Fix ELN build

Otherwise, it fails with: Processing files: toolbox-debugsource-0.0.99.6-5.eln143.x86_64 RPM build errors: error: Empty %files file /builddir/build/BUILD/toolbox-0.0.99.6-build/toolbox-0.0.99.6/debugsourcefiles.list Empty %files file /builddir/build/BUILD/toolbox-0.0.99.6-build/toolbox-0.0.99.6/debugsourcefiles.list Child return code was: 1 https://src.fedoraproject.org/rpms/toolbox/pull-request/23
Don't use slirp4netns(1) in tests to work around bug in pasta(1)
2024-10-22 21:27:35 +02:00 · 2024-10-22 21:27:27 +02:00 · 2024-10-22 21:27:17 +02:00 · 2024-10-22 21:26:04 +02:00 · 2024-10-22 21:26:04 +02:00 · 2024-10-22 21:26:04 +02:00
17 changed files with 523 additions and 276 deletions
--- a/.gitignore
+++ b/.gitignore
@ -31,3 +31,4 @@
 /toolbox-0.0.99.3-vendor.tar.xz
 /toolbox-0.0.99.4-vendored.tar.xz
 /toolbox-0.0.99.5-vendored.tar.xz
+/toolbox-0.0.99.6-vendored.tar.xz
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -4,7 +4,11 @@
 ---

 annocheck:
-    - hardened: --ignore-unknown --verbose --skip-run-path
+    extra_opts:
+        hardened: --skip-run-path --skip-stack-prot
+
+elf:
+    exclude_path: /usr/bin/toolbox

 runpath:
    allowed_paths:
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (toolbox-0.0.99.5-vendored.tar.xz) = d82666e9abcbac2d01de440dfb8d57801bb97ec0854a9859c64689c47c6a1344b846fb151ffa9371d0a9a2c85c8f61c96cf8f546449ec63c9a44d85ef328b745
+SHA512 (toolbox-0.0.99.6-vendored.tar.xz) = 9ecec200069e8e2536e5ece43d411f9025dba6f60573e7939a0fc26deef29f0297d405a44fd409e978879b0579ab0a79ace97228a199584854c638213fa219d7
--- a/tests/roles/run_bats_tests/tasks/main.yml
+++ b/tests/roles/run_bats_tests/tasks/main.yml
@ -4,7 +4,7 @@
  copy: dest=/tmp/test.log content='' force=yes mode=0666

 - name: execute tests
-  include: run_one_test.yml
+  include_tasks: run_one_test.yml
  with_items: "{{ tests }}"
  loop_control:
    loop_var: test
--- a/tests/roles/run_bats_tests/tasks/run_one_test.yml
+++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml
@ -15,7 +15,7 @@
    local_environment:
      TEST_NAME:    "{{ test.name }}"
      TEST_PACKAGE: "{{ test.package }}"
-      TEST_ENV:     "{{ test.environment }}"
+      TMPDIR:       "/var/tmp"

 - name: "{{ test.name }} | setup/teardown helper | see if exists"
  local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh
@ -31,7 +31,7 @@
    chdir: /usr/share/{{ test.package }}/test/system
  become: "{{ true if test.become is defined else false }}"
  become_user: testuser
-  environment: "{{ local_environment | combine(test.environment) }}"
+  environment: "{{ local_environment }}"

 - name: "{{ test.name }} | pull logs"
  fetch:
--- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
+++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
@ -1,4 +1,4 @@
-From d461caa5b1a278124d039df93140d2d5bf4eabe7 Mon Sep 17 00:00:00 2001
+From c25ad44b7cb50d470b1533931b7808cc194f0d50 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Wed, 18 Aug 2021 17:55:21 +0200
 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST
@ -10,10 +10,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037
 1 file changed, 1 insertion(+)

 diff --git a/src/cmd/run.go b/src/cmd/run.go
-index 7657ffa50821..23d422623b14 100644
+index 719c0d6abb20..92a097283f38 100644
 --- a/src/cmd/run.go
 +++ b/src/cmd/run.go
-@@ -501,6 +501,7 @@ func constructExecArgs(container, preserveFDs string,
+@@ -566,6 +566,7 @@ func constructExecArgs(container, preserveFDs string,
 	execArgs = append(execArgs, envOptions...)
 
 	execArgs = append(execArgs, []string{
@ -22,10 +22,10 @@ index 7657ffa50821..23d422623b14 100644
 		"--preserve-fds", preserveFDs,
 	}...)
 -- 
-2.39.2
+2.46.1


-From 3c2c67752e8f88f72058799cbce3612fc937b230 Mon Sep 17 00:00:00 2001
+From e7877a4d1d38dc35aa6da6c012ec9a23397b7aa4 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Fri, 10 Dec 2021 13:42:15 +0100
 Subject: [PATCH 2/2] test/system: Update to test the migration path for
@ -36,36 +36,39 @@ This reverts the changes to the tests made in commit
 ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit
 3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed.
 ---
- test/system/002-help.bats | 11 -----------
+ test/system/002-help.bats | 14 --------------
 test/system/100-root.bats | 27 +++++++++++++++++++++++++++
- 2 files changed, 27 insertions(+), 11 deletions(-)
+ 2 files changed, 27 insertions(+), 14 deletions(-)
 create mode 100644 test/system/100-root.bats

 diff --git a/test/system/002-help.bats b/test/system/002-help.bats
-index 7e4565e9d23d..58a4c2c87ece 100644
+index a8bfbc2c79d2..5dd14025ea0b 100644
 --- a/test/system/002-help.bats
 +++ b/test/system/002-help.bats
-@@ -23,17 +23,6 @@ setup() {
-   _setup_environment
+@@ -33,20 +33,6 @@ teardown() {
+   cleanup_all
 }
 
-@test "help: Try to run toolbox with no command" {
-  run $TOOLBOX
+-@test "help: Smoke test" {
+-  run --keep-empty-lines --separate-stderr "$TOOLBX"
 -
 -  assert_failure
+-  assert [ ${#lines[@]} -eq 0 ]
+-  lines=("${stderr_lines[@]}")
 -  assert_line --index 0 "Error: missing command"
-  assert_line --index 1 "create    Create a new toolbox container"
-  assert_line --index 2 "enter     Enter an existing toolbox container"
-  assert_line --index 3 "list      List all existing toolbox containers and images"
-  assert_line --index 4 "Run 'toolbox --help' for usage."
+-  assert_line --index 2 "create    Create a new Toolbx container"
+-  assert_line --index 3 "enter     Enter an existing Toolbx container"
+-  assert_line --index 4 "list      List all existing Toolbx containers and images"
+-  assert_line --index 6 "Run 'toolbox --help' for usage."
+-  assert [ ${#stderr_lines[@]} -eq 7 ]
 -}
 -
- @test "help: Run command 'help'" {
+ @test "help: Command 'help'" {
   if ! command -v man 2>/dev/null; then
-     skip "Test works only if man is in PATH"
+     skip "not found man(1)"
 diff --git a/test/system/100-root.bats b/test/system/100-root.bats
 new file mode 100644
-index 000000000000..32d87904213e
+index 000000000000..cf35d60ac25c
 --- /dev/null
 +++ b/test/system/100-root.bats
@@ -0,0 +1,27 @@
@ -77,15 +80,15 @@ index 000000000000..32d87904213e
 +
 +setup() {
 +  _setup_environment
-+  cleanup_containers
+  cleanup_all
 +}
 +
 +teardown() {
-+  cleanup_containers
+  cleanup_all
 +}
 +
 +@test "root: Try to enter the default container with no containers created" {
-+  run $TOOLBOX <<< "n"
+  run "$TOOLBX" <<< "n"
 +
 +  assert_success
 +  assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command."
@ -97,5 +100,5 @@ index 000000000000..32d87904213e
 +  skip "Testing of entering toolboxes is not implemented"
 +}
 -- 
-2.39.2
+2.46.1

--- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
@ -1,54 +0,0 @@
-From 4f8b443ab925c84d059d894ddcfcf4dcf66a747e Mon Sep 17 00:00:00 2001
-From: Debarshi Ray <rishi@fedoraproject.org>
-Date: Mon, 29 Jun 2020 17:57:47 +0200
-Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
- for PPC64
-
-The Go toolchain also doesn't like the LDFLAGS environment variable as
-exported by Fedora's %{meson} RPM macro.
-
-Note that these flags are only meant for the "ppc64" CPU architecture,
-and should be kept updated to match Fedora's Go guidelines. Use
-'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
- src/go-build-wrapper | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/src/go-build-wrapper b/src/go-build-wrapper
-index c572d6dfb02b..cae2de426a96 100755
--- a/src/go-build-wrapper
-+++ b/src/go-build-wrapper
-@@ -33,9 +33,9 @@ if ! cd "$1"; then
-     exit 1
- fi
- 
-tags=""
-+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
- if $7; then
-    tags="-tags migration_path_for_coreos_toolbox"
-+    tags="$tags,migration_path_for_coreos_toolbox"
- fi
- 
- if ! libc_dir=$("$5" --print-file-name=libc.so); then
-@@ -70,11 +70,16 @@ fi
- 
- dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
- 
-+unset LDFLAGS
-+
- # shellcheck disable=SC2086
- go build \
-+        -compiler gc \
-         $tags \
-        -trimpath \
-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
-+        -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
-+        -a \
-+        -v \
-+        -x \
-         -o "$2/$3"
- 
- exit "$?"
-- 
-2.43.0
-
--- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
@ -1,54 +0,0 @@
-From 3175ef2fab1f61f5784361070ac338dabda3c04e Mon Sep 17 00:00:00 2001
-From: Debarshi Ray <rishi@fedoraproject.org>
-Date: Mon, 29 Jun 2020 17:57:47 +0200
-Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
-
-The Go toolchain doesn't like the LDFLAGS environment variable as
-exported by Fedora's %{meson} RPM macro.
-
-Note that these flags are meant for every CPU architecture other than
-PPC64, and should be kept updated to match Fedora's Go guidelines. Use
-'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
- src/go-build-wrapper | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/src/go-build-wrapper b/src/go-build-wrapper
-index c572d6dfb02b..0e6a2efa6853 100755
--- a/src/go-build-wrapper
-+++ b/src/go-build-wrapper
-@@ -33,9 +33,9 @@ if ! cd "$1"; then
-     exit 1
- fi
- 
-tags=""
-+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
- if $7; then
-    tags="-tags migration_path_for_coreos_toolbox"
-+    tags="$tags,migration_path_for_coreos_toolbox"
- fi
- 
- if ! libc_dir=$("$5" --print-file-name=libc.so); then
-@@ -70,11 +70,17 @@ fi
- 
- dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
- 
-+unset LDFLAGS
-+
- # shellcheck disable=SC2086
- go build \
-+        -buildmode pie \
-+        -compiler gc \
-         $tags \
-        -trimpath \
-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
-+        -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
-+        -a \
-+        -v \
-+        -x \
-         -o "$2/$3"
- 
- exit "$?"
-- 
-2.43.0
-
--- a/toolbox-Make-the-build-flags-match-Fedora.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora.patch
@ -0,0 +1,47 @@
+From 7dc70160c8ff531473004e879dd57ec303789d71 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Mon, 29 Jun 2020 17:57:47 +0200
+Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
+
+Note that these flags are meant for every CPU architecture other than
+PPC64, and should be kept updated to match Fedora's Go guidelines. Use
+'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
+---
+ src/go-build-wrapper | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/go-build-wrapper b/src/go-build-wrapper
+index a5a1a6a508fb..5978422e9aed 100755
+--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
+@@ -33,9 +33,9 @@ if ! cd "$1"; then
+     exit 1
+ fi
+ 
+-tags=""
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}"
+ if $7; then
+-    tags="-tags migration_path_for_coreos_toolbox"
+    tags="$tags,migration_path_for_coreos_toolbox"
+ fi
+ 
+ if ! libc_dir=$("$5" --print-file-name=libc.so); then
+@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
+ 
+ # shellcheck disable=SC2086
+ go build \
+        -buildmode pie \
+        -compiler gc \
+         $tags \
+         -trimpath \
+-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -a \
+        -v \
+        -x \
+         -o "$2/$3"
+ 
+ exit "$?"
+-- 
+2.46.1
+
--- a/toolbox-Make-the-build-flags-match-RHEL-10.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch
@ -0,0 +1,71 @@
+From f08f64c0d5f2019055381c3c00426fe8545e5e31 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Mon, 29 Jun 2020 17:57:47 +0200
+Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags}
+
+These reflect the defaults for RHEL 10.0 Beta, because RHEL 10.0 is
+still early in its development cycle and the defaults may be in a state
+of flux.  Some exceptions are mentioned below.
+
+The '-z pack-relative-relocs' linker flag was left out.  It's currently
+not supported on s390x, so using it would require architecture specific
+patches, which is a hassle.  Support for aarch64 was recently added [1],
+so hopefully s390x will also be supported soon.
+
+The change to use the RPM's %{name}, %{version}, %{release} and the
+SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to
+generate the build ID annotation for the toolbox(1) binary [2] was left
+out.  It will need more work to propagate the RPM's %{name}, %{version}
+and %{release} to Meson.
+
+Note that these flags are meant for every CPU architecture other than
+PPC64, and should be kept updated to match RHEL 10's Go guidelines. Use
+'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
+
+[1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b
+    https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b
+    https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42
+    https://issues.redhat.com/browse/RHEL-40379
+
+[2] go-rpm-macros commit 1980932bf3a21890
+    https://pagure.io/go-rpm-macros/c/1980932bf3a21890
+    https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds
+---
+ src/go-build-wrapper | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/go-build-wrapper b/src/go-build-wrapper
+index a5a1a6a508fb..5978422e9aed 100755
+--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
+@@ -33,9 +33,9 @@ if ! cd "$1"; then
+     exit 1
+ fi
+ 
+-tags=""
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}"
+ if $7; then
+-    tags="-tags migration_path_for_coreos_toolbox"
+    tags="$tags,migration_path_for_coreos_toolbox"
+ fi
+ 
+ if ! libc_dir=$("$5" --print-file-name=libc.so); then
+@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
+ 
+ # shellcheck disable=SC2086
+ go build \
+        -buildmode pie \
+        -compiler gc \
+         $tags \
+         -trimpath \
+-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -a \
+        -v \
+        -x \
+         -o "$2/$3"
+ 
+ exit "$?"
+-- 
+2.46.1
+
--- a/toolbox-Make-the-build-flags-match-RHEL-9.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch
@ -0,0 +1,50 @@
+From ff1320fa869f1e4952836436ab2ad928cbba0987 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Mon, 29 Jun 2020 17:57:47 +0200
+Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags}
+
+These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early
+in its development cycle and the defaults may be in a state of flux.
+
+Note that these flags are meant for every CPU architecture other than
+PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use
+'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
+---
+ src/go-build-wrapper | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/go-build-wrapper b/src/go-build-wrapper
+index a5a1a6a508fb..0a2c7526f210 100755
+--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
+@@ -33,9 +33,9 @@ if ! cd "$1"; then
+     exit 1
+ fi
+ 
+-tags=""
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl"
+ if $7; then
+-    tags="-tags migration_path_for_coreos_toolbox"
+    tags="$tags,migration_path_for_coreos_toolbox"
+ fi
+ 
+ if ! libc_dir=$("$5" --print-file-name=libc.so); then
+@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
+ 
+ # shellcheck disable=SC2086
+ go build \
+        -buildmode pie \
+        -compiler gc \
+         $tags \
+         -trimpath \
+-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -a \
+        -v \
+        -x \
+         -o "$2/$3"
+ 
+ exit "$?"
+-- 
+2.46.1
+
--- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
@ -1,55 +0,0 @@
-From 973600219168f3c4efeb627c103085555327eaa5 Mon Sep 17 00:00:00 2001
-From: Debarshi Ray <rishi@fedoraproject.org>
-Date: Mon, 29 Jun 2020 17:57:47 +0200
-Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} for
- PPC64
-
-The Go toolchain also doesn't like the LDFLAGS environment variable as
-exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
-like the compressed DWARF data generated by the Go toolchain.
-
-Note that these flags are only meant for the "ppc64" CPU architecture,
-and should be kept updated to match RHEL's Go guidelines. Use
-'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
- src/go-build-wrapper | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/src/go-build-wrapper b/src/go-build-wrapper
-index c572d6dfb02b..86f174716608 100755
--- a/src/go-build-wrapper
-+++ b/src/go-build-wrapper
-@@ -33,9 +33,9 @@ if ! cd "$1"; then
-     exit 1
- fi
- 
-tags=""
-+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
- if $7; then
-    tags="-tags migration_path_for_coreos_toolbox"
-+    tags="$tags,migration_path_for_coreos_toolbox"
- fi
- 
- if ! libc_dir=$("$5" --print-file-name=libc.so); then
-@@ -70,11 +70,16 @@ fi
- 
- dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
- 
-+unset LDFLAGS
-+
- # shellcheck disable=SC2086
- go build \
-+        -compiler gc \
-         $tags \
-        -trimpath \
-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
-+        -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
-+        -a \
-+        -v \
-+        -x \
-         -o "$2/$3"
- 
- exit "$?"
-- 
-2.39.2
-
--- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
@ -1,55 +0,0 @@
-From aeaa8cd30a8c5ad33ee1fe6b9e84ecbb28f7264c Mon Sep 17 00:00:00 2001
-From: Debarshi Ray <rishi@fedoraproject.org>
-Date: Mon, 29 Jun 2020 17:57:47 +0200
-Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags}
-
-The Go toolchain doesn't like the LDFLAGS environment variable as
-exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
-like the compressed DWARF data generated by the Go toolchain.
-
-Note that these flags are meant for every CPU architecture other than
-PPC64, and should be kept updated to match RHEL's Go guidelines. Use
-'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
- src/go-build-wrapper | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/src/go-build-wrapper b/src/go-build-wrapper
-index c572d6dfb02b..d39764fda0c1 100755
--- a/src/go-build-wrapper
-+++ b/src/go-build-wrapper
-@@ -33,9 +33,9 @@ if ! cd "$1"; then
-     exit 1
- fi
- 
-tags=""
-+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
- if $7; then
-    tags="-tags migration_path_for_coreos_toolbox"
-+    tags="$tags,migration_path_for_coreos_toolbox"
- fi
- 
- if ! libc_dir=$("$5" --print-file-name=libc.so); then
-@@ -70,11 +70,17 @@ fi
- 
- dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
- 
-+unset LDFLAGS
-+
- # shellcheck disable=SC2086
- go build \
-+        -buildmode pie \
-+        -compiler gc \
-         $tags \
-        -trimpath \
-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
-+        -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
-+        -a \
-+        -v \
-+        -x \
-         -o "$2/$3"
- 
- exit "$?"
-- 
-2.39.2
-
--- a/toolbox-Revert-Work-around-bug-in-past.patch
+++ b/toolbox-Revert-Work-around-bug-in-past.patch
@ -0,0 +1,81 @@
+From ed14cd483ae45c5f4cf5596b11c384f4b42bb53b Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Fri, 4 Oct 2024 22:09:03 +0200
+Subject: [PATCH] Revert "playbooks, test/system: Work around bug in pasta(1)
+ networks"
+
+The bug in pasta(1) that necessitated this workaround has since been
+fixed in passt 2024_05_10.7288448 [1].  Some host operating systems like
+CentOS Stream 10 no longer have slirp4netns(1), and it's generally
+better to test the defaults.
+
+This reverts commit b58f9a51088afbfc22edb0b25776cfa2c4d8cc40.
+
+[1] https://github.com/containers/podman/issues/22575
+    https://archives.passt.top/passt-dev/20240508090338.2735208-1-sbrivio@redhat.com/
+    https://archives.passt.top/passt-user/20240510225714.6aa8e6c0@elisabeth/
+
+https://github.com/containers/toolbox/pull/1562
+---
+ playbooks/dependencies-centos-9-stream.yaml | 3 +--
+ playbooks/dependencies-fedora.yaml          | 3 +--
+ test/system/libs/helpers.bash               | 1 -
+ 3 files changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml
+index 5c1194c03583..d058d314b7b3 100644
+--- a/playbooks/dependencies-centos-9-stream.yaml
+++ b/playbooks/dependencies-centos-9-stream.yaml
+@@ -13,7 +13,6 @@
+       - podman
+       - shadow-utils-subid-devel
+       - skopeo
+-      - slirp4netns
+       - systemd
+       - udisks2
+ 
+@@ -55,7 +54,7 @@
+     chdir: '{{ zuul.project.src_dir }}'
+ 
+ - name: Check versions of crucial packages
+-  command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns
+  command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
+ 
+ - name: Show podman versions
+   command: podman version
+diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml
+index ea605135a4c2..8007ce958ddb 100644
+--- a/playbooks/dependencies-fedora.yaml
+++ b/playbooks/dependencies-fedora.yaml
+@@ -35,7 +35,6 @@
+       - podman
+       - shadow-utils-subid-devel
+       - skopeo
+-      - slirp4netns
+       - systemd
+       - udisks2
+     use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}"
+@@ -56,7 +55,7 @@
+     chdir: '{{ zuul.project.src_dir }}'
+ 
+ - name: Check versions of crucial packages
+-  command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns
+  command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
+ 
+ - name: Show podman versions
+   command: podman version
+diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash
+index dfd6236c2943..2d05641f5d0a 100644
+--- a/test/system/libs/helpers.bash
+++ b/test/system/libs/helpers.bash
+@@ -195,7 +195,6 @@ function _setup_docker_registry() {
+     --env REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
+     --env REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
+     --name "${DOCKER_REG_NAME}" \
+-    --network slirp4netns \
+     --privileged \
+     --publish 50000:5000 \
+     --rm \
+-- 
+2.46.1
+
--- a/toolbox-Unbreak-downstream-Fedora-CI.patch
+++ b/toolbox-Unbreak-downstream-Fedora-CI.patch
@ -0,0 +1,104 @@
+From 1e90c721858b3119702b93445f535f9c23af88e6 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Wed, 2 Oct 2024 22:43:37 +0200
+Subject: [PATCH] test/system: Unbreak the downstream Fedora CI
+
+The working directory from which bats(1) is invoked might not be part of
+the Toolbx container.  eg., the downstream Fedora CI invokes the tests
+as:
+  $ cd /path/to/toolbox/test/system
+  $ bats .
+
+... and it led to:
+  not ok 8 help: Try unknown command (forwarded to host)
+  # tags: commands-options
+  # (from function `assert_line' in file
+      ./libs/bats-assert/src/assert.bash, line 488,
+  #  in test file ./002-help.bats, line 135)
+  #   `assert_line --index 0
+        "Error: unknown command \"foo\" for \"toolbox\""' failed
+  #
+  # -- line differs --
+  # index    : 0
+  # expected : Error: unknown command "foo" for "toolbox"
+  # actual   : Error: crun: chdir to `/usr/share/toolbox/test/system`:
+      No such file or directory: OCI runtime attempted to invoke a
+      command that was not found
+  # --
+  #
+
+https://github.com/containers/toolbox/pull/1560
+---
+ test/system/002-help.bats   | 2 ++
+ test/system/501-create.bats | 2 ++
+ test/system/504-run.bats    | 2 ++
+ test/system/505-enter.bats  | 2 ++
+ 4 files changed, 8 insertions(+)
+
+diff --git a/test/system/002-help.bats b/test/system/002-help.bats
+index 57e918a04d22..a8bfbc2c79d2 100644
+--- a/test/system/002-help.bats
+++ b/test/system/002-help.bats
+@@ -25,9 +25,11 @@ setup() {
+   bats_require_minimum_version 1.10.0
+   _setup_environment
+   cleanup_all
+  pushd "$HOME" || return 1
+ }
+ 
+ teardown() {
+  popd || return 1
+   cleanup_all
+ }
+ 
+diff --git a/test/system/501-create.bats b/test/system/501-create.bats
+index 3f50f98e6bf3..cfb676b7001b 100644
+--- a/test/system/501-create.bats
+++ b/test/system/501-create.bats
+@@ -25,9 +25,11 @@ setup() {
+   bats_require_minimum_version 1.8.0
+   _setup_environment
+   cleanup_all
+  pushd "$HOME" || return 1
+ }
+ 
+ teardown() {
+  popd || return 1
+   cleanup_all
+ }
+ 
+diff --git a/test/system/504-run.bats b/test/system/504-run.bats
+index cc5f6fa8bb09..6ee3e86af1ff 100644
+--- a/test/system/504-run.bats
+++ b/test/system/504-run.bats
+@@ -25,9 +25,11 @@ setup() {
+   bats_require_minimum_version 1.8.0
+   _setup_environment
+   cleanup_all
+  pushd "$HOME" || return 1
+ }
+ 
+ teardown() {
+  popd || return 1
+   cleanup_all
+ }
+ 
+diff --git a/test/system/505-enter.bats b/test/system/505-enter.bats
+index 405d184f145e..57e58651623d 100644
+--- a/test/system/505-enter.bats
+++ b/test/system/505-enter.bats
+@@ -25,9 +25,11 @@ setup() {
+   bats_require_minimum_version 1.8.0
+   _setup_environment
+   cleanup_all
+  pushd "$HOME" || return 1
+ }
+ 
+ teardown() {
+  popd || return 1
+   cleanup_all
+ }
+ 
+-- 
+2.46.1
+
--- a/toolbox-Update-fallback-release-to-40-for-non-fedo.patch
+++ b/toolbox-Update-fallback-release-to-40-for-non-fedo.patch
@ -0,0 +1,30 @@
+From b524f4cebd8c65746089f898e14a99c7cfded306 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Thu, 3 Oct 2024 22:08:04 +0200
+Subject: [PATCH] pkg/utils: Update fallback release to 40 for non-fedora hosts
+
+Fedora 38 reached End of Life on 21st May 2024:
+https://docs.fedoraproject.org/en-US/releases/eol/
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2316312
+https://github.com/containers/toolbox/pull/1561
+---
+ src/pkg/utils/utils.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go
+index eefcd1eeb2cc..37a49fedf772 100644
+--- a/src/pkg/utils/utils.go
+++ b/src/pkg/utils/utils.go
+@@ -64,7 +64,7 @@ const (
+ 	containerNamePrefixFallback = "fedora-toolbox"
+ 	distroFallback              = "fedora"
+ 	idTruncLength               = 12
+-	releaseFallback             = "38"
+	releaseFallback             = "40"
+ )
+ 
+ const (
+-- 
+2.46.1
+
--- a/toolbox.spec
+++ b/toolbox.spec
@ -1,7 +1,7 @@
 %global __brp_check_rpaths %{nil}

 Name:          toolbox
-Version:       0.0.99.5
+Version:       0.0.99.6

 %global goipath github.com/containers/%{name}

@ -17,7 +17,23 @@ Version:       0.0.99.5
 %endif
 %endif

-Release:       1%{?dist}
+%global toolbx_go 1.20
+
+%if 0%{?fedora}
+%global toolbx_go 1.20
+%endif
+
+%if 0%{?rhel}
+%if 0%{?rhel} == 9
+%global toolbx_go 1.22.5
+%elif 0%{?rhel} == 10
+%global toolbx_go 1.22.5
+%elif 0%{?rhel} > 10
+%global toolbx_go 1.23.1
+%endif
+%endif
+
+Release:       5%{?dist}
 Summary:       Tool for interactive command line environments on Linux

 License:       ASL 2.0
@ -27,18 +43,22 @@ Source0:       https://github.com/containers/%{name}/releases/download/%{version
 # RHEL specific
 Source1:       %{name}.conf

+# Upstream
+Patch0:        toolbox-Unbreak-downstream-Fedora-CI.patch
+Patch1:        toolbox-Update-fallback-release-to-40-for-non-fedo.patch
+Patch2:        toolbox-Revert-Work-around-bug-in-past.patch
+
 # Fedora specific
-Patch100:      toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
-Patch101:      toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
+Patch100:      toolbox-Make-the-build-flags-match-Fedora.patch

 # RHEL specific
-Patch200:      toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
-Patch201:      toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
+Patch200:      toolbox-Make-the-build-flags-match-RHEL-9.patch
+Patch201:      toolbox-Make-the-build-flags-match-RHEL-10.patch
 Patch202:      toolbox-Add-migration-paths-for-coreos-toolbox-users.patch

 BuildRequires: gcc
 BuildRequires: go-md2man
-BuildRequires: golang >= 1.20
+BuildRequires: golang >= %{toolbx_go}
 BuildRequires: meson >= 0.58.0
 BuildRequires: pkgconfig(bash-completion)
 BuildRequires: shadow-utils-subid-devel
@ -46,29 +66,35 @@ BuildRequires: systemd
 BuildRequires: systemd-rpm-macros
 %if ! 0%{?rhel}
 BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1
+BuildRequires: golang-ipath(github.com/NVIDIA/go-nvlib) >= 0.6.1
+BuildRequires: golang-ipath(github.com/NVIDIA/go-nvml) >= 0.12.4.0
+BuildRequires: golang-ipath(github.com/NVIDIA/nvidia-container-toolkit) >= 1.16.1
 BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0
-BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0
+BuildRequires: golang(github.com/briandowns/spinner) >= 1.18.0
 BuildRequires: golang(github.com/docker/go-units) >= 0.5.0
-BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1
+BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.7.0
+BuildRequires: golang(github.com/go-logfmt/logfmt) >= 0.5.0
 BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6
-BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1
+BuildRequires: golang(github.com/google/renameio/v2) >= 2.0.0
+BuildRequires: golang(github.com/sirupsen/logrus) >= 1.9.3
 BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0
 BuildRequires: golang(github.com/spf13/viper) >= 1.10.1
-BuildRequires: golang(golang.org/x/sys/unix) >= 0.1.0
+BuildRequires: golang-ipath(golang.org/x/sys) >= 0.22.0
 BuildRequires: golang(golang.org/x/text) >= 0.3.8
-BuildRequires: golang(gopkg.in/yaml.v3) >= 3.0.0
+BuildRequires: golang-ipath(gopkg.in/yaml.v3) >= 3.0.1
+BuildRequires: golang-ipath(tags.cncf.io/container-device-interface) >= 0.8.0
 BuildRequires: pkgconfig(fish)
 # for tests
 # BuildRequires: codespell
-# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0
+# BuildRequires: golang(github.com/stretchr/testify) >= 1.9.0
 # BuildRequires: ShellCheck
 %endif

 Recommends:    skopeo
-Recommends:    subscription-manager

 Requires:      containers-common
 Requires:      podman >= 1.6.4
+Requires:      shadow-utils-subid%{?_isa}
 %if ! 0%{?rhel}
 Requires:      flatpak-session-helper
 %endif
@ -76,9 +102,9 @@ Requires:      flatpak-session-helper

 %description
 Toolbx is a tool for Linux, which allows the use of interactive command line
-environments for development and troubleshooting the host operating system,
-without having to install software on the host. It is built on top of Podman
-and other standard container technologies from OCI.
+environments for software development and troubleshooting the host operating
+system, without having to install software on the host. It is built on top of
+Podman and other standard container technologies from OCI.

 Toolbx environments have seamless access to the user's home directory, the
 Wayland and X11 sockets, networking (including Avahi), removable devices (like
@ -167,13 +193,17 @@ Summary:       Tests for %{name}

 Requires:      %{name}%{?_isa} = %{version}-%{release}
 Requires:      coreutils
+Requires:      diffutils
+# for gdbus(1)
+Requires:      glib2
 Requires:      grep
-# for htpasswd
+# for htpasswd(1)
 Requires:      httpd-tools
 Requires:      openssl
+Requires:      python3
 Requires:      skopeo
 %if ! 0%{?rhel}
-Requires:      bats >= 1.7.0
+Requires:      bats >= 1.10.0
 %endif

 %description   tests
@ -182,24 +212,25 @@ The %{name}-tests package contains system tests for %{name}.

 %prep
 %setup -q
+%patch -P0 -p1
+%patch -P1 -p1
+%patch -P2 -p1

 %if 0%{?fedora}
-%ifnarch ppc64
-%patch100 -p1
-%else
-%patch101 -p1
-%endif
+%patch -P100 -p1
 %endif

 %if 0%{?rhel}
-%ifnarch ppc64
-%patch200 -p1
-%else
-%patch201 -p1
+%if 0%{?rhel} == 9
+%patch -P200 -p1
+%endif
+
+%if 0%{?rhel} >= 10
+%patch -P201 -p1
 %endif

 %if 0%{?rhel} <= 9
-%patch202 -p1
+%patch -P202 -p1
 %endif
 %endif

@ -240,7 +271,7 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf


 %files
-%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md
+%doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md
 %license COPYING %{?rhel:src/vendor/modules.txt}
 %{_bindir}/%{name}
 %{_datadir}/bash-completion
@ -266,6 +297,49 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf


 %changelog
+* Mon Oct 07 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-5
+- Don't use slirp4netns(1) in tests to work around bug in pasta(1)
+
+* Fri Oct 04 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-4
+- Use the fedora-toolbox:40 image for Fedora Asahi Remix hosts
+
+* Thu Oct 03 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-3
+- Unbreak the downstream Fedora CI
+
+* Wed Oct 02 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-2
+- Silence 'rpminspect --tests=elf'
+
+* Mon Sep 30 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-1
+- Update to 0.0.99.6
+
+* Wed Jul 31 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-10
+- Avoid running out of storage space when running the tests
+
+* Fri Jul 26 2024 Adam Williamson <awilliam@redhat.com> - 0.0.99.5-9
+- Fix CI test (hopefully)
+
+* Thu Jul 11 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-8
+- Silence 'rpminspect --tests=stack-prot'
+
+* Thu Jul 11 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-7
+- Silence 'rpminspect --tests=annocheck' (part 2)
+
+* Tue Mar 26 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-6
+- Specify the golang versions for RHEL 9 and 10
+
+* Tue Mar 05 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-5
+- Conditionalize the BuildRequires on golang
+
+* Tue Feb 27 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-4
+- Unbreak Podman's downstream Fedora CI (part 2)
+- Backport some new upstream tests
+
+* Tue Feb 13 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-3
+- Unbreak Podman's downstream Fedora CI
+
+* Thu Jan 11 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-2
+- Drop 'Recommends: subscription-manager'
+
 * Tue Dec 19 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-1
 - Update to 0.0.99.5
Author	SHA1	Message	Date
Yaakov Selkowitz	50858dfbf5	Fix ELN build Otherwise, it fails with: Processing files: toolbox-debugsource-0.0.99.6-5.eln143.x86_64 RPM build errors: error: Empty %files file /builddir/build/BUILD/toolbox-0.0.99.6-build/toolbox-0.0.99.6/debugsourcefiles.list Empty %files file /builddir/build/BUILD/toolbox-0.0.99.6-build/toolbox-0.0.99.6/debugsourcefiles.list Child return code was: 1 https://src.fedoraproject.org/rpms/toolbox/pull-request/23	2024-10-22 21:27:35 +02:00
Debarshi Ray	396be8f547	Don't use slirp4netns(1) in tests to work around bug in pasta(1)	2024-10-22 21:27:27 +02:00
Debarshi Ray	af6c86de0c	Unify the build with RHEL There's no need to do a build just for this.	2024-10-22 21:27:17 +02:00
Debarshi Ray	3c6dbed514	Unify the build with RHEL There's no need to do a build just for this.	2024-10-22 21:26:04 +02:00
Debarshi Ray	7b9d1c3589	Unify the build with RHEL 9 There's no need to do a build just for this.	2024-10-22 21:26:04 +02:00
Debarshi Ray	bb820b3e3e	Add 'Requires: shadow-utils-subid%{?_isa}' The runtime dependency on shadow-utils-subid should have already been part of commit `95d6ea8689` to ensure that Toolbx >= 0.0.99.4 would be able to dlopen(3) the library. It only worked in practice because the podman RPM also required it. There's no need to do a build just for this.	2024-10-22 21:26:04 +02:00
Debarshi Ray	cce7fffd94	Use the fedora-toolbox:40 image for Fedora Asahi Remix hosts https://bugzilla.redhat.com/show_bug.cgi?id=2316312	2024-10-22 21:26:04 +02:00
Debarshi Ray	27959e473a	Unbreak the downstream Fedora CI Fallout from `2c1d60d335`	2024-10-22 21:26:04 +02:00
Debarshi Ray	d12a223099	Remove deprecated %patchN syntax There's no need to do a build just for this. Relates: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/5YUJWTUJK4JA26YP2VD46HOCQ6UZXMQD/	2024-10-22 21:25:09 +02:00
Debarshi Ray	cc9fa7c9d6	Silence 'rpminspect --tests=elf' With Toolbx 0.0.99.6, 'rpminspect --tests=elf', run by the Fedora CI, fails with: /usr/bin/toolbox lost full GNU_RELRO security protection This is because from version 0.0.99.6 onwards, toolbox(1) is only built with the '-z relro' linker flag, but not '-z now' [1]. Fallout from `2c1d60d335` [1] Upstream commit 83f28c52e47c2d44 `83f28c52e4` https://github.com/containers/toolbox/pull/1548	2024-10-22 21:13:28 +02:00
Debarshi Ray	2c1d60d335	Update to 0.0.99.6 Start using the golang-ipath(...) virtual Provides for BuildRequires because they use the top-level import paths and are closer to what is listed in the upstream go.mod. The golang(...) virtual Provides mention each individual Go package within a Go module, and bigger modules can have several packages in them. It is noisy and tedious to keep up with the list of packages that are currently in use, by looking at all the Go source files, and then to list them as BuildRequires. Update the compiler and linker flags for Fedora by incorporating some of the changes to the distribution's defaults up to Fedora 39, which is the oldest supported Fedora. Switch to using the GO_BUILDTAGS and GO_LDFLAGS environment variables, because their unprefixed counterparts have been deprecated [1], and start annotating the toolbox(1) binary with an ELF note that identifies the RPM for which it was built [2]. However, the change to use the RPM's %{name}, %{version}, %{release} and the SOURCE_DATE_EPOCH environment variable [3], instead of /dev/urandom, to generate the build ID annotation for the toolbox(1) binary [4] was left out. It will need more work to propagate the RPM's %{name}, %{version} and %{release} to Meson. Stop carrying the downstream patch for the compiler and linker flags for PPC64. The architecture was already discontinued from Fedora 29 [5], even before the patch was added [6]. It was added purely for the sake of completeness, and in the last four years since it was introduced, it hasn't been tested or used. At this point it's becoming too much of a maintenance burden, and removing it silences the %ifarch-applied-patch warning from rpmlint. Fill in some of the missing Requires for the toolbox-tests sub-package. [1] go-rpm-macros commit bc7e5cc55c4709e8 https://pagure.io/go-rpm-macros/c/bc7e5cc55c4709e8 [2] Fedora redhat-rpm-config commit 57edf0cad7b089ed https://src.fedoraproject.org/rpms/redhat-rpm-config/c/57edf0cad7b089ed https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects [3] https://reproducible-builds.org/docs/source-date-epoch/ [4] go-rpm-macros commit 1980932bf3a21890 https://pagure.io/go-rpm-macros/c/1980932bf3a21890 https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds [5] https://fedoraproject.org/wiki/Changes/DiscontinuePPC64 [6] Commit `ba60453d21` https://src.fedoraproject.org/rpms/toolbox/pull-request/22	2024-09-30 20:44:35 +02:00
Debarshi Ray	894d0b7b6d	Unify the build with RHEL There's no need to do a build just for this.	2024-09-30 20:33:24 +02:00
Debarshi Ray	8a767d27ae	tests: Silence deprecation warning Otherwise, Ansible in Fedora CI would complain: # STDERR: ---v---v---v---v---v--- [DEPRECATION WARNING]: "include" is deprecated, use include_tasks/import_tasks instead. See https://docs.ansible.com/ansible-core/2.14/user_guide/playbooks_reuse_includes.html for details. This feature will be removed in version 2.16. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. https://src.fedoraproject.org/rpms/toolbox/pull-request/21	2024-09-30 20:33:01 +02:00
Adam Williamson	8d5ce9d5d3	tests: Avoid running out of storage space Toolbx's system tests download several images when setting up the test suite, and cache them for later use by the tests [1]. This saves time and avoids hitting rate limits imposed by OCI registries by not downloading the same images repeatedly for several tests, but at the cost of increased use of storage space to cache the images. The images are cached under BATS_TMPDIR. It defaults to the TMPDIR environment variable, and if that's not set then to /tmp [2]. Normally, TMPDIR isn't set, and the images end up getting cached under /tmp. Now, /tmp is typically on tmpfs backed by RAM or swap, which means that it should be used for smaller size-bounded files only, and /var/tmp should be used for everything else [3]. The images are big enough that a collection of them can't be described as smaller and size-bounded, and it led to: 1..306 # test suite: Set up # test suite: Tear down not ok 1 setup_suite # (from function `setup_suite' in test file ./setup_suite.bash, line 55) # `_pull_and_cache_distro_image fedora "$((system_version-1))" \|\| false' failed # Failed to cache image registry.fedoraproject.org/fedora-toolbox:40 to /tmp/bats-run-IPz4Cn/image-cache/fedora-toolbox-40 # time="2024-02-19T11:41:43Z" level=fatal msg="copying system image from manifest list: writing blob: write /tmp/bats-run-IPz4Cn/image-cache/fedora-toolbox-40/dir-put-blob607392514: no space left on device" # bats warning: Executed 1 instead of expected 306 tests So, change the default location of the BATS_TMPDIR environment variable to /var/tmp by setting TMPDIR. [1] Toolbx commit 50683c9d9a78adc9 `50683c9d9a` https://github.com/containers/toolbox/pull/375 [2] https://bats-core.readthedocs.io/en/stable/writing-tests.html [3] https://systemd.io/TEMPORARY_DIRECTORIES/ https://src.fedoraproject.org/rpms/toolbox/pull-request/20 Signed-off-by: Adam Williamson <awilliam@redhat.com>	2024-09-30 20:31:39 +02:00
Adam Williamson	7745c27d4c	tests: Don't use undefined variable The test.environment variable was removed from the variables defined in tests.yml in commit `1b207227f3`, but it's still used, which causes Ansible to break: The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'environment'. 'dict object' has no attribute 'environment' https://src.fedoraproject.org/rpms/toolbox/pull-request/19	2024-09-30 20:29:52 +02:00
Debarshi Ray	cf17ca0efd	Silence 'rpminspect --tests=stack-prot' The stack-prot test [1] currently fails with: Hardened: /usr/bin/toolbox: FAIL: stack-prot test because stack protection not enabled (lto:_cgo_6f668e16310a_Cfunc_mygetgrnam_r) According to the documentation [1], the test is supposed to pass if the C compiler is GCC and it was used with the -fstack-protector-strong option. That's definitely the case, since Fedora uses GCC by default, and its default build flags (including %optflags) include -fstack-protector-strong. There's also no function called mygetgrnam() in neither Toolbx nor its chain of dependencies. Therefore, temporarily disable the stack-prot test to prevent the Fedora CI from failing. [1] https://sourceware.org/annobin/annobin.html/Test-stack-prot.html	2024-09-30 20:27:32 +02:00
Debarshi Ray	caf8efb8ce	Silence 'rpminspect --tests=annocheck' (part 2) In recent times, 'rpminspect --tests=annocheck', run by the Fedora CI, has been failing because of the intentional DT_RPATH or DT_RUNPATH value of /run/host%{_libdir} that's present in %{_bindir}/toolbox [1]. It's not clear if they started failing again only recently due to changes in rpminspect(1), or if the previous attempt at silencing it was broken and never actually worked [2]. [1] Upstream commit 6063eb27b9893994 `6063eb27b9` https://github.com/containers/toolbox/issues/821 [2] Commit `12fabacd03` https://github.com/rpminspect/rpminspect/issues/1296	2024-09-30 20:24:59 +02:00
Debarshi Ray	a51b5aa359	Specify the golang versions for RHEL 9 and 10	2024-09-30 20:22:11 +02:00
Debarshi Ray	fcbff77571	Conditionalize the BuildRequires on golang The OpenSSL FIPS patches in Fedora ELN's golang makes it lag behind its Fedora counterpart at times. Spotted by Yaakov Selkowitz. https://src.fedoraproject.org/rpms/toolbox/pull-request/18	2024-09-30 20:19:55 +02:00
Debarshi Ray	feb3e6751a	Unbreak Podman's downstream Fedora CI (part 2) ... and backport some new upstream tests. https://bugzilla.redhat.com/show_bug.cgi?id=2263968	2024-02-27 19:50:32 +01:00
Debarshi Ray	12ec8a43ed	Unbreak Podman's downstream Fedora CI https://bugzilla.redhat.com/show_bug.cgi?id=2263968	2024-02-13 23:04:34 +01:00
Debarshi Ray	84a9060eb0	Drop 'Recommends: subscription-manager' ... because subscription-manager requires python3-dnf, which contains %{_bindir}/dnf-3 and %{_bindir}/dnf4 [1]. This is a problem on Fedora Silverblue, because they shouldn't be present on OSTree based variants of Fedora. This reverts parts of commit `6682165143`. [1] https://github.com/fedora-silverblue/issue-tracker/issues/521	2024-01-11 19:06:36 +01:00