From be337cba807dbe9bdc5ce2520565fdced5f748f2 Mon Sep 17 00:00:00 2001 From: Jindrich Novy Date: Wed, 12 Feb 2025 12:30:23 +0100 Subject: [PATCH] podman-5.4.0-1.el10 - update to https://github.com/containers/podman/releases/tag/v5.4.0 - Related: RHEL-58990 Signed-off-by: Jindrich Novy --- podman.spec | 80 ++++++++++++++++++++++++++++++++++++++--------------- sources | 2 +- 2 files changed, 58 insertions(+), 24 deletions(-) diff --git a/podman.spec b/podman.spec index 7085a19..4b703a7 100644 --- a/podman.spec +++ b/podman.spec @@ -8,33 +8,27 @@ %endif %global import_path github.com/containers/podman -#%%global branch v5.2-rhel -%global commit0 85043bb1a3818102194afa82845cb63841067c9c +#%%global branch v5.4-rhel +%global commit0 f9f7d48b24b1ca4403f189caaeab1cb8ff4a9aa2 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) -# RHEL's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we -# set it separately here and do not depend on RHEL's go-[s]rpm-macros package -# until that's fixed. -# c9s bz: https://bugzilla.redhat.com/show_bug.cgi?id=2227328 -%if %{defined rhel} && 0%{?rhel} < 10 -%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; -%endif - %global gomodulesmode GO111MODULE=on -%if %{defined rhel} -# _user_tmpfiles.d currently undefined on rhel -%global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d -%endif - %if %{defined fedora} %define build_with_btrfs 1 +# qemu-system* isn't packageed for CentOS Stream / RHEL +%define qemu 1 %endif %if %{defined copr_username} %define copr_build 1 %endif +# Only RHEL and CentOS Stream rpms are built with fips-enabled go compiler +%if %{defined rhel} +%define fips_enabled 1 +%endif + %global container_base_path github.com/containers %global container_base_url https://%{container_base_path} @@ -45,6 +39,15 @@ # %%{name} %global git0 %{container_base_url}/%{name} +# podman-machine subpackage will be present only on these architectures +%global machine_arches x86_64 aarch64 + +%if %{defined copr_build} +%define build_origin Copr: %{?copr_username}/%{?copr_projectname} +%else +%define build_origin %{?packager} +%endif + Name: podman %if %{defined copr_build} Epoch: 102 @@ -57,7 +60,7 @@ Epoch: 6 # If that's what you're reading, Version must be 0, and will be updated by Packit for # copr and koji builds. # If you're reading this on dist-git, the version is automatically filled in by Packit. -Version: 5.3.2 +Version: 5.4.0 # The `AND` needs to be uppercase in the License for SPDX compatibility License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 Release: 1%{?dist} @@ -149,6 +152,7 @@ Requires: %{name} = %{epoch}:%{version}-%{release} %if %{defined fedora} Requires: bats %endif +Requires: attr Requires: jq Requires: skopeo Requires: nmap-ncat @@ -189,13 +193,24 @@ capabilities specified in user quadlets. It is a symlink to %{_bindir}/%{name} and execs into the `%{name}sh` container when `%{_bindir}/%{name}sh` is set as a login shell or set as os.Args[0]. -%ifarch x86_64 aarch64 +%ifarch %{machine_arches} %package machine Summary: Metapackage for setting up %{name} machine Requires: %{name} = %{epoch}:%{version}-%{release} Requires: gvisor-tap-vsock -Recommends: qemu +%if %{defined qemu} +%ifarch aarch64 +Requires: qemu-system-aarch64-core +%endif +%ifarch x86_64 +Requires: qemu-system-x86-core +%endif +%else +Requires: qemu-kvm +%endif +Requires: qemu-img Requires: virtiofsd +ExclusiveArch: x86_64 aarch64 %description machine This subpackage installs the dependencies for %{name} machine, for more see: @@ -239,6 +254,7 @@ export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" export GOPROXY=direct LDFLAGS="-X %{ld_libpod}/define.buildInfo=${SOURCE_DATE_EPOCH:-$(date +%s)} \ + -X \"%{ld_libpod}/define.buildOrigin=%{build_origin}\" \ -X %{ld_libpod}/config._installPrefix=%{_prefix} \ -X %{ld_libpod}/config._etcDir=%{_sysconfdir} \ -X %{ld_project}/pkg/systemd/quadlet._binDir=%{_bindir}" @@ -248,6 +264,14 @@ LDFLAGS="-X %{ld_libpod}/define.buildInfo=${SOURCE_DATE_EPOCH:-$(date +%s)} \ export BASEBUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)" +# libtrust_openssl buildtag switches to using the FIPS-compatible func +# `ecdsa.HashSign`. +# Ref 1: https://github.com/golang-fips/go/blob/main/patches/015-add-hash-sign-verify.patch#L22 +# Ref 2: https://github.com/containers/libtrust/blob/main/ec_key_openssl.go#L23 +%if %{defined fips_enabled} +export BASEBUILDTAGS="$BASEBUILDTAGS libtrust_openssl" +%endif + # build %%{name} export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh)" %gobuild -o bin/%{name} ./cmd/%{name} @@ -281,8 +305,8 @@ PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} ETCDI install.remote \ install.testing -# Only need this on Fedora until nftables becomes the default -%if %{defined fedora} +# See above for the iptables.conf declaration +%if %{defined fedora} && 0%{?fedora} < 41 %{__make} DESTDIR=%{buildroot} MODULESLOADDIR=%{_modulesloaddir} install.modules-load %endif @@ -298,7 +322,7 @@ rm -f %{buildroot}%{_mandir}/man5/docker*.5 install -d -p %{buildroot}%{_datadir}/%{name}/test/system cp -pav test/system %{buildroot}%{_datadir}/%{name}/test/ -%ifarch x86_64 aarch64 +%ifarch %{machine_arches} # symlink virtiofsd in %%{name} libexecdir for machine subpackage ln -s ../virtiofsd %{buildroot}%{_libexecdir}/%{name} %endif @@ -306,6 +330,9 @@ ln -s ../virtiofsd %{buildroot}%{_libexecdir}/%{name} #define license tag if not already defined %{!?_licensedir:%global license %doc} +# Include empty check to silence rpmlint warning +%check + %files -f %{name}.file-list %license LICENSE vendor/modules.txt %doc README.md CONTRIBUTING.md install.md transfer.md @@ -324,7 +351,10 @@ ln -s ../virtiofsd %{buildroot}%{_libexecdir}/%{name} %{_tmpfilesdir}/%{name}.conf %{_systemdgeneratordir}/%{name}-system-generator %{_systemdusergeneratordir}/%{name}-user-generator -%if %{defined fedora} +# iptables modules are only needed with iptables-legacy, +# as of f41 netavark will default to nftables so do not load unessary modules +# https://fedoraproject.org/wiki/Changes/NetavarkNftablesDefault +%if %{defined fedora} && 0%{?fedora} < 41 %{_modulesloaddir}/%{name}-iptables.conf %endif @@ -353,13 +383,17 @@ ln -s ../virtiofsd %{buildroot}%{_libexecdir}/%{name} %{_bindir}/%{name}sh %{_mandir}/man1/%{name}sh.1* -%ifarch x86_64 aarch64 +%ifarch %{machine_arches} %files machine %dir %{_libexecdir}/%{name} %{_libexecdir}/%{name}/virtiofsd %endif %changelog +* Wed Feb 12 2025 Jindrich Novy - 6:5.4.0-1 +- update to https://github.com/containers/podman/releases/tag/v5.4.0 +- Related: RHEL-58990 + * Wed Jan 22 2025 Jindrich Novy - 6:5.3.2-1 - update to https://github.com/containers/podman/releases/tag/v5.3.2 - Related: RHEL-58990 diff --git a/sources b/sources index 0a77d84..7d18c60 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (podman-5.3.2-85043bb.tar.gz) = 8d3d9663605921579bf4f243e38c71ecce15dd07bc63812fb81bdab778715f96e4dfb42c5fb896530be4e42c622e017e7e8e948a5e24030939d9ebaeab4aaa75 +SHA512 (podman-5.4.0-f9f7d48.tar.gz) = 44552281b586db588da2dc3af1b3c65ebd9ef25f815ee4061631d553aff41e4e5c622faf2f8f92c4d5f800d9d9d95ab0c5f4962f3608be57cac4a5d9479caef6