_push_stable + - bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..e6427de --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,4 @@ +discover: + how: fmf +execute: + how: tmt diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..f0d9c5c --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,16 @@ +# https://github.com/rpminspect/rpminspect/blob/master/data/generic.yaml +# https://github.com/rpminspect/rpminspect-data-fedora/blob/main/fedora.yaml + +--- + +annocheck: + extra_opts: + hardened: --skip-run-path --skip-stack-prot + +elf: + exclude_path: /usr/bin/toolbox + +runpath: + allowed_paths: + - /run/host/usr/lib + - /run/host/usr/lib64 diff --git a/sources b/sources index 9e3fa70..f30b3d7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.18.tar.xz) = 4b47e950bbe2dcf31d2cb155664df822f01708188615fae3304289986176002bd2ffd8b630ad2453c8cc20b93e92e2c10f38948515dede67f55b44cd4a697e5c +SHA512 (toolbox-0.3-vendored.tar.xz) = e464aba1c40b37b0ed027a560a0685e5dc8f07684d33d0e2bac5f0ba8c2b2c2a4c585db8847b23bd0753e33d37e3e88c87ab71d3999c3afedf315717f468c0ba diff --git a/tests/main.fmf b/tests/main.fmf new file mode 100644 index 0000000..25a6fe7 --- /dev/null +++ b/tests/main.fmf @@ -0,0 +1,12 @@ +environment: + ROOTLESS_USER: "fedora" + TMPDIR: /var/tmp +require: + - toolbox-tests + +/rootless: + summary: rootless test + test: | + rpm --erase p11-kit-server + bash ./rootless-test.sh + duration: 4h diff --git a/tests/rootless-test.sh b/tests/rootless-test.sh new file mode 100644 index 0000000..16da9fe --- /dev/null +++ b/tests/rootless-test.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -exo pipefail + +uname -r + +loginctl enable-linger "$ROOTLESS_USER" + +rpm -q containers-common-extra podman toolbox + +su --whitelist-environment=$(cat ./tmt-envvars | tr '\n' ',') - "$ROOTLESS_USER" -c "whoami && cd /usr/share/toolbox/test/system && bats ." diff --git a/tests/tmt-envvars b/tests/tmt-envvars new file mode 100644 index 0000000..6f3176e --- /dev/null +++ b/tests/tmt-envvars @@ -0,0 +1 @@ +TMPDIR diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch new file mode 100644 index 0000000..aec1779 --- /dev/null +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -0,0 +1,104 @@ +From 4649e50c28321185cbaa81a37efbd317b84ae840 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 18 Aug 2021 17:55:21 +0200 +Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST + environment variable + +https://bugzilla.redhat.com/show_bug.cgi?id=1940037 +--- + src/cmd/run.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmd/run.go b/src/cmd/run.go +index ceb277a3640a..72b673f506b3 100644 +--- a/src/cmd/run.go ++++ b/src/cmd/run.go +@@ -576,6 +576,7 @@ func constructExecArgs(container, preserveFDs string, + execArgs = append(execArgs, envOptions...) + + execArgs = append(execArgs, []string{ ++ "--env", "HOST=/run/host", + "--interactive", + "--preserve-fds", preserveFDs, + }...) +-- +2.51.0 + + +From b2ba8445bee988143d546bc15fa3a8a8c019aa2e Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Fri, 10 Dec 2021 13:42:15 +0100 +Subject: [PATCH 2/2] test/system: Update to test the migration path for + coreos/toolbox users + +This reverts the changes to the tests made in commit +411147988b730dabf8b9e761a5426e12d648f008 by restoring commit +ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit +3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed. +--- + test/system/002-help.bats | 14 -------------- + test/system/100-root.bats | 27 +++++++++++++++++++++++++++ + 2 files changed, 27 insertions(+), 14 deletions(-) + create mode 100644 test/system/100-root.bats + +diff --git a/test/system/002-help.bats b/test/system/002-help.bats +index f7cd3f5480ab..7ad5f72e792f 100644 +--- a/test/system/002-help.bats ++++ b/test/system/002-help.bats +@@ -33,20 +33,6 @@ teardown_file() { + cleanup_all + } + +-@test "help: Smoke test" { +- run --keep-empty-lines --separate-stderr "$TOOLBX" +- +- assert_failure +- assert [ ${#lines[@]} -eq 0 ] +- lines=("${stderr_lines[@]}") +- assert_line --index 0 "Error: missing command" +- assert_line --index 2 "create Create a new Toolbx container" +- assert_line --index 3 "enter Enter an existing Toolbx container" +- assert_line --index 4 "list List all existing Toolbx containers and images" +- assert_line --index 6 "Run 'toolbox --help' for usage." +- assert [ ${#stderr_lines[@]} -eq 7 ] +-} +- + @test "help: Command 'help'" { + if ! command -v man 2>/dev/null; then + skip "not found man(1)" +diff --git a/test/system/100-root.bats b/test/system/100-root.bats +new file mode 100644 +index 000000000000..cf35d60ac25c +--- /dev/null ++++ b/test/system/100-root.bats +@@ -0,0 +1,27 @@ ++#!/usr/bin/env bats ++ ++load 'libs/bats-support/load' ++load 'libs/bats-assert/load' ++load 'libs/helpers' ++ ++setup() { ++ _setup_environment ++ cleanup_all ++} ++ ++teardown() { ++ cleanup_all ++} ++ ++@test "root: Try to enter the default container with no containers created" { ++ run "$TOOLBX" <<< "n" ++ ++ assert_success ++ assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command." ++ assert_line --index 1 "Run 'toolbox --help' for usage." ++} ++ ++# TODO: Write the test ++@test "root: Enter the default container when 1 non-default container is present" { ++ skip "Testing of entering toolboxes is not implemented" ++} +-- +2.51.0 + diff --git a/toolbox-Make-the-build-flags-match-Fedora.patch b/toolbox-Make-the-build-flags-match-Fedora.patch new file mode 100644 index 0000000..5ee5fd4 --- /dev/null +++ b/toolbox-Make-the-build-flags-match-Fedora.patch @@ -0,0 +1,62 @@ +From a1bb7d53fab70899c991feb9276cf93a12280750 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} + +These reflect the defaults for Fedora 39, which is the oldest supported +Fedora, barring some exceptions mentioned below. + +The change to use the RPM's %{name}, %{version}, %{release} and the +SOURCE_DATE_EPOCH environment variable [1], instead of /dev/urandom, to +generate the build ID annotation for the toolbox(1) binary [2] was left +out. It will need more work to propagate the RPM's %{name}, %{version} +and %{release} to Meson. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match Fedora's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. + +[1] https://reproducible-builds.org/docs/source-date-epoch/ + +[2] go-rpm-macros commit 1980932bf3a21890 + https://pagure.io/go-rpm-macros/c/1980932bf3a21890 + https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..5978422e9aed 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.51.0 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-10.patch b/toolbox-Make-the-build-flags-match-RHEL-10.patch new file mode 100644 index 0000000..9528088 --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch @@ -0,0 +1,71 @@ +From f79f96fb8f3ec528952b9719f356e871837987df Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags} + +These reflect the defaults for RHEL 10.0 Beta, because RHEL 10.0 is +still early in its development cycle and the defaults may be in a state +of flux. Some exceptions are mentioned below. + +The '-z pack-relative-relocs' linker flag was left out. It's currently +not supported on s390x, so using it would require architecture specific +patches, which is a hassle. Support for aarch64 was recently added [1], +so hopefully s390x will also be supported soon. + +The change to use the RPM's %{name}, %{version}, %{release} and the +SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to +generate the build ID annotation for the toolbox(1) binary [2] was left +out. It will need more work to propagate the RPM's %{name}, %{version} +and %{release} to Meson. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL 10's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. + +[1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b + https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b + https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42 + https://issues.redhat.com/browse/RHEL-40379 + +[2] go-rpm-macros commit 1980932bf3a21890 + https://pagure.io/go-rpm-macros/c/1980932bf3a21890 + https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..5978422e9aed 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.51.0 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-9.patch b/toolbox-Make-the-build-flags-match-RHEL-9.patch new file mode 100644 index 0000000..492268a --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch @@ -0,0 +1,50 @@ +From 2d1b4b2492c65abd0d0bf0c71c971f550447412d Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags} + +These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early +in its development cycle and the defaults may be in a state of flux. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..0a2c7526f210 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.51.0 + diff --git a/toolbox.conf b/toolbox.conf new file mode 100644 index 0000000..f612e2f --- /dev/null +++ b/toolbox.conf @@ -0,0 +1,17 @@ +[general] +# Create a toolbox container for a different operating system distro than the +# host. Cannot be used with 'image'. +## distro = "fedora" + +# Create a toolbox container for a different operating system release than the +# host. Cannot be used with 'image'. +## release = "33" + +# Change the name of the image used to create the toolbox container. This is +# useful for creating containers from custom-built images. Cannot be used with +# 'distro' or 'release'. +# +# If the name does not contain a registry, the local image storage will be +# consulted, and if it's not present there then it will be pulled from a +# suitable remote registry. +image = "registry.access.redhat.com/ubi9/toolbox:latest" diff --git a/toolbox.rpmlintrc b/toolbox.rpmlintrc new file mode 100644 index 0000000..150b710 --- /dev/null +++ b/toolbox.rpmlintrc @@ -0,0 +1 @@ +addFilter(r'no-%check-section') diff --git a/toolbox.spec b/toolbox.spec index b969cfd..09e3785 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,135 +1,478 @@ +%global __brp_check_rpaths %{nil} + +%if 0%{?rhel} +%if 0%{?rhel} <= 9 +%{!?bash_completions_dir: %global bash_completions_dir %{_datadir}/bash-completion/completions} +%{!?fish_completions_dir: %global fish_completions_dir %{_datadir}/fish/vendor_completions.d} +%{!?zsh_completions_dir: %global zsh_completions_dir %{_datadir}/zsh/site-functions} +%endif +%endif + + Name: toolbox -Version: 0.0.18 +Version: 0.3 + +%global goipath github.com/containers/%{name} + +%if 0%{?fedora} +%gometa -f +%endif + +%if 0%{?rhel} +%if 0%{?rhel} <= 9 +%gometa +%else +%gometa -f +%endif +%endif + +%global toolbx_go 1.22 + +%if 0%{?fedora} +%global toolbx_go 1.24.7 +%endif + +%if 0%{?rhel} +%if 0%{?rhel} == 9 +%global toolbx_go 1.22.5 +%elif 0%{?rhel} == 10 +%global toolbx_go 1.22.5 +%elif 0%{?rhel} > 10 +%global toolbx_go 1.24.4 +%endif +%endif + Release: 2%{?dist} -Summary: Unprivileged development environment +Summary: Tool for interactive command line environments on Linux -License: ASL 2.0 -URL: https://github.com/containers/toolbox -Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz +License: Apache-2.0 +URL: https://containertoolbx.org/ +Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz -BuildArch: noarch -# buildah and podman only work on the following architectures: -ExclusiveArch: aarch64 %{arm} ppc64le s390x x86_64 +# RHEL specific +Source1: %{name}.conf -BuildRequires: ShellCheck -BuildRequires: golang-github-cpuguy83-md2man -BuildRequires: meson +# Fedora specific +Patch100: toolbox-Make-the-build-flags-match-Fedora.patch + +# RHEL specific +Patch200: toolbox-Make-the-build-flags-match-RHEL-9.patch +Patch201: toolbox-Make-the-build-flags-match-RHEL-10.patch +Patch202: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch + +BuildRequires: gcc +BuildRequires: go-md2man +BuildRequires: golang >= %{toolbx_go} +BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) +BuildRequires: shadow-utils-subid-devel >= 4.16.0 BuildRequires: systemd +BuildRequires: systemd-rpm-macros +%if ! 0%{?rhel} +BuildRequires: pkgconfig(fish) +# for tests +# BuildRequires: codespell +# BuildRequires: ShellCheck +%endif +Recommends: p11-kit-server +Recommends: skopeo +%if ! 0%{?rhel} +Recommends: fuse-overlayfs +%endif + +Requires: containers-common Requires: flatpak-session-helper -Requires: podman >= 1.4.0 - -# To be removed in Fedora 33 -Provides: fedora-toolbox = %{version}-%{release} -Obsoletes: fedora-toolbox < 0.0.5-2 +Requires: podman >= 1.6.4 +Requires: shadow-utils-subid%{?_isa} >= 4.16.0 %description -Toolbox is offers a familiar RPM based environment for developing and -debugging software that runs fully unprivileged using Podman. +Toolbx is a tool for Linux, which allows the use of interactive command line +environments for software development and troubleshooting the host operating +system, without having to install software on the host. It is built on top of +Podman and other standard container technologies from OCI. -# The list of requires packages for -support and -experience should be in sync with: -# https://github.com/debarshiray/toolbox/blob/master/images/fedora/f31/extra-packages -%package support -Summary: Required packages for the container image to support %{name} - -# These are really required to make the image work with toolbox -Requires: passwd -Requires: shadow-utils -Requires: krb5-libs -Requires: vte-profile - -%description support -The %{name}-support package contains all the required packages that are needed -to be installed in the container image to make it work with the %{name}. - -The %{name}-support package should be typically installed from the Dockerfile -if the image isn't based on the fedora-toolbox image. +Toolbx environments have seamless access to the user's home directory, the +Wayland and X11 sockets, networking (including Avahi), removable devices (like +USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev +database, etc.. -%package experience -Summary: Set of packages to enhance the %{name} experience +%package tests +Summary: Tests for %{name} -Requires: bash-completion -Requires: bzip2 +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: coreutils Requires: diffutils -Requires: dnf-plugins-core -Requires: findutils -Requires: flatpak-xdg-utils -Requires: fpaste -Requires: git -Requires: gnupg -Requires: gnupg2-smime -Requires: hostname -Requires: iputils -Requires: jwhois -Requires: keyutils -Requires: less -Requires: lsof -Requires: man-db -Requires: man-pages -Requires: mlocate -Requires: mtr -Requires: openssh-clients -Requires: PackageKit-command-not-found -Requires: pigz -Requires: procps-ng -Requires: rsync -Requires: sudo -Requires: tcpdump -Requires: time -Requires: traceroute -Requires: tree -Requires: unzip -Requires: wget -Requires: which -Requires: words -Requires: xz -Requires: zip +# for gdbus(1) +Requires: glib2 +Requires: grep +# for htpasswd(1) +Requires: httpd-tools +Requires: openssl +Requires: python3 +Requires: skopeo +%if ! 0%{?rhel} +Requires: bats >= 1.10.0 +%endif -%description experience -The %{name}-experience package contains all the packages that should be -installed in the container to provide the same default experience as working -on the host. -The %{name}-experience package should be typically installed from the -Dockerfile if the image isn't based on the fedora-toolbox image. +%description tests +The %{name}-tests package contains system tests for %{name}. %prep -%autosetup +%setup -q + +%if 0%{?fedora} +%patch -P100 -p1 +%endif + +%if 0%{?rhel} +%if 0%{?rhel} == 9 +%patch -P200 -p1 +%endif + +%if 0%{?rhel} >= 10 +%patch -P201 -p1 +%endif + +%if 0%{?rhel} <= 9 +%patch -P202 -p1 +%endif +%endif + +%gomkdir -s %{_builddir}/%{extractdir}/src -k %build -%meson --buildtype=plain -Dprofile_dir=%{_sysconfdir}/profile.d +export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" + +%meson \ +%if 0%{?rhel} + -Dfish_completions_dir=%{fish_completions_dir} \ +%if 0%{?rhel} <= 9 + -Dmigration_path_for_coreos_toolbox=true \ +%endif +%endif + -Dprofile_dir=%{_sysconfdir}/profile.d \ + -Dtmpfiles_dir=%{_tmpfilesdir} \ + -Dzsh_completions_dir=%{zsh_completions_dir} + %meson_build -%check -%meson_test +# %%check +# %%meson_test %install %meson_install +%if 0%{?rhel} +%if 0%{?rhel} <= 9 +install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf +%endif +%endif + %files -%doc NEWS README.md -%license COPYING +%doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md +%license COPYING src/vendor/modules.txt %{_bindir}/%{name} -%{_datadir}/bash-completion %{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{name}-*.1* -%{_sysconfdir}/profile.d/toolbox.sh +%{_mandir}/man5/%{name}.conf.5* +%config(noreplace) %{_sysconfdir}/containers/%{name}.conf +%{_sysconfdir}/profile.d/%{name}.sh %{_tmpfilesdir}/%{name}.conf +%{bash_completions_dir}/%{name}.bash +%{fish_completions_dir}/%{name}.fish +%{zsh_completions_dir}/_%{name} -%files support -%files experience +%files tests +%{_datadir}/%{name} %changelog +* Fri Oct 10 2025 Alejandro Sáez - 0.3-2 +- rebuild + +* Wed Sep 17 2025 Debarshi Ray - 0.3-1 +- Update to 0.3 + +* Fri Aug 15 2025 Maxwell G - 0.2-2 +- Rebuild for golang-1.25.0 + +* Sat Aug 09 2025 Debarshi Ray - 0.2-1 +- Update to 0.2 +- Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787 + +* Fri Jul 25 2025 Fedora Release Engineering - 0.1.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Tue Jun 03 2025 Debarshi Ray - 0.1.2-1 +- Update to 0.1.2 + +* Wed Jan 22 2025 Debarshi Ray - 0.1.1-3 +- Use RPM macros for shell completions and clean up directory ownership + +* Sun Jan 19 2025 Fedora Release Engineering - 0.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Mon Nov 04 2024 Debarshi Ray - 0.1.1-1 +- Update to 0.1.1 + +* Tue Oct 22 2024 Debarshi Ray - 0.1.0-1 +- Update to 0.1.0 + +* Wed Oct 16 2024 Debarshi Ray - 0.0.99.6-6 +- Recommend fuse-overlayfs because old containers created with it need it + +* Mon Oct 07 2024 Debarshi Ray - 0.0.99.6-5 +- Don't use slirp4netns(1) in tests to work around bug in pasta(1) + +* Fri Oct 04 2024 Debarshi Ray - 0.0.99.6-4 +- Use the fedora-toolbox:40 image for Fedora Asahi Remix hosts + +* Thu Oct 03 2024 Debarshi Ray - 0.0.99.6-3 +- Unbreak the downstream Fedora CI + +* Wed Oct 02 2024 Debarshi Ray - 0.0.99.6-2 +- Silence 'rpminspect --tests=elf' + +* Mon Sep 30 2024 Debarshi Ray - 0.0.99.6-1 +- Update to 0.0.99.6 + +* Thu Sep 12 2024 Debarshi Ray - 0.0.99.5-18 +- Rebuild against shadow-utils-subid ABI version 5.0.0 + +* Thu Aug 08 2024 Debarshi Ray - 0.0.99.5-17 +- Ensure slirp4netns(1) is installed + +* Wed Jul 31 2024 Debarshi Ray - 0.0.99.5-16 +- Avoid running out of storage space when running the tests + +* Fri Jul 26 2024 Adam Williamson - 0.0.99.5-15 +- Fix CI test (hopefully) + +* Sat Jul 20 2024 Fedora Release Engineering - 0.0.99.5-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-13 +- Silence 'rpminspect --tests=stack-prot' + +* Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-12 +- Silence 'rpminspect --tests=annocheck' (part 2) + +* Tue May 07 2024 Debarshi Ray - 0.0.99.5-11 +- Unbreak the tests with Podman 5.0 + +* Tue Mar 26 2024 Debarshi Ray - 0.0.99.5-10 +- Specify the golang versions for RHEL 9 and 10 + +* Tue Mar 05 2024 Debarshi Ray - 0.0.99.5-9 +- Conditionalize the BuildRequires on golang + +* Tue Feb 27 2024 Debarshi Ray - 0.0.99.5-8 +- Unbreak Podman's downstream Fedora CI (part 2) +- Backport some new upstream tests + +* Tue Feb 13 2024 Debarshi Ray - 0.0.99.5-7 +- Unbreak Podman's downstream Fedora CI +- Update the BuildRequires on golang to reflect reality + +* Sun Feb 11 2024 Maxwell G - 0.0.99.5-6 +- Rebuild for golang 1.22.0 + +* Wed Feb 07 2024 Debarshi Ray - 0.0.99.5-5 +- Migrate to SPDX license + +* Sat Jan 27 2024 Fedora Release Engineering - 0.0.99.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Jan 11 2024 Debarshi Ray - 0.0.99.5-3 +- Drop 'Recommends: subscription-manager' + +* Tue Dec 19 2023 Debarshi Ray - 0.0.99.5-2 +- Drop the experience and support subpackages + +* Tue Dec 19 2023 Debarshi Ray - 0.0.99.5-1 +- Update to 0.0.99.5 + +* Tue Dec 19 2023 Debarshi Ray - 0.0.99.4-10 +- Require openssl(1) for the system tests in the tests subpackage + +* Wed Dec 06 2023 Adam Williamson - 0.0.99.4-9 +- tests subpackage: require httpd-tools for htpasswd + +* Tue Dec 05 2023 Debarshi Ray - 0.0.99.4-8 +- Fix the conditionals for 'if RHEL <= 9' + +* Thu Nov 30 2023 Debarshi Ray - 0.0.99.4-7 +- Track the active container on Fedora Linux Asahi Remix + +* Thu Nov 09 2023 Debarshi Ray - 0.0.99.4-6 +- Drop the custom /etc/containers/toolbox.conf from RHEL 10 onwards + +* Mon Oct 02 2023 Debarshi Ray - 0.0.99.4-5 +- Drop github.com/coreos/toolbox compatibility from RHEL 10 onwards + +* Mon Oct 02 2023 Debarshi Ray - 0.0.99.4-4 +- Be aware of security hardened mount points +- Simplify removing the user's password + +* Sat Jul 22 2023 Fedora Release Engineering - 0.0.99.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Mar 8 2023 Nieves Montero - 0.0.99.4-2 +- Sprinkle a debug log + +* Wed Feb 22 2023 Debarshi Ray - 0.0.99.4-1 +- Update to 0.0.99.4 + +* Wed Feb 22 2023 Martin Jackson - 0.0.99.3-12 +- Fix the ExclusiveArch + +* Tue Feb 21 2023 Debarshi Ray - 0.0.99.3-11 +- Add ExclusiveArch to match Podman + +* Thu Feb 02 2023 Yaakov Selkowitz - 0.0.99.3-10 +- Sync packaging changes from CentOS Stream + +* Sat Jan 21 2023 Fedora Release Engineering - 0.0.99.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Dec 22 2022 Yaakov Selkowitz - 0.0.99.3-8 +- Use vendored dependencies for RHEL/ELN builds + +* Sat Jul 23 2022 Fedora Release Engineering - 0.0.99.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Jul 19 2022 Maxwell G - 0.0.99.3-6 +- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in + golang + +* Sat Jun 18 2022 Robert-André Mauchin - 0.0.99.3-5 +- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, + CVE-2022-29526, CVE-2022-30629 + +* Sat Jan 22 2022 Fedora Release Engineering - 0.0.99.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Sun Jan 09 2022 Ondřej Míchal - 0.0.99.3-3 +- Add upstream patch fixing doubled error messages + +* Fri Dec 10 2021 Debarshi Ray - 0.0.99.3-2 +- BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging + guidelines + +* Fri Dec 10 2021 Debarshi Ray - 0.0.99.3-1 +- Update to 0.0.99.3 + +* Mon Oct 25 2021 Debarshi Ray - 0.0.99.2^3.git075b9a8d2779-9 +- Restore backwards compatibility with existing containers + +* Fri Oct 22 2021 Debarshi Ray - 0.0.99.2^3.git075b9a8d2779-8 +- Ensure that binaries are run against their build-time ABI + +* Mon Sep 13 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-7 +- Rebuilt for gating tests + +* Thu Sep 09 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-6 +- Rebuilt for gating tests + +* Mon Aug 23 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-5 +- Version bump to build and check fedora gating after fixing ansible playbooks + +* Fri Aug 20 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-4 +- Version bump to build and check fedora gating + +* Wed Aug 18 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-3 +- Added Fedora gating + +* Wed Aug 18 2021 Debarshi Ray - 0.0.99.2^3.git075b9a8d2779-2 +- Require containers-common for ownership of %%{_sysconfdir}/containers + +* Mon Aug 09 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-1 +- Updated to 0.0.99.2^3.git075b9a8d2779 snapshot + +* Thu Jul 29 2021 Oliver Gutiérrez - 0.0.99.2^2.git40fbd377ed0b-1 +- Updated to 0.0.99.2^2.git40fbd377ed0b snapshot + +* Wed Jul 28 2021 Oliver Gutiérrez - 0.0.99.2^1.git9820550c82bb-1 +- Updated to 0.00.99.2^1.git9820550c82bb snapshot + +* Wed Jul 28 2021 Ondřej Míchal - 0.0.99.2-3 +- Update dependencies of -tests subpackage + +* Fri Jul 23 2021 Fedora Release Engineering - 0.0.99.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Sat Jun 26 2021 Debarshi Ray - 0.0.99.2-1 +- Update to 0.0.99.2 + +* Tue Feb 23 2021 Debarshi Ray - 0.0.99.1-1 +- Update to 0.0.99.1 + +* Wed Jan 27 2021 Fedora Release Engineering - 0.0.99-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jan 12 2021 Debarshi Ray - 0.0.99-1 +- Update to 0.0.99 + +* Mon Jan 11 2021 Debarshi Ray - 0.0.98.1-2 +- Harden the binary by using the same CGO_CFLAGS as on RHEL 8 + +* Thu Jan 07 2021 Debarshi Ray - 0.0.98.1-1 +- Update to 0.0.98.1 + +* Tue Jan 05 2021 Debarshi Ray - 0.0.98-1 +- Update to 0.0.98 + +* Wed Nov 25 2020 Ondřej Míchal - 0.0.97-2 +- Move krb5-libs from -support to -experience, and update the list of packages + in -experience + +* Tue Nov 03 2020 Debarshi Ray - 0.0.97-1 +- Update to 0.0.97 + +* Thu Oct 01 2020 Debarshi Ray - 0.0.96-1 +- Update to 0.0.96 + +* Sun Aug 30 2020 Debarshi Ray - 0.0.95-1 +- Update to 0.0.95 + +* Mon Aug 24 2020 Debarshi Ray - 0.0.94-1 +- Update to 0.0.94 + +* Wed Jul 29 2020 Fedora Release Engineering - 0.0.93-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sat Jul 25 2020 Debarshi Ray - 0.0.93-1 +- Update to 0.0.93 + +* Fri Jul 03 2020 Debarshi Ray - 0.0.92-1 +- Update to 0.0.92 + +* Fri Jul 03 2020 Debarshi Ray - 0.0.91-2 +- Fix the 'toolbox --version' output + +* Tue Jun 30 2020 Harry Míchal - 0.0.91-1 +- Update to 0.0.91 + +* Sat Jun 27 2020 Debarshi Ray - 0.0.18-5 +- Remove ExclusiveArch to match Podman + +* Wed Jun 10 2020 Debarshi Ray - 0.0.18-4 +- Sync the "experience" packages with the current Dockerfile +- Make "experience" Require "support" + +* Fri Apr 03 2020 Debarshi Ray - 0.0.18-3 +- Drop compatibility Obsoletes and Provides for fedora-toolbox + * Fri Jan 31 2020 Fedora Release Engineering - 0.0.18-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild