rebuild

Unify the build with RHEL 9
There's no need to do a build just for this.
2025-10-10 15:13:52 +02:00 · 2025-10-07 15:13:09 +02:00 · 2025-09-18 12:24:19 +02:00 · 2025-09-17 20:44:25 +02:00 · 2025-08-15 18:43:04 -05:00 · 2025-08-09 23:29:50 +02:00
24 changed files with 691 additions and 618 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
+1
--- a/.gitignore
+++ b/.gitignore
@ -23,7 +23,17 @@
 /toolbox-0.0.99.tar.xz
 /toolbox-0.0.99.1.tar.xz
 /toolbox-0.0.99.2.tar.xz
+/toolbox-0.0.99.2-1.git9820550c82bb.tar.xz
+/toolbox-0.0.99.2^1.git9820550c82bb.tar.xz
+/toolbox-0.0.99.2^2.git40fbd377ed0b.tar.xz
 /toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz
-/toolbox-0.0.99.2^4.git0bdfa53bb2ce.tar.xz
-/toolbox-0.0.99.2-vendored.tar.xz
 /toolbox-0.0.99.3.tar.xz
+/toolbox-0.0.99.3-vendor.tar.xz
+/toolbox-0.0.99.4-vendored.tar.xz
+/toolbox-0.0.99.5-vendored.tar.xz
+/toolbox-0.0.99.6-vendored.tar.xz
+/toolbox-0.1.0-vendored.tar.xz
+/toolbox-0.1.1-vendored.tar.xz
+/toolbox-0.1.2-vendored.tar.xz
+/toolbox-0.2-vendored.tar.xz
+/toolbox-0.3-vendored.tar.xz
--- a/plans/main.fmf
+++ b/plans/main.fmf
@ -0,0 +1,4 @@
+discover:
+    how: fmf
+execute:
+    how: tmt
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -0,0 +1,16 @@
+# https://github.com/rpminspect/rpminspect/blob/master/data/generic.yaml
+# https://github.com/rpminspect/rpminspect-data-fedora/blob/main/fedora.yaml
+
+---
+
+annocheck:
+    extra_opts:
+        hardened: --skip-run-path --skip-stack-prot
+
+elf:
+    exclude_path: /usr/bin/toolbox
+
+runpath:
+    allowed_paths:
+        - /run/host/usr/lib
+        - /run/host/usr/lib64
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (toolbox-0.0.99.3.tar.xz) = d9e4bd1cc7667b6ecdcf25a2c3ad7d7d67cc997168a41e668c936d2de24db774331a78a1b4a06b63e7cef8e0dc4ac5651591b6d9cec0d8e81be2b2dd64854dca
+SHA512 (toolbox-0.3-vendored.tar.xz) = e464aba1c40b37b0ed027a560a0685e5dc8f07684d33d0e2bac5f0ba8c2b2c2a4c585db8847b23bd0753e33d37e3e88c87ab71d3999c3afedf315717f468c0ba
--- a/tests/main.fmf
+++ b/tests/main.fmf
@ -0,0 +1,12 @@
+environment:
+    ROOTLESS_USER: "fedora"
+    TMPDIR: /var/tmp
+require:
+    - toolbox-tests
+
+/rootless:
+    summary: rootless test
+    test: |
+        rpm --erase p11-kit-server
+        bash ./rootless-test.sh
+    duration: 4h
--- a/tests/roles/nonroot_user/tasks/main.yml
+++ b/tests/roles/nonroot_user/tasks/main.yml
@ -1,7 +0,0 @@
---
- name: create nonroot user
-  user:
-    name: testuser
-    shell: /bin/bash
- name: enable linger
-  command: loginctl enable-linger testuser
--- a/tests/roles/run_bats_tests/files/run_bats_tests.sh
+++ b/tests/roles/run_bats_tests/files/run_bats_tests.sh
@ -1,72 +0,0 @@
-#!/bin/bash
-#
-# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman
-#
-# This is invoked by the 'run_bats_tests' role; we assume that
-# the package foo has a foo-tests subpackage which provides the
-# directory /usr/share/foo/test/system, containing one or more .bats
-# test files.
-#
-
-export PATH=/usr/local/bin:/usr/sbin:/usr/bin
-
-FULL_LOG=/tmp/test.debug.log
-BATS_LOG=/tmp/test.bats.log
-rm -f $FULL_LOG $BATS_LOG
-touch $FULL_LOG $BATS_LOG
-
-exec &> $FULL_LOG
-
-# Log program versions
-echo "Packages:"
-rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests
-
-echo "------------------------------"
-printenv | sort
-
-testdir=/usr/share/${TEST_PACKAGE}/test/system
-
-if ! cd $testdir; then
-    echo "FAIL ${TEST_NAME} : cd $testdir"      >> /tmp/test.log
-    exit 0
-fi
-
-if [ -e /tmp/helper.sh ]; then
-    echo "------------------------------"
-    echo ". /tmp/helper.sh"
-    . /tmp/helper.sh
-fi
-
-if [ "$(type -t setup)" = "function" ]; then
-    echo "------------------------------"
-    echo "\$ setup"
-    setup
-    if [ $? -ne 0 ]; then
-        echo "FAIL ${TEST_NAME} : setup"       >> /tmp/test.log
-        exit 0
-    fi
-fi
-
-echo "------------------------------"
-echo "\$ bats ."
-bats . &> $BATS_LOG
-rc=$?
-
-echo "------------------------------"
-echo "bats completed with status $rc"
-
-status=PASS
-if [ $rc -ne 0 ]; then
-    status=FAIL
-fi
-
-echo "${status} ${TEST_NAME}" >> /tmp/test.log
-
-if [ "$(type -t teardown)" = "function" ]; then
-    echo "------------------------------"
-    echo "\$ teardown"
-    teardown
-fi
-
-# FIXME: for CI purposes, always exit 0. This allows subsequent tests.
-exit 0
--- a/tests/roles/run_bats_tests/tasks/main.yml
+++ b/tests/roles/run_bats_tests/tasks/main.yml
@ -1,37 +0,0 @@
---
-# Create empty results file, world-writable
- name: initialize test.log file
-  copy: dest=/tmp/test.log content='' force=yes mode=0666
-
- name: execute tests
-  include: run_one_test.yml
-  with_items: "{{ tests }}"
-  loop_control:
-    loop_var: test
-
- name: pull test.log results
-  fetch:
-    src: "/tmp/test.log"
-    dest: "{{ artifacts }}/test.log"
-    flat: yes
-
-# Copied from standard-test-basic
- name: check results
-  shell: grep "^FAIL" /tmp/test.log
-  register: test_fails
-  # Never fail at this step. Just store result of tests.
-  failed_when: False
-
- name: preserve results
-  set_fact:
-    role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}"
-    role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}"
-
- name: display results
-  vars:
-    msg: |
-       Tests failed: {{ role_result_failed|d('Undefined') }}
-       Tests msg: {{ role_result_msg|d('None') }}
-  debug:
-    msg: "{{ msg.split('\n') }}"
-  failed_when: "role_result_failed|bool"
--- a/tests/roles/run_bats_tests/tasks/run_one_test.yml
+++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml
@ -1,52 +0,0 @@
---
- name: "{{ test.name }} | install test packages"
-  dnf: name="{{ test.package }}-tests" state=installed
-
- name: "{{ test.name }} | define helper variables"
-  set_fact:
-    test_name_oneword: "{{ test.name | replace(' ','-') }}"
-
-# UGH. This is necessary because our caller sets some environment variables
-# and we need to set a few more based on other caller variables; then we
-# need to combine the two dicts when running the test. This seems to be
-# the only way to do it in ansible.
- name: "{{ test.name }} | define local environment"
-  set_fact:
-    local_environment:
-      TEST_NAME:    "{{ test.name }}"
-      TEST_PACKAGE: "{{ test.package }}"
-      TEST_ENV:     "{{ test.environment }}"
-
- name: "{{ test.name }} | setup/teardown helper | see if exists"
-  local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh
-  register: helper
-
- name: "{{ test.name }} | setup/teardown helper | install"
-  copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh
-  when: helper.stat.exists
-
- name: "{{ test.name }} | run test"
-  script: ./run_bats_tests.sh
-  args:
-    chdir: /usr/share/{{ test.package }}/test/system
-  become: "{{ true if test.become is defined else false }}"
-  become_user: testuser
-  environment: "{{ local_environment | combine(test.environment) }}"
-
- name: "{{ test.name }} | pull logs"
-  fetch:
-    src: "/tmp/test.{{ item }}.log"
-    dest: "{{ artifacts }}/test.{{ test_name_oneword }}.{{ item }}.log"
-    flat: yes
-  with_items:
-    - bats
-    - debug
-
- name: "{{ test.name }} | remove remote logs and helpers"
-  file:
-    dest=/tmp/{{ item }}
-    state=absent
-  with_items:
-    - test.bats.log
-    - test.debug.log
-    - helper.sh
--- a/tests/rootless-test.sh
+++ b/tests/rootless-test.sh
@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+uname -r
+
+loginctl enable-linger "$ROOTLESS_USER"
+
+rpm -q containers-common-extra podman toolbox
+
+su --whitelist-environment=$(cat ./tmt-envvars | tr '\n' ',') - "$ROOTLESS_USER" -c "whoami && cd /usr/share/toolbox/test/system && bats ."
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,15 +0,0 @@
---
- hosts: localhost
-  tags:  classic
-  vars:
-  - artifacts: ./artifacts
-  roles:
-  - role: nonroot_user
-  - role: run_bats_tests
-    tests:
-    - name:    toolbox
-      package: toolbox
-      environment:
-        PODMAN: /usr/bin/podman
-      become:  true
-      
--- a/tests/tmt-envvars
+++ b/tests/tmt-envvars
@ -0,0 +1 @@
+TMPDIR
--- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
+++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
@ -0,0 +1,104 @@
+From 4649e50c28321185cbaa81a37efbd317b84ae840 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Wed, 18 Aug 2021 17:55:21 +0200
+Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST
+ environment variable
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1940037
+---
+ src/cmd/run.go | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/cmd/run.go b/src/cmd/run.go
+index ceb277a3640a..72b673f506b3 100644
+--- a/src/cmd/run.go
+++ b/src/cmd/run.go
+@@ -576,6 +576,7 @@ func constructExecArgs(container, preserveFDs string,
+ 	execArgs = append(execArgs, envOptions...)
+ 
+ 	execArgs = append(execArgs, []string{
+		"--env", "HOST=/run/host",
+ 		"--interactive",
+ 		"--preserve-fds", preserveFDs,
+ 	}...)
+-- 
+2.51.0
+
+
+From b2ba8445bee988143d546bc15fa3a8a8c019aa2e Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Fri, 10 Dec 2021 13:42:15 +0100
+Subject: [PATCH 2/2] test/system: Update to test the migration path for
+ coreos/toolbox users
+
+This reverts the changes to the tests made in commit
+411147988b730dabf8b9e761a5426e12d648f008 by restoring commit
+ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit
+3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed.
+---
+ test/system/002-help.bats | 14 --------------
+ test/system/100-root.bats | 27 +++++++++++++++++++++++++++
+ 2 files changed, 27 insertions(+), 14 deletions(-)
+ create mode 100644 test/system/100-root.bats
+
+diff --git a/test/system/002-help.bats b/test/system/002-help.bats
+index f7cd3f5480ab..7ad5f72e792f 100644
+--- a/test/system/002-help.bats
+++ b/test/system/002-help.bats
+@@ -33,20 +33,6 @@ teardown_file() {
+   cleanup_all
+ }
+ 
+-@test "help: Smoke test" {
+-  run --keep-empty-lines --separate-stderr "$TOOLBX"
+-
+-  assert_failure
+-  assert [ ${#lines[@]} -eq 0 ]
+-  lines=("${stderr_lines[@]}")
+-  assert_line --index 0 "Error: missing command"
+-  assert_line --index 2 "create    Create a new Toolbx container"
+-  assert_line --index 3 "enter     Enter an existing Toolbx container"
+-  assert_line --index 4 "list      List all existing Toolbx containers and images"
+-  assert_line --index 6 "Run 'toolbox --help' for usage."
+-  assert [ ${#stderr_lines[@]} -eq 7 ]
+-}
+-
+ @test "help: Command 'help'" {
+   if ! command -v man 2>/dev/null; then
+     skip "not found man(1)"
+diff --git a/test/system/100-root.bats b/test/system/100-root.bats
+new file mode 100644
+index 000000000000..cf35d60ac25c
+--- /dev/null
+++ b/test/system/100-root.bats
+@@ -0,0 +1,27 @@
+#!/usr/bin/env bats
+
+load 'libs/bats-support/load'
+load 'libs/bats-assert/load'
+load 'libs/helpers'
+
+setup() {
+  _setup_environment
+  cleanup_all
+}
+
+teardown() {
+  cleanup_all
+}
+
+@test "root: Try to enter the default container with no containers created" {
+  run "$TOOLBX" <<< "n"
+
+  assert_success
+  assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command."
+  assert_line --index 1 "Run 'toolbox --help' for usage."
+}
+
+# TODO: Write the test
+@test "root: Enter the default container when 1 non-default container is present" {
+  skip "Testing of entering toolboxes is not implemented"
+}
+-- 
+2.51.0
+
--- a/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch
+++ b/toolbox-Don-t-use-Go-s-semantic-import-versioning.patch
@ -1,72 +0,0 @@
-From 40fbd377ed0b94060ae5fb2a60289500b66486dc Mon Sep 17 00:00:00 2001
-From: Oliver Gutierrez <ogutsua@gmail.com>
-Date: Thu, 29 Jul 2021 14:12:41 +0100
-Subject: [PATCH] Don't use Go's semantic import versioning
-
-Fedora doesn't support Go modules when building Go programs. This
-means that source code using semantic import versioning can't be built.
-
---
- src/cmd/create.go      | 2 +-
- src/go.mod             | 2 +-
- src/go.sum             | 4 ++--
- src/pkg/utils/utils.go | 2 +-
- 4 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/src/cmd/create.go b/src/cmd/create.go
-index 8b31365..502f691 100644
--- a/src/cmd/create.go
-+++ b/src/cmd/create.go
-@@ -28,7 +28,7 @@ import (
- 	"github.com/containers/toolbox/pkg/podman"
- 	"github.com/containers/toolbox/pkg/shell"
- 	"github.com/containers/toolbox/pkg/utils"
-	"github.com/godbus/dbus/v5"
-+	"github.com/godbus/dbus"
- 	"github.com/sirupsen/logrus"
- 	"github.com/spf13/cobra"
- 	"golang.org/x/crypto/ssh/terminal"
-diff --git a/src/go.mod b/src/go.mod
-index cce3e5a..eb7f70c 100644
--- a/src/go.mod
-+++ b/src/go.mod
-@@ -8,7 +8,7 @@ require (
- 	github.com/briandowns/spinner v1.10.0
- 	github.com/docker/go-units v0.4.0
- 	github.com/fsnotify/fsnotify v1.4.7
-	github.com/godbus/dbus/v5 v5.0.3
-+	github.com/godbus/dbus v4.1.0+incompatible
- 	github.com/mattn/go-isatty v0.0.8
- 	github.com/sirupsen/logrus v1.4.2
- 	github.com/spf13/cobra v0.0.5
-diff --git a/src/go.sum b/src/go.sum
-index fbad155..737f058 100644
--- a/src/go.sum
-+++ b/src/go.sum
-@@ -20,8 +20,8 @@ github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
- github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
- github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
- github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME=
-github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-+github.com/godbus/dbus v4.1.0+incompatible h1:WqqLRTsQic3apZUK9qC5sGNfXthmPXzUZ7nQPrNITa4=
-+github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
- github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
- github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
- github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
-diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go
-index ae7c596..4d1556a 100644
--- a/src/pkg/utils/utils.go
-+++ b/src/pkg/utils/utils.go
-@@ -33,7 +33,7 @@ import (
- 	"github.com/acobaugh/osrelease"
- 	"github.com/containers/toolbox/pkg/shell"
- 	"github.com/docker/go-units"
-	"github.com/godbus/dbus/v5"
-+	"github.com/godbus/dbus"
- 	"github.com/sirupsen/logrus"
- 	"github.com/spf13/viper"
- 	"golang.org/x/sys/unix"
-- 
-2.31.1
-
--- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
@ -1,63 +0,0 @@
-From 32aa30a17358598f568991a5375f6182e4135648 Mon Sep 17 00:00:00 2001
-From: Debarshi Ray <rishi@fedoraproject.org>
-Date: Mon, 29 Jun 2020 17:57:47 +0200
-Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} for
- PPC64
-
-The Go toolchain doesn't play well with passing compiler and linker
-flags via environment variables. The linker flags require a second
-level of quoting, which leaves the build system without a quote level
-to assign the flags to an environment variable like GOFLAGS.
-
-This is one reason why Fedora doesn't have a RPM macro with only the
-flags. The %{gobuild} RPM macro includes the entire 'go build ...'
-invocation.
-
-The Go toolchain also doesn't like the LDFLAGS environment variable as
-exported by Fedora's %{meson} RPM macro.
-
-Note that these flags are only meant for the "ppc64" CPU architecture,
-and should be kept updated to match Fedora's Go guidelines. Use
-'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
---
- src/go-build-wrapper | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/src/go-build-wrapper b/src/go-build-wrapper
-index ef4aafc8b024..f8ea8370792c 100755
--- a/src/go-build-wrapper
-+++ b/src/go-build-wrapper
-@@ -32,9 +32,9 @@ if ! cd "$1"; then
-     exit 1
- fi
- 
-tags=""
-+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
- if $6; then
-    tags="-tags migration_path_for_coreos_toolbox"
-+    tags="$tags,migration_path_for_coreos_toolbox"
- fi
- 
- if ! libc_dir=$("$4" --print-file-name=libc.so); then
-@@ -69,11 +69,16 @@ fi
- 
- dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
- 
-+unset LDFLAGS
-+
- # shellcheck disable=SC2086
- go build \
-+        -compiler gc \
-         $tags \
-        -trimpath \
-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
-+        -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
-+        -a \
-+        -v \
-+        -x \
-         -o "$2/toolbox"
- 
- exit "$?"
-- 
-2.31.1
-
--- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
@ -1,63 +0,0 @@
-From 6d913f1fbd6e609957bb01273504b2f479e1b546 Mon Sep 17 00:00:00 2001
-From: Debarshi Ray <rishi@fedoraproject.org>
-Date: Mon, 29 Jun 2020 17:57:47 +0200
-Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild}
-
-The Go toolchain doesn't play well with passing compiler and linker
-flags via environment variables. The linker flags require a second
-level of quoting, which leaves the build system without a quote level
-to assign the flags to an environment variable like GOFLAGS.
-
-This is one reason why Fedora doesn't have a RPM macro with only the
-flags. The %{gobuild} RPM macro includes the entire 'go build ...'
-invocation.
-
-The Go toolchain also doesn't like the LDFLAGS environment variable as
-exported by Fedora's %{meson} RPM macro.
-
-Note that these flags are meant for every CPU architecture other than
-PPC64, and should be kept updated to match Fedora's Go guidelines. Use
-'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
---
- src/go-build-wrapper | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/src/go-build-wrapper b/src/go-build-wrapper
-index ef4aafc8b024..4354beceb215 100755
--- a/src/go-build-wrapper
-+++ b/src/go-build-wrapper
-@@ -32,9 +32,9 @@ if ! cd "$1"; then
-     exit 1
- fi
- 
-tags=""
-+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
- if $6; then
-    tags="-tags migration_path_for_coreos_toolbox"
-+    tags="$tags,migration_path_for_coreos_toolbox"
- fi
- 
- if ! libc_dir=$("$4" --print-file-name=libc.so); then
-@@ -69,11 +69,17 @@ fi
- 
- dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
- 
-+unset LDFLAGS
-+
- # shellcheck disable=SC2086
- go build \
-+        -buildmode pie \
-+        -compiler gc \
-         $tags \
-        -trimpath \
-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
-+        -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
-+        -a \
-+        -v \
-+        -x \
-         -o "$2/toolbox"
- 
- exit "$?"
-- 
-2.31.1
-
--- a/toolbox-Make-the-build-flags-match-Fedora.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora.patch
@ -0,0 +1,62 @@
+From a1bb7d53fab70899c991feb9276cf93a12280750 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Mon, 29 Jun 2020 17:57:47 +0200
+Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
+
+These reflect the defaults for Fedora 39, which is the oldest supported
+Fedora, barring some exceptions mentioned below.
+
+The change to use the RPM's %{name}, %{version}, %{release} and the
+SOURCE_DATE_EPOCH environment variable [1], instead of /dev/urandom, to
+generate the build ID annotation for the toolbox(1) binary [2] was left
+out.  It will need more work to propagate the RPM's %{name}, %{version}
+and %{release} to Meson.
+
+Note that these flags are meant for every CPU architecture other than
+PPC64, and should be kept updated to match Fedora's Go guidelines. Use
+'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
+
+[1] https://reproducible-builds.org/docs/source-date-epoch/
+
+[2] go-rpm-macros commit 1980932bf3a21890
+    https://pagure.io/go-rpm-macros/c/1980932bf3a21890
+    https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds
+---
+ src/go-build-wrapper | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/go-build-wrapper b/src/go-build-wrapper
+index a5a1a6a508fb..5978422e9aed 100755
+--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
+@@ -33,9 +33,9 @@ if ! cd "$1"; then
+     exit 1
+ fi
+ 
+-tags=""
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}"
+ if $7; then
+-    tags="-tags migration_path_for_coreos_toolbox"
+    tags="$tags,migration_path_for_coreos_toolbox"
+ fi
+ 
+ if ! libc_dir=$("$5" --print-file-name=libc.so); then
+@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
+ 
+ # shellcheck disable=SC2086
+ go build \
+        -buildmode pie \
+        -compiler gc \
+         $tags \
+         -trimpath \
+-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -a \
+        -v \
+        -x \
+         -o "$2/$3"
+ 
+ exit "$?"
+-- 
+2.51.0
+
--- a/toolbox-Make-the-build-flags-match-RHEL-10.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch
@ -0,0 +1,71 @@
+From f79f96fb8f3ec528952b9719f356e871837987df Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Mon, 29 Jun 2020 17:57:47 +0200
+Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags}
+
+These reflect the defaults for RHEL 10.0 Beta, because RHEL 10.0 is
+still early in its development cycle and the defaults may be in a state
+of flux.  Some exceptions are mentioned below.
+
+The '-z pack-relative-relocs' linker flag was left out.  It's currently
+not supported on s390x, so using it would require architecture specific
+patches, which is a hassle.  Support for aarch64 was recently added [1],
+so hopefully s390x will also be supported soon.
+
+The change to use the RPM's %{name}, %{version}, %{release} and the
+SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to
+generate the build ID annotation for the toolbox(1) binary [2] was left
+out.  It will need more work to propagate the RPM's %{name}, %{version}
+and %{release} to Meson.
+
+Note that these flags are meant for every CPU architecture other than
+PPC64, and should be kept updated to match RHEL 10's Go guidelines. Use
+'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
+
+[1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b
+    https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b
+    https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42
+    https://issues.redhat.com/browse/RHEL-40379
+
+[2] go-rpm-macros commit 1980932bf3a21890
+    https://pagure.io/go-rpm-macros/c/1980932bf3a21890
+    https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds
+---
+ src/go-build-wrapper | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/go-build-wrapper b/src/go-build-wrapper
+index a5a1a6a508fb..5978422e9aed 100755
+--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
+@@ -33,9 +33,9 @@ if ! cd "$1"; then
+     exit 1
+ fi
+ 
+-tags=""
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}"
+ if $7; then
+-    tags="-tags migration_path_for_coreos_toolbox"
+    tags="$tags,migration_path_for_coreos_toolbox"
+ fi
+ 
+ if ! libc_dir=$("$5" --print-file-name=libc.so); then
+@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
+ 
+ # shellcheck disable=SC2086
+ go build \
+        -buildmode pie \
+        -compiler gc \
+         $tags \
+         -trimpath \
+-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -a \
+        -v \
+        -x \
+         -o "$2/$3"
+ 
+ exit "$?"
+-- 
+2.51.0
+
--- a/toolbox-Make-the-build-flags-match-RHEL-9.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch
@ -0,0 +1,50 @@
+From 2d1b4b2492c65abd0d0bf0c71c971f550447412d Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Mon, 29 Jun 2020 17:57:47 +0200
+Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags}
+
+These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early
+in its development cycle and the defaults may be in a state of flux.
+
+Note that these flags are meant for every CPU architecture other than
+PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use
+'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
+---
+ src/go-build-wrapper | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/go-build-wrapper b/src/go-build-wrapper
+index a5a1a6a508fb..0a2c7526f210 100755
+--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
+@@ -33,9 +33,9 @@ if ! cd "$1"; then
+     exit 1
+ fi
+ 
+-tags=""
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl"
+ if $7; then
+-    tags="-tags migration_path_for_coreos_toolbox"
+    tags="$tags,migration_path_for_coreos_toolbox"
+ fi
+ 
+ if ! libc_dir=$("$5" --print-file-name=libc.so); then
+@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
+ 
+ # shellcheck disable=SC2086
+ go build \
+        -buildmode pie \
+        -compiler gc \
+         $tags \
+         -trimpath \
+-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -a \
+        -v \
+        -x \
+         -o "$2/$3"
+ 
+ exit "$?"
+-- 
+2.51.0
+
--- a/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch
+++ b/toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch
@ -1,95 +0,0 @@
-From e598e2160323b63310ad7b6def723eb1f8767f90 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= <harrymichal@seznam.cz>
-Date: Thu, 11 Nov 2021 18:18:52 +0200
-Subject: [PATCH 02/13] cmd/root: Work around Cobra 1.1.2's handling of usage
- functions
-
-In version 1.1.2 of Cobra has been included a change[0] that changes
-how custom usage functions are handled.
-
-Example of the wrong behaviour:
-$ toolbox --foo
-Error: unknown flag: --foo
-Run 'toolbox --help' for usage.Error: Run 'toolbox --help' for usage.
-
-Desired behaviour:
-$ toolbox --foo
-Error: unknown flag: --foo
-Run 'toolbox --help' for usage.
-
-A workaround is to define a template string for the usage instead. The
-template uses the templating language of Go[1]. See the default
-template string in version 1.2.1[2].
-
-Because the template is set only once, the executableBase needs to be
-set before the template is applied. That required the move of
-setUpGlobals() into init() of the cmd package. This is a better place
-for the function call as init() is called earlier than Execute()[3].
-
-Upstream issue: https://github.com/spf13/cobra/issues/1532
-
-[0] https://github.com/spf13/cobra/pull/1044
-[1] https://pkg.go.dev/text/template
-[2] https://github.com/spf13/cobra/blob/v1.2.1/command.go#L491
-[3] https://golang.org/doc/effective_go#init
-
-https://github.com/containers/toolbox/pull/917
---
- src/cmd/root.go | 20 ++++++++------------
- 1 file changed, 8 insertions(+), 12 deletions(-)
-
-diff --git a/src/cmd/root.go b/src/cmd/root.go
-index eb0622f..ad0753b 100644
--- a/src/cmd/root.go
-+++ b/src/cmd/root.go
-@@ -62,11 +62,6 @@ var (
- )
- 
- func Execute() {
-	if err := setUpGlobals(); err != nil {
-		fmt.Fprintf(os.Stderr, "Error: %s\n", err)
-		os.Exit(1)
-	}
-
- 	if err := rootCmd.Execute(); err != nil {
- 		os.Exit(1)
- 	}
-@@ -75,6 +70,11 @@ func Execute() {
- }
- 
- func init() {
-+	if err := setUpGlobals(); err != nil {
-+		fmt.Fprintf(os.Stderr, "Error: %s\n", err)
-+		os.Exit(1)
-+	}
-+
- 	persistentFlags := rootCmd.PersistentFlags()
- 
- 	persistentFlags.BoolVarP(&rootFlags.assumeYes,
-@@ -96,7 +96,9 @@ func init() {
- 	persistentFlags.CountVarP(&rootFlags.verbose, "verbose", "v", "Set log-level to 'debug'")
- 
- 	rootCmd.SetHelpFunc(rootHelp)
-	rootCmd.SetUsageFunc(rootUsage)
-+
-+	usageTemplate := fmt.Sprintf("Run '%s --help' for usage.", executableBase)
-+	rootCmd.SetUsageTemplate(usageTemplate)
- }
- 
- func preRun(cmd *cobra.Command, args []string) error {
-@@ -188,12 +190,6 @@ func rootRun(cmd *cobra.Command, args []string) error {
- 	return rootRunImpl(cmd, args)
- }
- 
-func rootUsage(cmd *cobra.Command) error {
-	err := fmt.Errorf("Run '%s --help' for usage.", executableBase)
-	fmt.Fprintf(os.Stderr, "%s", err)
-	return err
-}
-
- func migrate() error {
- 	logrus.Debug("Migrating to newer Podman")
- 
-- 
-2.34.1
-
--- a/toolbox.conf
+++ b/toolbox.conf
@ -0,0 +1,17 @@
+[general]
+# Create a toolbox container for a different operating system distro than the
+# host. Cannot be used with 'image'.
+## distro = "fedora"
+
+# Create a toolbox container for a different operating system release than the
+# host. Cannot be used with 'image'.
+## release = "33"
+
+# Change the name of the image used to create the toolbox container. This is
+# useful for creating containers from custom-built images. Cannot be used with
+# 'distro' or 'release'.
+#
+# If the name does not contain a registry, the local image storage will be
+# consulted, and if it's not present there then it will be pulled from a
+# suitable remote registry.
+image = "registry.access.redhat.com/ubi9/toolbox:latest"
--- a/toolbox.rpmlintrc
+++ b/toolbox.rpmlintrc
@ -0,0 +1 @@
+addFilter(r'no-%check-section')
--- a/toolbox.spec
+++ b/toolbox.spec
@ -1,135 +1,122 @@
 %global __brp_check_rpaths %{nil}

+%if 0%{?rhel}
+%if 0%{?rhel} <= 9
+%{!?bash_completions_dir: %global bash_completions_dir %{_datadir}/bash-completion/completions}
+%{!?fish_completions_dir: %global fish_completions_dir %{_datadir}/fish/vendor_completions.d}
+%{!?zsh_completions_dir: %global zsh_completions_dir %{_datadir}/zsh/site-functions}
+%endif
+%endif
+
+
 Name:          toolbox
-Version:       0.0.99.3
+Version:       0.3

 %global goipath github.com/containers/%{name}
+
+%if 0%{?fedora}
+%gometa -f
+%endif
+
+%if 0%{?rhel}
+%if 0%{?rhel} <= 9
 %gometa
+%else
+%gometa -f
+%endif
+%endif
+
+%global toolbx_go 1.22
+
+%if 0%{?fedora}
+%global toolbx_go 1.24.7
+%endif
+
+%if 0%{?rhel}
+%if 0%{?rhel} == 9
+%global toolbx_go 1.22.5
+%elif 0%{?rhel} == 10
+%global toolbx_go 1.22.5
+%elif 0%{?rhel} > 10
+%global toolbx_go 1.24.4
+%endif
+%endif

 Release:       2%{?dist}
-Summary:       Tool for containerized command line environments on Linux
+Summary:       Tool for interactive command line environments on Linux

-License:       ASL 2.0
+License:       Apache-2.0
 URL:           https://containertoolbx.org/
-Source0:       https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz
+Source0:       https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz
+
+# RHEL specific
+Source1:       %{name}.conf

 # Fedora specific
-Patch100:      toolbox-Don-t-use-Go-s-semantic-import-versioning.patch
-Patch101:      toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
-Patch102:      toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
-Patch103:      toolbox-cmd-root-Work-around-Cobra-1.1.2-s-handling-of-usage.patch
+Patch100:      toolbox-Make-the-build-flags-match-Fedora.patch

-BuildRequires: ShellCheck
-BuildRequires: golang >= 1.13
-BuildRequires: golang-github-cpuguy83-md2man
-BuildRequires: golang(github.com/HarryMichal/go-version)
-BuildRequires: golang(github.com/acobaugh/osrelease)
-BuildRequires: golang(github.com/briandowns/spinner) >= 1.10.0
-BuildRequires: golang(github.com/docker/go-units) >= 0.4.0
-BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.4.7
-BuildRequires: golang(github.com/godbus/dbus) >= 5.0.3
-BuildRequires: golang(github.com/mattn/go-isatty) >= 0.0.12
-BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2
-# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0
-BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5
-BuildRequires: golang(golang.org/x/sys/unix)
+# RHEL specific
+Patch200:      toolbox-Make-the-build-flags-match-RHEL-9.patch
+Patch201:      toolbox-Make-the-build-flags-match-RHEL-10.patch
+Patch202:      toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
+
+BuildRequires: gcc
+BuildRequires: go-md2man
+BuildRequires: golang >= %{toolbx_go}
 BuildRequires: meson >= 0.58.0
 BuildRequires: pkgconfig(bash-completion)
+BuildRequires: shadow-utils-subid-devel >= 4.16.0
 BuildRequires: systemd
+BuildRequires: systemd-rpm-macros
+%if ! 0%{?rhel}
+BuildRequires: pkgconfig(fish)
+# for tests
+# BuildRequires: codespell
+# BuildRequires: ShellCheck
+%endif
+
+Recommends:    p11-kit-server
+Recommends:    skopeo
+%if ! 0%{?rhel}
+Recommends:    fuse-overlayfs
+%endif

 Requires:      containers-common
 Requires:      flatpak-session-helper
-Requires:      podman >= 1.4.0
+Requires:      podman >= 1.6.4
+Requires:      shadow-utils-subid%{?_isa} >= 4.16.0


 %description
-Toolbox is a tool for Linux operating systems, which allows the use of
-containerized command line environments. It is built on top of Podman and
-other standard container technologies from OCI.
+Toolbx is a tool for Linux, which allows the use of interactive command line
+environments for software development and troubleshooting the host operating
+system, without having to install software on the host. It is built on top of
+Podman and other standard container technologies from OCI.

-# The list of requires packages for -support and -experience should be in sync with:
-# https://github.com/containers/toolbox/blob/master/images/fedora/f33/extra-packages
-%package       support
-Summary:       Required packages for the container image to support %{name}
-
-# These are really required to make the image work with toolbox
-Requires:      passwd
-Requires:      shadow-utils
-Requires:      util-linux
-Requires:      vte-profile
-
-%description   support
-The %{name}-support package contains all the required packages that are needed
-to be installed in the OCI image to make it work with %{name}.
-
-The %{name}-support package should be typically installed from the Dockerfile
-if the image isn't based on the fedora-toolbox image.
-
-
-%package       experience
-Summary:       Set of packages to enhance the %{name} experience
-
-Requires:      %{name}-support = %{version}-%{release}
-Requires:      bash-completion
-Requires:      bc
-Requires:      bzip2
-Requires:      diffutils
-Requires:      dnf-plugins-core
-Requires:      findutils
-Requires:      flatpak-spawn
-Requires:      fpaste
-Requires:      git
-Requires:      gnupg
-Requires:      gnupg2-smime
-Requires:      gvfs-client
-Requires:      hostname
-Requires:      iproute
-Requires:      iputils
-Requires:      jwhois
-Requires:      keyutils
-Requires:      krb5-libs
-Requires:      less
-Requires:      lsof
-Requires:      man-db
-Requires:      man-pages
-Requires:      mtr
-Requires:      nano-default-editor
-Requires:      nss-mdns
-Requires:      openssh-clients
-Requires:      pigz
-Requires:      procps-ng
-Requires:      rsync
-Requires:      sudo
-Requires:      tcpdump
-Requires:      time
-Requires:      traceroute
-Requires:      tree
-Requires:      unzip
-Requires:      wget
-Requires:      which
-Requires:      words
-Requires:      xorg-x11-xauth
-Requires:      xz
-Requires:      zip
-
-%description   experience
-The %{name}-experience package contains all the packages that should be
-installed in the container to provide the same default experience as working
-on the host.
-
-The %{name}-experience package should be typically installed from the
-Dockerfile if the image isn't based on the fedora-toolbox image.
+Toolbx environments have seamless access to the user's home directory, the
+Wayland and X11 sockets, networking (including Avahi), removable devices (like
+USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
+database, etc..


 %package       tests
 Summary:       Tests for %{name}

 Requires:      %{name}%{?_isa} = %{version}-%{release}
-Requires:      bats
 Requires:      coreutils
-Requires:      gawk
+Requires:      diffutils
+# for gdbus(1)
+Requires:      glib2
 Requires:      grep
+# for htpasswd(1)
+Requires:      httpd-tools
+Requires:      openssl
+Requires:      python3
 Requires:      skopeo
+%if ! 0%{?rhel}
+Requires:      bats >= 1.10.0
+%endif
+

 %description   tests
 The %{name}-tests package contains system tests for %{name}.
@ -137,26 +124,42 @@ The %{name}-tests package contains system tests for %{name}.

 %prep
 %setup -q
-%patch100 -p1

-%ifnarch ppc64
-%patch101 -p1
-%else
-%patch102 -p1
+%if 0%{?fedora}
+%patch -P100 -p1
 %endif

-%patch103 -p1
+%if 0%{?rhel}
+%if 0%{?rhel} == 9
+%patch -P200 -p1
+%endif

-%gomkdir
+%if 0%{?rhel} >= 10
+%patch -P201 -p1
+%endif
+
+%if 0%{?rhel} <= 9
+%patch -P202 -p1
+%endif
+%endif
+
+%gomkdir -s %{_builddir}/%{extractdir}/src -k


 %build
-export GO111MODULE=off
-export GOPATH=%{gobuilddir}:%{gopath}
 export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
-ln -s src/cmd cmd
-ln -s src/pkg pkg
-%meson --buildtype=plain -Dprofile_dir=%{_sysconfdir}/profile.d
+
+%meson \
+%if 0%{?rhel}
+    -Dfish_completions_dir=%{fish_completions_dir} \
+%if 0%{?rhel} <= 9
+    -Dmigration_path_for_coreos_toolbox=true \
+%endif
+%endif
+    -Dprofile_dir=%{_sysconfdir}/profile.d \
+    -Dtmpfiles_dir=%{_tmpfilesdir} \
+    -Dzsh_completions_dir=%{zsh_completions_dir}
+
 %meson_build


@ -167,60 +170,246 @@ ln -s src/pkg pkg
 %install
 %meson_install

+%if 0%{?rhel}
+%if 0%{?rhel} <= 9
+install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
+%endif
+%endif
+

 %files
-%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md
-%license COPYING
+%doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md
+%license COPYING src/vendor/modules.txt
 %{_bindir}/%{name}
-%{_datadir}/bash-completion
 %{_mandir}/man1/%{name}.1*
 %{_mandir}/man1/%{name}-*.1*
+%{_mandir}/man5/%{name}.conf.5*
 %config(noreplace) %{_sysconfdir}/containers/%{name}.conf
 %{_sysconfdir}/profile.d/%{name}.sh
 %{_tmpfilesdir}/%{name}.conf
+%{bash_completions_dir}/%{name}.bash
+%{fish_completions_dir}/%{name}.fish
+%{zsh_completions_dir}/_%{name}

-%files support
-
-%files experience

 %files tests
 %{_datadir}/%{name}


 %changelog
-* Sun Jan 09 2022 Ondřej Míchal <harrymichal@fedoraproject.org> - 0.0.99.3-2
+* Fri Oct 10 2025 Alejandro Sáez <asm@redhat.com> - 0.3-2
+- rebuild
+
+* Wed Sep 17 2025 Debarshi Ray <rishi@fedoraproject.org> - 0.3-1
+- Update to 0.3
+
+* Fri Aug 15 2025 Maxwell G <maxwell@gtmx.me> - 0.2-2
+- Rebuild for golang-1.25.0
+
+* Sat Aug 09 2025 Debarshi Ray <rishi@fedoraproject.org> - 0.2-1
+- Update to 0.2
+- Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787
+
+* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
+* Tue Jun 03 2025 Debarshi Ray <rishi@fedoraproject.org> - 0.1.2-1
+- Update to 0.1.2
+
+* Wed Jan 22 2025 Debarshi Ray <rishi@fedoraproject.org> - 0.1.1-3
+- Use RPM macros for shell completions and clean up directory ownership
+
+* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Mon Nov 04 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.1.1-1
+- Update to 0.1.1
+
+* Tue Oct 22 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.1.0-1
+- Update to 0.1.0
+
+* Wed Oct 16 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-6
+- Recommend fuse-overlayfs because old containers created with it need it
+
+* Mon Oct 07 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-5
+- Don't use slirp4netns(1) in tests to work around bug in pasta(1)
+
+* Fri Oct 04 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-4
+- Use the fedora-toolbox:40 image for Fedora Asahi Remix hosts
+
+* Thu Oct 03 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-3
+- Unbreak the downstream Fedora CI
+
+* Wed Oct 02 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-2
+- Silence 'rpminspect --tests=elf'
+
+* Mon Sep 30 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-1
+- Update to 0.0.99.6
+
+* Thu Sep 12 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-18
+- Rebuild against shadow-utils-subid ABI version 5.0.0
+
+* Thu Aug 08 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-17
+- Ensure slirp4netns(1) is installed
+
+* Wed Jul 31 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-16
+- Avoid running out of storage space when running the tests
+
+* Fri Jul 26 2024 Adam Williamson <awilliam@redhat.com> - 0.0.99.5-15
+- Fix CI test (hopefully)
+
+* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.99.5-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Thu Jul 11 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-13
+- Silence 'rpminspect --tests=stack-prot'
+
+* Thu Jul 11 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-12
+- Silence 'rpminspect --tests=annocheck' (part 2)
+
+* Tue May 07 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-11
+- Unbreak the tests with Podman 5.0
+
+* Tue Mar 26 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-10
+- Specify the golang versions for RHEL 9 and 10
+
+* Tue Mar 05 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-9
+- Conditionalize the BuildRequires on golang
+
+* Tue Feb 27 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-8
+- Unbreak Podman's downstream Fedora CI (part 2)
+- Backport some new upstream tests
+
+* Tue Feb 13 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-7
+- Unbreak Podman's downstream Fedora CI
+- Update the BuildRequires on golang to reflect reality
+
+* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 0.0.99.5-6
+- Rebuild for golang 1.22.0
+
+* Wed Feb 07 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-5
+- Migrate to SPDX license
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.99.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jan 11 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-3
+- Drop 'Recommends: subscription-manager'
+
+* Tue Dec 19 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-2
+- Drop the experience and support subpackages
+
+* Tue Dec 19 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-1
+- Update to 0.0.99.5
+
+* Tue Dec 19 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-10
+- Require openssl(1) for the system tests in the tests subpackage
+
+* Wed Dec 06 2023 Adam Williamson <awilliam@redhat.com> - 0.0.99.4-9
+- tests subpackage: require httpd-tools for htpasswd
+
+* Tue Dec 05 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-8
+- Fix the conditionals for 'if RHEL <= 9'
+
+* Thu Nov 30 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-7
+- Track the active container on Fedora Linux Asahi Remix
+
+* Thu Nov 09 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-6
+- Drop the custom /etc/containers/toolbox.conf from RHEL 10 onwards
+
+* Mon Oct 02 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-5
+- Drop github.com/coreos/toolbox compatibility from RHEL 10 onwards
+
+* Mon Oct 02 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-4
+- Be aware of security hardened mount points
+- Simplify removing the user's password
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.99.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Wed Mar 8 2023 Nieves Montero <nmontero@redhat.com> - 0.0.99.4-2
+- Sprinkle a debug log
+
+* Wed Feb 22 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-1
+- Update to 0.0.99.4
+
+* Wed Feb 22 2023 Martin Jackson <mhjacks@swbell.net> - 0.0.99.3-12
+- Fix the ExclusiveArch
+
+* Tue Feb 21 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-11
+- Add ExclusiveArch to match Podman
+
+* Thu Feb 02 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 0.0.99.3-10
+- Sync packaging changes from CentOS Stream
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.99.3-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Dec 22 2022 Yaakov Selkowitz <yselkowi@redhat.com> - 0.0.99.3-8
+- Use vendored dependencies for RHEL/ELN builds
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.99.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Jul 19 2022 Maxwell G <gotmax@e.email> - 0.0.99.3-6
+- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
+  golang
+
+* Sat Jun 18 2022 Robert-André Mauchin <zebob.m@gmail.com> - 0.0.99.3-5
+- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
+  CVE-2022-29526, CVE-2022-30629
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.99.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Sun Jan 09 2022 Ondřej Míchal <harrymichal@fedoraproject.org> - 0.0.99.3-3
 - Add upstream patch fixing doubled error messages

+* Fri Dec 10 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-2
+- BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging
+  guidelines
+
 * Fri Dec 10 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-1
 - Update to 0.0.99.3
- Update the URL to point to the website

-* Thu Sep 02 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2-7
- Updated vendored sources
+* Mon Oct 25 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.2^3.git075b9a8d2779-9
+- Restore backwards compatibility with existing containers

-* Thu Sep 02 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2-6
- Updated patch for tests fixes required for gating
+* Fri Oct 22 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.2^3.git075b9a8d2779-8
+- Ensure that binaries are run against their build-time ABI

-* Thu Sep 02 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2-5
- Added skopeo as dependency of tests subpackage
+* Mon Sep 13 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2^3.git075b9a8d2779-7
+- Rebuilt for gating tests

-* Thu Sep 02 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2-4
- Added directive to apply patch for checking the XDG_RUNTIME_DIR
+* Thu Sep 09 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2^3.git075b9a8d2779-6
+- Rebuilt for gating tests

-* Wed Sep 01 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2-3
- Reverted sources to 0.0.99.2
- Vendored required bats modules for gating tests
- Added a patch for checking the XDG_RUNTIME_DIR
+* Mon Aug 23 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2^3.git075b9a8d2779-5
+- Version bump to build and check fedora gating after fixing ansible playbooks

-* Thu Aug 26 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2^4.git0bdfa53bb2ce-1
- Updated sources to 0.0.99.2^4.git0bdfa53bb2ce snapshot
- Vendored required bats modules for gating tests
+* Fri Aug 20 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2^3.git075b9a8d2779-4
+- Version bump to build and check fedora gating

-* Thu Aug 26 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2^3.git075b9a8d2779-1
- Updated sources to 0.0.99.2^3.git075b9a8d2779 snapshot
+* Wed Aug 18 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2^3.git075b9a8d2779-3
+- Added Fedora gating

-* Sat Jun 26 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.2-2
- Rebuild for gating checks
+* Wed Aug 18 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.2^3.git075b9a8d2779-2
+- Require containers-common for ownership of %%{_sysconfdir}/containers
+
+* Mon Aug 09 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2^3.git075b9a8d2779-1
+- Updated to 0.0.99.2^3.git075b9a8d2779 snapshot
+
+* Thu Jul 29 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2^2.git40fbd377ed0b-1
+- Updated to 0.0.99.2^2.git40fbd377ed0b snapshot
+
+* Wed Jul 28 2021 Oliver Gutiérrez <ogutierrez@fedoraproject.org> - 0.0.99.2^1.git9820550c82bb-1
+- Updated to 0.00.99.2^1.git9820550c82bb snapshot
+
+* Wed Jul 28 2021 Ondřej Míchal <harrymichal@seznam.cz> - 0.0.99.2-3
+- Update dependencies of -tests subpackage
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.99.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

 * Sat Jun 26 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.2-1
 - Update to 0.0.99.2