import podman-4.0.2-4.el9_0

.gitignore

@@ -1,5 +1,5 @@
+SOURCES/dnsname-18822f9.tar.gz
 SOURCES/podman-machine-cni-0749884.tar.gz
 SOURCES/v0.1.0.tar.gz
 SOURCES/v0.1.7.tar.gz
-SOURCES/v1.3.0.tar.gz
-SOURCES/v3.4-63134a1.tar.gz
+SOURCES/v4.0-rhel-bb1e6e6.tar.gz

.podman.metadata

@@ -1,5 +1,5 @@
+00c35447384f51ccc2360965b80868fc91293711 SOURCES/dnsname-18822f9.tar.gz
 70b08b173bdf0d1325fce035c186b43085865587 SOURCES/podman-machine-cni-0749884.tar.gz
 d2be14e364fef2d95c61cdac528219548640f6d4 SOURCES/v0.1.0.tar.gz
 94419a237f932ff2a79c91f6e3005034d9c367a5 SOURCES/v0.1.7.tar.gz
-667dcf5bea5992e18963bac6b833053a0d8b1eaa SOURCES/v1.3.0.tar.gz
-6ca6091f4f21ae2e3f5990d97281e61c72a0c917 SOURCES/v3.4-63134a1.tar.gz
+188ffd5d89ff6b21fa45425a7cb183554a3bba9e SOURCES/v4.0-rhel-bb1e6e6.tar.gz

SPECS/podman.spec

@@ -6,21 +6,17 @@
 %global _find_debuginfo_dwz_opts %{nil}
 %global _dwz_low_mem_die_limit 0
 
-%if 0%{?rhel} > 7 && ! 0%{?fedora}
 %define gobuild(o:) \
-go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
-%else
-%if ! 0%{?gobuild:1}
-%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**};
-%endif
-%endif
+GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
 
 %global import_path github.com/containers/podman
-%global branch v3.4
-%global commit0 63134a1ef8e85395fb0aedbe966fb6b4f1d91470
+%global branch v4.0-rhel
+%global commit0 bb1e6e6b7bebed89a5a2e9653e1447aa5a3c79e0
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 %global cataver 0.1.7
-%global dnsnamever 1.3.0
+#%%global dnsnamever 1.3.0
+%global commit_dnsname 18822f9a4fb35d1349eb256f4cd2bfd372474d84
+%global shortcommit_dnsname %(c=%{commit_dnsname}; echo ${c:0:7})
 %global gvproxyrepo gvisor-tap-vsock
 %global gvproxyver 0.1.0
 %global commit_mcni 0749884b8d1a455c68da30789e37811ec0809d51
@@ -28,8 +24,8 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
 
 Epoch: 2
 Name: podman
-Version: 3.4.5
-Release: 0.7%{?dist}
+Version: 4.0.2
+Release: 4%{?dist}
 Summary: Manage Pods, Containers and Container Images
 License: ASL 2.0 and GPLv3+
 URL: https://%{name}.io/
@@ -39,19 +35,20 @@ Source0: https://%{import_path}/tarball/%{commit0}/%{branch}-%{shortcommit0}.tar
 Source0: https://%{import_path}/archive/%{commit0}/%{name}-%{version}-%{shortcommit0}.tar.gz
 %endif
 Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz
-Source2: https://github.com/containers/dnsname/archive/v%{dnsnamever}.tar.gz
+#Source2: https://github.com/containers/dnsname/archive/v%%{dnsnamever}.tar.gz
+Source2: https://github.com/containers/dnsname/archive/%{commit_dnsname}/dnsname-%{shortcommit_dnsname}.tar.gz
 Source3: https://github.com/containers/%{name}-machine-cni/archive/%{commit_mcni}/%{name}-machine-cni-%{shortcommit_mcni}.tar.gz
 Source4: https://github.com/containers/%{gvproxyrepo}/archive/v%{gvproxyver}.tar.gz
 # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
 ExclusiveArch: %{go_arches}
 Provides: %{name}-manpages = %{epoch}:%{version}-%{release}
 Obsoletes: %{name}-manpages < %{epoch}:%{version}-%{release}
-BuildRequires: golang >= 1.16.6
+BuildRequires: golang >= 1.17.7
 BuildRequires: glib2-devel
 BuildRequires: glibc-devel
 BuildRequires: glibc-static
 BuildRequires: git-core
-BuildRequires: go-md2man
+BuildRequires: /usr/bin/go-md2man
 BuildRequires: gpgme-devel
 BuildRequires: libassuan-devel
 BuildRequires: libgpg-error-devel
@@ -69,7 +66,7 @@ BuildRequires: automake
 BuildRequires: file
 BuildRequires: gcc
 BuildRequires: libtool
-Requires: containers-common >= 2:1-2
+Requires: containers-common >= 2:1-27
 Requires: containernetworking-plugins >= 0.9.1-1
 Requires: iptables
 Requires: nftables
@@ -182,7 +179,11 @@ dynamic port forwarding.
 %else
 %autosetup -Sgit -n %{name}-%{commit0}
 %endif
+sed -i 's;@@PODMAN@@\;$(BINDIR);@@PODMAN@@\;%{_bindir};' Makefile
 tar fx %{SOURCE1}
+pushd catatonit-%{cataver}
+sed -i '$d' configure.ac
+popd
 tar fx %{SOURCE2}
 tar fx %{SOURCE3}
 tar fx %{SOURCE4}
@@ -193,36 +194,11 @@ mv pkg/hooks/README.md pkg/hooks/README-hooks.md
 rm -rf docs/source/markdown/containers-mounts.conf.5.md
 
 %build
-export GO111MODULE=off
-export GOPATH=$(pwd):$(pwd)/_build
-export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
-
-mkdir _build
-pushd _build
-mkdir -p src/github.com/containers
-ln -s ../../../../ src/github.com/containers/podman
-popd
-ln -s vendor src
-
-rm -rf vendor/github.com/containers/storage/drivers/register/register_btrfs.go
-
-export BUILDTAGS="systemd selinux seccomp btrfs_noversion exclude_graphdriver_devicemapper $(hack/libdm_tag.sh) $(hack/libsubid_tag.sh)"
-# build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here?
-LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)"
-%gobuild -o bin/%{name} %{import_path}/cmd/%{name}
-
-# build %%{name}-remote
-export BUILDTAGS="remote $BUILDTAGS"
-%gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name}
-
-%{__make} docs
-
-# build catatonit
-unset LDFLAGS
-CFLAGS="%{optflags} -fPIE -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
+# build catatonit first because C code
 pushd catatonit-%{cataver}
 autoreconf -fi
 %configure
+CFLAGS="%{optflags} -fPIE -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
 %{__make} %{?_smp_mflags}
 # Make sure we *always* build a static binary for catatonit. Otherwise we'll break containers
 # that don't have the necessary shared libs.
@@ -233,9 +209,46 @@ if [ $? != 0 ]; then
 fi
 popd
 
+export GO111MODULE=off
+export GOPATH=$(pwd)/_build:$(pwd)
+CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
+# These extra flags present in $CFLAGS have been skipped for now as they break the build
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')
+
+%ifarch x86_64
+export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
+%endif
+
+mkdir _build
+pushd _build
+mkdir -p src/github.com/containers
+ln -s ../../../../ src/github.com/containers/podman
+popd
+ln -s vendor src
+
+rm -rf vendor/github.com/containers/storage/drivers/register/register_btrfs.go
+
+unset LDFLAGS
+# build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here?
+LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)"
+
+# build rootlessport
+%gobuild -o bin/rootlessport %{import_path}/cmd/rootlessport
+
+export BUILDTAGS="seccomp btrfs_noversion exclude_graphdriver_devicemapper exclude_graphdriver_btrfs $(hack/libdm_tag.sh) $(hack/selinux_tag.sh) $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)"
+%gobuild -o bin/%{name} %{import_path}/cmd/%{name}
+
+# build %%{name}-remote
+export BUILDTAGS="remote $BUILDTAGS"
+%gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name}
+
+%{__make} docs
+
 # build dnsname plugin
 unset LDFLAGS
-pushd dnsname-%{dnsnamever}
+pushd dnsname-%{commit_dnsname}
 mkdir _build
 pushd _build
 mkdir -p src/github.com/containers
@@ -247,7 +260,6 @@ export GOPATH=$(pwd)/_build:$(pwd)
 popd
 
 pushd %{name}-machine-cni-%{commit_mcni}
-unset LDFLAGS
 mkdir _build
 pushd _build
 mkdir -p src/github.com/containers
@@ -259,7 +271,6 @@ export GOPATH=$(pwd)/_build:$(pwd)
 popd
 
 pushd %{gvproxyrepo}-%{gvproxyver}
-unset LDFLAGS
 mkdir _build
 pushd _build
 mkdir -p src/github.com/containers
@@ -271,11 +282,10 @@ export GOPATH=$(pwd)/_build:$(pwd)
 popd
 
 %install
-PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} \
-        ETCDIR=%{buildroot}%{_sysconfdir} \
-        install.bin-nobuild \
-        install.remote-nobuild \
-        install.man-nobuild \
+PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \
+        install.bin \
+        install.remote \
+        install.man \
         install.systemd \
         install.completions \
         install.docker
@@ -300,7 +310,7 @@ install -p catatonit-%{cataver}/COPYING %{buildroot}%{_datadir}/licenses/podman-
 ln -s %{_libexecdir}/catatonit/catatonit %{buildroot}%{_libexecdir}/podman/catatonit
 
 # install dnsname plugin
-pushd dnsname-%{dnsnamever}
+pushd dnsname-%{commit_dnsname}
 %{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
 popd
 
@@ -346,6 +356,7 @@ exit 0
 %license LICENSE
 %doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md transfer.md
 %{_bindir}/%{name}
+%{_libexecdir}/%{name}/rootlessport
 %{_datadir}/bash-completion/completions/%{name}
 # By "owning" the site-functions dir, we don't need to Require zsh
 %dir %{_datadir}/zsh/site-functions
@@ -387,8 +398,8 @@ exit 0
 %{_libexecdir}/podman/catatonit
 
 %files plugins
-%license dnsname-%{dnsnamever}/LICENSE
-%doc dnsname-%{dnsnamever}/{README.md,README_PODMAN.md}
+%license dnsname-%{commit_dnsname}/LICENSE
+%doc dnsname-%{commit_dnsname}/{README.md,README_PODMAN.md}
 %{_libexecdir}/cni/dnsname
 %{_libexecdir}/cni/%{name}-machine
 
@@ -403,6 +414,114 @@ exit 0
 %{_libexecdir}/%{name}/gvproxy
 
 %changelog
+* Thu Mar 24 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.2-4
+- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel
+  (https://github.com/containers/podman/commit/bb1e6e6)
+- Resolves: #2066501
+
+* Mon Mar 21 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.2-3
+- rebuild with golang >= 1.17.5 (CVE-2021-44716, CVE-2021-44717)
+- rebuild with golang >= 1.17.7 to fix FIPS issues
+- Related: #1975396
+
+* Tue Mar 15 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.2-2
+- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel
+  (https://github.com/containers/podman/commit/9237d75)
+- Related: #2062835
+
+* Wed Mar 02 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.2-1
+- update to https://github.com/containers/podman/releases/tag/v4.0.2
+- Related: #2059681
+
+* Mon Feb 28 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.1-1
+- update to https://github.com/containers/podman/releases/tag/v4.0.1
+- Related: #2000051
+
+* Tue Feb 22 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:4.0.0-6
+- set catatonit cflags after configure step, don't explicitly set ldflags
+- Related: #2054115
+
+* Tue Feb 22 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:4.0.0-5
+- revert previous change and run `set_build_flags` before the build process
+- Related: #2054115
+
+* Tue Feb 22 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:4.0.0-4
+- add -D_FORTIFY_SOURCE=2 for podman-catatonit
+- Related: #2054115
+
+* Tue Feb 22 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:4.0.0-3
+- depend on containers-common >= 2:1-28
+- Related: #2000051
+
+* Mon Feb 21 2022 Lokesh Mandvekar <lsm5@redhat.com> - 2:4.0.0-2
+- use correct commit 49f8da72 for podman, previous commit said 4.0.1-dev
+- Related: #2000051
+
+* Fri Feb 18 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-1
+- update to podman-4.0.0 release
+- Related: #2000051
+
+* Thu Feb 17 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.32
+- update to the latest content of https://github.com/containers/podman/tree/v4.0
+  (https://github.com/containers/podman/commit/a34f279)
+- Related: #2000051
+
+* Tue Feb 15 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.31
+- update to the latest content of https://github.com/containers/podman/tree/v4.0
+  (https://github.com/containers/podman/commit/ab3e566)
+- Related: #2000051
+
+* Mon Feb 14 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.30
+- fix linker flags to assure -D_FORTIFY_SOURCE=2 is present at the command line
+- Related: #2000051
+
+* Mon Feb 14 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.29
+- update to the latest content of https://github.com/containers/podman/tree/v4.0
+  (https://github.com/containers/podman/commit/b0a445e)
+- Related: #2000051
+
+* Fri Feb 11 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.28
+- update to the latest content of https://github.com/containers/podman/tree/v4.0
+  (https://github.com/containers/podman/commit/c4a9aa7)
+- Related: #2000051
+
+* Thu Feb 10 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.27
+- update to the latest content of https://github.com/containers/podman/tree/v4.0
+  (https://github.com/containers/podman/commit/5b2d96f)
+- Related: #2000051
+
+* Wed Feb 09 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.26
+- set CGO_CFLAGS explicitly
+- Related: #2000051
+
+* Tue Feb 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.25
+- bump to 0.25 to have highest NVR
+- Related: #2000051
+
+* Tue Feb 08 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.4
+- rebuilt
+- Related: #2000051
+
+* Mon Feb 07 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.3
+- update to the latest content of https://github.com/containers/podman/tree/v4.0
+  (https://github.com/containers/podman/commit/2dca7b2)
+- Related: #2000051
+
+* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.2
+- update to the latest content of https://github.com/containers/podman/tree/v4.0
+  (https://github.com/containers/podman/commit/4ad9e00)
+- Related: #2000051
+
+* Fri Feb 04 2022 Jindrich Novy <jnovy@redhat.com> - 2:4.0.0-0.1
+- update to the latest content of https://github.com/containers/podman/tree/v4.0
+  (https://github.com/containers/podman/commit/337f706)
+- Related: #2000051
+
+* Thu Jan 27 2022 Jindrich Novy <jnovy@redhat.com> - 2:3.4.5-0.8
+- update to the latest content of https://github.com/containers/podman/tree/v3.4
+  (https://github.com/containers/podman/commit/a54320a)
+- Related: #2000051
+
 * Wed Jan 19 2022 Jindrich Novy <jnovy@redhat.com> - 2:3.4.5-0.7
 - add rootless_role (Ed Santiago)
 - Related: #2000051