From aba1d296b5d3c75892abb11f46289b200aff70f3 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 23 Feb 2021 20:19:10 +0100 Subject: [PATCH 001/145] Update to 0.0.99.1 --- .gitignore | 1 + sources | 2 +- toolbox.spec | 7 +++++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index bda8bf7..5586f4a 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ /toolbox-0.0.98.tar.xz /toolbox-0.0.98.1.tar.xz /toolbox-0.0.99.tar.xz +/toolbox-0.0.99.1.tar.xz diff --git a/sources b/sources index 6d069a5..668e2bc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.tar.xz) = a2b750894d902575b742249ee89526e876fdbc6353e0aa8aa262f230f6b0c53266c70c93b2921eef3c2189d93dc096bdeee1be11c9aff0ee110a4fcbcb782f88 +SHA512 (toolbox-0.0.99.1.tar.xz) = 6021653eb7fbfc85ea700a9f52f9cfb552efbd4127eb3332a53bd340c8270c4d7a4e54b4a435202fd9e95ee0d90555a46ae9363a930b37fa35e63f239dffc027 diff --git a/toolbox.spec b/toolbox.spec index 358a90e..167159c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,10 +1,10 @@ Name: toolbox -Version: 0.0.99 +Version: 0.0.99.1 %global goipath github.com/containers/%{name} %gometa -Release: 2%{?dist} +Release: 1%{?dist} Summary: Unprivileged development environment License: ASL 2.0 @@ -173,6 +173,9 @@ ln -s src/pkg pkg %changelog +* Tue Feb 23 2021 Debarshi Ray - 0.0.99.1-1 +- Update to 0.0.99.1 + * Wed Jan 27 2021 Fedora Release Engineering - 0.0.99-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From aa7f643e20fe9ca6a6e1d044e6ff72cd4cff9b93 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 23 Feb 2021 20:19:10 +0100 Subject: [PATCH 002/145] Update to 0.0.99.1 --- .gitignore | 1 + sources | 2 +- toolbox.spec | 7 +++++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index bda8bf7..5586f4a 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ /toolbox-0.0.98.tar.xz /toolbox-0.0.98.1.tar.xz /toolbox-0.0.99.tar.xz +/toolbox-0.0.99.1.tar.xz diff --git a/sources b/sources index 6d069a5..668e2bc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.tar.xz) = a2b750894d902575b742249ee89526e876fdbc6353e0aa8aa262f230f6b0c53266c70c93b2921eef3c2189d93dc096bdeee1be11c9aff0ee110a4fcbcb782f88 +SHA512 (toolbox-0.0.99.1.tar.xz) = 6021653eb7fbfc85ea700a9f52f9cfb552efbd4127eb3332a53bd340c8270c4d7a4e54b4a435202fd9e95ee0d90555a46ae9363a930b37fa35e63f239dffc027 diff --git a/toolbox.spec b/toolbox.spec index 358a90e..167159c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,10 +1,10 @@ Name: toolbox -Version: 0.0.99 +Version: 0.0.99.1 %global goipath github.com/containers/%{name} %gometa -Release: 2%{?dist} +Release: 1%{?dist} Summary: Unprivileged development environment License: ASL 2.0 @@ -173,6 +173,9 @@ ln -s src/pkg pkg %changelog +* Tue Feb 23 2021 Debarshi Ray - 0.0.99.1-1 +- Update to 0.0.99.1 + * Wed Jan 27 2021 Fedora Release Engineering - 0.0.99-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From a88a4b95ce391098f83ed50767fd37e6957361dc Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 29 Apr 2021 01:02:13 +0200 Subject: [PATCH 003/145] Tweak the Summary No need to issue a build just for this. --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 167159c..aa6245a 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -5,7 +5,7 @@ Version: 0.0.99.1 %gometa Release: 1%{?dist} -Summary: Unprivileged development environment +Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://github.com/containers/%{name} From 0d4eca4acb3826997b4f5aa7bb34ceca0c485bc6 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 29 Apr 2021 01:02:13 +0200 Subject: [PATCH 004/145] Tweak the Summary No need to issue a build just for this. --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 167159c..aa6245a 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -5,7 +5,7 @@ Version: 0.0.99.1 %gometa Release: 1%{?dist} -Summary: Unprivileged development environment +Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://github.com/containers/%{name} From 151eea730aecb29d059836461e91a41698c5c5da Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Sat, 26 Jun 2021 20:03:14 +0200 Subject: [PATCH 005/145] Update to 0.0.99.2 Disable the %check section because 'go test ...' isn't working as it is in the build environment. --- .gitignore | 1 + sources | 2 +- toolbox.spec | 11 ++++++++--- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 5586f4a..51193d6 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ /toolbox-0.0.98.1.tar.xz /toolbox-0.0.99.tar.xz /toolbox-0.0.99.1.tar.xz +/toolbox-0.0.99.2.tar.xz diff --git a/sources b/sources index 668e2bc..c553232 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.1.tar.xz) = 6021653eb7fbfc85ea700a9f52f9cfb552efbd4127eb3332a53bd340c8270c4d7a4e54b4a435202fd9e95ee0d90555a46ae9363a930b37fa35e63f239dffc027 +SHA512 (toolbox-0.0.99.2.tar.xz) = 8e775d500755181f22f62dde4da32d5eff446590e54587633a545f880e9d58dc36ace9e7b37e5ec7a4713f570ceb3d27569f9421ad27fd95f0bb6499b470d0b6 diff --git a/toolbox.spec b/toolbox.spec index aa6245a..b101c40 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,5 +1,5 @@ Name: toolbox -Version: 0.0.99.1 +Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa @@ -27,6 +27,7 @@ BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.4.7 BuildRequires: golang(github.com/godbus/dbus) >= 5.0.3 BuildRequires: golang(github.com/mattn/go-isatty) >= 0.0.12 BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 +# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(golang.org/x/sys/unix) BuildRequires: meson @@ -86,6 +87,7 @@ Requires: man-db Requires: man-pages Requires: mlocate Requires: mtr +Requires: nano-default-editor Requires: nss-mdns Requires: openssh-clients Requires: pigz @@ -146,8 +148,8 @@ ln -s src/pkg pkg %meson_build -%check -%meson_test +# %%check +# %%meson_test %install @@ -173,6 +175,9 @@ ln -s src/pkg pkg %changelog +* Sat Jun 26 2021 Debarshi Ray - 0.0.99.2-1 +- Update to 0.0.99.2 + * Tue Feb 23 2021 Debarshi Ray - 0.0.99.1-1 - Update to 0.0.99.1 From 12df1ef16a673d90a85d3b8fc631adcd1ae27ba5 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Sat, 26 Jun 2021 20:03:14 +0200 Subject: [PATCH 006/145] Update to 0.0.99.2 Disable the %check section because 'go test ...' isn't working as it is in the build environment. --- .gitignore | 1 + sources | 2 +- toolbox.spec | 11 ++++++++--- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 5586f4a..51193d6 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ /toolbox-0.0.98.1.tar.xz /toolbox-0.0.99.tar.xz /toolbox-0.0.99.1.tar.xz +/toolbox-0.0.99.2.tar.xz diff --git a/sources b/sources index 668e2bc..c553232 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.1.tar.xz) = 6021653eb7fbfc85ea700a9f52f9cfb552efbd4127eb3332a53bd340c8270c4d7a4e54b4a435202fd9e95ee0d90555a46ae9363a930b37fa35e63f239dffc027 +SHA512 (toolbox-0.0.99.2.tar.xz) = 8e775d500755181f22f62dde4da32d5eff446590e54587633a545f880e9d58dc36ace9e7b37e5ec7a4713f570ceb3d27569f9421ad27fd95f0bb6499b470d0b6 diff --git a/toolbox.spec b/toolbox.spec index aa6245a..b101c40 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,5 +1,5 @@ Name: toolbox -Version: 0.0.99.1 +Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa @@ -27,6 +27,7 @@ BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.4.7 BuildRequires: golang(github.com/godbus/dbus) >= 5.0.3 BuildRequires: golang(github.com/mattn/go-isatty) >= 0.0.12 BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 +# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(golang.org/x/sys/unix) BuildRequires: meson @@ -86,6 +87,7 @@ Requires: man-db Requires: man-pages Requires: mlocate Requires: mtr +Requires: nano-default-editor Requires: nss-mdns Requires: openssh-clients Requires: pigz @@ -146,8 +148,8 @@ ln -s src/pkg pkg %meson_build -%check -%meson_test +# %%check +# %%meson_test %install @@ -173,6 +175,9 @@ ln -s src/pkg pkg %changelog +* Sat Jun 26 2021 Debarshi Ray - 0.0.99.2-1 +- Update to 0.0.99.2 + * Tue Feb 23 2021 Debarshi Ray - 0.0.99.1-1 - Update to 0.0.99.1 From bd527008a2c0b9b719fcefe5ed98e3bc9c185918 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 28 Jun 2021 13:50:36 +0200 Subject: [PATCH 007/145] Disable DWARF compression This mimics the change in go-rpm-macros [1] for Fedora 35. [1] go-rpm-macros commit 9f1ba3d1d27f4e81 https://pagure.io/go-rpm-macros/c/9f1ba3d1d27f4e81 https://bugzilla.redhat.com/show_bug.cgi?id=1961214 --- ...the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch | 8 ++++---- toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch index 43df0c9..f5511f6 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -1,4 +1,4 @@ -From e9bfc40bbbf7af1a20819b6840441cbe52a7d1b7 Mon Sep 17 00:00:00 2001 +From 5ec9997c0f11bb9d1f7eee2e5014130cadc70c91 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} for @@ -24,7 +24,7 @@ and should be kept updated to match Fedora's Go guidelines. Use 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 515e1d8a0670..8baaff53b329 100755 +index 0d27120da052..03a32bc5af33 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper @@ -27,5 +27,6 @@ if ! cd "$1"; then @@ -33,8 +33,8 @@ index 515e1d8a0670..8baaff53b329 100755 -go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +unset LDFLAGS -+go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" ++go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" exit "$?" -- -2.29.2 +2.31.1 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch index 16c844d..c97e978 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -1,4 +1,4 @@ -From d204528ce3b3c70727c12e1911d1c5562b56d474 Mon Sep 17 00:00:00 2001 +From 64c8066535dacbe37abc35485347c59df553bfbb Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} @@ -23,7 +23,7 @@ PPC64, and should be kept updated to match Fedora's Go guidelines. Use 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 515e1d8a0670..013a35e52a1a 100755 +index 0d27120da052..4793d29a7021 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper @@ -27,5 +27,6 @@ if ! cd "$1"; then @@ -32,8 +32,8 @@ index 515e1d8a0670..013a35e52a1a 100755 -go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +unset LDFLAGS -+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" ++go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" exit "$?" -- -2.29.2 +2.31.1 From 42c803ef2527a87c49df3575dff9f146f4fd5ef5 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 8 Jul 2021 20:59:14 +0200 Subject: [PATCH 008/145] Add bc and iproute to the toolbox-experience sub-package No need to issue a build just for this. --- toolbox.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/toolbox.spec b/toolbox.spec index b101c40..ebbe463 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -66,6 +66,7 @@ Summary: Set of packages to enhance the %{name} experience Requires: %{name}-support = %{version}-%{release} Requires: bash-completion +Requires: bc Requires: bzip2 Requires: diffutils Requires: dnf-plugins-core @@ -77,6 +78,7 @@ Requires: gnupg Requires: gnupg2-smime Requires: gvfs-client Requires: hostname +Requires: iproute Requires: iputils Requires: jwhois Requires: keyutils From 9853bf5d8f725e5f5487324c6a1aed777f1f63eb Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 8 Jul 2021 20:59:14 +0200 Subject: [PATCH 009/145] Add bc and iproute to the toolbox-experience sub-package No need to issue a build just for this. --- toolbox.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/toolbox.spec b/toolbox.spec index b101c40..ebbe463 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -66,6 +66,7 @@ Summary: Set of packages to enhance the %{name} experience Requires: %{name}-support = %{version}-%{release} Requires: bash-completion +Requires: bc Requires: bzip2 Requires: diffutils Requires: dnf-plugins-core @@ -77,6 +78,7 @@ Requires: gnupg Requires: gnupg2-smime Requires: gvfs-client Requires: hostname +Requires: iproute Requires: iputils Requires: jwhois Requires: keyutils From 382aa9921306b58a15980842cbaa2461b16ea25d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 23 Jul 2021 19:27:42 +0000 Subject: [PATCH 010/145] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index ebbe463..274a058 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -177,6 +177,9 @@ ln -s src/pkg pkg %changelog +* Fri Jul 23 2021 Fedora Release Engineering - 0.0.99.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Sat Jun 26 2021 Debarshi Ray - 0.0.99.2-1 - Update to 0.0.99.2 From a961891ea200c572546c84da8d04e47097214b97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= Date: Mon, 22 Mar 2021 00:06:32 +0100 Subject: [PATCH 011/145] Update dependencies of -tests subpackage --- toolbox.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/toolbox.spec b/toolbox.spec index 274a058..7178c6f 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -122,6 +122,10 @@ Summary: Tests for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} Requires: bats +Requires: coreutils +Requires: gawk +Requires: grep +Requires: skopeo %description tests The %{name}-tests package contains system tests for %{name}. From c6fdde6d4ac24a255e364a8ffc6c538092729f17 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Wed, 28 Jul 2021 16:25:06 +0100 Subject: [PATCH 012/145] Added changelog entry for the update dependencies of -tests subpackage --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 7178c6f..ec2d98e 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa -Release: 2%{?dist} +Release: 3%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -181,6 +181,9 @@ ln -s src/pkg pkg %changelog +* Wed Jul 28 2021 Ondřej Míchal - 0.0.99.2-3 +- Update dependencies of -tests subpackage + * Fri Jul 23 2021 Fedora Release Engineering - 0.0.99.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From 906afe610cbcf4504a229bc073334556f7491c10 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Wed, 28 Jul 2021 16:55:24 +0100 Subject: [PATCH 013/145] Updated sources to 0.00.99.2^1.git9820550c82bb snapshot --- .gitignore | 2 ++ sources | 2 +- toolbox.spec | 12 +++++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 51193d6..9d7f95f 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,5 @@ /toolbox-0.0.99.tar.xz /toolbox-0.0.99.1.tar.xz /toolbox-0.0.99.2.tar.xz +/toolbox-0.0.99.2-1.git9820550c82bb.tar.xz +/toolbox-0.0.99.2^1.git9820550c82bb.tar.xz diff --git a/sources b/sources index c553232..2ec0d0c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2.tar.xz) = 8e775d500755181f22f62dde4da32d5eff446590e54587633a545f880e9d58dc36ace9e7b37e5ec7a4713f570ceb3d27569f9421ad27fd95f0bb6499b470d0b6 +SHA512 (toolbox-0.0.99.2^1.git9820550c82bb.tar.xz) = 508e943584cf867f1f9100ba03797420c9c60c40ff029831044bf7faee2f5115c891b82fa20723ac9b3a3da0dcd57e765020793cdf0ea1680eb81f918bb03da6 diff --git a/toolbox.spec b/toolbox.spec index ec2d98e..cce09d1 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,15 +1,18 @@ Name: toolbox -Version: 0.0.99.2 +Version: 0.0.99.2^1.git9820550c82bb %global goipath github.com/containers/%{name} %gometa -Release: 3%{?dist} +Release: 1%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://github.com/containers/%{name} -Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz + +# https://github.com/containers/%%{name}/releases/download/%%{version}/%%{name}-%%{version}.tar.xz +# Snapshot tarball +Source0: %{name}-%{version}.tar.xz # Fedora specific Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch @@ -181,6 +184,9 @@ ln -s src/pkg pkg %changelog +* Wed Jul 28 2021 Oliver Gutiérrez - 0.0.99.2^1.git9820550c82bb-1 +- Updated to 0.00.99.2^1.git9820550c82bb snapshot + * Wed Jul 28 2021 Ondřej Míchal - 0.0.99.2-3 - Update dependencies of -tests subpackage From 05525c1a8e2cd18174c12e76c633dbb0c5cff42a Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Wed, 28 Jul 2021 17:30:50 +0100 Subject: [PATCH 014/145] Updated sources tarball --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index 2ec0d0c..2d3a899 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2^1.git9820550c82bb.tar.xz) = 508e943584cf867f1f9100ba03797420c9c60c40ff029831044bf7faee2f5115c891b82fa20723ac9b3a3da0dcd57e765020793cdf0ea1680eb81f918bb03da6 +SHA512 (toolbox-0.0.99.2^1.git9820550c82bb.tar.xz) = b131e7fcac664cc9eeb25ae781e6409ee398e31fb1aef4240f31da889600e96feb7e8a4ec0fd37b9b772ce0a37e7c5f6623f390ea6c250c725ae32b36615d209 From afdd5f1cb8568e1a406527675270870fb38415da Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Wed, 28 Jul 2021 17:54:13 +0100 Subject: [PATCH 015/145] Added missing configuration file --- toolbox.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/toolbox.spec b/toolbox.spec index cce09d1..82b1594 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -172,6 +172,7 @@ ln -s src/pkg pkg %{_datadir}/bash-completion %{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{name}-*.1* +%config(noreplace) %{_sysconfdir}/containers/%{name}.conf %{_sysconfdir}/profile.d/%{name}.sh %{_tmpfilesdir}/%{name}.conf From c3bb2b8822238d88fb994b913ec79dd728d43fb7 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Wed, 28 Jul 2021 18:23:06 +0100 Subject: [PATCH 016/145] Rebased toolbox-Don-t-use-Go-s-semantic-import-versioning.patch --- ...-use-Go-s-semantic-import-versioning.patch | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch b/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch index a39257b..bd9e9a7 100644 --- a/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch +++ b/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch @@ -1,12 +1,13 @@ -From 4039c49b0cd2111cd1c505b9a9aef25aeebb6a0e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Harry=20M=C3=ADchal?= -Date: Sat, 27 Jun 2020 16:17:56 +0200 +From c6e3a241c54fb16494d129bb8a455e874e0ba1ba Mon Sep 17 00:00:00 2001 +From: Oliver Gutierrez +Date: Wed, 28 Jul 2021 17:58:48 +0100 Subject: [PATCH] Don't use Go's semantic import versioning Fedora doesn't support Go modules when building Go programs. This means that source code using semantic import versioning can't be built. https://github.com/containers/toolbox/pull/484 + --- src/cmd/create.go | 2 +- src/go.mod | 2 +- @@ -15,7 +16,7 @@ https://github.com/containers/toolbox/pull/484 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/cmd/create.go b/src/cmd/create.go -index 50938890b22f..29bc0f2c42f7 100644 +index 8b31365..502f691 100644 --- a/src/cmd/create.go +++ b/src/cmd/create.go @@ -28,7 +28,7 @@ import ( @@ -28,7 +29,7 @@ index 50938890b22f..29bc0f2c42f7 100644 "github.com/spf13/cobra" "golang.org/x/crypto/ssh/terminal" diff --git a/src/go.mod b/src/go.mod -index 219d3d578992..7e1a6807fd7e 100644 +index cce3e5a..eb7f70c 100644 --- a/src/go.mod +++ b/src/go.mod @@ -8,7 +8,7 @@ require ( @@ -41,10 +42,10 @@ index 219d3d578992..7e1a6807fd7e 100644 github.com/sirupsen/logrus v1.4.2 github.com/spf13/cobra v0.0.5 diff --git a/src/go.sum b/src/go.sum -index 5a03a6823698..d9ce63604fcf 100644 +index fbad155..737f058 100644 --- a/src/go.sum +++ b/src/go.sum -@@ -18,8 +18,8 @@ github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= +@@ -20,8 +20,8 @@ github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -52,11 +53,11 @@ index 5a03a6823698..d9ce63604fcf 100644 -github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus v4.1.0+incompatible h1:WqqLRTsQic3apZUK9qC5sGNfXthmPXzUZ7nQPrNITa4= +github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= + github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= - github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go -index 5455298cbce4..3f7fc26147fc 100644 +index ae7c596..4d1556a 100644 --- a/src/pkg/utils/utils.go +++ b/src/pkg/utils/utils.go @@ -33,7 +33,7 @@ import ( @@ -66,8 +67,8 @@ index 5455298cbce4..3f7fc26147fc 100644 - "github.com/godbus/dbus/v5" + "github.com/godbus/dbus" "github.com/sirupsen/logrus" + "github.com/spf13/viper" "golang.org/x/sys/unix" - ) -- -2.25.4 +2.31.1 From 8b5e9510378c851396c5db8eb353864403f1a6f4 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Thu, 29 Jul 2021 14:27:25 +0100 Subject: [PATCH 017/145] Updated to 0.0.99.2^2.git40fbd377ed0b snapshot --- .gitignore | 1 + sources | 2 +- toolbox-Don-t-use-Go-s-semantic-import-versioning.patch | 8 +++----- toolbox.spec | 5 ++++- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 9d7f95f..6a0a574 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /toolbox-0.0.99.2.tar.xz /toolbox-0.0.99.2-1.git9820550c82bb.tar.xz /toolbox-0.0.99.2^1.git9820550c82bb.tar.xz +/toolbox-0.0.99.2^2.git40fbd377ed0b.tar.xz diff --git a/sources b/sources index 2d3a899..688c20a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2^1.git9820550c82bb.tar.xz) = b131e7fcac664cc9eeb25ae781e6409ee398e31fb1aef4240f31da889600e96feb7e8a4ec0fd37b9b772ce0a37e7c5f6623f390ea6c250c725ae32b36615d209 +SHA512 (toolbox-0.0.99.2^2.git40fbd377ed0b.tar.xz) = 5abc37f4e1c3accd29976fbb9d303ab3b3f0457543563d24d11346cf09cc546cfb879139e58251ce82e955e13f3e69bd964cdbb8acb6ad0e9009a58b78d635c9 diff --git a/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch b/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch index bd9e9a7..8cdae9c 100644 --- a/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch +++ b/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch @@ -1,13 +1,11 @@ -From c6e3a241c54fb16494d129bb8a455e874e0ba1ba Mon Sep 17 00:00:00 2001 -From: Oliver Gutierrez -Date: Wed, 28 Jul 2021 17:58:48 +0100 +From 40fbd377ed0b94060ae5fb2a60289500b66486dc Mon Sep 17 00:00:00 2001 +From: Oliver Gutierrez +Date: Thu, 29 Jul 2021 14:12:41 +0100 Subject: [PATCH] Don't use Go's semantic import versioning Fedora doesn't support Go modules when building Go programs. This means that source code using semantic import versioning can't be built. -https://github.com/containers/toolbox/pull/484 - --- src/cmd/create.go | 2 +- src/go.mod | 2 +- diff --git a/toolbox.spec b/toolbox.spec index 82b1594..d746e7b 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,5 +1,5 @@ Name: toolbox -Version: 0.0.99.2^1.git9820550c82bb +Version: 0.0.99.2^2.git40fbd377ed0b %global goipath github.com/containers/%{name} %gometa @@ -185,6 +185,9 @@ ln -s src/pkg pkg %changelog +* Thu Jul 29 2021 Oliver Gutiérrez - 0.0.99.2^2.git40fbd377ed0b-1 +- Updated to 0.0.99.2^2.git40fbd377ed0b snapshot + * Wed Jul 28 2021 Oliver Gutiérrez - 0.0.99.2^1.git9820550c82bb-1 - Updated to 0.00.99.2^1.git9820550c82bb snapshot From 10d00acf901454e88bec937a854263bf8f6b6fcb Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Mon, 9 Aug 2021 19:09:23 +0100 Subject: [PATCH 018/145] Updated to 0.0.99.2^3.git075b9a8d2779 snapshot --- .gitignore | 1 + sources | 2 +- toolbox.spec | 5 ++++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 6a0a574..03742d2 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ /toolbox-0.0.99.2-1.git9820550c82bb.tar.xz /toolbox-0.0.99.2^1.git9820550c82bb.tar.xz /toolbox-0.0.99.2^2.git40fbd377ed0b.tar.xz +/toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz diff --git a/sources b/sources index 688c20a..529eaaf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2^2.git40fbd377ed0b.tar.xz) = 5abc37f4e1c3accd29976fbb9d303ab3b3f0457543563d24d11346cf09cc546cfb879139e58251ce82e955e13f3e69bd964cdbb8acb6ad0e9009a58b78d635c9 +SHA512 (toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz) = e9ebb306fa3fe72dede4d08e1428dbfde12fe44274b4ea7cd356cba28a90daff728c4182f13e20f8a05603aeefb4cf484611805dac2776ab38c37764e6069c5d diff --git a/toolbox.spec b/toolbox.spec index d746e7b..7f95195 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,5 +1,5 @@ Name: toolbox -Version: 0.0.99.2^2.git40fbd377ed0b +Version: 0.0.99.2^3.git075b9a8d2779 %global goipath github.com/containers/%{name} %gometa @@ -185,6 +185,9 @@ ln -s src/pkg pkg %changelog +* Mon Aug 09 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-1 +- Updated to 0.0.99.2^3.git075b9a8d2779 snapshot + * Thu Jul 29 2021 Oliver Gutiérrez - 0.0.99.2^2.git40fbd377ed0b-1 - Updated to 0.0.99.2^2.git40fbd377ed0b snapshot From f8eb06d3a52cc3949c01bb8f46f9431959bf157b Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 17 Aug 2021 18:15:50 +0200 Subject: [PATCH 019/145] Require containers-common for ownership of %%{_sysconfdir}/containers --- toolbox.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 7f95195..3a0dfce 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2^3.git075b9a8d2779 %global goipath github.com/containers/%{name} %gometa -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -37,6 +37,7 @@ BuildRequires: meson BuildRequires: pkgconfig(bash-completion) BuildRequires: systemd +Requires: containers-common Requires: flatpak-session-helper Requires: podman >= 1.4.0 @@ -185,6 +186,9 @@ ln -s src/pkg pkg %changelog +* Wed Aug 18 2021 Debarshi Ray - 0.0.99.2^3.git075b9a8d2779-2 +- Require containers-common for ownership of %%{_sysconfdir}/containers + * Mon Aug 09 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-1 - Updated to 0.0.99.2^3.git075b9a8d2779 snapshot From 4d43cbffea146b2c662c514f9b7d2996f0ba05f3 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Wed, 18 Aug 2021 12:41:51 +0100 Subject: [PATCH 020/145] Added fedora gating --- gating.yaml | 9 +++ tests/roles/nonroot_user/tasks/main.yml | 7 ++ .../run_bats_tests/files/run_bats_tests.sh | 72 +++++++++++++++++++ tests/roles/run_bats_tests/tasks/main.yml | 37 ++++++++++ .../run_bats_tests/tasks/run_one_test.yml | 52 ++++++++++++++ tests/tests.yml | 11 +++ 6 files changed, 188 insertions(+) create mode 100644 gating.yaml create mode 100644 tests/roles/nonroot_user/tasks/main.yml create mode 100755 tests/roles/run_bats_tests/files/run_bats_tests.sh create mode 100644 tests/roles/run_bats_tests/tasks/main.yml create mode 100644 tests/roles/run_bats_tests/tasks/run_one_test.yml create mode 100644 tests/tests.yml diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..5ab3627 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,9 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: + - bodhi_update_push_stable + - bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/tests/roles/nonroot_user/tasks/main.yml b/tests/roles/nonroot_user/tasks/main.yml new file mode 100644 index 0000000..51bf44a --- /dev/null +++ b/tests/roles/nonroot_user/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: create nonroot user + user: + name: testuser + shell: /bin/bash +- name: enable linger + command: loginctl enable-linger testuser diff --git a/tests/roles/run_bats_tests/files/run_bats_tests.sh b/tests/roles/run_bats_tests/files/run_bats_tests.sh new file mode 100755 index 0000000..e9f5f5f --- /dev/null +++ b/tests/roles/run_bats_tests/files/run_bats_tests.sh @@ -0,0 +1,72 @@ +#!/bin/bash +# +# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman +# +# This is invoked by the 'run_bats_tests' role; we assume that +# the package foo has a foo-tests subpackage which provides the +# directory /usr/share/foo/test/system, containing one or more .bats +# test files. +# + +export PATH=/usr/local/bin:/usr/sbin:/usr/bin + +FULL_LOG=/tmp/test.debug.log +BATS_LOG=/tmp/test.bats.log +rm -f $FULL_LOG $BATS_LOG +touch $FULL_LOG $BATS_LOG + +exec &> $FULL_LOG + +# Log program versions +echo "Packages:" +rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests + +echo "------------------------------" +printenv | sort + +testdir=/usr/share/${TEST_PACKAGE}/test/system + +if ! cd $testdir; then + echo "FAIL ${TEST_NAME} : cd $testdir" >> /tmp/test.log + exit 0 +fi + +if [ -e /tmp/helper.sh ]; then + echo "------------------------------" + echo ". /tmp/helper.sh" + . /tmp/helper.sh +fi + +if [ "$(type -t setup)" = "function" ]; then + echo "------------------------------" + echo "\$ setup" + setup + if [ $? -ne 0 ]; then + echo "FAIL ${TEST_NAME} : setup" >> /tmp/test.log + exit 0 + fi +fi + +echo "------------------------------" +echo "\$ bats ." +bats . &> $BATS_LOG +rc=$? + +echo "------------------------------" +echo "bats completed with status $rc" + +status=PASS +if [ $rc -ne 0 ]; then + status=FAIL +fi + +echo "${status} ${TEST_NAME}" >> /tmp/test.log + +if [ "$(type -t teardown)" = "function" ]; then + echo "------------------------------" + echo "\$ teardown" + teardown +fi + +# FIXME: for CI purposes, always exit 0. This allows subsequent tests. +exit 0 diff --git a/tests/roles/run_bats_tests/tasks/main.yml b/tests/roles/run_bats_tests/tasks/main.yml new file mode 100644 index 0000000..da79a4c --- /dev/null +++ b/tests/roles/run_bats_tests/tasks/main.yml @@ -0,0 +1,37 @@ +--- +# Create empty results file, world-writable +- name: initialize test.log file + copy: dest=/tmp/test.log content='' force=yes mode=0666 + +- name: execute tests + include: run_one_test.yml + with_items: "{{ tests }}" + loop_control: + loop_var: test + +- name: pull test.log results + fetch: + src: "/tmp/test.log" + dest: "{{ artifacts }}/test.log" + flat: yes + +# Copied from standard-test-basic +- name: check results + shell: grep "^FAIL" /tmp/test.log + register: test_fails + # Never fail at this step. Just store result of tests. + failed_when: False + +- name: preserve results + set_fact: + role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}" + role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}" + +- name: display results + vars: + msg: | + Tests failed: {{ role_result_failed|d('Undefined') }} + Tests msg: {{ role_result_msg|d('None') }} + debug: + msg: "{{ msg.split('\n') }}" + failed_when: "role_result_failed|bool" diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml new file mode 100644 index 0000000..b44ed42 --- /dev/null +++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml @@ -0,0 +1,52 @@ +--- +- name: "{{ test.name }} | install test packages" + dnf: name="{{ test.package }}-tests" state=installed + +- name: "{{ test.name }} | define helper variables" + set_fact: + test_name_oneword: "{{ test.name | replace(' ','-') }}" + +# UGH. This is necessary because our caller sets some environment variables +# and we need to set a few more based on other caller variables; then we +# need to combine the two dicts when running the test. This seems to be +# the only way to do it in ansible. +- name: "{{ test.name }} | define local environment" + set_fact: + local_environment: + TEST_NAME: "{{ test.name }}" + TEST_PACKAGE: "{{ test.package }}" + TEST_ENV: "{{ test.environment }}" + +- name: "{{ test.name }} | setup/teardown helper | see if exists" + local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh + register: helper + +- name: "{{ test.name }} | setup/teardown helper | install" + copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh + when: helper.stat.exists + +- name: "{{ test.name }} | run test" + script: ./run_bats_tests.sh + args: + chdir: /usr/share/{{ test.package }}/test/system + become: "{{ true if test.become is defined else false }}" + become_user: testuser + environment: "{{ local_environment | combine(test.environment) }}" + +- name: "{{ test.name }} | pull logs" + fetch: + src: "/tmp/test.{{ item }}.log" + dest: "{{ artifacts }}/test.{{ test_name_oneword }}.{{ item }}.log" + flat: yes + with_items: + - bats + - debug + +- name: "{{ test.name }} | remove remote logs and helpers" + file: + dest=/tmp/{{ item }} + state=absent + with_items: + - test.bats.log + - test.debug.log + - helper.sh diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..3994a4a --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,11 @@ +--- +- hosts: localhost + tags: classic + vars: + - artifacts: ./artifacts + roles: + - role: nonroot_user + - role: run_bats_tests + tests: + - name: toolbox + package: toolbox \ No newline at end of file From 28e80567715dbd3de39386f2316d7144a9709049 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Wed, 18 Aug 2021 12:44:07 +0100 Subject: [PATCH 021/145] Updated specfile for gating execution --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 3a0dfce..2ec2add 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2^3.git075b9a8d2779 %global goipath github.com/containers/%{name} %gometa -Release: 2%{?dist} +Release: 3%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -186,6 +186,9 @@ ln -s src/pkg pkg %changelog +* Wed Aug 18 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-3 +- Added Fedora gating + * Wed Aug 18 2021 Debarshi Ray - 0.0.99.2^3.git075b9a8d2779-2 - Require containers-common for ownership of %%{_sysconfdir}/containers From 146838a614a09630a67148507364ffeed50d029c Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Fri, 20 Aug 2021 10:37:29 +0100 Subject: [PATCH 022/145] Fixed errors in gating ansible playbook --- tests/roles/run_bats_tests/tasks/run_one_test.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml index b44ed42..839e64d 100644 --- a/tests/roles/run_bats_tests/tasks/run_one_test.yml +++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml @@ -2,7 +2,7 @@ - name: "{{ test.name }} | install test packages" dnf: name="{{ test.package }}-tests" state=installed -- name: "{{ test.name }} | define helper variables" +- name: "{{ test.name }} | define helper variables" set_fact: test_name_oneword: "{{ test.name | replace(' ','-') }}" @@ -15,7 +15,6 @@ local_environment: TEST_NAME: "{{ test.name }}" TEST_PACKAGE: "{{ test.package }}" - TEST_ENV: "{{ test.environment }}" - name: "{{ test.name }} | setup/teardown helper | see if exists" local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh @@ -31,7 +30,6 @@ chdir: /usr/share/{{ test.package }}/test/system become: "{{ true if test.become is defined else false }}" become_user: testuser - environment: "{{ local_environment | combine(test.environment) }}" - name: "{{ test.name }} | pull logs" fetch: From cff1e3addf0d80b44202cc0ed79616beb5740cce Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Fri, 20 Aug 2021 10:40:24 +0100 Subject: [PATCH 023/145] Fixed missing environment in gating ansible playbook --- tests/roles/run_bats_tests/tasks/run_one_test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml index 839e64d..218b7f9 100644 --- a/tests/roles/run_bats_tests/tasks/run_one_test.yml +++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml @@ -30,6 +30,7 @@ chdir: /usr/share/{{ test.package }}/test/system become: "{{ true if test.become is defined else false }}" become_user: testuser + environment: "{{ local_environment }}" - name: "{{ test.name }} | pull logs" fetch: From a6a68d9aae80c2340736c8e343111b304d792587 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Fri, 20 Aug 2021 11:30:18 +0100 Subject: [PATCH 024/145] Version bump to build and check fedora gating --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 2ec2add..cf7221b 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2^3.git075b9a8d2779 %global goipath github.com/containers/%{name} %gometa -Release: 3%{?dist} +Release: 4%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -186,6 +186,9 @@ ln -s src/pkg pkg %changelog +* Fri Aug 20 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-4 +- Version bump to build and check fedora gating + * Wed Aug 18 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-3 - Added Fedora gating From 4fbf8c365e96a593ed49f50fe503bf9126b5ca50 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Mon, 23 Aug 2021 19:25:13 +0100 Subject: [PATCH 025/145] Fixed playbooks for gating --- tests/roles/run_bats_tests/tasks/run_one_test.yml | 5 +++-- tests/tests.yml | 6 +++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml index 218b7f9..b44ed42 100644 --- a/tests/roles/run_bats_tests/tasks/run_one_test.yml +++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml @@ -2,7 +2,7 @@ - name: "{{ test.name }} | install test packages" dnf: name="{{ test.package }}-tests" state=installed -- name: "{{ test.name }} | define helper variables" +- name: "{{ test.name }} | define helper variables" set_fact: test_name_oneword: "{{ test.name | replace(' ','-') }}" @@ -15,6 +15,7 @@ local_environment: TEST_NAME: "{{ test.name }}" TEST_PACKAGE: "{{ test.package }}" + TEST_ENV: "{{ test.environment }}" - name: "{{ test.name }} | setup/teardown helper | see if exists" local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh @@ -30,7 +31,7 @@ chdir: /usr/share/{{ test.package }}/test/system become: "{{ true if test.become is defined else false }}" become_user: testuser - environment: "{{ local_environment }}" + environment: "{{ local_environment | combine(test.environment) }}" - name: "{{ test.name }} | pull logs" fetch: diff --git a/tests/tests.yml b/tests/tests.yml index 3994a4a..0048a3e 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -8,4 +8,8 @@ - role: run_bats_tests tests: - name: toolbox - package: toolbox \ No newline at end of file + package: toolbox + environment: + PODMAN: /usr/bin/podman + become: true + \ No newline at end of file From 482da6793f86d3d57f792685575c2656e45c7244 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Mon, 23 Aug 2021 19:26:50 +0100 Subject: [PATCH 026/145] Bumped version for rerun gating after updating the ansible playbooks --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index cf7221b..bdbf5cf 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2^3.git075b9a8d2779 %global goipath github.com/containers/%{name} %gometa -Release: 4%{?dist} +Release: 5%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -186,6 +186,9 @@ ln -s src/pkg pkg %changelog +* Mon Aug 23 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-5 +- Version bump to build and check fedora gating after fixing ansible playbooks + * Fri Aug 20 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-4 - Version bump to build and check fedora gating From c208cde9a4ac8ee7a0153475bca5a3b4cc06353f Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Wed, 25 Aug 2021 15:24:37 +0100 Subject: [PATCH 027/145] Added gating and version bump for gating checks --- gating.yaml | 9 +++ tests/roles/nonroot_user/tasks/main.yml | 7 ++ .../run_bats_tests/files/run_bats_tests.sh | 72 +++++++++++++++++++ tests/roles/run_bats_tests/tasks/main.yml | 37 ++++++++++ .../run_bats_tests/tasks/run_one_test.yml | 52 ++++++++++++++ tests/tests.yml | 15 ++++ toolbox.spec | 5 +- 7 files changed, 196 insertions(+), 1 deletion(-) create mode 100644 gating.yaml create mode 100644 tests/roles/nonroot_user/tasks/main.yml create mode 100755 tests/roles/run_bats_tests/files/run_bats_tests.sh create mode 100644 tests/roles/run_bats_tests/tasks/main.yml create mode 100644 tests/roles/run_bats_tests/tasks/run_one_test.yml create mode 100644 tests/tests.yml diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..5ab3627 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,9 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: + - bodhi_update_push_stable + - bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/tests/roles/nonroot_user/tasks/main.yml b/tests/roles/nonroot_user/tasks/main.yml new file mode 100644 index 0000000..51bf44a --- /dev/null +++ b/tests/roles/nonroot_user/tasks/main.yml @@ -0,0 +1,7 @@ +--- +- name: create nonroot user + user: + name: testuser + shell: /bin/bash +- name: enable linger + command: loginctl enable-linger testuser diff --git a/tests/roles/run_bats_tests/files/run_bats_tests.sh b/tests/roles/run_bats_tests/files/run_bats_tests.sh new file mode 100755 index 0000000..e9f5f5f --- /dev/null +++ b/tests/roles/run_bats_tests/files/run_bats_tests.sh @@ -0,0 +1,72 @@ +#!/bin/bash +# +# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman +# +# This is invoked by the 'run_bats_tests' role; we assume that +# the package foo has a foo-tests subpackage which provides the +# directory /usr/share/foo/test/system, containing one or more .bats +# test files. +# + +export PATH=/usr/local/bin:/usr/sbin:/usr/bin + +FULL_LOG=/tmp/test.debug.log +BATS_LOG=/tmp/test.bats.log +rm -f $FULL_LOG $BATS_LOG +touch $FULL_LOG $BATS_LOG + +exec &> $FULL_LOG + +# Log program versions +echo "Packages:" +rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests + +echo "------------------------------" +printenv | sort + +testdir=/usr/share/${TEST_PACKAGE}/test/system + +if ! cd $testdir; then + echo "FAIL ${TEST_NAME} : cd $testdir" >> /tmp/test.log + exit 0 +fi + +if [ -e /tmp/helper.sh ]; then + echo "------------------------------" + echo ". /tmp/helper.sh" + . /tmp/helper.sh +fi + +if [ "$(type -t setup)" = "function" ]; then + echo "------------------------------" + echo "\$ setup" + setup + if [ $? -ne 0 ]; then + echo "FAIL ${TEST_NAME} : setup" >> /tmp/test.log + exit 0 + fi +fi + +echo "------------------------------" +echo "\$ bats ." +bats . &> $BATS_LOG +rc=$? + +echo "------------------------------" +echo "bats completed with status $rc" + +status=PASS +if [ $rc -ne 0 ]; then + status=FAIL +fi + +echo "${status} ${TEST_NAME}" >> /tmp/test.log + +if [ "$(type -t teardown)" = "function" ]; then + echo "------------------------------" + echo "\$ teardown" + teardown +fi + +# FIXME: for CI purposes, always exit 0. This allows subsequent tests. +exit 0 diff --git a/tests/roles/run_bats_tests/tasks/main.yml b/tests/roles/run_bats_tests/tasks/main.yml new file mode 100644 index 0000000..da79a4c --- /dev/null +++ b/tests/roles/run_bats_tests/tasks/main.yml @@ -0,0 +1,37 @@ +--- +# Create empty results file, world-writable +- name: initialize test.log file + copy: dest=/tmp/test.log content='' force=yes mode=0666 + +- name: execute tests + include: run_one_test.yml + with_items: "{{ tests }}" + loop_control: + loop_var: test + +- name: pull test.log results + fetch: + src: "/tmp/test.log" + dest: "{{ artifacts }}/test.log" + flat: yes + +# Copied from standard-test-basic +- name: check results + shell: grep "^FAIL" /tmp/test.log + register: test_fails + # Never fail at this step. Just store result of tests. + failed_when: False + +- name: preserve results + set_fact: + role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}" + role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}" + +- name: display results + vars: + msg: | + Tests failed: {{ role_result_failed|d('Undefined') }} + Tests msg: {{ role_result_msg|d('None') }} + debug: + msg: "{{ msg.split('\n') }}" + failed_when: "role_result_failed|bool" diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml new file mode 100644 index 0000000..b44ed42 --- /dev/null +++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml @@ -0,0 +1,52 @@ +--- +- name: "{{ test.name }} | install test packages" + dnf: name="{{ test.package }}-tests" state=installed + +- name: "{{ test.name }} | define helper variables" + set_fact: + test_name_oneword: "{{ test.name | replace(' ','-') }}" + +# UGH. This is necessary because our caller sets some environment variables +# and we need to set a few more based on other caller variables; then we +# need to combine the two dicts when running the test. This seems to be +# the only way to do it in ansible. +- name: "{{ test.name }} | define local environment" + set_fact: + local_environment: + TEST_NAME: "{{ test.name }}" + TEST_PACKAGE: "{{ test.package }}" + TEST_ENV: "{{ test.environment }}" + +- name: "{{ test.name }} | setup/teardown helper | see if exists" + local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh + register: helper + +- name: "{{ test.name }} | setup/teardown helper | install" + copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh + when: helper.stat.exists + +- name: "{{ test.name }} | run test" + script: ./run_bats_tests.sh + args: + chdir: /usr/share/{{ test.package }}/test/system + become: "{{ true if test.become is defined else false }}" + become_user: testuser + environment: "{{ local_environment | combine(test.environment) }}" + +- name: "{{ test.name }} | pull logs" + fetch: + src: "/tmp/test.{{ item }}.log" + dest: "{{ artifacts }}/test.{{ test_name_oneword }}.{{ item }}.log" + flat: yes + with_items: + - bats + - debug + +- name: "{{ test.name }} | remove remote logs and helpers" + file: + dest=/tmp/{{ item }} + state=absent + with_items: + - test.bats.log + - test.debug.log + - helper.sh diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..0048a3e --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,15 @@ +--- +- hosts: localhost + tags: classic + vars: + - artifacts: ./artifacts + roles: + - role: nonroot_user + - role: run_bats_tests + tests: + - name: toolbox + package: toolbox + environment: + PODMAN: /usr/bin/podman + become: true + \ No newline at end of file diff --git a/toolbox.spec b/toolbox.spec index ebbe463..f964fd9 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -177,6 +177,9 @@ ln -s src/pkg pkg %changelog +* Sat Jun 26 2021 Debarshi Ray - 0.0.99.2-2 +- Rebuild for gating checks + * Sat Jun 26 2021 Debarshi Ray - 0.0.99.2-1 - Update to 0.0.99.2 From fb735e6175fa20f21c2f291379ac9ccf734bab7f Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Thu, 26 Aug 2021 11:47:43 +0100 Subject: [PATCH 028/145] Updated sources to 0.0.99.2^3.git075b9a8d2779 snapshot --- .gitignore | 1 + sources | 2 +- toolbox.spec | 7 +++++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 51193d6..399488c 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ /toolbox-0.0.99.tar.xz /toolbox-0.0.99.1.tar.xz /toolbox-0.0.99.2.tar.xz +/toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz diff --git a/sources b/sources index c553232..529eaaf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2.tar.xz) = 8e775d500755181f22f62dde4da32d5eff446590e54587633a545f880e9d58dc36ace9e7b37e5ec7a4713f570ceb3d27569f9421ad27fd95f0bb6499b470d0b6 +SHA512 (toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz) = e9ebb306fa3fe72dede4d08e1428dbfde12fe44274b4ea7cd356cba28a90daff728c4182f13e20f8a05603aeefb4cf484611805dac2776ab38c37764e6069c5d diff --git a/toolbox.spec b/toolbox.spec index f964fd9..4cc5c43 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,10 +1,10 @@ Name: toolbox -Version: 0.0.99.2 +Version: 0.0.99.2^3.git075b9a8d2779 %global goipath github.com/containers/%{name} %gometa -Release: 2%{?dist} +Release: 1%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -177,6 +177,9 @@ ln -s src/pkg pkg %changelog +* Thu Aug 26 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-1 +- Updated sources to 0.0.99.2^3.git075b9a8d2779 snapshot + * Sat Jun 26 2021 Debarshi Ray - 0.0.99.2-2 - Rebuild for gating checks From b6672a2359f42bddb444b6000cbd96314caa0320 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Thu, 26 Aug 2021 12:52:07 +0100 Subject: [PATCH 029/145] Updated sources to 0.0.99.2^4.git0bdfa53bb2ce snapshot Vendored required bats modules for gating tests --- .gitignore | 1 + sources | 2 +- toolbox.spec | 6 +++++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 399488c..a10a7f6 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,4 @@ /toolbox-0.0.99.1.tar.xz /toolbox-0.0.99.2.tar.xz /toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz +/toolbox-0.0.99.2^4.git0bdfa53bb2ce.tar.xz diff --git a/sources b/sources index 529eaaf..58dc18a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz) = e9ebb306fa3fe72dede4d08e1428dbfde12fe44274b4ea7cd356cba28a90daff728c4182f13e20f8a05603aeefb4cf484611805dac2776ab38c37764e6069c5d +SHA512 (toolbox-0.0.99.2^4.git0bdfa53bb2ce.tar.xz) = cbf2d9f700a1643e6e1896d9500d713f7f5ba29a46912a610b3764475821432e2b4b995b78bdd8de7ef3dae290acf62924fc98b4d2042e466a1249137917417b diff --git a/toolbox.spec b/toolbox.spec index 4cc5c43..fa332e2 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,5 +1,5 @@ Name: toolbox -Version: 0.0.99.2^3.git075b9a8d2779 +Version: 0.0.99.2^4.git0bdfa53bb2ce %global goipath github.com/containers/%{name} %gometa @@ -177,6 +177,10 @@ ln -s src/pkg pkg %changelog +* Thu Aug 26 2021 Oliver Gutiérrez - 0.0.99.2^4.git0bdfa53bb2ce-1 +- Updated sources to 0.0.99.2^4.git0bdfa53bb2ce snapshot +- Vendored required bats modules for gating tests + * Thu Aug 26 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-1 - Updated sources to 0.0.99.2^3.git075b9a8d2779 snapshot From db1d2531130699fee2eb39a913c295d09b3cbaf4 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Wed, 1 Sep 2021 14:28:29 +0100 Subject: [PATCH 030/145] Fixes required for enabling gating tests in f34 Reverted sources to 0.0.99.2 Vendored required bats modules for gating tests Added a patch for checking the XDG_RUNTIME_DIR --- sources | 2 +- ...t-of-tests-check-for-XDG_RUNTIME_DIR.patch | 123 ++++++++++++++++++ toolbox.spec | 6 + 3 files changed, 130 insertions(+), 1 deletion(-) create mode 100644 toolbox-Backport-of-tests-check-for-XDG_RUNTIME_DIR.patch diff --git a/sources b/sources index 58dc18a..f134cae 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2^4.git0bdfa53bb2ce.tar.xz) = cbf2d9f700a1643e6e1896d9500d713f7f5ba29a46912a610b3764475821432e2b4b995b78bdd8de7ef3dae290acf62924fc98b4d2042e466a1249137917417b +SHA512 (toolbox-0.0.99.2.tar.xz) = fcd081cc7d48253fd44fcb46314e471bd2aadd17fb5c5e1b5170da421f2e95226421948ef8661f28024432f5f6e1464d7780231044232da569e8f517ad62608d diff --git a/toolbox-Backport-of-tests-check-for-XDG_RUNTIME_DIR.patch b/toolbox-Backport-of-tests-check-for-XDG_RUNTIME_DIR.patch new file mode 100644 index 0000000..b9cafb5 --- /dev/null +++ b/toolbox-Backport-of-tests-check-for-XDG_RUNTIME_DIR.patch @@ -0,0 +1,123 @@ +From c0f6af1cc8d1cf881f6fd1c19bad07bb6861e16c Mon Sep 17 00:00:00 2001 +From: Oliver Gutierrez +Date: Wed, 1 Sep 2021 14:21:22 +0100 +Subject: [PATCH] Fixed tests to check for XDG_RUNTIME_DIR + +--- + test/system/002-help.bats | 4 ++++ + test/system/101-create.bats | 1 + + test/system/102-list.bats | 7 ++++--- + test/system/103-run.bats | 2 +- + test/system/104-rm.bats | 1 + + test/system/105-rmi.bats | 1 + + test/system/libs/helpers.bash | 8 ++++++++ + 7 files changed, 20 insertions(+), 4 deletions(-) + +diff --git a/test/system/002-help.bats b/test/system/002-help.bats +index 8a057dd..bf863ef 100644 +--- a/test/system/002-help.bats ++++ b/test/system/002-help.bats +@@ -4,6 +4,10 @@ load 'libs/bats-support/load' + load 'libs/bats-assert/load' + load 'libs/helpers.bash' + ++setup() { ++ check_xdg_runtime_dir ++} ++ + @test "help: Try to run toolbox with no command (shows usage screen)" { + run $TOOLBOX + +diff --git a/test/system/101-create.bats b/test/system/101-create.bats +index dfb4d89..63d4fcb 100644 +--- a/test/system/101-create.bats ++++ b/test/system/101-create.bats +@@ -5,6 +5,7 @@ load 'libs/bats-assert/load' + load 'libs/helpers' + + setup() { ++ check_xdg_runtime_dir + cleanup_containers + } + +diff --git a/test/system/102-list.bats b/test/system/102-list.bats +index ea74645..42000c7 100644 +--- a/test/system/102-list.bats ++++ b/test/system/102-list.bats +@@ -5,6 +5,7 @@ load 'libs/bats-assert/load' + load 'libs/helpers' + + setup() { ++ check_xdg_runtime_dir + cleanup_all + } + +@@ -89,9 +90,9 @@ teardown() { + run $PODMAN build "$BATS_TMPDIR" + + assert_success +- assert_line --index 0 "STEP 1: FROM scratch" +- assert_line --index 1 "STEP 2: LABEL com.github.containers.toolbox=\"true\"" +- assert_line --index 2 "STEP 3: COMMIT" ++ assert_line --index 0 "STEP 1/2: FROM scratch" ++ assert_line --index 1 "STEP 2/2: LABEL com.github.containers.toolbox=\"true\"" ++ assert_line --index 2 "COMMIT" + assert_line --index 3 --regexp "^--> [a-z0-9]*$" + + run $TOOLBOX list +diff --git a/test/system/103-run.bats b/test/system/103-run.bats +index 8b58e42..6fc840e 100644 +--- a/test/system/103-run.bats ++++ b/test/system/103-run.bats +@@ -10,7 +10,7 @@ load 'libs/helpers' + readonly CURDIR=$PWD + + setup() { +- cd "$HOME" || return 1 ++ check_xdg_runtime_dir + cleanup_containers + } + +diff --git a/test/system/104-rm.bats b/test/system/104-rm.bats +index 9f1435b..68e3c03 100644 +--- a/test/system/104-rm.bats ++++ b/test/system/104-rm.bats +@@ -5,6 +5,7 @@ load 'libs/bats-assert/load' + load 'libs/helpers' + + setup() { ++ check_xdg_runtime_dir + cleanup_containers + } + +diff --git a/test/system/105-rmi.bats b/test/system/105-rmi.bats +index 0ef0ebe..b48f802 100644 +--- a/test/system/105-rmi.bats ++++ b/test/system/105-rmi.bats +@@ -5,6 +5,7 @@ load 'libs/bats-assert/load' + load 'libs/helpers' + + setup() { ++ check_xdg_runtime_dir + cleanup_all + } + +diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash +index d59d661..282b379 100644 +--- a/test/system/libs/helpers.bash ++++ b/test/system/libs/helpers.bash +@@ -271,3 +271,11 @@ function get_system_version() { + + echo $(awk -F= '/VERSION_ID/ {print $2}' $os_release | head -n 1) + } ++ ++ ++# Setup the XDG_RUNTIME_DIR variable if not set ++function check_xdg_runtime_dir() { ++ if [[ -z "${XDG_RUNTIME_DIR}" ]]; then ++ export XDG_RUNTIME_DIR="/run/user/${UID}" ++ fi ++} +-- +2.31.1 + diff --git a/toolbox.spec b/toolbox.spec index fa332e2..762fc2e 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -15,6 +15,7 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +Patch103: toolbox-Backport-of-tests-check-for-XDG_RUNTIME_DIR.patch BuildRequires: ShellCheck BuildRequires: golang >= 1.13 @@ -177,6 +178,11 @@ ln -s src/pkg pkg %changelog +* Wed Sep 01 2021 Oliver Gutiérrez - 0.0.99.2-3 +- Reverted sources to 0.0.99.2 +- Vendored required bats modules for gating tests +- Added a patch for checking the XDG_RUNTIME_DIR + * Thu Aug 26 2021 Oliver Gutiérrez - 0.0.99.2^4.git0bdfa53bb2ce-1 - Updated sources to 0.0.99.2^4.git0bdfa53bb2ce snapshot - Vendored required bats modules for gating tests From 57e3838fc0bfce7dace9a4ecb0eb641c915070a7 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Wed, 1 Sep 2021 14:34:47 +0100 Subject: [PATCH 031/145] Fixed specfile version numbers --- toolbox.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 762fc2e..0e65ca9 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,10 +1,10 @@ Name: toolbox -Version: 0.0.99.2^4.git0bdfa53bb2ce +Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa -Release: 1%{?dist} +Release: 3%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 From 96f60fe49612f8b1c850f1f15001a111403c9359 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Thu, 2 Sep 2021 12:29:18 +0100 Subject: [PATCH 032/145] Applied patch for XDG_RUNTIME_DIR checks in tests --- toolbox.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 0e65ca9..5a9533c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa -Release: 3%{?dist} +Release: 4%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -138,6 +138,8 @@ The %{name}-tests package contains system tests for %{name}. %patch102 -p1 %endif +%patch103 -p1 + %gomkdir From 53038fd08d15e1d3456bee96ccf6a4120023d6e4 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Thu, 2 Sep 2021 13:10:31 +0100 Subject: [PATCH 033/145] Added skopeo as dependency of tests subpackage --- toolbox.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 5a9533c..8629d55 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa -Release: 4%{?dist} +Release: 5%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -123,6 +123,7 @@ Summary: Tests for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} Requires: bats +Requires: skopeo %description tests The %{name}-tests package contains system tests for %{name}. @@ -180,6 +181,12 @@ ln -s src/pkg pkg %changelog +* Wed Sep 01 2021 Oliver Gutiérrez - 0.0.99.2-5 +- Added skopeo as dependency of tests subpackage + +* Thu Sep 02 2021 Oliver Gutiérrez - 0.0.99.2-4 +- Added directive to apply patch for checking the XDG_RUNTIME_DIR + * Wed Sep 01 2021 Oliver Gutiérrez - 0.0.99.2-3 - Reverted sources to 0.0.99.2 - Vendored required bats modules for gating tests From d08939d62d4c370b4da9c1e8133360302f361715 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Thu, 2 Sep 2021 13:11:15 +0100 Subject: [PATCH 034/145] Fixed changelog typo --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 8629d55..46729d4 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -181,7 +181,7 @@ ln -s src/pkg pkg %changelog -* Wed Sep 01 2021 Oliver Gutiérrez - 0.0.99.2-5 +* Thu Sep 02 2021 Oliver Gutiérrez - 0.0.99.2-5 - Added skopeo as dependency of tests subpackage * Thu Sep 02 2021 Oliver Gutiérrez - 0.0.99.2-4 From 08bd0ad4a2f2b75cb7394be9c389e28e0aea6cae Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Thu, 2 Sep 2021 13:44:38 +0100 Subject: [PATCH 035/145] Updated patch for tests fixes required for gating --- ...tch => toolbox-Test-fixes-for-gating.patch | 29 ++++++++++--------- toolbox.spec | 7 +++-- 2 files changed, 20 insertions(+), 16 deletions(-) rename toolbox-Backport-of-tests-check-for-XDG_RUNTIME_DIR.patch => toolbox-Test-fixes-for-gating.patch (83%) diff --git a/toolbox-Backport-of-tests-check-for-XDG_RUNTIME_DIR.patch b/toolbox-Test-fixes-for-gating.patch similarity index 83% rename from toolbox-Backport-of-tests-check-for-XDG_RUNTIME_DIR.patch rename to toolbox-Test-fixes-for-gating.patch index b9cafb5..160c1ee 100644 --- a/toolbox-Backport-of-tests-check-for-XDG_RUNTIME_DIR.patch +++ b/toolbox-Test-fixes-for-gating.patch @@ -1,17 +1,8 @@ -From c0f6af1cc8d1cf881f6fd1c19bad07bb6861e16c Mon Sep 17 00:00:00 2001 +From a0ff01b52ffc8980cba501149a4e3606481cbefb Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez -Date: Wed, 1 Sep 2021 14:21:22 +0100 -Subject: [PATCH] Fixed tests to check for XDG_RUNTIME_DIR +Date: Thu, 2 Sep 2021 13:41:14 +0100 +Subject: [PATCH] Fixes in tests for fedora gating ---- - test/system/002-help.bats | 4 ++++ - test/system/101-create.bats | 1 + - test/system/102-list.bats | 7 ++++--- - test/system/103-run.bats | 2 +- - test/system/104-rm.bats | 1 + - test/system/105-rmi.bats | 1 + - test/system/libs/helpers.bash | 8 ++++++++ - 7 files changed, 20 insertions(+), 4 deletions(-) diff --git a/test/system/002-help.bats b/test/system/002-help.bats index 8a057dd..bf863ef 100644 @@ -103,10 +94,20 @@ index 0ef0ebe..b48f802 100644 } diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash -index d59d661..282b379 100644 +index d59d661..5d48957 100644 --- a/test/system/libs/helpers.bash +++ b/test/system/libs/helpers.bash -@@ -271,3 +271,11 @@ function get_system_version() { +@@ -8,8 +8,7 @@ readonly TOOLBOX=${TOOLBOX:-toolbox} + readonly SKOPEO=$(command -v skopeo) + + # Helpful globals +-readonly PROJECT_DIR=${PWD} +-readonly IMAGE_CACHE_DIR="${PROJECT_DIR}/image-cache" ++readonly IMAGE_CACHE_DIR="${BATS_RUN_TMPDIR}/image-cache" + + # Images + declare -Ag IMAGES=([busybox]="docker.io/library/busybox" \ +@@ -271,3 +270,11 @@ function get_system_version() { echo $(awk -F= '/VERSION_ID/ {print $2}' $os_release | head -n 1) } diff --git a/toolbox.spec b/toolbox.spec index 46729d4..6f4bcb2 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa -Release: 5%{?dist} +Release: 6%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -15,7 +15,7 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch -Patch103: toolbox-Backport-of-tests-check-for-XDG_RUNTIME_DIR.patch +Patch103: toolbox-Test-fixes-for-gating.patch BuildRequires: ShellCheck BuildRequires: golang >= 1.13 @@ -181,6 +181,9 @@ ln -s src/pkg pkg %changelog +* Thu Sep 02 2021 Oliver Gutiérrez - 0.0.99.2-6 +- Updated patch for tests fixes required for gating + * Thu Sep 02 2021 Oliver Gutiérrez - 0.0.99.2-5 - Added skopeo as dependency of tests subpackage From 68dd06bbfe814f2fb09001bd543b29f8a7bab650 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Thu, 2 Sep 2021 15:09:28 +0100 Subject: [PATCH 036/145] Updated vendored sources --- .gitignore | 1 + sources | 2 +- toolbox.spec | 12 ++++++++++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a10a7f6..4dbf87b 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /toolbox-0.0.99.2.tar.xz /toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz /toolbox-0.0.99.2^4.git0bdfa53bb2ce.tar.xz +/toolbox-0.0.99.2-vendored.tar.xz diff --git a/sources b/sources index f134cae..32a6752 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2.tar.xz) = fcd081cc7d48253fd44fcb46314e471bd2aadd17fb5c5e1b5170da421f2e95226421948ef8661f28024432f5f6e1464d7780231044232da569e8f517ad62608d +SHA512 (toolbox-0.0.99.2-vendored.tar.xz) = 5cb616d3eb1860b95fdd7ea4f287dfac4add5363f8af9d5065b84de888988def967d4d02587c654bd9de08882f89ecfd35138f878b7fed15feb7f78279c1077b diff --git a/toolbox.spec b/toolbox.spec index 6f4bcb2..4fbece1 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,12 +4,17 @@ Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa -Release: 6%{?dist} +Release: 7%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://github.com/containers/%{name} -Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz +# Source0: https://github.com/containers/%%{name}/releases/download/%%{version}/%%{name}-%%{version}.tar.xz + +# Sources were vendored to include needed bats modules for gating tests +Source0: %{name}-%{version}-vendored.tar.xz + + # Fedora specific Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch @@ -181,6 +186,9 @@ ln -s src/pkg pkg %changelog +* Thu Sep 02 2021 Oliver Gutiérrez - 0.0.99.2-7 +- Updated vendored sources + * Thu Sep 02 2021 Oliver Gutiérrez - 0.0.99.2-6 - Updated patch for tests fixes required for gating From a85d23c9cd42cb2f186515c50cd6bafa491e41c6 Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Thu, 2 Sep 2021 15:24:45 +0100 Subject: [PATCH 037/145] Updated sources file --- sources | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources b/sources index 32a6752..50b43ce 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2-vendored.tar.xz) = 5cb616d3eb1860b95fdd7ea4f287dfac4add5363f8af9d5065b84de888988def967d4d02587c654bd9de08882f89ecfd35138f878b7fed15feb7f78279c1077b +SHA512 (toolbox-0.0.99.2-vendored.tar.xz) = fcd081cc7d48253fd44fcb46314e471bd2aadd17fb5c5e1b5170da421f2e95226421948ef8661f28024432f5f6e1464d7780231044232da569e8f517ad62608d From c41104fe322d504caf9e834cbaf31ef78b3fdd2b Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Thu, 9 Sep 2021 09:37:58 +0100 Subject: [PATCH 038/145] Rebuilt for gating tests --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index bdbf5cf..6723a73 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2^3.git075b9a8d2779 %global goipath github.com/containers/%{name} %gometa -Release: 5%{?dist} +Release: 6%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -186,6 +186,9 @@ ln -s src/pkg pkg %changelog +* Thu Sep 09 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-6 +- Rebuilt for gating tests + * Mon Aug 23 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-5 - Version bump to build and check fedora gating after fixing ansible playbooks From c8724926769a4e57b6a4adae4b3b9f7b32596a9d Mon Sep 17 00:00:00 2001 From: Oliver Gutierrez Date: Mon, 13 Sep 2021 16:02:32 +0100 Subject: [PATCH 039/145] Rebuilt for gating --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 6723a73..28f3942 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,7 +4,7 @@ Version: 0.0.99.2^3.git075b9a8d2779 %global goipath github.com/containers/%{name} %gometa -Release: 6%{?dist} +Release: 7%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -186,6 +186,9 @@ ln -s src/pkg pkg %changelog +* Mon Sep 13 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-7 +- Rebuilt for gating tests + * Thu Sep 09 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-6 - Rebuilt for gating tests From 30ea7f0006116a7a01f5c8d4ca89753a54f09fb9 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 22 Oct 2021 02:31:08 +0200 Subject: [PATCH 040/145] Style fix --- toolbox.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 4fbece1..24827ca 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -14,8 +14,6 @@ URL: https://github.com/containers/%{name} # Sources were vendored to include needed bats modules for gating tests Source0: %{name}-%{version}-vendored.tar.xz - - # Fedora specific Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch From 01cc5e6ecc95a53fc1188e03b5c50a965148d34a Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 22 Oct 2021 02:17:56 +0200 Subject: [PATCH 041/145] Ensure that binaries are run against their build-time ABI https://bugzilla.redhat.com/show_bug.cgi?id=1995439 --- ...are-run-against-their-build-time-ABI.patch | 262 ++++++++++++++++++ ...ags-match-Fedora-s-gobuild-for-PPC64.patch | 14 +- ...e-build-flags-match-Fedora-s-gobuild.patch | 14 +- toolbox.spec | 12 +- 4 files changed, 289 insertions(+), 13 deletions(-) create mode 100644 toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch diff --git a/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch b/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch new file mode 100644 index 0000000..9dda641 --- /dev/null +++ b/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch @@ -0,0 +1,262 @@ +From 452dc797f7ef12235e4ede83735f5d554f54b012 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 21 Oct 2021 18:59:45 +0200 +Subject: [PATCH 1/2] tmpfiles.d: Style fix + +The subsequent commit will add an entry to create a /run/host symbolic +link on the host that points to /, and it will require explicitly +skipping some of the columns. Doing the same for the existing entry +will make the file more readable. + +https://github.com/containers/toolbox/issues/821 +--- + data/tmpfiles.d/toolbox.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/tmpfiles.d/toolbox.conf b/data/tmpfiles.d/toolbox.conf +index f22b64a0f97c..bdffe7c09639 100644 +--- a/data/tmpfiles.d/toolbox.conf ++++ b/data/tmpfiles.d/toolbox.conf +@@ -1 +1 @@ +-d /run/media 0755 root root ++d /run/media 0755 root root - - +-- +2.31.1 + + +From 6063eb27b98939942e316771224c5653a9b2e59b Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 21 Oct 2021 20:22:11 +0200 +Subject: [PATCH 2/2] build: Ensure that binaries are run against their + build-time ABI + +The /usr/bin/toolbox binary is not only used to interact with toolbox +containers and images from the host. It's also used as the entry point +of the containers by bind mounting the binary from the host into the +container. This means that the /usr/bin/toolbox binary on the host must +also work inside the container, even if they have different operating +systems. + +In the past, this worked perfectly well with the POSIX shell +implementation because it got intepreted by whichever /bin/sh was +available. However, the Go implementation, can run into ABI +compatibility issues because binaries built on newer toolchains aren't +meant to be run against older runtimes. + +The previous approach [1] of restricting the versions of the glibc +symbols that are linked against isn't actually supported by glibc, and +breaks if the early process start-up code changes. This is seen in +glibc-2.34, which is used by Fedora 35 onwards, where a new version of +the __libc_start_main symbol [2] was added as part of some security +hardening: + $ objdump -T ./usr/bin/toolbox | grep GLIBC_2.34 + 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 + __libc_start_main + 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 + pthread_detach + 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 + pthread_create + 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 + pthread_attr_getstacksize + +This means that /usr/bin/toolbox binaries built against glibc-2.34 on +newer Fedoras fail to run against older glibcs in older Fedoras. + +Another option is to make the host's runtime available inside the +toolbox container and ensure that the binary always runs against it. + +Luckily, almost all supported containers have the host's /usr available +at /run/host/usr. This is exploited by embedding RPATHs or RUNPATHs to +/run/host/usr/lib and /run/host/usr/lib64 in the binary, and changing +the path of the dynamic linker (ie., PT_INTERP) to the one inside +/run/host. + +Unfortunately, there can only be one PT_INTERP entry inside the +binary, so there must be a /run/host on the host too. Therefore, a +/run/host symbolic link is created on the host that points to the +host's /. + +Based on ideas from Alexander Larsson and Ray Strode. + +[1] Commit 6ad9c631806961f3 + https://github.com/containers/toolbox/pull/534 + +[2] glibc commit 035c012e32c11e84 + https://sourceware.org/git/?p=glibc.git;a=commit;h=035c012e32c11e84 + https://sourceware.org/bugzilla/show_bug.cgi?id=23323 + +https://github.com/containers/toolbox/issues/821 +--- + data/tmpfiles.d/toolbox.conf | 1 + + meson.build | 8 ++---- + playbooks/setup-env.yaml | 1 + + src/go-build-wrapper | 17 ++++++++++--- + src/libc-wrappers/libc-wrappers.c | 42 ------------------------------- + src/libc-wrappers/meson.build | 8 ------ + src/meson.build | 4 --- + 7 files changed, 18 insertions(+), 63 deletions(-) + delete mode 100644 src/libc-wrappers/libc-wrappers.c + delete mode 100644 src/libc-wrappers/meson.build + +diff --git a/data/tmpfiles.d/toolbox.conf b/data/tmpfiles.d/toolbox.conf +index bdffe7c09639..0ddb1f08830d 100644 +--- a/data/tmpfiles.d/toolbox.conf ++++ b/data/tmpfiles.d/toolbox.conf +@@ -1 +1,2 @@ + d /run/media 0755 root root - - ++L /run/host - - - - ../ +diff --git a/meson.build b/meson.build +index b580c10fe7d8..ae228ee287d5 100644 +--- a/meson.build ++++ b/meson.build +@@ -1,17 +1,13 @@ + project( + 'toolbox', +- 'c', + version: '0.0.99.2', + license: 'ASL 2.0', +- meson_version: '>= 0.42.0', ++ meson_version: '>= 0.53.0', + ) + +-cc = meson.get_compiler('c') +-add_project_arguments('-pthread', language: 'c') +-add_project_link_arguments('-pthread', language: 'c') +- + go = find_program('go') + go_md2man = find_program('go-md2man') ++patchelf = find_program('patchelf') + shellcheck = find_program('shellcheck', required: false) + skopeo = find_program('skopeo', required: false) + +diff --git a/playbooks/setup-env.yaml b/playbooks/setup-env.yaml +index 5644f1ab01b4..7ac9b46ee3ad 100644 +--- a/playbooks/setup-env.yaml ++++ b/playbooks/setup-env.yaml +@@ -13,6 +13,7 @@ + - golang-github-cpuguy83-md2man + - meson + - ninja-build ++ - patchelf + - podman + - skopeo + - systemd +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index 0d27120da052..677dca94bd5a 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -16,9 +16,9 @@ + # + + +-if [ "$#" -ne 4 ]; then ++if [ "$#" -ne 3 ]; then + echo "go-build-wrapper: wrong arguments" >&2 +- echo "Usage: go-build-wrapper [SOURCE DIR] [OUTPUT DIR] [VERSION] [libc-wrappers.a]" >&2 ++ echo "Usage: go-build-wrapper [SOURCE DIR] [OUTPUT DIR] [VERSION]" >&2 + exit 1 + fi + +@@ -27,5 +27,16 @@ if ! cd "$1"; then + exit 1 + fi + +-go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" ++go build -trimpath -ldflags "-extldflags '-Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" ++ ++if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then ++ echo "go-build-wrapper: failed to read PT_INTERP from $2/toolbox" >&2 ++ exit 1 ++fi ++ ++if ! patchelf --set-interpreter "/run/host$interpreter" "$2/toolbox"; then ++ echo "go-build-wrapper: failed to change PT_INTERP of $2/toolbox to /run/host$interpreter" >&2 ++ exit 1 ++fi ++ + exit "$?" +diff --git a/src/libc-wrappers/libc-wrappers.c b/src/libc-wrappers/libc-wrappers.c +deleted file mode 100644 +index 7b402bc2fe78..000000000000 +--- a/src/libc-wrappers/libc-wrappers.c ++++ /dev/null +@@ -1,42 +0,0 @@ +-/* +- * Copyright © 2020 – 2021 Red Hat Inc. +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +- +-#include +- +- +-#if defined __aarch64__ +-__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.17"); +-#elif defined __arm__ +-__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.4"); +-#elif defined __i386__ +-__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.0"); +-#elif defined __powerpc64__ && _CALL_ELF == 2 /* ppc64le */ +-__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.17"); +-#elif defined __s390x__ +-__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.2"); +-#elif defined __x86_64__ +-__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.2.5"); +-#else +-#error "Please specify symbol version for pthread_sigmask" +-#endif +- +- +-int +-__wrap_pthread_sigmask (int how, const sigset_t *set, sigset_t *oldset) +-{ +- return pthread_sigmask (how, set, oldset); +-} +diff --git a/src/libc-wrappers/meson.build b/src/libc-wrappers/meson.build +deleted file mode 100644 +index 3984ce449c57..000000000000 +--- a/src/libc-wrappers/meson.build ++++ /dev/null +@@ -1,8 +0,0 @@ +-sources = files( +- 'libc-wrappers.c', +-) +- +-libc_wrappers = static_library( +- 'c-wrappers', +- sources, +-) +diff --git a/src/meson.build b/src/meson.build +index f76606da3271..759db1f1e900 100644 +--- a/src/meson.build ++++ b/src/meson.build +@@ -1,5 +1,3 @@ +-subdir('libc-wrappers') +- + go_build_wrapper_file = files('go-build-wrapper') + go_build_wrapper_program = find_program('go-build-wrapper') + +@@ -28,9 +26,7 @@ custom_target( + meson.current_source_dir(), + meson.current_build_dir(), + meson.project_version(), +- libc_wrappers.full_path(), + ], +- depends: libc_wrappers, + input: sources, + install: true, + install_dir: get_option('bindir'), +-- +2.31.1 + diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch index f5511f6..d464eea 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -1,4 +1,4 @@ -From 5ec9997c0f11bb9d1f7eee2e5014130cadc70c91 Mon Sep 17 00:00:00 2001 +From df2d42ec5aee27f9f92ce7825d020425c2dac885 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} for @@ -24,17 +24,19 @@ and should be kept updated to match Fedora's Go guidelines. Use 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 0d27120da052..03a32bc5af33 100755 +index 677dca94bd5a..e6e9caf1049e 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -27,5 +27,6 @@ if ! cd "$1"; then +@@ -27,7 +27,8 @@ if ! cd "$1"; then exit 1 fi --go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +-go build -trimpath -ldflags "-extldflags '-Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +unset LDFLAGS -+go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" - exit "$?" ++go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" + + if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then + echo "go-build-wrapper: failed to read PT_INTERP from $2/toolbox" >&2 -- 2.31.1 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch index c97e978..4aa1e11 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -1,4 +1,4 @@ -From 64c8066535dacbe37abc35485347c59df553bfbb Mon Sep 17 00:00:00 2001 +From 18cbc514c8b776c855a24cdcf8b326d592322d44 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} @@ -23,17 +23,19 @@ PPC64, and should be kept updated to match Fedora's Go guidelines. Use 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 0d27120da052..4793d29a7021 100755 +index 677dca94bd5a..581d5c82cf2f 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -27,5 +27,6 @@ if ! cd "$1"; then +@@ -27,7 +27,8 @@ if ! cd "$1"; then exit 1 fi --go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +-go build -trimpath -ldflags "-extldflags '-Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +unset LDFLAGS -+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" - exit "$?" ++go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" + + if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then + echo "go-build-wrapper: failed to read PT_INTERP from $2/toolbox" >&2 -- 2.31.1 diff --git a/toolbox.spec b/toolbox.spec index 28f3942..4aac6d1 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,10 +1,12 @@ +%global __brp_check_rpaths %{nil} + Name: toolbox Version: 0.0.99.2^3.git075b9a8d2779 %global goipath github.com/containers/%{name} %gometa -Release: 7%{?dist} +Release: 8%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -14,6 +16,9 @@ URL: https://github.com/containers/%{name} # Snapshot tarball Source0: %{name}-%{version}.tar.xz +# https://bugzilla.redhat.com/show_bug.cgi?id=1995439 +Patch0: toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch + # Fedora specific Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -34,6 +39,7 @@ BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(golang.org/x/sys/unix) BuildRequires: meson +BuildRequires: patchelf BuildRequires: pkgconfig(bash-completion) BuildRequires: systemd @@ -137,6 +143,7 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q +%patch0 -p1 %patch100 -p1 %ifnarch ppc64 @@ -186,6 +193,9 @@ ln -s src/pkg pkg %changelog +* Fri Oct 22 2021 Debarshi Ray - 0.0.99.2^3.git075b9a8d2779-8 +- Ensure that binaries are run against their build-time ABI + * Mon Sep 13 2021 Oliver Gutiérrez - 0.0.99.2^3.git075b9a8d2779-7 - Rebuilt for gating tests From 70f5d2352ccbbbaf81dc36d6f0a2a58a4b1d4762 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 25 Oct 2021 13:33:41 +0200 Subject: [PATCH 042/145] Restore backwards compatibility with existing containers https://bugzilla.redhat.com/show_bug.cgi?id=1995439 --- ...are-run-against-their-build-time-ABI.patch | 279 +++++++++++++++++- toolbox.spec | 5 +- 2 files changed, 281 insertions(+), 3 deletions(-) diff --git a/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch b/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch index 9dda641..21892d0 100644 --- a/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch +++ b/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch @@ -1,7 +1,7 @@ From 452dc797f7ef12235e4ede83735f5d554f54b012 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 21 Oct 2021 18:59:45 +0200 -Subject: [PATCH 1/2] tmpfiles.d: Style fix +Subject: [PATCH 1/5] tmpfiles.d: Style fix The subsequent commit will add an entry to create a /run/host symbolic link on the host that points to /, and it will require explicitly @@ -27,7 +27,7 @@ index f22b64a0f97c..bdffe7c09639 100644 From 6063eb27b98939942e316771224c5653a9b2e59b Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 21 Oct 2021 20:22:11 +0200 -Subject: [PATCH 2/2] build: Ensure that binaries are run against their +Subject: [PATCH 2/5] build: Ensure that binaries are run against their build-time ABI The /usr/bin/toolbox binary is not only used to interact with toolbox @@ -260,3 +260,278 @@ index f76606da3271..759db1f1e900 100644 -- 2.31.1 + +From c33075f3e1c0bad9883caa8d8f7c8ca3d947d2ea Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= +Date: Fri, 22 Oct 2021 15:21:41 +0300 +Subject: [PATCH 3/5] playbooks: Unify test setup for system & unit tests + +There is no significant benefit in keeping this configuration separated. +Now the to-be installed packages are tracked in a single place and the +test playbooks only call the relevant tests. + +This was pointed out by in 6063eb27b98939942e316771224c5653a9b2e59b + +https://github.com/containers/toolbox/pull/898 +--- + .zuul.yaml | 1 + + playbooks/setup-env.yaml | 18 ++++++++++++++++++ + playbooks/system-test.yaml | 24 +----------------------- + playbooks/unit-test.yaml | 21 --------------------- + 4 files changed, 20 insertions(+), 44 deletions(-) + +diff --git a/.zuul.yaml b/.zuul.yaml +index 1ec2f59738eb..1543b8a04b51 100644 +--- a/.zuul.yaml ++++ b/.zuul.yaml +@@ -7,6 +7,7 @@ + nodes: + - name: ci-node-33 + label: cloud-fedora-33-small ++ pre-run: playbooks/setup-env.yaml + run: playbooks/unit-test.yaml + + - job: +diff --git a/playbooks/setup-env.yaml b/playbooks/setup-env.yaml +index 7ac9b46ee3ad..460ca9977a9e 100644 +--- a/playbooks/setup-env.yaml ++++ b/playbooks/setup-env.yaml +@@ -40,3 +40,21 @@ + + - name: Show podman debug information + command: podman info --debug ++ ++ - name: Set up build directory ++ command: meson builddir ++ args: ++ chdir: '{{ zuul.project.src_dir }}' ++ ++ - name: Build Toolbox ++ command: ninja -C builddir ++ args: ++ chdir: '{{ zuul.project.src_dir }}' ++ creates: builddir/src/toolbox ++ ++ - name: Install Toolbox ++ become: yes ++ command: ninja -C builddir install ++ args: ++ chdir: '{{ zuul.project.src_dir }}' ++ creates: /usr/local/bin/toolbox +diff --git a/playbooks/system-test.yaml b/playbooks/system-test.yaml +index c2eff3f0d77a..0249548acc5d 100644 +--- a/playbooks/system-test.yaml ++++ b/playbooks/system-test.yaml +@@ -1,32 +1,10 @@ + --- + - hosts: all +- +- vars: +- toolbox_bin: '/usr/local/bin/toolbox' +- + tasks: +- - name: Set up build directory +- command: meson builddir +- args: +- chdir: '{{ zuul.project.src_dir }}' +- +- - name: Build Toolbox +- command: ninja -C builddir +- args: +- chdir: '{{ zuul.project.src_dir }}' +- creates: builddir/src/toolbox +- +- - name: Install Toolbox +- become: yes +- command: ninja -C builddir install +- args: +- chdir: '{{ zuul.project.src_dir }}' +- creates: '{{ toolbox_bin }}' +- + - name: Run system tests + command: bats --timing ./test/system + environment: + PODMAN: '/usr/bin/podman' +- TOOLBOX: '{{ toolbox_bin }}' ++ TOOLBOX: '/usr/local/bin/toolbox' + args: + chdir: '{{ zuul.project.src_dir }}' +diff --git a/playbooks/unit-test.yaml b/playbooks/unit-test.yaml +index 9be98e7bd86a..2212521c5b9e 100644 +--- a/playbooks/unit-test.yaml ++++ b/playbooks/unit-test.yaml +@@ -1,27 +1,6 @@ + --- + - hosts: all + tasks: +- - name: Install requirements +- become: yes +- package: +- name: +- - golang +- - golang-github-cpuguy83-md2man +- - ninja-build +- - meson +- - ShellCheck +- +- - name: Set up build directory +- command: meson builddir +- args: +- chdir: '{{ zuul.project.src_dir }}' +- +- - name: Build Toolbox +- command: ninja -C builddir +- args: +- chdir: '{{ zuul.project.src_dir }}' +- creates: builddir/src/toolbox +- + - name: Test + command: ninja -C builddir test + args: +-- +2.31.1 + + +From 69ffc888ca9d481f9f208179949c179d12078501 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= +Date: Fri, 22 Oct 2021 15:25:20 +0300 +Subject: [PATCH 4/5] playbooks: Fix CI for #897 + +PR #897 made adjustmnets to the Toolbx binary that it requires presence +of /run/host in both the host filesystem and the filesystem in +a container. + +The presence of the directory is assured by systemd-tmpfiles by +running it before the binary is started for the first time. For the run +to be effective 'data/tmpfiles.d/toolbox.conf' has to be installed in +a location visible to systemd-tmpfiles. Therefore, the call to +'systemd-tmpfiles --create' had to be placed after the install step. + +https://github.com/containers/toolbox/pull/898 +--- + playbooks/setup-env.yaml | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/playbooks/setup-env.yaml b/playbooks/setup-env.yaml +index 460ca9977a9e..2f858bcf722c 100644 +--- a/playbooks/setup-env.yaml ++++ b/playbooks/setup-env.yaml +@@ -26,14 +26,8 @@ + args: + chdir: '{{ zuul.project.src_dir }}' + +- - name: Setup environment +- become: yes +- command: +- cmd: systemd-tmpfiles --create +- creates: /run/media +- + - name: Check versions of crucial packages +- command: rpm -qa *kernel* *glibc* golang podman conmon containernetworking-plugins containers-common container-selinux crun runc fuse-overlayfs flatpak-session-helper ++ command: rpm -qa *kernel* *glibc* golang podman conmon containernetworking-plugins containers-common container-selinux crun runc fuse-overlayfs flatpak-session-helper patchelf + + - name: Show podman versions + command: podman version +@@ -58,3 +52,10 @@ + args: + chdir: '{{ zuul.project.src_dir }}' + creates: /usr/local/bin/toolbox ++ ++ - name: Setup environment ++ become: yes ++ command: ++ cmd: systemd-tmpfiles --create ++ creates: /run/media ++ creates: /run/host +-- +2.31.1 + + +From 5429d5e099af96f7af1f9be58ba354fe332b59e9 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 25 Oct 2021 02:55:09 +0200 +Subject: [PATCH 5/5] build: Restore backwards compatibility with existing + containers + +The path of the dynamic linker (ie., PT_INTERP), as specified in an +architecture's ABI, often starts with /lib or /lib64, not /usr/lib or +/usr/lib64. eg., it's /lib/ld-linux-aarch64.so.1 for aarch64 and +/lib64/ld-linux-x86-64.so.2 for x86_64. + +Unfortunately, until very recently [1], only the host's /usr was +present inside a toolbox container's /run/host, not /lib or /lib64. +Therefore, simply prepending /run/host to the /usr/bin/toolbox +binary's existing PT_INTERP entry wouldn't locate the host's dynamic +linker inside the toolbox container. This broke backwards compatibility +with every container out there, except the ones created with the +current development version in Git. + +To restore backwards compatibility, the /lib and /lib64 symbolic links +must be resolved to their respective locations inside /usr. + +The following caveats must be noted: + + * With glibc, even the basename of the path of the dynamic linker as + specified in an architecture's ABI, is a symbolic link to a file + named ld-.so. However, this file can't be used as + the PT_INTERP entry, because its name will change when glibc is + updated and the PT_INTERP entry will become invalid until the + /usr/bin/toolbox binary is rebuilt. + + * On Debian, a path like /lib64/ld-linux-x86-64.so.2 doesn't resolve + to something inside /usr/lib64. Instead it ends up inside + /usr/lib/x86_64-linux-gnu through a series of symbolic links: + - /lib64 -> usr/lib64 + - /usr/lib64/ld-linux-x86-64.so.2 + -> /lib/x86_64-linux-gnu/ld-2.28.so + - /lib -> usr/lib + + * It's assumed that a symbolic link with the basename specified in + the ABI lives in the same directory as the actual dynamic linker + binary named ld-.so. + +Fallout from 6063eb27b98939942e316771224c5653a9b2e59b + +[1] Commit d03a5fee80f2f72d + https://github.com/containers/toolbox/pull/827 + +https://github.com/containers/toolbox/issues/821 +--- + src/go-build-wrapper | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index 677dca94bd5a..24eac674c9ac 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -34,8 +34,25 @@ if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then + exit 1 + fi + +-if ! patchelf --set-interpreter "/run/host$interpreter" "$2/toolbox"; then +- echo "go-build-wrapper: failed to change PT_INTERP of $2/toolbox to /run/host$interpreter" >&2 ++if ! interpreter_canonical=$(readlink --canonicalize "$interpreter"); then ++ echo "go-build-wrapper: failed to canonicalize PT_INTERP" >&2 ++ exit 1 ++fi ++ ++if ! interpreter_basename=$(basename "$interpreter"); then ++ echo "go-build-wrapper: failed to read the basename of PT_INTERP" >&2 ++ exit 1 ++fi ++ ++if ! interpreter_canonical_dirname=$(dirname "$interpreter_canonical"); then ++ echo "go-build-wrapper: failed to read the dirname of the canonicalized PT_INTERP" >&2 ++ exit 1 ++fi ++ ++interpreter="/run/host$interpreter_canonical_dirname/$interpreter_basename" ++ ++if ! patchelf --set-interpreter "$interpreter" "$2/toolbox"; then ++ echo "go-build-wrapper: failed to change PT_INTERP of $2/toolbox to $interpreter" >&2 + exit 1 + fi + +-- +2.31.1 + diff --git a/toolbox.spec b/toolbox.spec index 4aac6d1..c4f7f4b 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.2^3.git075b9a8d2779 %global goipath github.com/containers/%{name} %gometa -Release: 8%{?dist} +Release: 9%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -193,6 +193,9 @@ ln -s src/pkg pkg %changelog +* Mon Oct 25 2021 Debarshi Ray - 0.0.99.2^3.git075b9a8d2779-9 +- Restore backwards compatibility with existing containers + * Fri Oct 22 2021 Debarshi Ray - 0.0.99.2^3.git075b9a8d2779-8 - Ensure that binaries are run against their build-time ABI From 08f687ebe2136806a06207e75fbec2ad0656092f Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 04:46:24 +0100 Subject: [PATCH 043/145] Update to 0.0.99.3 --- .gitignore | 1 + sources | 2 +- ...are-run-against-their-build-time-ABI.patch | 537 ------------------ ...ags-match-Fedora-s-gobuild-for-PPC64.patch | 41 +- ...e-build-flags-match-Fedora-s-gobuild.patch | 42 +- toolbox.spec | 18 +- 6 files changed, 72 insertions(+), 569 deletions(-) delete mode 100644 toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch diff --git a/.gitignore b/.gitignore index 03742d2..66d6df6 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ /toolbox-0.0.99.2^1.git9820550c82bb.tar.xz /toolbox-0.0.99.2^2.git40fbd377ed0b.tar.xz /toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz +/toolbox-0.0.99.3.tar.xz diff --git a/sources b/sources index 529eaaf..64d6d65 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz) = e9ebb306fa3fe72dede4d08e1428dbfde12fe44274b4ea7cd356cba28a90daff728c4182f13e20f8a05603aeefb4cf484611805dac2776ab38c37764e6069c5d +SHA512 (toolbox-0.0.99.3.tar.xz) = d9e4bd1cc7667b6ecdcf25a2c3ad7d7d67cc997168a41e668c936d2de24db774331a78a1b4a06b63e7cef8e0dc4ac5651591b6d9cec0d8e81be2b2dd64854dca diff --git a/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch b/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch deleted file mode 100644 index 21892d0..0000000 --- a/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch +++ /dev/null @@ -1,537 +0,0 @@ -From 452dc797f7ef12235e4ede83735f5d554f54b012 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 21 Oct 2021 18:59:45 +0200 -Subject: [PATCH 1/5] tmpfiles.d: Style fix - -The subsequent commit will add an entry to create a /run/host symbolic -link on the host that points to /, and it will require explicitly -skipping some of the columns. Doing the same for the existing entry -will make the file more readable. - -https://github.com/containers/toolbox/issues/821 ---- - data/tmpfiles.d/toolbox.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/data/tmpfiles.d/toolbox.conf b/data/tmpfiles.d/toolbox.conf -index f22b64a0f97c..bdffe7c09639 100644 ---- a/data/tmpfiles.d/toolbox.conf -+++ b/data/tmpfiles.d/toolbox.conf -@@ -1 +1 @@ --d /run/media 0755 root root -+d /run/media 0755 root root - - --- -2.31.1 - - -From 6063eb27b98939942e316771224c5653a9b2e59b Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 21 Oct 2021 20:22:11 +0200 -Subject: [PATCH 2/5] build: Ensure that binaries are run against their - build-time ABI - -The /usr/bin/toolbox binary is not only used to interact with toolbox -containers and images from the host. It's also used as the entry point -of the containers by bind mounting the binary from the host into the -container. This means that the /usr/bin/toolbox binary on the host must -also work inside the container, even if they have different operating -systems. - -In the past, this worked perfectly well with the POSIX shell -implementation because it got intepreted by whichever /bin/sh was -available. However, the Go implementation, can run into ABI -compatibility issues because binaries built on newer toolchains aren't -meant to be run against older runtimes. - -The previous approach [1] of restricting the versions of the glibc -symbols that are linked against isn't actually supported by glibc, and -breaks if the early process start-up code changes. This is seen in -glibc-2.34, which is used by Fedora 35 onwards, where a new version of -the __libc_start_main symbol [2] was added as part of some security -hardening: - $ objdump -T ./usr/bin/toolbox | grep GLIBC_2.34 - 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 - __libc_start_main - 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 - pthread_detach - 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 - pthread_create - 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 - pthread_attr_getstacksize - -This means that /usr/bin/toolbox binaries built against glibc-2.34 on -newer Fedoras fail to run against older glibcs in older Fedoras. - -Another option is to make the host's runtime available inside the -toolbox container and ensure that the binary always runs against it. - -Luckily, almost all supported containers have the host's /usr available -at /run/host/usr. This is exploited by embedding RPATHs or RUNPATHs to -/run/host/usr/lib and /run/host/usr/lib64 in the binary, and changing -the path of the dynamic linker (ie., PT_INTERP) to the one inside -/run/host. - -Unfortunately, there can only be one PT_INTERP entry inside the -binary, so there must be a /run/host on the host too. Therefore, a -/run/host symbolic link is created on the host that points to the -host's /. - -Based on ideas from Alexander Larsson and Ray Strode. - -[1] Commit 6ad9c631806961f3 - https://github.com/containers/toolbox/pull/534 - -[2] glibc commit 035c012e32c11e84 - https://sourceware.org/git/?p=glibc.git;a=commit;h=035c012e32c11e84 - https://sourceware.org/bugzilla/show_bug.cgi?id=23323 - -https://github.com/containers/toolbox/issues/821 ---- - data/tmpfiles.d/toolbox.conf | 1 + - meson.build | 8 ++---- - playbooks/setup-env.yaml | 1 + - src/go-build-wrapper | 17 ++++++++++--- - src/libc-wrappers/libc-wrappers.c | 42 ------------------------------- - src/libc-wrappers/meson.build | 8 ------ - src/meson.build | 4 --- - 7 files changed, 18 insertions(+), 63 deletions(-) - delete mode 100644 src/libc-wrappers/libc-wrappers.c - delete mode 100644 src/libc-wrappers/meson.build - -diff --git a/data/tmpfiles.d/toolbox.conf b/data/tmpfiles.d/toolbox.conf -index bdffe7c09639..0ddb1f08830d 100644 ---- a/data/tmpfiles.d/toolbox.conf -+++ b/data/tmpfiles.d/toolbox.conf -@@ -1 +1,2 @@ - d /run/media 0755 root root - - -+L /run/host - - - - ../ -diff --git a/meson.build b/meson.build -index b580c10fe7d8..ae228ee287d5 100644 ---- a/meson.build -+++ b/meson.build -@@ -1,17 +1,13 @@ - project( - 'toolbox', -- 'c', - version: '0.0.99.2', - license: 'ASL 2.0', -- meson_version: '>= 0.42.0', -+ meson_version: '>= 0.53.0', - ) - --cc = meson.get_compiler('c') --add_project_arguments('-pthread', language: 'c') --add_project_link_arguments('-pthread', language: 'c') -- - go = find_program('go') - go_md2man = find_program('go-md2man') -+patchelf = find_program('patchelf') - shellcheck = find_program('shellcheck', required: false) - skopeo = find_program('skopeo', required: false) - -diff --git a/playbooks/setup-env.yaml b/playbooks/setup-env.yaml -index 5644f1ab01b4..7ac9b46ee3ad 100644 ---- a/playbooks/setup-env.yaml -+++ b/playbooks/setup-env.yaml -@@ -13,6 +13,7 @@ - - golang-github-cpuguy83-md2man - - meson - - ninja-build -+ - patchelf - - podman - - skopeo - - systemd -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 0d27120da052..677dca94bd5a 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -16,9 +16,9 @@ - # - - --if [ "$#" -ne 4 ]; then -+if [ "$#" -ne 3 ]; then - echo "go-build-wrapper: wrong arguments" >&2 -- echo "Usage: go-build-wrapper [SOURCE DIR] [OUTPUT DIR] [VERSION] [libc-wrappers.a]" >&2 -+ echo "Usage: go-build-wrapper [SOURCE DIR] [OUTPUT DIR] [VERSION]" >&2 - exit 1 - fi - -@@ -27,5 +27,16 @@ if ! cd "$1"; then - exit 1 - fi - --go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" -+go build -trimpath -ldflags "-extldflags '-Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" -+ -+if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then -+ echo "go-build-wrapper: failed to read PT_INTERP from $2/toolbox" >&2 -+ exit 1 -+fi -+ -+if ! patchelf --set-interpreter "/run/host$interpreter" "$2/toolbox"; then -+ echo "go-build-wrapper: failed to change PT_INTERP of $2/toolbox to /run/host$interpreter" >&2 -+ exit 1 -+fi -+ - exit "$?" -diff --git a/src/libc-wrappers/libc-wrappers.c b/src/libc-wrappers/libc-wrappers.c -deleted file mode 100644 -index 7b402bc2fe78..000000000000 ---- a/src/libc-wrappers/libc-wrappers.c -+++ /dev/null -@@ -1,42 +0,0 @@ --/* -- * Copyright © 2020 – 2021 Red Hat Inc. -- * -- * Licensed under the Apache License, Version 2.0 (the "License"); -- * you may not use this file except in compliance with the License. -- * You may obtain a copy of the License at -- * -- * http://www.apache.org/licenses/LICENSE-2.0 -- * -- * Unless required by applicable law or agreed to in writing, software -- * distributed under the License is distributed on an "AS IS" BASIS, -- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- * See the License for the specific language governing permissions and -- * limitations under the License. -- */ -- -- --#include -- -- --#if defined __aarch64__ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.17"); --#elif defined __arm__ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.4"); --#elif defined __i386__ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.0"); --#elif defined __powerpc64__ && _CALL_ELF == 2 /* ppc64le */ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.17"); --#elif defined __s390x__ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.2"); --#elif defined __x86_64__ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.2.5"); --#else --#error "Please specify symbol version for pthread_sigmask" --#endif -- -- --int --__wrap_pthread_sigmask (int how, const sigset_t *set, sigset_t *oldset) --{ -- return pthread_sigmask (how, set, oldset); --} -diff --git a/src/libc-wrappers/meson.build b/src/libc-wrappers/meson.build -deleted file mode 100644 -index 3984ce449c57..000000000000 ---- a/src/libc-wrappers/meson.build -+++ /dev/null -@@ -1,8 +0,0 @@ --sources = files( -- 'libc-wrappers.c', --) -- --libc_wrappers = static_library( -- 'c-wrappers', -- sources, --) -diff --git a/src/meson.build b/src/meson.build -index f76606da3271..759db1f1e900 100644 ---- a/src/meson.build -+++ b/src/meson.build -@@ -1,5 +1,3 @@ --subdir('libc-wrappers') -- - go_build_wrapper_file = files('go-build-wrapper') - go_build_wrapper_program = find_program('go-build-wrapper') - -@@ -28,9 +26,7 @@ custom_target( - meson.current_source_dir(), - meson.current_build_dir(), - meson.project_version(), -- libc_wrappers.full_path(), - ], -- depends: libc_wrappers, - input: sources, - install: true, - install_dir: get_option('bindir'), --- -2.31.1 - - -From c33075f3e1c0bad9883caa8d8f7c8ca3d947d2ea Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= -Date: Fri, 22 Oct 2021 15:21:41 +0300 -Subject: [PATCH 3/5] playbooks: Unify test setup for system & unit tests - -There is no significant benefit in keeping this configuration separated. -Now the to-be installed packages are tracked in a single place and the -test playbooks only call the relevant tests. - -This was pointed out by in 6063eb27b98939942e316771224c5653a9b2e59b - -https://github.com/containers/toolbox/pull/898 ---- - .zuul.yaml | 1 + - playbooks/setup-env.yaml | 18 ++++++++++++++++++ - playbooks/system-test.yaml | 24 +----------------------- - playbooks/unit-test.yaml | 21 --------------------- - 4 files changed, 20 insertions(+), 44 deletions(-) - -diff --git a/.zuul.yaml b/.zuul.yaml -index 1ec2f59738eb..1543b8a04b51 100644 ---- a/.zuul.yaml -+++ b/.zuul.yaml -@@ -7,6 +7,7 @@ - nodes: - - name: ci-node-33 - label: cloud-fedora-33-small -+ pre-run: playbooks/setup-env.yaml - run: playbooks/unit-test.yaml - - - job: -diff --git a/playbooks/setup-env.yaml b/playbooks/setup-env.yaml -index 7ac9b46ee3ad..460ca9977a9e 100644 ---- a/playbooks/setup-env.yaml -+++ b/playbooks/setup-env.yaml -@@ -40,3 +40,21 @@ - - - name: Show podman debug information - command: podman info --debug -+ -+ - name: Set up build directory -+ command: meson builddir -+ args: -+ chdir: '{{ zuul.project.src_dir }}' -+ -+ - name: Build Toolbox -+ command: ninja -C builddir -+ args: -+ chdir: '{{ zuul.project.src_dir }}' -+ creates: builddir/src/toolbox -+ -+ - name: Install Toolbox -+ become: yes -+ command: ninja -C builddir install -+ args: -+ chdir: '{{ zuul.project.src_dir }}' -+ creates: /usr/local/bin/toolbox -diff --git a/playbooks/system-test.yaml b/playbooks/system-test.yaml -index c2eff3f0d77a..0249548acc5d 100644 ---- a/playbooks/system-test.yaml -+++ b/playbooks/system-test.yaml -@@ -1,32 +1,10 @@ - --- - - hosts: all -- -- vars: -- toolbox_bin: '/usr/local/bin/toolbox' -- - tasks: -- - name: Set up build directory -- command: meson builddir -- args: -- chdir: '{{ zuul.project.src_dir }}' -- -- - name: Build Toolbox -- command: ninja -C builddir -- args: -- chdir: '{{ zuul.project.src_dir }}' -- creates: builddir/src/toolbox -- -- - name: Install Toolbox -- become: yes -- command: ninja -C builddir install -- args: -- chdir: '{{ zuul.project.src_dir }}' -- creates: '{{ toolbox_bin }}' -- - - name: Run system tests - command: bats --timing ./test/system - environment: - PODMAN: '/usr/bin/podman' -- TOOLBOX: '{{ toolbox_bin }}' -+ TOOLBOX: '/usr/local/bin/toolbox' - args: - chdir: '{{ zuul.project.src_dir }}' -diff --git a/playbooks/unit-test.yaml b/playbooks/unit-test.yaml -index 9be98e7bd86a..2212521c5b9e 100644 ---- a/playbooks/unit-test.yaml -+++ b/playbooks/unit-test.yaml -@@ -1,27 +1,6 @@ - --- - - hosts: all - tasks: -- - name: Install requirements -- become: yes -- package: -- name: -- - golang -- - golang-github-cpuguy83-md2man -- - ninja-build -- - meson -- - ShellCheck -- -- - name: Set up build directory -- command: meson builddir -- args: -- chdir: '{{ zuul.project.src_dir }}' -- -- - name: Build Toolbox -- command: ninja -C builddir -- args: -- chdir: '{{ zuul.project.src_dir }}' -- creates: builddir/src/toolbox -- - - name: Test - command: ninja -C builddir test - args: --- -2.31.1 - - -From 69ffc888ca9d481f9f208179949c179d12078501 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= -Date: Fri, 22 Oct 2021 15:25:20 +0300 -Subject: [PATCH 4/5] playbooks: Fix CI for #897 - -PR #897 made adjustmnets to the Toolbx binary that it requires presence -of /run/host in both the host filesystem and the filesystem in -a container. - -The presence of the directory is assured by systemd-tmpfiles by -running it before the binary is started for the first time. For the run -to be effective 'data/tmpfiles.d/toolbox.conf' has to be installed in -a location visible to systemd-tmpfiles. Therefore, the call to -'systemd-tmpfiles --create' had to be placed after the install step. - -https://github.com/containers/toolbox/pull/898 ---- - playbooks/setup-env.yaml | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/playbooks/setup-env.yaml b/playbooks/setup-env.yaml -index 460ca9977a9e..2f858bcf722c 100644 ---- a/playbooks/setup-env.yaml -+++ b/playbooks/setup-env.yaml -@@ -26,14 +26,8 @@ - args: - chdir: '{{ zuul.project.src_dir }}' - -- - name: Setup environment -- become: yes -- command: -- cmd: systemd-tmpfiles --create -- creates: /run/media -- - - name: Check versions of crucial packages -- command: rpm -qa *kernel* *glibc* golang podman conmon containernetworking-plugins containers-common container-selinux crun runc fuse-overlayfs flatpak-session-helper -+ command: rpm -qa *kernel* *glibc* golang podman conmon containernetworking-plugins containers-common container-selinux crun runc fuse-overlayfs flatpak-session-helper patchelf - - - name: Show podman versions - command: podman version -@@ -58,3 +52,10 @@ - args: - chdir: '{{ zuul.project.src_dir }}' - creates: /usr/local/bin/toolbox -+ -+ - name: Setup environment -+ become: yes -+ command: -+ cmd: systemd-tmpfiles --create -+ creates: /run/media -+ creates: /run/host --- -2.31.1 - - -From 5429d5e099af96f7af1f9be58ba354fe332b59e9 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 25 Oct 2021 02:55:09 +0200 -Subject: [PATCH 5/5] build: Restore backwards compatibility with existing - containers - -The path of the dynamic linker (ie., PT_INTERP), as specified in an -architecture's ABI, often starts with /lib or /lib64, not /usr/lib or -/usr/lib64. eg., it's /lib/ld-linux-aarch64.so.1 for aarch64 and -/lib64/ld-linux-x86-64.so.2 for x86_64. - -Unfortunately, until very recently [1], only the host's /usr was -present inside a toolbox container's /run/host, not /lib or /lib64. -Therefore, simply prepending /run/host to the /usr/bin/toolbox -binary's existing PT_INTERP entry wouldn't locate the host's dynamic -linker inside the toolbox container. This broke backwards compatibility -with every container out there, except the ones created with the -current development version in Git. - -To restore backwards compatibility, the /lib and /lib64 symbolic links -must be resolved to their respective locations inside /usr. - -The following caveats must be noted: - - * With glibc, even the basename of the path of the dynamic linker as - specified in an architecture's ABI, is a symbolic link to a file - named ld-.so. However, this file can't be used as - the PT_INTERP entry, because its name will change when glibc is - updated and the PT_INTERP entry will become invalid until the - /usr/bin/toolbox binary is rebuilt. - - * On Debian, a path like /lib64/ld-linux-x86-64.so.2 doesn't resolve - to something inside /usr/lib64. Instead it ends up inside - /usr/lib/x86_64-linux-gnu through a series of symbolic links: - - /lib64 -> usr/lib64 - - /usr/lib64/ld-linux-x86-64.so.2 - -> /lib/x86_64-linux-gnu/ld-2.28.so - - /lib -> usr/lib - - * It's assumed that a symbolic link with the basename specified in - the ABI lives in the same directory as the actual dynamic linker - binary named ld-.so. - -Fallout from 6063eb27b98939942e316771224c5653a9b2e59b - -[1] Commit d03a5fee80f2f72d - https://github.com/containers/toolbox/pull/827 - -https://github.com/containers/toolbox/issues/821 ---- - src/go-build-wrapper | 21 +++++++++++++++++++-- - 1 file changed, 19 insertions(+), 2 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 677dca94bd5a..24eac674c9ac 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -34,8 +34,25 @@ if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then - exit 1 - fi - --if ! patchelf --set-interpreter "/run/host$interpreter" "$2/toolbox"; then -- echo "go-build-wrapper: failed to change PT_INTERP of $2/toolbox to /run/host$interpreter" >&2 -+if ! interpreter_canonical=$(readlink --canonicalize "$interpreter"); then -+ echo "go-build-wrapper: failed to canonicalize PT_INTERP" >&2 -+ exit 1 -+fi -+ -+if ! interpreter_basename=$(basename "$interpreter"); then -+ echo "go-build-wrapper: failed to read the basename of PT_INTERP" >&2 -+ exit 1 -+fi -+ -+if ! interpreter_canonical_dirname=$(dirname "$interpreter_canonical"); then -+ echo "go-build-wrapper: failed to read the dirname of the canonicalized PT_INTERP" >&2 -+ exit 1 -+fi -+ -+interpreter="/run/host$interpreter_canonical_dirname/$interpreter_basename" -+ -+if ! patchelf --set-interpreter "$interpreter" "$2/toolbox"; then -+ echo "go-build-wrapper: failed to change PT_INTERP of $2/toolbox to $interpreter" >&2 - exit 1 - fi - --- -2.31.1 - diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch index d464eea..a1d92a5 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -1,4 +1,4 @@ -From df2d42ec5aee27f9f92ce7825d020425c2dac885 Mon Sep 17 00:00:00 2001 +From 32aa30a17358598f568991a5375f6182e4135648 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} for @@ -20,23 +20,44 @@ Note that these flags are only meant for the "ppc64" CPU architecture, and should be kept updated to match Fedora's Go guidelines. Use 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. --- - src/go-build-wrapper | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + src/go-build-wrapper | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 677dca94bd5a..e6e9caf1049e 100755 +index ef4aafc8b024..f8ea8370792c 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -27,7 +27,8 @@ if ! cd "$1"; then +@@ -32,9 +32,9 @@ if ! cd "$1"; then exit 1 fi --go build -trimpath -ldflags "-extldflags '-Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" -+unset LDFLAGS -+go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" + if $6; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi - if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then - echo "go-build-wrapper: failed to read PT_INTERP from $2/toolbox" >&2 + if ! libc_dir=$("$4" --print-file-name=libc.so); then +@@ -69,11 +69,16 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + ++unset LDFLAGS ++ + # shellcheck disable=SC2086 + go build \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/toolbox" + + exit "$?" -- 2.31.1 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch index 4aa1e11..2e4cbfd 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -1,4 +1,4 @@ -From 18cbc514c8b776c855a24cdcf8b326d592322d44 Mon Sep 17 00:00:00 2001 +From 6d913f1fbd6e609957bb01273504b2f479e1b546 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} @@ -19,23 +19,45 @@ Note that these flags are meant for every CPU architecture other than PPC64, and should be kept updated to match Fedora's Go guidelines. Use 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. --- - src/go-build-wrapper | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + src/go-build-wrapper | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 677dca94bd5a..581d5c82cf2f 100755 +index ef4aafc8b024..4354beceb215 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -27,7 +27,8 @@ if ! cd "$1"; then +@@ -32,9 +32,9 @@ if ! cd "$1"; then exit 1 fi --go build -trimpath -ldflags "-extldflags '-Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" -+unset LDFLAGS -+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" + if $6; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi - if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then - echo "go-build-wrapper: failed to read PT_INTERP from $2/toolbox" >&2 + if ! libc_dir=$("$4" --print-file-name=libc.so); then +@@ -69,11 +69,17 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + ++unset LDFLAGS ++ + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/toolbox" + + exit "$?" -- 2.31.1 diff --git a/toolbox.spec b/toolbox.spec index c4f7f4b..8f1a942 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,23 +1,18 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.0.99.2^3.git075b9a8d2779 +Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 9%{?dist} +Release: 1%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://github.com/containers/%{name} -# https://github.com/containers/%%{name}/releases/download/%%{version}/%%{name}-%%{version}.tar.xz -# Snapshot tarball -Source0: %{name}-%{version}.tar.xz - -# https://bugzilla.redhat.com/show_bug.cgi?id=1995439 -Patch0: toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch +Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz # Fedora specific Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch @@ -39,7 +34,6 @@ BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(golang.org/x/sys/unix) BuildRequires: meson -BuildRequires: patchelf BuildRequires: pkgconfig(bash-completion) BuildRequires: systemd @@ -61,6 +55,7 @@ Summary: Required packages for the container image to support %{name} # These are really required to make the image work with toolbox Requires: passwd Requires: shadow-utils +Requires: util-linux Requires: vte-profile %description support @@ -97,7 +92,6 @@ Requires: less Requires: lsof Requires: man-db Requires: man-pages -Requires: mlocate Requires: mtr Requires: nano-default-editor Requires: nss-mdns @@ -143,7 +137,6 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q -%patch0 -p1 %patch100 -p1 %ifnarch ppc64 @@ -193,6 +186,9 @@ ln -s src/pkg pkg %changelog +* Fri Dec 10 2021 Debarshi Ray - 0.0.99.3-1 +- Update to 0.0.99.3 + * Mon Oct 25 2021 Debarshi Ray - 0.0.99.2^3.git075b9a8d2779-9 - Restore backwards compatibility with existing containers From 88b0cbf08421d13b95fa8f5dafcda1e22e807896 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 05:09:40 +0100 Subject: [PATCH 044/145] Specify the minimum Meson version No need to issue a build just for this. --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 8f1a942..7ea784a 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -33,7 +33,7 @@ BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 # BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(golang.org/x/sys/unix) -BuildRequires: meson +BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) BuildRequires: systemd From deb9c1e8e6c3a8b6f386b3aebcad949dc5adb304 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 05:11:42 +0100 Subject: [PATCH 045/145] Update URL to point to the website No need to issue a build just for this. --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 7ea784a..c424828 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -10,7 +10,7 @@ Release: 1%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 -URL: https://github.com/containers/%{name} +URL: https://containertoolbx.org/ Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz From 74aab8523f64f2fb878e77e5775103a36f44892e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 09:54:30 +0100 Subject: [PATCH 046/145] Update to 0.0.99.3 ... and update the URL to point to the website. --- .gitignore | 1 + sources | 2 +- ...-use-Go-s-semantic-import-versioning.patch | 23 ++-- ...ags-match-Fedora-s-gobuild-for-PPC64.patch | 39 ++++-- ...e-build-flags-match-Fedora-s-gobuild.patch | 40 ++++-- toolbox-Test-fixes-for-gating.patch | 124 ------------------ toolbox.spec | 29 ++-- 7 files changed, 93 insertions(+), 165 deletions(-) delete mode 100644 toolbox-Test-fixes-for-gating.patch diff --git a/.gitignore b/.gitignore index 4dbf87b..0f660fe 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ /toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz /toolbox-0.0.99.2^4.git0bdfa53bb2ce.tar.xz /toolbox-0.0.99.2-vendored.tar.xz +/toolbox-0.0.99.3.tar.xz diff --git a/sources b/sources index 50b43ce..64d6d65 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2-vendored.tar.xz) = fcd081cc7d48253fd44fcb46314e471bd2aadd17fb5c5e1b5170da421f2e95226421948ef8661f28024432f5f6e1464d7780231044232da569e8f517ad62608d +SHA512 (toolbox-0.0.99.3.tar.xz) = d9e4bd1cc7667b6ecdcf25a2c3ad7d7d67cc997168a41e668c936d2de24db774331a78a1b4a06b63e7cef8e0dc4ac5651591b6d9cec0d8e81be2b2dd64854dca diff --git a/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch b/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch index a39257b..8cdae9c 100644 --- a/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch +++ b/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch @@ -1,12 +1,11 @@ -From 4039c49b0cd2111cd1c505b9a9aef25aeebb6a0e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Harry=20M=C3=ADchal?= -Date: Sat, 27 Jun 2020 16:17:56 +0200 +From 40fbd377ed0b94060ae5fb2a60289500b66486dc Mon Sep 17 00:00:00 2001 +From: Oliver Gutierrez +Date: Thu, 29 Jul 2021 14:12:41 +0100 Subject: [PATCH] Don't use Go's semantic import versioning Fedora doesn't support Go modules when building Go programs. This means that source code using semantic import versioning can't be built. -https://github.com/containers/toolbox/pull/484 --- src/cmd/create.go | 2 +- src/go.mod | 2 +- @@ -15,7 +14,7 @@ https://github.com/containers/toolbox/pull/484 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/cmd/create.go b/src/cmd/create.go -index 50938890b22f..29bc0f2c42f7 100644 +index 8b31365..502f691 100644 --- a/src/cmd/create.go +++ b/src/cmd/create.go @@ -28,7 +28,7 @@ import ( @@ -28,7 +27,7 @@ index 50938890b22f..29bc0f2c42f7 100644 "github.com/spf13/cobra" "golang.org/x/crypto/ssh/terminal" diff --git a/src/go.mod b/src/go.mod -index 219d3d578992..7e1a6807fd7e 100644 +index cce3e5a..eb7f70c 100644 --- a/src/go.mod +++ b/src/go.mod @@ -8,7 +8,7 @@ require ( @@ -41,10 +40,10 @@ index 219d3d578992..7e1a6807fd7e 100644 github.com/sirupsen/logrus v1.4.2 github.com/spf13/cobra v0.0.5 diff --git a/src/go.sum b/src/go.sum -index 5a03a6823698..d9ce63604fcf 100644 +index fbad155..737f058 100644 --- a/src/go.sum +++ b/src/go.sum -@@ -18,8 +18,8 @@ github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= +@@ -20,8 +20,8 @@ github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -52,11 +51,11 @@ index 5a03a6823698..d9ce63604fcf 100644 -github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus v4.1.0+incompatible h1:WqqLRTsQic3apZUK9qC5sGNfXthmPXzUZ7nQPrNITa4= +github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= + github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= - github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go -index 5455298cbce4..3f7fc26147fc 100644 +index ae7c596..4d1556a 100644 --- a/src/pkg/utils/utils.go +++ b/src/pkg/utils/utils.go @@ -33,7 +33,7 @@ import ( @@ -66,8 +65,8 @@ index 5455298cbce4..3f7fc26147fc 100644 - "github.com/godbus/dbus/v5" + "github.com/godbus/dbus" "github.com/sirupsen/logrus" + "github.com/spf13/viper" "golang.org/x/sys/unix" - ) -- -2.25.4 +2.31.1 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch index 43df0c9..a1d92a5 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -1,4 +1,4 @@ -From e9bfc40bbbf7af1a20819b6840441cbe52a7d1b7 Mon Sep 17 00:00:00 2001 +From 32aa30a17358598f568991a5375f6182e4135648 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} for @@ -20,21 +20,44 @@ Note that these flags are only meant for the "ppc64" CPU architecture, and should be kept updated to match Fedora's Go guidelines. Use 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. --- - src/go-build-wrapper | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + src/go-build-wrapper | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 515e1d8a0670..8baaff53b329 100755 +index ef4aafc8b024..f8ea8370792c 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -27,5 +27,6 @@ if ! cd "$1"; then +@@ -32,9 +32,9 @@ if ! cd "$1"; then exit 1 fi --go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" + if $6; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$4" --print-file-name=libc.so); then +@@ -69,11 +69,16 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + +unset LDFLAGS -+go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" ++ + # shellcheck disable=SC2086 + go build \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/toolbox" + exit "$?" -- -2.29.2 +2.31.1 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch index 16c844d..2e4cbfd 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -1,4 +1,4 @@ -From d204528ce3b3c70727c12e1911d1c5562b56d474 Mon Sep 17 00:00:00 2001 +From 6d913f1fbd6e609957bb01273504b2f479e1b546 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} @@ -19,21 +19,45 @@ Note that these flags are meant for every CPU architecture other than PPC64, and should be kept updated to match Fedora's Go guidelines. Use 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. --- - src/go-build-wrapper | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + src/go-build-wrapper | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 515e1d8a0670..013a35e52a1a 100755 +index ef4aafc8b024..4354beceb215 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -27,5 +27,6 @@ if ! cd "$1"; then +@@ -32,9 +32,9 @@ if ! cd "$1"; then exit 1 fi --go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" + if $6; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$4" --print-file-name=libc.so); then +@@ -69,11 +69,17 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + +unset LDFLAGS -+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" ++ + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/toolbox" + exit "$?" -- -2.29.2 +2.31.1 diff --git a/toolbox-Test-fixes-for-gating.patch b/toolbox-Test-fixes-for-gating.patch deleted file mode 100644 index 160c1ee..0000000 --- a/toolbox-Test-fixes-for-gating.patch +++ /dev/null @@ -1,124 +0,0 @@ -From a0ff01b52ffc8980cba501149a4e3606481cbefb Mon Sep 17 00:00:00 2001 -From: Oliver Gutierrez -Date: Thu, 2 Sep 2021 13:41:14 +0100 -Subject: [PATCH] Fixes in tests for fedora gating - - -diff --git a/test/system/002-help.bats b/test/system/002-help.bats -index 8a057dd..bf863ef 100644 ---- a/test/system/002-help.bats -+++ b/test/system/002-help.bats -@@ -4,6 +4,10 @@ load 'libs/bats-support/load' - load 'libs/bats-assert/load' - load 'libs/helpers.bash' - -+setup() { -+ check_xdg_runtime_dir -+} -+ - @test "help: Try to run toolbox with no command (shows usage screen)" { - run $TOOLBOX - -diff --git a/test/system/101-create.bats b/test/system/101-create.bats -index dfb4d89..63d4fcb 100644 ---- a/test/system/101-create.bats -+++ b/test/system/101-create.bats -@@ -5,6 +5,7 @@ load 'libs/bats-assert/load' - load 'libs/helpers' - - setup() { -+ check_xdg_runtime_dir - cleanup_containers - } - -diff --git a/test/system/102-list.bats b/test/system/102-list.bats -index ea74645..42000c7 100644 ---- a/test/system/102-list.bats -+++ b/test/system/102-list.bats -@@ -5,6 +5,7 @@ load 'libs/bats-assert/load' - load 'libs/helpers' - - setup() { -+ check_xdg_runtime_dir - cleanup_all - } - -@@ -89,9 +90,9 @@ teardown() { - run $PODMAN build "$BATS_TMPDIR" - - assert_success -- assert_line --index 0 "STEP 1: FROM scratch" -- assert_line --index 1 "STEP 2: LABEL com.github.containers.toolbox=\"true\"" -- assert_line --index 2 "STEP 3: COMMIT" -+ assert_line --index 0 "STEP 1/2: FROM scratch" -+ assert_line --index 1 "STEP 2/2: LABEL com.github.containers.toolbox=\"true\"" -+ assert_line --index 2 "COMMIT" - assert_line --index 3 --regexp "^--> [a-z0-9]*$" - - run $TOOLBOX list -diff --git a/test/system/103-run.bats b/test/system/103-run.bats -index 8b58e42..6fc840e 100644 ---- a/test/system/103-run.bats -+++ b/test/system/103-run.bats -@@ -10,7 +10,7 @@ load 'libs/helpers' - readonly CURDIR=$PWD - - setup() { -- cd "$HOME" || return 1 -+ check_xdg_runtime_dir - cleanup_containers - } - -diff --git a/test/system/104-rm.bats b/test/system/104-rm.bats -index 9f1435b..68e3c03 100644 ---- a/test/system/104-rm.bats -+++ b/test/system/104-rm.bats -@@ -5,6 +5,7 @@ load 'libs/bats-assert/load' - load 'libs/helpers' - - setup() { -+ check_xdg_runtime_dir - cleanup_containers - } - -diff --git a/test/system/105-rmi.bats b/test/system/105-rmi.bats -index 0ef0ebe..b48f802 100644 ---- a/test/system/105-rmi.bats -+++ b/test/system/105-rmi.bats -@@ -5,6 +5,7 @@ load 'libs/bats-assert/load' - load 'libs/helpers' - - setup() { -+ check_xdg_runtime_dir - cleanup_all - } - -diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash -index d59d661..5d48957 100644 ---- a/test/system/libs/helpers.bash -+++ b/test/system/libs/helpers.bash -@@ -8,8 +8,7 @@ readonly TOOLBOX=${TOOLBOX:-toolbox} - readonly SKOPEO=$(command -v skopeo) - - # Helpful globals --readonly PROJECT_DIR=${PWD} --readonly IMAGE_CACHE_DIR="${PROJECT_DIR}/image-cache" -+readonly IMAGE_CACHE_DIR="${BATS_RUN_TMPDIR}/image-cache" - - # Images - declare -Ag IMAGES=([busybox]="docker.io/library/busybox" \ -@@ -271,3 +270,11 @@ function get_system_version() { - - echo $(awk -F= '/VERSION_ID/ {print $2}' $os_release | head -n 1) - } -+ -+ -+# Setup the XDG_RUNTIME_DIR variable if not set -+function check_xdg_runtime_dir() { -+ if [[ -z "${XDG_RUNTIME_DIR}" ]]; then -+ export XDG_RUNTIME_DIR="/run/user/${UID}" -+ fi -+} --- -2.31.1 - diff --git a/toolbox.spec b/toolbox.spec index 24827ca..1c4f29c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,24 +1,22 @@ +%global __brp_check_rpaths %{nil} + Name: toolbox -Version: 0.0.99.2 +Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 7%{?dist} +Release: 1%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 -URL: https://github.com/containers/%{name} -# Source0: https://github.com/containers/%%{name}/releases/download/%%{version}/%%{name}-%%{version}.tar.xz - -# Sources were vendored to include needed bats modules for gating tests -Source0: %{name}-%{version}-vendored.tar.xz +URL: https://containertoolbx.org/ +Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz # Fedora specific Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch -Patch103: toolbox-Test-fixes-for-gating.patch BuildRequires: ShellCheck BuildRequires: golang >= 1.13 @@ -34,10 +32,11 @@ BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 # BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(golang.org/x/sys/unix) -BuildRequires: meson +BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) BuildRequires: systemd +Requires: containers-common Requires: flatpak-session-helper Requires: podman >= 1.4.0 @@ -55,6 +54,7 @@ Summary: Required packages for the container image to support %{name} # These are really required to make the image work with toolbox Requires: passwd Requires: shadow-utils +Requires: util-linux Requires: vte-profile %description support @@ -91,7 +91,6 @@ Requires: less Requires: lsof Requires: man-db Requires: man-pages -Requires: mlocate Requires: mtr Requires: nano-default-editor Requires: nss-mdns @@ -126,6 +125,9 @@ Summary: Tests for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} Requires: bats +Requires: coreutils +Requires: gawk +Requires: grep Requires: skopeo %description tests @@ -142,8 +144,6 @@ The %{name}-tests package contains system tests for %{name}. %patch102 -p1 %endif -%patch103 -p1 - %gomkdir @@ -172,6 +172,7 @@ ln -s src/pkg pkg %{_datadir}/bash-completion %{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{name}-*.1* +%config(noreplace) %{_sysconfdir}/containers/%{name}.conf %{_sysconfdir}/profile.d/%{name}.sh %{_tmpfilesdir}/%{name}.conf @@ -184,6 +185,10 @@ ln -s src/pkg pkg %changelog +* Fri Dec 10 2021 Debarshi Ray - 0.0.99.3-1 +- Update to 0.0.99.3 +- Update the URL to point to the website + * Thu Sep 02 2021 Oliver Gutiérrez - 0.0.99.2-7 - Updated vendored sources From ca91d5a3eb72943b5f648ad37daabd16bc908218 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 10:04:59 +0100 Subject: [PATCH 047/145] Style fix No need to issue a build just for this. --- toolbox.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index c424828..e3cf130 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -11,7 +11,6 @@ Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://containertoolbx.org/ - Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz # Fedora specific From 9bebde5bb60f36e38324c1e230e457c495d2d864 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 11:15:00 +0100 Subject: [PATCH 048/145] BuildRequire only systemd-rpm-macros ... as recommended by the Fedora packaging guidelines: https://docs.fedoraproject.org/en-US/packaging-guidelines/Tmpfiles.d/ https://pagure.io/packaging-committee/issue/824 --- toolbox.spec | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index e3cf130..055ae3c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -34,7 +34,7 @@ BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(golang.org/x/sys/unix) BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) -BuildRequires: systemd +BuildRequires: systemd-rpm-macros Requires: containers-common Requires: flatpak-session-helper @@ -153,7 +153,7 @@ export GOPATH=%{gobuilddir}:%{gopath} export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" ln -s src/cmd cmd ln -s src/pkg pkg -%meson --buildtype=plain -Dprofile_dir=%{_sysconfdir}/profile.d +%meson --buildtype=plain -Dprofile_dir=%{_sysconfdir}/profile.d -Dtmpfiles_dir=%{_tmpfilesdir} %meson_build @@ -185,6 +185,10 @@ ln -s src/pkg pkg %changelog +* Fri Dec 10 2021 Debarshi Ray - 0.0.99.3-2 +- BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging + guidelines + * Fri Dec 10 2021 Debarshi Ray - 0.0.99.3-1 - Update to 0.0.99.3 From 1839cc68e1a02e891f3c92c36ad2fc38975c6eae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= Date: Sun, 9 Jan 2022 20:36:32 +0200 Subject: [PATCH 049/145] Add upstream patch fixing doubled error messages --- ...ound-Cobra-1.1.2-s-handling-of-usage.patch | 95 +++++++++++++++++++ toolbox.spec | 8 +- 2 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch diff --git a/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch b/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch new file mode 100644 index 0000000..a618021 --- /dev/null +++ b/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch @@ -0,0 +1,95 @@ +From e598e2160323b63310ad7b6def723eb1f8767f90 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= +Date: Thu, 11 Nov 2021 18:18:52 +0200 +Subject: [PATCH 02/13] cmd/root: Work around Cobra 1.1.2's handling of usage + functions + +In version 1.1.2 of Cobra has been included a change[0] that changes +how custom usage functions are handled. + +Example of the wrong behaviour: +$ toolbox --foo +Error: unknown flag: --foo +Run 'toolbox --help' for usage.Error: Run 'toolbox --help' for usage. + +Desired behaviour: +$ toolbox --foo +Error: unknown flag: --foo +Run 'toolbox --help' for usage. + +A workaround is to define a template string for the usage instead. The +template uses the templating language of Go[1]. See the default +template string in version 1.2.1[2]. + +Because the template is set only once, the executableBase needs to be +set before the template is applied. That required the move of +setUpGlobals() into init() of the cmd package. This is a better place +for the function call as init() is called earlier than Execute()[3]. + +Upstream issue: https://github.com/spf13/cobra/issues/1532 + +[0] https://github.com/spf13/cobra/pull/1044 +[1] https://pkg.go.dev/text/template +[2] https://github.com/spf13/cobra/blob/v1.2.1/command.go#L491 +[3] https://golang.org/doc/effective_go#init + +https://github.com/containers/toolbox/pull/917 +--- + src/cmd/root.go | 20 ++++++++------------ + 1 file changed, 8 insertions(+), 12 deletions(-) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index eb0622f..ad0753b 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -62,11 +62,6 @@ var ( + ) + + func Execute() { +- if err := setUpGlobals(); err != nil { +- fmt.Fprintf(os.Stderr, "Error: %s\n", err) +- os.Exit(1) +- } +- + if err := rootCmd.Execute(); err != nil { + os.Exit(1) + } +@@ -75,6 +70,11 @@ func Execute() { + } + + func init() { ++ if err := setUpGlobals(); err != nil { ++ fmt.Fprintf(os.Stderr, "Error: %s\n", err) ++ os.Exit(1) ++ } ++ + persistentFlags := rootCmd.PersistentFlags() + + persistentFlags.BoolVarP(&rootFlags.assumeYes, +@@ -96,7 +96,9 @@ func init() { + persistentFlags.CountVarP(&rootFlags.verbose, "verbose", "v", "Set log-level to 'debug'") + + rootCmd.SetHelpFunc(rootHelp) +- rootCmd.SetUsageFunc(rootUsage) ++ ++ usageTemplate := fmt.Sprintf("Run '%s --help' for usage.", executableBase) ++ rootCmd.SetUsageTemplate(usageTemplate) + } + + func preRun(cmd *cobra.Command, args []string) error { +@@ -188,12 +190,6 @@ func rootRun(cmd *cobra.Command, args []string) error { + return rootRunImpl(cmd, args) + } + +-func rootUsage(cmd *cobra.Command) error { +- err := fmt.Errorf("Run '%s --help' for usage.", executableBase) +- fmt.Fprintf(os.Stderr, "%s", err) +- return err +-} +- + func migrate() error { + logrus.Debug("Migrating to newer Podman") + +-- +2.34.1 + diff --git a/toolbox.spec b/toolbox.spec index 1c4f29c..11f71c3 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -17,6 +17,7 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +Patch103: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch BuildRequires: ShellCheck BuildRequires: golang >= 1.13 @@ -144,6 +145,8 @@ The %{name}-tests package contains system tests for %{name}. %patch102 -p1 %endif +%patch103 -p1 + %gomkdir @@ -185,6 +188,9 @@ ln -s src/pkg pkg %changelog +* Sun Jan 09 2022 Ondřej Míchal - 0.0.99.3-2 +- Add upstream patch fixing doubled error messages + * Fri Dec 10 2021 Debarshi Ray - 0.0.99.3-1 - Update to 0.0.99.3 - Update the URL to point to the website From 3a1aa2f6918f8aaef82ffd30296f49cb091da3e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= Date: Sun, 9 Jan 2022 20:36:32 +0200 Subject: [PATCH 050/145] Add upstream patch fixing doubled error messages --- ...ound-Cobra-1.1.2-s-handling-of-usage.patch | 95 +++++++++++++++++++ toolbox.spec | 8 +- 2 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch diff --git a/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch b/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch new file mode 100644 index 0000000..a618021 --- /dev/null +++ b/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch @@ -0,0 +1,95 @@ +From e598e2160323b63310ad7b6def723eb1f8767f90 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= +Date: Thu, 11 Nov 2021 18:18:52 +0200 +Subject: [PATCH 02/13] cmd/root: Work around Cobra 1.1.2's handling of usage + functions + +In version 1.1.2 of Cobra has been included a change[0] that changes +how custom usage functions are handled. + +Example of the wrong behaviour: +$ toolbox --foo +Error: unknown flag: --foo +Run 'toolbox --help' for usage.Error: Run 'toolbox --help' for usage. + +Desired behaviour: +$ toolbox --foo +Error: unknown flag: --foo +Run 'toolbox --help' for usage. + +A workaround is to define a template string for the usage instead. The +template uses the templating language of Go[1]. See the default +template string in version 1.2.1[2]. + +Because the template is set only once, the executableBase needs to be +set before the template is applied. That required the move of +setUpGlobals() into init() of the cmd package. This is a better place +for the function call as init() is called earlier than Execute()[3]. + +Upstream issue: https://github.com/spf13/cobra/issues/1532 + +[0] https://github.com/spf13/cobra/pull/1044 +[1] https://pkg.go.dev/text/template +[2] https://github.com/spf13/cobra/blob/v1.2.1/command.go#L491 +[3] https://golang.org/doc/effective_go#init + +https://github.com/containers/toolbox/pull/917 +--- + src/cmd/root.go | 20 ++++++++------------ + 1 file changed, 8 insertions(+), 12 deletions(-) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index eb0622f..ad0753b 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -62,11 +62,6 @@ var ( + ) + + func Execute() { +- if err := setUpGlobals(); err != nil { +- fmt.Fprintf(os.Stderr, "Error: %s\n", err) +- os.Exit(1) +- } +- + if err := rootCmd.Execute(); err != nil { + os.Exit(1) + } +@@ -75,6 +70,11 @@ func Execute() { + } + + func init() { ++ if err := setUpGlobals(); err != nil { ++ fmt.Fprintf(os.Stderr, "Error: %s\n", err) ++ os.Exit(1) ++ } ++ + persistentFlags := rootCmd.PersistentFlags() + + persistentFlags.BoolVarP(&rootFlags.assumeYes, +@@ -96,7 +96,9 @@ func init() { + persistentFlags.CountVarP(&rootFlags.verbose, "verbose", "v", "Set log-level to 'debug'") + + rootCmd.SetHelpFunc(rootHelp) +- rootCmd.SetUsageFunc(rootUsage) ++ ++ usageTemplate := fmt.Sprintf("Run '%s --help' for usage.", executableBase) ++ rootCmd.SetUsageTemplate(usageTemplate) + } + + func preRun(cmd *cobra.Command, args []string) error { +@@ -188,12 +190,6 @@ func rootRun(cmd *cobra.Command, args []string) error { + return rootRunImpl(cmd, args) + } + +-func rootUsage(cmd *cobra.Command) error { +- err := fmt.Errorf("Run '%s --help' for usage.", executableBase) +- fmt.Fprintf(os.Stderr, "%s", err) +- return err +-} +- + func migrate() error { + logrus.Debug("Migrating to newer Podman") + +-- +2.34.1 + diff --git a/toolbox.spec b/toolbox.spec index 055ae3c..71476ae 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 2%{?dist} +Release: 3%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -17,6 +17,7 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +Patch103: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch BuildRequires: ShellCheck BuildRequires: golang >= 1.13 @@ -144,6 +145,8 @@ The %{name}-tests package contains system tests for %{name}. %patch102 -p1 %endif +%patch103 -p1 + %gomkdir @@ -185,6 +188,9 @@ ln -s src/pkg pkg %changelog +* Sun Jan 09 2022 Ondřej Míchal - 0.0.99.3-3 +- Add upstream patch fixing doubled error messages + * Fri Dec 10 2021 Debarshi Ray - 0.0.99.3-2 - BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging guidelines From b130695e6f3b3942228d8cdd9bb2a4bbb2eeb411 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jan 2022 02:54:24 +0000 Subject: [PATCH 051/145] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 71476ae..c6147df 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 3%{?dist} +Release: 4%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -188,6 +188,9 @@ ln -s src/pkg pkg %changelog +* Sat Jan 22 2022 Fedora Release Engineering - 0.0.99.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Sun Jan 09 2022 Ondřej Míchal - 0.0.99.3-3 - Add upstream patch fixing doubled error messages From 0329ca33cccae7501fad9d19bdf1178d34b0369a Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 17 May 2022 18:18:33 +0200 Subject: [PATCH 052/145] Revert back to referring to go-md2man as go-md2man The 'go-md2man' virtual Provides was briefly lost after the golang-github-cpuguy83-go-md2man package was renamed to golang-github-cpuguy83-md2man. The virtual Provides has since been restored [1], and go-md2man is being used as a standalone binary tool, not as a Go package that's imported into Toolbx's source code. Hence, it makes sense to refer to the tool as go-md2man, and not by it's import path. This reverts commit 701836afcad6f0b08d8430e0914103d0871e4cdc. There's no need to do a build just for this. [1] golang-github-cpuguy83-md2man commit c085b15e5acd8d07 https://src.fedoraproject.org/rpms/golang-github-cpuguy83-md2man/c/c085b15e5acd8d07 --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index c6147df..851a239 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -20,8 +20,8 @@ Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.pat Patch103: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch BuildRequires: ShellCheck +BuildRequires: go-md2man BuildRequires: golang >= 1.13 -BuildRequires: golang-github-cpuguy83-md2man BuildRequires: golang(github.com/HarryMichal/go-version) BuildRequires: golang(github.com/acobaugh/osrelease) BuildRequires: golang(github.com/briandowns/spinner) >= 1.10.0 From da55cfac4e4cf4bff0ed2af0e423d5622e8fc022 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 17 May 2022 23:29:44 +0200 Subject: [PATCH 053/145] Add 'BuildRequires: golang(github.com/spf13/viper)' Earlier Viper was being pulled in by Cobra, and hence wasn't explicitly listed as a BuildRequires. However, Cobra 1.4.0 removed the Viper dependency [1], so it needs to be explicitly listed. There's no need to do a build just for this. [1] Cobra commit 5b2b9e9f61d36ccb https://github.com/spf13/cobra/issues/1597 --- toolbox.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/toolbox.spec b/toolbox.spec index 851a239..0c0fd9d 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -32,6 +32,7 @@ BuildRequires: golang(github.com/mattn/go-isatty) >= 0.0.12 BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 # BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 +BuildRequires: golang(github.com/spf13/viper) >= 1.3.2 BuildRequires: golang(golang.org/x/sys/unix) BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) From b3f0d3b599d334d86dcb0433b14c8aecadfa7d83 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 17 May 2022 23:52:10 +0200 Subject: [PATCH 054/145] Add 'BuildRequires: golang(golang.org/x/crypto/ssh/terminal)' Not having golang.org/x/crypto/ssh/terminal explicitly listed as a BuildRequires isn't breaking the build at the moment. However, since it's a direct dependency, and Toolbx is written in Go, it's good to explicitly list it due to the statically linked nature of Go binaries. It will make it easier to gauge the fallout from a security bug. There's no need to do a build just for this. --- toolbox.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/toolbox.spec b/toolbox.spec index 0c0fd9d..b583773 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -33,6 +33,7 @@ BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 # BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(github.com/spf13/viper) >= 1.3.2 +BuildRequires: golang(golang.org/x/crypto/ssh/terminal) BuildRequires: golang(golang.org/x/sys/unix) BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) From c2a3244ca442f12d126214188b2d586f91170dff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert-Andr=C3=A9=20Mauchin?= Date: Sat, 18 Jun 2022 12:23:53 +0200 Subject: [PATCH 055/145] Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 --- toolbox.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index b583773..46db8f8 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 4%{?dist} +Release: 5%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -190,6 +190,10 @@ ln -s src/pkg pkg %changelog +* Sat Jun 18 2022 Robert-André Mauchin - 0.0.99.3-5 +- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, + CVE-2022-29526, CVE-2022-30629 + * Sat Jan 22 2022 Fedora Release Engineering - 0.0.99.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From f6c0926811c667589475651cb2fa833458e6c2ea Mon Sep 17 00:00:00 2001 From: Maxwell G Date: Tue, 19 Jul 2022 13:59:13 -0500 Subject: [PATCH 056/145] Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- toolbox.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 46db8f8..8f5417d 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 5%{?dist} +Release: 6%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -190,6 +190,10 @@ ln -s src/pkg pkg %changelog +* Tue Jul 19 2022 Maxwell G - 0.0.99.3-6 +- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in + golang + * Sat Jun 18 2022 Robert-André Mauchin - 0.0.99.3-5 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 From 9dc23837edc5facdf6ea19e98d5816b7567084c6 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 23 Jul 2022 10:41:32 +0000 Subject: [PATCH 057/145] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 8f5417d..074d515 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 6%{?dist} +Release: 7%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -190,6 +190,9 @@ ln -s src/pkg pkg %changelog +* Sat Jul 23 2022 Fedora Release Engineering - 0.0.99.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Tue Jul 19 2022 Maxwell G - 0.0.99.3-6 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang From 46d2ca508e5b7bab639d692c5d0fda6de05ce178 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Wed, 21 Dec 2022 00:22:14 -0500 Subject: [PATCH 058/145] Use vendored dependencies for RHEL --- .gitignore | 1 + gen-vendor-tarball.sh | 27 +++++++++++++++++++++++++++ sources | 1 + toolbox.spec | 22 +++++++++++++++++++--- 4 files changed, 48 insertions(+), 3 deletions(-) create mode 100755 gen-vendor-tarball.sh diff --git a/.gitignore b/.gitignore index 66d6df6..3443637 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,4 @@ /toolbox-0.0.99.2^2.git40fbd377ed0b.tar.xz /toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz /toolbox-0.0.99.3.tar.xz +/toolbox-0.0.99.3-vendor.tar.xz diff --git a/gen-vendor-tarball.sh b/gen-vendor-tarball.sh new file mode 100755 index 0000000..f704f1a --- /dev/null +++ b/gen-vendor-tarball.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# Process a toolbox tarball to get vendored dependencies for the RHEL build. +# +# Yaakov Selkowitz - 2022 + +SOURCE="$1" +DIRECTORY=`echo $SOURCE | sed 's/\.tar\.xz//'` +VENDOR_SOURCE="${DIRECTORY}-vendor.tar.xz" + +error() +{ + MESSAGE=$1 + echo $MESSAGE + exit 1 +} + +rm -rf $DIRECTORY +tar xJf $SOURCE || error "Cannot unpack $SOURCE" +pushd $DIRECTORY/src > /dev/null || error "Cannot open directory \"$DIRECTORY\"" + +echo "Vendoring dependencies" +go mod vendor || error "Vendoring failed" +popd > /dev/null + +tar cJf $VENDOR_SOURCE -C $DIRECTORY src/vendor || error "Unable to create $VENDOR_SOURCE" +echo "$VENDOR_SOURCE is ready to use" diff --git a/sources b/sources index 64d6d65..2bf14ad 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (toolbox-0.0.99.3.tar.xz) = d9e4bd1cc7667b6ecdcf25a2c3ad7d7d67cc997168a41e668c936d2de24db774331a78a1b4a06b63e7cef8e0dc4ac5651591b6d9cec0d8e81be2b2dd64854dca +SHA512 (toolbox-0.0.99.3-vendor.tar.xz) = 51ce5a16276ccc75d2b6fb9cae1c4371ad028f6a820cd176a4a0ee85fab447a6b37b5ec2e969b882c4f04cfe58bd78f92975606297a0db22e72457f012102ec2 diff --git a/toolbox.spec b/toolbox.spec index 074d515..9063708 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,12 +6,16 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 7%{?dist} +Release: 8%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://containertoolbx.org/ Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz +# RHEL package is built with vendored dependencies +# created with gen-vendor-tarball.sh from SOURCE2 +Source1: %{name}-%{version}-vendor.tar.xz +Source2: gen-vendor-tarball.sh # Fedora specific Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch @@ -22,6 +26,7 @@ Patch103: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patc BuildRequires: ShellCheck BuildRequires: go-md2man BuildRequires: golang >= 1.13 +%if ! 0%{?rhel} BuildRequires: golang(github.com/HarryMichal/go-version) BuildRequires: golang(github.com/acobaugh/osrelease) BuildRequires: golang(github.com/briandowns/spinner) >= 1.10.0 @@ -35,6 +40,7 @@ BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(github.com/spf13/viper) >= 1.3.2 BuildRequires: golang(golang.org/x/crypto/ssh/terminal) BuildRequires: golang(golang.org/x/sys/unix) +%endif BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) BuildRequires: systemd-rpm-macros @@ -138,8 +144,10 @@ The %{name}-tests package contains system tests for %{name}. %prep -%setup -q +%setup -q %{?rhel:-a 1} +%if ! 0%{?rhel} %patch100 -p1 +%endif %ifnarch ppc64 %patch101 -p1 @@ -147,7 +155,9 @@ The %{name}-tests package contains system tests for %{name}. %patch102 -p1 %endif +%if ! 0%{?rhel} %patch103 -p1 +%endif %gomkdir @@ -158,6 +168,9 @@ export GOPATH=%{gobuilddir}:%{gopath} export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" ln -s src/cmd cmd ln -s src/pkg pkg +%if 0%{?rhel} +ln -s src/vendor vendor +%endif %meson --buildtype=plain -Dprofile_dir=%{_sysconfdir}/profile.d -Dtmpfiles_dir=%{_tmpfilesdir} %meson_build @@ -172,7 +185,7 @@ ln -s src/pkg pkg %files %doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md -%license COPYING +%license COPYING %{?rhel:src/vendor/modules.txt} %{_bindir}/%{name} %{_datadir}/bash-completion %{_mandir}/man1/%{name}.1* @@ -190,6 +203,9 @@ ln -s src/pkg pkg %changelog +* Thu Dec 22 2022 Yaakov Selkowitz - 0.0.99.3-8 +- Use vendored dependencies for RHEL/ELN builds + * Sat Jul 23 2022 Fedora Release Engineering - 0.0.99.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 1815f6417e0a25bdc76b351c39605cbb3bc29b7b Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 21 Jan 2023 05:16:24 +0000 Subject: [PATCH 059/145] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 9063708..ddb9b1b 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 8%{?dist} +Release: 9%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -203,6 +203,9 @@ ln -s src/vendor vendor %changelog +* Sat Jan 21 2023 Fedora Release Engineering - 0.0.99.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Thu Dec 22 2022 Yaakov Selkowitz - 0.0.99.3-8 - Use vendored dependencies for RHEL/ELN builds From 484d3d62090cfad0f91274d96956c32219bf099b Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Thu, 2 Feb 2023 12:55:51 -0500 Subject: [PATCH 060/145] Sync packaging changes from CentOS Stream --- toolbox.spec | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index ddb9b1b..7f4fc63 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 9%{?dist} +Release: 10%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -23,7 +23,6 @@ Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch Patch103: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch -BuildRequires: ShellCheck BuildRequires: go-md2man BuildRequires: golang >= 1.13 %if ! 0%{?rhel} @@ -40,6 +39,8 @@ BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(github.com/spf13/viper) >= 1.3.2 BuildRequires: golang(golang.org/x/crypto/ssh/terminal) BuildRequires: golang(golang.org/x/sys/unix) +# for tests +BuildRequires: ShellCheck %endif BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) @@ -55,6 +56,8 @@ Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. +%if ! 0%{?rhel} + # The list of requires packages for -support and -experience should be in sync with: # https://github.com/containers/toolbox/blob/master/images/fedora/f33/extra-packages %package support @@ -128,6 +131,7 @@ on the host. The %{name}-experience package should be typically installed from the Dockerfile if the image isn't based on the fedora-toolbox image. +%endif %package tests Summary: Tests for %{name} @@ -194,15 +198,22 @@ ln -s src/vendor vendor %{_sysconfdir}/profile.d/%{name}.sh %{_tmpfilesdir}/%{name}.conf +%if ! 0%{?rhel} + %files support %files experience +%endif + %files tests %{_datadir}/%{name} %changelog +* Thu Feb 02 2023 Yaakov Selkowitz - 0.0.99.3-10 +- Sync packaging changes from CentOS Stream + * Sat Jan 21 2023 Fedora Release Engineering - 0.0.99.3-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From 021ab3822e4614ed0afa5eb9ef6347def584298b Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 21 Feb 2023 16:43:49 +0100 Subject: [PATCH 061/145] Drop redundant option from %meson There's no need to pass the --buildtype=plain option to the %meson RPM macro, because it's one of the default options used by the macro. There's no need to do a build just for this. Fallout from 33bd39b0f97b72a788c9ee564ce2b0e2a8a3c23e --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 7f4fc63..86c27e6 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -175,7 +175,7 @@ ln -s src/pkg pkg %if 0%{?rhel} ln -s src/vendor vendor %endif -%meson --buildtype=plain -Dprofile_dir=%{_sysconfdir}/profile.d -Dtmpfiles_dir=%{_tmpfilesdir} +%meson -Dprofile_dir=%{_sysconfdir}/profile.d -Dtmpfiles_dir=%{_tmpfilesdir} %meson_build From df688dd65b6846201d16ad21f35436a9c5cb9dfe Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 21 Feb 2023 16:48:16 +0100 Subject: [PATCH 062/145] Add missing 'BuildRequires: gcc' A C compiler is necessary to build Toolbx [1]. GCC is being pulled in by the other BuildRequires, but it's good to explicitly list it since GCC isn't part of the default buildroot since Fedora 29 [2] and will prevent the compiler from unexpectedly changing to Clang. There's no need to do a build just for this. [1] Upstream commit c8aaed52c547e24e https://github.com/containers/toolbox/commit/c8aaed52c547e24e https://github.com/containers/toolbox/pull/923 [2] https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot --- toolbox.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/toolbox.spec b/toolbox.spec index 86c27e6..0f48323 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -23,6 +23,7 @@ Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch Patch103: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch +BuildRequires: gcc BuildRequires: go-md2man BuildRequires: golang >= 1.13 %if ! 0%{?rhel} From ecc081de3e5683f78ea01c0b2dca3b142a11da66 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 21 Feb 2023 17:01:39 +0100 Subject: [PATCH 063/145] Mark and comment out the unused BuildRequires for %check Fallout from 484d3d62090cfad0f91274d96956c32219bf099b and 12df1ef16a673d90a85d3b8fc631adcd1ae27ba5 There's no need to do a build just for this. --- toolbox.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 0f48323..c019ecd 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -35,13 +35,13 @@ BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.4.7 BuildRequires: golang(github.com/godbus/dbus) >= 5.0.3 BuildRequires: golang(github.com/mattn/go-isatty) >= 0.0.12 BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 -# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(github.com/spf13/viper) >= 1.3.2 BuildRequires: golang(golang.org/x/crypto/ssh/terminal) BuildRequires: golang(golang.org/x/sys/unix) # for tests -BuildRequires: ShellCheck +# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 +# BuildRequires: ShellCheck %endif BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) From 5e2882211581ec18ed00871418a518930452ad6a Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 21 Feb 2023 17:15:21 +0100 Subject: [PATCH 064/145] Use %gomodulesmode introduced in go-rpm-macros-3.0.10 There's no need to do a build just for this. --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index c019ecd..b87d817 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -168,7 +168,7 @@ The %{name}-tests package contains system tests for %{name}. %build -export GO111MODULE=off +export %{gomodulesmode} export GOPATH=%{gobuilddir}:%{gopath} export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" ln -s src/cmd cmd From 7ce081c75c58898a96d5cae129fbc120f255e1d6 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 21 Feb 2023 17:32:58 +0100 Subject: [PATCH 065/145] Add ExclusiveArch to match Podman There's no golang on %ix86 from RHEL 9 onwards [1], and hence no podman either [2]. Recently, with Podman 4.4.1, there are also no new podman builds for %ix86 for Fedora 36 onwards [3]. Arguably, the podman change should have been limited to Fedora Rawhide, but it's probably not a big problem because there's no %ix86 install media for Fedora CoreOS, Silverblue or Workstation. Note that while %golang_arches on RHEL 9 doesn't include %arm, it's included in both %golang_arches and %golang_arches_future on Fedora. [1] go-rpm-macros commit b1500ff47ee8cdd1 https://src.fedoraproject.org/rpms/go-rpm-macros/c/b1500ff47ee8cdd1 [2] podman commit 555a5a504dd538d5 https://src.fedoraproject.org/rpms/podman/c/555a5a504dd538d5 [3] podman commit 313c3e86a81c69eb https://src.fedoraproject.org/rpms/podman/c/313c3e86a81c69eb --- toolbox.spec | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index b87d817..c3917d5 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -6,7 +6,7 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 10%{?dist} +Release: 11%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -23,6 +23,12 @@ Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch Patch103: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch +%if 0%{?rhel} == 9 +ExclusiveArch: %{golang_arches} +%else +ExclusiveArch: %{golang_arches_future} +%endif + BuildRequires: gcc BuildRequires: go-md2man BuildRequires: golang >= 1.13 @@ -212,6 +218,9 @@ ln -s src/vendor vendor %changelog +* Tue Feb 21 2023 Debarshi Ray - 0.0.99.3-11 +- Add ExclusiveArch to match Podman + * Thu Feb 02 2023 Yaakov Selkowitz - 0.0.99.3-10 - Sync packaging changes from CentOS Stream From fbfe9ff31b70f266da3b556c86427ebbb6c4cc99 Mon Sep 17 00:00:00 2001 From: Martin Jackson Date: Wed, 22 Feb 2023 08:48:32 -0600 Subject: [PATCH 066/145] Fix the ExclusiveArch The %gometa RPM macro also generates a ExclusiveArch on %golang_arches or %golang_arches_future depending on whether the -f flag is present or not. This was overriding the separately specified ExclusiveArch. Fallout from 7ce081c75c58898a96d5cae129fbc120f255e1d6 https://src.fedoraproject.org/rpms/toolbox/pull-request/12 --- toolbox.spec | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index c3917d5..a0b7d4c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -4,9 +4,14 @@ Name: toolbox Version: 0.0.99.3 %global goipath github.com/containers/%{name} -%gometa -Release: 11%{?dist} +%if 0%{?rhel} == 9 +%gometa +%else +%gometa -f +%endif + +Release: 12%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -23,12 +28,6 @@ Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch Patch103: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch -%if 0%{?rhel} == 9 -ExclusiveArch: %{golang_arches} -%else -ExclusiveArch: %{golang_arches_future} -%endif - BuildRequires: gcc BuildRequires: go-md2man BuildRequires: golang >= 1.13 @@ -218,6 +217,9 @@ ln -s src/vendor vendor %changelog +* Wed Feb 22 2023 Martin Jackson - 0.0.99.3-12 +- Fix the ExclusiveArch + * Tue Feb 21 2023 Debarshi Ray - 0.0.99.3-11 - Add ExclusiveArch to match Podman From 7556bb66c24572d13df7c9b9e460d7aafbb7b119 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 22 Feb 2023 20:29:43 +0100 Subject: [PATCH 067/145] Bump the golang requirement to ensure recent CVE fixes 'BuildRequires: golang >= 1.19.4' will ensure that recent CVEs like CVE-2022-41717 remain fixed. There's no need to do a build just for this, because the toolbox package has either already been built with a sufficiently recent golang or will soon be. https://bugzilla.redhat.com/show_bug.cgi?id=2161274 --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index a0b7d4c..bdc8c3d 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -30,7 +30,7 @@ Patch103: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patc BuildRequires: gcc BuildRequires: go-md2man -BuildRequires: golang >= 1.13 +BuildRequires: golang >= 1.19.4 %if ! 0%{?rhel} BuildRequires: golang(github.com/HarryMichal/go-version) BuildRequires: golang(github.com/acobaugh/osrelease) From cbcdb7a21c89122edc71ab297533b6d0615b63fd Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 23 Feb 2023 15:22:14 +0100 Subject: [PATCH 068/145] Simplify and unify the build with RHEL There's no need to do a build just for this. --- toolbox.spec | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index bdc8c3d..1610734 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -169,18 +169,14 @@ The %{name}-tests package contains system tests for %{name}. %patch103 -p1 %endif -%gomkdir +%gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k} %build export %{gomodulesmode} export GOPATH=%{gobuilddir}:%{gopath} export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" -ln -s src/cmd cmd -ln -s src/pkg pkg -%if 0%{?rhel} -ln -s src/vendor vendor -%endif + %meson -Dprofile_dir=%{_sysconfdir}/profile.d -Dtmpfiles_dir=%{_tmpfilesdir} %meson_build From 79167d70c471632658b50e2e1860b2c217ebdecd Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 23 Feb 2023 17:15:40 +0100 Subject: [PATCH 069/145] Remove a patch specific to Fedora that doesn't seem necessary anymore There's no need to do a build just for this. --- ...-use-Go-s-semantic-import-versioning.patch | 72 ------------------- toolbox.spec | 16 ++--- 2 files changed, 6 insertions(+), 82 deletions(-) delete mode 100644 toolbox-Don-t-use-Go-s-semantic-import-versioning.patch diff --git a/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch b/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch deleted file mode 100644 index 8cdae9c..0000000 --- a/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 40fbd377ed0b94060ae5fb2a60289500b66486dc Mon Sep 17 00:00:00 2001 -From: Oliver Gutierrez -Date: Thu, 29 Jul 2021 14:12:41 +0100 -Subject: [PATCH] Don't use Go's semantic import versioning - -Fedora doesn't support Go modules when building Go programs. This -means that source code using semantic import versioning can't be built. - ---- - src/cmd/create.go | 2 +- - src/go.mod | 2 +- - src/go.sum | 4 ++-- - src/pkg/utils/utils.go | 2 +- - 4 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/cmd/create.go b/src/cmd/create.go -index 8b31365..502f691 100644 ---- a/src/cmd/create.go -+++ b/src/cmd/create.go -@@ -28,7 +28,7 @@ import ( - "github.com/containers/toolbox/pkg/podman" - "github.com/containers/toolbox/pkg/shell" - "github.com/containers/toolbox/pkg/utils" -- "github.com/godbus/dbus/v5" -+ "github.com/godbus/dbus" - "github.com/sirupsen/logrus" - "github.com/spf13/cobra" - "golang.org/x/crypto/ssh/terminal" -diff --git a/src/go.mod b/src/go.mod -index cce3e5a..eb7f70c 100644 ---- a/src/go.mod -+++ b/src/go.mod -@@ -8,7 +8,7 @@ require ( - github.com/briandowns/spinner v1.10.0 - github.com/docker/go-units v0.4.0 - github.com/fsnotify/fsnotify v1.4.7 -- github.com/godbus/dbus/v5 v5.0.3 -+ github.com/godbus/dbus v4.1.0+incompatible - github.com/mattn/go-isatty v0.0.8 - github.com/sirupsen/logrus v1.4.2 - github.com/spf13/cobra v0.0.5 -diff --git a/src/go.sum b/src/go.sum -index fbad155..737f058 100644 ---- a/src/go.sum -+++ b/src/go.sum -@@ -20,8 +20,8 @@ github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= - github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= - github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= - github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= --github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME= --github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -+github.com/godbus/dbus v4.1.0+incompatible h1:WqqLRTsQic3apZUK9qC5sGNfXthmPXzUZ7nQPrNITa4= -+github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= - github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= - github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= - github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= -diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go -index ae7c596..4d1556a 100644 ---- a/src/pkg/utils/utils.go -+++ b/src/pkg/utils/utils.go -@@ -33,7 +33,7 @@ import ( - "github.com/acobaugh/osrelease" - "github.com/containers/toolbox/pkg/shell" - "github.com/docker/go-units" -- "github.com/godbus/dbus/v5" -+ "github.com/godbus/dbus" - "github.com/sirupsen/logrus" - "github.com/spf13/viper" - "golang.org/x/sys/unix" --- -2.31.1 - diff --git a/toolbox.spec b/toolbox.spec index 1610734..110c7ab 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -23,10 +23,9 @@ Source1: %{name}-%{version}-vendor.tar.xz Source2: gen-vendor-tarball.sh # Fedora specific -Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch -Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch -Patch102: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch -Patch103: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch +Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +Patch102: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch BuildRequires: gcc BuildRequires: go-md2man @@ -155,18 +154,15 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q %{?rhel:-a 1} -%if ! 0%{?rhel} -%patch100 -p1 -%endif %ifnarch ppc64 -%patch101 -p1 +%patch100 -p1 %else -%patch102 -p1 +%patch101 -p1 %endif %if ! 0%{?rhel} -%patch103 -p1 +%patch102 -p1 %endif %gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k} From 95d6ea86892b903bcc7eddd542302cd290a3f874 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 21 Feb 2023 16:42:39 +0100 Subject: [PATCH 070/145] Update to 0.0.99.4 https://bugzilla.redhat.com/show_bug.cgi?id=2171961 --- .gitignore | 1 + gen-vendor-tarball.sh | 27 ------ sources | 3 +- ...ags-match-Fedora-s-gobuild-for-PPC64.patch | 20 ++-- ...e-build-flags-match-Fedora-s-gobuild.patch | 20 ++-- ...ound-Cobra-1.1.2-s-handling-of-usage.patch | 95 ------------------- toolbox.spec | 52 +++++----- 7 files changed, 50 insertions(+), 168 deletions(-) delete mode 100755 gen-vendor-tarball.sh delete mode 100644 toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch diff --git a/.gitignore b/.gitignore index 3443637..3db2fe9 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,4 @@ /toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz /toolbox-0.0.99.3.tar.xz /toolbox-0.0.99.3-vendor.tar.xz +/toolbox-0.0.99.4-vendored.tar.xz diff --git a/gen-vendor-tarball.sh b/gen-vendor-tarball.sh deleted file mode 100755 index f704f1a..0000000 --- a/gen-vendor-tarball.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -# Process a toolbox tarball to get vendored dependencies for the RHEL build. -# -# Yaakov Selkowitz - 2022 - -SOURCE="$1" -DIRECTORY=`echo $SOURCE | sed 's/\.tar\.xz//'` -VENDOR_SOURCE="${DIRECTORY}-vendor.tar.xz" - -error() -{ - MESSAGE=$1 - echo $MESSAGE - exit 1 -} - -rm -rf $DIRECTORY -tar xJf $SOURCE || error "Cannot unpack $SOURCE" -pushd $DIRECTORY/src > /dev/null || error "Cannot open directory \"$DIRECTORY\"" - -echo "Vendoring dependencies" -go mod vendor || error "Vendoring failed" -popd > /dev/null - -tar cJf $VENDOR_SOURCE -C $DIRECTORY src/vendor || error "Unable to create $VENDOR_SOURCE" -echo "$VENDOR_SOURCE is ready to use" diff --git a/sources b/sources index 2bf14ad..a8351c5 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (toolbox-0.0.99.3.tar.xz) = d9e4bd1cc7667b6ecdcf25a2c3ad7d7d67cc997168a41e668c936d2de24db774331a78a1b4a06b63e7cef8e0dc4ac5651591b6d9cec0d8e81be2b2dd64854dca -SHA512 (toolbox-0.0.99.3-vendor.tar.xz) = 51ce5a16276ccc75d2b6fb9cae1c4371ad028f6a820cd176a4a0ee85fab447a6b37b5ec2e969b882c4f04cfe58bd78f92975606297a0db22e72457f012102ec2 +SHA512 (toolbox-0.0.99.4-vendored.tar.xz) = 882cd6ec1c1a193af8774dfdfd0aff72d376c4fec3e0cc702e2d524353c051e408eab2ac3fb43ec00fe622b46ac89fdbe97aca2f7cfbe3822e5d3ff1743f2fd0 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch index a1d92a5..f658031 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -1,4 +1,4 @@ -From 32aa30a17358598f568991a5375f6182e4135648 Mon Sep 17 00:00:00 2001 +From 17a0e519fd9b1e721b35a823bd244a28e3f87a4a Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} for @@ -24,22 +24,22 @@ and should be kept updated to match Fedora's Go guidelines. Use 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index ef4aafc8b024..f8ea8370792c 100755 +index c572d6dfb02b..cae2de426a96 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -32,9 +32,9 @@ if ! cd "$1"; then +@@ -33,9 +33,9 @@ if ! cd "$1"; then exit 1 fi -tags="" +tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" - if $6; then + if $7; then - tags="-tags migration_path_for_coreos_toolbox" + tags="$tags,migration_path_for_coreos_toolbox" fi - if ! libc_dir=$("$4" --print-file-name=libc.so); then -@@ -69,11 +69,16 @@ fi + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -70,11 +70,16 @@ fi dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" @@ -50,14 +50,14 @@ index ef4aafc8b024..f8ea8370792c 100755 + -compiler gc \ $tags \ - -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ + -a \ + -v \ + -x \ - -o "$2/toolbox" + -o "$2/$3" exit "$?" -- -2.31.1 +2.39.1 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch index 2e4cbfd..7105cb5 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -1,4 +1,4 @@ -From 6d913f1fbd6e609957bb01273504b2f479e1b546 Mon Sep 17 00:00:00 2001 +From fd03e31c7d789413700db84af02894d5be70b5ee Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} @@ -23,22 +23,22 @@ PPC64, and should be kept updated to match Fedora's Go guidelines. Use 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index ef4aafc8b024..4354beceb215 100755 +index c572d6dfb02b..0e6a2efa6853 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -32,9 +32,9 @@ if ! cd "$1"; then +@@ -33,9 +33,9 @@ if ! cd "$1"; then exit 1 fi -tags="" +tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" - if $6; then + if $7; then - tags="-tags migration_path_for_coreos_toolbox" + tags="$tags,migration_path_for_coreos_toolbox" fi - if ! libc_dir=$("$4" --print-file-name=libc.so); then -@@ -69,11 +69,17 @@ fi + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -70,11 +70,17 @@ fi dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" @@ -50,14 +50,14 @@ index ef4aafc8b024..4354beceb215 100755 + -compiler gc \ $tags \ - -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ + -a \ + -v \ + -x \ - -o "$2/toolbox" + -o "$2/$3" exit "$?" -- -2.31.1 +2.39.1 diff --git a/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch b/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch deleted file mode 100644 index a618021..0000000 --- a/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch +++ /dev/null @@ -1,95 +0,0 @@ -From e598e2160323b63310ad7b6def723eb1f8767f90 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= -Date: Thu, 11 Nov 2021 18:18:52 +0200 -Subject: [PATCH 02/13] cmd/root: Work around Cobra 1.1.2's handling of usage - functions - -In version 1.1.2 of Cobra has been included a change[0] that changes -how custom usage functions are handled. - -Example of the wrong behaviour: -$ toolbox --foo -Error: unknown flag: --foo -Run 'toolbox --help' for usage.Error: Run 'toolbox --help' for usage. - -Desired behaviour: -$ toolbox --foo -Error: unknown flag: --foo -Run 'toolbox --help' for usage. - -A workaround is to define a template string for the usage instead. The -template uses the templating language of Go[1]. See the default -template string in version 1.2.1[2]. - -Because the template is set only once, the executableBase needs to be -set before the template is applied. That required the move of -setUpGlobals() into init() of the cmd package. This is a better place -for the function call as init() is called earlier than Execute()[3]. - -Upstream issue: https://github.com/spf13/cobra/issues/1532 - -[0] https://github.com/spf13/cobra/pull/1044 -[1] https://pkg.go.dev/text/template -[2] https://github.com/spf13/cobra/blob/v1.2.1/command.go#L491 -[3] https://golang.org/doc/effective_go#init - -https://github.com/containers/toolbox/pull/917 ---- - src/cmd/root.go | 20 ++++++++------------ - 1 file changed, 8 insertions(+), 12 deletions(-) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index eb0622f..ad0753b 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -62,11 +62,6 @@ var ( - ) - - func Execute() { -- if err := setUpGlobals(); err != nil { -- fmt.Fprintf(os.Stderr, "Error: %s\n", err) -- os.Exit(1) -- } -- - if err := rootCmd.Execute(); err != nil { - os.Exit(1) - } -@@ -75,6 +70,11 @@ func Execute() { - } - - func init() { -+ if err := setUpGlobals(); err != nil { -+ fmt.Fprintf(os.Stderr, "Error: %s\n", err) -+ os.Exit(1) -+ } -+ - persistentFlags := rootCmd.PersistentFlags() - - persistentFlags.BoolVarP(&rootFlags.assumeYes, -@@ -96,7 +96,9 @@ func init() { - persistentFlags.CountVarP(&rootFlags.verbose, "verbose", "v", "Set log-level to 'debug'") - - rootCmd.SetHelpFunc(rootHelp) -- rootCmd.SetUsageFunc(rootUsage) -+ -+ usageTemplate := fmt.Sprintf("Run '%s --help' for usage.", executableBase) -+ rootCmd.SetUsageTemplate(usageTemplate) - } - - func preRun(cmd *cobra.Command, args []string) error { -@@ -188,12 +190,6 @@ func rootRun(cmd *cobra.Command, args []string) error { - return rootRunImpl(cmd, args) - } - --func rootUsage(cmd *cobra.Command) error { -- err := fmt.Errorf("Run '%s --help' for usage.", executableBase) -- fmt.Fprintf(os.Stderr, "%s", err) -- return err --} -- - func migrate() error { - logrus.Debug("Migrating to newer Podman") - --- -2.34.1 - diff --git a/toolbox.spec b/toolbox.spec index 110c7ab..8053e12 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.0.99.3 +Version: 0.0.99.4 %global goipath github.com/containers/%{name} @@ -11,44 +11,43 @@ Version: 0.0.99.3 %gometa -f %endif -Release: 12%{?dist} +Release: 1%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://containertoolbx.org/ -Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz -# RHEL package is built with vendored dependencies -# created with gen-vendor-tarball.sh from SOURCE2 -Source1: %{name}-%{version}-vendor.tar.xz -Source2: gen-vendor-tarball.sh +Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch -Patch102: toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch BuildRequires: gcc BuildRequires: go-md2man BuildRequires: golang >= 1.19.4 %if ! 0%{?rhel} -BuildRequires: golang(github.com/HarryMichal/go-version) -BuildRequires: golang(github.com/acobaugh/osrelease) -BuildRequires: golang(github.com/briandowns/spinner) >= 1.10.0 +BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1 +BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0 +BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0 BuildRequires: golang(github.com/docker/go-units) >= 0.4.0 -BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.4.7 -BuildRequires: golang(github.com/godbus/dbus) >= 5.0.3 -BuildRequires: golang(github.com/mattn/go-isatty) >= 0.0.12 -BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 -BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 -BuildRequires: golang(github.com/spf13/viper) >= 1.3.2 -BuildRequires: golang(golang.org/x/crypto/ssh/terminal) +BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1 +BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6 +BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1 +BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0 +BuildRequires: golang(github.com/spf13/viper) >= 1.10.1 BuildRequires: golang(golang.org/x/sys/unix) +BuildRequires: golang(golang.org/x/term) # for tests +# BuildRequires: codespell # BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 # BuildRequires: ShellCheck %endif BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) +BuildRequires: pkgconfig(fish) +BuildRequires: podman +BuildRequires: shadow-utils-subid-devel +BuildRequires: systemd BuildRequires: systemd-rpm-macros Requires: containers-common @@ -153,7 +152,7 @@ The %{name}-tests package contains system tests for %{name}. %prep -%setup -q %{?rhel:-a 1} +%setup -q %ifnarch ppc64 %patch100 -p1 @@ -161,10 +160,6 @@ The %{name}-tests package contains system tests for %{name}. %patch101 -p1 %endif -%if ! 0%{?rhel} -%patch102 -p1 -%endif - %gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k} @@ -173,7 +168,10 @@ export %{gomodulesmode} export GOPATH=%{gobuilddir}:%{gopath} export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" -%meson -Dprofile_dir=%{_sysconfdir}/profile.d -Dtmpfiles_dir=%{_tmpfilesdir} +%meson \ + -Dprofile_dir=%{_sysconfdir}/profile.d \ + -Dtmpfiles_dir=%{_tmpfilesdir} \ + -Dzsh_completions_dir=%{_datadir}/zsh/site-functions %meson_build @@ -190,8 +188,11 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ %license COPYING %{?rhel:src/vendor/modules.txt} %{_bindir}/%{name} %{_datadir}/bash-completion +%{_datadir}/fish +%{_datadir}/zsh %{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{name}-*.1* +%{_mandir}/man5/%{name}.conf.5* %config(noreplace) %{_sysconfdir}/containers/%{name}.conf %{_sysconfdir}/profile.d/%{name}.sh %{_tmpfilesdir}/%{name}.conf @@ -209,6 +210,9 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ %changelog +* Wed Feb 22 2023 Debarshi Ray - 0.0.99.4-1 +- Update to 0.0.99.4 + * Wed Feb 22 2023 Martin Jackson - 0.0.99.3-12 - Fix the ExclusiveArch From 2f7d5494941ab0c7b31f6124307f5cf3d380cc9e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 27 Feb 2023 17:49:45 +0100 Subject: [PATCH 071/145] Don't use podman(1) when generating the completions This is actually needed for Fedoras 36 and 37, but, at least currently, not necessary for Fedoras 38 and 39. There's no need to do a build just for this. https://github.com/containers/podman/issues/17657 --- ...se-podman-1-when-generating-the-comp.patch | 89 +++++++++++++++++++ toolbox.spec | 5 +- 2 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 toolbox-Don-t-use-podman-1-when-generating-the-comp.patch diff --git a/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch b/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch new file mode 100644 index 0000000..85c7289 --- /dev/null +++ b/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch @@ -0,0 +1,89 @@ +From fc5f568c5d82f4a16982268fa67092e52be91fbe Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 28 Feb 2023 17:12:04 +0100 +Subject: [PATCH] cmd/root: Don't use podman(1) when generating the completions + +Ever since commit bafbbe81c9220cb3, the shell completions are generated +while building Toolbx using the 'completion' command. This involves +running toolbox(1) itself, and hence invoking 'podman version' to decide +if 'podman system migrate' is needed or not. + +Unfortunately, some build environments, like Fedora's, are set up inside +a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may +not work because it does various things with namespaces(7) and clone(2) +that can, under certain circumstances, encounter an EPERM. + +Therefore, it's better to avoid using podman(1) when generating the +shell completions, especially, since they are generated by Cobra itself +and podman(1) is not involved at all. + +Note that podman(1) is needed when the generated shell completions are +actually used in interactive command line environments. The shell +completions invoke the hidden '__complete' command to get the results +that are presented to the user, and, if needed, 'podman system migrate' +will continue to be run as part of that. + +This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011 +because podman(1) is now only an optional runtime dependency for the +system tests. + +https://github.com/containers/podman/issues/17657 +--- + meson.build | 2 +- + src/cmd/root.go | 9 +++++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/meson.build b/meson.build +index 6f044bb204e3..653a3d3ac588 100644 +--- a/meson.build ++++ b/meson.build +@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h']) + + go = find_program('go') + go_md2man = find_program('go-md2man') +-podman = find_program('podman') + + bats = find_program('bats', required: false) + codespell = find_program('codespell', required: false) + htpasswd = find_program('htpasswd', required: false) + openssl = find_program('openssl', required: false) ++podman = find_program('podman', required: false) + shellcheck = find_program('shellcheck', required: false) + skopeo = find_program('skopeo', required: false) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 304b03dcd889..9975ccc7a4c8 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error { + + logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath) + +- if err := migrate(); err != nil { ++ if err := migrate(cmd, args); err != nil { + return err + } + +@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error { + return rootRunImpl(cmd, args) + } + +-func migrate() error { ++func migrate(cmd *cobra.Command, args []string) error { + logrus.Debug("Migrating to newer Podman") + + if utils.IsInsideContainer() { + return nil + } + ++ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { ++ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName) ++ return nil ++ } ++ + configDir, err := os.UserConfigDir() + if err != nil { + logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err) +-- +2.39.1 + diff --git a/toolbox.spec b/toolbox.spec index 8053e12..fa3975c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -18,6 +18,9 @@ License: ASL 2.0 URL: https://containertoolbx.org/ Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz +# Upstream +Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch + # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -45,7 +48,6 @@ BuildRequires: golang(golang.org/x/term) BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) BuildRequires: pkgconfig(fish) -BuildRequires: podman BuildRequires: shadow-utils-subid-devel BuildRequires: systemd BuildRequires: systemd-rpm-macros @@ -153,6 +155,7 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q +%patch0 -p1 %ifnarch ppc64 %patch100 -p1 From a8db8e5d514ac63389e8874ab28450794ef2ca91 Mon Sep 17 00:00:00 2001 From: Nieves Montero Date: Wed, 8 Mar 2023 11:24:16 +0100 Subject: [PATCH 072/145] Sprinkle a debug log Signed-off-by: Nieves Montero --- toolbox-Sprinkle-a-debug-log.patch | 22 ++++++++++++++++++++++ toolbox.spec | 7 ++++++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 toolbox-Sprinkle-a-debug-log.patch diff --git a/toolbox-Sprinkle-a-debug-log.patch b/toolbox-Sprinkle-a-debug-log.patch new file mode 100644 index 0000000..ba6a3dd --- /dev/null +++ b/toolbox-Sprinkle-a-debug-log.patch @@ -0,0 +1,22 @@ +From cafbca996ec4a19f9f80bae109436e2dfc7149a4 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 1 Mar 2023 19:41:56 +0100 +Subject: [PATCH] cmd/root: Sprinkle a debug log + +https://github.com/containers/toolbox/pull/1251 +--- + src/cmd/root.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 9975ccc7a..2e7428a20 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -215,6 +215,7 @@ func migrate(cmd *cobra.Command, args []string) error { + logrus.Debug("Migrating to newer Podman") + + if utils.IsInsideContainer() { ++ logrus.Debug("Migration not needed: running inside a container") + return nil + } + diff --git a/toolbox.spec b/toolbox.spec index fa3975c..4f4b6ef 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -11,7 +11,7 @@ Version: 0.0.99.4 %gometa -f %endif -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -20,6 +20,7 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version # Upstream Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch +Patch1: toolbox-Sprinkle-a-debug-log.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -156,6 +157,7 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q %patch0 -p1 +%patch1 -p1 %ifnarch ppc64 %patch100 -p1 @@ -213,6 +215,9 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ %changelog +* Wed Mar 8 2023 Nieves Montero - 0.0.99.4-2 +- Sprinkle a debug log + * Wed Feb 22 2023 Debarshi Ray - 0.0.99.4-1 - Update to 0.0.99.4 From 2f07af48f56e90ba2192160153fa84f5deb31a9c Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 3 Apr 2023 21:26:42 +0200 Subject: [PATCH 073/145] Don't 'Requires: bats' on RHEL ... because RHEL doesn't have bats. There's no need to do a build just for this. --- toolbox.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 4f4b6ef..a755bd8 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -144,11 +144,13 @@ Dockerfile if the image isn't based on the fedora-toolbox image. Summary: Tests for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: bats Requires: coreutils Requires: gawk Requires: grep Requires: skopeo +%if ! 0%{?rhel} +Requires: bats +%endif %description tests The %{name}-tests package contains system tests for %{name}. From a8b4975b5ccc52a4161a9ff21a2e9a2f6c0f7407 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 3 Apr 2023 21:32:11 +0200 Subject: [PATCH 074/145] Don't 'Requires: flatpak-session-helper' on RHEL ... because RHEL has always shipped toolbox >= 0.0.97 and hence doesn't require flatpak-session-helper. There's no need to do a build just for this. --- toolbox.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index a755bd8..4d879e2 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -54,8 +54,10 @@ BuildRequires: systemd BuildRequires: systemd-rpm-macros Requires: containers-common -Requires: flatpak-session-helper Requires: podman >= 1.4.0 +%if ! 0%{?rhel} +Requires: flatpak-session-helper +%endif %description From 2f6e2b7cfe72827727a4571415366ade7498502b Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 3 Apr 2023 22:23:50 +0200 Subject: [PATCH 075/145] Unify the build with RHEL There's no need to do a build just for this. --- toolbox.spec | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/toolbox.spec b/toolbox.spec index 4d879e2..6d00a71 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,6 +17,9 @@ Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://containertoolbx.org/ Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz +%if 0%{?rhel} +Source1: %{name}.conf +%endif # Upstream Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch @@ -25,6 +28,9 @@ Patch1: toolbox-Sprinkle-a-debug-log.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +%if 0%{?rhel} +Patch102: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch +%endif BuildRequires: gcc BuildRequires: go-md2man @@ -169,6 +175,10 @@ The %{name}-tests package contains system tests for %{name}. %patch101 -p1 %endif +%if 0%{?rhel} +%patch102 -p1 +%endif + %gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k} @@ -178,9 +188,13 @@ export GOPATH=%{gobuilddir}:%{gopath} export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" %meson \ +%if 0%{?rhel} + -Dmigration_path_for_coreos_toolbox=true \ +%endif -Dprofile_dir=%{_sysconfdir}/profile.d \ -Dtmpfiles_dir=%{_tmpfilesdir} \ -Dzsh_completions_dir=%{_datadir}/zsh/site-functions + %meson_build @@ -191,6 +205,10 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ %install %meson_install +%if 0%{?rhel} +install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf +%endif + %files %doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md From 7ddc86495959c3e65d3ef3ca3f357f9f4fe1a8ba Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 3 Apr 2023 23:15:51 +0200 Subject: [PATCH 076/145] Update the commit messages of the downstream patches Fedora now has a %{gobuildflags} RPM macro with only the flags used by 'go build ...'. There's no need to do a build just for this. --- ...ags-match-Fedora-s-gobuild-for-PPC64.patch | 19 +++++-------------- ...e-build-flags-match-Fedora-s-gobuild.patch | 19 +++++-------------- 2 files changed, 10 insertions(+), 28 deletions(-) diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch index f658031..afb5193 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -1,24 +1,15 @@ -From 17a0e519fd9b1e721b35a823bd244a28e3f87a4a Mon Sep 17 00:00:00 2001 +From 865f58881c17c233f288b8978faaeba8b4b2c2f0 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} for - PPC64 - -The Go toolchain doesn't play well with passing compiler and linker -flags via environment variables. The linker flags require a second -level of quoting, which leaves the build system without a quote level -to assign the flags to an environment variable like GOFLAGS. - -This is one reason why Fedora doesn't have a RPM macro with only the -flags. The %{gobuild} RPM macro includes the entire 'go build ...' -invocation. +Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} + for PPC64 The Go toolchain also doesn't like the LDFLAGS environment variable as exported by Fedora's %{meson} RPM macro. Note that these flags are only meant for the "ppc64" CPU architecture, and should be kept updated to match Fedora's Go guidelines. Use -'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. --- src/go-build-wrapper | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) @@ -59,5 +50,5 @@ index c572d6dfb02b..cae2de426a96 100755 exit "$?" -- -2.39.1 +2.39.2 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch index 7105cb5..d88c845 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -1,23 +1,14 @@ -From fd03e31c7d789413700db84af02894d5be70b5ee Mon Sep 17 00:00:00 2001 +From f4582e4748a15c462eac229f9bd9214415f166c9 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} +Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} -The Go toolchain doesn't play well with passing compiler and linker -flags via environment variables. The linker flags require a second -level of quoting, which leaves the build system without a quote level -to assign the flags to an environment variable like GOFLAGS. - -This is one reason why Fedora doesn't have a RPM macro with only the -flags. The %{gobuild} RPM macro includes the entire 'go build ...' -invocation. - -The Go toolchain also doesn't like the LDFLAGS environment variable as +The Go toolchain doesn't like the LDFLAGS environment variable as exported by Fedora's %{meson} RPM macro. Note that these flags are meant for every CPU architecture other than PPC64, and should be kept updated to match Fedora's Go guidelines. Use -'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. --- src/go-build-wrapper | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) @@ -59,5 +50,5 @@ index c572d6dfb02b..0e6a2efa6853 100755 exit "$?" -- -2.39.1 +2.39.2 From ef153bba41dcc83c6cdbb5250759e53054130594 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 4 Apr 2023 00:27:52 +0200 Subject: [PATCH 077/145] Shuffle the BuildRequires around There's no need to do a build just for this. --- toolbox.spec | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 6d00a71..a74bf3a 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -35,6 +35,12 @@ Patch102: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch BuildRequires: gcc BuildRequires: go-md2man BuildRequires: golang >= 1.19.4 +BuildRequires: meson >= 0.58.0 +BuildRequires: pkgconfig(bash-completion) +BuildRequires: pkgconfig(fish) +BuildRequires: shadow-utils-subid-devel +BuildRequires: systemd +BuildRequires: systemd-rpm-macros %if ! 0%{?rhel} BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1 BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0 @@ -52,12 +58,6 @@ BuildRequires: golang(golang.org/x/term) # BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 # BuildRequires: ShellCheck %endif -BuildRequires: meson >= 0.58.0 -BuildRequires: pkgconfig(bash-completion) -BuildRequires: pkgconfig(fish) -BuildRequires: shadow-utils-subid-devel -BuildRequires: systemd -BuildRequires: systemd-rpm-macros Requires: containers-common Requires: podman >= 1.4.0 From 037ea0e724ac1cc1ab13a9c59b08c19e67daf760 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 4 Apr 2023 00:34:08 +0200 Subject: [PATCH 078/145] Don't 'BuildRequires: pkgconfig(fish)' on RHEL ... because RHEL doesn't have fish. There's no need to do a build just for this. --- toolbox.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index a74bf3a..2c7b55e 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -37,7 +37,6 @@ BuildRequires: go-md2man BuildRequires: golang >= 1.19.4 BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) -BuildRequires: pkgconfig(fish) BuildRequires: shadow-utils-subid-devel BuildRequires: systemd BuildRequires: systemd-rpm-macros @@ -53,6 +52,7 @@ BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0 BuildRequires: golang(github.com/spf13/viper) >= 1.10.1 BuildRequires: golang(golang.org/x/sys/unix) BuildRequires: golang(golang.org/x/term) +BuildRequires: pkgconfig(fish) # for tests # BuildRequires: codespell # BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 @@ -189,6 +189,7 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ %meson \ %if 0%{?rhel} + -Dfish_completions_dir=%{_datadir}/fish/vendor_completions.d \ -Dmigration_path_for_coreos_toolbox=true \ %endif -Dprofile_dir=%{_sysconfdir}/profile.d \ From 006d4f5d814545d89d9107d538efe5e19469257e Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Thu, 22 Jun 2023 16:54:55 -0400 Subject: [PATCH 079/145] Add missing files for RHEL builds Source and Patch listings should not be conditionalized, as that causes SRPM contents to be inconsistent. https://src.fedoraproject.org/rpms/toolbox/pull-request/14 --- ...ation-paths-for-coreos-toolbox-users.patch | 101 ++++++++++++++++++ toolbox.conf | 17 +++ toolbox.spec | 10 +- 3 files changed, 122 insertions(+), 6 deletions(-) create mode 100644 toolbox-Add-migration-paths-for-coreos-toolbox-users.patch create mode 100644 toolbox.conf diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch new file mode 100644 index 0000000..88003a3 --- /dev/null +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -0,0 +1,101 @@ +From d461caa5b1a278124d039df93140d2d5bf4eabe7 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 18 Aug 2021 17:55:21 +0200 +Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST + environment variable + +https://bugzilla.redhat.com/show_bug.cgi?id=1940037 +--- + src/cmd/run.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmd/run.go b/src/cmd/run.go +index 7657ffa50821..23d422623b14 100644 +--- a/src/cmd/run.go ++++ b/src/cmd/run.go +@@ -501,6 +501,7 @@ func constructExecArgs(container, preserveFDs string, + execArgs = append(execArgs, envOptions...) + + execArgs = append(execArgs, []string{ ++ "--env", "HOST=/run/host", + "--interactive", + "--preserve-fds", preserveFDs, + }...) +-- +2.39.2 + + +From 3c2c67752e8f88f72058799cbce3612fc937b230 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Fri, 10 Dec 2021 13:42:15 +0100 +Subject: [PATCH 2/2] test/system: Update to test the migration path for + coreos/toolbox users + +This reverts the changes to the tests made in commit +411147988b730dabf8b9e761a5426e12d648f008 by restoring commit +ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit +3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed. +--- + test/system/002-help.bats | 11 ----------- + test/system/100-root.bats | 27 +++++++++++++++++++++++++++ + 2 files changed, 27 insertions(+), 11 deletions(-) + create mode 100644 test/system/100-root.bats + +diff --git a/test/system/002-help.bats b/test/system/002-help.bats +index 7e4565e9d23d..58a4c2c87ece 100644 +--- a/test/system/002-help.bats ++++ b/test/system/002-help.bats +@@ -23,17 +23,6 @@ setup() { + _setup_environment + } + +-@test "help: Try to run toolbox with no command" { +- run $TOOLBOX +- +- assert_failure +- assert_line --index 0 "Error: missing command" +- assert_line --index 1 "create Create a new toolbox container" +- assert_line --index 2 "enter Enter an existing toolbox container" +- assert_line --index 3 "list List all existing toolbox containers and images" +- assert_line --index 4 "Run 'toolbox --help' for usage." +-} +- + @test "help: Run command 'help'" { + if ! command -v man 2>/dev/null; then + skip "Test works only if man is in PATH" +diff --git a/test/system/100-root.bats b/test/system/100-root.bats +new file mode 100644 +index 000000000000..32d87904213e +--- /dev/null ++++ b/test/system/100-root.bats +@@ -0,0 +1,27 @@ ++#!/usr/bin/env bats ++ ++load 'libs/bats-support/load' ++load 'libs/bats-assert/load' ++load 'libs/helpers' ++ ++setup() { ++ _setup_environment ++ cleanup_containers ++} ++ ++teardown() { ++ cleanup_containers ++} ++ ++@test "root: Try to enter the default container with no containers created" { ++ run $TOOLBOX <<< "n" ++ ++ assert_success ++ assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command." ++ assert_line --index 1 "Run 'toolbox --help' for usage." ++} ++ ++# TODO: Write the test ++@test "root: Enter the default container when 1 non-default container is present" { ++ skip "Testing of entering toolboxes is not implemented" ++} +-- +2.39.2 + diff --git a/toolbox.conf b/toolbox.conf new file mode 100644 index 0000000..f612e2f --- /dev/null +++ b/toolbox.conf @@ -0,0 +1,17 @@ +[general] +# Create a toolbox container for a different operating system distro than the +# host. Cannot be used with 'image'. +## distro = "fedora" + +# Create a toolbox container for a different operating system release than the +# host. Cannot be used with 'image'. +## release = "33" + +# Change the name of the image used to create the toolbox container. This is +# useful for creating containers from custom-built images. Cannot be used with +# 'distro' or 'release'. +# +# If the name does not contain a registry, the local image storage will be +# consulted, and if it's not present there then it will be pulled from a +# suitable remote registry. +image = "registry.access.redhat.com/ubi9/toolbox:latest" diff --git a/toolbox.spec b/toolbox.spec index 2c7b55e..9d80527 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,9 +17,7 @@ Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://containertoolbx.org/ Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz -%if 0%{?rhel} Source1: %{name}.conf -%endif # Upstream Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch @@ -28,9 +26,9 @@ Patch1: toolbox-Sprinkle-a-debug-log.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch -%if 0%{?rhel} -Patch102: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch -%endif + +# RHEL specific +Patch200: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch BuildRequires: gcc BuildRequires: go-md2man @@ -176,7 +174,7 @@ The %{name}-tests package contains system tests for %{name}. %endif %if 0%{?rhel} -%patch102 -p1 +%patch200 -p1 %endif %gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k} From b18f520f26ff9393f9e8cfbea69b38147aa29192 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 26 Jun 2023 15:26:07 +0200 Subject: [PATCH 080/145] Pull in the rest of the RHEL specific patches to further unify the build There's no need to do a build just for this. --- ...flags-match-RHEL-s-gobuild-for-PPC64.patch | 55 +++++++++++++++++++ ...the-build-flags-match-RHEL-s-gobuild.patch | 55 +++++++++++++++++++ toolbox.spec | 12 +++- 3 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch create mode 100644 toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch diff --git a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch new file mode 100644 index 0000000..15b52a8 --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch @@ -0,0 +1,55 @@ +From 973600219168f3c4efeb627c103085555327eaa5 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} for + PPC64 + +The Go toolchain also doesn't like the LDFLAGS environment variable as +exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't +like the compressed DWARF data generated by the Go toolchain. + +Note that these flags are only meant for the "ppc64" CPU architecture, +and should be kept updated to match RHEL's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. +--- + src/go-build-wrapper | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index c572d6dfb02b..86f174716608 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -70,11 +70,16 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + ++unset LDFLAGS ++ + # shellcheck disable=SC2086 + go build \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.39.2 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch new file mode 100644 index 0000000..1fed4da --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch @@ -0,0 +1,55 @@ +From aeaa8cd30a8c5ad33ee1fe6b9e84ecbb28f7264c Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} + +The Go toolchain doesn't like the LDFLAGS environment variable as +exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't +like the compressed DWARF data generated by the Go toolchain. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. +--- + src/go-build-wrapper | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index c572d6dfb02b..d39764fda0c1 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -70,11 +70,17 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + ++unset LDFLAGS ++ + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.39.2 + diff --git a/toolbox.spec b/toolbox.spec index 9d80527..c34dbd6 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -28,7 +28,9 @@ Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch # RHEL specific -Patch200: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch +Patch200: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch +Patch201: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +Patch202: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch BuildRequires: gcc BuildRequires: go-md2man @@ -167,14 +169,22 @@ The %{name}-tests package contains system tests for %{name}. %patch0 -p1 %patch1 -p1 +%if 0%{?fedora} %ifnarch ppc64 %patch100 -p1 %else %patch101 -p1 %endif +%endif %if 0%{?rhel} +%ifnarch ppc64 %patch200 -p1 +%else +%patch201 -p1 +%endif + +%patch202 -p1 %endif %gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k} From 1591f9825632bec2764250e32bff3515bb300d70 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 26 Jun 2023 15:29:46 +0200 Subject: [PATCH 081/145] Remove trailing whitespace There's no need to do a build just for this. Fallout from a8db8e5d514ac63389e8874ab28450794ef2ca91 --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index c34dbd6..92edc3c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -21,7 +21,7 @@ Source1: %{name}.conf # Upstream Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch -Patch1: toolbox-Sprinkle-a-debug-log.patch +Patch1: toolbox-Sprinkle-a-debug-log.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch From 0ad2c75c0446a5c36aff56e8ed8268b8713859c2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jul 2023 16:34:45 +0000 Subject: [PATCH 082/145] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 92edc3c..98f59e4 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -11,7 +11,7 @@ Version: 0.0.99.4 %gometa -f %endif -Release: 2%{?dist} +Release: 3%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -246,6 +246,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Sat Jul 22 2023 Fedora Release Engineering - 0.0.99.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Wed Mar 8 2023 Nieves Montero - 0.0.99.4-2 - Sprinkle a debug log From c91cdf0ad7e9daffb6b45819c3507cb4f78002dd Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 2 Oct 2023 13:32:02 +0200 Subject: [PATCH 083/145] Unify the build with RHEL This pulls in an extra patch [1] that's necessary to fix the build on only CentOS Stream 9, not Fedora. While not needed, it also doesn't hurt Fedora and has the added benefit of keeping the build unified with RHEL. There's no need to do a build just for this. [1] Upstream commit f555029304415a06 https://github.com/containers/toolbox/commit/f555029304415a06 https://github.com/containers/toolbox/issues/1246 --- toolbox-Build-fixes.patch | 240 ++++++++++++++++++ ...se-podman-1-when-generating-the-comp.patch | 89 ------- toolbox-Sprinkle-a-debug-log.patch | 22 -- toolbox.spec | 6 +- 4 files changed, 243 insertions(+), 114 deletions(-) create mode 100644 toolbox-Build-fixes.patch delete mode 100644 toolbox-Don-t-use-podman-1-when-generating-the-comp.patch delete mode 100644 toolbox-Sprinkle-a-debug-log.patch diff --git a/toolbox-Build-fixes.patch b/toolbox-Build-fixes.patch new file mode 100644 index 0000000..32164ef --- /dev/null +++ b/toolbox-Build-fixes.patch @@ -0,0 +1,240 @@ +From 424cc42fba3cb182a360dcdda68caf20d9141ae6 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 28 Feb 2023 17:12:04 +0100 +Subject: [PATCH 1/4] cmd/root: Don't use podman(1) when generating the + completions + +Ever since commit bafbbe81c9220cb3, the shell completions are generated +while building Toolbx using the 'completion' command. This involves +running toolbox(1) itself, and hence invoking 'podman version' to decide +if 'podman system migrate' is needed or not. + +Unfortunately, some build environments, like Fedora's, are set up inside +a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may +not work because it does various things with namespaces(7) and clone(2) +that can, under certain circumstances, encounter an EPERM. + +Therefore, it's better to avoid using podman(1) when generating the +shell completions, especially, since they are generated by Cobra itself +and podman(1) is not involved at all. + +Note that podman(1) is needed when the generated shell completions are +actually used in interactive command line environments. The shell +completions invoke the hidden '__complete' command to get the results +that are presented to the user, and, if needed, 'podman system migrate' +will continue to be run as part of that. + +This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011 +because podman(1) is now only an optional runtime dependency for the +system tests. + +https://github.com/containers/podman/issues/17657 +--- + meson.build | 2 +- + src/cmd/root.go | 9 +++++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/meson.build b/meson.build +index 6f044bb204e3..653a3d3ac588 100644 +--- a/meson.build ++++ b/meson.build +@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h']) + + go = find_program('go') + go_md2man = find_program('go-md2man') +-podman = find_program('podman') + + bats = find_program('bats', required: false) + codespell = find_program('codespell', required: false) + htpasswd = find_program('htpasswd', required: false) + openssl = find_program('openssl', required: false) ++podman = find_program('podman', required: false) + shellcheck = find_program('shellcheck', required: false) + skopeo = find_program('skopeo', required: false) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 304b03dcd889..9975ccc7a4c8 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error { + + logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath) + +- if err := migrate(); err != nil { ++ if err := migrate(cmd, args); err != nil { + return err + } + +@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error { + return rootRunImpl(cmd, args) + } + +-func migrate() error { ++func migrate(cmd *cobra.Command, args []string) error { + logrus.Debug("Migrating to newer Podman") + + if utils.IsInsideContainer() { + return nil + } + ++ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { ++ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName) ++ return nil ++ } ++ + configDir, err := os.UserConfigDir() + if err != nil { + logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err) +-- +2.41.0 + + +From 0723706168a1bde708bc9acc203c5e9870bc94d5 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 1 Mar 2023 19:41:56 +0100 +Subject: [PATCH 2/4] cmd/root: Sprinkle a debug log + +https://github.com/containers/toolbox/pull/1251 +--- + src/cmd/root.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 9975ccc7a4c8..2e7428a20b24 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -215,6 +215,7 @@ func migrate(cmd *cobra.Command, args []string) error { + logrus.Debug("Migrating to newer Podman") + + if utils.IsInsideContainer() { ++ logrus.Debug("Migration not needed: running inside a container") + return nil + } + +-- +2.41.0 + + +From 0736db58456bb635854493e28a0c36bda49988ce Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 1 Mar 2023 19:46:11 +0100 +Subject: [PATCH 3/4] cmd/root: Shuffle some code around and sprinkle some + debug logs + +Having a separate convenience function reduces the indentation levels by +at least one, and sometimes two, and makes it easy to have more detailed +debug logs. + +This will make the subsequent commit easier to read. + +https://github.com/containers/toolbox/issues/1246 +--- + src/cmd/root.go | 32 ++++++++++++++++++++++++-------- + 1 file changed, 24 insertions(+), 8 deletions(-) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 2e7428a20b24..9aafe3e0d3be 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -1,5 +1,5 @@ + /* +- * Copyright © 2019 – 2022 Red Hat Inc. ++ * Copyright © 2019 – 2023 Red Hat Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +@@ -139,13 +139,8 @@ func preRun(cmd *cobra.Command, args []string) error { + if !utils.IsInsideContainer() { + logrus.Debugf("Running on a cgroups v%d host", cgroupsVersion) + +- if currentUser.Uid != "0" { +- logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", currentUser.Username) +- +- if _, err := utils.ValidateSubIDRanges(currentUser); err != nil { +- logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err) +- return newSubIDError() +- } ++ if _, err := validateSubIDRanges(cmd, args, currentUser); err != nil { ++ return err + } + } + +@@ -392,3 +387,24 @@ func setUpLoggers() error { + + return nil + } ++ ++func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bool, error) { ++ logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", user.Username) ++ ++ if user.Uid == "0" { ++ logrus.Debugf("Look-up not needed: user %s doesn't need them", user.Username) ++ return true, nil ++ } ++ ++ if utils.IsInsideContainer() { ++ logrus.Debug("Look-up not needed: running inside a container") ++ return true, nil ++ } ++ ++ if _, err := utils.ValidateSubIDRanges(user); err != nil { ++ logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err) ++ return false, newSubIDError() ++ } ++ ++ return true, nil ++} +-- +2.41.0 + + +From 02537eac420f49e96110663794ef5f2511eb6860 Mon Sep 17 00:00:00 2001 +From: Jan Zerebecki +Date: Wed, 1 Mar 2023 19:52:28 +0100 +Subject: [PATCH 4/4] cmd/root: Don't validate subordinate IDs when generating + the completions + +Ever since commit bafbbe81c9220cb3, the shell completions are generated +while building Toolbx using the 'completion' command. This involves +running toolbox(1) itself, and hence validating the subordinate user and +group ID ranges. + +Unfortunately, some build environments, like openSUSE's, don't have +subordinate ID ranges set up. Therefore, it's better to not validate +the subordinate ID ranges when generating the shell completions, since +they are generated by Cobra itself and subordinate ID ranges are not +involved at all. + +Note that subordinate ID ranges may be needed when the generated shell +completions are actually used in interactive command line environments. +The shell completions invoke the hidden '__complete' command to get the +results that are presented to the user, and, if needed, the subordinate +ID ranges will continue to be used by podman(1) as part of that. + +Some changes by Debarshi Ray. + +https://github.com/containers/toolbox/issues/1246 +https://github.com/containers/toolbox/pull/1249 +--- + src/cmd/root.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 9aafe3e0d3be..aee9fe026ac3 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -401,6 +401,11 @@ func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bo + return true, nil + } + ++ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { ++ logrus.Debugf("Look-up not needed: command %s doesn't need them", cmdName) ++ return true, nil ++ } ++ + if _, err := utils.ValidateSubIDRanges(user); err != nil { + logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err) + return false, newSubIDError() +-- +2.41.0 + diff --git a/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch b/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch deleted file mode 100644 index 85c7289..0000000 --- a/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch +++ /dev/null @@ -1,89 +0,0 @@ -From fc5f568c5d82f4a16982268fa67092e52be91fbe Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Tue, 28 Feb 2023 17:12:04 +0100 -Subject: [PATCH] cmd/root: Don't use podman(1) when generating the completions - -Ever since commit bafbbe81c9220cb3, the shell completions are generated -while building Toolbx using the 'completion' command. This involves -running toolbox(1) itself, and hence invoking 'podman version' to decide -if 'podman system migrate' is needed or not. - -Unfortunately, some build environments, like Fedora's, are set up inside -a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may -not work because it does various things with namespaces(7) and clone(2) -that can, under certain circumstances, encounter an EPERM. - -Therefore, it's better to avoid using podman(1) when generating the -shell completions, especially, since they are generated by Cobra itself -and podman(1) is not involved at all. - -Note that podman(1) is needed when the generated shell completions are -actually used in interactive command line environments. The shell -completions invoke the hidden '__complete' command to get the results -that are presented to the user, and, if needed, 'podman system migrate' -will continue to be run as part of that. - -This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011 -because podman(1) is now only an optional runtime dependency for the -system tests. - -https://github.com/containers/podman/issues/17657 ---- - meson.build | 2 +- - src/cmd/root.go | 9 +++++++-- - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/meson.build b/meson.build -index 6f044bb204e3..653a3d3ac588 100644 ---- a/meson.build -+++ b/meson.build -@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h']) - - go = find_program('go') - go_md2man = find_program('go-md2man') --podman = find_program('podman') - - bats = find_program('bats', required: false) - codespell = find_program('codespell', required: false) - htpasswd = find_program('htpasswd', required: false) - openssl = find_program('openssl', required: false) -+podman = find_program('podman', required: false) - shellcheck = find_program('shellcheck', required: false) - skopeo = find_program('skopeo', required: false) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 304b03dcd889..9975ccc7a4c8 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error { - - logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath) - -- if err := migrate(); err != nil { -+ if err := migrate(cmd, args); err != nil { - return err - } - -@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error { - return rootRunImpl(cmd, args) - } - --func migrate() error { -+func migrate(cmd *cobra.Command, args []string) error { - logrus.Debug("Migrating to newer Podman") - - if utils.IsInsideContainer() { - return nil - } - -+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { -+ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName) -+ return nil -+ } -+ - configDir, err := os.UserConfigDir() - if err != nil { - logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err) --- -2.39.1 - diff --git a/toolbox-Sprinkle-a-debug-log.patch b/toolbox-Sprinkle-a-debug-log.patch deleted file mode 100644 index ba6a3dd..0000000 --- a/toolbox-Sprinkle-a-debug-log.patch +++ /dev/null @@ -1,22 +0,0 @@ -From cafbca996ec4a19f9f80bae109436e2dfc7149a4 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Wed, 1 Mar 2023 19:41:56 +0100 -Subject: [PATCH] cmd/root: Sprinkle a debug log - -https://github.com/containers/toolbox/pull/1251 ---- - src/cmd/root.go | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 9975ccc7a..2e7428a20 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -215,6 +215,7 @@ func migrate(cmd *cobra.Command, args []string) error { - logrus.Debug("Migrating to newer Podman") - - if utils.IsInsideContainer() { -+ logrus.Debug("Migration not needed: running inside a container") - return nil - } - diff --git a/toolbox.spec b/toolbox.spec index 98f59e4..9acad83 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,11 +17,12 @@ Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://containertoolbx.org/ Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz + +# RHEL specific Source1: %{name}.conf # Upstream -Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch -Patch1: toolbox-Sprinkle-a-debug-log.patch +Patch0: toolbox-Build-fixes.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -167,7 +168,6 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q %patch0 -p1 -%patch1 -p1 %if 0%{?fedora} %ifnarch ppc64 From a8e2dd88237296fe607f10be54469094fedfb732 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 2 Oct 2023 13:46:15 +0200 Subject: [PATCH 084/145] Add two upstream patches that are already in CentOS Stream 9 --- ...implify-removing-the-user-s-password.patch | 1056 +++++++++++++++++ ...r-Be-aware-of-security-hardened-moun.patch | 76 ++ toolbox.spec | 10 +- 3 files changed, 1141 insertions(+), 1 deletion(-) create mode 100644 toolbox-Simplify-removing-the-user-s-password.patch create mode 100644 toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch diff --git a/toolbox-Simplify-removing-the-user-s-password.patch b/toolbox-Simplify-removing-the-user-s-password.patch new file mode 100644 index 0000000..d10d870 --- /dev/null +++ b/toolbox-Simplify-removing-the-user-s-password.patch @@ -0,0 +1,1056 @@ +From 07d5c061eacec0a3b145947a9b95a11b705ea5d3 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Sat, 12 Aug 2023 14:26:22 +0200 +Subject: [PATCH 1/5] test/system: Test that group and user IDs work + +These tests assume that the group and user information on the host +operating system can be provided by different plugins for the GNU Name +Service Switch (or NSS) functionality of the GNU C Library. eg., on +enterprise FreeIPA set-ups. However, it's expected that everything +inside the Toolbx container will be provided by /etc/group, /etc/passwd, +/etc/shadow, etc.. + +While /etc/group and /etc/passwd can be read by any user, /etc/shadow +can only be read by root. However, it's awkward to use sudo(8) in the +test cases involving /etc/shadow, because they ensure that root and +$USER don't need passwords to authenticate inside the container, and +sudo(8) itself depends on that. If sudo(8) is used, the test suite can +behave unexpectedly if Toolbx didn't set up the container correctly. +eg., it can get blocked waiting for a password. + +Hence, 'podman unshare' is used instead to enter the container's initial +user namespace, where $USER from the host appears as root. This is +sufficient because the test cases only need to read /etc/shadow inside +the Toolbx container. + +https://github.com/containers/toolbox/pull/1355 +--- + test/system/206-user.bats | 520 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 520 insertions(+) + create mode 100644 test/system/206-user.bats + +diff --git a/test/system/206-user.bats b/test/system/206-user.bats +new file mode 100644 +index 000000000000..fdb2a33da88c +--- /dev/null ++++ b/test/system/206-user.bats +@@ -0,0 +1,520 @@ ++# shellcheck shell=bats ++# ++# Copyright © 2023 Red Hat, Inc. ++# ++# Licensed under the Apache License, Version 2.0 (the "License"); ++# you may not use this file except in compliance with the License. ++# You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, software ++# distributed under the License is distributed on an "AS IS" BASIS, ++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++# See the License for the specific language governing permissions and ++# limitations under the License. ++# ++ ++load 'libs/bats-support/load' ++load 'libs/bats-assert/load' ++load 'libs/helpers' ++ ++setup() { ++ bats_require_minimum_version 1.7.0 ++ _setup_environment ++ cleanup_containers ++} ++ ++teardown() { ++ cleanup_containers ++} ++ ++@test "user: separate namespace" { ++ local ns_host ++ ns_host=$(readlink /proc/$$/ns/user) ++ ++ create_default_container ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run sh -c 'readlink /proc/$$/ns/user' ++ ++ assert_success ++ assert_line --index 0 --regexp '^user:\[[[:digit:]]+\]$' ++ refute_line --index 0 "$ns_host" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: root in shadow(5) inside the default container" { ++ local default_container ++ default_container="$(get_system_id)-toolbox-$(get_system_version)" ++ ++ create_default_container ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount "$default_container")" ++ ++ "$TOOLBOX" run true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount "$default_container" ++ ++ assert_success ++ assert_line --regexp '^root::.+$' ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: root in shadow(5) inside Arch Linux" { ++ create_distro_container arch latest arch-toolbox-latest ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount arch-toolbox-latest)" ++ ++ "$TOOLBOX" run --distro arch true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount arch-toolbox-latest ++ ++ assert_success ++ assert_line --regexp '^root::.+$' ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: root in shadow(5) inside Fedora 34" { ++ create_distro_container fedora 34 fedora-toolbox-34 ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount fedora-toolbox-34)" ++ ++ "$TOOLBOX" run --distro fedora --release 34 true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount fedora-toolbox-34 ++ ++ assert_success ++ assert_line --regexp '^root::.+$' ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: root in shadow(5) inside RHEL 8.7" { ++ create_distro_container rhel 8.7 rhel-toolbox-8.7 ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount rhel-toolbox-8.7)" ++ ++ "$TOOLBOX" run --distro rhel --release 8.7 true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount rhel-toolbox-8.7 ++ ++ assert_success ++ assert_line --regexp '^root::.+$' ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: root in shadow(5) inside Ubuntu 16.04" { ++ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-16.04)" ++ ++ "$TOOLBOX" run --distro ubuntu --release 16.04 true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-16.04 ++ ++ assert_success ++ assert_line --regexp '^root::.+$' ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: root in shadow(5) inside Ubuntu 18.04" { ++ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-18.04)" ++ ++ "$TOOLBOX" run --distro ubuntu --release 18.04 true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-18.04 ++ ++ assert_success ++ assert_line --regexp '^root::.+$' ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: root in shadow(5) inside Ubuntu 20.04" { ++ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-20.04)" ++ ++ "$TOOLBOX" run --distro ubuntu --release 20.04 true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-20.04 ++ ++ assert_success ++ assert_line --regexp '^root::.+$' ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in passwd(5) inside the default container" { ++ local user_gecos ++ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" ++ ++ local user_id_real ++ user_id_real="$(id --real --user)" ++ ++ create_default_container ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run sh -c 'cat /etc/passwd' ++ ++ assert_success ++ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in passwd(5) inside Arch Linux" { ++ local user_gecos ++ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" ++ ++ local user_id_real ++ user_id_real="$(id --real --user)" ++ ++ create_distro_container arch latest arch-toolbox-latest ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch sh -c 'cat /etc/passwd' ++ ++ assert_success ++ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in passwd(5) inside Fedora 34" { ++ local user_gecos ++ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" ++ ++ local user_id_real ++ user_id_real="$(id --real --user)" ++ ++ create_distro_container fedora 34 fedora-toolbox-34 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 sh -c 'cat /etc/passwd' ++ ++ assert_success ++ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in passwd(5) inside RHEL 8.7" { ++ local user_gecos ++ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" ++ ++ local user_id_real ++ user_id_real="$(id --real --user)" ++ ++ create_distro_container rhel 8.7 rhel-toolbox-8.7 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 sh -c 'cat /etc/passwd' ++ ++ assert_success ++ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in passwd(5) inside Ubuntu 16.04" { ++ local user_gecos ++ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" ++ ++ local user_id_real ++ user_id_real="$(id --real --user)" ++ ++ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 sh -c 'cat /etc/passwd' ++ ++ assert_success ++ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in passwd(5) inside Ubuntu 18.04" { ++ local user_gecos ++ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" ++ ++ local user_id_real ++ user_id_real="$(id --real --user)" ++ ++ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 sh -c 'cat /etc/passwd' ++ ++ assert_success ++ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in passwd(5) inside Ubuntu 20.04" { ++ local user_gecos ++ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" ++ ++ local user_id_real ++ user_id_real="$(id --real --user)" ++ ++ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 sh -c 'cat /etc/passwd' ++ ++ assert_success ++ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in shadow(5) inside the default container" { ++ local default_container ++ default_container="$(get_system_id)-toolbox-$(get_system_version)" ++ ++ create_default_container ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount "$default_container")" ++ ++ "$TOOLBOX" run true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount "$default_container" ++ ++ assert_success ++ refute_line --regexp "^$USER:.*$" ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in shadow(5) inside Arch Linux" { ++ create_distro_container arch latest arch-toolbox-latest ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount arch-toolbox-latest)" ++ ++ "$TOOLBOX" run --distro arch true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount arch-toolbox-latest ++ ++ assert_success ++ refute_line --regexp "^$USER:.*$" ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in shadow(5) inside Fedora 34" { ++ create_distro_container fedora 34 fedora-toolbox-34 ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount fedora-toolbox-34)" ++ ++ "$TOOLBOX" run --distro fedora --release 34 true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount fedora-toolbox-34 ++ ++ assert_success ++ refute_line --regexp "^$USER:.*$" ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in shadow(5) inside RHEL 8.7" { ++ create_distro_container rhel 8.7 rhel-toolbox-8.7 ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount rhel-toolbox-8.7)" ++ ++ "$TOOLBOX" run --distro rhel --release 8.7 true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount rhel-toolbox-8.7 ++ ++ assert_success ++ refute_line --regexp "^$USER:.*$" ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in shadow(5) inside Ubuntu 16.04" { ++ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-16.04)" ++ ++ "$TOOLBOX" run --distro ubuntu --release 16.04 true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-16.04 ++ ++ assert_success ++ refute_line --regexp "^$USER:.*$" ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in shadow(5) inside Ubuntu 18.04" { ++ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-18.04)" ++ ++ "$TOOLBOX" run --distro ubuntu --release 18.04 true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-18.04 ++ ++ assert_success ++ refute_line --regexp "^$USER:.*$" ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in shadow(5) inside Ubuntu 20.04" { ++ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 ++ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-20.04)" ++ ++ "$TOOLBOX" run --distro ubuntu --release 20.04 true ++ ++ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" ++ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-20.04 ++ ++ assert_success ++ refute_line --regexp "^$USER:.*$" ++ assert [ ${#lines[@]} -gt 0 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in group(5) inside the default container" { ++ create_default_container ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run sh -c 'cat /etc/group' ++ ++ assert_success ++ assert_line --regexp "^(sudo|wheel):x:[[:digit:]]+:$USER$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in group(5) inside Arch Linux" { ++ create_distro_container arch latest arch-toolbox-latest ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch sh -c 'cat /etc/group' ++ ++ assert_success ++ assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in group(5) inside Fedora 34" { ++ create_distro_container fedora 34 fedora-toolbox-34 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 sh -c 'cat /etc/group' ++ ++ assert_success ++ assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in group(5) inside RHEL 8.7" { ++ create_distro_container rhel 8.7 rhel-toolbox-8.7 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 sh -c 'cat /etc/group' ++ ++ assert_success ++ assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in group(5) inside Ubuntu 16.04" { ++ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 sh -c 'cat /etc/group' ++ ++ assert_success ++ assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in group(5) inside Ubuntu 18.04" { ++ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 sh -c 'cat /etc/group' ++ ++ assert_success ++ assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: $USER in group(5) inside Ubuntu 20.04" { ++ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 sh -c 'cat /etc/group' ++ ++ assert_success ++ assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" ++ assert [ ${#lines[@]} -gt 1 ] ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} +-- +2.41.0 + + +From 22ba72f3152650d538437bf298ebde4a63e2adc9 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 4 Nov 2020 00:55:31 +0100 +Subject: [PATCH 2/5] Deprecate the --monitor-host option of 'init-container' + +The --monitor-host option was added to the 'init-container' command in +commit 8b84b5e4604921fa to accommodate Podman versions older than 1.2.0 +that didn't have the '--dns none' and '--no-hosts' options for +'podman create'. These options are necessary to keep the Toolbx +container's /etc/resolv.conf and /etc/hosts files synchronized with +those of the host. + +Note that Podman 1.2.0 was already available a few months before +commit 8b84b5e4604921fa introduced the --monitor-host option. The +chances of someone using an older Podman back then was already on the +decline, and it's very unlikely that a container created with such a +Podman has survived till this date. + +Commit b6b484fa792b442a raised the minimum required Podman version to +1.4.0, and made the '--dns none' and '--no-hosts' options a hard +requirement. The minimum required Podman version was again raised +recently in commit 8e80dd5db1e6f40b to 1.6.4. Therefore, these days, +there's no need to separately use the --monitor-host option of +'init-container' for newly created containers to indicate that the +Podman version wasn't older than 1.2.0. + +Given all this, it's time to stop using the --monitor-host option of +'init-container', and assume that it's always set. The option is still +accepted to retain compatibility with existing Toolbx containers. + +For containers that were created with the --monitor-host option, a +deprecation notice will be shown as: + $ podman start --attach CONTAINER + Flag --monitor-host has been deprecated, it does nothing + ... + +https://github.com/containers/toolbox/pull/617 +--- + doc/toolbox-init-container.1.md | 32 +++--------- + src/cmd/create.go | 1 - + src/cmd/initContainer.go | 86 ++++++++++++++++----------------- + 3 files changed, 49 insertions(+), 70 deletions(-) + +diff --git a/doc/toolbox-init-container.1.md b/doc/toolbox-init-container.1.md +index 45c9a77939f2..51a7b1ee643d 100644 +--- a/doc/toolbox-init-container.1.md ++++ b/doc/toolbox-init-container.1.md +@@ -9,7 +9,6 @@ toolbox\-init\-container - Initialize a running container + *--home-link* + *--media-link* + *--mnt-link* +- *--monitor-host* + *--shell SHELL* + *--uid UID* + *--user USER* +@@ -76,31 +75,12 @@ Make `/mnt` a symbolic link to `/var/mnt`. + + **--monitor-host** + +-Ensures that certain configuration files inside the toolbox container are kept +-synchronized with their counterparts on the host, and bind mounts some paths +-from the host's file system into the container. +- +-The synchronized files are: +- +-- `/etc/host.conf` +-- `/etc/hosts` +-- `/etc/localtime` +-- `/etc/resolv.conf` +-- `/etc/timezone` +- +-The bind mounted paths are: +- +-- `/etc/machine-id` +-- `/run/libvirt` +-- `/run/systemd/journal` +-- `/run/systemd/resolve` +-- `/run/udev/data` +-- `/tmp` +-- `/var/lib/flatpak` +-- `/var/lib/libvirt` +-- `/var/lib/systemd/coredump` +-- `/var/log/journal` +-- `/var/mnt` ++Deprecated, does nothing. ++ ++Crucial configuration files inside the toolbox container are always kept ++synchronized with their counterparts on the host, and various subsets of the ++host's file system hierarchy are always bind mounted to their corresponding ++locations inside the toolbox container. + + **--shell** SHELL + +diff --git a/src/cmd/create.go b/src/cmd/create.go +index 2a103f01ed2d..6cec99258847 100644 +--- a/src/cmd/create.go ++++ b/src/cmd/create.go +@@ -393,7 +393,6 @@ func createContainer(container, image, release, authFile string, showCommandToEn + "--shell", userShell, + "--uid", currentUser.Uid, + "--user", currentUser.Username, +- "--monitor-host", + } + + entryPoint = append(entryPoint, slashHomeLink...) +diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go +index c4cd1b02d298..cb132bffc817 100644 +--- a/src/cmd/initContainer.go ++++ b/src/cmd/initContainer.go +@@ -107,8 +107,12 @@ func init() { + + flags.BoolVar(&initContainerFlags.monitorHost, + "monitor-host", +- false, +- "Ensure that certain configuration files inside the toolbox container are in sync with the host") ++ true, ++ "Deprecated, does nothing") ++ if err := flags.MarkDeprecated("monitor-host", "it does nothing"); err != nil { ++ panicMsg := fmt.Sprintf("cannot mark --monitor-host as deprecated: %s", err) ++ panic(panicMsg) ++ } + + flags.StringVar(&initContainerFlags.shell, + "shell", +@@ -163,59 +167,55 @@ func initContainer(cmd *cobra.Command, args []string) error { + + defer toolboxEnvFile.Close() + +- if initContainerFlags.monitorHost { +- logrus.Debug("Monitoring host") +- +- if utils.PathExists("/run/host/etc") { +- logrus.Debug("Path /run/host/etc exists") +- +- if _, err := os.Readlink("/etc/host.conf"); err != nil { +- if err := redirectPath("/etc/host.conf", +- "/run/host/etc/host.conf", +- false); err != nil { +- return err +- } +- } ++ if utils.PathExists("/run/host/etc") { ++ logrus.Debug("Path /run/host/etc exists") + +- if _, err := os.Readlink("/etc/hosts"); err != nil { +- if err := redirectPath("/etc/hosts", +- "/run/host/etc/hosts", +- false); err != nil { +- return err +- } ++ if _, err := os.Readlink("/etc/host.conf"); err != nil { ++ if err := redirectPath("/etc/host.conf", ++ "/run/host/etc/host.conf", ++ false); err != nil { ++ return err + } ++ } + +- if localtimeTarget, err := os.Readlink("/etc/localtime"); err != nil || +- localtimeTarget != "/run/host/etc/localtime" { +- if err := redirectPath("/etc/localtime", +- "/run/host/etc/localtime", +- false); err != nil { +- return err +- } ++ if _, err := os.Readlink("/etc/hosts"); err != nil { ++ if err := redirectPath("/etc/hosts", ++ "/run/host/etc/hosts", ++ false); err != nil { ++ return err + } ++ } + +- if err := updateTimeZoneFromLocalTime(); err != nil { ++ if localtimeTarget, err := os.Readlink("/etc/localtime"); err != nil || ++ localtimeTarget != "/run/host/etc/localtime" { ++ if err := redirectPath("/etc/localtime", ++ "/run/host/etc/localtime", ++ false); err != nil { + return err + } ++ } ++ ++ if err := updateTimeZoneFromLocalTime(); err != nil { ++ return err ++ } + +- if _, err := os.Readlink("/etc/resolv.conf"); err != nil { +- if err := redirectPath("/etc/resolv.conf", +- "/run/host/etc/resolv.conf", +- false); err != nil { +- return err +- } ++ if _, err := os.Readlink("/etc/resolv.conf"); err != nil { ++ if err := redirectPath("/etc/resolv.conf", ++ "/run/host/etc/resolv.conf", ++ false); err != nil { ++ return err + } ++ } + +- for _, mount := range initContainerMounts { +- if err := mountBind(mount.containerPath, mount.source, mount.flags); err != nil { +- return err +- } ++ for _, mount := range initContainerMounts { ++ if err := mountBind(mount.containerPath, mount.source, mount.flags); err != nil { ++ return err + } ++ } + +- if utils.PathExists("/sys/fs/selinux") { +- if err := mountBind("/sys/fs/selinux", "/usr/share/empty", ""); err != nil { +- return err +- } ++ if utils.PathExists("/sys/fs/selinux") { ++ if err := mountBind("/sys/fs/selinux", "/usr/share/empty", ""); err != nil { ++ return err + } + } + } +-- +2.41.0 + + +From 66a791ff10234023b858b7a28dd98985b054eca1 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 7 Mar 2023 16:13:04 +0100 +Subject: [PATCH 3/5] cmd/initContainer: Bind mount locations regardless of + /run/host/etc + +Bind mounting the locations at runtime doesn't really have anything to +do with whether /run/host/etc is present inside the Toolbx container. + +The only possible exception could have been /etc/machine-id, but it +isn't, because the bind mount is only performed if the source at +/run/host/etc/machine-id is present. + +This is a historical mistake that has persisted for a long time, since, +in practice, /run/host/etc will almost always exist inside the Toolbx +container. It's time to finally correct it. + +Fallout from 9436bbece01d7aa4dc91b4013ed9f80d0b8d34f4 + +https://github.com/containers/toolbox/pull/1255 +--- + src/cmd/initContainer.go | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go +index cb132bffc817..153e5ccb824e 100644 +--- a/src/cmd/initContainer.go ++++ b/src/cmd/initContainer.go +@@ -206,18 +206,6 @@ func initContainer(cmd *cobra.Command, args []string) error { + return err + } + } +- +- for _, mount := range initContainerMounts { +- if err := mountBind(mount.containerPath, mount.source, mount.flags); err != nil { +- return err +- } +- } +- +- if utils.PathExists("/sys/fs/selinux") { +- if err := mountBind("/sys/fs/selinux", "/usr/share/empty", ""); err != nil { +- return err +- } +- } + } + + if initContainerFlags.mediaLink { +@@ -236,6 +224,18 @@ func initContainer(cmd *cobra.Command, args []string) error { + } + } + ++ for _, mount := range initContainerMounts { ++ if err := mountBind(mount.containerPath, mount.source, mount.flags); err != nil { ++ return err ++ } ++ } ++ ++ if utils.PathExists("/sys/fs/selinux") { ++ if err := mountBind("/sys/fs/selinux", "/usr/share/empty", ""); err != nil { ++ return err ++ } ++ } ++ + if _, err := user.Lookup(initContainerFlags.user); err != nil { + if err := configureUsers(initContainerFlags.uid, + initContainerFlags.user, +-- +2.41.0 + + +From d416f1b4abd0782526c011b078442856c733e718 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 15 Aug 2023 20:57:46 +0200 +Subject: [PATCH 4/5] cmd/initContainer: Simplify code by removing a function + parameter + +Until now, configureUsers() was pushing the burden of deciding whether +to add a new user or modify an existing one on the callers, even though +it can trivially decide itself. Involving the caller loosens the +encapsulation of the user configuration logic by spreading it across +configureUsers() and it's caller, and adds an extra function parameter +that needs to be carefully set and is vulnerable to programmer errors. + +Fallout from 9ea6fe5852ea8f5225114d825e8e6813e2a3cfea + +https://github.com/containers/toolbox/pull/1356 +--- + src/cmd/initContainer.go | 62 ++++++++++++++++------------------------ + 1 file changed, 24 insertions(+), 38 deletions(-) + +diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go +index 153e5ccb824e..02c389635378 100644 +--- a/src/cmd/initContainer.go ++++ b/src/cmd/initContainer.go +@@ -236,24 +236,12 @@ func initContainer(cmd *cobra.Command, args []string) error { + } + } + +- if _, err := user.Lookup(initContainerFlags.user); err != nil { +- if err := configureUsers(initContainerFlags.uid, +- initContainerFlags.user, +- initContainerFlags.home, +- initContainerFlags.shell, +- initContainerFlags.homeLink, +- false); err != nil { +- return err +- } +- } else { +- if err := configureUsers(initContainerFlags.uid, +- initContainerFlags.user, +- initContainerFlags.home, +- initContainerFlags.shell, +- initContainerFlags.homeLink, +- true); err != nil { +- return err +- } ++ if err := configureUsers(initContainerFlags.uid, ++ initContainerFlags.user, ++ initContainerFlags.home, ++ initContainerFlags.shell, ++ initContainerFlags.homeLink); err != nil { ++ return err + } + + if utils.PathExists("/etc/krb5.conf.d") && !utils.PathExists("/etc/krb5.conf.d/kcm_default_ccache") { +@@ -386,9 +374,7 @@ func initContainerHelp(cmd *cobra.Command, args []string) { + } + } + +-func configureUsers(targetUserUid int, +- targetUser, targetUserHome, targetUserShell string, +- homeLink, targetUserExists bool) error { ++func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShell string, homeLink bool) error { + if homeLink { + if err := redirectPath("/home", "/var/home", true); err != nil { + return err +@@ -400,45 +386,45 @@ func configureUsers(targetUserUid int, + return fmt.Errorf("failed to get group for sudo: %w", err) + } + +- if targetUserExists { +- logrus.Debugf("Modifying user %s with UID %d:", targetUser, targetUserUid) ++ if _, err := user.Lookup(targetUser); err != nil { ++ logrus.Debugf("Adding user %s with UID %d:", targetUser, targetUserUid) + +- usermodArgs := []string{ +- "--append", ++ useraddArgs := []string{ + "--groups", sudoGroup, +- "--home", targetUserHome, ++ "--home-dir", targetUserHome, ++ "--no-create-home", + "--shell", targetUserShell, + "--uid", fmt.Sprint(targetUserUid), + targetUser, + } + +- logrus.Debug("usermod") +- for _, arg := range usermodArgs { ++ logrus.Debug("useradd") ++ for _, arg := range useraddArgs { + logrus.Debugf("%s", arg) + } + +- if err := shell.Run("usermod", nil, nil, nil, usermodArgs...); err != nil { +- return fmt.Errorf("failed to modify user %s with UID %d: %w", targetUser, targetUserUid, err) ++ if err := shell.Run("useradd", nil, nil, nil, useraddArgs...); err != nil { ++ return fmt.Errorf("failed to add user %s with UID %d: %w", targetUser, targetUserUid, err) + } + } else { +- logrus.Debugf("Adding user %s with UID %d:", targetUser, targetUserUid) ++ logrus.Debugf("Modifying user %s with UID %d:", targetUser, targetUserUid) + +- useraddArgs := []string{ ++ usermodArgs := []string{ ++ "--append", + "--groups", sudoGroup, +- "--home-dir", targetUserHome, +- "--no-create-home", ++ "--home", targetUserHome, + "--shell", targetUserShell, + "--uid", fmt.Sprint(targetUserUid), + targetUser, + } + +- logrus.Debug("useradd") +- for _, arg := range useraddArgs { ++ logrus.Debug("usermod") ++ for _, arg := range usermodArgs { + logrus.Debugf("%s", arg) + } + +- if err := shell.Run("useradd", nil, nil, nil, useraddArgs...); err != nil { +- return fmt.Errorf("failed to add user %s with UID %d: %w", targetUser, targetUserUid, err) ++ if err := shell.Run("usermod", nil, nil, nil, usermodArgs...); err != nil { ++ return fmt.Errorf("failed to modify user %s with UID %d: %w", targetUser, targetUserUid, err) + } + } + +-- +2.41.0 + + +From e673dc792438c64683237d26b21d005ffb008fd5 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 22 Aug 2023 23:29:43 +0200 +Subject: [PATCH 5/5] cmd/initContainer: Simplify removing the user's password + +It's one less invocation of an external command, which is good because +spawning a new process is generally expensive. + +One positive side-effect of this is that on some Active Directory +set-ups, the entry point no longer fails with: + Error: failed to remove password for user login@company.com: failed + to invoke passwd(1) + +... because of: + # passwd --delete login@company.com + passwd: Libuser error at line: 210 - name contains invalid char `@'. + +This is purely an accident, and isn't meant to be an intential change to +support Active Directory. Tools like useradd(8) and usermod(8) from +Shadow aren't meant to work with Active Directory users, and, hence, it +can still break in other ways. For that, one option is to expose $USER +from the host operating system to the Toolbx container through a Varlink +interface that can be used by nss-systemd inside the container. + +Based on an idea from Si. + +https://github.com/containers/toolbox/issues/585 +--- + src/cmd/initContainer.go | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go +index 02c389635378..91b53cee7d0d 100644 +--- a/src/cmd/initContainer.go ++++ b/src/cmd/initContainer.go +@@ -393,6 +393,7 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe + "--groups", sudoGroup, + "--home-dir", targetUserHome, + "--no-create-home", ++ "--password", "", + "--shell", targetUserShell, + "--uid", fmt.Sprint(targetUserUid), + targetUser, +@@ -413,6 +414,7 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe + "--append", + "--groups", sudoGroup, + "--home", targetUserHome, ++ "--password", "", + "--shell", targetUserShell, + "--uid", fmt.Sprint(targetUserUid), + targetUser, +@@ -428,12 +430,6 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe + } + } + +- logrus.Debugf("Removing password for user %s", targetUser) +- +- if err := shell.Run("passwd", nil, nil, nil, "--delete", targetUser); err != nil { +- return fmt.Errorf("failed to remove password for user %s: %w", targetUser, err) +- } +- + logrus.Debug("Removing password for user root") + + if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil { +-- +2.41.0 + diff --git a/toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch b/toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch new file mode 100644 index 0000000..adf39a3 --- /dev/null +++ b/toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch @@ -0,0 +1,76 @@ +From 1fde98456652ddbcb750ade2121c5ceec93fbfae Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 13 Jul 2023 13:08:40 +0200 +Subject: [PATCH] cmd/initContainer: Be aware of security hardened mount points + +Sometimes locations such as /var/lib/flatpak, /var/lib/systemd/coredump +and /var/log/journal sit on security hardened mount points that are +marked as 'nosuid,nodev,noexec' [1]. In such cases, when Toolbx is used +rootless, an attempt to bind mount these locations read-only at runtime +with mount(8) fails because of permission problems: + # mount --rbind -o ro + mount: : filesystem was mounted, but any subsequent + operation failed: Unknown error 5005. + +(Note that the above error message from mount(8) was subsequently +improved to show something more meaningful than 'Unknown error' [2].) + +The problem is that 'init-container' is running inside the container's +mount and user namespace, and the source paths were mounted inside the +host's namespace with 'nosuid,nodev,noexec'. The above mount(8) call +tries to remove the 'nosuid,nodev,noexec' flags from the mount point and +replace them with only 'ro', which is something that can't be done from +a child namespace. + +Note that this doesn't fail when Toolbx is running as root. This is +because the container uses the host's user namespace and is able to +remove the 'nosuid,nodev,noexec' flags from the mount point and replace +them with only 'ro'. Even though it doesn't fail, the flags shouldn't +get replaced like that inside the container, because it removes the +security hardening of those mount points. + +There's actually no benefit in bind mounting these paths as read-only. +It was historically done this way 'just to be safe' because a user isn't +expected to write to these locations from inside a container. However, +Toolbx doesn't intend to provide any heightened security beyond what's +already available on the host. + +Hence, it's better to get out of the way and leave it to the permissions +on the source location from the host operating system to guard the +castle. This is accomplished by not passing any file system options to +mount(8) [1]. + +Based on an idea from Si. + +[1] https://man7.org/linux/man-pages/man8/mount.8.html + +[2] util-linux commit 9420ca34dc8b6f0f + https://github.com/util-linux/util-linux/commit/9420ca34dc8b6f0f + https://github.com/util-linux/util-linux/pull/2376 + +https://github.com/containers/toolbox/issues/911 +--- + src/cmd/initContainer.go | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go +index 465ac063b210..c4cd1b02d298 100644 +--- a/src/cmd/initContainer.go ++++ b/src/cmd/initContainer.go +@@ -62,10 +62,10 @@ var ( + {"/run/udev/data", "/run/host/run/udev/data", ""}, + {"/run/udev/tags", "/run/host/run/udev/tags", ""}, + {"/tmp", "/run/host/tmp", "rslave"}, +- {"/var/lib/flatpak", "/run/host/var/lib/flatpak", "ro"}, ++ {"/var/lib/flatpak", "/run/host/var/lib/flatpak", ""}, + {"/var/lib/libvirt", "/run/host/var/lib/libvirt", ""}, +- {"/var/lib/systemd/coredump", "/run/host/var/lib/systemd/coredump", "ro"}, +- {"/var/log/journal", "/run/host/var/log/journal", "ro"}, ++ {"/var/lib/systemd/coredump", "/run/host/var/lib/systemd/coredump", ""}, ++ {"/var/log/journal", "/run/host/var/log/journal", ""}, + {"/var/mnt", "/run/host/var/mnt", "rslave"}, + } + ) +-- +2.41.0 + diff --git a/toolbox.spec b/toolbox.spec index 9acad83..e56fbfa 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -11,7 +11,7 @@ Version: 0.0.99.4 %gometa -f %endif -Release: 3%{?dist} +Release: 4%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -23,6 +23,8 @@ Source1: %{name}.conf # Upstream Patch0: toolbox-Build-fixes.patch +Patch1: toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch +Patch2: toolbox-Simplify-removing-the-user-s-password.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -168,6 +170,8 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q %patch0 -p1 +%patch1 -p1 +%patch2 -p1 %if 0%{?fedora} %ifnarch ppc64 @@ -246,6 +250,10 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Mon Oct 02 2023 Debarshi Ray - 0.0.99.4-4 +- Be aware of security hardened mount points +- Simplify removing the user's password + * Sat Jul 22 2023 Fedora Release Engineering - 0.0.99.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From b6101bf73fdcdc7e0e8ff2d75175a52eb490a952 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 2 Oct 2023 14:02:29 +0200 Subject: [PATCH 085/145] Drop github.com/coreos/toolbox compatibility from RHEL 10 onwards Some limited compatibility with github.com/coreos/toolbox was added to RHEL 8.5 when the implementation of the toolbox RPM was changed from github.com/coreos/toolbox to github.com/containers/toolbox. This was carried forward to RHEL 9 to give everybody some extra time to adjust. This compatibility involved setting the HOST environment variable inside the Toolbx containers for 'sos report' to work, and replicating the command line interface from github.com/coreos/toolbox. The problem with setting the HOST environment variable in Toolbx containers is that it's a very generic name without any namespacing. Not every user is going to use 'sos report', and it can easily conflict with a variable of the same name being used for a different purpose. This is similar to the NAME and VERSION environment variables that used to be set inside Toolbx containers due to outdated or wrong information in Fedora's container guidelines [1]. They were a constant source of complaints and were recently fixed [2]. The same logic applies to HOST. Instead of expecting the Toolbx container to have the HOST environment variable, sos(1) should be taught how to work inside a Toolbx container without requiring any extra configuration [3]. The problem with replicating the command line interface from github.com/coreos/toolbox is that it's difficult to document it, because it's so different from the native interface that users on non-RHEL operating systems, including Fedora, have come to expect. So, it's an undocumented easter egg that receives very limited, if any, testing. RHEL 8.5 was released on the 9th of November in 2021, which was almost two years ago. RHEL 10 is going to be a fresh new operating system. It's time to ship a version of sos(1) in RHEL that works without any extra configuration inside Toolbx containers, and to inform RHEL users to adapt to the native command line interface. [1] https://docs.fedoraproject.org/en-US/containers/guidelines/creation/ [2] Upstream commit 9506173f88dc26bf https://github.com/containers/toolbox/commit/9506173f88dc26bf https://github.com/containers/toolbox/issues/188 [3] https://github.com/sosreport/sos/pull/3370 --- toolbox.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index e56fbfa..682fc3c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -11,7 +11,7 @@ Version: 0.0.99.4 %gometa -f %endif -Release: 4%{?dist} +Release: 5%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -188,8 +188,10 @@ The %{name}-tests package contains system tests for %{name}. %patch201 -p1 %endif +%if 0%{?rhel} <= 9 %patch202 -p1 %endif +%endif %gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k} @@ -202,7 +204,9 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ %meson \ %if 0%{?rhel} -Dfish_completions_dir=%{_datadir}/fish/vendor_completions.d \ +%if 0%{?rhel} <= 9 -Dmigration_path_for_coreos_toolbox=true \ +%endif %endif -Dprofile_dir=%{_sysconfdir}/profile.d \ -Dtmpfiles_dir=%{_tmpfilesdir} \ @@ -250,6 +254,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Mon Oct 02 2023 Debarshi Ray - 0.0.99.4-5 +- Drop github.com/coreos/toolbox compatibility from RHEL 10 onwards + * Mon Oct 02 2023 Debarshi Ray - 0.0.99.4-4 - Be aware of security hardened mount points - Simplify removing the user's password From 12fabacd032f5c58bdfde8e46d2dbbbb8f694bf0 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 9 Nov 2023 12:05:46 +0100 Subject: [PATCH 086/145] Silence 'rpminspect --tests=annocheck' and 'rpminspect --tests=runpath' The DT_RPATH or DT_RUNPATH value of /run/host%{_libdir} that's present in %{_bindir}/toolbox is intentional [1]. [1] Upstream commit 6063eb27b9893994 https://github.com/containers/toolbox/commit/6063eb27b9893994 https://github.com/containers/toolbox/issues/821 --- rpminspect.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 rpminspect.yaml diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..a0938f7 --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,11 @@ +# https://github.com/rpminspect/rpminspect/blob/master/data/generic.yaml +# https://github.com/rpminspect/rpminspect-data-fedora/blob/main/fedora.yaml + +--- + +annocheck: + - hardened: --ignore-unknown --verbose --skip-run-path + +runpath: + allowed_paths: + - /run/host/usr/lib64 From d437e836048bc5eecc1fc1b111cfe74d70c5c67e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 9 Nov 2023 17:07:29 +0100 Subject: [PATCH 087/145] Clarify that %golang_arches_future are meant for RHEL 10 Since the RHEL conditional was only targeting RHEL 9, it wasn't clear whether it needed updating for RHEL 10. So, it's better to say that %golang_arches are for RHEL 9 and older, and %golang_arches_future are for Fedora and RHEL 10 onwards. This doesn't change any behaviour of the built artifacts, because the build is only shared with RHEL 9 onwards. Hence, a conditional checking for RHEL 9 is the same as one checking for RHEL 9 and older. There's no need to do a build just for this. --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 682fc3c..1647c43 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -5,7 +5,7 @@ Version: 0.0.99.4 %global goipath github.com/containers/%{name} -%if 0%{?rhel} == 9 +%if 0%{?rhel} <= 9 %gometa %else %gometa -f From 1d18729e66267b6a267b362af06d0a130cdb967f Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 9 Nov 2023 17:17:07 +0100 Subject: [PATCH 088/145] Drop the custom /etc/containers/toolbox.conf from RHEL 10 onwards Complete support for RHEL Toolbx images based on the Red Hat Universal Base Images (or UBI) was only recently added to Toolbx [1], in version 0.0.99.4. Before that, Toolbx would only pick the image for RHEL 8, and even before that, it would pick the base 'ubi8' image, which isn't designed for interactive command line use. Due to this, RHEL >= 8.5 shipped a custom configuration file in /etc/containers/toolbox.conf to specify the image. However, that's not necessary anymore. RHEL 10 is going to be a fresh new operating system, and it will be better if we don't ship any custom configuration that's not needed, because it will ensure consistency with non-RHEL operating systems, including Fedora. [1] Upstream commit 0a29b374e649437 https://github.com/containers/toolbox/commit/0a29b374e649437 https://github.com/containers/toolbox/issues/1065 --- toolbox.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 1647c43..643043d 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -11,7 +11,7 @@ Version: 0.0.99.4 %gometa -f %endif -Release: 5%{?dist} +Release: 6%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -222,7 +222,7 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ %install %meson_install -%if 0%{?rhel} +%if 0%{?rhel} <= 9 install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %endif @@ -254,6 +254,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Thu Nov 09 2023 Debarshi Ray - 0.0.99.4-6 +- Drop the custom /etc/containers/toolbox.conf from RHEL 10 onwards + * Mon Oct 02 2023 Debarshi Ray - 0.0.99.4-5 - Drop github.com/coreos/toolbox compatibility from RHEL 10 onwards From a8d29ef83f5168deab4bf958f608aa27036ae6df Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Nov 2023 16:01:17 +0100 Subject: [PATCH 089/145] Silence 'rpminspect --tests=runpath' on i686 --- rpminspect.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/rpminspect.yaml b/rpminspect.yaml index a0938f7..924e431 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -8,4 +8,5 @@ annocheck: runpath: allowed_paths: + - /run/host/usr/lib - /run/host/usr/lib64 From e7a1de731bb0d76e3b6d58eaa5c490b21da4aa1d Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 30 Nov 2023 22:16:08 +0100 Subject: [PATCH 090/145] Track the active container on Fedora Linux Asahi Remix --- ...tive-container-on-Fedora-Linux-Asahi.patch | 44 +++++++++++++++++++ toolbox.spec | 7 ++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch diff --git a/toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch b/toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch new file mode 100644 index 0000000..9890a01 --- /dev/null +++ b/toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch @@ -0,0 +1,44 @@ +From a3e8d8d12bac6dd63010b71c6e091486fb585f37 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 30 Nov 2023 19:22:56 +0100 +Subject: [PATCH] cmd: Track the active container on Fedora Linux Asahi Remix + +Christian Hergert requested this. He is working on improving the +integration of Toolbx with the terminal emulation stack in GNOME and +Fedora, and he is using Fedora Linux Asahi Remix for his work. + +https://github.com/containers/toolbox/pull/1413 +--- + src/cmd/enter.go | 2 ++ + src/cmd/rootMigrationPath.go | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/src/cmd/enter.go b/src/cmd/enter.go +index f902ff6787cd..2b89d2c853ae 100644 +--- a/src/cmd/enter.go ++++ b/src/cmd/enter.go +@@ -138,6 +138,8 @@ func enter(cmd *cobra.Command, args []string) error { + + if hostID == "fedora" && (hostVariantID == "silverblue" || hostVariantID == "workstation") { + emitEscapeSequence = true ++ } else if hostID == "fedora-asahi-remix" { ++ emitEscapeSequence = true + } + + if err := runCommand(container, +diff --git a/src/cmd/rootMigrationPath.go b/src/cmd/rootMigrationPath.go +index 40af5bd81d4e..92a24ac6edf6 100644 +--- a/src/cmd/rootMigrationPath.go ++++ b/src/cmd/rootMigrationPath.go +@@ -86,6 +86,8 @@ func rootRunImpl(cmd *cobra.Command, args []string) error { + + if hostID == "fedora" && (hostVariantID == "silverblue" || hostVariantID == "workstation") { + emitEscapeSequence = true ++ } else if hostID == "fedora-asahi-remix" { ++ emitEscapeSequence = true + } + + if err := runCommand(container, +-- +2.42.0 + diff --git a/toolbox.spec b/toolbox.spec index 643043d..da85168 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -11,7 +11,7 @@ Version: 0.0.99.4 %gometa -f %endif -Release: 6%{?dist} +Release: 7%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -25,6 +25,7 @@ Source1: %{name}.conf Patch0: toolbox-Build-fixes.patch Patch1: toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch Patch2: toolbox-Simplify-removing-the-user-s-password.patch +Patch3: toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -172,6 +173,7 @@ The %{name}-tests package contains system tests for %{name}. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %if 0%{?fedora} %ifnarch ppc64 @@ -254,6 +256,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Thu Nov 30 2023 Debarshi Ray - 0.0.99.4-7 +- Track the active container on Fedora Linux Asahi Remix + * Thu Nov 09 2023 Debarshi Ray - 0.0.99.4-6 - Drop the custom /etc/containers/toolbox.conf from RHEL 10 onwards From 8fd7877f42414e425edd55ad01b50ea96e2a7e94 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 5 Dec 2023 15:14:49 +0100 Subject: [PATCH 091/145] Fix the conditionals for 'if RHEL <= 9' '%if 0%{?rhel} <= 9' is the wrong way to express 'if RHEL <= 9'. On Fedora, %rhel won't be defined. So, %{?rhel} will expand to nothing, and leave only a 0 on the left hand side, making the condition TRUE on Fedora. Note, that conditions like '%if 0%{?rhel}', and other relational operators like ==, > and >= work as expected. The problem is only with < and <=. Fallout from 1d18729e66267b6a267b362af06d0a130cdb967f and d437e836048bc5eecc1fc1b111cfe74d70c5c67e --- toolbox.spec | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index da85168..40769bf 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -5,13 +5,19 @@ Version: 0.0.99.4 %global goipath github.com/containers/%{name} +%if 0%{?fedora} +%gometa -f +%endif + +%if 0%{?rhel} %if 0%{?rhel} <= 9 %gometa %else %gometa -f %endif +%endif -Release: 7%{?dist} +Release: 8%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -224,9 +230,11 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ %install %meson_install +%if 0%{?rhel} %if 0%{?rhel} <= 9 install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %endif +%endif %files @@ -256,6 +264,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Tue Dec 05 2023 Debarshi Ray - 0.0.99.4-8 +- Fix the conditionals for 'if RHEL <= 9' + * Thu Nov 30 2023 Debarshi Ray - 0.0.99.4-7 - Track the active container on Fedora Linux Asahi Remix From 2fcdf29a72a4234a1b98a3e9f6db6ee104cc68d4 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Wed, 6 Dec 2023 10:45:50 -0800 Subject: [PATCH 092/145] tests subpackage: require httpd-tools for htpasswd --- toolbox.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 40769bf..74727d6 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,7 +17,7 @@ Version: 0.0.99.4 %endif %endif -Release: 8%{?dist} +Release: 9%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -165,6 +165,8 @@ Requires: %{name}%{?_isa} = %{version}-%{release} Requires: coreutils Requires: gawk Requires: grep +# for htpasswd +Requires: httpd-tools Requires: skopeo %if ! 0%{?rhel} Requires: bats @@ -264,6 +266,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Wed Dec 06 2023 Adam Williamson - 0.0.99.4-9 +- tests subpackage: require httpd-tools for htpasswd + * Tue Dec 05 2023 Debarshi Ray - 0.0.99.4-8 - Fix the conditionals for 'if RHEL <= 9' From 616aba2f2d76daddfa901193a0122e3d3e642a42 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 19 Dec 2023 13:18:49 +0100 Subject: [PATCH 093/145] Require openssl(1) for the system tests in the tests subpackage --- toolbox.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 74727d6..0c55142 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,7 +17,7 @@ Version: 0.0.99.4 %endif %endif -Release: 9%{?dist} +Release: 10%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 @@ -167,6 +167,7 @@ Requires: gawk Requires: grep # for htpasswd Requires: httpd-tools +Requires: openssl Requires: skopeo %if ! 0%{?rhel} Requires: bats @@ -266,6 +267,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Tue Dec 19 2023 Debarshi Ray - 0.0.99.4-10 +- Require openssl(1) for the system tests in the tests subpackage + * Wed Dec 06 2023 Adam Williamson - 0.0.99.4-9 - tests subpackage: require httpd-tools for htpasswd From 1b207227f3981193f47e5f59b595707c0a7d9560 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 19 Dec 2023 13:24:23 +0100 Subject: [PATCH 094/145] tests: Remove redundant environment variable There's no need to explicitly set the PODMAN environment variable to its default value of /usr/bin/podman. --- tests/tests.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/tests.yml b/tests/tests.yml index 0048a3e..98d6a17 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -9,7 +9,5 @@ tests: - name: toolbox package: toolbox - environment: - PODMAN: /usr/bin/podman become: true \ No newline at end of file From a7b53166a8121d0506cee3a1b779965ef0f00dda Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 19 Dec 2023 13:25:48 +0100 Subject: [PATCH 095/145] tests: Remove trailing whitespace --- tests/tests.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/tests.yml b/tests/tests.yml index 98d6a17..e7ff188 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -10,4 +10,3 @@ - name: toolbox package: toolbox become: true - \ No newline at end of file From 6682165143201ac7ce7d57a52117e7b76147798f Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 19 Dec 2023 12:43:59 +0100 Subject: [PATCH 096/145] Update to 0.0.99.5 Start using Toolbx as the name of the project, instead of Toolbox; and recommend subscription-manager, as requested by the Fedora Workstation Working Group [1], to make it easier to have gratis, self-supported Red Hat Enterprise Linux containers on Fedora. [1] https://pagure.io/fedora-workstation/issue/391 --- .gitignore | 1 + sources | 2 +- toolbox-Build-fixes.patch | 240 ---- ...ags-match-Fedora-s-gobuild-for-PPC64.patch | 4 +- ...e-build-flags-match-Fedora-s-gobuild.patch | 4 +- ...implify-removing-the-user-s-password.patch | 1056 ----------------- ...tive-container-on-Fedora-Linux-Asahi.patch | 44 - ...r-Be-aware-of-security-hardened-moun.patch | 76 -- toolbox.spec | 48 +- 9 files changed, 31 insertions(+), 1444 deletions(-) delete mode 100644 toolbox-Build-fixes.patch delete mode 100644 toolbox-Simplify-removing-the-user-s-password.patch delete mode 100644 toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch delete mode 100644 toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch diff --git a/.gitignore b/.gitignore index 3db2fe9..6787941 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,4 @@ /toolbox-0.0.99.3.tar.xz /toolbox-0.0.99.3-vendor.tar.xz /toolbox-0.0.99.4-vendored.tar.xz +/toolbox-0.0.99.5-vendored.tar.xz diff --git a/sources b/sources index a8351c5..df91c99 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.4-vendored.tar.xz) = 882cd6ec1c1a193af8774dfdfd0aff72d376c4fec3e0cc702e2d524353c051e408eab2ac3fb43ec00fe622b46ac89fdbe97aca2f7cfbe3822e5d3ff1743f2fd0 +SHA512 (toolbox-0.0.99.5-vendored.tar.xz) = d82666e9abcbac2d01de440dfb8d57801bb97ec0854a9859c64689c47c6a1344b846fb151ffa9371d0a9a2c85c8f61c96cf8f546449ec63c9a44d85ef328b745 diff --git a/toolbox-Build-fixes.patch b/toolbox-Build-fixes.patch deleted file mode 100644 index 32164ef..0000000 --- a/toolbox-Build-fixes.patch +++ /dev/null @@ -1,240 +0,0 @@ -From 424cc42fba3cb182a360dcdda68caf20d9141ae6 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Tue, 28 Feb 2023 17:12:04 +0100 -Subject: [PATCH 1/4] cmd/root: Don't use podman(1) when generating the - completions - -Ever since commit bafbbe81c9220cb3, the shell completions are generated -while building Toolbx using the 'completion' command. This involves -running toolbox(1) itself, and hence invoking 'podman version' to decide -if 'podman system migrate' is needed or not. - -Unfortunately, some build environments, like Fedora's, are set up inside -a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may -not work because it does various things with namespaces(7) and clone(2) -that can, under certain circumstances, encounter an EPERM. - -Therefore, it's better to avoid using podman(1) when generating the -shell completions, especially, since they are generated by Cobra itself -and podman(1) is not involved at all. - -Note that podman(1) is needed when the generated shell completions are -actually used in interactive command line environments. The shell -completions invoke the hidden '__complete' command to get the results -that are presented to the user, and, if needed, 'podman system migrate' -will continue to be run as part of that. - -This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011 -because podman(1) is now only an optional runtime dependency for the -system tests. - -https://github.com/containers/podman/issues/17657 ---- - meson.build | 2 +- - src/cmd/root.go | 9 +++++++-- - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/meson.build b/meson.build -index 6f044bb204e3..653a3d3ac588 100644 ---- a/meson.build -+++ b/meson.build -@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h']) - - go = find_program('go') - go_md2man = find_program('go-md2man') --podman = find_program('podman') - - bats = find_program('bats', required: false) - codespell = find_program('codespell', required: false) - htpasswd = find_program('htpasswd', required: false) - openssl = find_program('openssl', required: false) -+podman = find_program('podman', required: false) - shellcheck = find_program('shellcheck', required: false) - skopeo = find_program('skopeo', required: false) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 304b03dcd889..9975ccc7a4c8 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error { - - logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath) - -- if err := migrate(); err != nil { -+ if err := migrate(cmd, args); err != nil { - return err - } - -@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error { - return rootRunImpl(cmd, args) - } - --func migrate() error { -+func migrate(cmd *cobra.Command, args []string) error { - logrus.Debug("Migrating to newer Podman") - - if utils.IsInsideContainer() { - return nil - } - -+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { -+ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName) -+ return nil -+ } -+ - configDir, err := os.UserConfigDir() - if err != nil { - logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err) --- -2.41.0 - - -From 0723706168a1bde708bc9acc203c5e9870bc94d5 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Wed, 1 Mar 2023 19:41:56 +0100 -Subject: [PATCH 2/4] cmd/root: Sprinkle a debug log - -https://github.com/containers/toolbox/pull/1251 ---- - src/cmd/root.go | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 9975ccc7a4c8..2e7428a20b24 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -215,6 +215,7 @@ func migrate(cmd *cobra.Command, args []string) error { - logrus.Debug("Migrating to newer Podman") - - if utils.IsInsideContainer() { -+ logrus.Debug("Migration not needed: running inside a container") - return nil - } - --- -2.41.0 - - -From 0736db58456bb635854493e28a0c36bda49988ce Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Wed, 1 Mar 2023 19:46:11 +0100 -Subject: [PATCH 3/4] cmd/root: Shuffle some code around and sprinkle some - debug logs - -Having a separate convenience function reduces the indentation levels by -at least one, and sometimes two, and makes it easy to have more detailed -debug logs. - -This will make the subsequent commit easier to read. - -https://github.com/containers/toolbox/issues/1246 ---- - src/cmd/root.go | 32 ++++++++++++++++++++++++-------- - 1 file changed, 24 insertions(+), 8 deletions(-) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 2e7428a20b24..9aafe3e0d3be 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -1,5 +1,5 @@ - /* -- * Copyright © 2019 – 2022 Red Hat Inc. -+ * Copyright © 2019 – 2023 Red Hat Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. -@@ -139,13 +139,8 @@ func preRun(cmd *cobra.Command, args []string) error { - if !utils.IsInsideContainer() { - logrus.Debugf("Running on a cgroups v%d host", cgroupsVersion) - -- if currentUser.Uid != "0" { -- logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", currentUser.Username) -- -- if _, err := utils.ValidateSubIDRanges(currentUser); err != nil { -- logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err) -- return newSubIDError() -- } -+ if _, err := validateSubIDRanges(cmd, args, currentUser); err != nil { -+ return err - } - } - -@@ -392,3 +387,24 @@ func setUpLoggers() error { - - return nil - } -+ -+func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bool, error) { -+ logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", user.Username) -+ -+ if user.Uid == "0" { -+ logrus.Debugf("Look-up not needed: user %s doesn't need them", user.Username) -+ return true, nil -+ } -+ -+ if utils.IsInsideContainer() { -+ logrus.Debug("Look-up not needed: running inside a container") -+ return true, nil -+ } -+ -+ if _, err := utils.ValidateSubIDRanges(user); err != nil { -+ logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err) -+ return false, newSubIDError() -+ } -+ -+ return true, nil -+} --- -2.41.0 - - -From 02537eac420f49e96110663794ef5f2511eb6860 Mon Sep 17 00:00:00 2001 -From: Jan Zerebecki -Date: Wed, 1 Mar 2023 19:52:28 +0100 -Subject: [PATCH 4/4] cmd/root: Don't validate subordinate IDs when generating - the completions - -Ever since commit bafbbe81c9220cb3, the shell completions are generated -while building Toolbx using the 'completion' command. This involves -running toolbox(1) itself, and hence validating the subordinate user and -group ID ranges. - -Unfortunately, some build environments, like openSUSE's, don't have -subordinate ID ranges set up. Therefore, it's better to not validate -the subordinate ID ranges when generating the shell completions, since -they are generated by Cobra itself and subordinate ID ranges are not -involved at all. - -Note that subordinate ID ranges may be needed when the generated shell -completions are actually used in interactive command line environments. -The shell completions invoke the hidden '__complete' command to get the -results that are presented to the user, and, if needed, the subordinate -ID ranges will continue to be used by podman(1) as part of that. - -Some changes by Debarshi Ray. - -https://github.com/containers/toolbox/issues/1246 -https://github.com/containers/toolbox/pull/1249 ---- - src/cmd/root.go | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 9aafe3e0d3be..aee9fe026ac3 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -401,6 +401,11 @@ func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bo - return true, nil - } - -+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { -+ logrus.Debugf("Look-up not needed: command %s doesn't need them", cmdName) -+ return true, nil -+ } -+ - if _, err := utils.ValidateSubIDRanges(user); err != nil { - logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err) - return false, newSubIDError() --- -2.41.0 - diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch index afb5193..35ecc83 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -1,4 +1,4 @@ -From 865f58881c17c233f288b8978faaeba8b4b2c2f0 Mon Sep 17 00:00:00 2001 +From 4f8b443ab925c84d059d894ddcfcf4dcf66a747e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} @@ -50,5 +50,5 @@ index c572d6dfb02b..cae2de426a96 100755 exit "$?" -- -2.39.2 +2.43.0 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch index d88c845..c290d36 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -1,4 +1,4 @@ -From f4582e4748a15c462eac229f9bd9214415f166c9 Mon Sep 17 00:00:00 2001 +From 3175ef2fab1f61f5784361070ac338dabda3c04e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} @@ -50,5 +50,5 @@ index c572d6dfb02b..0e6a2efa6853 100755 exit "$?" -- -2.39.2 +2.43.0 diff --git a/toolbox-Simplify-removing-the-user-s-password.patch b/toolbox-Simplify-removing-the-user-s-password.patch deleted file mode 100644 index d10d870..0000000 --- a/toolbox-Simplify-removing-the-user-s-password.patch +++ /dev/null @@ -1,1056 +0,0 @@ -From 07d5c061eacec0a3b145947a9b95a11b705ea5d3 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Sat, 12 Aug 2023 14:26:22 +0200 -Subject: [PATCH 1/5] test/system: Test that group and user IDs work - -These tests assume that the group and user information on the host -operating system can be provided by different plugins for the GNU Name -Service Switch (or NSS) functionality of the GNU C Library. eg., on -enterprise FreeIPA set-ups. However, it's expected that everything -inside the Toolbx container will be provided by /etc/group, /etc/passwd, -/etc/shadow, etc.. - -While /etc/group and /etc/passwd can be read by any user, /etc/shadow -can only be read by root. However, it's awkward to use sudo(8) in the -test cases involving /etc/shadow, because they ensure that root and -$USER don't need passwords to authenticate inside the container, and -sudo(8) itself depends on that. If sudo(8) is used, the test suite can -behave unexpectedly if Toolbx didn't set up the container correctly. -eg., it can get blocked waiting for a password. - -Hence, 'podman unshare' is used instead to enter the container's initial -user namespace, where $USER from the host appears as root. This is -sufficient because the test cases only need to read /etc/shadow inside -the Toolbx container. - -https://github.com/containers/toolbox/pull/1355 ---- - test/system/206-user.bats | 520 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 520 insertions(+) - create mode 100644 test/system/206-user.bats - -diff --git a/test/system/206-user.bats b/test/system/206-user.bats -new file mode 100644 -index 000000000000..fdb2a33da88c ---- /dev/null -+++ b/test/system/206-user.bats -@@ -0,0 +1,520 @@ -+# shellcheck shell=bats -+# -+# Copyright © 2023 Red Hat, Inc. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); -+# you may not use this file except in compliance with the License. -+# You may obtain a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, -+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+# See the License for the specific language governing permissions and -+# limitations under the License. -+# -+ -+load 'libs/bats-support/load' -+load 'libs/bats-assert/load' -+load 'libs/helpers' -+ -+setup() { -+ bats_require_minimum_version 1.7.0 -+ _setup_environment -+ cleanup_containers -+} -+ -+teardown() { -+ cleanup_containers -+} -+ -+@test "user: separate namespace" { -+ local ns_host -+ ns_host=$(readlink /proc/$$/ns/user) -+ -+ create_default_container -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run sh -c 'readlink /proc/$$/ns/user' -+ -+ assert_success -+ assert_line --index 0 --regexp '^user:\[[[:digit:]]+\]$' -+ refute_line --index 0 "$ns_host" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: root in shadow(5) inside the default container" { -+ local default_container -+ default_container="$(get_system_id)-toolbox-$(get_system_version)" -+ -+ create_default_container -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount "$default_container")" -+ -+ "$TOOLBOX" run true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount "$default_container" -+ -+ assert_success -+ assert_line --regexp '^root::.+$' -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: root in shadow(5) inside Arch Linux" { -+ create_distro_container arch latest arch-toolbox-latest -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount arch-toolbox-latest)" -+ -+ "$TOOLBOX" run --distro arch true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount arch-toolbox-latest -+ -+ assert_success -+ assert_line --regexp '^root::.+$' -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: root in shadow(5) inside Fedora 34" { -+ create_distro_container fedora 34 fedora-toolbox-34 -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount fedora-toolbox-34)" -+ -+ "$TOOLBOX" run --distro fedora --release 34 true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount fedora-toolbox-34 -+ -+ assert_success -+ assert_line --regexp '^root::.+$' -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: root in shadow(5) inside RHEL 8.7" { -+ create_distro_container rhel 8.7 rhel-toolbox-8.7 -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount rhel-toolbox-8.7)" -+ -+ "$TOOLBOX" run --distro rhel --release 8.7 true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount rhel-toolbox-8.7 -+ -+ assert_success -+ assert_line --regexp '^root::.+$' -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: root in shadow(5) inside Ubuntu 16.04" { -+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-16.04)" -+ -+ "$TOOLBOX" run --distro ubuntu --release 16.04 true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-16.04 -+ -+ assert_success -+ assert_line --regexp '^root::.+$' -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: root in shadow(5) inside Ubuntu 18.04" { -+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-18.04)" -+ -+ "$TOOLBOX" run --distro ubuntu --release 18.04 true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-18.04 -+ -+ assert_success -+ assert_line --regexp '^root::.+$' -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: root in shadow(5) inside Ubuntu 20.04" { -+ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-20.04)" -+ -+ "$TOOLBOX" run --distro ubuntu --release 20.04 true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-20.04 -+ -+ assert_success -+ assert_line --regexp '^root::.+$' -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in passwd(5) inside the default container" { -+ local user_gecos -+ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" -+ -+ local user_id_real -+ user_id_real="$(id --real --user)" -+ -+ create_default_container -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run sh -c 'cat /etc/passwd' -+ -+ assert_success -+ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in passwd(5) inside Arch Linux" { -+ local user_gecos -+ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" -+ -+ local user_id_real -+ user_id_real="$(id --real --user)" -+ -+ create_distro_container arch latest arch-toolbox-latest -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch sh -c 'cat /etc/passwd' -+ -+ assert_success -+ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in passwd(5) inside Fedora 34" { -+ local user_gecos -+ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" -+ -+ local user_id_real -+ user_id_real="$(id --real --user)" -+ -+ create_distro_container fedora 34 fedora-toolbox-34 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 sh -c 'cat /etc/passwd' -+ -+ assert_success -+ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in passwd(5) inside RHEL 8.7" { -+ local user_gecos -+ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" -+ -+ local user_id_real -+ user_id_real="$(id --real --user)" -+ -+ create_distro_container rhel 8.7 rhel-toolbox-8.7 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 sh -c 'cat /etc/passwd' -+ -+ assert_success -+ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in passwd(5) inside Ubuntu 16.04" { -+ local user_gecos -+ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" -+ -+ local user_id_real -+ user_id_real="$(id --real --user)" -+ -+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 sh -c 'cat /etc/passwd' -+ -+ assert_success -+ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in passwd(5) inside Ubuntu 18.04" { -+ local user_gecos -+ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" -+ -+ local user_id_real -+ user_id_real="$(id --real --user)" -+ -+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 sh -c 'cat /etc/passwd' -+ -+ assert_success -+ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in passwd(5) inside Ubuntu 20.04" { -+ local user_gecos -+ user_gecos="$(getent passwd "$USER" | cut --delimiter : --fields 5)" -+ -+ local user_id_real -+ user_id_real="$(id --real --user)" -+ -+ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 sh -c 'cat /etc/passwd' -+ -+ assert_success -+ assert_line --regexp "^$USER::$user_id_real:$user_id_real:$user_gecos:$HOME:$SHELL$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in shadow(5) inside the default container" { -+ local default_container -+ default_container="$(get_system_id)-toolbox-$(get_system_version)" -+ -+ create_default_container -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount "$default_container")" -+ -+ "$TOOLBOX" run true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount "$default_container" -+ -+ assert_success -+ refute_line --regexp "^$USER:.*$" -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in shadow(5) inside Arch Linux" { -+ create_distro_container arch latest arch-toolbox-latest -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount arch-toolbox-latest)" -+ -+ "$TOOLBOX" run --distro arch true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount arch-toolbox-latest -+ -+ assert_success -+ refute_line --regexp "^$USER:.*$" -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in shadow(5) inside Fedora 34" { -+ create_distro_container fedora 34 fedora-toolbox-34 -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount fedora-toolbox-34)" -+ -+ "$TOOLBOX" run --distro fedora --release 34 true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount fedora-toolbox-34 -+ -+ assert_success -+ refute_line --regexp "^$USER:.*$" -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in shadow(5) inside RHEL 8.7" { -+ create_distro_container rhel 8.7 rhel-toolbox-8.7 -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount rhel-toolbox-8.7)" -+ -+ "$TOOLBOX" run --distro rhel --release 8.7 true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount rhel-toolbox-8.7 -+ -+ assert_success -+ refute_line --regexp "^$USER:.*$" -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in shadow(5) inside Ubuntu 16.04" { -+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-16.04)" -+ -+ "$TOOLBOX" run --distro ubuntu --release 16.04 true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-16.04 -+ -+ assert_success -+ refute_line --regexp "^$USER:.*$" -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in shadow(5) inside Ubuntu 18.04" { -+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-18.04)" -+ -+ "$TOOLBOX" run --distro ubuntu --release 18.04 true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-18.04 -+ -+ assert_success -+ refute_line --regexp "^$USER:.*$" -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in shadow(5) inside Ubuntu 20.04" { -+ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 -+ container_root_file_system="$("$PODMAN" unshare "$PODMAN" mount ubuntu-toolbox-20.04)" -+ -+ "$TOOLBOX" run --distro ubuntu --release 20.04 true -+ -+ run --keep-empty-lines --separate-stderr "$PODMAN" unshare cat "$container_root_file_system/etc/shadow" -+ "$PODMAN" unshare "$PODMAN" unmount ubuntu-toolbox-20.04 -+ -+ assert_success -+ refute_line --regexp "^$USER:.*$" -+ assert [ ${#lines[@]} -gt 0 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in group(5) inside the default container" { -+ create_default_container -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run sh -c 'cat /etc/group' -+ -+ assert_success -+ assert_line --regexp "^(sudo|wheel):x:[[:digit:]]+:$USER$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in group(5) inside Arch Linux" { -+ create_distro_container arch latest arch-toolbox-latest -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch sh -c 'cat /etc/group' -+ -+ assert_success -+ assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in group(5) inside Fedora 34" { -+ create_distro_container fedora 34 fedora-toolbox-34 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 sh -c 'cat /etc/group' -+ -+ assert_success -+ assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in group(5) inside RHEL 8.7" { -+ create_distro_container rhel 8.7 rhel-toolbox-8.7 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 sh -c 'cat /etc/group' -+ -+ assert_success -+ assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in group(5) inside Ubuntu 16.04" { -+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 sh -c 'cat /etc/group' -+ -+ assert_success -+ assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in group(5) inside Ubuntu 18.04" { -+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 sh -c 'cat /etc/group' -+ -+ assert_success -+ assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: $USER in group(5) inside Ubuntu 20.04" { -+ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 sh -c 'cat /etc/group' -+ -+ assert_success -+ assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" -+ assert [ ${#lines[@]} -gt 1 ] -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} --- -2.41.0 - - -From 22ba72f3152650d538437bf298ebde4a63e2adc9 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Wed, 4 Nov 2020 00:55:31 +0100 -Subject: [PATCH 2/5] Deprecate the --monitor-host option of 'init-container' - -The --monitor-host option was added to the 'init-container' command in -commit 8b84b5e4604921fa to accommodate Podman versions older than 1.2.0 -that didn't have the '--dns none' and '--no-hosts' options for -'podman create'. These options are necessary to keep the Toolbx -container's /etc/resolv.conf and /etc/hosts files synchronized with -those of the host. - -Note that Podman 1.2.0 was already available a few months before -commit 8b84b5e4604921fa introduced the --monitor-host option. The -chances of someone using an older Podman back then was already on the -decline, and it's very unlikely that a container created with such a -Podman has survived till this date. - -Commit b6b484fa792b442a raised the minimum required Podman version to -1.4.0, and made the '--dns none' and '--no-hosts' options a hard -requirement. The minimum required Podman version was again raised -recently in commit 8e80dd5db1e6f40b to 1.6.4. Therefore, these days, -there's no need to separately use the --monitor-host option of -'init-container' for newly created containers to indicate that the -Podman version wasn't older than 1.2.0. - -Given all this, it's time to stop using the --monitor-host option of -'init-container', and assume that it's always set. The option is still -accepted to retain compatibility with existing Toolbx containers. - -For containers that were created with the --monitor-host option, a -deprecation notice will be shown as: - $ podman start --attach CONTAINER - Flag --monitor-host has been deprecated, it does nothing - ... - -https://github.com/containers/toolbox/pull/617 ---- - doc/toolbox-init-container.1.md | 32 +++--------- - src/cmd/create.go | 1 - - src/cmd/initContainer.go | 86 ++++++++++++++++----------------- - 3 files changed, 49 insertions(+), 70 deletions(-) - -diff --git a/doc/toolbox-init-container.1.md b/doc/toolbox-init-container.1.md -index 45c9a77939f2..51a7b1ee643d 100644 ---- a/doc/toolbox-init-container.1.md -+++ b/doc/toolbox-init-container.1.md -@@ -9,7 +9,6 @@ toolbox\-init\-container - Initialize a running container - *--home-link* - *--media-link* - *--mnt-link* -- *--monitor-host* - *--shell SHELL* - *--uid UID* - *--user USER* -@@ -76,31 +75,12 @@ Make `/mnt` a symbolic link to `/var/mnt`. - - **--monitor-host** - --Ensures that certain configuration files inside the toolbox container are kept --synchronized with their counterparts on the host, and bind mounts some paths --from the host's file system into the container. -- --The synchronized files are: -- --- `/etc/host.conf` --- `/etc/hosts` --- `/etc/localtime` --- `/etc/resolv.conf` --- `/etc/timezone` -- --The bind mounted paths are: -- --- `/etc/machine-id` --- `/run/libvirt` --- `/run/systemd/journal` --- `/run/systemd/resolve` --- `/run/udev/data` --- `/tmp` --- `/var/lib/flatpak` --- `/var/lib/libvirt` --- `/var/lib/systemd/coredump` --- `/var/log/journal` --- `/var/mnt` -+Deprecated, does nothing. -+ -+Crucial configuration files inside the toolbox container are always kept -+synchronized with their counterparts on the host, and various subsets of the -+host's file system hierarchy are always bind mounted to their corresponding -+locations inside the toolbox container. - - **--shell** SHELL - -diff --git a/src/cmd/create.go b/src/cmd/create.go -index 2a103f01ed2d..6cec99258847 100644 ---- a/src/cmd/create.go -+++ b/src/cmd/create.go -@@ -393,7 +393,6 @@ func createContainer(container, image, release, authFile string, showCommandToEn - "--shell", userShell, - "--uid", currentUser.Uid, - "--user", currentUser.Username, -- "--monitor-host", - } - - entryPoint = append(entryPoint, slashHomeLink...) -diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go -index c4cd1b02d298..cb132bffc817 100644 ---- a/src/cmd/initContainer.go -+++ b/src/cmd/initContainer.go -@@ -107,8 +107,12 @@ func init() { - - flags.BoolVar(&initContainerFlags.monitorHost, - "monitor-host", -- false, -- "Ensure that certain configuration files inside the toolbox container are in sync with the host") -+ true, -+ "Deprecated, does nothing") -+ if err := flags.MarkDeprecated("monitor-host", "it does nothing"); err != nil { -+ panicMsg := fmt.Sprintf("cannot mark --monitor-host as deprecated: %s", err) -+ panic(panicMsg) -+ } - - flags.StringVar(&initContainerFlags.shell, - "shell", -@@ -163,59 +167,55 @@ func initContainer(cmd *cobra.Command, args []string) error { - - defer toolboxEnvFile.Close() - -- if initContainerFlags.monitorHost { -- logrus.Debug("Monitoring host") -- -- if utils.PathExists("/run/host/etc") { -- logrus.Debug("Path /run/host/etc exists") -- -- if _, err := os.Readlink("/etc/host.conf"); err != nil { -- if err := redirectPath("/etc/host.conf", -- "/run/host/etc/host.conf", -- false); err != nil { -- return err -- } -- } -+ if utils.PathExists("/run/host/etc") { -+ logrus.Debug("Path /run/host/etc exists") - -- if _, err := os.Readlink("/etc/hosts"); err != nil { -- if err := redirectPath("/etc/hosts", -- "/run/host/etc/hosts", -- false); err != nil { -- return err -- } -+ if _, err := os.Readlink("/etc/host.conf"); err != nil { -+ if err := redirectPath("/etc/host.conf", -+ "/run/host/etc/host.conf", -+ false); err != nil { -+ return err - } -+ } - -- if localtimeTarget, err := os.Readlink("/etc/localtime"); err != nil || -- localtimeTarget != "/run/host/etc/localtime" { -- if err := redirectPath("/etc/localtime", -- "/run/host/etc/localtime", -- false); err != nil { -- return err -- } -+ if _, err := os.Readlink("/etc/hosts"); err != nil { -+ if err := redirectPath("/etc/hosts", -+ "/run/host/etc/hosts", -+ false); err != nil { -+ return err - } -+ } - -- if err := updateTimeZoneFromLocalTime(); err != nil { -+ if localtimeTarget, err := os.Readlink("/etc/localtime"); err != nil || -+ localtimeTarget != "/run/host/etc/localtime" { -+ if err := redirectPath("/etc/localtime", -+ "/run/host/etc/localtime", -+ false); err != nil { - return err - } -+ } -+ -+ if err := updateTimeZoneFromLocalTime(); err != nil { -+ return err -+ } - -- if _, err := os.Readlink("/etc/resolv.conf"); err != nil { -- if err := redirectPath("/etc/resolv.conf", -- "/run/host/etc/resolv.conf", -- false); err != nil { -- return err -- } -+ if _, err := os.Readlink("/etc/resolv.conf"); err != nil { -+ if err := redirectPath("/etc/resolv.conf", -+ "/run/host/etc/resolv.conf", -+ false); err != nil { -+ return err - } -+ } - -- for _, mount := range initContainerMounts { -- if err := mountBind(mount.containerPath, mount.source, mount.flags); err != nil { -- return err -- } -+ for _, mount := range initContainerMounts { -+ if err := mountBind(mount.containerPath, mount.source, mount.flags); err != nil { -+ return err - } -+ } - -- if utils.PathExists("/sys/fs/selinux") { -- if err := mountBind("/sys/fs/selinux", "/usr/share/empty", ""); err != nil { -- return err -- } -+ if utils.PathExists("/sys/fs/selinux") { -+ if err := mountBind("/sys/fs/selinux", "/usr/share/empty", ""); err != nil { -+ return err - } - } - } --- -2.41.0 - - -From 66a791ff10234023b858b7a28dd98985b054eca1 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Tue, 7 Mar 2023 16:13:04 +0100 -Subject: [PATCH 3/5] cmd/initContainer: Bind mount locations regardless of - /run/host/etc - -Bind mounting the locations at runtime doesn't really have anything to -do with whether /run/host/etc is present inside the Toolbx container. - -The only possible exception could have been /etc/machine-id, but it -isn't, because the bind mount is only performed if the source at -/run/host/etc/machine-id is present. - -This is a historical mistake that has persisted for a long time, since, -in practice, /run/host/etc will almost always exist inside the Toolbx -container. It's time to finally correct it. - -Fallout from 9436bbece01d7aa4dc91b4013ed9f80d0b8d34f4 - -https://github.com/containers/toolbox/pull/1255 ---- - src/cmd/initContainer.go | 24 ++++++++++++------------ - 1 file changed, 12 insertions(+), 12 deletions(-) - -diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go -index cb132bffc817..153e5ccb824e 100644 ---- a/src/cmd/initContainer.go -+++ b/src/cmd/initContainer.go -@@ -206,18 +206,6 @@ func initContainer(cmd *cobra.Command, args []string) error { - return err - } - } -- -- for _, mount := range initContainerMounts { -- if err := mountBind(mount.containerPath, mount.source, mount.flags); err != nil { -- return err -- } -- } -- -- if utils.PathExists("/sys/fs/selinux") { -- if err := mountBind("/sys/fs/selinux", "/usr/share/empty", ""); err != nil { -- return err -- } -- } - } - - if initContainerFlags.mediaLink { -@@ -236,6 +224,18 @@ func initContainer(cmd *cobra.Command, args []string) error { - } - } - -+ for _, mount := range initContainerMounts { -+ if err := mountBind(mount.containerPath, mount.source, mount.flags); err != nil { -+ return err -+ } -+ } -+ -+ if utils.PathExists("/sys/fs/selinux") { -+ if err := mountBind("/sys/fs/selinux", "/usr/share/empty", ""); err != nil { -+ return err -+ } -+ } -+ - if _, err := user.Lookup(initContainerFlags.user); err != nil { - if err := configureUsers(initContainerFlags.uid, - initContainerFlags.user, --- -2.41.0 - - -From d416f1b4abd0782526c011b078442856c733e718 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Tue, 15 Aug 2023 20:57:46 +0200 -Subject: [PATCH 4/5] cmd/initContainer: Simplify code by removing a function - parameter - -Until now, configureUsers() was pushing the burden of deciding whether -to add a new user or modify an existing one on the callers, even though -it can trivially decide itself. Involving the caller loosens the -encapsulation of the user configuration logic by spreading it across -configureUsers() and it's caller, and adds an extra function parameter -that needs to be carefully set and is vulnerable to programmer errors. - -Fallout from 9ea6fe5852ea8f5225114d825e8e6813e2a3cfea - -https://github.com/containers/toolbox/pull/1356 ---- - src/cmd/initContainer.go | 62 ++++++++++++++++------------------------ - 1 file changed, 24 insertions(+), 38 deletions(-) - -diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go -index 153e5ccb824e..02c389635378 100644 ---- a/src/cmd/initContainer.go -+++ b/src/cmd/initContainer.go -@@ -236,24 +236,12 @@ func initContainer(cmd *cobra.Command, args []string) error { - } - } - -- if _, err := user.Lookup(initContainerFlags.user); err != nil { -- if err := configureUsers(initContainerFlags.uid, -- initContainerFlags.user, -- initContainerFlags.home, -- initContainerFlags.shell, -- initContainerFlags.homeLink, -- false); err != nil { -- return err -- } -- } else { -- if err := configureUsers(initContainerFlags.uid, -- initContainerFlags.user, -- initContainerFlags.home, -- initContainerFlags.shell, -- initContainerFlags.homeLink, -- true); err != nil { -- return err -- } -+ if err := configureUsers(initContainerFlags.uid, -+ initContainerFlags.user, -+ initContainerFlags.home, -+ initContainerFlags.shell, -+ initContainerFlags.homeLink); err != nil { -+ return err - } - - if utils.PathExists("/etc/krb5.conf.d") && !utils.PathExists("/etc/krb5.conf.d/kcm_default_ccache") { -@@ -386,9 +374,7 @@ func initContainerHelp(cmd *cobra.Command, args []string) { - } - } - --func configureUsers(targetUserUid int, -- targetUser, targetUserHome, targetUserShell string, -- homeLink, targetUserExists bool) error { -+func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShell string, homeLink bool) error { - if homeLink { - if err := redirectPath("/home", "/var/home", true); err != nil { - return err -@@ -400,45 +386,45 @@ func configureUsers(targetUserUid int, - return fmt.Errorf("failed to get group for sudo: %w", err) - } - -- if targetUserExists { -- logrus.Debugf("Modifying user %s with UID %d:", targetUser, targetUserUid) -+ if _, err := user.Lookup(targetUser); err != nil { -+ logrus.Debugf("Adding user %s with UID %d:", targetUser, targetUserUid) - -- usermodArgs := []string{ -- "--append", -+ useraddArgs := []string{ - "--groups", sudoGroup, -- "--home", targetUserHome, -+ "--home-dir", targetUserHome, -+ "--no-create-home", - "--shell", targetUserShell, - "--uid", fmt.Sprint(targetUserUid), - targetUser, - } - -- logrus.Debug("usermod") -- for _, arg := range usermodArgs { -+ logrus.Debug("useradd") -+ for _, arg := range useraddArgs { - logrus.Debugf("%s", arg) - } - -- if err := shell.Run("usermod", nil, nil, nil, usermodArgs...); err != nil { -- return fmt.Errorf("failed to modify user %s with UID %d: %w", targetUser, targetUserUid, err) -+ if err := shell.Run("useradd", nil, nil, nil, useraddArgs...); err != nil { -+ return fmt.Errorf("failed to add user %s with UID %d: %w", targetUser, targetUserUid, err) - } - } else { -- logrus.Debugf("Adding user %s with UID %d:", targetUser, targetUserUid) -+ logrus.Debugf("Modifying user %s with UID %d:", targetUser, targetUserUid) - -- useraddArgs := []string{ -+ usermodArgs := []string{ -+ "--append", - "--groups", sudoGroup, -- "--home-dir", targetUserHome, -- "--no-create-home", -+ "--home", targetUserHome, - "--shell", targetUserShell, - "--uid", fmt.Sprint(targetUserUid), - targetUser, - } - -- logrus.Debug("useradd") -- for _, arg := range useraddArgs { -+ logrus.Debug("usermod") -+ for _, arg := range usermodArgs { - logrus.Debugf("%s", arg) - } - -- if err := shell.Run("useradd", nil, nil, nil, useraddArgs...); err != nil { -- return fmt.Errorf("failed to add user %s with UID %d: %w", targetUser, targetUserUid, err) -+ if err := shell.Run("usermod", nil, nil, nil, usermodArgs...); err != nil { -+ return fmt.Errorf("failed to modify user %s with UID %d: %w", targetUser, targetUserUid, err) - } - } - --- -2.41.0 - - -From e673dc792438c64683237d26b21d005ffb008fd5 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Tue, 22 Aug 2023 23:29:43 +0200 -Subject: [PATCH 5/5] cmd/initContainer: Simplify removing the user's password - -It's one less invocation of an external command, which is good because -spawning a new process is generally expensive. - -One positive side-effect of this is that on some Active Directory -set-ups, the entry point no longer fails with: - Error: failed to remove password for user login@company.com: failed - to invoke passwd(1) - -... because of: - # passwd --delete login@company.com - passwd: Libuser error at line: 210 - name contains invalid char `@'. - -This is purely an accident, and isn't meant to be an intential change to -support Active Directory. Tools like useradd(8) and usermod(8) from -Shadow aren't meant to work with Active Directory users, and, hence, it -can still break in other ways. For that, one option is to expose $USER -from the host operating system to the Toolbx container through a Varlink -interface that can be used by nss-systemd inside the container. - -Based on an idea from Si. - -https://github.com/containers/toolbox/issues/585 ---- - src/cmd/initContainer.go | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go -index 02c389635378..91b53cee7d0d 100644 ---- a/src/cmd/initContainer.go -+++ b/src/cmd/initContainer.go -@@ -393,6 +393,7 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe - "--groups", sudoGroup, - "--home-dir", targetUserHome, - "--no-create-home", -+ "--password", "", - "--shell", targetUserShell, - "--uid", fmt.Sprint(targetUserUid), - targetUser, -@@ -413,6 +414,7 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe - "--append", - "--groups", sudoGroup, - "--home", targetUserHome, -+ "--password", "", - "--shell", targetUserShell, - "--uid", fmt.Sprint(targetUserUid), - targetUser, -@@ -428,12 +430,6 @@ func configureUsers(targetUserUid int, targetUser, targetUserHome, targetUserShe - } - } - -- logrus.Debugf("Removing password for user %s", targetUser) -- -- if err := shell.Run("passwd", nil, nil, nil, "--delete", targetUser); err != nil { -- return fmt.Errorf("failed to remove password for user %s: %w", targetUser, err) -- } -- - logrus.Debug("Removing password for user root") - - if err := shell.Run("passwd", nil, nil, nil, "--delete", "root"); err != nil { --- -2.41.0 - diff --git a/toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch b/toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch deleted file mode 100644 index 9890a01..0000000 --- a/toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a3e8d8d12bac6dd63010b71c6e091486fb585f37 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 30 Nov 2023 19:22:56 +0100 -Subject: [PATCH] cmd: Track the active container on Fedora Linux Asahi Remix - -Christian Hergert requested this. He is working on improving the -integration of Toolbx with the terminal emulation stack in GNOME and -Fedora, and he is using Fedora Linux Asahi Remix for his work. - -https://github.com/containers/toolbox/pull/1413 ---- - src/cmd/enter.go | 2 ++ - src/cmd/rootMigrationPath.go | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/src/cmd/enter.go b/src/cmd/enter.go -index f902ff6787cd..2b89d2c853ae 100644 ---- a/src/cmd/enter.go -+++ b/src/cmd/enter.go -@@ -138,6 +138,8 @@ func enter(cmd *cobra.Command, args []string) error { - - if hostID == "fedora" && (hostVariantID == "silverblue" || hostVariantID == "workstation") { - emitEscapeSequence = true -+ } else if hostID == "fedora-asahi-remix" { -+ emitEscapeSequence = true - } - - if err := runCommand(container, -diff --git a/src/cmd/rootMigrationPath.go b/src/cmd/rootMigrationPath.go -index 40af5bd81d4e..92a24ac6edf6 100644 ---- a/src/cmd/rootMigrationPath.go -+++ b/src/cmd/rootMigrationPath.go -@@ -86,6 +86,8 @@ func rootRunImpl(cmd *cobra.Command, args []string) error { - - if hostID == "fedora" && (hostVariantID == "silverblue" || hostVariantID == "workstation") { - emitEscapeSequence = true -+ } else if hostID == "fedora-asahi-remix" { -+ emitEscapeSequence = true - } - - if err := runCommand(container, --- -2.42.0 - diff --git a/toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch b/toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch deleted file mode 100644 index adf39a3..0000000 --- a/toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 1fde98456652ddbcb750ade2121c5ceec93fbfae Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 13 Jul 2023 13:08:40 +0200 -Subject: [PATCH] cmd/initContainer: Be aware of security hardened mount points - -Sometimes locations such as /var/lib/flatpak, /var/lib/systemd/coredump -and /var/log/journal sit on security hardened mount points that are -marked as 'nosuid,nodev,noexec' [1]. In such cases, when Toolbx is used -rootless, an attempt to bind mount these locations read-only at runtime -with mount(8) fails because of permission problems: - # mount --rbind -o ro - mount: : filesystem was mounted, but any subsequent - operation failed: Unknown error 5005. - -(Note that the above error message from mount(8) was subsequently -improved to show something more meaningful than 'Unknown error' [2].) - -The problem is that 'init-container' is running inside the container's -mount and user namespace, and the source paths were mounted inside the -host's namespace with 'nosuid,nodev,noexec'. The above mount(8) call -tries to remove the 'nosuid,nodev,noexec' flags from the mount point and -replace them with only 'ro', which is something that can't be done from -a child namespace. - -Note that this doesn't fail when Toolbx is running as root. This is -because the container uses the host's user namespace and is able to -remove the 'nosuid,nodev,noexec' flags from the mount point and replace -them with only 'ro'. Even though it doesn't fail, the flags shouldn't -get replaced like that inside the container, because it removes the -security hardening of those mount points. - -There's actually no benefit in bind mounting these paths as read-only. -It was historically done this way 'just to be safe' because a user isn't -expected to write to these locations from inside a container. However, -Toolbx doesn't intend to provide any heightened security beyond what's -already available on the host. - -Hence, it's better to get out of the way and leave it to the permissions -on the source location from the host operating system to guard the -castle. This is accomplished by not passing any file system options to -mount(8) [1]. - -Based on an idea from Si. - -[1] https://man7.org/linux/man-pages/man8/mount.8.html - -[2] util-linux commit 9420ca34dc8b6f0f - https://github.com/util-linux/util-linux/commit/9420ca34dc8b6f0f - https://github.com/util-linux/util-linux/pull/2376 - -https://github.com/containers/toolbox/issues/911 ---- - src/cmd/initContainer.go | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go -index 465ac063b210..c4cd1b02d298 100644 ---- a/src/cmd/initContainer.go -+++ b/src/cmd/initContainer.go -@@ -62,10 +62,10 @@ var ( - {"/run/udev/data", "/run/host/run/udev/data", ""}, - {"/run/udev/tags", "/run/host/run/udev/tags", ""}, - {"/tmp", "/run/host/tmp", "rslave"}, -- {"/var/lib/flatpak", "/run/host/var/lib/flatpak", "ro"}, -+ {"/var/lib/flatpak", "/run/host/var/lib/flatpak", ""}, - {"/var/lib/libvirt", "/run/host/var/lib/libvirt", ""}, -- {"/var/lib/systemd/coredump", "/run/host/var/lib/systemd/coredump", "ro"}, -- {"/var/log/journal", "/run/host/var/log/journal", "ro"}, -+ {"/var/lib/systemd/coredump", "/run/host/var/lib/systemd/coredump", ""}, -+ {"/var/log/journal", "/run/host/var/log/journal", ""}, - {"/var/mnt", "/run/host/var/mnt", "rslave"}, - } - ) --- -2.41.0 - diff --git a/toolbox.spec b/toolbox.spec index 0c55142..e9fdfc0 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.0.99.4 +Version: 0.0.99.5 %global goipath github.com/containers/%{name} @@ -17,8 +17,8 @@ Version: 0.0.99.4 %endif %endif -Release: 10%{?dist} -Summary: Tool for containerized command line environments on Linux +Release: 1%{?dist} +Summary: Tool for interactive command line environments on Linux License: ASL 2.0 URL: https://containertoolbx.org/ @@ -27,12 +27,6 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version # RHEL specific Source1: %{name}.conf -# Upstream -Patch0: toolbox-Build-fixes.patch -Patch1: toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch -Patch2: toolbox-Simplify-removing-the-user-s-password.patch -Patch3: toolbox-cmd-Track-the-active-container-on-Fedora-Linux-Asahi.patch - # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -44,7 +38,7 @@ Patch202: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch BuildRequires: gcc BuildRequires: go-md2man -BuildRequires: golang >= 1.19.4 +BuildRequires: golang >= 1.20 BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) BuildRequires: shadow-utils-subid-devel @@ -54,14 +48,15 @@ BuildRequires: systemd-rpm-macros BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1 BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0 BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0 -BuildRequires: golang(github.com/docker/go-units) >= 0.4.0 +BuildRequires: golang(github.com/docker/go-units) >= 0.5.0 BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1 BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6 BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1 BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0 BuildRequires: golang(github.com/spf13/viper) >= 1.10.1 -BuildRequires: golang(golang.org/x/sys/unix) -BuildRequires: golang(golang.org/x/term) +BuildRequires: golang(golang.org/x/sys/unix) >= 0.1.0 +BuildRequires: golang(golang.org/x/text) >= 0.3.8 +BuildRequires: golang(gopkg.in/yaml.v3) >= 3.0.0 BuildRequires: pkgconfig(fish) # for tests # BuildRequires: codespell @@ -69,17 +64,26 @@ BuildRequires: pkgconfig(fish) # BuildRequires: ShellCheck %endif +Recommends: skopeo +Recommends: subscription-manager + Requires: containers-common -Requires: podman >= 1.4.0 +Requires: podman >= 1.6.4 %if ! 0%{?rhel} Requires: flatpak-session-helper %endif %description -Toolbox is a tool for Linux operating systems, which allows the use of -containerized command line environments. It is built on top of Podman and -other standard container technologies from OCI. +Toolbx is a tool for Linux, which allows the use of interactive command line +environments for development and troubleshooting the host operating system, +without having to install software on the host. It is built on top of Podman +and other standard container technologies from OCI. + +Toolbx environments have seamless access to the user's home directory, the +Wayland and X11 sockets, networking (including Avahi), removable devices (like +USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev +database, etc.. %if ! 0%{?rhel} @@ -163,14 +167,13 @@ Summary: Tests for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} Requires: coreutils -Requires: gawk Requires: grep # for htpasswd Requires: httpd-tools Requires: openssl Requires: skopeo %if ! 0%{?rhel} -Requires: bats +Requires: bats >= 1.7.0 %endif %description tests @@ -179,10 +182,6 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 %if 0%{?fedora} %ifnarch ppc64 @@ -267,6 +266,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Tue Dec 19 2023 Debarshi Ray - 0.0.99.5-1 +- Update to 0.0.99.5 + * Tue Dec 19 2023 Debarshi Ray - 0.0.99.4-10 - Require openssl(1) for the system tests in the tests subpackage From 57ae69592c86bef5f8493cc68a04fb8a905f5719 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 19 Dec 2023 14:09:03 +0100 Subject: [PATCH 097/145] Drop the experience and support subpackages The only known user of the toolbox-experience and toolbox-support packages was: https://github.com/AICoE/tf-in-container ... which was declared dead in February 2022. Hence, there's no need to keep offering these subpackages. Especially, since the cost of keeping them updated to match the content of the fedora-toolbox images is quite high. If someone really needs these subpackages, then they can be reinstated. --- toolbox.spec | 89 +++------------------------------------------------- 1 file changed, 5 insertions(+), 84 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index e9fdfc0..0e9ad09 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,7 +17,7 @@ Version: 0.0.99.5 %endif %endif -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for interactive command line environments on Linux License: ASL 2.0 @@ -85,82 +85,6 @@ Wayland and X11 sockets, networking (including Avahi), removable devices (like USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev database, etc.. -%if ! 0%{?rhel} - -# The list of requires packages for -support and -experience should be in sync with: -# https://github.com/containers/toolbox/blob/master/images/fedora/f33/extra-packages -%package support -Summary: Required packages for the container image to support %{name} - -# These are really required to make the image work with toolbox -Requires: passwd -Requires: shadow-utils -Requires: util-linux -Requires: vte-profile - -%description support -The %{name}-support package contains all the required packages that are needed -to be installed in the OCI image to make it work with %{name}. - -The %{name}-support package should be typically installed from the Dockerfile -if the image isn't based on the fedora-toolbox image. - - -%package experience -Summary: Set of packages to enhance the %{name} experience - -Requires: %{name}-support = %{version}-%{release} -Requires: bash-completion -Requires: bc -Requires: bzip2 -Requires: diffutils -Requires: dnf-plugins-core -Requires: findutils -Requires: flatpak-spawn -Requires: fpaste -Requires: git -Requires: gnupg -Requires: gnupg2-smime -Requires: gvfs-client -Requires: hostname -Requires: iproute -Requires: iputils -Requires: jwhois -Requires: keyutils -Requires: krb5-libs -Requires: less -Requires: lsof -Requires: man-db -Requires: man-pages -Requires: mtr -Requires: nano-default-editor -Requires: nss-mdns -Requires: openssh-clients -Requires: pigz -Requires: procps-ng -Requires: rsync -Requires: sudo -Requires: tcpdump -Requires: time -Requires: traceroute -Requires: tree -Requires: unzip -Requires: wget -Requires: which -Requires: words -Requires: xorg-x11-xauth -Requires: xz -Requires: zip - -%description experience -The %{name}-experience package contains all the packages that should be -installed in the container to provide the same default experience as working -on the host. - -The %{name}-experience package should be typically installed from the -Dockerfile if the image isn't based on the fedora-toolbox image. - -%endif %package tests Summary: Tests for %{name} @@ -176,6 +100,7 @@ Requires: skopeo Requires: bats >= 1.7.0 %endif + %description tests The %{name}-tests package contains system tests for %{name}. @@ -253,19 +178,15 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %{_sysconfdir}/profile.d/%{name}.sh %{_tmpfilesdir}/%{name}.conf -%if ! 0%{?rhel} - -%files support - -%files experience - -%endif %files tests %{_datadir}/%{name} %changelog +* Tue Dec 19 2023 Debarshi Ray - 0.0.99.5-2 +- Drop the experience and support subpackages + * Tue Dec 19 2023 Debarshi Ray - 0.0.99.5-1 - Update to 0.0.99.5 From f79961c521fdc38a0cf68ae18e1071fd57b3938c Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 11 Jan 2024 18:52:10 +0100 Subject: [PATCH 098/145] Drop 'Recommends: subscription-manager' ... because subscription-manager requires python3-dnf, which contains %{_bindir}/dnf-3 and %{_bindir}/dnf4 [1]. This is a problem on Fedora Silverblue, because they shouldn't be present on OSTree based variants of Fedora. This reverts parts of commit 6682165143201ac7ce7d57a52117e7b76147798f. [1] https://github.com/fedora-silverblue/issue-tracker/issues/521 --- toolbox.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 0e9ad09..f9ad3b7 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,7 +17,7 @@ Version: 0.0.99.5 %endif %endif -Release: 2%{?dist} +Release: 3%{?dist} Summary: Tool for interactive command line environments on Linux License: ASL 2.0 @@ -65,7 +65,6 @@ BuildRequires: pkgconfig(fish) %endif Recommends: skopeo -Recommends: subscription-manager Requires: containers-common Requires: podman >= 1.6.4 @@ -184,6 +183,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Thu Jan 11 2024 Debarshi Ray - 0.0.99.5-3 +- Drop 'Recommends: subscription-manager' + * Tue Dec 19 2023 Debarshi Ray - 0.0.99.5-2 - Drop the experience and support subpackages From 25a9050dd041d0425c78c3c71476d0fdf8c16c21 Mon Sep 17 00:00:00 2001 From: Maxwell G Date: Fri, 12 Jan 2024 21:09:56 +0000 Subject: [PATCH 099/145] Remove deprecated %patchN syntax [skip changelog] Relates: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/5YUJWTUJK4JA26YP2VD46HOCQ6UZXMQD/ --- toolbox.spec | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index f9ad3b7..bdff904 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -109,21 +109,21 @@ The %{name}-tests package contains system tests for %{name}. %if 0%{?fedora} %ifnarch ppc64 -%patch100 -p1 +%patch -P100 -p1 %else -%patch101 -p1 +%patch -P101 -p1 %endif %endif %if 0%{?rhel} %ifnarch ppc64 -%patch200 -p1 +%patch -P200 -p1 %else -%patch201 -p1 +%patch -P201 -p1 %endif %if 0%{?rhel} <= 9 -%patch202 -p1 +%patch -P202 -p1 %endif %endif From 78a3000c62cef00e9ee128d816776efa4b8f895b Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jan 2024 06:33:04 +0000 Subject: [PATCH 100/145] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index bdff904..d4a09b8 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,7 +17,7 @@ Version: 0.0.99.5 %endif %endif -Release: 3%{?dist} +Release: 4%{?dist} Summary: Tool for interactive command line environments on Linux License: ASL 2.0 @@ -183,6 +183,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Sat Jan 27 2024 Fedora Release Engineering - 0.0.99.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Thu Jan 11 2024 Debarshi Ray - 0.0.99.5-3 - Drop 'Recommends: subscription-manager' From 5aea389aaba8cceeead4e4db6bb11404f86f55f1 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 7 Feb 2024 14:45:03 +0100 Subject: [PATCH 101/145] Migrate to SPDX license --- toolbox.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index d4a09b8..a533d26 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,10 +17,10 @@ Version: 0.0.99.5 %endif %endif -Release: 4%{?dist} +Release: 5%{?dist} Summary: Tool for interactive command line environments on Linux -License: ASL 2.0 +License: Apache-2.0 URL: https://containertoolbx.org/ Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz @@ -183,6 +183,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Wed Feb 07 2024 Debarshi Ray - 0.0.99.5-5 +- Migrate to SPDX license + * Sat Jan 27 2024 Fedora Release Engineering - 0.0.99.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 85becd3ddeb7262cd6870f7ccafbbbb23abcdc4b Mon Sep 17 00:00:00 2001 From: Maxwell G Date: Sun, 11 Feb 2024 23:40:44 +0000 Subject: [PATCH 102/145] Rebuild for golang 1.22.0 --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index a533d26..a67f3e6 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,7 +17,7 @@ Version: 0.0.99.5 %endif %endif -Release: 5%{?dist} +Release: 6%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -183,6 +183,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Sun Feb 11 2024 Maxwell G - 0.0.99.5-6 +- Rebuild for golang 1.22.0 + * Wed Feb 07 2024 Debarshi Ray - 0.0.99.5-5 - Migrate to SPDX license From 32b32e42f359e0255f4348d5ab28fffd38e2042d Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 13 Feb 2024 22:58:07 +0100 Subject: [PATCH 103/145] Unbreak Podman's downstream Fedora CI ... and update the BuildRequires on golang to reflect reality. https://bugzilla.redhat.com/show_bug.cgi?id=2263968 --- ...nbreak-Podman-s-downstream-Fedora-CI.patch | 47 +++++++++++++++++++ toolbox.spec | 13 ++++- 2 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch diff --git a/toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch b/toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch new file mode 100644 index 0000000..92cebc8 --- /dev/null +++ b/toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch @@ -0,0 +1,47 @@ +From 6838e9347199e875f9869acd2afa64688161ca11 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 13 Feb 2024 21:56:06 +0100 +Subject: [PATCH] test/system: Unbreak Podman's downstream Fedora CI + +The paths to bats-assert and bats-support are broken, if bats(1) is +invoked from any other location than the parent directory of the 'tests' +directory. eg., Podman's downstream Fedora CI invokes the tests as: + $ cd /path/to/toolbox/test/system + $ bats . + +... and it led to [1]: + 1..306 + # test suite: Set up + # Missing dependencies + # Forgot to run 'git submodule init' and 'git submodule update' ? + # test suite: Tear down + not ok 1 setup_suite + # (from function `setup_suite' in test file ./setup_suite.bash, line 33) + # `return 1' failed + # bats warning: Executed 1 instead of expected 306 tests + +Fallout from 2c0960660330dc6be6861502988695f9812c475a + +[1] https://bugzilla.redhat.com/show_bug.cgi?id=2263968 + +https://github.com/containers/toolbox/pull/1448 +--- + test/system/setup_suite.bash | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/system/setup_suite.bash b/test/system/setup_suite.bash +index 78507d660529..649018f01e96 100644 +--- a/test/system/setup_suite.bash ++++ b/test/system/setup_suite.bash +@@ -17,7 +17,7 @@ + + missing_dependencies=false + +-if [ -f test/system/libs/bats-assert/load.bash ] && [ -f test/system/libs/bats-support/load.bash ]; then ++if [ -f "$BATS_TEST_DIRNAME/libs/bats-assert/load.bash" ] && [ -f "$BATS_TEST_DIRNAME/libs/bats-support/load.bash" ]; then + load 'libs/helpers' + else + missing_dependencies=true +-- +2.43.0 + diff --git a/toolbox.spec b/toolbox.spec index a67f3e6..0e6eff4 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,7 +17,7 @@ Version: 0.0.99.5 %endif %endif -Release: 6%{?dist} +Release: 7%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -27,6 +27,9 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version # RHEL specific Source1: %{name}.conf +# Upstream +Patch0: toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch + # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -38,7 +41,7 @@ Patch202: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch BuildRequires: gcc BuildRequires: go-md2man -BuildRequires: golang >= 1.20 +BuildRequires: golang >= 1.22 BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) BuildRequires: shadow-utils-subid-devel @@ -107,6 +110,8 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q +%patch -P0 -p1 + %if 0%{?fedora} %ifnarch ppc64 %patch -P100 -p1 @@ -183,6 +188,10 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Tue Feb 13 2024 Debarshi Ray - 0.0.99.5-7 +- Unbreak Podman's downstream Fedora CI +- Update the BuildRequires on golang to reflect reality + * Sun Feb 11 2024 Maxwell G - 0.0.99.5-6 - Rebuild for golang 1.22.0 From 72a3fb0bb085d4bfae5f973cf8554c54546fd327 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 27 Feb 2024 16:12:07 +0100 Subject: [PATCH 104/145] Unbreak Podman's downstream Fedora CI (part 2) ... and backport some new upstream tests. https://bugzilla.redhat.com/show_bug.cgi?id=2263968 --- ...nbreak-Podman-s-downstream-Fedora-CI.patch | 167 +++- toolbox-test-system-new.patch | 894 ++++++++++++++++++ toolbox.spec | 10 +- 3 files changed, 1066 insertions(+), 5 deletions(-) create mode 100644 toolbox-test-system-new.patch diff --git a/toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch b/toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch index 92cebc8..1956003 100644 --- a/toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch +++ b/toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch @@ -1,7 +1,7 @@ -From 6838e9347199e875f9869acd2afa64688161ca11 Mon Sep 17 00:00:00 2001 +From a859f73d075ec0505994d8ce0f371ec28e466983 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 13 Feb 2024 21:56:06 +0100 -Subject: [PATCH] test/system: Unbreak Podman's downstream Fedora CI +Subject: [PATCH 1/2] test/system: Unbreak Podman's downstream Fedora CI The paths to bats-assert and bats-support are broken, if bats(1) is invoked from any other location than the parent directory of the 'tests' @@ -30,7 +30,7 @@ https://github.com/containers/toolbox/pull/1448 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/system/setup_suite.bash b/test/system/setup_suite.bash -index 78507d660529..649018f01e96 100644 +index e4edf232bcd8..01985b7f9afc 100644 --- a/test/system/setup_suite.bash +++ b/test/system/setup_suite.bash @@ -17,7 +17,7 @@ @@ -45,3 +45,164 @@ index 78507d660529..649018f01e96 100644 -- 2.43.0 + +From a183876eae2bb4ffd84bca4303fc28be6725ebc2 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Fri, 23 Feb 2024 10:38:16 +0100 +Subject: [PATCH 2/2] test/system: Unbreak Podman's downstream Fedora CI (part + 2) + +The working directory from which bats(1) is invoked might not be part of +the Toolbx container. eg., Podman's downstream Fedora CI invokes the +tests as: + $ cd /path/to/toolbox/test/system + $ bats . + +... and it led to [1]: + not ok 110 run: Smoke test with true(1) + # (from function `assert_output' in file + ./libs/bats-assert/src/assert.bash, line 255, + # in test file ./104-run.bats, line 38) + # `assert_output ""' failed + # + # -- output differs -- + # expected (0 lines): + # + # actual (3 lines): + # Error: crun: chdir to `/usr/share/toolbox/test/system`: No such + file or directory: OCI runtime attempted to invoke a command that + was not found + # Error: directory /usr/share/toolbox/test/system not found in + container fedora-toolbox-41 + # Using /home/testuser instead. + # -- + # + +[1] https://bugzilla.redhat.com/show_bug.cgi?id=2263968 + +https://github.com/containers/toolbox/pull/1457 +--- + test/system/104-run.bats | 2 ++ + test/system/201-ipc.bats | 2 ++ + test/system/203-network.bats | 2 ++ + test/system/206-user.bats | 2 ++ + test/system/210-ulimit.bats | 2 ++ + test/system/211-dbus.bats | 2 ++ + test/system/220-environment-variables.bats | 2 ++ + 7 files changed, 14 insertions(+) + +diff --git a/test/system/104-run.bats b/test/system/104-run.bats +index ff11a8477062..a0cb89fdeeca 100644 +--- a/test/system/104-run.bats ++++ b/test/system/104-run.bats +@@ -23,9 +23,11 @@ setup() { + bats_require_minimum_version 1.7.0 + _setup_environment + cleanup_containers ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_containers + } + +diff --git a/test/system/201-ipc.bats b/test/system/201-ipc.bats +index 15c791dec86d..09200b41d06c 100644 +--- a/test/system/201-ipc.bats ++++ b/test/system/201-ipc.bats +@@ -23,9 +23,11 @@ setup() { + bats_require_minimum_version 1.7.0 + _setup_environment + cleanup_containers ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_containers + } + +diff --git a/test/system/203-network.bats b/test/system/203-network.bats +index db1ba561f314..012374e3317f 100644 +--- a/test/system/203-network.bats ++++ b/test/system/203-network.bats +@@ -35,9 +35,11 @@ setup() { + bats_require_minimum_version 1.7.0 + _setup_environment + cleanup_containers ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_containers + } + +diff --git a/test/system/206-user.bats b/test/system/206-user.bats +index 2df7862f259e..473a6b40905a 100644 +--- a/test/system/206-user.bats ++++ b/test/system/206-user.bats +@@ -23,9 +23,11 @@ setup() { + bats_require_minimum_version 1.7.0 + _setup_environment + cleanup_containers ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_containers + } + +diff --git a/test/system/210-ulimit.bats b/test/system/210-ulimit.bats +index ea0c46685df1..ea08feea1513 100644 +--- a/test/system/210-ulimit.bats ++++ b/test/system/210-ulimit.bats +@@ -23,9 +23,11 @@ setup() { + bats_require_minimum_version 1.7.0 + _setup_environment + cleanup_containers ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_containers + } + +diff --git a/test/system/211-dbus.bats b/test/system/211-dbus.bats +index 295bb71b2789..61c543a56005 100644 +--- a/test/system/211-dbus.bats ++++ b/test/system/211-dbus.bats +@@ -23,9 +23,11 @@ setup() { + bats_require_minimum_version 1.7.0 + _setup_environment + cleanup_containers ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_containers + } + +diff --git a/test/system/220-environment-variables.bats b/test/system/220-environment-variables.bats +index 5b51d17dee55..c24e07d146ee 100644 +--- a/test/system/220-environment-variables.bats ++++ b/test/system/220-environment-variables.bats +@@ -23,9 +23,11 @@ setup() { + bats_require_minimum_version 1.7.0 + _setup_environment + cleanup_containers ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_containers + } + +-- +2.43.0 + diff --git a/toolbox-test-system-new.patch b/toolbox-test-system-new.patch new file mode 100644 index 0000000..9800b15 --- /dev/null +++ b/toolbox-test-system-new.patch @@ -0,0 +1,894 @@ +From f51c4a4cd8ff1c51a68073a10eaddab8f16fdaf6 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 8 Feb 2024 22:18:33 +0100 +Subject: [PATCH 1/4] test/system: Ensure that the user is part of a group with + the same name + +https://github.com/containers/toolbox/pull/1447 +--- + test/system/206-user.bats | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/test/system/206-user.bats b/test/system/206-user.bats +index c295d8a61f39..cdd38c146024 100644 +--- a/test/system/206-user.bats ++++ b/test/system/206-user.bats +@@ -434,6 +434,7 @@ teardown() { + run --keep-empty-lines --separate-stderr "$TOOLBOX" run cat /etc/group + + assert_success ++ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" + assert_line --regexp "^(sudo|wheel):x:[[:digit:]]+:$USER$" + assert [ ${#lines[@]} -gt 1 ] + +@@ -447,6 +448,7 @@ teardown() { + run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch cat /etc/group + + assert_success ++ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" + assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" + assert [ ${#lines[@]} -gt 1 ] + +@@ -460,6 +462,7 @@ teardown() { + run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 cat /etc/group + + assert_success ++ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" + assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" + assert [ ${#lines[@]} -gt 1 ] + +@@ -473,6 +476,7 @@ teardown() { + run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 cat /etc/group + + assert_success ++ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" + assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" + assert [ ${#lines[@]} -gt 1 ] + +@@ -486,6 +490,7 @@ teardown() { + run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 cat /etc/group + + assert_success ++ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" + assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" + assert [ ${#lines[@]} -gt 1 ] + +@@ -499,6 +504,7 @@ teardown() { + run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 cat /etc/group + + assert_success ++ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" + assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" + assert [ ${#lines[@]} -gt 1 ] + +@@ -512,6 +518,7 @@ teardown() { + run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 cat /etc/group + + assert_success ++ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" + assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" + assert [ ${#lines[@]} -gt 1 ] + +-- +2.43.0 + + +From b2d64fad1a23a07919efdb70de9247645e44f973 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 8 Feb 2024 22:51:43 +0100 +Subject: [PATCH 2/4] test/system: Ensure that process started by 'podman exec' + has all groups +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit 15173f8c25c81244 exposed a bug in crun(1) [1] where the process +started directly by 'podman exec --user ...' inside the Toolbx container +would not have the supplementary groups attached to the user by the +entry point. + +This could be observed by differences in id(1): + ⬢$ id + uid=1000(user) gid=1000(user) groups=1000(user) + ⬢$ id user + uid=1000(user) gid=1000(user) groups=1000(user),10(wheel) + +... and could be worked around by starting a new session with sudo(8). + +[1] crun commit 9effaebb429a1aed + https://github.com/containers/crun/commit/9effaebb429a1aed + https://github.com/containers/crun/issues/644 + https://github.com/containers/podman/issues/9986 + +https://github.com/containers/toolbox/issues/608 +--- + test/system/206-user.bats | 231 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 231 insertions(+) + +diff --git a/test/system/206-user.bats b/test/system/206-user.bats +index cdd38c146024..2df7862f259e 100644 +--- a/test/system/206-user.bats ++++ b/test/system/206-user.bats +@@ -525,3 +525,234 @@ teardown() { + # shellcheck disable=SC2154 + assert [ ${#stderr_lines[@]} -eq 0 ] + } ++ ++@test "user: id(1) for $USER inside the default container" { ++ create_default_container ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run id ++ ++ assert_success ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ local output_id="${lines[0]}" ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run id "$USER" ++ ++ assert_success ++ assert_line --index 0 "$output_id" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: id(1) for $USER inside Arch Linux" { ++ create_distro_container arch latest arch-toolbox-latest ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch id ++ ++ assert_success ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ local output_id="${lines[0]}" ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch id "$USER" ++ ++ assert_success ++ assert_line --index 0 "$output_id" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: id(1) for $USER inside Fedora 34" { ++ create_distro_container fedora 34 fedora-toolbox-34 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 id ++ ++ assert_success ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ local output_id="${lines[0]}" ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 id "$USER" ++ ++ assert_success ++ assert_line --index 0 "$output_id" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: id(1) for $USER inside RHEL 8.7" { ++ create_distro_container rhel 8.7 rhel-toolbox-8.7 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 id ++ ++ assert_success ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ local output_id="${lines[0]}" ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 id "$USER" ++ ++ assert_success ++ assert_line --index 0 "$output_id" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: id(1) for $USER inside Ubuntu 16.04" { ++ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 id ++ ++ assert_success ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ local output_id="${lines[0]}" ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 id "$USER" ++ ++ assert_success ++ assert_line --index 0 "$output_id" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: id(1) for $USER inside Ubuntu 18.04" { ++ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 id ++ ++ assert_success ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ local output_id="${lines[0]}" ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 id "$USER" ++ ++ assert_success ++ assert_line --index 0 "$output_id" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "user: id(1) for $USER inside Ubuntu 20.04" { ++ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 id ++ ++ assert_success ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ local output_id="${lines[0]}" ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++ ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 id "$USER" ++ ++ assert_success ++ assert_line --index 0 "$output_id" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ # shellcheck disable=SC2154 ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} +-- +2.43.0 + + +From da2555d04f9ff677b3f2033ff36390f75c3a509d Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 18 Jan 2024 19:53:02 +0100 +Subject: [PATCH 3/4] test/system: Group by higher-level objective, not + distribution + +Fallout from 51ffd2793d882ffab45ace44c03edfdaeb3f138c + +https://github.com/containers/toolbox/pull/1436 +--- + test/system/220-environment-variables.bats | 152 ++++++++++----------- + 1 file changed, 76 insertions(+), 76 deletions(-) + +diff --git a/test/system/220-environment-variables.bats b/test/system/220-environment-variables.bats +index 0e1356654468..dd74b1dc5142 100644 +--- a/test/system/220-environment-variables.bats ++++ b/test/system/220-environment-variables.bats +@@ -1,6 +1,6 @@ + # shellcheck shell=bats + # +-# Copyright © 2023 Red Hat, Inc. ++# Copyright © 2023 – 2024 Red Hat, Inc. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. +@@ -57,25 +57,24 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTSIZE inside the default container" { +- skip "https://pagure.io/setup/pull-request/48" +- +- create_default_container ++@test "environment variables: HISTFILESIZE inside Arch Linux" { ++ create_distro_container arch latest arch-toolbox-latest + +- if [ "$HISTSIZE" = "" ]; then ++ # shellcheck disable=SC2031 ++ if [ "$HISTFILESIZE" = "" ]; then + # shellcheck disable=SC2030 +- HISTSIZE=1001 ++ HISTFILESIZE=1001 + else +- ((HISTSIZE++)) ++ ((HISTFILESIZE++)) + fi + +- export HISTSIZE ++ export HISTFILESIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run bash -c 'echo "$HISTSIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTFILESIZE"' + + assert_success +- assert_line --index 0 "$HISTSIZE" ++ assert_line --index 0 "$HISTFILESIZE" + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 1 ] +@@ -87,8 +86,8 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTFILESIZE inside Arch Linux" { +- create_distro_container arch latest arch-toolbox-latest ++@test "environment variables: HISTFILESIZE inside Fedora 34" { ++ create_distro_container fedora 34 fedora-toolbox-34 + + # shellcheck disable=SC2031 + if [ "$HISTFILESIZE" = "" ]; then +@@ -101,7 +100,7 @@ teardown() { + export HISTFILESIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTFILESIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTFILESIZE"' + + assert_success + assert_line --index 0 "$HISTFILESIZE" +@@ -116,24 +115,24 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTSIZE inside Arch Linux" { +- create_distro_container arch latest arch-toolbox-latest ++@test "environment variables: HISTFILESIZE inside RHEL 8.7" { ++ create_distro_container rhel 8.7 rhel-toolbox-8.7 + + # shellcheck disable=SC2031 +- if [ "$HISTSIZE" = "" ]; then ++ if [ "$HISTFILESIZE" = "" ]; then + # shellcheck disable=SC2030 +- HISTSIZE=1001 ++ HISTFILESIZE=1001 + else +- ((HISTSIZE++)) ++ ((HISTFILESIZE++)) + fi + +- export HISTSIZE ++ export HISTFILESIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTSIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTFILESIZE"' + + assert_success +- assert_line --index 0 "$HISTSIZE" ++ assert_line --index 0 "$HISTFILESIZE" + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 1 ] +@@ -145,8 +144,8 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTFILESIZE inside Fedora 34" { +- create_distro_container fedora 34 fedora-toolbox-34 ++@test "environment variables: HISTFILESIZE inside Ubuntu 16.04" { ++ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 + + # shellcheck disable=SC2031 + if [ "$HISTFILESIZE" = "" ]; then +@@ -159,7 +158,8 @@ teardown() { + export HISTFILESIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTFILESIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 \ ++ bash -c 'echo "$HISTFILESIZE"' + + assert_success + assert_line --index 0 "$HISTFILESIZE" +@@ -174,26 +174,25 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTSIZE inside Fedora 34" { +- skip "https://pagure.io/setup/pull-request/48" +- +- create_distro_container fedora 34 fedora-toolbox-34 ++@test "environment variables: HISTFILESIZE inside Ubuntu 18.04" { ++ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 + + # shellcheck disable=SC2031 +- if [ "$HISTSIZE" = "" ]; then ++ if [ "$HISTFILESIZE" = "" ]; then + # shellcheck disable=SC2030 +- HISTSIZE=1001 ++ HISTFILESIZE=1001 + else +- ((HISTSIZE++)) ++ ((HISTFILESIZE++)) + fi + +- export HISTSIZE ++ export HISTFILESIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTSIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 \ ++ bash -c 'echo "$HISTFILESIZE"' + + assert_success +- assert_line --index 0 "$HISTSIZE" ++ assert_line --index 0 "$HISTFILESIZE" + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 1 ] +@@ -205,12 +204,11 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTFILESIZE inside RHEL 8.7" { +- create_distro_container rhel 8.7 rhel-toolbox-8.7 ++@test "environment variables: HISTFILESIZE inside Ubuntu 20.04" { ++ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 + + # shellcheck disable=SC2031 + if [ "$HISTFILESIZE" = "" ]; then +- # shellcheck disable=SC2030 + HISTFILESIZE=1001 + else + ((HISTFILESIZE++)) +@@ -219,7 +217,8 @@ teardown() { + export HISTFILESIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTFILESIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 \ ++ bash -c 'echo "$HISTFILESIZE"' + + assert_success + assert_line --index 0 "$HISTFILESIZE" +@@ -234,12 +233,11 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTSIZE inside RHEL 8.7" { ++@test "environment variables: HISTSIZE inside the default container" { + skip "https://pagure.io/setup/pull-request/48" + +- create_distro_container rhel 8.7 rhel-toolbox-8.7 ++ create_default_container + +- # shellcheck disable=SC2031 + if [ "$HISTSIZE" = "" ]; then + # shellcheck disable=SC2030 + HISTSIZE=1001 +@@ -250,7 +248,7 @@ teardown() { + export HISTSIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTSIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run bash -c 'echo "$HISTSIZE"' + + assert_success + assert_line --index 0 "$HISTSIZE" +@@ -265,25 +263,24 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTFILESIZE inside Ubuntu 16.04" { +- create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 ++@test "environment variables: HISTSIZE inside Arch Linux" { ++ create_distro_container arch latest arch-toolbox-latest + + # shellcheck disable=SC2031 +- if [ "$HISTFILESIZE" = "" ]; then ++ if [ "$HISTSIZE" = "" ]; then + # shellcheck disable=SC2030 +- HISTFILESIZE=1001 ++ HISTSIZE=1001 + else +- ((HISTFILESIZE++)) ++ ((HISTSIZE++)) + fi + +- export HISTFILESIZE ++ export HISTSIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 \ +- bash -c 'echo "$HISTFILESIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTSIZE"' + + assert_success +- assert_line --index 0 "$HISTFILESIZE" ++ assert_line --index 0 "$HISTSIZE" + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 1 ] +@@ -295,8 +292,10 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTSIZE inside Ubuntu 16.04" { +- create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 ++@test "environment variables: HISTSIZE inside Fedora 34" { ++ skip "https://pagure.io/setup/pull-request/48" ++ ++ create_distro_container fedora 34 fedora-toolbox-34 + + # shellcheck disable=SC2031 + if [ "$HISTSIZE" = "" ]; then +@@ -309,7 +308,7 @@ teardown() { + export HISTSIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 bash -c 'echo "$HISTSIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTSIZE"' + + assert_success + assert_line --index 0 "$HISTSIZE" +@@ -324,25 +323,26 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTFILESIZE inside Ubuntu 18.04" { +- create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 ++@test "environment variables: HISTSIZE inside RHEL 8.7" { ++ skip "https://pagure.io/setup/pull-request/48" ++ ++ create_distro_container rhel 8.7 rhel-toolbox-8.7 + + # shellcheck disable=SC2031 +- if [ "$HISTFILESIZE" = "" ]; then ++ if [ "$HISTSIZE" = "" ]; then + # shellcheck disable=SC2030 +- HISTFILESIZE=1001 ++ HISTSIZE=1001 + else +- ((HISTFILESIZE++)) ++ ((HISTSIZE++)) + fi + +- export HISTFILESIZE ++ export HISTSIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 \ +- bash -c 'echo "$HISTFILESIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTSIZE"' + + assert_success +- assert_line --index 0 "$HISTFILESIZE" ++ assert_line --index 0 "$HISTSIZE" + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 1 ] +@@ -354,8 +354,8 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTSIZE inside Ubuntu 18.04" { +- create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 ++@test "environment variables: HISTSIZE inside Ubuntu 16.04" { ++ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 + + # shellcheck disable=SC2031 + if [ "$HISTSIZE" = "" ]; then +@@ -368,7 +368,7 @@ teardown() { + export HISTSIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 bash -c 'echo "$HISTSIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 bash -c 'echo "$HISTSIZE"' + + assert_success + assert_line --index 0 "$HISTSIZE" +@@ -383,24 +383,24 @@ teardown() { + assert [ ${#stderr_lines[@]} -eq 0 ] + } + +-@test "environment variables: HISTFILESIZE inside Ubuntu 20.04" { +- create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 ++@test "environment variables: HISTSIZE inside Ubuntu 18.04" { ++ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 + + # shellcheck disable=SC2031 +- if [ "$HISTFILESIZE" = "" ]; then +- HISTFILESIZE=1001 ++ if [ "$HISTSIZE" = "" ]; then ++ # shellcheck disable=SC2030 ++ HISTSIZE=1001 + else +- ((HISTFILESIZE++)) ++ ((HISTSIZE++)) + fi + +- export HISTFILESIZE ++ export HISTSIZE + + # shellcheck disable=SC2016 +- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 \ +- bash -c 'echo "$HISTFILESIZE"' ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 bash -c 'echo "$HISTSIZE"' + + assert_success +- assert_line --index 0 "$HISTFILESIZE" ++ assert_line --index 0 "$HISTSIZE" + + if check_bats_version 1.10.0; then + assert [ ${#lines[@]} -eq 1 ] +-- +2.43.0 + + +From ee2c92299d5488bab4e54cb04d9a120e0b9ed405 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 18 Jan 2024 20:17:50 +0100 +Subject: [PATCH 4/4] test/system: Test that the HOSTNAME environment variable + is set + +Bash automatically sets the HOSTNAME environment variable to the name of +the current host [1] as returned by gethostname(2), which is the same as +hostname(1). + +However, on Fedora, from Fedora 33 onwards, /etc/profile sets the +HOSTNAME environment variable to 'hostnamectl --transient' [2], and, +from Fedora 35 onwards, it has a fallback to hostname(1) [3]. These two +approaches return different values when used inside a Toolbx container. +The former picks up the hostname of the host operating system, while the +fallback gets the name that was set when creating the container with +'podman create --hostname toolbox ...'. + +Hence, the value of HOSTNAME inside a Toolbx container for Fedora +depends on whether the corresponding version of the fedora-toolbox image +contained hostnamectl(1) or not. + +[1] https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html + +[2] setup commit eb9cc4dce89be24f + https://pagure.io/setup/c/eb9cc4dce89be24f + https://bugzilla.redhat.com/show_bug.cgi?id=1745245 + +[3] setup commit ddd74b5d971a734c + https://pagure.io/setup/c/ddd74b5d971a734c + https://pagure.io/setup/pull-request/28 + https://bugzilla.redhat.com/show_bug.cgi?id=1938223 + +https://github.com/containers/toolbox/issues/558 +--- + test/system/220-environment-variables.bats | 126 +++++++++++++++++++++ + 1 file changed, 126 insertions(+) + +diff --git a/test/system/220-environment-variables.bats b/test/system/220-environment-variables.bats +index dd74b1dc5142..5b51d17dee55 100644 +--- a/test/system/220-environment-variables.bats ++++ b/test/system/220-environment-variables.bats +@@ -439,3 +439,129 @@ teardown() { + # shellcheck disable=SC2154 + assert [ ${#stderr_lines[@]} -eq 0 ] + } ++ ++@test "environment variables: HOSTNAME inside the default container" { ++ create_default_container ++ ++ # shellcheck disable=SC2016 ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run bash -c 'echo "$HOSTNAME"' ++ ++ assert_success ++ assert_line --index 0 --regexp "^(toolbox|$HOSTNAME)$" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "environment variables: HOSTNAME inside Arch Linux" { ++ create_distro_container arch latest arch-toolbox-latest ++ ++ # shellcheck disable=SC2016 ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HOSTNAME"' ++ ++ assert_success ++ assert_line --index 0 "toolbox" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "environment variables: HOSTNAME inside Fedora 34" { ++ create_distro_container fedora 34 fedora-toolbox-34 ++ ++ # shellcheck disable=SC2016 ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HOSTNAME"' ++ ++ assert_success ++ assert_line --index 0 "$HOSTNAME" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "environment variables: HOSTNAME inside RHEL 8.7" { ++ create_distro_container rhel 8.7 rhel-toolbox-8.7 ++ ++ # shellcheck disable=SC2016 ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HOSTNAME"' ++ ++ assert_success ++ assert_line --index 0 "toolbox" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "environment variables: HOSTNAME inside Ubuntu 16.04" { ++ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 ++ ++ # shellcheck disable=SC2016 ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 bash -c 'echo "$HOSTNAME"' ++ ++ assert_success ++ assert_line --index 0 "toolbox" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "environment variables: HOSTNAME inside Ubuntu 18.04" { ++ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 ++ ++ # shellcheck disable=SC2016 ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 bash -c 'echo "$HOSTNAME"' ++ ++ assert_success ++ assert_line --index 0 "toolbox" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} ++ ++@test "environment variables: HOSTNAME inside Ubuntu 20.04" { ++ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 ++ ++ # shellcheck disable=SC2016 ++ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 bash -c 'echo "$HOSTNAME"' ++ ++ assert_success ++ assert_line --index 0 "toolbox" ++ ++ if check_bats_version 1.10.0; then ++ assert [ ${#lines[@]} -eq 1 ] ++ else ++ assert [ ${#lines[@]} -eq 2 ] ++ fi ++ ++ assert [ ${#stderr_lines[@]} -eq 0 ] ++} +-- +2.43.0 + diff --git a/toolbox.spec b/toolbox.spec index 0e6eff4..358bb2d 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,7 +17,7 @@ Version: 0.0.99.5 %endif %endif -Release: 7%{?dist} +Release: 8%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -28,7 +28,8 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version Source1: %{name}.conf # Upstream -Patch0: toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch +Patch0: toolbox-test-system-new.patch +Patch1: toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -111,6 +112,7 @@ The %{name}-tests package contains system tests for %{name}. %setup -q %patch -P0 -p1 +%patch -P1 -p1 %if 0%{?fedora} %ifnarch ppc64 @@ -188,6 +190,10 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Tue Feb 27 2024 Debarshi Ray - 0.0.99.5-8 +- Unbreak Podman's downstream Fedora CI (part 2) +- Backport some new upstream tests + * Tue Feb 13 2024 Debarshi Ray - 0.0.99.5-7 - Unbreak Podman's downstream Fedora CI - Update the BuildRequires on golang to reflect reality From 6dfd366e611ea230785a598899e95d99cf2f5ebf Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 5 Mar 2024 19:19:26 +0100 Subject: [PATCH 105/145] Conditionalize the BuildRequires on golang The OpenSSL FIPS patches in Fedora ELN's golang makes it lag behind its Fedora counterpart at times. Spotted by Yaakov Selkowitz. Fallout from 32b32e42f359e0255f4348d5ab28fffd38e2042d https://src.fedoraproject.org/rpms/toolbox/pull-request/18 --- toolbox.spec | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 358bb2d..773c3ce 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,7 +17,13 @@ Version: 0.0.99.5 %endif %endif -Release: 8%{?dist} +%global toolbx_go 1.20 + +%if 0%{?fedora} +%global toolbx_go 1.22 +%endif + +Release: 9%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -42,7 +48,7 @@ Patch202: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch BuildRequires: gcc BuildRequires: go-md2man -BuildRequires: golang >= 1.22 +BuildRequires: golang >= %{toolbx_go} BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) BuildRequires: shadow-utils-subid-devel @@ -190,6 +196,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Tue Mar 05 2024 Debarshi Ray - 0.0.99.5-9 +- Conditionalize the BuildRequires on golang + * Tue Feb 27 2024 Debarshi Ray - 0.0.99.5-8 - Unbreak Podman's downstream Fedora CI (part 2) - Backport some new upstream tests From fd1d76c6019d57ce8c94983f05465b474b9826d1 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 26 Mar 2024 18:06:02 +0100 Subject: [PATCH 106/145] Specify the golang versions for RHEL 9 and 10 --- toolbox.spec | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 773c3ce..778213c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -23,7 +23,15 @@ Version: 0.0.99.5 %global toolbx_go 1.22 %endif -Release: 9%{?dist} +%if 0%{?rhel} +%if 0%{?rhel} == 9 +%global toolbx_go 1.21.7 +%elif 0%{?rhel} == 10 +%global toolbx_go 1.21.3 +%endif +%endif + +Release: 10%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -196,6 +204,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Tue Mar 26 2024 Debarshi Ray - 0.0.99.5-10 +- Specify the golang versions for RHEL 9 and 10 + * Tue Mar 05 2024 Debarshi Ray - 0.0.99.5-9 - Conditionalize the BuildRequires on golang From d8388da39eaf8ca11dd723ab2565f5a3b7c28fe6 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 7 May 2024 00:45:50 +0200 Subject: [PATCH 107/145] Unbreak the tests with Podman 5.0 ... and make them show the Bats version. --- ...books-test-system-bats-1.11-podman-5.patch | 161 ++++++++++++++++++ toolbox.spec | 7 +- 2 files changed, 167 insertions(+), 1 deletion(-) create mode 100644 toolbox-playbooks-test-system-bats-1.11-podman-5.patch diff --git a/toolbox-playbooks-test-system-bats-1.11-podman-5.patch b/toolbox-playbooks-test-system-bats-1.11-podman-5.patch new file mode 100644 index 0000000..7834933 --- /dev/null +++ b/toolbox-playbooks-test-system-bats-1.11-podman-5.patch @@ -0,0 +1,161 @@ +From 6626b11e1565412e411f585657ebe9615ec58cad Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 17 Apr 2024 16:58:32 +0200 +Subject: [PATCH 1/2] playbooks: Show the Bats version + +Ansible's built-in 'package' module doesn't show any details when +installing the RPMs. All that can be seen is: + TASK [Install RPM packages] + fedora-rawhide | changed + +Therefore, there's no way to know what version of the packages got +installed. + +In this case, not knowing the Bats version being used by the CI makes it +difficult to know why the tests are generating this spew on Fedora +Rawhide [1]: + TASK [Run system tests] + test/system/libs/helpers.bash: line 7: TEMP_BASE_DIR: readonly variable + test/system/libs/helpers.bash: line 8: TEMP_STORAGE_DIR: readonly variable + test/system/libs/helpers.bash: line 10: IMAGE_CACHE_DIR: readonly variable + test/system/libs/helpers.bash: line 11: ROOTLESS_PODMAN_STORE_DIR: readonly variable + test/system/libs/helpers.bash: line 12: ROOTLESS_PODMAN_RUNROOT_DIR: readonly variable + test/system/libs/helpers.bash: line 13: PODMAN_STORE_CONFIG_FILE: readonly variable + test/system/libs/helpers.bash: line 14: DOCKER_REG_ROOT: readonly variable + test/system/libs/helpers.bash: line 15: DOCKER_REG_CERTS_DIR: readonly variable + test/system/libs/helpers.bash: line 16: DOCKER_REG_AUTH_DIR: readonly variable + test/system/libs/helpers.bash: line 17: DOCKER_REG_URI: readonly variable + test/system/libs/helpers.bash: line 18: DOCKER_REG_NAME: readonly variable + test/system/libs/helpers.bash: line 21: PODMAN: readonly variable + test/system/libs/helpers.bash: line 22: TOOLBX: readonly variable + test/system/libs/helpers.bash: line 23: SKOPEO: readonly variable + ... + fedora-rawhide | 1..340 + +[1] https://github.com/bats-core/bats-core/pull/904 + +https://github.com/containers/toolbox/pull/1482 +--- + playbooks/dependencies-centos-9-stream.yaml | 2 +- + playbooks/dependencies-fedora.yaml | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml +index ffbc6d9903cb..d058d314b7b3 100644 +--- a/playbooks/dependencies-centos-9-stream.yaml ++++ b/playbooks/dependencies-centos-9-stream.yaml +@@ -54,7 +54,7 @@ + chdir: '{{ zuul.project.src_dir }}' + + - name: Check versions of crucial packages +- command: rpm -qa ShellCheck codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo ++ command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo + + - name: Show podman versions + command: podman version +diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml +index d493bd0729ea..ade169917cbe 100644 +--- a/playbooks/dependencies-fedora.yaml ++++ b/playbooks/dependencies-fedora.yaml +@@ -54,7 +54,7 @@ + chdir: '{{ zuul.project.src_dir }}' + + - name: Check versions of crucial packages +- command: rpm -qa ShellCheck codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo ++ command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo + + - name: Show podman versions + command: podman version +-- +2.44.0 + + +From b58f9a51088afbfc22edb0b25776cfa2c4d8cc40 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 25 Mar 2024 23:04:23 +0100 +Subject: [PATCH 2/2] playbooks, test/system: Work around bug in pasta(1) + networks + +Podman 5.0 switched to using pasta(1), instead of slirp4netns(1), by +default for rootless containers. This change has led to a regression +causing 'skopeo copy' to get stuck uploading an OCI image to the local +temporary Docker registry run by the tests as a Podman container [1], +which breaks the test suite on Fedora 40 onwards. + +Work around this by forcing the use of slirp4netns(1). + +Note that the slirp4nets package needs to be explicitly installed on +Fedora 40 onwards, because the dependency in containers-common-extra +changed from Recommends to Suggests [2]. + +[1] https://github.com/containers/podman/issues/22575 + +[2] Fedora containers-common commit 17934d87b2686ab5 + Fedora containers-common commit 13c232f064113860 + https://src.fedoraproject.org/rpms/containers-common/c/17934d87b2686ab5 + https://src.fedoraproject.org/rpms/containers-common/c/13c232f064113860 + +https://github.com/containers/toolbox/pull/1468 +--- + playbooks/dependencies-centos-9-stream.yaml | 3 ++- + playbooks/dependencies-fedora.yaml | 3 ++- + test/system/libs/helpers.bash | 1 + + 3 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml +index d058d314b7b3..5c1194c03583 100644 +--- a/playbooks/dependencies-centos-9-stream.yaml ++++ b/playbooks/dependencies-centos-9-stream.yaml +@@ -13,6 +13,7 @@ + - podman + - shadow-utils-subid-devel + - skopeo ++ - slirp4netns + - systemd + - udisks2 + +@@ -54,7 +55,7 @@ + chdir: '{{ zuul.project.src_dir }}' + + - name: Check versions of crucial packages +- command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo ++ command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns + + - name: Show podman versions + command: podman version +diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml +index ade169917cbe..76ce655bf9d3 100644 +--- a/playbooks/dependencies-fedora.yaml ++++ b/playbooks/dependencies-fedora.yaml +@@ -35,6 +35,7 @@ + - podman + - shadow-utils-subid-devel + - skopeo ++ - slirp4netns + - systemd + - udisks2 + +@@ -54,7 +55,7 @@ + chdir: '{{ zuul.project.src_dir }}' + + - name: Check versions of crucial packages +- command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo ++ command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns + + - name: Show podman versions + command: podman version +diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash +index 66278888cbe2..c056c601ab94 100644 +--- a/test/system/libs/helpers.bash ++++ b/test/system/libs/helpers.bash +@@ -202,6 +202,7 @@ function _setup_docker_registry() { + -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ + -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ + -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ ++ --network slirp4netns \ + -p 50000:443 \ + "${IMAGES[docker-reg]}" + assert_success +-- +2.44.0 + diff --git a/toolbox.spec b/toolbox.spec index 778213c..da8af26 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.5 %endif %endif -Release: 10%{?dist} +Release: 11%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -44,6 +44,7 @@ Source1: %{name}.conf # Upstream Patch0: toolbox-test-system-new.patch Patch1: toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch +Patch2: toolbox-playbooks-test-system-bats-1.11-podman-5.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -127,6 +128,7 @@ The %{name}-tests package contains system tests for %{name}. %patch -P0 -p1 %patch -P1 -p1 +%patch -P2 -p1 %if 0%{?fedora} %ifnarch ppc64 @@ -204,6 +206,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Tue May 07 2024 Debarshi Ray - 0.0.99.5-11 +- Unbreak the tests with Podman 5.0 + * Tue Mar 26 2024 Debarshi Ray - 0.0.99.5-10 - Specify the golang versions for RHEL 9 and 10 From 58b0af2d6b6650bed0c91802b1f21cef10ffb089 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 30 Nov 2023 22:17:17 +0100 Subject: [PATCH 108/145] Silence 'rpminspect --tests=annocheck' (part 2) In recent times, 'rpminspect --tests=annocheck', run by the Fedora CI, has been failing because of the intentional DT_RPATH or DT_RUNPATH value of /run/host%{_libdir} that's present in %{_bindir}/toolbox [1]. It's not clear if they started failing again only recently due to changes in rpminspect(1), or if the previous attempt at silencing it was broken and never actually worked [2]. [1] Upstream commit 6063eb27b9893994 https://github.com/containers/toolbox/commit/6063eb27b9893994 https://github.com/containers/toolbox/issues/821 [2] Commit 12fabacd032f5c58 https://github.com/rpminspect/rpminspect/issues/1296 --- rpminspect.yaml | 3 ++- toolbox.spec | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/rpminspect.yaml b/rpminspect.yaml index 924e431..c7177c4 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -4,7 +4,8 @@ --- annocheck: - - hardened: --ignore-unknown --verbose --skip-run-path + extra_opts: + hardened: --skip-run-path runpath: allowed_paths: diff --git a/toolbox.spec b/toolbox.spec index da8af26..294c7df 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.5 %endif %endif -Release: 11%{?dist} +Release: 12%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -206,6 +206,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-12 +- Silence 'rpminspect --tests=annocheck' (part 2) + * Tue May 07 2024 Debarshi Ray - 0.0.99.5-11 - Unbreak the tests with Podman 5.0 From c262e4e4178f47430c984eb6e8b51b3c7aa810d3 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 11 Jul 2024 10:42:44 +0200 Subject: [PATCH 109/145] Silence 'rpminspect --tests=stack-prot' The stack-prot test [1] currently fails with: Hardened: /usr/bin/toolbox: FAIL: stack-prot test because stack protection not enabled (lto:_cgo_6f668e16310a_Cfunc_mygetgrnam_r) According to the documentation [1], the test is supposed to pass if the C compiler is GCC and it was used with the -fstack-protector-strong option. That's definitely the case, since Fedora uses GCC by default, and its default build flags (including %optflags) include -fstack-protector-strong. There's also no function called mygetgrnam() in neither Toolbx nor its chain of dependencies. Therefore, temporarily disable the stack-prot test to prevent the Fedora CI from failing. [1] https://sourceware.org/annobin/annobin.html/Test-stack-prot.html --- rpminspect.yaml | 2 +- toolbox.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/rpminspect.yaml b/rpminspect.yaml index c7177c4..ab3e59b 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -5,7 +5,7 @@ annocheck: extra_opts: - hardened: --skip-run-path + hardened: --skip-run-path --skip-stack-prot runpath: allowed_paths: diff --git a/toolbox.spec b/toolbox.spec index 294c7df..2c71d92 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.5 %endif %endif -Release: 12%{?dist} +Release: 13%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -206,6 +206,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-13 +- Silence 'rpminspect --tests=stack-prot' + * Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-12 - Silence 'rpminspect --tests=annocheck' (part 2) From ad7ceee60d85bbb065dda13708ac57ef1fbc6e3d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 20 Jul 2024 07:41:42 +0000 Subject: [PATCH 110/145] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 2c71d92..9d635f1 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.5 %endif %endif -Release: 13%{?dist} +Release: 14%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -206,6 +206,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Sat Jul 20 2024 Fedora Release Engineering - 0.0.99.5-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Thu Jul 11 2024 Debarshi Ray - 0.0.99.5-13 - Silence 'rpminspect --tests=stack-prot' From c8c1f44f2ea9c3b78f69d07175541d507c08a677 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Fri, 26 Jul 2024 13:05:47 -0700 Subject: [PATCH 111/145] tests: Don't use undefined variable The test.environment variable was removed from the variables defined in tests.yml in commit 1b207227f3981193, but it's still used, which causes Ansible to break: The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'environment'. 'dict object' has no attribute 'environment' https://src.fedoraproject.org/rpms/toolbox/pull-request/19 --- tests/roles/run_bats_tests/tasks/run_one_test.yml | 3 +-- toolbox.spec | 5 ++++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml index b44ed42..a58477d 100644 --- a/tests/roles/run_bats_tests/tasks/run_one_test.yml +++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml @@ -15,7 +15,6 @@ local_environment: TEST_NAME: "{{ test.name }}" TEST_PACKAGE: "{{ test.package }}" - TEST_ENV: "{{ test.environment }}" - name: "{{ test.name }} | setup/teardown helper | see if exists" local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh @@ -31,7 +30,7 @@ chdir: /usr/share/{{ test.package }}/test/system become: "{{ true if test.become is defined else false }}" become_user: testuser - environment: "{{ local_environment | combine(test.environment) }}" + environment: "{{ local_environment }}" - name: "{{ test.name }} | pull logs" fetch: diff --git a/toolbox.spec b/toolbox.spec index 9d635f1..5c00629 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.5 %endif %endif -Release: 14%{?dist} +Release: 15%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -206,6 +206,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Fri Jul 26 2024 Adam Williamson - 0.0.99.5-15 +- Fix CI test (hopefully) + * Sat Jul 20 2024 Fedora Release Engineering - 0.0.99.5-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From 859832513212b4076aeec62749bd0f029d7adf18 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Mon, 29 Jul 2024 14:38:34 -0700 Subject: [PATCH 112/145] tests: Avoid running out of storage space Toolbx's system tests download several images when setting up the test suite, and cache them for later use by the tests [1]. This saves time and avoids hitting rate limits imposed by OCI registries by not downloading the same images repeatedly for several tests, but at the cost of increased use of storage space to cache the images. The images are cached under BATS_TMPDIR. It defaults to the TMPDIR environment variable, and if that's not set then to /tmp [2]. Normally, TMPDIR isn't set, and the images end up getting cached under /tmp. Now, /tmp is typically on tmpfs backed by RAM or swap, which means that it should be used for smaller size-bounded files only, and /var/tmp should be used for everything else [3]. The images are big enough that a collection of them can't be described as smaller and size-bounded, and it led to: 1..306 # test suite: Set up # test suite: Tear down not ok 1 setup_suite # (from function `setup_suite' in test file ./setup_suite.bash, line 55) # `_pull_and_cache_distro_image fedora "$((system_version-1))" || false' failed # Failed to cache image registry.fedoraproject.org/fedora-toolbox:40 to /tmp/bats-run-IPz4Cn/image-cache/fedora-toolbox-40 # time="2024-02-19T11:41:43Z" level=fatal msg="copying system image from manifest list: writing blob: write /tmp/bats-run-IPz4Cn/image-cache/fedora-toolbox-40/dir-put-blob607392514: no space left on device" # bats warning: Executed 1 instead of expected 306 tests So, change the default location of the BATS_TMPDIR environment variable to /var/tmp by setting TMPDIR. [1] Toolbx commit 50683c9d9a78adc9 https://github.com/containers/toolbox/commit/50683c9d9a78adc9 https://github.com/containers/toolbox/pull/375 [2] https://bats-core.readthedocs.io/en/stable/writing-tests.html [3] https://systemd.io/TEMPORARY_DIRECTORIES/ https://src.fedoraproject.org/rpms/toolbox/pull-request/20 Signed-off-by: Adam Williamson --- tests/roles/run_bats_tests/tasks/run_one_test.yml | 1 + toolbox.spec | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml index a58477d..bf45754 100644 --- a/tests/roles/run_bats_tests/tasks/run_one_test.yml +++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml @@ -15,6 +15,7 @@ local_environment: TEST_NAME: "{{ test.name }}" TEST_PACKAGE: "{{ test.package }}" + TMPDIR: "/var/tmp" - name: "{{ test.name }} | setup/teardown helper | see if exists" local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh diff --git a/toolbox.spec b/toolbox.spec index 5c00629..0853af1 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,3 +1,4 @@ + %global __brp_check_rpaths %{nil} Name: toolbox @@ -31,7 +32,7 @@ Version: 0.0.99.5 %endif %endif -Release: 15%{?dist} +Release: 16%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -206,6 +207,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Wed Jul 31 2024 Debarshi Ray - 0.0.99.5-16 +- Avoid running out of storage space when running the tests + * Fri Jul 26 2024 Adam Williamson - 0.0.99.5-15 - Fix CI test (hopefully) From ee2fa0eab4519ab48e8c8d17701e41fadf2c12ca Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Mon, 29 Jul 2024 15:28:50 -0700 Subject: [PATCH 113/145] tests: Ensure slirp4netns(1) is installed Podman 5.0 switched to using pasta(1), instead of slirp4netns(1), by default for rootless containers. This change has led to a regression causing 'skopeo copy' to get stuck uploading an OCI image to the local temporary Docker registry run by the tests as a Podman container [1], which breaks the test suite on Fedora 40 onwards. This was worked around by forcing the use of slirp4netns(1). The slirp4nets package needs to be explicitly installed on Fedora 40 onwards, because the dependency in containers-common-extra changed from Recommends to Suggests [2]. Otherwise, it led to: 1..320 # test suite: Set up # test suite: Tear down not ok 1 setup_suite # (from function `assert_success' in file ./libs/bats-assert/src/assert.bash, line 114, # from function `_setup_docker_registry' in file ./libs/helpers.bash, line 208, # from function `setup_suite' in test file ./setup_suite.bash, line 59) # `_setup_docker_registry' failed # # -- command failed -- # status : 127 # output : Error: could not find slirp4netns, the network namespace can't be configured: exec: "slirp4netns": executable file not found in $PATH # -- # # Untagged: quay.io/toolbox_tests/registry:latest # Deleted: fea5a12cde107bb407bc44ede6dd9edea1d2b4171cd8e52b0cb330bf45e517e1 # bats warning: Executed 1 instead of expected 320 tests The missing dependency on the slirp4netns package in toolbox-tests doesn't affect Podman's downstream Fedora CI, which runs toolbox-tests, because it separately installs slirp4netns for other tests [3]. Fallout from d8388da39eaf8ca11dd723ab2565f5a3b7c28fe6 [1] https://github.com/containers/podman/issues/22575 [2] Fedora containers-common commit 17934d87b2686ab5 Fedora containers-common commit 13c232f064113860 https://src.fedoraproject.org/rpms/containers-common/c/17934d87b2686ab5 https://src.fedoraproject.org/rpms/containers-common/c/13c232f064113860 [3] Fedora podman commit 9667d0f5b5069acb https://src.fedoraproject.org/rpms/podman/c/9667d0f5b5069acb https://src.fedoraproject.org/rpms/toolbox/pull-request/20 Signed-off-by: Adam Williamson --- tests/roles/run_bats_tests/tasks/main.yml | 3 +++ toolbox.spec | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/roles/run_bats_tests/tasks/main.yml b/tests/roles/run_bats_tests/tasks/main.yml index da79a4c..533e2e9 100644 --- a/tests/roles/run_bats_tests/tasks/main.yml +++ b/tests/roles/run_bats_tests/tasks/main.yml @@ -3,6 +3,9 @@ - name: initialize test.log file copy: dest=/tmp/test.log content='' force=yes mode=0666 +- name: install slirp4netns + dnf: name="slirp4netns" state=installed + - name: execute tests include: run_one_test.yml with_items: "{{ tests }}" diff --git a/toolbox.spec b/toolbox.spec index 0853af1..6d13d0c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -32,7 +32,7 @@ Version: 0.0.99.5 %endif %endif -Release: 16%{?dist} +Release: 17%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -115,6 +115,7 @@ Requires: grep Requires: httpd-tools Requires: openssl Requires: skopeo +Requires: slirp4netns %if ! 0%{?rhel} Requires: bats >= 1.7.0 %endif @@ -207,6 +208,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Thu Aug 08 2024 Debarshi Ray - 0.0.99.5-17 +- Ensure slirp4netns(1) is installed + * Wed Jul 31 2024 Debarshi Ray - 0.0.99.5-16 - Avoid running out of storage space when running the tests From adcdf19861784e1edecae712a4d634611fbf6545 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 8 Aug 2024 17:45:54 +0200 Subject: [PATCH 114/145] tests: Silence deprecation warning Otherwise, Ansible in Fedora CI would complain: # STDERR: ---v---v---v---v---v--- [DEPRECATION WARNING]: "include" is deprecated, use include_tasks/import_tasks instead. See https://docs.ansible.com/ansible-core/2.14/user_guide/playbooks_reuse_includes.html for details. This feature will be removed in version 2.16. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. https://src.fedoraproject.org/rpms/toolbox/pull-request/21 --- tests/roles/run_bats_tests/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/roles/run_bats_tests/tasks/main.yml b/tests/roles/run_bats_tests/tasks/main.yml index 533e2e9..c073f66 100644 --- a/tests/roles/run_bats_tests/tasks/main.yml +++ b/tests/roles/run_bats_tests/tasks/main.yml @@ -7,7 +7,7 @@ dnf: name="slirp4netns" state=installed - name: execute tests - include: run_one_test.yml + include_tasks: run_one_test.yml with_items: "{{ tests }}" loop_control: loop_var: test From 1f9f142ef1efff9c73f32a978f7a03fe7e92f540 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 9 Aug 2024 18:42:08 +0200 Subject: [PATCH 115/145] Remove stray newline There's no need to do a build just for this. Fallout from 859832513212b4076aeec62749bd0f029d7adf18 --- toolbox.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 6d13d0c..30d41ca 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,4 +1,3 @@ - %global __brp_check_rpaths %{nil} Name: toolbox From c4f11e98871601879eb59f95428aa1b4b31b958a Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 9 Aug 2024 18:46:57 +0200 Subject: [PATCH 116/145] Unify the build with RHEL There's no need to do a build just for this. --- toolbox.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 30d41ca..47957dc 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -25,9 +25,9 @@ Version: 0.0.99.5 %if 0%{?rhel} %if 0%{?rhel} == 9 -%global toolbx_go 1.21.7 +%global toolbx_go 1.22.5 %elif 0%{?rhel} == 10 -%global toolbx_go 1.21.3 +%global toolbx_go 1.22.5 %endif %endif From bba451ece16ad5c89627e3bf71452e433361fe53 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 12 Sep 2024 18:05:21 +0200 Subject: [PATCH 117/145] Rebuild against shadow-utils-subid ABI version 5.0.0 The runtime dependency on shadow-utils-subid should have already been part of commit 95d6ea86892b903b to ensure that Toolbx >= 0.0.99.4 would be able to dlopen(3) the library. It only worked in practice because the podman RPM also required it. --- toolbox.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 47957dc..28fc03b 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.5 %endif %endif -Release: 17%{?dist} +Release: 18%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -60,7 +60,7 @@ BuildRequires: go-md2man BuildRequires: golang >= %{toolbx_go} BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) -BuildRequires: shadow-utils-subid-devel +BuildRequires: shadow-utils-subid-devel >= 4.16.0 BuildRequires: systemd BuildRequires: systemd-rpm-macros %if ! 0%{?rhel} @@ -90,6 +90,7 @@ Requires: podman >= 1.6.4 %if ! 0%{?rhel} Requires: flatpak-session-helper %endif +Requires: shadow-utils-subid%{?_isa} >= 4.16.0 %description @@ -207,6 +208,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Thu Sep 12 2024 Debarshi Ray - 0.0.99.5-18 +- Rebuild against shadow-utils-subid ABI version 5.0.0 + * Thu Aug 08 2024 Debarshi Ray - 0.0.99.5-17 - Ensure slirp4netns(1) is installed From e447d41208358916b11090a3d90c5a08ac18ca96 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 30 Sep 2024 15:37:33 +0200 Subject: [PATCH 118/145] Update to 0.0.99.6 Start using the golang-ipath(...) virtual Provides for BuildRequires because they use the top-level import paths and are closer to what is listed in the upstream go.mod. The golang(...) virtual Provides mention each individual Go package within a Go module, and bigger modules can have several packages in them. It is noisy and tedious to keep up with the list of packages that are currently in use, by looking at all the Go source files, and then to list them as BuildRequires. Update the compiler and linker flags for Fedora by incorporating some of the changes to the distribution's defaults up to Fedora 39, which is the oldest supported Fedora. Switch to using the GO_BUILDTAGS and GO_LDFLAGS environment variables, because their unprefixed counterparts have been deprecated [1], and start annotating the toolbox(1) binary with an ELF note that identifies the RPM for which it was built [2]. However, the change to use the RPM's %{name}, %{version}, %{release} and the SOURCE_DATE_EPOCH environment variable [3], instead of /dev/urandom, to generate the build ID annotation for the toolbox(1) binary [4] was left out. It will need more work to propagate the RPM's %{name}, %{version} and %{release} to Meson. Stop carrying the downstream patch for the compiler and linker flags for PPC64. The architecture was already discontinued from Fedora 29 [5], even before the patch was added [6]. It was added purely for the sake of completeness, and in the last four years since it was introduced, it hasn't been tested or used. At this point it's becoming too much of a maintenance burden, and removing it silences the %ifarch-applied-patch warning from rpmlint. Fill in some of the missing Requires for the toolbox-tests sub-package. [1] go-rpm-macros commit bc7e5cc55c4709e8 https://pagure.io/go-rpm-macros/c/bc7e5cc55c4709e8 [2] Fedora redhat-rpm-config commit 57edf0cad7b089ed https://src.fedoraproject.org/rpms/redhat-rpm-config/c/57edf0cad7b089ed https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects [3] https://reproducible-builds.org/docs/source-date-epoch/ [4] go-rpm-macros commit 1980932bf3a21890 https://pagure.io/go-rpm-macros/c/1980932bf3a21890 https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds [5] https://fedoraproject.org/wiki/Changes/DiscontinuePPC64 [6] Commit ba60453d216a9226 https://src.fedoraproject.org/rpms/toolbox/pull-request/22 --- .gitignore | 1 + sources | 2 +- ...ags-match-Fedora-s-gobuild-for-PPC64.patch | 54 -- ...e-build-flags-match-Fedora-s-gobuild.patch | 27 +- ...books-test-system-bats-1.11-podman-5.patch | 161 ---- ...nbreak-Podman-s-downstream-Fedora-CI.patch | 208 ---- toolbox-test-system-new.patch | 894 ------------------ toolbox.spec | 55 +- 8 files changed, 39 insertions(+), 1363 deletions(-) delete mode 100644 toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch delete mode 100644 toolbox-playbooks-test-system-bats-1.11-podman-5.patch delete mode 100644 toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch delete mode 100644 toolbox-test-system-new.patch diff --git a/.gitignore b/.gitignore index 6787941..8751077 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,4 @@ /toolbox-0.0.99.3-vendor.tar.xz /toolbox-0.0.99.4-vendored.tar.xz /toolbox-0.0.99.5-vendored.tar.xz +/toolbox-0.0.99.6-vendored.tar.xz diff --git a/sources b/sources index df91c99..a7670e1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.5-vendored.tar.xz) = d82666e9abcbac2d01de440dfb8d57801bb97ec0854a9859c64689c47c6a1344b846fb151ffa9371d0a9a2c85c8f61c96cf8f546449ec63c9a44d85ef328b745 +SHA512 (toolbox-0.0.99.6-vendored.tar.xz) = 9ecec200069e8e2536e5ece43d411f9025dba6f60573e7939a0fc26deef29f0297d405a44fd409e978879b0579ab0a79ace97228a199584854c638213fa219d7 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch deleted file mode 100644 index 35ecc83..0000000 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 4f8b443ab925c84d059d894ddcfcf4dcf66a747e Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} - for PPC64 - -The Go toolchain also doesn't like the LDFLAGS environment variable as -exported by Fedora's %{meson} RPM macro. - -Note that these flags are only meant for the "ppc64" CPU architecture, -and should be kept updated to match Fedora's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..cae2de426a96 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,16 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.43.0 - diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch index c290d36..27fd99d 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -1,20 +1,17 @@ -From 3175ef2fab1f61f5784361070ac338dabda3c04e Mon Sep 17 00:00:00 2001 +From 7dc70160c8ff531473004e879dd57ec303789d71 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} -The Go toolchain doesn't like the LDFLAGS environment variable as -exported by Fedora's %{meson} RPM macro. - Note that these flags are meant for every CPU architecture other than PPC64, and should be kept updated to match Fedora's Go guidelines. Use 'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. --- - src/go-build-wrapper | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..0e6a2efa6853 100755 +index a5a1a6a508fb..5978422e9aed 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper @@ -33,9 +33,9 @@ if ! cd "$1"; then @@ -22,27 +19,23 @@ index c572d6dfb02b..0e6a2efa6853 100755 fi -tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}" if $7; then - tags="-tags migration_path_for_coreos_toolbox" + tags="$tags,migration_path_for_coreos_toolbox" fi if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,17 @@ fi +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ # shellcheck disable=SC2086 go build \ + -buildmode pie \ + -compiler gc \ $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ + -a \ + -v \ + -x \ @@ -50,5 +43,5 @@ index c572d6dfb02b..0e6a2efa6853 100755 exit "$?" -- -2.43.0 +2.46.1 diff --git a/toolbox-playbooks-test-system-bats-1.11-podman-5.patch b/toolbox-playbooks-test-system-bats-1.11-podman-5.patch deleted file mode 100644 index 7834933..0000000 --- a/toolbox-playbooks-test-system-bats-1.11-podman-5.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 6626b11e1565412e411f585657ebe9615ec58cad Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Wed, 17 Apr 2024 16:58:32 +0200 -Subject: [PATCH 1/2] playbooks: Show the Bats version - -Ansible's built-in 'package' module doesn't show any details when -installing the RPMs. All that can be seen is: - TASK [Install RPM packages] - fedora-rawhide | changed - -Therefore, there's no way to know what version of the packages got -installed. - -In this case, not knowing the Bats version being used by the CI makes it -difficult to know why the tests are generating this spew on Fedora -Rawhide [1]: - TASK [Run system tests] - test/system/libs/helpers.bash: line 7: TEMP_BASE_DIR: readonly variable - test/system/libs/helpers.bash: line 8: TEMP_STORAGE_DIR: readonly variable - test/system/libs/helpers.bash: line 10: IMAGE_CACHE_DIR: readonly variable - test/system/libs/helpers.bash: line 11: ROOTLESS_PODMAN_STORE_DIR: readonly variable - test/system/libs/helpers.bash: line 12: ROOTLESS_PODMAN_RUNROOT_DIR: readonly variable - test/system/libs/helpers.bash: line 13: PODMAN_STORE_CONFIG_FILE: readonly variable - test/system/libs/helpers.bash: line 14: DOCKER_REG_ROOT: readonly variable - test/system/libs/helpers.bash: line 15: DOCKER_REG_CERTS_DIR: readonly variable - test/system/libs/helpers.bash: line 16: DOCKER_REG_AUTH_DIR: readonly variable - test/system/libs/helpers.bash: line 17: DOCKER_REG_URI: readonly variable - test/system/libs/helpers.bash: line 18: DOCKER_REG_NAME: readonly variable - test/system/libs/helpers.bash: line 21: PODMAN: readonly variable - test/system/libs/helpers.bash: line 22: TOOLBX: readonly variable - test/system/libs/helpers.bash: line 23: SKOPEO: readonly variable - ... - fedora-rawhide | 1..340 - -[1] https://github.com/bats-core/bats-core/pull/904 - -https://github.com/containers/toolbox/pull/1482 ---- - playbooks/dependencies-centos-9-stream.yaml | 2 +- - playbooks/dependencies-fedora.yaml | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml -index ffbc6d9903cb..d058d314b7b3 100644 ---- a/playbooks/dependencies-centos-9-stream.yaml -+++ b/playbooks/dependencies-centos-9-stream.yaml -@@ -54,7 +54,7 @@ - chdir: '{{ zuul.project.src_dir }}' - - - name: Check versions of crucial packages -- command: rpm -qa ShellCheck codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo -+ command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo - - - name: Show podman versions - command: podman version -diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml -index d493bd0729ea..ade169917cbe 100644 ---- a/playbooks/dependencies-fedora.yaml -+++ b/playbooks/dependencies-fedora.yaml -@@ -54,7 +54,7 @@ - chdir: '{{ zuul.project.src_dir }}' - - - name: Check versions of crucial packages -- command: rpm -qa ShellCheck codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo -+ command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo - - - name: Show podman versions - command: podman version --- -2.44.0 - - -From b58f9a51088afbfc22edb0b25776cfa2c4d8cc40 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 25 Mar 2024 23:04:23 +0100 -Subject: [PATCH 2/2] playbooks, test/system: Work around bug in pasta(1) - networks - -Podman 5.0 switched to using pasta(1), instead of slirp4netns(1), by -default for rootless containers. This change has led to a regression -causing 'skopeo copy' to get stuck uploading an OCI image to the local -temporary Docker registry run by the tests as a Podman container [1], -which breaks the test suite on Fedora 40 onwards. - -Work around this by forcing the use of slirp4netns(1). - -Note that the slirp4nets package needs to be explicitly installed on -Fedora 40 onwards, because the dependency in containers-common-extra -changed from Recommends to Suggests [2]. - -[1] https://github.com/containers/podman/issues/22575 - -[2] Fedora containers-common commit 17934d87b2686ab5 - Fedora containers-common commit 13c232f064113860 - https://src.fedoraproject.org/rpms/containers-common/c/17934d87b2686ab5 - https://src.fedoraproject.org/rpms/containers-common/c/13c232f064113860 - -https://github.com/containers/toolbox/pull/1468 ---- - playbooks/dependencies-centos-9-stream.yaml | 3 ++- - playbooks/dependencies-fedora.yaml | 3 ++- - test/system/libs/helpers.bash | 1 + - 3 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml -index d058d314b7b3..5c1194c03583 100644 ---- a/playbooks/dependencies-centos-9-stream.yaml -+++ b/playbooks/dependencies-centos-9-stream.yaml -@@ -13,6 +13,7 @@ - - podman - - shadow-utils-subid-devel - - skopeo -+ - slirp4netns - - systemd - - udisks2 - -@@ -54,7 +55,7 @@ - chdir: '{{ zuul.project.src_dir }}' - - - name: Check versions of crucial packages -- command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo -+ command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns - - - name: Show podman versions - command: podman version -diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml -index ade169917cbe..76ce655bf9d3 100644 ---- a/playbooks/dependencies-fedora.yaml -+++ b/playbooks/dependencies-fedora.yaml -@@ -35,6 +35,7 @@ - - podman - - shadow-utils-subid-devel - - skopeo -+ - slirp4netns - - systemd - - udisks2 - -@@ -54,7 +55,7 @@ - chdir: '{{ zuul.project.src_dir }}' - - - name: Check versions of crucial packages -- command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo -+ command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns - - - name: Show podman versions - command: podman version -diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash -index 66278888cbe2..c056c601ab94 100644 ---- a/test/system/libs/helpers.bash -+++ b/test/system/libs/helpers.bash -@@ -202,6 +202,7 @@ function _setup_docker_registry() { - -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ - -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ - -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ -+ --network slirp4netns \ - -p 50000:443 \ - "${IMAGES[docker-reg]}" - assert_success --- -2.44.0 - diff --git a/toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch b/toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch deleted file mode 100644 index 1956003..0000000 --- a/toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch +++ /dev/null @@ -1,208 +0,0 @@ -From a859f73d075ec0505994d8ce0f371ec28e466983 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Tue, 13 Feb 2024 21:56:06 +0100 -Subject: [PATCH 1/2] test/system: Unbreak Podman's downstream Fedora CI - -The paths to bats-assert and bats-support are broken, if bats(1) is -invoked from any other location than the parent directory of the 'tests' -directory. eg., Podman's downstream Fedora CI invokes the tests as: - $ cd /path/to/toolbox/test/system - $ bats . - -... and it led to [1]: - 1..306 - # test suite: Set up - # Missing dependencies - # Forgot to run 'git submodule init' and 'git submodule update' ? - # test suite: Tear down - not ok 1 setup_suite - # (from function `setup_suite' in test file ./setup_suite.bash, line 33) - # `return 1' failed - # bats warning: Executed 1 instead of expected 306 tests - -Fallout from 2c0960660330dc6be6861502988695f9812c475a - -[1] https://bugzilla.redhat.com/show_bug.cgi?id=2263968 - -https://github.com/containers/toolbox/pull/1448 ---- - test/system/setup_suite.bash | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/system/setup_suite.bash b/test/system/setup_suite.bash -index e4edf232bcd8..01985b7f9afc 100644 ---- a/test/system/setup_suite.bash -+++ b/test/system/setup_suite.bash -@@ -17,7 +17,7 @@ - - missing_dependencies=false - --if [ -f test/system/libs/bats-assert/load.bash ] && [ -f test/system/libs/bats-support/load.bash ]; then -+if [ -f "$BATS_TEST_DIRNAME/libs/bats-assert/load.bash" ] && [ -f "$BATS_TEST_DIRNAME/libs/bats-support/load.bash" ]; then - load 'libs/helpers' - else - missing_dependencies=true --- -2.43.0 - - -From a183876eae2bb4ffd84bca4303fc28be6725ebc2 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Fri, 23 Feb 2024 10:38:16 +0100 -Subject: [PATCH 2/2] test/system: Unbreak Podman's downstream Fedora CI (part - 2) - -The working directory from which bats(1) is invoked might not be part of -the Toolbx container. eg., Podman's downstream Fedora CI invokes the -tests as: - $ cd /path/to/toolbox/test/system - $ bats . - -... and it led to [1]: - not ok 110 run: Smoke test with true(1) - # (from function `assert_output' in file - ./libs/bats-assert/src/assert.bash, line 255, - # in test file ./104-run.bats, line 38) - # `assert_output ""' failed - # - # -- output differs -- - # expected (0 lines): - # - # actual (3 lines): - # Error: crun: chdir to `/usr/share/toolbox/test/system`: No such - file or directory: OCI runtime attempted to invoke a command that - was not found - # Error: directory /usr/share/toolbox/test/system not found in - container fedora-toolbox-41 - # Using /home/testuser instead. - # -- - # - -[1] https://bugzilla.redhat.com/show_bug.cgi?id=2263968 - -https://github.com/containers/toolbox/pull/1457 ---- - test/system/104-run.bats | 2 ++ - test/system/201-ipc.bats | 2 ++ - test/system/203-network.bats | 2 ++ - test/system/206-user.bats | 2 ++ - test/system/210-ulimit.bats | 2 ++ - test/system/211-dbus.bats | 2 ++ - test/system/220-environment-variables.bats | 2 ++ - 7 files changed, 14 insertions(+) - -diff --git a/test/system/104-run.bats b/test/system/104-run.bats -index ff11a8477062..a0cb89fdeeca 100644 ---- a/test/system/104-run.bats -+++ b/test/system/104-run.bats -@@ -23,9 +23,11 @@ setup() { - bats_require_minimum_version 1.7.0 - _setup_environment - cleanup_containers -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_containers - } - -diff --git a/test/system/201-ipc.bats b/test/system/201-ipc.bats -index 15c791dec86d..09200b41d06c 100644 ---- a/test/system/201-ipc.bats -+++ b/test/system/201-ipc.bats -@@ -23,9 +23,11 @@ setup() { - bats_require_minimum_version 1.7.0 - _setup_environment - cleanup_containers -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_containers - } - -diff --git a/test/system/203-network.bats b/test/system/203-network.bats -index db1ba561f314..012374e3317f 100644 ---- a/test/system/203-network.bats -+++ b/test/system/203-network.bats -@@ -35,9 +35,11 @@ setup() { - bats_require_minimum_version 1.7.0 - _setup_environment - cleanup_containers -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_containers - } - -diff --git a/test/system/206-user.bats b/test/system/206-user.bats -index 2df7862f259e..473a6b40905a 100644 ---- a/test/system/206-user.bats -+++ b/test/system/206-user.bats -@@ -23,9 +23,11 @@ setup() { - bats_require_minimum_version 1.7.0 - _setup_environment - cleanup_containers -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_containers - } - -diff --git a/test/system/210-ulimit.bats b/test/system/210-ulimit.bats -index ea0c46685df1..ea08feea1513 100644 ---- a/test/system/210-ulimit.bats -+++ b/test/system/210-ulimit.bats -@@ -23,9 +23,11 @@ setup() { - bats_require_minimum_version 1.7.0 - _setup_environment - cleanup_containers -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_containers - } - -diff --git a/test/system/211-dbus.bats b/test/system/211-dbus.bats -index 295bb71b2789..61c543a56005 100644 ---- a/test/system/211-dbus.bats -+++ b/test/system/211-dbus.bats -@@ -23,9 +23,11 @@ setup() { - bats_require_minimum_version 1.7.0 - _setup_environment - cleanup_containers -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_containers - } - -diff --git a/test/system/220-environment-variables.bats b/test/system/220-environment-variables.bats -index 5b51d17dee55..c24e07d146ee 100644 ---- a/test/system/220-environment-variables.bats -+++ b/test/system/220-environment-variables.bats -@@ -23,9 +23,11 @@ setup() { - bats_require_minimum_version 1.7.0 - _setup_environment - cleanup_containers -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_containers - } - --- -2.43.0 - diff --git a/toolbox-test-system-new.patch b/toolbox-test-system-new.patch deleted file mode 100644 index 9800b15..0000000 --- a/toolbox-test-system-new.patch +++ /dev/null @@ -1,894 +0,0 @@ -From f51c4a4cd8ff1c51a68073a10eaddab8f16fdaf6 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 8 Feb 2024 22:18:33 +0100 -Subject: [PATCH 1/4] test/system: Ensure that the user is part of a group with - the same name - -https://github.com/containers/toolbox/pull/1447 ---- - test/system/206-user.bats | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/test/system/206-user.bats b/test/system/206-user.bats -index c295d8a61f39..cdd38c146024 100644 ---- a/test/system/206-user.bats -+++ b/test/system/206-user.bats -@@ -434,6 +434,7 @@ teardown() { - run --keep-empty-lines --separate-stderr "$TOOLBOX" run cat /etc/group - - assert_success -+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" - assert_line --regexp "^(sudo|wheel):x:[[:digit:]]+:$USER$" - assert [ ${#lines[@]} -gt 1 ] - -@@ -447,6 +448,7 @@ teardown() { - run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch cat /etc/group - - assert_success -+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" - assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" - assert [ ${#lines[@]} -gt 1 ] - -@@ -460,6 +462,7 @@ teardown() { - run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 cat /etc/group - - assert_success -+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" - assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" - assert [ ${#lines[@]} -gt 1 ] - -@@ -473,6 +476,7 @@ teardown() { - run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 cat /etc/group - - assert_success -+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" - assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$" - assert [ ${#lines[@]} -gt 1 ] - -@@ -486,6 +490,7 @@ teardown() { - run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 cat /etc/group - - assert_success -+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" - assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" - assert [ ${#lines[@]} -gt 1 ] - -@@ -499,6 +504,7 @@ teardown() { - run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 cat /etc/group - - assert_success -+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" - assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" - assert [ ${#lines[@]} -gt 1 ] - -@@ -512,6 +518,7 @@ teardown() { - run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 cat /etc/group - - assert_success -+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$" - assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$" - assert [ ${#lines[@]} -gt 1 ] - --- -2.43.0 - - -From b2d64fad1a23a07919efdb70de9247645e44f973 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 8 Feb 2024 22:51:43 +0100 -Subject: [PATCH 2/4] test/system: Ensure that process started by 'podman exec' - has all groups -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Commit 15173f8c25c81244 exposed a bug in crun(1) [1] where the process -started directly by 'podman exec --user ...' inside the Toolbx container -would not have the supplementary groups attached to the user by the -entry point. - -This could be observed by differences in id(1): - ⬢$ id - uid=1000(user) gid=1000(user) groups=1000(user) - ⬢$ id user - uid=1000(user) gid=1000(user) groups=1000(user),10(wheel) - -... and could be worked around by starting a new session with sudo(8). - -[1] crun commit 9effaebb429a1aed - https://github.com/containers/crun/commit/9effaebb429a1aed - https://github.com/containers/crun/issues/644 - https://github.com/containers/podman/issues/9986 - -https://github.com/containers/toolbox/issues/608 ---- - test/system/206-user.bats | 231 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 231 insertions(+) - -diff --git a/test/system/206-user.bats b/test/system/206-user.bats -index cdd38c146024..2df7862f259e 100644 ---- a/test/system/206-user.bats -+++ b/test/system/206-user.bats -@@ -525,3 +525,234 @@ teardown() { - # shellcheck disable=SC2154 - assert [ ${#stderr_lines[@]} -eq 0 ] - } -+ -+@test "user: id(1) for $USER inside the default container" { -+ create_default_container -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run id -+ -+ assert_success -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ local output_id="${lines[0]}" -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run id "$USER" -+ -+ assert_success -+ assert_line --index 0 "$output_id" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: id(1) for $USER inside Arch Linux" { -+ create_distro_container arch latest arch-toolbox-latest -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch id -+ -+ assert_success -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ local output_id="${lines[0]}" -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch id "$USER" -+ -+ assert_success -+ assert_line --index 0 "$output_id" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: id(1) for $USER inside Fedora 34" { -+ create_distro_container fedora 34 fedora-toolbox-34 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 id -+ -+ assert_success -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ local output_id="${lines[0]}" -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 id "$USER" -+ -+ assert_success -+ assert_line --index 0 "$output_id" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: id(1) for $USER inside RHEL 8.7" { -+ create_distro_container rhel 8.7 rhel-toolbox-8.7 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 id -+ -+ assert_success -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ local output_id="${lines[0]}" -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 id "$USER" -+ -+ assert_success -+ assert_line --index 0 "$output_id" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: id(1) for $USER inside Ubuntu 16.04" { -+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 id -+ -+ assert_success -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ local output_id="${lines[0]}" -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 id "$USER" -+ -+ assert_success -+ assert_line --index 0 "$output_id" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: id(1) for $USER inside Ubuntu 18.04" { -+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 id -+ -+ assert_success -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ local output_id="${lines[0]}" -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 id "$USER" -+ -+ assert_success -+ assert_line --index 0 "$output_id" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "user: id(1) for $USER inside Ubuntu 20.04" { -+ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 id -+ -+ assert_success -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ local output_id="${lines[0]}" -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+ -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 id "$USER" -+ -+ assert_success -+ assert_line --index 0 "$output_id" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ # shellcheck disable=SC2154 -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} --- -2.43.0 - - -From da2555d04f9ff677b3f2033ff36390f75c3a509d Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 18 Jan 2024 19:53:02 +0100 -Subject: [PATCH 3/4] test/system: Group by higher-level objective, not - distribution - -Fallout from 51ffd2793d882ffab45ace44c03edfdaeb3f138c - -https://github.com/containers/toolbox/pull/1436 ---- - test/system/220-environment-variables.bats | 152 ++++++++++----------- - 1 file changed, 76 insertions(+), 76 deletions(-) - -diff --git a/test/system/220-environment-variables.bats b/test/system/220-environment-variables.bats -index 0e1356654468..dd74b1dc5142 100644 ---- a/test/system/220-environment-variables.bats -+++ b/test/system/220-environment-variables.bats -@@ -1,6 +1,6 @@ - # shellcheck shell=bats - # --# Copyright © 2023 Red Hat, Inc. -+# Copyright © 2023 – 2024 Red Hat, Inc. - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. -@@ -57,25 +57,24 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTSIZE inside the default container" { -- skip "https://pagure.io/setup/pull-request/48" -- -- create_default_container -+@test "environment variables: HISTFILESIZE inside Arch Linux" { -+ create_distro_container arch latest arch-toolbox-latest - -- if [ "$HISTSIZE" = "" ]; then -+ # shellcheck disable=SC2031 -+ if [ "$HISTFILESIZE" = "" ]; then - # shellcheck disable=SC2030 -- HISTSIZE=1001 -+ HISTFILESIZE=1001 - else -- ((HISTSIZE++)) -+ ((HISTFILESIZE++)) - fi - -- export HISTSIZE -+ export HISTFILESIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run bash -c 'echo "$HISTSIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTFILESIZE"' - - assert_success -- assert_line --index 0 "$HISTSIZE" -+ assert_line --index 0 "$HISTFILESIZE" - - if check_bats_version 1.10.0; then - assert [ ${#lines[@]} -eq 1 ] -@@ -87,8 +86,8 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTFILESIZE inside Arch Linux" { -- create_distro_container arch latest arch-toolbox-latest -+@test "environment variables: HISTFILESIZE inside Fedora 34" { -+ create_distro_container fedora 34 fedora-toolbox-34 - - # shellcheck disable=SC2031 - if [ "$HISTFILESIZE" = "" ]; then -@@ -101,7 +100,7 @@ teardown() { - export HISTFILESIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTFILESIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTFILESIZE"' - - assert_success - assert_line --index 0 "$HISTFILESIZE" -@@ -116,24 +115,24 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTSIZE inside Arch Linux" { -- create_distro_container arch latest arch-toolbox-latest -+@test "environment variables: HISTFILESIZE inside RHEL 8.7" { -+ create_distro_container rhel 8.7 rhel-toolbox-8.7 - - # shellcheck disable=SC2031 -- if [ "$HISTSIZE" = "" ]; then -+ if [ "$HISTFILESIZE" = "" ]; then - # shellcheck disable=SC2030 -- HISTSIZE=1001 -+ HISTFILESIZE=1001 - else -- ((HISTSIZE++)) -+ ((HISTFILESIZE++)) - fi - -- export HISTSIZE -+ export HISTFILESIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTSIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTFILESIZE"' - - assert_success -- assert_line --index 0 "$HISTSIZE" -+ assert_line --index 0 "$HISTFILESIZE" - - if check_bats_version 1.10.0; then - assert [ ${#lines[@]} -eq 1 ] -@@ -145,8 +144,8 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTFILESIZE inside Fedora 34" { -- create_distro_container fedora 34 fedora-toolbox-34 -+@test "environment variables: HISTFILESIZE inside Ubuntu 16.04" { -+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 - - # shellcheck disable=SC2031 - if [ "$HISTFILESIZE" = "" ]; then -@@ -159,7 +158,8 @@ teardown() { - export HISTFILESIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTFILESIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 \ -+ bash -c 'echo "$HISTFILESIZE"' - - assert_success - assert_line --index 0 "$HISTFILESIZE" -@@ -174,26 +174,25 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTSIZE inside Fedora 34" { -- skip "https://pagure.io/setup/pull-request/48" -- -- create_distro_container fedora 34 fedora-toolbox-34 -+@test "environment variables: HISTFILESIZE inside Ubuntu 18.04" { -+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 - - # shellcheck disable=SC2031 -- if [ "$HISTSIZE" = "" ]; then -+ if [ "$HISTFILESIZE" = "" ]; then - # shellcheck disable=SC2030 -- HISTSIZE=1001 -+ HISTFILESIZE=1001 - else -- ((HISTSIZE++)) -+ ((HISTFILESIZE++)) - fi - -- export HISTSIZE -+ export HISTFILESIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTSIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 \ -+ bash -c 'echo "$HISTFILESIZE"' - - assert_success -- assert_line --index 0 "$HISTSIZE" -+ assert_line --index 0 "$HISTFILESIZE" - - if check_bats_version 1.10.0; then - assert [ ${#lines[@]} -eq 1 ] -@@ -205,12 +204,11 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTFILESIZE inside RHEL 8.7" { -- create_distro_container rhel 8.7 rhel-toolbox-8.7 -+@test "environment variables: HISTFILESIZE inside Ubuntu 20.04" { -+ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 - - # shellcheck disable=SC2031 - if [ "$HISTFILESIZE" = "" ]; then -- # shellcheck disable=SC2030 - HISTFILESIZE=1001 - else - ((HISTFILESIZE++)) -@@ -219,7 +217,8 @@ teardown() { - export HISTFILESIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTFILESIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 \ -+ bash -c 'echo "$HISTFILESIZE"' - - assert_success - assert_line --index 0 "$HISTFILESIZE" -@@ -234,12 +233,11 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTSIZE inside RHEL 8.7" { -+@test "environment variables: HISTSIZE inside the default container" { - skip "https://pagure.io/setup/pull-request/48" - -- create_distro_container rhel 8.7 rhel-toolbox-8.7 -+ create_default_container - -- # shellcheck disable=SC2031 - if [ "$HISTSIZE" = "" ]; then - # shellcheck disable=SC2030 - HISTSIZE=1001 -@@ -250,7 +248,7 @@ teardown() { - export HISTSIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTSIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run bash -c 'echo "$HISTSIZE"' - - assert_success - assert_line --index 0 "$HISTSIZE" -@@ -265,25 +263,24 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTFILESIZE inside Ubuntu 16.04" { -- create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 -+@test "environment variables: HISTSIZE inside Arch Linux" { -+ create_distro_container arch latest arch-toolbox-latest - - # shellcheck disable=SC2031 -- if [ "$HISTFILESIZE" = "" ]; then -+ if [ "$HISTSIZE" = "" ]; then - # shellcheck disable=SC2030 -- HISTFILESIZE=1001 -+ HISTSIZE=1001 - else -- ((HISTFILESIZE++)) -+ ((HISTSIZE++)) - fi - -- export HISTFILESIZE -+ export HISTSIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 \ -- bash -c 'echo "$HISTFILESIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTSIZE"' - - assert_success -- assert_line --index 0 "$HISTFILESIZE" -+ assert_line --index 0 "$HISTSIZE" - - if check_bats_version 1.10.0; then - assert [ ${#lines[@]} -eq 1 ] -@@ -295,8 +292,10 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTSIZE inside Ubuntu 16.04" { -- create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 -+@test "environment variables: HISTSIZE inside Fedora 34" { -+ skip "https://pagure.io/setup/pull-request/48" -+ -+ create_distro_container fedora 34 fedora-toolbox-34 - - # shellcheck disable=SC2031 - if [ "$HISTSIZE" = "" ]; then -@@ -309,7 +308,7 @@ teardown() { - export HISTSIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 bash -c 'echo "$HISTSIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTSIZE"' - - assert_success - assert_line --index 0 "$HISTSIZE" -@@ -324,25 +323,26 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTFILESIZE inside Ubuntu 18.04" { -- create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 -+@test "environment variables: HISTSIZE inside RHEL 8.7" { -+ skip "https://pagure.io/setup/pull-request/48" -+ -+ create_distro_container rhel 8.7 rhel-toolbox-8.7 - - # shellcheck disable=SC2031 -- if [ "$HISTFILESIZE" = "" ]; then -+ if [ "$HISTSIZE" = "" ]; then - # shellcheck disable=SC2030 -- HISTFILESIZE=1001 -+ HISTSIZE=1001 - else -- ((HISTFILESIZE++)) -+ ((HISTSIZE++)) - fi - -- export HISTFILESIZE -+ export HISTSIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 \ -- bash -c 'echo "$HISTFILESIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTSIZE"' - - assert_success -- assert_line --index 0 "$HISTFILESIZE" -+ assert_line --index 0 "$HISTSIZE" - - if check_bats_version 1.10.0; then - assert [ ${#lines[@]} -eq 1 ] -@@ -354,8 +354,8 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTSIZE inside Ubuntu 18.04" { -- create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 -+@test "environment variables: HISTSIZE inside Ubuntu 16.04" { -+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 - - # shellcheck disable=SC2031 - if [ "$HISTSIZE" = "" ]; then -@@ -368,7 +368,7 @@ teardown() { - export HISTSIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 bash -c 'echo "$HISTSIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 bash -c 'echo "$HISTSIZE"' - - assert_success - assert_line --index 0 "$HISTSIZE" -@@ -383,24 +383,24 @@ teardown() { - assert [ ${#stderr_lines[@]} -eq 0 ] - } - --@test "environment variables: HISTFILESIZE inside Ubuntu 20.04" { -- create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 -+@test "environment variables: HISTSIZE inside Ubuntu 18.04" { -+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 - - # shellcheck disable=SC2031 -- if [ "$HISTFILESIZE" = "" ]; then -- HISTFILESIZE=1001 -+ if [ "$HISTSIZE" = "" ]; then -+ # shellcheck disable=SC2030 -+ HISTSIZE=1001 - else -- ((HISTFILESIZE++)) -+ ((HISTSIZE++)) - fi - -- export HISTFILESIZE -+ export HISTSIZE - - # shellcheck disable=SC2016 -- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 \ -- bash -c 'echo "$HISTFILESIZE"' -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 bash -c 'echo "$HISTSIZE"' - - assert_success -- assert_line --index 0 "$HISTFILESIZE" -+ assert_line --index 0 "$HISTSIZE" - - if check_bats_version 1.10.0; then - assert [ ${#lines[@]} -eq 1 ] --- -2.43.0 - - -From ee2c92299d5488bab4e54cb04d9a120e0b9ed405 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 18 Jan 2024 20:17:50 +0100 -Subject: [PATCH 4/4] test/system: Test that the HOSTNAME environment variable - is set - -Bash automatically sets the HOSTNAME environment variable to the name of -the current host [1] as returned by gethostname(2), which is the same as -hostname(1). - -However, on Fedora, from Fedora 33 onwards, /etc/profile sets the -HOSTNAME environment variable to 'hostnamectl --transient' [2], and, -from Fedora 35 onwards, it has a fallback to hostname(1) [3]. These two -approaches return different values when used inside a Toolbx container. -The former picks up the hostname of the host operating system, while the -fallback gets the name that was set when creating the container with -'podman create --hostname toolbox ...'. - -Hence, the value of HOSTNAME inside a Toolbx container for Fedora -depends on whether the corresponding version of the fedora-toolbox image -contained hostnamectl(1) or not. - -[1] https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html - -[2] setup commit eb9cc4dce89be24f - https://pagure.io/setup/c/eb9cc4dce89be24f - https://bugzilla.redhat.com/show_bug.cgi?id=1745245 - -[3] setup commit ddd74b5d971a734c - https://pagure.io/setup/c/ddd74b5d971a734c - https://pagure.io/setup/pull-request/28 - https://bugzilla.redhat.com/show_bug.cgi?id=1938223 - -https://github.com/containers/toolbox/issues/558 ---- - test/system/220-environment-variables.bats | 126 +++++++++++++++++++++ - 1 file changed, 126 insertions(+) - -diff --git a/test/system/220-environment-variables.bats b/test/system/220-environment-variables.bats -index dd74b1dc5142..5b51d17dee55 100644 ---- a/test/system/220-environment-variables.bats -+++ b/test/system/220-environment-variables.bats -@@ -439,3 +439,129 @@ teardown() { - # shellcheck disable=SC2154 - assert [ ${#stderr_lines[@]} -eq 0 ] - } -+ -+@test "environment variables: HOSTNAME inside the default container" { -+ create_default_container -+ -+ # shellcheck disable=SC2016 -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run bash -c 'echo "$HOSTNAME"' -+ -+ assert_success -+ assert_line --index 0 --regexp "^(toolbox|$HOSTNAME)$" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "environment variables: HOSTNAME inside Arch Linux" { -+ create_distro_container arch latest arch-toolbox-latest -+ -+ # shellcheck disable=SC2016 -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HOSTNAME"' -+ -+ assert_success -+ assert_line --index 0 "toolbox" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "environment variables: HOSTNAME inside Fedora 34" { -+ create_distro_container fedora 34 fedora-toolbox-34 -+ -+ # shellcheck disable=SC2016 -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HOSTNAME"' -+ -+ assert_success -+ assert_line --index 0 "$HOSTNAME" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "environment variables: HOSTNAME inside RHEL 8.7" { -+ create_distro_container rhel 8.7 rhel-toolbox-8.7 -+ -+ # shellcheck disable=SC2016 -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HOSTNAME"' -+ -+ assert_success -+ assert_line --index 0 "toolbox" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "environment variables: HOSTNAME inside Ubuntu 16.04" { -+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04 -+ -+ # shellcheck disable=SC2016 -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 bash -c 'echo "$HOSTNAME"' -+ -+ assert_success -+ assert_line --index 0 "toolbox" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "environment variables: HOSTNAME inside Ubuntu 18.04" { -+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04 -+ -+ # shellcheck disable=SC2016 -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 bash -c 'echo "$HOSTNAME"' -+ -+ assert_success -+ assert_line --index 0 "toolbox" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} -+ -+@test "environment variables: HOSTNAME inside Ubuntu 20.04" { -+ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04 -+ -+ # shellcheck disable=SC2016 -+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 bash -c 'echo "$HOSTNAME"' -+ -+ assert_success -+ assert_line --index 0 "toolbox" -+ -+ if check_bats_version 1.10.0; then -+ assert [ ${#lines[@]} -eq 1 ] -+ else -+ assert [ ${#lines[@]} -eq 2 ] -+ fi -+ -+ assert [ ${#stderr_lines[@]} -eq 0 ] -+} --- -2.43.0 - diff --git a/toolbox.spec b/toolbox.spec index 28fc03b..d825b80 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.0.99.5 +Version: 0.0.99.6 %global goipath github.com/containers/%{name} @@ -31,7 +31,7 @@ Version: 0.0.99.5 %endif %endif -Release: 18%{?dist} +Release: 1%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -41,14 +41,8 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version # RHEL specific Source1: %{name}.conf -# Upstream -Patch0: toolbox-test-system-new.patch -Patch1: toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch -Patch2: toolbox-playbooks-test-system-bats-1.11-podman-5.patch - # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch -Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch # RHEL specific Patch200: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch @@ -65,21 +59,27 @@ BuildRequires: systemd BuildRequires: systemd-rpm-macros %if ! 0%{?rhel} BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1 +BuildRequires: golang-ipath(github.com/NVIDIA/go-nvlib) >= 0.6.1 +BuildRequires: golang-ipath(github.com/NVIDIA/go-nvml) >= 0.12.4.0 +BuildRequires: golang-ipath(github.com/NVIDIA/nvidia-container-toolkit) >= 1.16.1 BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0 -BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0 +BuildRequires: golang(github.com/briandowns/spinner) >= 1.18.0 BuildRequires: golang(github.com/docker/go-units) >= 0.5.0 -BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1 +BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.7.0 +BuildRequires: golang(github.com/go-logfmt/logfmt) >= 0.5.0 BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6 -BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1 +BuildRequires: golang(github.com/google/renameio/v2) >= 2.0.0 +BuildRequires: golang(github.com/sirupsen/logrus) >= 1.9.3 BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0 BuildRequires: golang(github.com/spf13/viper) >= 1.10.1 -BuildRequires: golang(golang.org/x/sys/unix) >= 0.1.0 +BuildRequires: golang-ipath(golang.org/x/sys) >= 0.22.0 BuildRequires: golang(golang.org/x/text) >= 0.3.8 -BuildRequires: golang(gopkg.in/yaml.v3) >= 3.0.0 +BuildRequires: golang-ipath(gopkg.in/yaml.v3) >= 3.0.1 +BuildRequires: golang-ipath(tags.cncf.io/container-device-interface) >= 0.8.0 BuildRequires: pkgconfig(fish) # for tests # BuildRequires: codespell -# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 +# BuildRequires: golang(github.com/stretchr/testify) >= 1.9.0 # BuildRequires: ShellCheck %endif @@ -95,9 +95,9 @@ Requires: shadow-utils-subid%{?_isa} >= 4.16.0 %description Toolbx is a tool for Linux, which allows the use of interactive command line -environments for development and troubleshooting the host operating system, -without having to install software on the host. It is built on top of Podman -and other standard container technologies from OCI. +environments for software development and troubleshooting the host operating +system, without having to install software on the host. It is built on top of +Podman and other standard container technologies from OCI. Toolbx environments have seamless access to the user's home directory, the Wayland and X11 sockets, networking (including Avahi), removable devices (like @@ -110,14 +110,18 @@ Summary: Tests for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} Requires: coreutils +Requires: diffutils +# for gdbus(1) +Requires: glib2 Requires: grep -# for htpasswd +# for htpasswd(1) Requires: httpd-tools Requires: openssl +Requires: python3 Requires: skopeo Requires: slirp4netns %if ! 0%{?rhel} -Requires: bats >= 1.7.0 +Requires: bats >= 1.10.0 %endif @@ -128,16 +132,8 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q -%patch -P0 -p1 -%patch -P1 -p1 -%patch -P2 -p1 - %if 0%{?fedora} -%ifnarch ppc64 %patch -P100 -p1 -%else -%patch -P101 -p1 -%endif %endif %if 0%{?rhel} @@ -189,7 +185,7 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %files -%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md +%doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md %license COPYING %{?rhel:src/vendor/modules.txt} %{_bindir}/%{name} %{_datadir}/bash-completion @@ -208,6 +204,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Mon Sep 30 2024 Debarshi Ray - 0.0.99.6-1 +- Update to 0.0.99.6 + * Thu Sep 12 2024 Debarshi Ray - 0.0.99.5-18 - Rebuild against shadow-utils-subid ABI version 5.0.0 From f81e991c0ae5aca8fcac5f9a7163668d0d6ff98e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 2 Oct 2024 21:22:34 +0200 Subject: [PATCH 119/145] Silence 'rpminspect --tests=elf' With Toolbx 0.0.99.6, 'rpminspect --tests=elf', run by the Fedora CI, fails with: /usr/bin/toolbox lost full GNU_RELRO security protection This is because from version 0.0.99.6 onwards, toolbox(1) is only built with the '-z relro' linker flag, but not '-z now' [1]. Fallout from e447d41208358916b11090a3d90c5a08ac18ca96 [1] Upstream commit 83f28c52e47c2d44 https://github.com/containers/toolbox/commit/83f28c52e47c2d44 https://github.com/containers/toolbox/pull/1548 --- rpminspect.yaml | 3 +++ toolbox.spec | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/rpminspect.yaml b/rpminspect.yaml index ab3e59b..f0d9c5c 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -7,6 +7,9 @@ annocheck: extra_opts: hardened: --skip-run-path --skip-stack-prot +elf: + exclude_path: /usr/bin/toolbox + runpath: allowed_paths: - /run/host/usr/lib diff --git a/toolbox.spec b/toolbox.spec index d825b80..cd49e8a 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.6 %endif %endif -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -204,6 +204,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Wed Oct 02 2024 Debarshi Ray - 0.0.99.6-2 +- Silence 'rpminspect --tests=elf' + * Mon Sep 30 2024 Debarshi Ray - 0.0.99.6-1 - Update to 0.0.99.6 From 8da835d84a4bb1a614bfd986afcf52df1f17345c Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Thu, 3 Oct 2024 14:56:46 +0200 Subject: [PATCH 120/145] Unbreak the downstream Fedora CI Fallout from e447d41208358916b11090a3d90c5a08ac18ca96 --- ...-system-Unbreak-downstream-Fedora-CI.patch | 104 ++++++++++++++++++ toolbox.spec | 9 +- 2 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 toolbox-test-system-Unbreak-downstream-Fedora-CI.patch diff --git a/toolbox-test-system-Unbreak-downstream-Fedora-CI.patch b/toolbox-test-system-Unbreak-downstream-Fedora-CI.patch new file mode 100644 index 0000000..b743f2d --- /dev/null +++ b/toolbox-test-system-Unbreak-downstream-Fedora-CI.patch @@ -0,0 +1,104 @@ +From 1e90c721858b3119702b93445f535f9c23af88e6 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 2 Oct 2024 22:43:37 +0200 +Subject: [PATCH] test/system: Unbreak the downstream Fedora CI + +The working directory from which bats(1) is invoked might not be part of +the Toolbx container. eg., the downstream Fedora CI invokes the tests +as: + $ cd /path/to/toolbox/test/system + $ bats . + +... and it led to: + not ok 8 help: Try unknown command (forwarded to host) + # tags: commands-options + # (from function `assert_line' in file + ./libs/bats-assert/src/assert.bash, line 488, + # in test file ./002-help.bats, line 135) + # `assert_line --index 0 + "Error: unknown command \"foo\" for \"toolbox\""' failed + # + # -- line differs -- + # index : 0 + # expected : Error: unknown command "foo" for "toolbox" + # actual : Error: crun: chdir to `/usr/share/toolbox/test/system`: + No such file or directory: OCI runtime attempted to invoke a + command that was not found + # -- + # + +https://github.com/containers/toolbox/pull/1560 +--- + test/system/002-help.bats | 2 ++ + test/system/501-create.bats | 2 ++ + test/system/504-run.bats | 2 ++ + test/system/505-enter.bats | 2 ++ + 4 files changed, 8 insertions(+) + +diff --git a/test/system/002-help.bats b/test/system/002-help.bats +index 57e918a04d22..a8bfbc2c79d2 100644 +--- a/test/system/002-help.bats ++++ b/test/system/002-help.bats +@@ -25,9 +25,11 @@ setup() { + bats_require_minimum_version 1.10.0 + _setup_environment + cleanup_all ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_all + } + +diff --git a/test/system/501-create.bats b/test/system/501-create.bats +index 3f50f98e6bf3..cfb676b7001b 100644 +--- a/test/system/501-create.bats ++++ b/test/system/501-create.bats +@@ -25,9 +25,11 @@ setup() { + bats_require_minimum_version 1.8.0 + _setup_environment + cleanup_all ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_all + } + +diff --git a/test/system/504-run.bats b/test/system/504-run.bats +index cc5f6fa8bb09..6ee3e86af1ff 100644 +--- a/test/system/504-run.bats ++++ b/test/system/504-run.bats +@@ -25,9 +25,11 @@ setup() { + bats_require_minimum_version 1.8.0 + _setup_environment + cleanup_all ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_all + } + +diff --git a/test/system/505-enter.bats b/test/system/505-enter.bats +index 405d184f145e..57e58651623d 100644 +--- a/test/system/505-enter.bats ++++ b/test/system/505-enter.bats +@@ -25,9 +25,11 @@ setup() { + bats_require_minimum_version 1.8.0 + _setup_environment + cleanup_all ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_all + } + +-- +2.46.1 + diff --git a/toolbox.spec b/toolbox.spec index cd49e8a..c663c6e 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.6 %endif %endif -Release: 2%{?dist} +Release: 3%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -41,6 +41,9 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version # RHEL specific Source1: %{name}.conf +# Upstream +Patch0: toolbox-test-system-Unbreak-downstream-Fedora-CI.patch + # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -131,6 +134,7 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q +%patch -P0 -p1 %if 0%{?fedora} %patch -P100 -p1 @@ -204,6 +208,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Thu Oct 03 2024 Debarshi Ray - 0.0.99.6-3 +- Unbreak the downstream Fedora CI + * Wed Oct 02 2024 Debarshi Ray - 0.0.99.6-2 - Silence 'rpminspect --tests=elf' From 5ff63e6c804b067d11cb2be56b9b023805d3910d Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 4 Oct 2024 15:08:39 +0200 Subject: [PATCH 121/145] Use the fedora-toolbox:40 image for Fedora Asahi Remix hosts https://bugzilla.redhat.com/show_bug.cgi?id=2316312 --- ...-fallback-release-to-40-for-non-fedo.patch | 30 +++++++++++++++++++ toolbox.spec | 7 ++++- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 toolbox-Update-fallback-release-to-40-for-non-fedo.patch diff --git a/toolbox-Update-fallback-release-to-40-for-non-fedo.patch b/toolbox-Update-fallback-release-to-40-for-non-fedo.patch new file mode 100644 index 0000000..7bad62f --- /dev/null +++ b/toolbox-Update-fallback-release-to-40-for-non-fedo.patch @@ -0,0 +1,30 @@ +From b524f4cebd8c65746089f898e14a99c7cfded306 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 3 Oct 2024 22:08:04 +0200 +Subject: [PATCH] pkg/utils: Update fallback release to 40 for non-fedora hosts + +Fedora 38 reached End of Life on 21st May 2024: +https://docs.fedoraproject.org/en-US/releases/eol/ + +https://bugzilla.redhat.com/show_bug.cgi?id=2316312 +https://github.com/containers/toolbox/pull/1561 +--- + src/pkg/utils/utils.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go +index eefcd1eeb2cc..37a49fedf772 100644 +--- a/src/pkg/utils/utils.go ++++ b/src/pkg/utils/utils.go +@@ -64,7 +64,7 @@ const ( + containerNamePrefixFallback = "fedora-toolbox" + distroFallback = "fedora" + idTruncLength = 12 +- releaseFallback = "38" ++ releaseFallback = "40" + ) + + const ( +-- +2.46.1 + diff --git a/toolbox.spec b/toolbox.spec index c663c6e..9d39455 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.6 %endif %endif -Release: 3%{?dist} +Release: 4%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -43,6 +43,7 @@ Source1: %{name}.conf # Upstream Patch0: toolbox-test-system-Unbreak-downstream-Fedora-CI.patch +Patch1: toolbox-Update-fallback-release-to-40-for-non-fedo.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -135,6 +136,7 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q %patch -P0 -p1 +%patch -P1 -p1 %if 0%{?fedora} %patch -P100 -p1 @@ -208,6 +210,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Fri Oct 04 2024 Debarshi Ray - 0.0.99.6-4 +- Use the fedora-toolbox:40 image for Fedora Asahi Remix hosts + * Thu Oct 03 2024 Debarshi Ray - 0.0.99.6-3 - Unbreak the downstream Fedora CI From 2334d4ee5f410eaa9ff02d5349e2c21ba1f27eab Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 7 Oct 2024 16:02:21 +0200 Subject: [PATCH 122/145] Unify the build with RHEL 9 There's no need to do a build just for this. --- ...ation-paths-for-coreos-toolbox-users.patch | 49 ++++++++++--------- toolbox.spec | 2 +- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch index 88003a3..9f470cd 100644 --- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -1,4 +1,4 @@ -From d461caa5b1a278124d039df93140d2d5bf4eabe7 Mon Sep 17 00:00:00 2001 +From c25ad44b7cb50d470b1533931b7808cc194f0d50 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 18 Aug 2021 17:55:21 +0200 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST @@ -10,10 +10,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037 1 file changed, 1 insertion(+) diff --git a/src/cmd/run.go b/src/cmd/run.go -index 7657ffa50821..23d422623b14 100644 +index 719c0d6abb20..92a097283f38 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go -@@ -501,6 +501,7 @@ func constructExecArgs(container, preserveFDs string, +@@ -566,6 +566,7 @@ func constructExecArgs(container, preserveFDs string, execArgs = append(execArgs, envOptions...) execArgs = append(execArgs, []string{ @@ -22,10 +22,10 @@ index 7657ffa50821..23d422623b14 100644 "--preserve-fds", preserveFDs, }...) -- -2.39.2 +2.46.1 -From 3c2c67752e8f88f72058799cbce3612fc937b230 Mon Sep 17 00:00:00 2001 +From e7877a4d1d38dc35aa6da6c012ec9a23397b7aa4 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 13:42:15 +0100 Subject: [PATCH 2/2] test/system: Update to test the migration path for @@ -36,36 +36,39 @@ This reverts the changes to the tests made in commit ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit 3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed. --- - test/system/002-help.bats | 11 ----------- + test/system/002-help.bats | 14 -------------- test/system/100-root.bats | 27 +++++++++++++++++++++++++++ - 2 files changed, 27 insertions(+), 11 deletions(-) + 2 files changed, 27 insertions(+), 14 deletions(-) create mode 100644 test/system/100-root.bats diff --git a/test/system/002-help.bats b/test/system/002-help.bats -index 7e4565e9d23d..58a4c2c87ece 100644 +index a8bfbc2c79d2..5dd14025ea0b 100644 --- a/test/system/002-help.bats +++ b/test/system/002-help.bats -@@ -23,17 +23,6 @@ setup() { - _setup_environment +@@ -33,20 +33,6 @@ teardown() { + cleanup_all } --@test "help: Try to run toolbox with no command" { -- run $TOOLBOX +-@test "help: Smoke test" { +- run --keep-empty-lines --separate-stderr "$TOOLBX" - - assert_failure +- assert [ ${#lines[@]} -eq 0 ] +- lines=("${stderr_lines[@]}") - assert_line --index 0 "Error: missing command" -- assert_line --index 1 "create Create a new toolbox container" -- assert_line --index 2 "enter Enter an existing toolbox container" -- assert_line --index 3 "list List all existing toolbox containers and images" -- assert_line --index 4 "Run 'toolbox --help' for usage." +- assert_line --index 2 "create Create a new Toolbx container" +- assert_line --index 3 "enter Enter an existing Toolbx container" +- assert_line --index 4 "list List all existing Toolbx containers and images" +- assert_line --index 6 "Run 'toolbox --help' for usage." +- assert [ ${#stderr_lines[@]} -eq 7 ] -} - - @test "help: Run command 'help'" { + @test "help: Command 'help'" { if ! command -v man 2>/dev/null; then - skip "Test works only if man is in PATH" + skip "not found man(1)" diff --git a/test/system/100-root.bats b/test/system/100-root.bats new file mode 100644 -index 000000000000..32d87904213e +index 000000000000..cf35d60ac25c --- /dev/null +++ b/test/system/100-root.bats @@ -0,0 +1,27 @@ @@ -77,15 +80,15 @@ index 000000000000..32d87904213e + +setup() { + _setup_environment -+ cleanup_containers ++ cleanup_all +} + +teardown() { -+ cleanup_containers ++ cleanup_all +} + +@test "root: Try to enter the default container with no containers created" { -+ run $TOOLBOX <<< "n" ++ run "$TOOLBX" <<< "n" + + assert_success + assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command." @@ -97,5 +100,5 @@ index 000000000000..32d87904213e + skip "Testing of entering toolboxes is not implemented" +} -- -2.39.2 +2.46.1 diff --git a/toolbox.spec b/toolbox.spec index 9d39455..ee2f102 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -91,10 +91,10 @@ Recommends: skopeo Requires: containers-common Requires: podman >= 1.6.4 +Requires: shadow-utils-subid%{?_isa} >= 4.16.0 %if ! 0%{?rhel} Requires: flatpak-session-helper %endif -Requires: shadow-utils-subid%{?_isa} >= 4.16.0 %description From ea36bd0bb0dbcde2c8392b9b980235ab6d7d98b7 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 7 Oct 2024 16:06:55 +0200 Subject: [PATCH 123/145] Unify the build with RHEL There's no need to do a build just for this. --- ...d.patch => toolbox-Make-the-build-flags-match-Fedora.patch | 0 ...ora-CI.patch => toolbox-Unbreak-downstream-Fedora-CI.patch | 0 toolbox.spec | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch => toolbox-Make-the-build-flags-match-Fedora.patch (100%) rename toolbox-test-system-Unbreak-downstream-Fedora-CI.patch => toolbox-Unbreak-downstream-Fedora-CI.patch (100%) diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora.patch similarity index 100% rename from toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch rename to toolbox-Make-the-build-flags-match-Fedora.patch diff --git a/toolbox-test-system-Unbreak-downstream-Fedora-CI.patch b/toolbox-Unbreak-downstream-Fedora-CI.patch similarity index 100% rename from toolbox-test-system-Unbreak-downstream-Fedora-CI.patch rename to toolbox-Unbreak-downstream-Fedora-CI.patch diff --git a/toolbox.spec b/toolbox.spec index ee2f102..93e9854 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -42,11 +42,11 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version Source1: %{name}.conf # Upstream -Patch0: toolbox-test-system-Unbreak-downstream-Fedora-CI.patch +Patch0: toolbox-Unbreak-downstream-Fedora-CI.patch Patch1: toolbox-Update-fallback-release-to-40-for-non-fedo.patch # Fedora specific -Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +Patch100: toolbox-Make-the-build-flags-match-Fedora.patch # RHEL specific Patch200: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch From 1d3597789e9f3cc56bb7e5f2fbd9bd78b9345313 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 7 Oct 2024 16:19:11 +0200 Subject: [PATCH 124/145] Unify the build with RHEL There's no need to do a build just for this. --- ...x-Make-the-build-flags-match-RHEL-10.patch | 71 +++++++++++++++++++ ...ox-Make-the-build-flags-match-RHEL-9.patch | 50 +++++++++++++ ...flags-match-RHEL-s-gobuild-for-PPC64.patch | 55 -------------- ...the-build-flags-match-RHEL-s-gobuild.patch | 55 -------------- toolbox.spec | 10 +-- 5 files changed, 127 insertions(+), 114 deletions(-) create mode 100644 toolbox-Make-the-build-flags-match-RHEL-10.patch create mode 100644 toolbox-Make-the-build-flags-match-RHEL-9.patch delete mode 100644 toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch delete mode 100644 toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch diff --git a/toolbox-Make-the-build-flags-match-RHEL-10.patch b/toolbox-Make-the-build-flags-match-RHEL-10.patch new file mode 100644 index 0000000..e43e0eb --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch @@ -0,0 +1,71 @@ +From f08f64c0d5f2019055381c3c00426fe8545e5e31 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags} + +These reflect the defaults for RHEL 10.0 Beta, because RHEL 10.0 is +still early in its development cycle and the defaults may be in a state +of flux. Some exceptions are mentioned below. + +The '-z pack-relative-relocs' linker flag was left out. It's currently +not supported on s390x, so using it would require architecture specific +patches, which is a hassle. Support for aarch64 was recently added [1], +so hopefully s390x will also be supported soon. + +The change to use the RPM's %{name}, %{version}, %{release} and the +SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to +generate the build ID annotation for the toolbox(1) binary [2] was left +out. It will need more work to propagate the RPM's %{name}, %{version} +and %{release} to Meson. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL 10's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. + +[1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b + https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b + https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42 + https://issues.redhat.com/browse/RHEL-40379 + +[2] go-rpm-macros commit 1980932bf3a21890 + https://pagure.io/go-rpm-macros/c/1980932bf3a21890 + https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..5978422e9aed 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.46.1 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-9.patch b/toolbox-Make-the-build-flags-match-RHEL-9.patch new file mode 100644 index 0000000..2c15142 --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch @@ -0,0 +1,50 @@ +From ff1320fa869f1e4952836436ab2ad928cbba0987 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags} + +These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early +in its development cycle and the defaults may be in a state of flux. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..0a2c7526f210 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.46.1 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch deleted file mode 100644 index 15b52a8..0000000 --- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 973600219168f3c4efeb627c103085555327eaa5 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} for - PPC64 - -The Go toolchain also doesn't like the LDFLAGS environment variable as -exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't -like the compressed DWARF data generated by the Go toolchain. - -Note that these flags are only meant for the "ppc64" CPU architecture, -and should be kept updated to match RHEL's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..86f174716608 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,16 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.39.2 - diff --git a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch deleted file mode 100644 index 1fed4da..0000000 --- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch +++ /dev/null @@ -1,55 +0,0 @@ -From aeaa8cd30a8c5ad33ee1fe6b9e84ecbb28f7264c Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} - -The Go toolchain doesn't like the LDFLAGS environment variable as -exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't -like the compressed DWARF data generated by the Go toolchain. - -Note that these flags are meant for every CPU architecture other than -PPC64, and should be kept updated to match RHEL's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..d39764fda0c1 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,17 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -buildmode pie \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.39.2 - diff --git a/toolbox.spec b/toolbox.spec index 93e9854..1f0815c 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -49,8 +49,8 @@ Patch1: toolbox-Update-fallback-release-to-40-for-non-fedo.patch Patch100: toolbox-Make-the-build-flags-match-Fedora.patch # RHEL specific -Patch200: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch -Patch201: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +Patch200: toolbox-Make-the-build-flags-match-RHEL-9.patch +Patch201: toolbox-Make-the-build-flags-match-RHEL-10.patch Patch202: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch BuildRequires: gcc @@ -143,9 +143,11 @@ The %{name}-tests package contains system tests for %{name}. %endif %if 0%{?rhel} -%ifnarch ppc64 +%if 0%{?rhel} == 9 %patch -P200 -p1 -%else +%endif + +%if 0%{?rhel} == 10 %patch -P201 -p1 %endif From d91d2c85231a7808d58d96287fb905d9d734738b Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 7 Oct 2024 16:39:14 +0200 Subject: [PATCH 125/145] Don't use slirp4netns(1) in tests to work around bug in pasta(1) --- tests/roles/run_bats_tests/tasks/main.yml | 3 - toolbox-Revert-Work-around-bug-in-past.patch | 81 ++++++++++++++++++++ toolbox.spec | 8 +- 3 files changed, 87 insertions(+), 5 deletions(-) create mode 100644 toolbox-Revert-Work-around-bug-in-past.patch diff --git a/tests/roles/run_bats_tests/tasks/main.yml b/tests/roles/run_bats_tests/tasks/main.yml index c073f66..adc72f2 100644 --- a/tests/roles/run_bats_tests/tasks/main.yml +++ b/tests/roles/run_bats_tests/tasks/main.yml @@ -3,9 +3,6 @@ - name: initialize test.log file copy: dest=/tmp/test.log content='' force=yes mode=0666 -- name: install slirp4netns - dnf: name="slirp4netns" state=installed - - name: execute tests include_tasks: run_one_test.yml with_items: "{{ tests }}" diff --git a/toolbox-Revert-Work-around-bug-in-past.patch b/toolbox-Revert-Work-around-bug-in-past.patch new file mode 100644 index 0000000..5597a9f --- /dev/null +++ b/toolbox-Revert-Work-around-bug-in-past.patch @@ -0,0 +1,81 @@ +From ed14cd483ae45c5f4cf5596b11c384f4b42bb53b Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Fri, 4 Oct 2024 22:09:03 +0200 +Subject: [PATCH] Revert "playbooks, test/system: Work around bug in pasta(1) + networks" + +The bug in pasta(1) that necessitated this workaround has since been +fixed in passt 2024_05_10.7288448 [1]. Some host operating systems like +CentOS Stream 10 no longer have slirp4netns(1), and it's generally +better to test the defaults. + +This reverts commit b58f9a51088afbfc22edb0b25776cfa2c4d8cc40. + +[1] https://github.com/containers/podman/issues/22575 + https://archives.passt.top/passt-dev/20240508090338.2735208-1-sbrivio@redhat.com/ + https://archives.passt.top/passt-user/20240510225714.6aa8e6c0@elisabeth/ + +https://github.com/containers/toolbox/pull/1562 +--- + playbooks/dependencies-centos-9-stream.yaml | 3 +-- + playbooks/dependencies-fedora.yaml | 3 +-- + test/system/libs/helpers.bash | 1 - + 3 files changed, 2 insertions(+), 5 deletions(-) + +diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml +index 5c1194c03583..d058d314b7b3 100644 +--- a/playbooks/dependencies-centos-9-stream.yaml ++++ b/playbooks/dependencies-centos-9-stream.yaml +@@ -13,7 +13,6 @@ + - podman + - shadow-utils-subid-devel + - skopeo +- - slirp4netns + - systemd + - udisks2 + +@@ -55,7 +54,7 @@ + chdir: '{{ zuul.project.src_dir }}' + + - name: Check versions of crucial packages +- command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns ++ command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo + + - name: Show podman versions + command: podman version +diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml +index ea605135a4c2..8007ce958ddb 100644 +--- a/playbooks/dependencies-fedora.yaml ++++ b/playbooks/dependencies-fedora.yaml +@@ -35,7 +35,6 @@ + - podman + - shadow-utils-subid-devel + - skopeo +- - slirp4netns + - systemd + - udisks2 + use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}" +@@ -56,7 +55,7 @@ + chdir: '{{ zuul.project.src_dir }}' + + - name: Check versions of crucial packages +- command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns ++ command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo + + - name: Show podman versions + command: podman version +diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash +index dfd6236c2943..2d05641f5d0a 100644 +--- a/test/system/libs/helpers.bash ++++ b/test/system/libs/helpers.bash +@@ -195,7 +195,6 @@ function _setup_docker_registry() { + --env REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ + --env REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ + --name "${DOCKER_REG_NAME}" \ +- --network slirp4netns \ + --privileged \ + --publish 50000:5000 \ + --rm \ +-- +2.46.1 + diff --git a/toolbox.spec b/toolbox.spec index 1f0815c..5d4bd3e 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -31,7 +31,7 @@ Version: 0.0.99.6 %endif %endif -Release: 4%{?dist} +Release: 5%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -44,6 +44,7 @@ Source1: %{name}.conf # Upstream Patch0: toolbox-Unbreak-downstream-Fedora-CI.patch Patch1: toolbox-Update-fallback-release-to-40-for-non-fedo.patch +Patch2: toolbox-Revert-Work-around-bug-in-past.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora.patch @@ -123,7 +124,6 @@ Requires: httpd-tools Requires: openssl Requires: python3 Requires: skopeo -Requires: slirp4netns %if ! 0%{?rhel} Requires: bats >= 1.10.0 %endif @@ -137,6 +137,7 @@ The %{name}-tests package contains system tests for %{name}. %setup -q %patch -P0 -p1 %patch -P1 -p1 +%patch -P2 -p1 %if 0%{?fedora} %patch -P100 -p1 @@ -212,6 +213,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Mon Oct 07 2024 Debarshi Ray - 0.0.99.6-5 +- Don't use slirp4netns(1) in tests to work around bug in pasta(1) + * Fri Oct 04 2024 Debarshi Ray - 0.0.99.6-4 - Use the fedora-toolbox:40 image for Fedora Asahi Remix hosts From 8805e4b239bc4a83318257a51d16b3f1294c84ea Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Mon, 7 Oct 2024 17:43:14 -0400 Subject: [PATCH 126/145] Fix ELN build Otherwise, it fails with: Processing files: toolbox-debugsource-0.0.99.6-5.eln143.x86_64 RPM build errors: error: Empty %files file /builddir/build/BUILD/toolbox-0.0.99.6-build/toolbox-0.0.99.6/debugsourcefiles.list Empty %files file /builddir/build/BUILD/toolbox-0.0.99.6-build/toolbox-0.0.99.6/debugsourcefiles.list Child return code was: 1 https://src.fedoraproject.org/rpms/toolbox/pull-request/23 --- toolbox.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 5d4bd3e..8fa6d3f 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -28,6 +28,8 @@ Version: 0.0.99.6 %global toolbx_go 1.22.5 %elif 0%{?rhel} == 10 %global toolbx_go 1.22.5 +%elif 0%{?rhel} > 10 +%global toolbx_go 1.23.1 %endif %endif @@ -148,7 +150,7 @@ The %{name}-tests package contains system tests for %{name}. %patch -P200 -p1 %endif -%if 0%{?rhel} == 10 +%if 0%{?rhel} >= 10 %patch -P201 -p1 %endif From 120a6ce1a658995ad0a2d1ed9bfbc9e760654f20 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 16 Oct 2024 12:29:10 +0200 Subject: [PATCH 127/145] Recommend fuse-overlayfs because old containers created with it need it ... and: * containers-common removed fuse-overlayfs as even a weak dependency [1] * there are still several such containers out there in the wild [2,3] This should be removed once Toolbx can detect the situation and offer users a migration path. [1] Fedora containers-common commit 447945e59a01cb67 https://src.fedoraproject.org/rpms/containers-common/c/447945e59a01cb67 [2] https://discussion.fedoraproject.org/t/rpm-ostree-update-breaks-toolbox-fedora-40 [3] https://github.com/containers/toolbox/issues/1512 https://bugzilla.redhat.com/show_bug.cgi?id=2319121 --- toolbox.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 8fa6d3f..f7adb02 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -33,7 +33,7 @@ Version: 0.0.99.6 %endif %endif -Release: 5%{?dist} +Release: 6%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -90,6 +90,7 @@ BuildRequires: pkgconfig(fish) # BuildRequires: ShellCheck %endif +Recommends: fuse-overlayfs Recommends: skopeo Requires: containers-common @@ -215,6 +216,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Wed Oct 16 2024 Debarshi Ray - 0.0.99.6-6 +- Recommend fuse-overlayfs because old containers created with it need it + * Mon Oct 07 2024 Debarshi Ray - 0.0.99.6-5 - Don't use slirp4netns(1) in tests to work around bug in pasta(1) From 6f1c1c40528ddeeb97327fcdb297c99b75ff75f2 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 22 Oct 2024 22:07:21 +0200 Subject: [PATCH 128/145] Update to 0.1.0 ... and update the BuildRequires on golang to reflect reality. --- .gitignore | 1 + sources | 2 +- toolbox-Revert-Work-around-bug-in-past.patch | 81 -------------- toolbox-Unbreak-downstream-Fedora-CI.patch | 104 ------------------ ...-fallback-release-to-40-for-non-fedo.patch | 30 ----- toolbox.spec | 21 ++-- 6 files changed, 11 insertions(+), 228 deletions(-) delete mode 100644 toolbox-Revert-Work-around-bug-in-past.patch delete mode 100644 toolbox-Unbreak-downstream-Fedora-CI.patch delete mode 100644 toolbox-Update-fallback-release-to-40-for-non-fedo.patch diff --git a/.gitignore b/.gitignore index 8751077..f6ada90 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,4 @@ /toolbox-0.0.99.4-vendored.tar.xz /toolbox-0.0.99.5-vendored.tar.xz /toolbox-0.0.99.6-vendored.tar.xz +/toolbox-0.1.0-vendored.tar.xz diff --git a/sources b/sources index a7670e1..6105f3e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.6-vendored.tar.xz) = 9ecec200069e8e2536e5ece43d411f9025dba6f60573e7939a0fc26deef29f0297d405a44fd409e978879b0579ab0a79ace97228a199584854c638213fa219d7 +SHA512 (toolbox-0.1.0-vendored.tar.xz) = c3bfdbb6dfeabc0e7165605ef2beabf4b7d98fb68fb5f7bc59e21994c8d9a9efc5fd21f0dc5f15c37f30cbde24d3cac356fc901a651e9608cbe9731728a032a8 diff --git a/toolbox-Revert-Work-around-bug-in-past.patch b/toolbox-Revert-Work-around-bug-in-past.patch deleted file mode 100644 index 5597a9f..0000000 --- a/toolbox-Revert-Work-around-bug-in-past.patch +++ /dev/null @@ -1,81 +0,0 @@ -From ed14cd483ae45c5f4cf5596b11c384f4b42bb53b Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Fri, 4 Oct 2024 22:09:03 +0200 -Subject: [PATCH] Revert "playbooks, test/system: Work around bug in pasta(1) - networks" - -The bug in pasta(1) that necessitated this workaround has since been -fixed in passt 2024_05_10.7288448 [1]. Some host operating systems like -CentOS Stream 10 no longer have slirp4netns(1), and it's generally -better to test the defaults. - -This reverts commit b58f9a51088afbfc22edb0b25776cfa2c4d8cc40. - -[1] https://github.com/containers/podman/issues/22575 - https://archives.passt.top/passt-dev/20240508090338.2735208-1-sbrivio@redhat.com/ - https://archives.passt.top/passt-user/20240510225714.6aa8e6c0@elisabeth/ - -https://github.com/containers/toolbox/pull/1562 ---- - playbooks/dependencies-centos-9-stream.yaml | 3 +-- - playbooks/dependencies-fedora.yaml | 3 +-- - test/system/libs/helpers.bash | 1 - - 3 files changed, 2 insertions(+), 5 deletions(-) - -diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml -index 5c1194c03583..d058d314b7b3 100644 ---- a/playbooks/dependencies-centos-9-stream.yaml -+++ b/playbooks/dependencies-centos-9-stream.yaml -@@ -13,7 +13,6 @@ - - podman - - shadow-utils-subid-devel - - skopeo -- - slirp4netns - - systemd - - udisks2 - -@@ -55,7 +54,7 @@ - chdir: '{{ zuul.project.src_dir }}' - - - name: Check versions of crucial packages -- command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns -+ command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo - - - name: Show podman versions - command: podman version -diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml -index ea605135a4c2..8007ce958ddb 100644 ---- a/playbooks/dependencies-fedora.yaml -+++ b/playbooks/dependencies-fedora.yaml -@@ -35,7 +35,6 @@ - - podman - - shadow-utils-subid-devel - - skopeo -- - slirp4netns - - systemd - - udisks2 - use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}" -@@ -56,7 +55,7 @@ - chdir: '{{ zuul.project.src_dir }}' - - - name: Check versions of crucial packages -- command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns -+ command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo - - - name: Show podman versions - command: podman version -diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash -index dfd6236c2943..2d05641f5d0a 100644 ---- a/test/system/libs/helpers.bash -+++ b/test/system/libs/helpers.bash -@@ -195,7 +195,6 @@ function _setup_docker_registry() { - --env REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ - --env REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ - --name "${DOCKER_REG_NAME}" \ -- --network slirp4netns \ - --privileged \ - --publish 50000:5000 \ - --rm \ --- -2.46.1 - diff --git a/toolbox-Unbreak-downstream-Fedora-CI.patch b/toolbox-Unbreak-downstream-Fedora-CI.patch deleted file mode 100644 index b743f2d..0000000 --- a/toolbox-Unbreak-downstream-Fedora-CI.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 1e90c721858b3119702b93445f535f9c23af88e6 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Wed, 2 Oct 2024 22:43:37 +0200 -Subject: [PATCH] test/system: Unbreak the downstream Fedora CI - -The working directory from which bats(1) is invoked might not be part of -the Toolbx container. eg., the downstream Fedora CI invokes the tests -as: - $ cd /path/to/toolbox/test/system - $ bats . - -... and it led to: - not ok 8 help: Try unknown command (forwarded to host) - # tags: commands-options - # (from function `assert_line' in file - ./libs/bats-assert/src/assert.bash, line 488, - # in test file ./002-help.bats, line 135) - # `assert_line --index 0 - "Error: unknown command \"foo\" for \"toolbox\""' failed - # - # -- line differs -- - # index : 0 - # expected : Error: unknown command "foo" for "toolbox" - # actual : Error: crun: chdir to `/usr/share/toolbox/test/system`: - No such file or directory: OCI runtime attempted to invoke a - command that was not found - # -- - # - -https://github.com/containers/toolbox/pull/1560 ---- - test/system/002-help.bats | 2 ++ - test/system/501-create.bats | 2 ++ - test/system/504-run.bats | 2 ++ - test/system/505-enter.bats | 2 ++ - 4 files changed, 8 insertions(+) - -diff --git a/test/system/002-help.bats b/test/system/002-help.bats -index 57e918a04d22..a8bfbc2c79d2 100644 ---- a/test/system/002-help.bats -+++ b/test/system/002-help.bats -@@ -25,9 +25,11 @@ setup() { - bats_require_minimum_version 1.10.0 - _setup_environment - cleanup_all -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_all - } - -diff --git a/test/system/501-create.bats b/test/system/501-create.bats -index 3f50f98e6bf3..cfb676b7001b 100644 ---- a/test/system/501-create.bats -+++ b/test/system/501-create.bats -@@ -25,9 +25,11 @@ setup() { - bats_require_minimum_version 1.8.0 - _setup_environment - cleanup_all -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_all - } - -diff --git a/test/system/504-run.bats b/test/system/504-run.bats -index cc5f6fa8bb09..6ee3e86af1ff 100644 ---- a/test/system/504-run.bats -+++ b/test/system/504-run.bats -@@ -25,9 +25,11 @@ setup() { - bats_require_minimum_version 1.8.0 - _setup_environment - cleanup_all -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_all - } - -diff --git a/test/system/505-enter.bats b/test/system/505-enter.bats -index 405d184f145e..57e58651623d 100644 ---- a/test/system/505-enter.bats -+++ b/test/system/505-enter.bats -@@ -25,9 +25,11 @@ setup() { - bats_require_minimum_version 1.8.0 - _setup_environment - cleanup_all -+ pushd "$HOME" || return 1 - } - - teardown() { -+ popd || return 1 - cleanup_all - } - --- -2.46.1 - diff --git a/toolbox-Update-fallback-release-to-40-for-non-fedo.patch b/toolbox-Update-fallback-release-to-40-for-non-fedo.patch deleted file mode 100644 index 7bad62f..0000000 --- a/toolbox-Update-fallback-release-to-40-for-non-fedo.patch +++ /dev/null @@ -1,30 +0,0 @@ -From b524f4cebd8c65746089f898e14a99c7cfded306 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 3 Oct 2024 22:08:04 +0200 -Subject: [PATCH] pkg/utils: Update fallback release to 40 for non-fedora hosts - -Fedora 38 reached End of Life on 21st May 2024: -https://docs.fedoraproject.org/en-US/releases/eol/ - -https://bugzilla.redhat.com/show_bug.cgi?id=2316312 -https://github.com/containers/toolbox/pull/1561 ---- - src/pkg/utils/utils.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go -index eefcd1eeb2cc..37a49fedf772 100644 ---- a/src/pkg/utils/utils.go -+++ b/src/pkg/utils/utils.go -@@ -64,7 +64,7 @@ const ( - containerNamePrefixFallback = "fedora-toolbox" - distroFallback = "fedora" - idTruncLength = 12 -- releaseFallback = "38" -+ releaseFallback = "40" - ) - - const ( --- -2.46.1 - diff --git a/toolbox.spec b/toolbox.spec index f7adb02..212cc19 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.0.99.6 +Version: 0.1.0 %global goipath github.com/containers/%{name} @@ -20,7 +20,7 @@ Version: 0.0.99.6 %global toolbx_go 1.20 %if 0%{?fedora} -%global toolbx_go 1.22 +%global toolbx_go 1.22.7 %endif %if 0%{?rhel} @@ -33,7 +33,7 @@ Version: 0.0.99.6 %endif %endif -Release: 6%{?dist} +Release: 1%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -43,11 +43,6 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version # RHEL specific Source1: %{name}.conf -# Upstream -Patch0: toolbox-Unbreak-downstream-Fedora-CI.patch -Patch1: toolbox-Update-fallback-release-to-40-for-non-fedo.patch -Patch2: toolbox-Revert-Work-around-bug-in-past.patch - # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora.patch @@ -90,8 +85,10 @@ BuildRequires: pkgconfig(fish) # BuildRequires: ShellCheck %endif -Recommends: fuse-overlayfs Recommends: skopeo +%if ! 0%{?rhel} +Recommends: fuse-overlayfs +%endif Requires: containers-common Requires: podman >= 1.6.4 @@ -138,9 +135,6 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q -%patch -P0 -p1 -%patch -P1 -p1 -%patch -P2 -p1 %if 0%{?fedora} %patch -P100 -p1 @@ -216,6 +210,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Tue Oct 22 2024 Debarshi Ray - 0.1.0-1 +- Update to 0.1.0 + * Wed Oct 16 2024 Debarshi Ray - 0.0.99.6-6 - Recommend fuse-overlayfs because old containers created with it need it From 8ec06e58caef451a542c5c70684af9c2dfddcc8f Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 4 Nov 2024 15:50:36 +0100 Subject: [PATCH 129/145] Update to 0.1.1 https://bugzilla.redhat.com/show_bug.cgi?id=2323150 --- .gitignore | 1 + sources | 2 +- toolbox.spec | 9 ++++++--- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index f6ada90..f8a0e7d 100644 --- a/.gitignore +++ b/.gitignore @@ -33,3 +33,4 @@ /toolbox-0.0.99.5-vendored.tar.xz /toolbox-0.0.99.6-vendored.tar.xz /toolbox-0.1.0-vendored.tar.xz +/toolbox-0.1.1-vendored.tar.xz diff --git a/sources b/sources index 6105f3e..a197a89 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.1.0-vendored.tar.xz) = c3bfdbb6dfeabc0e7165605ef2beabf4b7d98fb68fb5f7bc59e21994c8d9a9efc5fd21f0dc5f15c37f30cbde24d3cac356fc901a651e9608cbe9731728a032a8 +SHA512 (toolbox-0.1.1-vendored.tar.xz) = dc3aa19f504de49addfe85fa800a0e553c65292cf0d48bca60946251fb8d7ba8bc53c9411a7db5f83f1d256ec960b0f22d2d5798f022be5b704c2bf3531f4ba1 diff --git a/toolbox.spec b/toolbox.spec index 212cc19..356b732 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.1.0 +Version: 0.1.1 %global goipath github.com/containers/%{name} @@ -63,7 +63,7 @@ BuildRequires: systemd-rpm-macros BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1 BuildRequires: golang-ipath(github.com/NVIDIA/go-nvlib) >= 0.6.1 BuildRequires: golang-ipath(github.com/NVIDIA/go-nvml) >= 0.12.4.0 -BuildRequires: golang-ipath(github.com/NVIDIA/nvidia-container-toolkit) >= 1.16.1 +BuildRequires: golang-ipath(github.com/NVIDIA/nvidia-container-toolkit) >= 1.16.2 BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0 BuildRequires: golang(github.com/briandowns/spinner) >= 1.18.0 BuildRequires: golang(github.com/docker/go-units) >= 0.5.0 @@ -74,7 +74,7 @@ BuildRequires: golang(github.com/google/renameio/v2) >= 2.0.0 BuildRequires: golang(github.com/sirupsen/logrus) >= 1.9.3 BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0 BuildRequires: golang(github.com/spf13/viper) >= 1.10.1 -BuildRequires: golang-ipath(golang.org/x/sys) >= 0.22.0 +BuildRequires: golang-ipath(golang.org/x/sys) >= 0.24.0 BuildRequires: golang(golang.org/x/text) >= 0.3.8 BuildRequires: golang-ipath(gopkg.in/yaml.v3) >= 3.0.1 BuildRequires: golang-ipath(tags.cncf.io/container-device-interface) >= 0.8.0 @@ -210,6 +210,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Mon Nov 04 2024 Debarshi Ray - 0.1.1-1 +- Update to 0.1.1 + * Tue Oct 22 2024 Debarshi Ray - 0.1.0-1 - Update to 0.1.0 From d61e4b81c982975b0fa7b97492347b515636aa89 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 19 Jan 2025 13:06:21 +0000 Subject: [PATCH 130/145] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index 356b732..919c346 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -33,7 +33,7 @@ Version: 0.1.1 %endif %endif -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -210,6 +210,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Sun Jan 19 2025 Fedora Release Engineering - 0.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Mon Nov 04 2024 Debarshi Ray - 0.1.1-1 - Update to 0.1.1 From d6c4d7c587f9959e8785783ea43318e38c7dcc2f Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 22 Jan 2025 19:34:20 +0100 Subject: [PATCH 131/145] Use RPM macros for shell completions and clean up directory ownership ... as recommended by the Fedora packaging guidelines [1,2]. This was made possible by two recent developments. First, the parent directories for shell completions are now owned by the filesystem RPM [3,4]. So, there won't be any unowned directories, if the toolbox RPM doesn't own them without depending on some other package that owns those directories. Second, there are now RPM macros for the parent directories for shell completions [5]. [1] https://docs.fedoraproject.org/es/packaging-guidelines/ShellCompletions/ [2] https://docs.fedoraproject.org/es/packaging-guidelines/UnownedDirectories/ [3] Fedora filesystem commit 47d37ac94192f792 https://src.fedoraproject.org/rpms/filesystem/c/47d37ac94192f792 https://bugzilla.redhat.com/show_bug.cgi?id=1312594 [4] Fedora filesystem commit 4c45982cd067557e https://src.fedoraproject.org/rpms/filesystem/c/4c45982cd067557e https://bugzilla.redhat.com/show_bug.cgi?id=1504616 [5] Fedora redhat-rpm-config commit 483a3b89d74c6f0b https://src.fedoraproject.org/rpms/redhat-rpm-config/c/483a3b89d74c6f0b --- toolbox.spec | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 919c346..1cea2aa 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -33,7 +33,7 @@ Version: 0.1.1 %endif %endif -Release: 2%{?dist} +Release: 3%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -164,14 +164,14 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ %meson \ %if 0%{?rhel} - -Dfish_completions_dir=%{_datadir}/fish/vendor_completions.d \ + -Dfish_completions_dir=%{fish_completions_dir} \ %if 0%{?rhel} <= 9 -Dmigration_path_for_coreos_toolbox=true \ %endif %endif -Dprofile_dir=%{_sysconfdir}/profile.d \ -Dtmpfiles_dir=%{_tmpfilesdir} \ - -Dzsh_completions_dir=%{_datadir}/zsh/site-functions + -Dzsh_completions_dir=%{zsh_completions_dir} %meson_build @@ -194,15 +194,15 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md %license COPYING %{?rhel:src/vendor/modules.txt} %{_bindir}/%{name} -%{_datadir}/bash-completion -%{_datadir}/fish -%{_datadir}/zsh %{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{name}-*.1* %{_mandir}/man5/%{name}.conf.5* %config(noreplace) %{_sysconfdir}/containers/%{name}.conf %{_sysconfdir}/profile.d/%{name}.sh %{_tmpfilesdir}/%{name}.conf +%{bash_completions_dir}/%{name}.bash +%{fish_completions_dir}/%{name}.fish +%{zsh_completions_dir}/_%{name} %files tests @@ -210,6 +210,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Wed Jan 22 2025 Debarshi Ray - 0.1.1-3 +- Use RPM macros for shell completions and clean up directory ownership + * Sun Jan 19 2025 Fedora Release Engineering - 0.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 0cbcff3ba45a4c92dd10382f891b84b78503e9ba Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 23 Jan 2025 15:24:12 +0530 Subject: [PATCH 132/145] TMT: Initial enablement This PR will enable test runs using TMT. These tests can be maintained here for starters and fetched and reused in the podman rpm for toolbox tests on bodhi updates. https://src.fedoraproject.org/rpms/toolbox/pull-request/24 --- .fmf/version | 1 + plans/main.fmf | 4 ++ tests/main.fmf | 10 +++ tests/roles/nonroot_user/tasks/main.yml | 7 -- .../run_bats_tests/files/run_bats_tests.sh | 72 ------------------- tests/roles/run_bats_tests/tasks/main.yml | 37 ---------- .../run_bats_tests/tasks/run_one_test.yml | 52 -------------- tests/rootless-test.sh | 11 +++ tests/tests.yml | 12 ---- tests/tmt-envvars | 18 +++++ 10 files changed, 44 insertions(+), 180 deletions(-) create mode 100644 .fmf/version create mode 100644 plans/main.fmf create mode 100644 tests/main.fmf delete mode 100644 tests/roles/nonroot_user/tasks/main.yml delete mode 100755 tests/roles/run_bats_tests/files/run_bats_tests.sh delete mode 100644 tests/roles/run_bats_tests/tasks/main.yml delete mode 100644 tests/roles/run_bats_tests/tasks/run_one_test.yml create mode 100644 tests/rootless-test.sh delete mode 100644 tests/tests.yml create mode 100644 tests/tmt-envvars diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..e6427de --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,4 @@ +discover: + how: fmf +execute: + how: tmt diff --git a/tests/main.fmf b/tests/main.fmf new file mode 100644 index 0000000..c489385 --- /dev/null +++ b/tests/main.fmf @@ -0,0 +1,10 @@ +environment: + ROOTLESS_USER: "fedora" + TMPDIR: /var/tmp +require: + - toolbox-tests + +/rootless: + summary: rootless test + test: bash ./rootless-test.sh + duration: 120m diff --git a/tests/roles/nonroot_user/tasks/main.yml b/tests/roles/nonroot_user/tasks/main.yml deleted file mode 100644 index 51bf44a..0000000 --- a/tests/roles/nonroot_user/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: create nonroot user - user: - name: testuser - shell: /bin/bash -- name: enable linger - command: loginctl enable-linger testuser diff --git a/tests/roles/run_bats_tests/files/run_bats_tests.sh b/tests/roles/run_bats_tests/files/run_bats_tests.sh deleted file mode 100755 index e9f5f5f..0000000 --- a/tests/roles/run_bats_tests/files/run_bats_tests.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -# -# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman -# -# This is invoked by the 'run_bats_tests' role; we assume that -# the package foo has a foo-tests subpackage which provides the -# directory /usr/share/foo/test/system, containing one or more .bats -# test files. -# - -export PATH=/usr/local/bin:/usr/sbin:/usr/bin - -FULL_LOG=/tmp/test.debug.log -BATS_LOG=/tmp/test.bats.log -rm -f $FULL_LOG $BATS_LOG -touch $FULL_LOG $BATS_LOG - -exec &> $FULL_LOG - -# Log program versions -echo "Packages:" -rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests - -echo "------------------------------" -printenv | sort - -testdir=/usr/share/${TEST_PACKAGE}/test/system - -if ! cd $testdir; then - echo "FAIL ${TEST_NAME} : cd $testdir" >> /tmp/test.log - exit 0 -fi - -if [ -e /tmp/helper.sh ]; then - echo "------------------------------" - echo ". /tmp/helper.sh" - . /tmp/helper.sh -fi - -if [ "$(type -t setup)" = "function" ]; then - echo "------------------------------" - echo "\$ setup" - setup - if [ $? -ne 0 ]; then - echo "FAIL ${TEST_NAME} : setup" >> /tmp/test.log - exit 0 - fi -fi - -echo "------------------------------" -echo "\$ bats ." -bats . &> $BATS_LOG -rc=$? - -echo "------------------------------" -echo "bats completed with status $rc" - -status=PASS -if [ $rc -ne 0 ]; then - status=FAIL -fi - -echo "${status} ${TEST_NAME}" >> /tmp/test.log - -if [ "$(type -t teardown)" = "function" ]; then - echo "------------------------------" - echo "\$ teardown" - teardown -fi - -# FIXME: for CI purposes, always exit 0. This allows subsequent tests. -exit 0 diff --git a/tests/roles/run_bats_tests/tasks/main.yml b/tests/roles/run_bats_tests/tasks/main.yml deleted file mode 100644 index adc72f2..0000000 --- a/tests/roles/run_bats_tests/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Create empty results file, world-writable -- name: initialize test.log file - copy: dest=/tmp/test.log content='' force=yes mode=0666 - -- name: execute tests - include_tasks: run_one_test.yml - with_items: "{{ tests }}" - loop_control: - loop_var: test - -- name: pull test.log results - fetch: - src: "/tmp/test.log" - dest: "{{ artifacts }}/test.log" - flat: yes - -# Copied from standard-test-basic -- name: check results - shell: grep "^FAIL" /tmp/test.log - register: test_fails - # Never fail at this step. Just store result of tests. - failed_when: False - -- name: preserve results - set_fact: - role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}" - role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}" - -- name: display results - vars: - msg: | - Tests failed: {{ role_result_failed|d('Undefined') }} - Tests msg: {{ role_result_msg|d('None') }} - debug: - msg: "{{ msg.split('\n') }}" - failed_when: "role_result_failed|bool" diff --git a/tests/roles/run_bats_tests/tasks/run_one_test.yml b/tests/roles/run_bats_tests/tasks/run_one_test.yml deleted file mode 100644 index bf45754..0000000 --- a/tests/roles/run_bats_tests/tasks/run_one_test.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: "{{ test.name }} | install test packages" - dnf: name="{{ test.package }}-tests" state=installed - -- name: "{{ test.name }} | define helper variables" - set_fact: - test_name_oneword: "{{ test.name | replace(' ','-') }}" - -# UGH. This is necessary because our caller sets some environment variables -# and we need to set a few more based on other caller variables; then we -# need to combine the two dicts when running the test. This seems to be -# the only way to do it in ansible. -- name: "{{ test.name }} | define local environment" - set_fact: - local_environment: - TEST_NAME: "{{ test.name }}" - TEST_PACKAGE: "{{ test.package }}" - TMPDIR: "/var/tmp" - -- name: "{{ test.name }} | setup/teardown helper | see if exists" - local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh - register: helper - -- name: "{{ test.name }} | setup/teardown helper | install" - copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh - when: helper.stat.exists - -- name: "{{ test.name }} | run test" - script: ./run_bats_tests.sh - args: - chdir: /usr/share/{{ test.package }}/test/system - become: "{{ true if test.become is defined else false }}" - become_user: testuser - environment: "{{ local_environment }}" - -- name: "{{ test.name }} | pull logs" - fetch: - src: "/tmp/test.{{ item }}.log" - dest: "{{ artifacts }}/test.{{ test_name_oneword }}.{{ item }}.log" - flat: yes - with_items: - - bats - - debug - -- name: "{{ test.name }} | remove remote logs and helpers" - file: - dest=/tmp/{{ item }} - state=absent - with_items: - - test.bats.log - - test.debug.log - - helper.sh diff --git a/tests/rootless-test.sh b/tests/rootless-test.sh new file mode 100644 index 0000000..16da9fe --- /dev/null +++ b/tests/rootless-test.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -exo pipefail + +uname -r + +loginctl enable-linger "$ROOTLESS_USER" + +rpm -q containers-common-extra podman toolbox + +su --whitelist-environment=$(cat ./tmt-envvars | tr '\n' ',') - "$ROOTLESS_USER" -c "whoami && cd /usr/share/toolbox/test/system && bats ." diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index e7ff188..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: localhost - tags: classic - vars: - - artifacts: ./artifacts - roles: - - role: nonroot_user - - role: run_bats_tests - tests: - - name: toolbox - package: toolbox - become: true diff --git a/tests/tmt-envvars b/tests/tmt-envvars new file mode 100644 index 0000000..6b4b747 --- /dev/null +++ b/tests/tmt-envvars @@ -0,0 +1,18 @@ +TMT_TREE +TMT_PLAN_DATA +TMT_VERSION +TMT_TEST_NAME +TMT_TEST_DATA +TMT_TEST_SERIAL_NUMBER +TMT_TEST_ITERATION_ID +TMT_TEST_METADATA +TMT_SOURCE_DIR +TMT_REBOOT_COUNT +TMT_TEST_RESTART_COUNT +TMT_TOPOLOGY_BASH +TMT_TOPOLOGY_YAML +TMT_TEST_PIDFILE +TMT_TEST_PIDFILE_LOCK +TMT_TEST_PIDFILE_ROOT +ROOTLESS_USER +TMPDIR From a3506a3263d8003ac1803ac7b48876ec40cb4f82 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 2 Jun 2025 17:04:56 +0200 Subject: [PATCH 133/145] Update to 0.1.2 Switch to vendored dependencies on Fedora because the package for github.com/spf13/viper (ie., golang-github-spf13-viper) currently has broken dependencies because a number of Go packages were recently orphaned and retired. Hopefully, this is aligned with the direction the Go ecosystem in Fedora is taking [1], and won't lead to too many problems. This further unifies Fedora with RHEL, which was already using vendored dependencies. Now that all the Go dependencies are in the src/vendor directory, there's no need to mess around with the GO111MODULE (ie., gomodulesmode) and GOPATH environment variables. Those were probably already not needed on RHEL. [1] https://fedoraproject.org/wiki/Changes/GolangPackagesVendoredByDefault https://bugzilla.redhat.com/show_bug.cgi?id=2370151 --- .gitignore | 1 + sources | 2 +- ...ox-Make-the-build-flags-match-Fedora.patch | 19 +++++++++-- ...x-Make-the-build-flags-match-RHEL-10.patch | 4 +-- ...ox-Make-the-build-flags-match-RHEL-9.patch | 4 +-- toolbox.spec | 33 +++++-------------- 6 files changed, 31 insertions(+), 32 deletions(-) diff --git a/.gitignore b/.gitignore index f8a0e7d..4222058 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ /toolbox-0.0.99.6-vendored.tar.xz /toolbox-0.1.0-vendored.tar.xz /toolbox-0.1.1-vendored.tar.xz +/toolbox-0.1.2-vendored.tar.xz diff --git a/sources b/sources index a197a89..fc880e6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.1.1-vendored.tar.xz) = dc3aa19f504de49addfe85fa800a0e553c65292cf0d48bca60946251fb8d7ba8bc53c9411a7db5f83f1d256ec960b0f22d2d5798f022be5b704c2bf3531f4ba1 +SHA512 (toolbox-0.1.2-vendored.tar.xz) = 1d1b461b84d0c995c4f793eb154815c1ed68ce3545dfb8e711a0061484efb988e796bca43f7ada3c8d9eb0673c6c1fe9f923226eff6e7bc3de9e4b2e2e44485e diff --git a/toolbox-Make-the-build-flags-match-Fedora.patch b/toolbox-Make-the-build-flags-match-Fedora.patch index 27fd99d..92123b4 100644 --- a/toolbox-Make-the-build-flags-match-Fedora.patch +++ b/toolbox-Make-the-build-flags-match-Fedora.patch @@ -1,11 +1,26 @@ -From 7dc70160c8ff531473004e879dd57ec303789d71 Mon Sep 17 00:00:00 2001 +From 767c59c40128dda3d29191be8289ff16af888187 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} +These reflect the defaults for Fedora 39, which is the oldest supported +Fedora, barring some exceptions mentioned below. + +The change to use the RPM's %{name}, %{version}, %{release} and the +SOURCE_DATE_EPOCH environment variable [1], instead of /dev/urandom, to +generate the build ID annotation for the toolbox(1) binary [2] was left +out. It will need more work to propagate the RPM's %{name}, %{version} +and %{release} to Meson. + Note that these flags are meant for every CPU architecture other than PPC64, and should be kept updated to match Fedora's Go guidelines. Use 'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. + +[1] https://reproducible-builds.org/docs/source-date-epoch/ + +[2] go-rpm-macros commit 1980932bf3a21890 + https://pagure.io/go-rpm-macros/c/1980932bf3a21890 + https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds --- src/go-build-wrapper | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) @@ -43,5 +58,5 @@ index a5a1a6a508fb..5978422e9aed 100755 exit "$?" -- -2.46.1 +2.49.0 diff --git a/toolbox-Make-the-build-flags-match-RHEL-10.patch b/toolbox-Make-the-build-flags-match-RHEL-10.patch index e43e0eb..5677d56 100644 --- a/toolbox-Make-the-build-flags-match-RHEL-10.patch +++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch @@ -1,4 +1,4 @@ -From f08f64c0d5f2019055381c3c00426fe8545e5e31 Mon Sep 17 00:00:00 2001 +From 2090a139dc6b9be6d51fbd7875fda06b6502cda0 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags} @@ -67,5 +67,5 @@ index a5a1a6a508fb..5978422e9aed 100755 exit "$?" -- -2.46.1 +2.49.0 diff --git a/toolbox-Make-the-build-flags-match-RHEL-9.patch b/toolbox-Make-the-build-flags-match-RHEL-9.patch index 2c15142..0804f78 100644 --- a/toolbox-Make-the-build-flags-match-RHEL-9.patch +++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch @@ -1,4 +1,4 @@ -From ff1320fa869f1e4952836436ab2ad928cbba0987 Mon Sep 17 00:00:00 2001 +From 3603ef5eff9615b7df2bf665fd5edc9434d99f6e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags} @@ -46,5 +46,5 @@ index a5a1a6a508fb..0a2c7526f210 100755 exit "$?" -- -2.46.1 +2.49.0 diff --git a/toolbox.spec b/toolbox.spec index 1cea2aa..f03f005 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.1.1 +Version: 0.1.2 %global goipath github.com/containers/%{name} @@ -33,7 +33,7 @@ Version: 0.1.1 %endif %endif -Release: 3%{?dist} +Release: 1%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -60,31 +60,13 @@ BuildRequires: shadow-utils-subid-devel >= 4.16.0 BuildRequires: systemd BuildRequires: systemd-rpm-macros %if ! 0%{?rhel} -BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1 -BuildRequires: golang-ipath(github.com/NVIDIA/go-nvlib) >= 0.6.1 -BuildRequires: golang-ipath(github.com/NVIDIA/go-nvml) >= 0.12.4.0 -BuildRequires: golang-ipath(github.com/NVIDIA/nvidia-container-toolkit) >= 1.16.2 -BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0 -BuildRequires: golang(github.com/briandowns/spinner) >= 1.18.0 -BuildRequires: golang(github.com/docker/go-units) >= 0.5.0 -BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.7.0 -BuildRequires: golang(github.com/go-logfmt/logfmt) >= 0.5.0 -BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6 -BuildRequires: golang(github.com/google/renameio/v2) >= 2.0.0 -BuildRequires: golang(github.com/sirupsen/logrus) >= 1.9.3 -BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0 -BuildRequires: golang(github.com/spf13/viper) >= 1.10.1 -BuildRequires: golang-ipath(golang.org/x/sys) >= 0.24.0 -BuildRequires: golang(golang.org/x/text) >= 0.3.8 -BuildRequires: golang-ipath(gopkg.in/yaml.v3) >= 3.0.1 -BuildRequires: golang-ipath(tags.cncf.io/container-device-interface) >= 0.8.0 BuildRequires: pkgconfig(fish) # for tests # BuildRequires: codespell -# BuildRequires: golang(github.com/stretchr/testify) >= 1.9.0 # BuildRequires: ShellCheck %endif +Recommends: p11-kit-server Recommends: skopeo %if ! 0%{?rhel} Recommends: fuse-overlayfs @@ -154,12 +136,10 @@ The %{name}-tests package contains system tests for %{name}. %endif %endif -%gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k} +%gomkdir -s %{_builddir}/%{extractdir}/src -k %build -export %{gomodulesmode} -export GOPATH=%{gobuilddir}:%{gopath} export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" %meson \ @@ -192,7 +172,7 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %files %doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md -%license COPYING %{?rhel:src/vendor/modules.txt} +%license COPYING src/vendor/modules.txt %{_bindir}/%{name} %{_mandir}/man1/%{name}.1* %{_mandir}/man1/%{name}-*.1* @@ -210,6 +190,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Tue Jun 03 2025 Debarshi Ray - 0.1.2-1 +- Update to 0.1.2 + * Wed Jan 22 2025 Debarshi Ray - 0.1.1-3 - Use RPM macros for shell completions and clean up directory ownership From 23a91e7031864e06fb59cb9845ceb34994b6aa8b Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 16 Jun 2025 16:04:11 +0200 Subject: [PATCH 134/145] Update the baseline BuildRequires on golang ... to match what Toolbx 0.1.2 actually needs [1]. There's no need to do a build just for this. Fallout from a3506a3263d8003ac1803ac7b48876ec40cb4f82 [1] Upstream commit 82e85bac9f5e69a5 https://github.com/containers/toolbox/commit/82e85bac9f5e69a5 https://github.com/containers/toolbox/pull/1614 --- toolbox.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index f03f005..54391fe 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,7 +17,7 @@ Version: 0.1.2 %endif %endif -%global toolbx_go 1.20 +%global toolbx_go 1.21 %if 0%{?fedora} %global toolbx_go 1.22.7 From cf4d77aa240641d4491233190ba6fed4d6aaf302 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 16 Jun 2025 16:21:06 +0200 Subject: [PATCH 135/145] Update the BuildRequires on golang for Fedora and ELN to reflect reality There's no need to do a build just for this. --- toolbox.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 54391fe..8597843 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -20,7 +20,7 @@ Version: 0.1.2 %global toolbx_go 1.21 %if 0%{?fedora} -%global toolbx_go 1.22.7 +%global toolbx_go 1.23.9 %endif %if 0%{?rhel} @@ -29,7 +29,7 @@ Version: 0.1.2 %elif 0%{?rhel} == 10 %global toolbx_go 1.22.5 %elif 0%{?rhel} > 10 -%global toolbx_go 1.23.1 +%global toolbx_go 1.24.3 %endif %endif From 07f1db2b0d3a912118493fcd263da74bdf5f3844 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 16 Jun 2025 19:47:18 +0200 Subject: [PATCH 136/145] Revert "Don't 'Requires: flatpak-session-helper' on RHEL" The org.freedesktop.Flatpak D-Bus service provided by the flatpak-session-helper RPM is not just needed to use containers created by Toolbx < 0.0.97 [1,2]. It's needed on the host when toolbox(1) invocations inside a container are forwarded to the host with 'flatpak-spawn --host ...'. This has been true since Toolbx >= 0.0.6 [3], and, hence, flatpak-session-helper is needed on RHEL. There's no need to do a build just for this. This reverts commit a8b4975b5ccc52a4161a9ff21a2e9a2f6c0f7407. [1] Upstream commit 82c32bea742621a3 https://github.com/containers/toolbox/commit/82c32bea742621a3 https://github.com/containers/toolbox/pull/591 https://github.com/containers/toolbox/issues/267 [2] Upstream commit 71b5c8c0a235249b https://github.com/containers/toolbox/commit/71b5c8c0a235249b https://github.com/containers/toolbox/pull/591 https://github.com/containers/toolbox/issues/267 [3] Upstream commit 5b3d234c9e9ef45f https://github.com/containers/toolbox/commit/5b3d234c9e9ef45f https://github.com/containers/toolbox/pull/54 --- toolbox.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/toolbox.spec b/toolbox.spec index 8597843..f86b99d 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -73,11 +73,9 @@ Recommends: fuse-overlayfs %endif Requires: containers-common +Requires: flatpak-session-helper Requires: podman >= 1.6.4 Requires: shadow-utils-subid%{?_isa} >= 4.16.0 -%if ! 0%{?rhel} -Requires: flatpak-session-helper -%endif %description From 3a4c4677a1f943fe519fecdd37486777f92b5cd7 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 16 Jun 2025 22:29:28 +0200 Subject: [PATCH 137/145] Unify the build with RHEL There's no need to do a build just for this. --- ...igration-paths-for-coreos-toolbox-users.patch | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch index 9f470cd..c21625e 100644 --- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -1,4 +1,4 @@ -From c25ad44b7cb50d470b1533931b7808cc194f0d50 Mon Sep 17 00:00:00 2001 +From 401abbfb6f820670bc14ca5c555151a0a657b67b Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 18 Aug 2021 17:55:21 +0200 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST @@ -10,10 +10,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037 1 file changed, 1 insertion(+) diff --git a/src/cmd/run.go b/src/cmd/run.go -index 719c0d6abb20..92a097283f38 100644 +index 7094c3a4eec9..f6c7acffe76a 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go -@@ -566,6 +566,7 @@ func constructExecArgs(container, preserveFDs string, +@@ -573,6 +573,7 @@ func constructExecArgs(container, preserveFDs string, execArgs = append(execArgs, envOptions...) execArgs = append(execArgs, []string{ @@ -22,10 +22,10 @@ index 719c0d6abb20..92a097283f38 100644 "--preserve-fds", preserveFDs, }...) -- -2.46.1 +2.49.0 -From e7877a4d1d38dc35aa6da6c012ec9a23397b7aa4 Mon Sep 17 00:00:00 2001 +From a5d5fdfe8539af0a23af5a5503197389a0a4d0dd Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 13:42:15 +0100 Subject: [PATCH 2/2] test/system: Update to test the migration path for @@ -42,10 +42,10 @@ ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit create mode 100644 test/system/100-root.bats diff --git a/test/system/002-help.bats b/test/system/002-help.bats -index a8bfbc2c79d2..5dd14025ea0b 100644 +index 921c23b51a44..192603d71aba 100644 --- a/test/system/002-help.bats +++ b/test/system/002-help.bats -@@ -33,20 +33,6 @@ teardown() { +@@ -34,20 +34,6 @@ teardown_file() { cleanup_all } @@ -100,5 +100,5 @@ index 000000000000..cf35d60ac25c + skip "Testing of entering toolboxes is not implemented" +} -- -2.46.1 +2.49.0 From 63c067cd193cf43db8e33524c4176c2e8c666c7e Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 4 Jun 2025 09:06:16 -0400 Subject: [PATCH 138/145] TMT: Prevent Bats from hanging when tearing down the test suite The CI needs to be run without 'p11-kit server' because the lingering singleton process causes Bats to hang when tearing down the suite of system tests [1]. To terminate the 'p11-kit server' instance run by the system tests, it needs to be distinguishable from the instance run by 'normal' use of Toolbx by the user. One way to do this is to isolate the host operating system's XDG_RUNTIME_DIR from the system tests. Unfortunately, this is easier said than done [2]. So, this workaround has to suffice until the problem is solved. With the recent expansion of the test suite, it's necessary to increase the timeout to prevent the CI from timing out. [1] https://bats-core.readthedocs.io/en/stable/writing-tests.html [2] https://github.com/containers/toolbox/pull/1652 https://src.fedoraproject.org/rpms/toolbox/pull-request/30 --- tests/main.fmf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/main.fmf b/tests/main.fmf index c489385..77df303 100644 --- a/tests/main.fmf +++ b/tests/main.fmf @@ -6,5 +6,7 @@ require: /rootless: summary: rootless test - test: bash ./rootless-test.sh - duration: 120m + test: | + rpm --erase p11-kit-server + bash ./rootless-test.sh + duration: 150m From db0197b744b08122eb5d9ab457859412c7194377 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 25 Jul 2025 19:26:32 +0000 Subject: [PATCH 139/145] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index f86b99d..0013af4 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -33,7 +33,7 @@ Version: 0.1.2 %endif %endif -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -188,6 +188,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 0.1.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Tue Jun 03 2025 Debarshi Ray - 0.1.2-1 - Update to 0.1.2 From 1ba0b4876e184cae824334c38617553b025a6d7d Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Sat, 9 Aug 2025 12:24:26 +0200 Subject: [PATCH 140/145] Update to 0.2 ... and fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787. The following rpmlint warning was silenced: toolbox.spec: W: no-%check-section The timeout for the CI was increased to prevent it from timing out. The upstream CI runs the test suite in three parallel batches, with each batch having a timeout of 2 hours. The downstream CI doesn't run parallelly, so a timeout of 4 hours was chosen. https://src.fedoraproject.org/rpms/toolbox/pull-request/33 --- .gitignore | 1 + sources | 2 +- tests/main.fmf | 2 +- ...-migration-paths-for-coreos-toolbox-users.patch | 14 +++++++------- toolbox-Make-the-build-flags-match-Fedora.patch | 4 ++-- toolbox-Make-the-build-flags-match-RHEL-10.patch | 4 ++-- toolbox-Make-the-build-flags-match-RHEL-9.patch | 4 ++-- toolbox.rpmlintrc | 1 + toolbox.spec | 10 +++++++--- 9 files changed, 24 insertions(+), 18 deletions(-) create mode 100644 toolbox.rpmlintrc diff --git a/.gitignore b/.gitignore index 4222058..596c5d0 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ /toolbox-0.1.0-vendored.tar.xz /toolbox-0.1.1-vendored.tar.xz /toolbox-0.1.2-vendored.tar.xz +/toolbox-0.2-vendored.tar.xz diff --git a/sources b/sources index fc880e6..c80564e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.1.2-vendored.tar.xz) = 1d1b461b84d0c995c4f793eb154815c1ed68ce3545dfb8e711a0061484efb988e796bca43f7ada3c8d9eb0673c6c1fe9f923226eff6e7bc3de9e4b2e2e44485e +SHA512 (toolbox-0.2-vendored.tar.xz) = 670737a5911d62c0492fcc27cbee51fbfa909ad2f6dbc4ea035048b122857e8c0f37294db0ce29503c7e5c01e12eb90c30f7f6ce7b2e54662f3332c076cd77bd diff --git a/tests/main.fmf b/tests/main.fmf index 77df303..25a6fe7 100644 --- a/tests/main.fmf +++ b/tests/main.fmf @@ -9,4 +9,4 @@ require: test: | rpm --erase p11-kit-server bash ./rootless-test.sh - duration: 150m + duration: 4h diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch index c21625e..9ff5bb8 100644 --- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -1,4 +1,4 @@ -From 401abbfb6f820670bc14ca5c555151a0a657b67b Mon Sep 17 00:00:00 2001 +From b0f4d55b16e59375012ea0ffbfe31086cbef2fef Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 18 Aug 2021 17:55:21 +0200 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST @@ -10,7 +10,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037 1 file changed, 1 insertion(+) diff --git a/src/cmd/run.go b/src/cmd/run.go -index 7094c3a4eec9..f6c7acffe76a 100644 +index 389ea1615234..2e78a3ba3ecd 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go @@ -573,6 +573,7 @@ func constructExecArgs(container, preserveFDs string, @@ -22,10 +22,10 @@ index 7094c3a4eec9..f6c7acffe76a 100644 "--preserve-fds", preserveFDs, }...) -- -2.49.0 +2.50.1 -From a5d5fdfe8539af0a23af5a5503197389a0a4d0dd Mon Sep 17 00:00:00 2001 +From d4e03324f5d263fdb7c9b10270dd7ed251d5aa9e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 13:42:15 +0100 Subject: [PATCH 2/2] test/system: Update to test the migration path for @@ -42,10 +42,10 @@ ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit create mode 100644 test/system/100-root.bats diff --git a/test/system/002-help.bats b/test/system/002-help.bats -index 921c23b51a44..192603d71aba 100644 +index f7cd3f5480ab..7ad5f72e792f 100644 --- a/test/system/002-help.bats +++ b/test/system/002-help.bats -@@ -34,20 +34,6 @@ teardown_file() { +@@ -33,20 +33,6 @@ teardown_file() { cleanup_all } @@ -100,5 +100,5 @@ index 000000000000..cf35d60ac25c + skip "Testing of entering toolboxes is not implemented" +} -- -2.49.0 +2.50.1 diff --git a/toolbox-Make-the-build-flags-match-Fedora.patch b/toolbox-Make-the-build-flags-match-Fedora.patch index 92123b4..f536fde 100644 --- a/toolbox-Make-the-build-flags-match-Fedora.patch +++ b/toolbox-Make-the-build-flags-match-Fedora.patch @@ -1,4 +1,4 @@ -From 767c59c40128dda3d29191be8289ff16af888187 Mon Sep 17 00:00:00 2001 +From 2ad3ed22992dd74c3deb697bdf165bf1e37479ae Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} @@ -58,5 +58,5 @@ index a5a1a6a508fb..5978422e9aed 100755 exit "$?" -- -2.49.0 +2.50.1 diff --git a/toolbox-Make-the-build-flags-match-RHEL-10.patch b/toolbox-Make-the-build-flags-match-RHEL-10.patch index 5677d56..180135c 100644 --- a/toolbox-Make-the-build-flags-match-RHEL-10.patch +++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch @@ -1,4 +1,4 @@ -From 2090a139dc6b9be6d51fbd7875fda06b6502cda0 Mon Sep 17 00:00:00 2001 +From e39af9ab2105d7d7b49b22d22895b3799efee2ef Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags} @@ -67,5 +67,5 @@ index a5a1a6a508fb..5978422e9aed 100755 exit "$?" -- -2.49.0 +2.50.1 diff --git a/toolbox-Make-the-build-flags-match-RHEL-9.patch b/toolbox-Make-the-build-flags-match-RHEL-9.patch index 0804f78..867e860 100644 --- a/toolbox-Make-the-build-flags-match-RHEL-9.patch +++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch @@ -1,4 +1,4 @@ -From 3603ef5eff9615b7df2bf665fd5edc9434d99f6e Mon Sep 17 00:00:00 2001 +From 26bef6542102509a9706bf97122a7ff2130383f8 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags} @@ -46,5 +46,5 @@ index a5a1a6a508fb..0a2c7526f210 100755 exit "$?" -- -2.49.0 +2.50.1 diff --git a/toolbox.rpmlintrc b/toolbox.rpmlintrc new file mode 100644 index 0000000..150b710 --- /dev/null +++ b/toolbox.rpmlintrc @@ -0,0 +1 @@ +addFilter(r'no-%check-section') diff --git a/toolbox.spec b/toolbox.spec index 0013af4..d4d47d5 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.1.2 +Version: 0.2 %global goipath github.com/containers/%{name} @@ -17,7 +17,7 @@ Version: 0.1.2 %endif %endif -%global toolbx_go 1.21 +%global toolbx_go 1.22 %if 0%{?fedora} %global toolbx_go 1.23.9 @@ -33,7 +33,7 @@ Version: 0.1.2 %endif %endif -Release: 2%{?dist} +Release: 1%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -188,6 +188,10 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Sat Aug 09 2025 Debarshi Ray - 0.2-1 +- Update to 0.2 +- Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787 + * Fri Jul 25 2025 Fedora Release Engineering - 0.1.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 94a6775aac40d4a6712e6be9defc3664620c6cff Mon Sep 17 00:00:00 2001 From: Maxwell G Date: Fri, 15 Aug 2025 18:43:04 -0500 Subject: [PATCH 141/145] Rebuild for golang-1.25.0 --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index d4d47d5..7cc0233 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -33,7 +33,7 @@ Version: 0.2 %endif %endif -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -188,6 +188,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Fri Aug 15 2025 Maxwell G - 0.2-2 +- Rebuild for golang-1.25.0 + * Sat Aug 09 2025 Debarshi Ray - 0.2-1 - Update to 0.2 - Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787 From f46fb3ba3ccf7bc8c41e3a88a600a324f98e087a Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 17 Sep 2025 20:22:25 +0200 Subject: [PATCH 142/145] tests: Don't needlessly preserve environment variables in su(1) sessions The TMT namespaced environment variables are not referenced anywhere else and were recently removed from Podman too [1]. It's confusing to have a long list of variables, which are either unused or don't need to be explicitly preserved within the child session started by su(1). ROOTLESS_USER is used when invoking su(1) and there's no need for it within the child session started by su(1). [1] Fedora podman commit b972298be7d228f4 https://src.fedoraproject.org/rpms/podman/c/b972298be7d228f4 https://src.fedoraproject.org/rpms/toolbox/pull-request/36 --- tests/tmt-envvars | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/tmt-envvars b/tests/tmt-envvars index 6b4b747..6f3176e 100644 --- a/tests/tmt-envvars +++ b/tests/tmt-envvars @@ -1,18 +1 @@ -TMT_TREE -TMT_PLAN_DATA -TMT_VERSION -TMT_TEST_NAME -TMT_TEST_DATA -TMT_TEST_SERIAL_NUMBER -TMT_TEST_ITERATION_ID -TMT_TEST_METADATA -TMT_SOURCE_DIR -TMT_REBOOT_COUNT -TMT_TEST_RESTART_COUNT -TMT_TOPOLOGY_BASH -TMT_TOPOLOGY_YAML -TMT_TEST_PIDFILE -TMT_TEST_PIDFILE_LOCK -TMT_TEST_PIDFILE_ROOT -ROOTLESS_USER TMPDIR From a2c786de0b39f6a5c02952a4efb2541626848f46 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 17 Sep 2025 21:41:04 +0200 Subject: [PATCH 143/145] Update to 0.3 ... and update the BuildRequires on golang to reflect reality. https://src.fedoraproject.org/rpms/toolbox/pull-request/39 --- .gitignore | 1 + sources | 2 +- ...dd-migration-paths-for-coreos-toolbox-users.patch | 12 ++++++------ toolbox-Make-the-build-flags-match-Fedora.patch | 4 ++-- toolbox-Make-the-build-flags-match-RHEL-10.patch | 4 ++-- toolbox-Make-the-build-flags-match-RHEL-9.patch | 4 ++-- toolbox.spec | 11 +++++++---- 7 files changed, 21 insertions(+), 17 deletions(-) diff --git a/.gitignore b/.gitignore index 596c5d0..2625054 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,4 @@ /toolbox-0.1.1-vendored.tar.xz /toolbox-0.1.2-vendored.tar.xz /toolbox-0.2-vendored.tar.xz +/toolbox-0.3-vendored.tar.xz diff --git a/sources b/sources index c80564e..f30b3d7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.2-vendored.tar.xz) = 670737a5911d62c0492fcc27cbee51fbfa909ad2f6dbc4ea035048b122857e8c0f37294db0ce29503c7e5c01e12eb90c30f7f6ce7b2e54662f3332c076cd77bd +SHA512 (toolbox-0.3-vendored.tar.xz) = e464aba1c40b37b0ed027a560a0685e5dc8f07684d33d0e2bac5f0ba8c2b2c2a4c585db8847b23bd0753e33d37e3e88c87ab71d3999c3afedf315717f468c0ba diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch index 9ff5bb8..aec1779 100644 --- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -1,4 +1,4 @@ -From b0f4d55b16e59375012ea0ffbfe31086cbef2fef Mon Sep 17 00:00:00 2001 +From 4649e50c28321185cbaa81a37efbd317b84ae840 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 18 Aug 2021 17:55:21 +0200 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST @@ -10,10 +10,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037 1 file changed, 1 insertion(+) diff --git a/src/cmd/run.go b/src/cmd/run.go -index 389ea1615234..2e78a3ba3ecd 100644 +index ceb277a3640a..72b673f506b3 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go -@@ -573,6 +573,7 @@ func constructExecArgs(container, preserveFDs string, +@@ -576,6 +576,7 @@ func constructExecArgs(container, preserveFDs string, execArgs = append(execArgs, envOptions...) execArgs = append(execArgs, []string{ @@ -22,10 +22,10 @@ index 389ea1615234..2e78a3ba3ecd 100644 "--preserve-fds", preserveFDs, }...) -- -2.50.1 +2.51.0 -From d4e03324f5d263fdb7c9b10270dd7ed251d5aa9e Mon Sep 17 00:00:00 2001 +From b2ba8445bee988143d546bc15fa3a8a8c019aa2e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 13:42:15 +0100 Subject: [PATCH 2/2] test/system: Update to test the migration path for @@ -100,5 +100,5 @@ index 000000000000..cf35d60ac25c + skip "Testing of entering toolboxes is not implemented" +} -- -2.50.1 +2.51.0 diff --git a/toolbox-Make-the-build-flags-match-Fedora.patch b/toolbox-Make-the-build-flags-match-Fedora.patch index f536fde..5ee5fd4 100644 --- a/toolbox-Make-the-build-flags-match-Fedora.patch +++ b/toolbox-Make-the-build-flags-match-Fedora.patch @@ -1,4 +1,4 @@ -From 2ad3ed22992dd74c3deb697bdf165bf1e37479ae Mon Sep 17 00:00:00 2001 +From a1bb7d53fab70899c991feb9276cf93a12280750 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} @@ -58,5 +58,5 @@ index a5a1a6a508fb..5978422e9aed 100755 exit "$?" -- -2.50.1 +2.51.0 diff --git a/toolbox-Make-the-build-flags-match-RHEL-10.patch b/toolbox-Make-the-build-flags-match-RHEL-10.patch index 180135c..9528088 100644 --- a/toolbox-Make-the-build-flags-match-RHEL-10.patch +++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch @@ -1,4 +1,4 @@ -From e39af9ab2105d7d7b49b22d22895b3799efee2ef Mon Sep 17 00:00:00 2001 +From f79f96fb8f3ec528952b9719f356e871837987df Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags} @@ -67,5 +67,5 @@ index a5a1a6a508fb..5978422e9aed 100755 exit "$?" -- -2.50.1 +2.51.0 diff --git a/toolbox-Make-the-build-flags-match-RHEL-9.patch b/toolbox-Make-the-build-flags-match-RHEL-9.patch index 867e860..492268a 100644 --- a/toolbox-Make-the-build-flags-match-RHEL-9.patch +++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch @@ -1,4 +1,4 @@ -From 26bef6542102509a9706bf97122a7ff2130383f8 Mon Sep 17 00:00:00 2001 +From 2d1b4b2492c65abd0d0bf0c71c971f550447412d Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags} @@ -46,5 +46,5 @@ index a5a1a6a508fb..0a2c7526f210 100755 exit "$?" -- -2.50.1 +2.51.0 diff --git a/toolbox.spec b/toolbox.spec index 7cc0233..3047f84 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.2 +Version: 0.3 %global goipath github.com/containers/%{name} @@ -20,7 +20,7 @@ Version: 0.2 %global toolbx_go 1.22 %if 0%{?fedora} -%global toolbx_go 1.23.9 +%global toolbx_go 1.24.7 %endif %if 0%{?rhel} @@ -29,11 +29,11 @@ Version: 0.2 %elif 0%{?rhel} == 10 %global toolbx_go 1.22.5 %elif 0%{?rhel} > 10 -%global toolbx_go 1.24.3 +%global toolbx_go 1.24.4 %endif %endif -Release: 2%{?dist} +Release: 1%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -188,6 +188,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Wed Sep 17 2025 Debarshi Ray - 0.3-1 +- Update to 0.3 + * Fri Aug 15 2025 Maxwell G - 0.2-2 - Rebuild for golang-1.25.0 From 0f5c4c381d56b5b82af89d5248f372c6f33c0e82 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Tue, 7 Oct 2025 15:13:09 +0200 Subject: [PATCH 144/145] Unify the build with RHEL 9 There's no need to do a build just for this. --- toolbox.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/toolbox.spec b/toolbox.spec index 3047f84..abb4f57 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,5 +1,14 @@ %global __brp_check_rpaths %{nil} +%if 0%{?rhel} +%if 0%{?rhel} <= 9 +%{!?bash_completions_dir: %global bash_completions_dir %{_datadir}/bash-completion/completions} +%{!?fish_completions_dir: %global fish_completions_dir %{_datadir}/fish/vendor_completions.d} +%{!?zsh_completions_dir: %global zsh_completions_dir %{_datadir}/zsh/site-functions} +%endif +%endif + + Name: toolbox Version: 0.3 From edd229876930a9907c6b9cda6246640647dc2f39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= Date: Fri, 10 Oct 2025 15:13:52 +0200 Subject: [PATCH 145/145] rebuild --- toolbox.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/toolbox.spec b/toolbox.spec index abb4f57..09e3785 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -42,7 +42,7 @@ Version: 0.3 %endif %endif -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tool for interactive command line environments on Linux License: Apache-2.0 @@ -197,6 +197,9 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Fri Oct 10 2025 Alejandro Sáez - 0.3-2 +- rebuild + * Wed Sep 17 2025 Debarshi Ray - 0.3-1 - Update to 0.3