podman-2.1.1-0.32.dev.git9f6d6ba.el9

- synchronize with stream-container-tools-rhel8 Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2020-10-29 07:51:51 +01:00 · 2020-10-29 07:51:51 +01:00 · 573f6a54b0
commit 573f6a54b0
parent 93efda4b77
17 changed files with 354 additions and 2107 deletions
--- a/.gitignore
+++ b/.gitignore
--- a/gating.yaml
+++ b/gating.yaml
@ -1,14 +1,7 @@
+# recipients: jnovy, lsm5, santiago
 --- !Policy
 product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_stable
-subject_type: koji_build
+  - rhel-8
+decision_context: osci_compose_gate
 rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
--- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_testing
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/podman.spec
+++ b/podman.spec
@ -1,72 +1,57 @@
-%global with_devel 0
-%global with_bundled 1
-%global with_check 0
-%global with_unit_test 0
-
-%if 0%{?fedora} || 0%{?centos} >= 8 || 0%{?rhel}
-#### DO NOT REMOVE - NEEDED FOR CENTOS
 %global with_debug 1
-%else
-%global with_debug 0
-%endif
+%global with_check 0
+
+%bcond_without varlink
+%global gogenerate go generate

 %if 0%{?with_debug}
 %global _find_debuginfo_dwz_opts %{nil}
 %global _dwz_low_mem_die_limit 0
 %else
-%global debug_package %{nil}
+%global debug_package   %{nil}
 %endif

+%if 0%{?rhel} > 7 && ! 0%{?fedora}
+%define gobuild(o:) \
+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
+%else
 %if ! 0%{?gobuild:1}
 %define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**};
 %endif
-%define gogenerate go generate
+%endif

 %global provider github
 %global provider_tld com
 %global project containers
-%global repo %{name}
-# https://github.com/containers/%%{name}
-%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
-%global git0 https://%{import_path}
-# To build a random user's fork/commit, comment out above line,
-# uncomment below line and replace the placeholders and commit0 below with the right info
-#%%global git0 https://github.com/$GITHUB_USER/$GITHUB_USER_REPO
-%global commit0 d30b4b7aa5076c3192faada7d408f039a40414eb
+%global repo podman
+# https://github.com/containers/libpod
+%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
+%global import_path %{provider_prefix}
+%global git0 https://%{provider}.%{provider_tld}/%{project}/%{repo}
+#%%global branch v2.1.1-rhel
+%global commit0 9f6d6ba0b314d86521b66183c9ce48eaa2da1de2
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
-
-%global repo_plugins dnsname
-# https://github.com/containers/dnsname
-%global import_path_plugins %%{provider}.%{provider_tld}/%{project}/%{repo_plugins}
-%global git_plugins https://%{import_path_plugins}
-%global commit_plugins 8a6a8a4e1e609aaeb1f57f7e7a1c8523cd373040
-%global shortcommit_plugins %(c=%{commit_plugins}; echo ${c:0:7})
-
-# Used for comparing with latest upstream tag
-# to decide whether to autobuild (non-rawhide only)
-%define built_tag v2.1.1
+%global cataver 0.1.5
+%global dnsnamever 1.0.0

 Name: podman
-%if 0%{?fedora}
-Epoch: 2
-%else
-Epoch: 0
-%endif
-Version: 2.2.0
-# RELEASE TAG SHOULD ALWAYS BEGIN WITH A NUMBER
-# N.foo if released, 0.N.foo if unreleased
-# Rawhide almost always ships unreleased builds,
-# so release tag should be of the form 0.N.foo
-Release: 0.31.dev.git%{shortcommit0}%{?dist}
+Version: 2.1.1
+Release: 0.32.dev.git%{shortcommit0}%{?dist}
 Summary: Manage Pods, Containers and Container Images
-License: ASL 2.0
+License: ASL 2.0 and GPLv3+
 URL: https://%{name}.io/
-Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
-Source1: %{git_plugins}/archive/%{commit_plugins}/%{repo_plugins}-%{shortcommit_plugins}.tar.gz
-Provides: %{name}-manpages = %{epoch}:%{version}-%{release}
-Obsoletes: %{name}-manpages < %{epoch}:%{version}-%{release}
-# If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
-BuildRequires: golang
+%if 0%{?branch:1}
+Source0: %{git0}/tarball/%{commit0}/%{branch}-%{shortcommit}.tar.gz
+%else
+Source0: %{git0}/archive/%{commit0}/v%{version}.tar.gz
+%endif
+Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz
+Source2: https://github.com/containers/dnsname/archive/v%{dnsnamever}.tar.gz
+# Build fails with: No matching package to install: 'golang >= 1.12.12-4' on i686
+ExcludeArch: i686
+Provides: %{name}-manpages = %{version}-%{release}
+Obsoletes: %{name}-manpages < %{version}-%{release}
+BuildRequires: golang >= 1.12.12-4
 BuildRequires: glib2-devel
 BuildRequires: glibc-devel
 BuildRequires: glibc-static
@ -77,100 +62,32 @@ BuildRequires: libassuan-devel
 BuildRequires: libgpg-error-devel
 BuildRequires: libseccomp-devel
 BuildRequires: libselinux-devel
+BuildRequires: ostree-devel
 BuildRequires: pkgconfig
 BuildRequires: make
 BuildRequires: systemd
 BuildRequires: systemd-devel
-Requires: containers-common
-Requires: containernetworking-plugins >= 0.8.6-1
+# for catatonit
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: file
+BuildRequires: gcc
+BuildRequires: libtool
+Requires: containers-common >= 0.1.29-3
+Requires: containernetworking-plugins >= 0.8.1-1
 Requires: iptables
 Requires: nftables
-Requires: conmon >= 2:2.0.16-1
-Requires: oci-runtime
-Recommends: %{name}-plugins = %{epoch}:%{version}-%{release}
-Obsoletes: oci-systemd-hook <= 0.2.0-3
-%if 0%{?fedora} && ! 0%{?rhel}
-BuildRequires: btrfs-progs-devel
-%endif
-%if 0%{?fedora} || 0%{?rhel}
-BuildRequires: ostree-devel
-Recommends: fuse-overlayfs >= 0.3-8
-Recommends: crun >= 0.14-2
-%endif
-%if 0%{?fedora} || 0%{?centos} >= 8 || 0%{?rhel}
-Recommends: catatonit
+Obsoletes: oci-systemd-hook < 1
+Requires: libseccomp >= 2.4.1
+Requires: conmon
 Requires: (container-selinux if selinux-policy)
-Recommends: runc
-Recommends: slirp4netns >= 0.3.0-2
-%else
-Requires: catatonit
-Requires: container-selinux
-Requires: runc
-Requires: slirp4netns >= 0.3.0-2
+Requires: slirp4netns >= 0.4.0-1
+Requires: runc >= 1.0.0-57
+Requires: fuse-overlayfs
+%if %{with varlink}
+Requires: libvarlink
 %endif
-
-# vendored libraries
-# awk '{print "Provides: bundled(golang("$1")) = "$2}' go.mod | sort
-Provides: bundled(golang(github.com/BurntSushi/toml)) = v0.3.1
-#Provides: bundled(golang(github.com/blang/semver)) = v3.5.1+incompatible
-#Provides: bundled(golang(github.com/buger/goterm)) = v0.0.0-20181115115552-c206103e1f37
-#Provides: bundled(golang(github.com/checkpoint-restore/go-criu)) = v0.0.0-20190109184317-bdb7599cd87b
-#Provides: bundled(golang(github.com/codahale/hdrhistogram)) = v0.0.0-20161010025455-3a0bb77429bd
-Provides: bundled(golang(github.com/containernetworking/cni)) = v0.8.0
-Provides: bundled(golang(github.com/containernetworking/plugins)) = v0.8.7
-#Provides: bundled(golang(github.com/containers/buildah)) = v1.15.1-0.20200813183340-0a8dc1f8064c
-#Provides: bundled(golang(github.com/containers/common)) = v0.20.3-0.20200827091701-a550d6a98aa3
-#Provides: bundled(golang(github.com/containers/conmon)) = v2.0.20+incompatible
-Provides: bundled(golang(github.com/containers/image/v5)) = v5.5.2
-Provides: bundled(golang(github.com/containers/psgo)) = v1.5.1
-Provides: bundled(golang(github.com/containers/storage)) = v1.23.2
-Provides: bundled(golang(github.com/coreos/go-systemd/v22)) = v22.1.0
-Provides: bundled(golang(github.com/cri-o/ocicni)) = v0.2.0
-Provides: bundled(golang(github.com/cyphar/filepath-securejoin)) = v0.2.2
-Provides: bundled(golang(github.com/davecgh/go-spew)) = v1.1.1
-Provides: bundled(golang(github.com/docker/distribution)) = v2.7.1+incompatible
-#Provides: bundled(golang(github.com/docker/docker)) = v1.4.2-0.20191219165747-a9416c67da9f
-Provides: bundled(golang(github.com/docker/go-connections)) = v0.4.0
-Provides: bundled(golang(github.com/docker/go-units)) = v0.4.0
-Provides: bundled(golang(github.com/fsnotify/fsnotify)) = v1.4.9
-Provides: bundled(golang(github.com/ghodss/yaml)) = v1.0.0
-Provides: bundled(golang(github.com/godbus/dbus/v5)) = v5.0.3
-#Provides: bundled(golang(github.com/google/shlex)) = v0.0.0-20181106134648-c34317bd91bf
-Provides: bundled(golang(github.com/google/uuid)) = v1.1.2
-Provides: bundled(golang(github.com/gorilla/mux)) = v1.7.4
-Provides: bundled(golang(github.com/gorilla/schema)) = v1.2.0
-Provides: bundled(golang(github.com/hashicorp/go-multierror)) = v1.1.0
-Provides: bundled(golang(github.com/hpcloud/tail)) = v1.0.0
-Provides: bundled(golang(github.com/json-iterator/go)) = v1.1.10
-#Provides: bundled(golang(github.com/mrunalp/fileutils)) = v0.0.0-20171103030105-7d4729fb3618
-Provides: bundled(golang(github.com/onsi/ginkgo)) = v1.14.0
-Provides: bundled(golang(github.com/onsi/gomega)) = v1.10.1
-Provides: bundled(golang(github.com/opencontainers/go-digest)) = v1.0.0
-#Provides: bundled(golang(github.com/opencontainers/image-spec)) = v1.0.2-0.20190823105129-775207bd45b6
-#Provides: bundled(golang(github.com/opencontainers/runc)) = v1.0.0-rc91.0.20200708210054-ce54a9d4d79b
-#Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.3-0.20200817204227-f9c09b4ea1df
-Provides: bundled(golang(github.com/opencontainers/runtime-tools)) = v0.9.0
-Provides: bundled(golang(github.com/opencontainers/selinux)) = v1.6.0
-Provides: bundled(golang(github.com/opentracing/opentracing-go)) = v1.2.0
-Provides: bundled(golang(github.com/pkg/errors)) = v0.9.1
-Provides: bundled(golang(github.com/pmezard/go-difflib)) = v1.0.0
-Provides: bundled(golang(github.com/rootless-containers/rootlesskit)) = v0.10.0
-Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.6.0
-Provides: bundled(golang(github.com/spf13/cobra)) = v0.0.7
-Provides: bundled(golang(github.com/spf13/pflag)) = v1.0.5
-Provides: bundled(golang(github.com/stretchr/testify)) = v1.6.1
-#Provides: bundled(golang(github.com/syndtr/gocapability)) = v0.0.0-20180916011248-d98352740cb2
-Provides: bundled(golang(github.com/uber/jaeger-client-go)) = v2.25.0+incompatible
-Provides: bundled(golang(github.com/uber/jaeger-lib)) = v2.2.0+incompatible
-#Provides: bundled(golang(github.com/varlink/go)) = v0.0.0-20190502142041-0f1d566d194b
-Provides: bundled(golang(github.com/vishvananda/netlink)) = v1.1.0
-Provides: bundled(golang(go.etcd.io/bbolt)) = v1.3.5
-#Provides: bundled(golang(golang.org/x/crypto)) = v0.0.0-20200622213623-75b288015ac9
-#Provides: bundled(golang(golang.org/x/net)) = v0.0.0-20200707034311-ab3426394381
-#Provides: bundled(golang(golang.org/x/sync)) = v0.0.0-20200317015054-43a5402ce75a
-#Provides: bundled(golang(golang.org/x/sys)) = v0.0.0-20200728102440-3e129f6d46b1
-Provides: bundled(golang(k8s.io/api)) = v0.18.8
-Provides: bundled(golang(k8s.io/apimachinery)) = v0.19.0
+Requires: %{name}-catatonit >= %{version}-%{release}

 %description
 %{name} (Pod Manager) is a fully featured container engine that is a simple
@ -190,197 +107,15 @@ manipulate images (but not containers) created by the other.
 %package docker
 Summary: Emulate Docker CLI using %{name}
 BuildArch: noarch
-Requires: %{name} = %{epoch}:%{version}-%{release}
-Conflicts: docker
-Conflicts: docker-latest
-Conflicts: docker-ce
-Conflicts: docker-ee
-Conflicts: moby-engine
+Requires: %{name} = %{version}-%{release}
+Provides: docker = %{version}-%{release}

 %description docker
 This package installs a script named docker that emulates the Docker CLI by
 executes %{name} commands, it also creates links between all Docker CLI man
 pages and %{name}.

-%if 0%{?with_devel}
-%package devel
-Summary: Library for applications looking to use Container Pods
-BuildArch: noarch
-Provides: libpod-devel = %{epoch}:%{version}-%{release}
-
-%if 0%{?with_check} && ! 0%{?with_bundled}
-BuildRequires: golang(github.com/BurntSushi/toml)
-BuildRequires: golang(github.com/containerd/cgroups)
-BuildRequires: golang(github.com/containernetworking/plugins/pkg/ns)
-BuildRequires: golang(github.com/containers/image/copy)
-BuildRequires: golang(github.com/containers/image/directory)
-BuildRequires: golang(github.com/containers/image/docker)
-BuildRequires: golang(github.com/containers/image/docker/archive)
-BuildRequires: golang(github.com/containers/image/docker/reference)
-BuildRequires: golang(github.com/containers/image/docker/tarfile)
-BuildRequires: golang(github.com/containers/image/image)
-BuildRequires: golang(github.com/containers/image/oci/archive)
-BuildRequires: golang(github.com/containers/image/pkg/strslice)
-BuildRequires: golang(github.com/containers/image/pkg/sysregistries)
-BuildRequires: golang(github.com/containers/image/signature)
-BuildRequires: golang(github.com/containers/image/storage)
-BuildRequires: golang(github.com/containers/image/tarball)
-BuildRequires: golang(github.com/containers/image/transports/alltransports)
-BuildRequires: golang(github.com/containers/image/types)
-BuildRequires: golang(github.com/containers/storage)
-BuildRequires: golang(github.com/containers/storage/pkg/archive)
-BuildRequires: golang(github.com/containers/storage/pkg/idtools)
-BuildRequires: golang(github.com/containers/storage/pkg/reexec)
-BuildRequires: golang(github.com/coreos/go-systemd/dbus)
-BuildRequires: golang(github.com/cri-o/ocicni/pkg/ocicni)
-BuildRequires: golang(github.com/docker/distribution/reference)
-BuildRequires: golang(github.com/docker/docker/daemon/caps)
-BuildRequires: golang(github.com/docker/docker/pkg/mount)
-BuildRequires: golang(github.com/docker/docker/pkg/namesgenerator)
-BuildRequires: golang(github.com/docker/docker/pkg/stringid)
-BuildRequires: golang(github.com/docker/docker/pkg/system)
-BuildRequires: golang(github.com/docker/docker/pkg/term)
-BuildRequires: golang(github.com/docker/docker/pkg/truncindex)
-BuildRequires: golang(github.com/ghodss/yaml)
-BuildRequires: golang(github.com/godbus/dbus)
-BuildRequires: golang(github.com/mattn/go-sqlite3)
-BuildRequires: golang(github.com/mrunalp/fileutils)
-BuildRequires: golang(github.com/opencontainers/go-digest)
-BuildRequires: golang(github.com/opencontainers/image-spec/specs-go/v1)
-BuildRequires: golang(github.com/opencontainers/runc/libcontainer)
-BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go)
-BuildRequires: golang(github.com/opencontainers/runtime-tools/generate)
-BuildRequires: golang(github.com/opencontainers/selinux/go-selinux)
-BuildRequires: golang(github.com/opencontainers/selinux/go-selinux/label)
-BuildRequires: golang(github.com/pkg/errors)
-BuildRequires: golang(github.com/sirupsen/logrus)
-BuildRequires: golang(github.com/ulule/deepcopier)
-BuildRequires: golang(golang.org/x/crypto/ssh/terminal)
-BuildRequires: golang(golang.org/x/sys/unix)
-BuildRequires: golang(k8s.io/apimachinery/pkg/util/wait)
-BuildRequires: golang(k8s.io/client-go/tools/remotecommand)
-BuildRequires: golang(k8s.io/kubernetes/pkg/kubelet/container)
-%endif
-
-Requires: golang(github.com/BurntSushi/toml)
-Requires: golang(github.com/containerd/cgroups)
-Requires: golang(github.com/containernetworking/plugins/pkg/ns)
-Requires: golang(github.com/containers/image/copy)
-Requires: golang(github.com/containers/image/directory)
-Requires: golang(github.com/containers/image/docker)
-Requires: golang(github.com/containers/image/docker/archive)
-Requires: golang(github.com/containers/image/docker/reference)
-Requires: golang(github.com/containers/image/docker/tarfile)
-Requires: golang(github.com/containers/image/image)
-Requires: golang(github.com/containers/image/oci/archive)
-Requires: golang(github.com/containers/image/pkg/strslice)
-Requires: golang(github.com/containers/image/pkg/sysregistries)
-Requires: golang(github.com/containers/image/signature)
-Requires: golang(github.com/containers/image/storage)
-Requires: golang(github.com/containers/image/tarball)
-Requires: golang(github.com/containers/image/transports/alltransports)
-Requires: golang(github.com/containers/image/types)
-Requires: golang(github.com/containers/storage)
-Requires: golang(github.com/containers/storage/pkg/archive)
-Requires: golang(github.com/containers/storage/pkg/idtools)
-Requires: golang(github.com/containers/storage/pkg/reexec)
-Requires: golang(github.com/coreos/go-systemd/dbus)
-Requires: golang(github.com/cri-o/ocicni/pkg/ocicni)
-Requires: golang(github.com/docker/distribution/reference)
-Requires: golang(github.com/docker/docker/daemon/caps)
-Requires: golang(github.com/docker/docker/pkg/mount)
-Requires: golang(github.com/docker/docker/pkg/namesgenerator)
-Requires: golang(github.com/docker/docker/pkg/stringid)
-Requires: golang(github.com/docker/docker/pkg/system)
-Requires: golang(github.com/docker/docker/pkg/term)
-Requires: golang(github.com/docker/docker/pkg/truncindex)
-Requires: golang(github.com/ghodss/yaml)
-Requires: golang(github.com/godbus/dbus)
-Requires: golang(github.com/mattn/go-sqlite3)
-Requires: golang(github.com/mrunalp/fileutils)
-Requires: golang(github.com/opencontainers/go-digest)
-Requires: golang(github.com/opencontainers/image-spec/specs-go/v1)
-Requires: golang(github.com/opencontainers/runc/libcontainer)
-Requires: golang(github.com/opencontainers/runtime-spec/specs-go)
-Requires: golang(github.com/opencontainers/runtime-tools/generate)
-Requires: golang(github.com/opencontainers/selinux/go-selinux)
-Requires: golang(github.com/opencontainers/selinux/go-selinux/label)
-Requires: golang(github.com/pkg/errors)
-Requires: golang(github.com/sirupsen/logrus)
-Requires: golang(github.com/ulule/deepcopier)
-Requires: golang(golang.org/x/crypto/ssh/terminal)
-Requires: golang(golang.org/x/sys/unix)
-Requires: golang(k8s.io/apimachinery/pkg/util/wait)
-Requires: golang(k8s.io/client-go/tools/remotecommand)
-Requires: golang(k8s.io/kubernetes/pkg/kubelet/container)
-
-Provides: golang(%{import_path}/cmd/%{name}/docker) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/cmd/%{name}/formats) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/libkpod) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/%{name}) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/%{name}/common) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/%{name}/driver) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/%{name}/layers) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/pkg/annotations) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/pkg/chrootuser) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/pkg/registrar) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/pkg/storage) = %{epoch}:%{version}-%{release}
-Provides: golang(%{import_path}/utils) = %{epoch}:%{version}-%{release}
-
-%description devel
-%{summary}
-
-This package contains library source intended for
-building other packages which use import path with
-%{import_path} prefix.
-%endif
-
-%if 0%{?with_unit_test} && 0%{?with_devel}
-%package unit-test-devel
-Summary:         Unit tests for %{name} package
-%if 0%{?with_check}
-#Here comes all BuildRequires: PACKAGE the unit tests
-#in %%check section need for running
-%endif
-
-# test subpackage tests code from devel subpackage
-Requires: %{name}-devel = %{epoch}:%{version}-%{release}
-
-%if 0%{?with_check} && ! 0%{?with_bundled}
-BuildRequires: golang(github.com/stretchr/testify/assert)
-BuildRequires: golang(github.com/urfave/cli)
-%endif
-
-Requires: golang(github.com/stretchr/testify/assert)
-Requires: golang(github.com/urfave/cli)
-
-%description unit-test-devel
-%{summary}
-%{repo} provides a library for applications looking to use the
-Container Pod concept popularized by Kubernetes.
-
-This package contains unit tests for project
-providing packages with %{import_path} prefix.
-%endif
-
-%if 0%{?fedora} || 0%{?rhel}
-%package tests
-Summary: Tests for %{name}
-
-Requires: %{name} = %{epoch}:%{version}-%{release}
-Requires: bats
-Requires: jq
-Requires: skopeo
-Requires: nmap-ncat
-Requires: httpd-tools
-Requires: openssl
-Requires: socat
-
-%description tests
-%{summary}
-
-This package contains system tests for %{name}
-
+%if %{with varlink}
 %package remote
 Summary: (Experimental) Remote client for managing %{name} containers

@ -390,11 +125,25 @@ Remote client for managing %{name} containers.
 This experimental remote client is under heavy development. Please do not
 run %{name}-remote in production.

-%{name}-remote uses the version 2 API to connect to a %{name} client to
+%{name}-remote uses the varlink connection to connect to a %{name} client to
 manage pods, containers and container images. %{name}-remote supports ssh
 connections as well.
 %endif

+%package catatonit
+Summary: A signal-forwarding process manager for containers
+Requires: %{name} = %{version}-%{release}
+
+%description catatonit
+Catatonit is a /sbin/init program for use within containers. It
+forwards (almost) all signals to the spawned child, tears down
+the container when the spawned child exits, and otherwise
+cleans up other exited processes (zombies).
+
+This is a reimplementation of other container init programs (such as
+"tini" or "dumb-init"), but uses modern Linux facilities (such as
+signalfd(2)) and has no additional features.
+
 %package plugins
 Summary: Plugins for %{name}
 Requires: dnsmasq
@ -407,15 +156,36 @@ that dnsmasq will read in.  Similarly, when a pod
 is removed from the network, it will remove the entry from the hosts
 file.  Each CNI network will have its own dnsmasq instance.

-%prep
-%autosetup -Sgit -n %{name}-%{commit0}
+%package tests
+Summary: Tests for %{name}
+Requires: %{name} = %{version}-%{release}
+#Requires: bats  (which RHEL8 doesn't have. If it ever does, un-comment this)
+Requires: nmap-ncat
+Requires: jq

-# untar dnsname
-tar zxf %{SOURCE1}
+%description tests
+%{summary}
+
+This package contains system tests for %{name}
+
+%prep
+%if 0%{?branch:1}
+%autosetup -Sgit -n %{project}-%{name}-%{shortcommit0}
+%else
+%autosetup -Sgit -n %{name}-%{commit0}
+%endif
+tar fx %{SOURCE1}
+tar fx %{SOURCE2}
+
+mv pkg/hooks/README.md pkg/hooks/README-hooks.md
+
+# this is shipped by skopeo: containers-common subpackage
+rm -rf docs/source/markdown/containers-mounts.conf.5.md

 %build
 export GO111MODULE=off
-export GOPATH=$(pwd)/_build:$(pwd)
+export GOPATH=$(pwd):$(pwd)/_build
+export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"

 mkdir _build
 pushd _build
@ -424,113 +194,97 @@ ln -s ../../../../ src/%{import_path}
 popd
 ln -s vendor src

-# build %%{name}
-export BUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) $(hack/selinux_tag.sh) $(hack/systemd_tag.sh)"
-%if 0%{?centos}
-export BUILDTAGS+=" containers_image_ostree_stub"
+rm -rf vendor/github.com/containers/storage/drivers/register/register_btrfs.go
+%if %{with varlink}
+%gogenerate ./pkg/varlink/...
 %endif

+# build %%{name}
+export BUILDTAGS="systemd selinux seccomp btrfs_noversion exclude_graphdriver_devicemapper $(hack/libdm_tag.sh)"
+%if %{with varlink}
+export BUILDTAGS+=" varlink"
+%endif
 # build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here?
 LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)"
-
 %gobuild -o bin/%{name} %{import_path}/cmd/%{name}

 # build %%{name}-remote
-export BUILDTAGS+=" exclude_graphdriver_btrfs btrfs_noversion remote"
+export BUILDTAGS="remote $BUILDTAGS"
 %gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name}

-pushd dnsname-%{commit_plugins}
-mkdir _build
-pushd _build
-mkdir -p src/%{provider}.%{provider_tld}/%{project}
-ln -s ../../../../ src/%{import_path_plugins}
-popd
-ln -s vendor src
-export GOPATH=$(pwd)/_build:$(pwd)
-%gobuild -o bin/dnsname %{import_path_plugins}/plugins/meta/dnsname
-popd
-
 %{__make} docs

-%install
-rm -rf docs/containers-mounts.conf.5.md
+# build catatonit
+unset LDFLAGS
+pushd catatonit-%{cataver}
+autoreconf -fi
+%configure
+%{__make} %{?_smp_mflags}
+# Make sure we *always* build a static binary for catatonit. Otherwise we'll break containers
+# that don't have the necessary shared libs.
+file catatonit | grep 'statically linked'
+if [ $? != 0 ]; then
+   echo "ERROR: catatonit binary must be statically linked!"
+   exit 1
+fi
+popd

+# build dnsname plugin
+unset LDFLAGS
+pushd dnsname-%{dnsnamever}
+mkdir _build
+pushd _build
+mkdir -p src/%{provider}.%{provider_tld}/%{project}
+ln -s ../../../../ src/github.com/containers/dnsname
+popd
+ln -s vendor src
+export GOPATH=$(pwd)/_build:$(pwd)
+%gobuild -o bin/dnsname github.com/containers/dnsname/plugins/meta/dnsname
+popd
+
+%install
 install -dp %{buildroot}%{_unitdir}
-PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \
+install -dp %{buildroot}%{_userunitdir}
+install -dp %{buildroot}%{_tmpfilesdir}
+PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} \
+        ETCDIR=%{buildroot}%{_sysconfdir} \
+%if %{with varlink}
+        BUILDTAGS="varlink" \
+%endif
        install.bin-nobuild \
+        install.remote-nobuild \
        install.man-nobuild \
        install.cni \
        install.systemd \
        install.completions \
-        install.docker \
-%if 0%{?fedora} || 0%{?rhel}
-        install.remote-nobuild \
-%endif
+        install.docker

-mv pkg/hooks/README.md pkg/hooks/README-hooks.md
-
-# install plugins
-pushd dnsname-%{commit_plugins}
-%{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
-popd
+# install test scripts, but not the internal helpers.t meta-test
+ln -s ./ ./vendor/src # ./vendor/src -> ./vendor
+install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
+cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
+rm -f               %{buildroot}/%{_datadir}/%{name}/test/system/*.t

 # do not include docker and podman-remote man pages in main package
 for file in `find %{buildroot}%{_mandir}/man[15] -type f | sed "s,%{buildroot},," | grep -v -e remote -e docker`; do
    echo "$file*" >> podman.file-list
 done

-# do not install remote manpages on centos7
-%if 0%{?centos} && 0%{?centos} < 8
-rm -rf %{buildroot}%{_mandir}/man1/docker-remote.1
-rm -rf %{buildroot}%{_mandir}/man1/%{name}-remote.1
-rm -rf %{buildroot}%{_mandir}/man5/%{name}-remote.conf.5
-%endif
+# install catatonit
+install -dp %{buildroot}%{_libexecdir}/catatonit
+install -p catatonit-%{cataver}/catatonit %{buildroot}%{_libexecdir}/catatonit
+install -dp %{buildroot}%{_libexecdir}/podman
+install -dp %{buildroot}%{_datadir}/licenses/podman-catatonit
+install -p catatonit-%{cataver}/COPYING %{buildroot}%{_datadir}/licenses/podman-catatonit/COPYING
+ln -s %{_libexecdir}/catatonit/catatonit %{buildroot}%{_libexecdir}/podman/catatonit

-# source codes for building projects
-%if 0%{?with_devel}
-install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
-
-echo "%%dir %%{gopath}/src/%%{import_path}/." >> devel.file-list
-# find all *.go but no *_test.go files and generate devel.file-list
-for file in $(find . \( -iname "*.go" -or -iname "*.s" \) \! -iname "*_test.go" | grep -v "vendor") ; do
-    dirprefix=$(dirname $file)
-    install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$dirprefix
-    cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
-    echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list
-
-    while [ "$dirprefix" != "." ]; do
-        echo "%%dir %%{gopath}/src/%%{import_path}/$dirprefix" >> devel.file-list
-        dirprefix=$(dirname $dirprefix)
-    done
-done
-%endif
-
-# testing files for this project
-%if 0%{?with_unit_test} && 0%{?with_devel}
-install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
-# find all *_test.go files and generate unit-test-devel.file-list
-for file in $(find . -iname "*_test.go" | grep -v "vendor") ; do
-    dirprefix=$(dirname $file)
-    install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$dirprefix
-    cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
-    echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test-devel.file-list
-
-    while [ "$dirprefix" != "." ]; do
-        echo "%%dir %%{gopath}/src/%%{import_path}/$dirprefix" >> devel.file-list
-        dirprefix=$(dirname $dirprefix)
-    done
-done
-%endif
-
-%if 0%{?with_devel}
-sort -u -o devel.file-list devel.file-list
-%endif
+# install dnsname plugin
+pushd dnsname-%{dnsnamever}
+%{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
+popd

 %check
-%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel}
-%if ! 0%{?with_bundled}
-export GOPATH=%{buildroot}/%{gopath}:%{gopath}
-%else
+%if 0%{?with_check}
 # Since we aren't packaging up the vendor directory we need to link
 # back to it somehow. Hack it up so that we can add the vendor
 # directory from BUILD dir as a gopath to be searched when executing
@ -538,7 +292,6 @@ export GOPATH=%{buildroot}/%{gopath}:%{gopath}
 ln -s ./ ./vendor/src # ./vendor/src -> ./vendor

 export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
-%endif

 %if ! 0%{?gotest:1}
 %global gotest go test
@ -550,9 +303,6 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %gotest %{import_path}/pkg/registrar
 %endif

-install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
-cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
-
 %triggerpostun -- %{name} < 1.1
 %{_bindir}/%{name} system renumber
 exit 0
@ -560,7 +310,7 @@ exit 0
 #define license tag if not already defined
 %{!?_licensedir:%global license %doc}

-%files -f %{name}.file-list
+%files -f podman.file-list
 %license LICENSE
 %doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md transfer.md
 %{_bindir}/%{name}
@ -569,53 +319,52 @@ exit 0
 %dir %{_datadir}/zsh/site-functions
 %{_datadir}/zsh/site-functions/_%{name}
 %config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist
-%{_unitdir}/%{name}-auto-update.service
-%{_unitdir}/%{name}-auto-update.timer
 %{_unitdir}/%{name}.service
 %{_unitdir}/%{name}.socket
-%{_userunitdir}/%{name}-auto-update.service
-%{_userunitdir}/%{name}-auto-update.timer
+%{_unitdir}/%{name}-auto-update.service
+%{_unitdir}/%{name}-auto-update.timer
 %{_userunitdir}/%{name}.service
 %{_userunitdir}/%{name}.socket
+%{_userunitdir}/%{name}-auto-update.service
+%{_userunitdir}/%{name}-auto-update.timer
+%if %{with varlink}
+%{_unitdir}/io.%{name}.service
+%{_unitdir}/io.%{name}.socket
+%{_userunitdir}/io.%{name}.service
+%{_userunitdir}/io.%{name}.socket
+%{_tmpfilesdir}/%{name}.conf
+%endif

 %files docker
 %{_bindir}/docker
 %{_mandir}/man1/docker*.1*
 %{_usr}/lib/tmpfiles.d/%{name}-docker.conf

-%if 0%{?with_devel}
-%files -n libpod-devel -f devel.file-list
-%license LICENSE
-%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md transfer.md
-%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project}
-%endif
-
-%if 0%{?with_unit_test} && 0%{?with_devel}
-%files unit-test-devel -f unit-test-devel.file-list
-%license LICENSE
-%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md transfer.md
-%endif
-
-#### DO NOT REMOVE - NEEDED FOR CENTOS
-%if 0%{?fedora} || 0%{?rhel}
 %files remote
-%license LICENSE
 %{_bindir}/%{name}-remote
-%{_mandir}/man1/%{name}-remote*.*
-#%%{_datadir}/man/man5/%%{name}-remote*.*
+%{_mandir}/man1/%{name}-remote*.1*
+
+%files catatonit
+%license COPYING
+%doc README.md
+%dir %{_libexecdir}/catatonit
+%{_libexecdir}/catatonit/catatonit
+%dir %{_libexecdir}/podman
+%{_libexecdir}/podman/catatonit
+
+%files plugins
+%license dnsname-%{dnsnamever}/LICENSE
+%doc dnsname-%{dnsnamever}/{README.md,README_PODMAN.md}
+%{_libexecdir}/cni/dnsname

 %files tests
 %license LICENSE
 %{_datadir}/%{name}/test
-%endif

-%files plugins
-%license dnsname-%{commit_plugins}/LICENSE
-%doc dnsname-%{commit_plugins}/{README.md,README_PODMAN.md}
-%{_libexecdir}/cni/dnsname
-
-# rhcontainerbot account currently managed by lsm5
 %changelog
+* Thu Oct 29 2020 Jindrich Novy <jnovy@redhat.com> - 2.1.1-0.32.dev.git9f6d6ba
+- synchronize with stream-container-tools-rhel8
+
 * Wed Oct 14 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.2.0-0.31.dev.gitd30b4b7
 - autobuilt d30b4b7

--- a/5
+++ b/5
@ -1,2 +1,3 @@
-SHA512 (dnsname-8a6a8a4.tar.gz) = 7ee1edd091264f804056c69d5eac0ef8e825cbdae268caeed12700c966724c57348a14aee509e9ab559be349025b0c5357f441c3b4e34c3c02568a51ae223401
-SHA512 (podman-d30b4b7.tar.gz) = a7046b545b6a7ef69d6fcf7392abe0f8205ba148b98f162ecda3825766f2b6aeb27a0fb2e03a69c7444b5bd2b97f46e7805d350e2a6d7dedde5e8c32bc788860
+3430bd8ad460696469401d72ecae79b3  v0.1.5.tar.gz
+d6488b5f476d43fef373719088077deb  v1.0.0.tar.gz
+863a5a5407168d2b44ddc34214db3b7f  v2.1.1.tar.gz
--- a/tests/README
+++ b/tests/README
@ -1,25 +0,0 @@
-I'm sorry. The playbooks here are a much-too-complicated way of saying:
-
-   - test podman (root and rootless) under cgroups v2
-   - reboot into cgroups v1
-   - repeat the same podman tests
-
-We can't use standard-test-basic any more because, tl;dr, that has to
-be the last stanza in the playbook and it doesn't offer any mechanism
-for running a reboot in the middle of tests. (I actually found a way
-but it was even uglier than this approach).
-
-The starting point is tests.yml . From there:
-
-    tests.yml
-      \- test_podman.yml
-           |- roles/rootless_user_ready/
-           \- test_podman_cgroups_vn.yml    (runs twice: cgroups v2, v1)
-                |- roles/set_cgroups/
-                \- roles/run_bats_tests/    (runs tests: root, rootless)
-
-Principal result is the file 'artifacts/test.log'. It will contain
-one line for each test run, format will be '(PASS|FAIL|ERROR) <test name>'
-
-For each completed test there will also be a 'test.<name>.bats.log'
-containing some setup blurbs (RPMs, environment) and the full BATS log.
--- a/tests/check_results.yml
+++ b/tests/check_results.yml
@ -1,36 +0,0 @@
---
-# Copied from standard-test-basic
-# ...and, 2020-05-13, updated, looks like they changed the whole thing around
- name: Check the results
-  local_action:
-    module: shell
-    cmd: |
-      log="{{ artifacts }}/test.log"
-      if [ ! -f "$log" ]; then
-          echo ERROR
-          echo "Test results not found." 1>&2
-      elif grep ^ERROR "$log" 1>&2; then
-          echo ERROR
-      elif grep ^FAIL "$log" 1>&2; then
-          echo FAIL
-      elif grep -q ^PASS "$log"; then
-          echo PASS
-      else
-          echo ERROR
-          echo "No test results found." 1>&2
-      fi
-  register: test_results
-
- name: Set role result
-  set_fact:
-    role_result: "{{ test_results.stdout }}"
-    role_message: "{{ test_results.stderr|d('test execution error.') }}"
-
- name: display results
-  vars:
-    msg: |
-       role_result:  {{ role_result|d('Undefined') }}
-       {{ role_message|d('[No error messages found]') }}
-  debug:
-    msg: "{{ msg.split('\n') }}"
-  failed_when: role_message|d("") != ""
--- a/tests/roles/bats_installed/tasks/main.yml
+++ b/tests/roles/bats_installed/tasks/main.yml
@ -0,0 +1,12 @@
+---
+# Sigh; RHEL8 doesn't have BATS
+- name: bats | fetch and unpack tarball
+  unarchive:
+    src: https://github.com/bats-core/bats-core/archive/v1.1.0.tar.gz
+    dest: /root
+    remote_src: true
+
+- name: bats | install
+  command: ./install.sh /usr/local
+  args:
+    chdir: /root/bats-core-1.1.0
--- a/tests/roles/nonroot_user/tasks/main.yml
+++ b/tests/roles/nonroot_user/tasks/main.yml
@ -0,0 +1,7 @@
+---
+- name: create nonroot user
+  user:
+    name: testuser
+    shell: /bin/bash
+- name: enable linger
+  command: loginctl enable-linger testuser
--- a/tests/roles/rootless_user_ready/tasks/main.yml
+++ b/tests/roles/rootless_user_ready/tasks/main.yml
@ -1,6 +0,0 @@
---
- name: make sure rootless account exists
-  user: name={{ rootless_user }}
-
- name: rootless account | enable linger
-  shell: loginctl enable-linger {{ rootless_user }}
--- a/tests/roles/run_bats_tests/files/helper.buildah-root.sh
+++ b/tests/roles/run_bats_tests/files/helper.buildah-root.sh
@ -0,0 +1,38 @@
+#!/bin/bash
+#
+# setup and teardown helpers for buildah test
+#
+
+function setup() {
+    REGISTRY_FQIN=docker.io/library/registry:2
+
+    AUTHDIR=/tmp/buildah-tests-auth.$$
+    mkdir -p $AUTHDIR
+
+    CERT=$AUTHDIR/domain.crt
+    if [ ! -e $CERT ]; then
+        openssl req -newkey rsa:4096 -nodes -sha256 \
+                -keyout $AUTHDIR/domain.key -x509 -days 2 \
+                -out $AUTHDIR/domain.crt \
+                -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"
+    fi
+
+    if [ ! -e $AUTHDIR/htpasswd ]; then
+        podman run --rm --entrypoint htpasswd $REGISTRY_FQIN \
+               -Bbn testuser testpassword > $AUTHDIR/htpasswd
+    fi
+
+    podman run -d -p 5000:5000 \
+           --name registry \
+           -v $AUTHDIR:/auth:Z \
+           -e "REGISTRY_AUTH=htpasswd" \
+           -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
+           -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
+           -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
+           -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
+           $REGISTRY_FQIN
+}
+
+function teardown() {
+    podman rm -f registry
+}
--- a/tests/roles/run_bats_tests/files/run_bats_tests.sh
+++ b/tests/roles/run_bats_tests/files/run_bats_tests.sh
@ -7,46 +7,52 @@
 # directory /usr/share/foo/test/system, containing one or more .bats
 # test files.
 #
-# We create two files:
-#
-#    /tmp/test.summary.log - one-liner with FAIL, PASS, ERROR and a blurb
-#    /tmp/test.bats.log    - full log of this script, plus the BATS run
-#
+
 export PATH=/usr/local/bin:/usr/sbin:/usr/bin

-FULL_LOG=/tmp/test.bats.log
-rm -f $FULL_LOG
-touch $FULL_LOG
+FULL_LOG=/tmp/test.debug.log
+BATS_LOG=/tmp/test.bats.log
+rm -f $FULL_LOG $BATS_LOG
+touch $FULL_LOG $BATS_LOG

-# Preserve output to a log file, but also emit on stdout. This covers
-# RHEL (which preserves logfiles but runs ansible without --verbose)
-# and Fedora (which hides logfiles but runs ansible --verbose).
-exec &> >(tee -a $FULL_LOG)
+exec &> $FULL_LOG

 # Log program versions
 echo "Packages:"
-rpm -qa |\
-    egrep 'podman|conmon|crun|runc|iptable|slirp|systemd|container-selinux' |\
-    sort |\
-    sed -e 's/^/  /'
+rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests

-divider='------------------------------------------------------------------'
-echo $divider
+echo "------------------------------"
 printenv | sort
-echo $divider

 testdir=/usr/share/${TEST_PACKAGE}/test/system

 if ! cd $testdir; then
-    echo "FAIL ${TEST_NAME} : cd $testdir"      > /tmp/test.summary.log
+    echo "FAIL ${TEST_NAME} : cd $testdir"      >> /tmp/test.log
    exit 0
 fi

+if [ -e /tmp/helper.sh ]; then
+    echo "------------------------------"
+    echo ". /tmp/helper.sh"
+    . /tmp/helper.sh
+fi
+
+if [ "$(type -t setup)" = "function" ]; then
+    echo "------------------------------"
+    echo "\$ setup"
+    setup
+    if [ $? -ne 0 ]; then
+        echo "FAIL ${TEST_NAME} : setup"       >> /tmp/test.log
+        exit 0
+    fi
+fi
+
+echo "------------------------------"
 echo "\$ bats ."
-bats .
+bats . &> $BATS_LOG
 rc=$?

-echo $divider
+echo "------------------------------"
 echo "bats completed with status $rc"

 status=PASS
@ -54,7 +60,13 @@ if [ $rc -ne 0 ]; then
    status=FAIL
 fi

-echo "${status} ${TEST_NAME}" > /tmp/test.summary.log
+echo "${status} ${TEST_NAME}" >> /tmp/test.log
+
+if [ "$(type -t teardown)" = "function" ]; then
+    echo "------------------------------"
+    echo "\$ teardown"
+    teardown
+fi

 # FIXME: for CI purposes, always exit 0. This allows subsequent tests.
 exit 0
--- a/tests/roles/run_bats_tests/tasks/main.yml
+++ b/tests/roles/run_bats_tests/tasks/main.yml
@ -8,3 +8,30 @@
  with_items: "{{ tests }}"
  loop_control:
    loop_var: test
+
+- name: pull test.log results
+  fetch:
+    src: "/tmp/test.log"
+    dest: "{{ artifacts }}/test.log"
+    flat: yes
+
+# Copied from standard-test-basic
+- name: check results
+  shell: grep "^FAIL" /tmp/test.log
+  register: test_fails
+  # Never fail at this step. Just store result of tests.
+  failed_when: False
+
+- name: preserve results
+  set_fact:
+    role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}"
+    role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}"
+
+- name: display results
+  vars:
+    msg: |
+       Tests failed: {{ role_result_failed|d('Undefined') }}
+       Tests msg: {{ role_result_msg|d('None') }}
+  debug:
+    msg: "{{ msg.split('\n') }}"
+  failed_when: "role_result_failed|bool"
--- a/tests/roles/run_bats_tests/tasks/run_one_test.yml
+++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml
@ -25,17 +25,14 @@
  copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh
  when: helper.stat.exists

-# This is what runs the BATS tests.
 - name: "{{ test.name }} | run test"
  script: ./run_bats_tests.sh
  args:
    chdir: /usr/share/{{ test.package }}/test/system
  become: "{{ true if test.become is defined else false }}"
-  become_user: "{{ rootless_user }}"
+  become_user: testuser
  environment: "{{ local_environment | combine(test.environment) }}"

-# BATS tests will always exit zero and should leave behind two files:
-# a full log (test.bats.log) and a one-line PASS/FAIL file (.summary.log)
 - name: "{{ test.name }} | pull logs"
  fetch:
    src: "/tmp/test.{{ item }}.log"
@ -43,25 +40,7 @@
    flat: yes
  with_items:
    - bats
-    - summary
-
-# Collect all the one-line PASS/FAIL results in one file, test.log
-# Write the same thing, in a different format, to results.yml
-#   https://docs.fedoraproject.org/en-US/ci/standard-test-interface/
- name: "{{ test.name }} | keep running tally of test results"
-  local_action:
-    module: shell
-    cmd: |
-      cd {{ artifacts }}
-      cat "test.{{ test_name_oneword }}.summary.log" >>test.log
-
-      status=$(awk '{print $1}' <test.{{ test_name_oneword }}.summary.log | tr A-Z a-z)
-      echo "- test: {{ test.name }}"                        >>results.yml
-      echo "  result: $status"                              >>results.yml
-      echo "  logs: test.{{ test_name_oneword }}.bats.log"  >>results.yml
-
-      # delete the oneliner file, to keep artifacts dir clean
-      rm -f test.{{ test_name_oneword }}.summary.log
+    - debug

 - name: "{{ test.name }} | remove remote logs and helpers"
  file:
@ -69,19 +48,5 @@
    state=absent
  with_items:
    - test.bats.log
-    - test.summary.log
+    - test.debug.log
    - helper.sh
-
-# AAAAARGH!
-#
-# Fedora gating tests are failing, because str-common-final/tasks/main.yml
-# tries to pull test.log and other logs from $remote_host:/tmp/artifacts .
-# Those don't exist, because I track status and artifacts locally, because
-# with the reboot I can't rely on /tmp being preserved.
-# I see no way to tell str-common-final to skip this step; so let's just
-# push logs over upon completion of each subtest.
- name: keep remote artifacts synced
-  synchronize:
-    src:  "{{ artifacts }}/"
-    dest: "{{ remote_artifacts|d('/tmp/artifacts') }}/"
-    mode: push
--- a/tests/roles/set_cgroups/tasks/main.yml
+++ b/tests/roles/set_cgroups/tasks/main.yml
@ -1,75 +0,0 @@
---
-# Check the CURRENT cgroup level; we get this from /proc/cmdline
- name: check current kernel options
-  shell: fgrep systemd.unified_cgroup_hierarchy=0 /proc/cmdline
-  register: result
-  ignore_errors: true
-
- name: determine current cgroups | assume v2
-  set_fact: current_cgroups=2
-
- name: determine current cgroups | looks like v1
-  set_fact: current_cgroups=1
-  when: result is succeeded
-
- debug:
-    msg: "want: v{{ want_cgroups }}  actual: v{{ current_cgroups }}"
-
- name: grubenv, pre-edit, cat
-  shell: cat /boot/grub2/grubenv
-  register: grubenv
-
- name: grubenv, pre-edit, show
-  debug:
-    msg: "{{ grubenv.stdout_lines }}"
-
-# Update grubenv file to reflect the desired cgroup level
- name: remove cgroup option from kernel flags
-  shell:
-    cmd: sed -i -e "s/^\(kernelopts=.*\)systemd\.unified_cgroup_hierarchy=.\(.*\)/\1 \2/" /boot/grub2/grubenv
-    warn: false
-
- name: add it with the desired value
-  shell:
-    cmd: sed -i -e "s/^\(kernelopts=.*\)/\1 systemd.unified_cgroup_hierarchy=0/" /boot/grub2/grubenv
-    warn: false
-  when: want_cgroups == 1
-
- name: grubenv, post-edit, cat
-  shell: cat /boot/grub2/grubenv
-  register: grubenv
-
- name: grubenv, post-edit, show
-  debug:
-    msg: "post: {{ grubenv.stdout_lines }}"
-
-# If want != have, reboot
- name: reboot and wait
-  block:
-    - name: reboot
-      reboot:
-        reboot_timeout: 900
-      ignore_errors: yes
-    - name: wait and reconnect
-      wait_for_connection:
-        timeout: 900
-  when: want_cgroups|int != current_cgroups|int
-
- set_fact:
-    expected_fstype:
-      - none
-      - tmpfs
-      - cgroup2fs
-
- name: confirm cgroups setting
-  shell: stat -f -c "%T" /sys/fs/cgroup
-  register: fstype
-
- debug:
-    msg: "stat(/sys/fs/cgroup) = {{ fstype.stdout }}"
-
- name: system cgroups is the expected type
-  assert:
-    that:
-      - fstype.stdout == expected_fstype[want_cgroups|int]
-    fail_msg: "stat(/sys/fs/cgroup) = {{ fstype.stdout }} (expected {{ expected_fstype[want_cgroups|int] }})"
--- a/tests/test_podman.yml
+++ b/tests/test_podman.yml
@ -1,44 +0,0 @@
---
- hosts: localhost
-  tags:
-    - classic
-    - container
-  vars:
-  - artifacts: ./artifacts
-    rootless_user: testuser
-  roles:
-  - role: rootless_user_ready
-
-  tasks:
-  # At the start of a run, clean up state. Useful for test reruns.
-  - name: local artifacts directory exists
-    local_action: file path="{{ artifacts }}" state=directory
-
-  - name: remove stale log files
-    local_action: shell rm -f {{ artifacts }}/test*.log
-
-  - name: clear test results (test.log)
-    local_action: command truncate --size=0 {{ artifacts }}/test.log
-
-  - name: clear test results (results.yml)
-    local_action: copy content="results:\n" dest={{ artifacts }}/results.yml
-
-  # These are the actual tests: set cgroups vN, then run root/rootless tests.
-  #
-  # FIXME FIXME FIXME: 2020-05-21: 'loop' should be '2, 1' but there's some
-  # nightmarish bug in CI wherein reboots hang forever. There's a bug open[1]
-  # but it seems dead. Without a working reboot, there's no way to test v1.
-  #  [1] https://redhat.service-now.com/surl.do?n=PNT0808530
-  # I'm leaving this as a 'loop' in (foolish? vain?) hope that the bug will
-  # be fixed. Let's revisit this after, say, 2020-08. If the bug persists
-  # then let's just revert the entire cgroups v1 change, and go back to
-  # using standard-test-basic.
-  - name: set cgroups and run podman tests
-    include_tasks: test_podman_cgroups_vn.yml
-    loop: [ 2 ]
-    loop_control:
-      loop_var: want_cgroups
-
-  # Postprocessing: check for FAIL or ERROR in any test, exit 1 if so
-  - name: check results
-    include_tasks: check_results.yml
--- a/tests/test_podman_cgroups_vn.yml
+++ b/tests/test_podman_cgroups_vn.yml
@ -1,19 +0,0 @@
---
-# Requires: 'want_cgroups' variable set to 1 or 2
- include_role:
-    name: set_cgroups
- include_role:
-    name: run_bats_tests
-  vars:
-    tests:
-    # Yes, this is horrible duplication, but trying to refactor in ansible
-    # yields even more horrible unreadable code. This is the lesser evil.
-    - name: podman root cgroupsv{{ want_cgroups }}
-      package: podman
-      environment:
-        PODMAN: /usr/bin/podman
-    - name: podman rootless cgroupsv{{ want_cgroups }}
-      package: podman
-      environment:
-        PODMAN: /usr/bin/podman
-      become: true
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1 +1,36 @@
- import_playbook: test_podman.yml
+---
+- hosts: localhost
+  tags:  classic
+  vars:
+  - artifacts: ./artifacts
+  roles:
+  - role: bats_installed
+  - role: nonroot_user
+  - role: run_bats_tests
+    tests:
+    - name:    podman root
+      package: podman
+      environment:
+        PODMAN: /usr/bin/podman
+
+    - name:    podman nonroot
+      package: podman
+      environment:
+        PODMAN: /usr/bin/podman
+      become:  true
+
+      #- name:    podman-remote root
+      #package: podman
+      #environment:
+      #  PODMAN: /usr/bin/podman-remote
+
+    - name:    buildah root
+      package: buildah
+      environment:
+        BUILDAH_BINARY: /usr/bin/buildah
+        IMGTYPE_BINARY: /usr/bin/buildah-imgtype
+
+    - name:    skopeo root
+      package: skopeo
+      environment:
+        SKOPEO_BINARY: /usr/bin/skopeo