Merged update from upstream sources

This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/podman.git#3f2f50cda9c6dd6e86824f7b944944c20946fd6f
2020-11-05 22:53:01 +00:00 · 2020-11-05 22:53:01 +00:00 · d55c8d8f5a
commit d55c8d8f5a
parent 573f6a54b0
17 changed files with 2127 additions and 345 deletions
--- a/.gitignore
+++ b/.gitignore
--- a/gating.yaml
+++ b/gating.yaml
@ -1,7 +1,14 @@
-# recipients: jnovy, lsm5, santiago
 --- !Policy
 product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
+  - fedora-*
+decision_context: bodhi_update_push_stable
+subject_type: koji_build
 rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_testing
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
--- a/podman.spec
+++ b/podman.spec
@ -1,57 +1,72 @@
-%global with_debug 1
+%global with_devel 0
+%global with_bundled 1
 %global with_check 0
+%global with_unit_test 0

-%bcond_without varlink
-%global gogenerate go generate
+%if 0%{?fedora} || 0%{?centos} >= 8 || 0%{?rhel}
+#### DO NOT REMOVE - NEEDED FOR CENTOS
+%global with_debug 1
+%else
+%global with_debug 0
+%endif

 %if 0%{?with_debug}
 %global _find_debuginfo_dwz_opts %{nil}
 %global _dwz_low_mem_die_limit 0
 %else
-%global debug_package   %{nil}
+%global debug_package %{nil}
 %endif

-%if 0%{?rhel} > 7 && ! 0%{?fedora}
-%define gobuild(o:) \
-go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
-%else
 %if ! 0%{?gobuild:1}
 %define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**};
 %endif
-%endif
+%define gogenerate go generate

 %global provider github
 %global provider_tld com
 %global project containers
-%global repo podman
-# https://github.com/containers/libpod
-%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
-%global import_path %{provider_prefix}
-%global git0 https://%{provider}.%{provider_tld}/%{project}/%{repo}
-#%%global branch v2.1.1-rhel
-%global commit0 9f6d6ba0b314d86521b66183c9ce48eaa2da1de2
+%global repo %{name}
+# https://github.com/containers/%%{name}
+%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
+%global git0 https://%{import_path}
+# To build a random user's fork/commit, comment out above line,
+# uncomment below line and replace the placeholders and commit0 below with the right info
+#%%global git0 https://github.com/$GITHUB_USER/$GITHUB_USER_REPO
+%global commit0 287edd4e214f09a695ceb074c14f8b72f6695e1f
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
-%global cataver 0.1.5
-%global dnsnamever 1.0.0
+
+%global repo_plugins dnsname
+# https://github.com/containers/dnsname
+%global import_path_plugins %%{provider}.%{provider_tld}/%{project}/%{repo_plugins}
+%global git_plugins https://%{import_path_plugins}
+%global commit_plugins 8a6a8a4e1e609aaeb1f57f7e7a1c8523cd373040
+%global shortcommit_plugins %(c=%{commit_plugins}; echo ${c:0:7})
+
+# Used for comparing with latest upstream tag
+# to decide whether to autobuild (non-rawhide only)
+%define built_tag v2.1.1

 Name: podman
-Version: 2.1.1
-Release: 0.32.dev.git%{shortcommit0}%{?dist}
-Summary: Manage Pods, Containers and Container Images
-License: ASL 2.0 and GPLv3+
-URL: https://%{name}.io/
-%if 0%{?branch:1}
-Source0: %{git0}/tarball/%{commit0}/%{branch}-%{shortcommit}.tar.gz
+%if 0%{?fedora}
+Epoch: 2
 %else
-Source0: %{git0}/archive/%{commit0}/v%{version}.tar.gz
+Epoch: 0
 %endif
-Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz
-Source2: https://github.com/containers/dnsname/archive/v%{dnsnamever}.tar.gz
-# Build fails with: No matching package to install: 'golang >= 1.12.12-4' on i686
-ExcludeArch: i686
-Provides: %{name}-manpages = %{version}-%{release}
-Obsoletes: %{name}-manpages < %{version}-%{release}
-BuildRequires: golang >= 1.12.12-4
+Version: 2.2.0
+# RELEASE TAG SHOULD ALWAYS BEGIN WITH A NUMBER
+# N.foo if released, 0.N.foo if unreleased
+# Rawhide almost always ships unreleased builds,
+# so release tag should be of the form 0.N.foo
+Release: 0.38.dev.git%{shortcommit0}%{?dist}
+Summary: Manage Pods, Containers and Container Images
+License: ASL 2.0
+URL: https://%{name}.io/
+Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
+Source1: %{git_plugins}/archive/%{commit_plugins}/%{repo_plugins}-%{shortcommit_plugins}.tar.gz
+Provides: %{name}-manpages = %{epoch}:%{version}-%{release}
+Obsoletes: %{name}-manpages < %{epoch}:%{version}-%{release}
+# If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
+BuildRequires: golang
 BuildRequires: glib2-devel
 BuildRequires: glibc-devel
 BuildRequires: glibc-static
@ -62,32 +77,100 @@ BuildRequires: libassuan-devel
 BuildRequires: libgpg-error-devel
 BuildRequires: libseccomp-devel
 BuildRequires: libselinux-devel
-BuildRequires: ostree-devel
 BuildRequires: pkgconfig
 BuildRequires: make
 BuildRequires: systemd
 BuildRequires: systemd-devel
-# for catatonit
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: file
-BuildRequires: gcc
-BuildRequires: libtool
-Requires: containers-common >= 0.1.29-3
-Requires: containernetworking-plugins >= 0.8.1-1
+Requires: containers-common
+Requires: containernetworking-plugins >= 0.8.6-1
 Requires: iptables
 Requires: nftables
-Obsoletes: oci-systemd-hook < 1
-Requires: libseccomp >= 2.4.1
-Requires: conmon
-Requires: (container-selinux if selinux-policy)
-Requires: slirp4netns >= 0.4.0-1
-Requires: runc >= 1.0.0-57
-Requires: fuse-overlayfs
-%if %{with varlink}
-Requires: libvarlink
+Requires: conmon >= 2:2.0.16-1
+Requires: oci-runtime
+Recommends: %{name}-plugins = %{epoch}:%{version}-%{release}
+Obsoletes: oci-systemd-hook <= 0.2.0-3
+%if 0%{?fedora} && ! 0%{?rhel}
+BuildRequires: btrfs-progs-devel
 %endif
-Requires: %{name}-catatonit >= %{version}-%{release}
+%if 0%{?fedora} || 0%{?rhel}
+BuildRequires: ostree-devel
+Recommends: fuse-overlayfs >= 0.3-8
+Recommends: crun >= 0.14-2
+%endif
+%if 0%{?fedora} || 0%{?centos} >= 8 || 0%{?rhel}
+Recommends: catatonit
+Requires: (container-selinux if selinux-policy)
+Recommends: runc
+Recommends: slirp4netns >= 0.3.0-2
+%else
+Requires: catatonit
+Requires: container-selinux
+Requires: runc
+Requires: slirp4netns >= 0.3.0-2
+%endif
+
+# vendored libraries
+# awk '{print "Provides: bundled(golang("$1")) = "$2}' go.mod | sort
+Provides: bundled(golang(github.com/BurntSushi/toml)) = v0.3.1
+#Provides: bundled(golang(github.com/blang/semver)) = v3.5.1+incompatible
+#Provides: bundled(golang(github.com/buger/goterm)) = v0.0.0-20181115115552-c206103e1f37
+#Provides: bundled(golang(github.com/checkpoint-restore/go-criu)) = v0.0.0-20190109184317-bdb7599cd87b
+#Provides: bundled(golang(github.com/codahale/hdrhistogram)) = v0.0.0-20161010025455-3a0bb77429bd
+Provides: bundled(golang(github.com/containernetworking/cni)) = v0.8.0
+Provides: bundled(golang(github.com/containernetworking/plugins)) = v0.8.7
+#Provides: bundled(golang(github.com/containers/buildah)) = v1.15.1-0.20200813183340-0a8dc1f8064c
+#Provides: bundled(golang(github.com/containers/common)) = v0.20.3-0.20200827091701-a550d6a98aa3
+#Provides: bundled(golang(github.com/containers/conmon)) = v2.0.20+incompatible
+Provides: bundled(golang(github.com/containers/image/v5)) = v5.5.2
+Provides: bundled(golang(github.com/containers/psgo)) = v1.5.1
+Provides: bundled(golang(github.com/containers/storage)) = v1.23.2
+Provides: bundled(golang(github.com/coreos/go-systemd/v22)) = v22.1.0
+Provides: bundled(golang(github.com/cri-o/ocicni)) = v0.2.0
+Provides: bundled(golang(github.com/cyphar/filepath-securejoin)) = v0.2.2
+Provides: bundled(golang(github.com/davecgh/go-spew)) = v1.1.1
+Provides: bundled(golang(github.com/docker/distribution)) = v2.7.1+incompatible
+#Provides: bundled(golang(github.com/docker/docker)) = v1.4.2-0.20191219165747-a9416c67da9f
+Provides: bundled(golang(github.com/docker/go-connections)) = v0.4.0
+Provides: bundled(golang(github.com/docker/go-units)) = v0.4.0
+Provides: bundled(golang(github.com/fsnotify/fsnotify)) = v1.4.9
+Provides: bundled(golang(github.com/ghodss/yaml)) = v1.0.0
+Provides: bundled(golang(github.com/godbus/dbus/v5)) = v5.0.3
+#Provides: bundled(golang(github.com/google/shlex)) = v0.0.0-20181106134648-c34317bd91bf
+Provides: bundled(golang(github.com/google/uuid)) = v1.1.2
+Provides: bundled(golang(github.com/gorilla/mux)) = v1.7.4
+Provides: bundled(golang(github.com/gorilla/schema)) = v1.2.0
+Provides: bundled(golang(github.com/hashicorp/go-multierror)) = v1.1.0
+Provides: bundled(golang(github.com/hpcloud/tail)) = v1.0.0
+Provides: bundled(golang(github.com/json-iterator/go)) = v1.1.10
+#Provides: bundled(golang(github.com/mrunalp/fileutils)) = v0.0.0-20171103030105-7d4729fb3618
+Provides: bundled(golang(github.com/onsi/ginkgo)) = v1.14.0
+Provides: bundled(golang(github.com/onsi/gomega)) = v1.10.1
+Provides: bundled(golang(github.com/opencontainers/go-digest)) = v1.0.0
+#Provides: bundled(golang(github.com/opencontainers/image-spec)) = v1.0.2-0.20190823105129-775207bd45b6
+#Provides: bundled(golang(github.com/opencontainers/runc)) = v1.0.0-rc91.0.20200708210054-ce54a9d4d79b
+#Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.3-0.20200817204227-f9c09b4ea1df
+Provides: bundled(golang(github.com/opencontainers/runtime-tools)) = v0.9.0
+Provides: bundled(golang(github.com/opencontainers/selinux)) = v1.6.0
+Provides: bundled(golang(github.com/opentracing/opentracing-go)) = v1.2.0
+Provides: bundled(golang(github.com/pkg/errors)) = v0.9.1
+Provides: bundled(golang(github.com/pmezard/go-difflib)) = v1.0.0
+Provides: bundled(golang(github.com/rootless-containers/rootlesskit)) = v0.10.0
+Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.6.0
+Provides: bundled(golang(github.com/spf13/cobra)) = v0.0.7
+Provides: bundled(golang(github.com/spf13/pflag)) = v1.0.5
+Provides: bundled(golang(github.com/stretchr/testify)) = v1.6.1
+#Provides: bundled(golang(github.com/syndtr/gocapability)) = v0.0.0-20180916011248-d98352740cb2
+Provides: bundled(golang(github.com/uber/jaeger-client-go)) = v2.25.0+incompatible
+Provides: bundled(golang(github.com/uber/jaeger-lib)) = v2.2.0+incompatible
+#Provides: bundled(golang(github.com/varlink/go)) = v0.0.0-20190502142041-0f1d566d194b
+Provides: bundled(golang(github.com/vishvananda/netlink)) = v1.1.0
+Provides: bundled(golang(go.etcd.io/bbolt)) = v1.3.5
+#Provides: bundled(golang(golang.org/x/crypto)) = v0.0.0-20200622213623-75b288015ac9
+#Provides: bundled(golang(golang.org/x/net)) = v0.0.0-20200707034311-ab3426394381
+#Provides: bundled(golang(golang.org/x/sync)) = v0.0.0-20200317015054-43a5402ce75a
+#Provides: bundled(golang(golang.org/x/sys)) = v0.0.0-20200728102440-3e129f6d46b1
+Provides: bundled(golang(k8s.io/api)) = v0.18.8
+Provides: bundled(golang(k8s.io/apimachinery)) = v0.19.0

 %description
 %{name} (Pod Manager) is a fully featured container engine that is a simple
@ -107,15 +190,198 @@ manipulate images (but not containers) created by the other.
 %package docker
 Summary: Emulate Docker CLI using %{name}
 BuildArch: noarch
-Requires: %{name} = %{version}-%{release}
-Provides: docker = %{version}-%{release}
+Requires: %{name} = %{epoch}:%{version}-%{release}
+Conflicts: docker
+Conflicts: docker-latest
+Conflicts: docker-ce
+Conflicts: docker-ee
+Conflicts: moby-engine

 %description docker
 This package installs a script named docker that emulates the Docker CLI by
 executes %{name} commands, it also creates links between all Docker CLI man
 pages and %{name}.

-%if %{with varlink}
+%if 0%{?with_devel}
+%package devel
+Summary: Library for applications looking to use Container Pods
+BuildArch: noarch
+Provides: libpod-devel = %{epoch}:%{version}-%{release}
+
+%if 0%{?with_check} && ! 0%{?with_bundled}
+BuildRequires: golang(github.com/BurntSushi/toml)
+BuildRequires: golang(github.com/containerd/cgroups)
+BuildRequires: golang(github.com/containernetworking/plugins/pkg/ns)
+BuildRequires: golang(github.com/containers/image/copy)
+BuildRequires: golang(github.com/containers/image/directory)
+BuildRequires: golang(github.com/containers/image/docker)
+BuildRequires: golang(github.com/containers/image/docker/archive)
+BuildRequires: golang(github.com/containers/image/docker/reference)
+BuildRequires: golang(github.com/containers/image/docker/tarfile)
+BuildRequires: golang(github.com/containers/image/image)
+BuildRequires: golang(github.com/containers/image/oci/archive)
+BuildRequires: golang(github.com/containers/image/pkg/strslice)
+BuildRequires: golang(github.com/containers/image/pkg/sysregistries)
+BuildRequires: golang(github.com/containers/image/signature)
+BuildRequires: golang(github.com/containers/image/storage)
+BuildRequires: golang(github.com/containers/image/tarball)
+BuildRequires: golang(github.com/containers/image/transports/alltransports)
+BuildRequires: golang(github.com/containers/image/types)
+BuildRequires: golang(github.com/containers/storage)
+BuildRequires: golang(github.com/containers/storage/pkg/archive)
+BuildRequires: golang(github.com/containers/storage/pkg/idtools)
+BuildRequires: golang(github.com/containers/storage/pkg/reexec)
+BuildRequires: golang(github.com/coreos/go-systemd/dbus)
+BuildRequires: golang(github.com/cri-o/ocicni/pkg/ocicni)
+BuildRequires: golang(github.com/docker/distribution/reference)
+BuildRequires: golang(github.com/docker/docker/daemon/caps)
+BuildRequires: golang(github.com/docker/docker/pkg/mount)
+BuildRequires: golang(github.com/docker/docker/pkg/namesgenerator)
+BuildRequires: golang(github.com/docker/docker/pkg/stringid)
+BuildRequires: golang(github.com/docker/docker/pkg/system)
+BuildRequires: golang(github.com/docker/docker/pkg/term)
+BuildRequires: golang(github.com/docker/docker/pkg/truncindex)
+BuildRequires: golang(github.com/ghodss/yaml)
+BuildRequires: golang(github.com/godbus/dbus)
+BuildRequires: golang(github.com/mattn/go-sqlite3)
+BuildRequires: golang(github.com/mrunalp/fileutils)
+BuildRequires: golang(github.com/opencontainers/go-digest)
+BuildRequires: golang(github.com/opencontainers/image-spec/specs-go/v1)
+BuildRequires: golang(github.com/opencontainers/runc/libcontainer)
+BuildRequires: golang(github.com/opencontainers/runtime-spec/specs-go)
+BuildRequires: golang(github.com/opencontainers/runtime-tools/generate)
+BuildRequires: golang(github.com/opencontainers/selinux/go-selinux)
+BuildRequires: golang(github.com/opencontainers/selinux/go-selinux/label)
+BuildRequires: golang(github.com/pkg/errors)
+BuildRequires: golang(github.com/sirupsen/logrus)
+BuildRequires: golang(github.com/ulule/deepcopier)
+BuildRequires: golang(golang.org/x/crypto/ssh/terminal)
+BuildRequires: golang(golang.org/x/sys/unix)
+BuildRequires: golang(k8s.io/apimachinery/pkg/util/wait)
+BuildRequires: golang(k8s.io/client-go/tools/remotecommand)
+BuildRequires: golang(k8s.io/kubernetes/pkg/kubelet/container)
+%endif
+
+Requires: golang(github.com/BurntSushi/toml)
+Requires: golang(github.com/containerd/cgroups)
+Requires: golang(github.com/containernetworking/plugins/pkg/ns)
+Requires: golang(github.com/containers/image/copy)
+Requires: golang(github.com/containers/image/directory)
+Requires: golang(github.com/containers/image/docker)
+Requires: golang(github.com/containers/image/docker/archive)
+Requires: golang(github.com/containers/image/docker/reference)
+Requires: golang(github.com/containers/image/docker/tarfile)
+Requires: golang(github.com/containers/image/image)
+Requires: golang(github.com/containers/image/oci/archive)
+Requires: golang(github.com/containers/image/pkg/strslice)
+Requires: golang(github.com/containers/image/pkg/sysregistries)
+Requires: golang(github.com/containers/image/signature)
+Requires: golang(github.com/containers/image/storage)
+Requires: golang(github.com/containers/image/tarball)
+Requires: golang(github.com/containers/image/transports/alltransports)
+Requires: golang(github.com/containers/image/types)
+Requires: golang(github.com/containers/storage)
+Requires: golang(github.com/containers/storage/pkg/archive)
+Requires: golang(github.com/containers/storage/pkg/idtools)
+Requires: golang(github.com/containers/storage/pkg/reexec)
+Requires: golang(github.com/coreos/go-systemd/dbus)
+Requires: golang(github.com/cri-o/ocicni/pkg/ocicni)
+Requires: golang(github.com/docker/distribution/reference)
+Requires: golang(github.com/docker/docker/daemon/caps)
+Requires: golang(github.com/docker/docker/pkg/mount)
+Requires: golang(github.com/docker/docker/pkg/namesgenerator)
+Requires: golang(github.com/docker/docker/pkg/stringid)
+Requires: golang(github.com/docker/docker/pkg/system)
+Requires: golang(github.com/docker/docker/pkg/term)
+Requires: golang(github.com/docker/docker/pkg/truncindex)
+Requires: golang(github.com/ghodss/yaml)
+Requires: golang(github.com/godbus/dbus)
+Requires: golang(github.com/mattn/go-sqlite3)
+Requires: golang(github.com/mrunalp/fileutils)
+Requires: golang(github.com/opencontainers/go-digest)
+Requires: golang(github.com/opencontainers/image-spec/specs-go/v1)
+Requires: golang(github.com/opencontainers/runc/libcontainer)
+Requires: golang(github.com/opencontainers/runtime-spec/specs-go)
+Requires: golang(github.com/opencontainers/runtime-tools/generate)
+Requires: golang(github.com/opencontainers/selinux/go-selinux)
+Requires: golang(github.com/opencontainers/selinux/go-selinux/label)
+Requires: golang(github.com/pkg/errors)
+Requires: golang(github.com/sirupsen/logrus)
+Requires: golang(github.com/ulule/deepcopier)
+Requires: golang(golang.org/x/crypto/ssh/terminal)
+Requires: golang(golang.org/x/sys/unix)
+Requires: golang(k8s.io/apimachinery/pkg/util/wait)
+Requires: golang(k8s.io/client-go/tools/remotecommand)
+Requires: golang(k8s.io/kubernetes/pkg/kubelet/container)
+
+Provides: golang(%{import_path}/cmd/%{name}/docker) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/cmd/%{name}/formats) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/libkpod) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/%{name}) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/%{name}/common) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/%{name}/driver) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/%{name}/layers) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/pkg/annotations) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/pkg/chrootuser) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/pkg/registrar) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/pkg/storage) = %{epoch}:%{version}-%{release}
+Provides: golang(%{import_path}/utils) = %{epoch}:%{version}-%{release}
+
+%description devel
+%{summary}
+
+This package contains library source intended for
+building other packages which use import path with
+%{import_path} prefix.
+%endif
+
+%if 0%{?with_unit_test} && 0%{?with_devel}
+%package unit-test-devel
+Summary:         Unit tests for %{name} package
+%if 0%{?with_check}
+#Here comes all BuildRequires: PACKAGE the unit tests
+#in %%check section need for running
+%endif
+
+# test subpackage tests code from devel subpackage
+Requires: %{name}-devel = %{epoch}:%{version}-%{release}
+
+%if 0%{?with_check} && ! 0%{?with_bundled}
+BuildRequires: golang(github.com/stretchr/testify/assert)
+BuildRequires: golang(github.com/urfave/cli)
+%endif
+
+Requires: golang(github.com/stretchr/testify/assert)
+Requires: golang(github.com/urfave/cli)
+
+%description unit-test-devel
+%{summary}
+%{repo} provides a library for applications looking to use the
+Container Pod concept popularized by Kubernetes.
+
+This package contains unit tests for project
+providing packages with %{import_path} prefix.
+%endif
+
+%if 0%{?fedora} || 0%{?rhel}
+%package tests
+Summary: Tests for %{name}
+
+Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: bats
+Requires: jq
+Requires: skopeo
+Requires: nmap-ncat
+Requires: httpd-tools
+Requires: openssl
+Requires: socat
+Requires: buildah
+
+%description tests
+%{summary}
+
+This package contains system tests for %{name}
+
 %package remote
 Summary: (Experimental) Remote client for managing %{name} containers

@ -125,25 +391,11 @@ Remote client for managing %{name} containers.
 This experimental remote client is under heavy development. Please do not
 run %{name}-remote in production.

-%{name}-remote uses the varlink connection to connect to a %{name} client to
+%{name}-remote uses the version 2 API to connect to a %{name} client to
 manage pods, containers and container images. %{name}-remote supports ssh
 connections as well.
 %endif

-%package catatonit
-Summary: A signal-forwarding process manager for containers
-Requires: %{name} = %{version}-%{release}
-
-%description catatonit
-Catatonit is a /sbin/init program for use within containers. It
-forwards (almost) all signals to the spawned child, tears down
-the container when the spawned child exits, and otherwise
-cleans up other exited processes (zombies).
-
-This is a reimplementation of other container init programs (such as
-"tini" or "dumb-init"), but uses modern Linux facilities (such as
-signalfd(2)) and has no additional features.
-
 %package plugins
 Summary: Plugins for %{name}
 Requires: dnsmasq
@ -156,36 +408,15 @@ that dnsmasq will read in.  Similarly, when a pod
 is removed from the network, it will remove the entry from the hosts
 file.  Each CNI network will have its own dnsmasq instance.

-%package tests
-Summary: Tests for %{name}
-Requires: %{name} = %{version}-%{release}
-#Requires: bats  (which RHEL8 doesn't have. If it ever does, un-comment this)
-Requires: nmap-ncat
-Requires: jq
-
-%description tests
-%{summary}
-
-This package contains system tests for %{name}
-
 %prep
-%if 0%{?branch:1}
-%autosetup -Sgit -n %{project}-%{name}-%{shortcommit0}
-%else
 %autosetup -Sgit -n %{name}-%{commit0}
-%endif
-tar fx %{SOURCE1}
-tar fx %{SOURCE2}

-mv pkg/hooks/README.md pkg/hooks/README-hooks.md
-
-# this is shipped by skopeo: containers-common subpackage
-rm -rf docs/source/markdown/containers-mounts.conf.5.md
+# untar dnsname
+tar zxf %{SOURCE1}

 %build
 export GO111MODULE=off
-export GOPATH=$(pwd):$(pwd)/_build
-export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
+export GOPATH=$(pwd)/_build:$(pwd)

 mkdir _build
 pushd _build
@ -194,97 +425,113 @@ ln -s ../../../../ src/%{import_path}
 popd
 ln -s vendor src

-rm -rf vendor/github.com/containers/storage/drivers/register/register_btrfs.go
-%if %{with varlink}
-%gogenerate ./pkg/varlink/...
+# build %%{name}
+export BUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) $(hack/selinux_tag.sh) $(hack/systemd_tag.sh)"
+%if 0%{?centos}
+export BUILDTAGS+=" containers_image_ostree_stub"
 %endif

-# build %%{name}
-export BUILDTAGS="systemd selinux seccomp btrfs_noversion exclude_graphdriver_devicemapper $(hack/libdm_tag.sh)"
-%if %{with varlink}
-export BUILDTAGS+=" varlink"
-%endif
 # build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here?
 LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)"
+
 %gobuild -o bin/%{name} %{import_path}/cmd/%{name}

 # build %%{name}-remote
-export BUILDTAGS="remote $BUILDTAGS"
+export BUILDTAGS+=" exclude_graphdriver_btrfs btrfs_noversion remote"
 %gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name}

-%{__make} docs
-
-# build catatonit
-unset LDFLAGS
-pushd catatonit-%{cataver}
-autoreconf -fi
-%configure
-%{__make} %{?_smp_mflags}
-# Make sure we *always* build a static binary for catatonit. Otherwise we'll break containers
-# that don't have the necessary shared libs.
-file catatonit | grep 'statically linked'
-if [ $? != 0 ]; then
-   echo "ERROR: catatonit binary must be statically linked!"
-   exit 1
-fi
-popd
-
-# build dnsname plugin
-unset LDFLAGS
-pushd dnsname-%{dnsnamever}
+pushd dnsname-%{commit_plugins}
 mkdir _build
 pushd _build
 mkdir -p src/%{provider}.%{provider_tld}/%{project}
-ln -s ../../../../ src/github.com/containers/dnsname
+ln -s ../../../../ src/%{import_path_plugins}
 popd
 ln -s vendor src
 export GOPATH=$(pwd)/_build:$(pwd)
-%gobuild -o bin/dnsname github.com/containers/dnsname/plugins/meta/dnsname
+%gobuild -o bin/dnsname %{import_path_plugins}/plugins/meta/dnsname
 popd

+%{__make} docs
+
 %install
+rm -rf docs/containers-mounts.conf.5.md
+
 install -dp %{buildroot}%{_unitdir}
-install -dp %{buildroot}%{_userunitdir}
-install -dp %{buildroot}%{_tmpfilesdir}
-PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} \
-        ETCDIR=%{buildroot}%{_sysconfdir} \
-%if %{with varlink}
-        BUILDTAGS="varlink" \
-%endif
+PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \
        install.bin-nobuild \
-        install.remote-nobuild \
        install.man-nobuild \
        install.cni \
        install.systemd \
        install.completions \
-        install.docker
+        install.docker \
+%if 0%{?fedora} || 0%{?rhel}
+        install.remote-nobuild \
+%endif

-# install test scripts, but not the internal helpers.t meta-test
-ln -s ./ ./vendor/src # ./vendor/src -> ./vendor
-install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
-cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
-rm -f               %{buildroot}/%{_datadir}/%{name}/test/system/*.t
+mv pkg/hooks/README.md pkg/hooks/README-hooks.md
+
+# install plugins
+pushd dnsname-%{commit_plugins}
+%{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
+popd

 # do not include docker and podman-remote man pages in main package
 for file in `find %{buildroot}%{_mandir}/man[15] -type f | sed "s,%{buildroot},," | grep -v -e remote -e docker`; do
    echo "$file*" >> podman.file-list
 done

-# install catatonit
-install -dp %{buildroot}%{_libexecdir}/catatonit
-install -p catatonit-%{cataver}/catatonit %{buildroot}%{_libexecdir}/catatonit
-install -dp %{buildroot}%{_libexecdir}/podman
-install -dp %{buildroot}%{_datadir}/licenses/podman-catatonit
-install -p catatonit-%{cataver}/COPYING %{buildroot}%{_datadir}/licenses/podman-catatonit/COPYING
-ln -s %{_libexecdir}/catatonit/catatonit %{buildroot}%{_libexecdir}/podman/catatonit
+# do not install remote manpages on centos7
+%if 0%{?centos} && 0%{?centos} < 8
+rm -rf %{buildroot}%{_mandir}/man1/docker-remote.1
+rm -rf %{buildroot}%{_mandir}/man1/%{name}-remote.1
+rm -rf %{buildroot}%{_mandir}/man5/%{name}-remote.conf.5
+%endif

-# install dnsname plugin
-pushd dnsname-%{dnsnamever}
-%{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
-popd
+# source codes for building projects
+%if 0%{?with_devel}
+install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
+
+echo "%%dir %%{gopath}/src/%%{import_path}/." >> devel.file-list
+# find all *.go but no *_test.go files and generate devel.file-list
+for file in $(find . \( -iname "*.go" -or -iname "*.s" \) \! -iname "*_test.go" | grep -v "vendor") ; do
+    dirprefix=$(dirname $file)
+    install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$dirprefix
+    cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
+    echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list
+
+    while [ "$dirprefix" != "." ]; do
+        echo "%%dir %%{gopath}/src/%%{import_path}/$dirprefix" >> devel.file-list
+        dirprefix=$(dirname $dirprefix)
+    done
+done
+%endif
+
+# testing files for this project
+%if 0%{?with_unit_test} && 0%{?with_devel}
+install -d -p %{buildroot}/%{gopath}/src/%{import_path}/
+# find all *_test.go files and generate unit-test-devel.file-list
+for file in $(find . -iname "*_test.go" | grep -v "vendor") ; do
+    dirprefix=$(dirname $file)
+    install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$dirprefix
+    cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file
+    echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test-devel.file-list
+
+    while [ "$dirprefix" != "." ]; do
+        echo "%%dir %%{gopath}/src/%%{import_path}/$dirprefix" >> devel.file-list
+        dirprefix=$(dirname $dirprefix)
+    done
+done
+%endif
+
+%if 0%{?with_devel}
+sort -u -o devel.file-list devel.file-list
+%endif

 %check
-%if 0%{?with_check}
+%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel}
+%if ! 0%{?with_bundled}
+export GOPATH=%{buildroot}/%{gopath}:%{gopath}
+%else
 # Since we aren't packaging up the vendor directory we need to link
 # back to it somehow. Hack it up so that we can add the vendor
 # directory from BUILD dir as a gopath to be searched when executing
@ -292,6 +539,7 @@ popd
 ln -s ./ ./vendor/src # ./vendor/src -> ./vendor

 export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
+%endif

 %if ! 0%{?gotest:1}
 %global gotest go test
@ -303,6 +551,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %gotest %{import_path}/pkg/registrar
 %endif

+install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
+cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
+
 %triggerpostun -- %{name} < 1.1
 %{_bindir}/%{name} system renumber
 exit 0
@ -310,7 +561,7 @@ exit 0
 #define license tag if not already defined
 %{!?_licensedir:%global license %doc}

-%files -f podman.file-list
+%files -f %{name}.file-list
 %license LICENSE
 %doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md transfer.md
 %{_bindir}/%{name}
@ -319,51 +570,73 @@ exit 0
 %dir %{_datadir}/zsh/site-functions
 %{_datadir}/zsh/site-functions/_%{name}
 %config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist
-%{_unitdir}/%{name}.service
-%{_unitdir}/%{name}.socket
 %{_unitdir}/%{name}-auto-update.service
 %{_unitdir}/%{name}-auto-update.timer
-%{_userunitdir}/%{name}.service
-%{_userunitdir}/%{name}.socket
+%{_unitdir}/%{name}.service
+%{_unitdir}/%{name}.socket
 %{_userunitdir}/%{name}-auto-update.service
 %{_userunitdir}/%{name}-auto-update.timer
-%if %{with varlink}
-%{_unitdir}/io.%{name}.service
-%{_unitdir}/io.%{name}.socket
-%{_userunitdir}/io.%{name}.service
-%{_userunitdir}/io.%{name}.socket
-%{_tmpfilesdir}/%{name}.conf
-%endif
+%{_userunitdir}/%{name}.service
+%{_userunitdir}/%{name}.socket

 %files docker
 %{_bindir}/docker
 %{_mandir}/man1/docker*.1*
 %{_usr}/lib/tmpfiles.d/%{name}-docker.conf

+%if 0%{?with_devel}
+%files -n libpod-devel -f devel.file-list
+%license LICENSE
+%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md transfer.md
+%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project}
+%endif
+
+%if 0%{?with_unit_test} && 0%{?with_devel}
+%files unit-test-devel -f unit-test-devel.file-list
+%license LICENSE
+%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md transfer.md
+%endif
+
+#### DO NOT REMOVE - NEEDED FOR CENTOS
+%if 0%{?fedora} || 0%{?rhel}
 %files remote
+%license LICENSE
 %{_bindir}/%{name}-remote
-%{_mandir}/man1/%{name}-remote*.1*
-
-%files catatonit
-%license COPYING
-%doc README.md
-%dir %{_libexecdir}/catatonit
-%{_libexecdir}/catatonit/catatonit
-%dir %{_libexecdir}/podman
-%{_libexecdir}/podman/catatonit
-
-%files plugins
-%license dnsname-%{dnsnamever}/LICENSE
-%doc dnsname-%{dnsnamever}/{README.md,README_PODMAN.md}
-%{_libexecdir}/cni/dnsname
+%{_mandir}/man1/%{name}-remote*.*
+#%%{_datadir}/man/man5/%%{name}-remote*.*

 %files tests
 %license LICENSE
 %{_datadir}/%{name}/test
+%endif

+%files plugins
+%license dnsname-%{commit_plugins}/LICENSE
+%doc dnsname-%{commit_plugins}/{README.md,README_PODMAN.md}
+%{_libexecdir}/cni/dnsname
+
+# rhcontainerbot account currently managed by lsm5
 %changelog
-* Thu Oct 29 2020 Jindrich Novy <jnovy@redhat.com> - 2.1.1-0.32.dev.git9f6d6ba
- synchronize with stream-container-tools-rhel8
+* Wed Oct 21 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.2.0-0.38.dev.git287edd4
+- autobuilt 287edd4
+
+* Tue Oct 20 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.2.0-0.37.dev.git35b4cb1
+- autobuilt 35b4cb1
+
+* Mon Oct 19 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.2.0-0.36.dev.git7ffcab0
+- autobuilt 7ffcab0
+
+* Sun Oct 18 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.2.0-0.35.dev.git6ec96dc
+- autobuilt 6ec96dc
+
+* Sat Oct 17 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.2.0-0.34.dev.git39f1bea
+- autobuilt 39f1bea
+
+* Fri Oct 16 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.2.0-0.33.dev.git9f98b34
+- autobuilt 9f98b34
+
+* Thu Oct 15 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.2.0-0.32.dev.gita82d60d
+- autobuilt a82d60d

 * Wed Oct 14 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.2.0-0.31.dev.gitd30b4b7
 - autobuilt d30b4b7
--- a/5
+++ b/5
@ -1,3 +1,2 @@
-3430bd8ad460696469401d72ecae79b3  v0.1.5.tar.gz
-d6488b5f476d43fef373719088077deb  v1.0.0.tar.gz
-863a5a5407168d2b44ddc34214db3b7f  v2.1.1.tar.gz
+SHA512 (dnsname-8a6a8a4.tar.gz) = 7ee1edd091264f804056c69d5eac0ef8e825cbdae268caeed12700c966724c57348a14aee509e9ab559be349025b0c5357f441c3b4e34c3c02568a51ae223401
+SHA512 (podman-287edd4.tar.gz) = 509df8fbd803bd260de7c1a782a6d5153a3dcac9d77f60c08a1448b5e2b30561a7e16da2d3697dc85dd560b8168780c7d4a67f0b6733f890bde78924cde16866
--- a/tests/README
+++ b/tests/README
@ -0,0 +1,25 @@
+I'm sorry. The playbooks here are a much-too-complicated way of saying:
+
+   - test podman (root and rootless) under cgroups v2
+   - reboot into cgroups v1
+   - repeat the same podman tests
+
+We can't use standard-test-basic any more because, tl;dr, that has to
+be the last stanza in the playbook and it doesn't offer any mechanism
+for running a reboot in the middle of tests. (I actually found a way
+but it was even uglier than this approach).
+
+The starting point is tests.yml . From there:
+
+    tests.yml
+      \- test_podman.yml
+           |- roles/rootless_user_ready/
+           \- test_podman_cgroups_vn.yml    (runs twice: cgroups v2, v1)
+                |- roles/set_cgroups/
+                \- roles/run_bats_tests/    (runs tests: root, rootless)
+
+Principal result is the file 'artifacts/test.log'. It will contain
+one line for each test run, format will be '(PASS|FAIL|ERROR) <test name>'
+
+For each completed test there will also be a 'test.<name>.bats.log'
+containing some setup blurbs (RPMs, environment) and the full BATS log.
--- a/tests/check_results.yml
+++ b/tests/check_results.yml
@ -0,0 +1,36 @@
+---
+# Copied from standard-test-basic
+# ...and, 2020-05-13, updated, looks like they changed the whole thing around
+- name: Check the results
+  local_action:
+    module: shell
+    cmd: |
+      log="{{ artifacts }}/test.log"
+      if [ ! -f "$log" ]; then
+          echo ERROR
+          echo "Test results not found." 1>&2
+      elif grep ^ERROR "$log" 1>&2; then
+          echo ERROR
+      elif grep ^FAIL "$log" 1>&2; then
+          echo FAIL
+      elif grep -q ^PASS "$log"; then
+          echo PASS
+      else
+          echo ERROR
+          echo "No test results found." 1>&2
+      fi
+  register: test_results
+
+- name: Set role result
+  set_fact:
+    role_result: "{{ test_results.stdout }}"
+    role_message: "{{ test_results.stderr|d('test execution error.') }}"
+
+- name: display results
+  vars:
+    msg: |
+       role_result:  {{ role_result|d('Undefined') }}
+       {{ role_message|d('[No error messages found]') }}
+  debug:
+    msg: "{{ msg.split('\n') }}"
+  failed_when: role_message|d("") != ""
--- a/tests/roles/bats_installed/tasks/main.yml
+++ b/tests/roles/bats_installed/tasks/main.yml
@ -1,12 +0,0 @@
---
-# Sigh; RHEL8 doesn't have BATS
- name: bats | fetch and unpack tarball
-  unarchive:
-    src: https://github.com/bats-core/bats-core/archive/v1.1.0.tar.gz
-    dest: /root
-    remote_src: true
-
- name: bats | install
-  command: ./install.sh /usr/local
-  args:
-    chdir: /root/bats-core-1.1.0
--- a/tests/roles/nonroot_user/tasks/main.yml
+++ b/tests/roles/nonroot_user/tasks/main.yml
@ -1,7 +0,0 @@
---
- name: create nonroot user
-  user:
-    name: testuser
-    shell: /bin/bash
- name: enable linger
-  command: loginctl enable-linger testuser
--- a/tests/roles/rootless_user_ready/tasks/main.yml
+++ b/tests/roles/rootless_user_ready/tasks/main.yml
@ -0,0 +1,6 @@
+---
+- name: make sure rootless account exists
+  user: name={{ rootless_user }}
+
+- name: rootless account | enable linger
+  shell: loginctl enable-linger {{ rootless_user }}
--- a/tests/roles/run_bats_tests/files/helper.buildah-root.sh
+++ b/tests/roles/run_bats_tests/files/helper.buildah-root.sh
@ -1,38 +0,0 @@
-#!/bin/bash
-#
-# setup and teardown helpers for buildah test
-#
-
-function setup() {
-    REGISTRY_FQIN=docker.io/library/registry:2
-
-    AUTHDIR=/tmp/buildah-tests-auth.$$
-    mkdir -p $AUTHDIR
-
-    CERT=$AUTHDIR/domain.crt
-    if [ ! -e $CERT ]; then
-        openssl req -newkey rsa:4096 -nodes -sha256 \
-                -keyout $AUTHDIR/domain.key -x509 -days 2 \
-                -out $AUTHDIR/domain.crt \
-                -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"
-    fi
-
-    if [ ! -e $AUTHDIR/htpasswd ]; then
-        podman run --rm --entrypoint htpasswd $REGISTRY_FQIN \
-               -Bbn testuser testpassword > $AUTHDIR/htpasswd
-    fi
-
-    podman run -d -p 5000:5000 \
-           --name registry \
-           -v $AUTHDIR:/auth:Z \
-           -e "REGISTRY_AUTH=htpasswd" \
-           -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-           -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-           -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
-           -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
-           $REGISTRY_FQIN
-}
-
-function teardown() {
-    podman rm -f registry
-}
--- a/tests/roles/run_bats_tests/files/run_bats_tests.sh
+++ b/tests/roles/run_bats_tests/files/run_bats_tests.sh
@ -7,52 +7,46 @@
 # directory /usr/share/foo/test/system, containing one or more .bats
 # test files.
 #
-
+# We create two files:
+#
+#    /tmp/test.summary.log - one-liner with FAIL, PASS, ERROR and a blurb
+#    /tmp/test.bats.log    - full log of this script, plus the BATS run
+#
 export PATH=/usr/local/bin:/usr/sbin:/usr/bin

-FULL_LOG=/tmp/test.debug.log
-BATS_LOG=/tmp/test.bats.log
-rm -f $FULL_LOG $BATS_LOG
-touch $FULL_LOG $BATS_LOG
+FULL_LOG=/tmp/test.bats.log
+rm -f $FULL_LOG
+touch $FULL_LOG

-exec &> $FULL_LOG
+# Preserve output to a log file, but also emit on stdout. This covers
+# RHEL (which preserves logfiles but runs ansible without --verbose)
+# and Fedora (which hides logfiles but runs ansible --verbose).
+exec &> >(tee -a $FULL_LOG)

 # Log program versions
 echo "Packages:"
-rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests
+rpm -qa |\
+    egrep 'podman|conmon|crun|runc|iptable|slirp|systemd|container-selinux' |\
+    sort |\
+    sed -e 's/^/  /'

-echo "------------------------------"
+divider='------------------------------------------------------------------'
+echo $divider
 printenv | sort
+echo $divider

 testdir=/usr/share/${TEST_PACKAGE}/test/system

 if ! cd $testdir; then
-    echo "FAIL ${TEST_NAME} : cd $testdir"      >> /tmp/test.log
+    echo "FAIL ${TEST_NAME} : cd $testdir"      > /tmp/test.summary.log
    exit 0
 fi

-if [ -e /tmp/helper.sh ]; then
-    echo "------------------------------"
-    echo ". /tmp/helper.sh"
-    . /tmp/helper.sh
-fi
-
-if [ "$(type -t setup)" = "function" ]; then
-    echo "------------------------------"
-    echo "\$ setup"
-    setup
-    if [ $? -ne 0 ]; then
-        echo "FAIL ${TEST_NAME} : setup"       >> /tmp/test.log
-        exit 0
-    fi
-fi
-
-echo "------------------------------"
 echo "\$ bats ."
-bats . &> $BATS_LOG
+bats .
 rc=$?

-echo "------------------------------"
+echo $divider
 echo "bats completed with status $rc"

 status=PASS
@ -60,13 +54,7 @@ if [ $rc -ne 0 ]; then
    status=FAIL
 fi

-echo "${status} ${TEST_NAME}" >> /tmp/test.log
-
-if [ "$(type -t teardown)" = "function" ]; then
-    echo "------------------------------"
-    echo "\$ teardown"
-    teardown
-fi
+echo "${status} ${TEST_NAME}" > /tmp/test.summary.log

 # FIXME: for CI purposes, always exit 0. This allows subsequent tests.
 exit 0
--- a/tests/roles/run_bats_tests/tasks/main.yml
+++ b/tests/roles/run_bats_tests/tasks/main.yml
@ -8,30 +8,3 @@
  with_items: "{{ tests }}"
  loop_control:
    loop_var: test
-
- name: pull test.log results
-  fetch:
-    src: "/tmp/test.log"
-    dest: "{{ artifacts }}/test.log"
-    flat: yes
-
-# Copied from standard-test-basic
- name: check results
-  shell: grep "^FAIL" /tmp/test.log
-  register: test_fails
-  # Never fail at this step. Just store result of tests.
-  failed_when: False
-
- name: preserve results
-  set_fact:
-    role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}"
-    role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}"
-
- name: display results
-  vars:
-    msg: |
-       Tests failed: {{ role_result_failed|d('Undefined') }}
-       Tests msg: {{ role_result_msg|d('None') }}
-  debug:
-    msg: "{{ msg.split('\n') }}"
-  failed_when: "role_result_failed|bool"
--- a/tests/roles/run_bats_tests/tasks/run_one_test.yml
+++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml
@ -25,14 +25,17 @@
  copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh
  when: helper.stat.exists

+# This is what runs the BATS tests.
 - name: "{{ test.name }} | run test"
  script: ./run_bats_tests.sh
  args:
    chdir: /usr/share/{{ test.package }}/test/system
  become: "{{ true if test.become is defined else false }}"
-  become_user: testuser
+  become_user: "{{ rootless_user }}"
  environment: "{{ local_environment | combine(test.environment) }}"

+# BATS tests will always exit zero and should leave behind two files:
+# a full log (test.bats.log) and a one-line PASS/FAIL file (.summary.log)
 - name: "{{ test.name }} | pull logs"
  fetch:
    src: "/tmp/test.{{ item }}.log"
@ -40,7 +43,25 @@
    flat: yes
  with_items:
    - bats
-    - debug
+    - summary
+
+# Collect all the one-line PASS/FAIL results in one file, test.log
+# Write the same thing, in a different format, to results.yml
+#   https://docs.fedoraproject.org/en-US/ci/standard-test-interface/
+- name: "{{ test.name }} | keep running tally of test results"
+  local_action:
+    module: shell
+    cmd: |
+      cd {{ artifacts }}
+      cat "test.{{ test_name_oneword }}.summary.log" >>test.log
+
+      status=$(awk '{print $1}' <test.{{ test_name_oneword }}.summary.log | tr A-Z a-z)
+      echo "- test: {{ test.name }}"                        >>results.yml
+      echo "  result: $status"                              >>results.yml
+      echo "  logs: test.{{ test_name_oneword }}.bats.log"  >>results.yml
+
+      # delete the oneliner file, to keep artifacts dir clean
+      rm -f test.{{ test_name_oneword }}.summary.log

 - name: "{{ test.name }} | remove remote logs and helpers"
  file:
@ -48,5 +69,19 @@
    state=absent
  with_items:
    - test.bats.log
-    - test.debug.log
+    - test.summary.log
    - helper.sh
+
+# AAAAARGH!
+#
+# Fedora gating tests are failing, because str-common-final/tasks/main.yml
+# tries to pull test.log and other logs from $remote_host:/tmp/artifacts .
+# Those don't exist, because I track status and artifacts locally, because
+# with the reboot I can't rely on /tmp being preserved.
+# I see no way to tell str-common-final to skip this step; so let's just
+# push logs over upon completion of each subtest.
+- name: keep remote artifacts synced
+  synchronize:
+    src:  "{{ artifacts }}/"
+    dest: "{{ remote_artifacts|d('/tmp/artifacts') }}/"
+    mode: push
--- a/tests/roles/set_cgroups/tasks/main.yml
+++ b/tests/roles/set_cgroups/tasks/main.yml
@ -0,0 +1,75 @@
+---
+# Check the CURRENT cgroup level; we get this from /proc/cmdline
+- name: check current kernel options
+  shell: fgrep systemd.unified_cgroup_hierarchy=0 /proc/cmdline
+  register: result
+  ignore_errors: true
+
+- name: determine current cgroups | assume v2
+  set_fact: current_cgroups=2
+
+- name: determine current cgroups | looks like v1
+  set_fact: current_cgroups=1
+  when: result is succeeded
+
+- debug:
+    msg: "want: v{{ want_cgroups }}  actual: v{{ current_cgroups }}"
+
+- name: grubenv, pre-edit, cat
+  shell: cat /boot/grub2/grubenv
+  register: grubenv
+
+- name: grubenv, pre-edit, show
+  debug:
+    msg: "{{ grubenv.stdout_lines }}"
+
+# Update grubenv file to reflect the desired cgroup level
+- name: remove cgroup option from kernel flags
+  shell:
+    cmd: sed -i -e "s/^\(kernelopts=.*\)systemd\.unified_cgroup_hierarchy=.\(.*\)/\1 \2/" /boot/grub2/grubenv
+    warn: false
+
+- name: add it with the desired value
+  shell:
+    cmd: sed -i -e "s/^\(kernelopts=.*\)/\1 systemd.unified_cgroup_hierarchy=0/" /boot/grub2/grubenv
+    warn: false
+  when: want_cgroups == 1
+
+- name: grubenv, post-edit, cat
+  shell: cat /boot/grub2/grubenv
+  register: grubenv
+
+- name: grubenv, post-edit, show
+  debug:
+    msg: "post: {{ grubenv.stdout_lines }}"
+
+# If want != have, reboot
+- name: reboot and wait
+  block:
+    - name: reboot
+      reboot:
+        reboot_timeout: 900
+      ignore_errors: yes
+    - name: wait and reconnect
+      wait_for_connection:
+        timeout: 900
+  when: want_cgroups|int != current_cgroups|int
+
+- set_fact:
+    expected_fstype:
+      - none
+      - tmpfs
+      - cgroup2fs
+
+- name: confirm cgroups setting
+  shell: stat -f -c "%T" /sys/fs/cgroup
+  register: fstype
+
+- debug:
+    msg: "stat(/sys/fs/cgroup) = {{ fstype.stdout }}"
+
+- name: system cgroups is the expected type
+  assert:
+    that:
+      - fstype.stdout == expected_fstype[want_cgroups|int]
+    fail_msg: "stat(/sys/fs/cgroup) = {{ fstype.stdout }} (expected {{ expected_fstype[want_cgroups|int] }})"
--- a/tests/test_podman.yml
+++ b/tests/test_podman.yml
@ -0,0 +1,44 @@
+---
+- hosts: localhost
+  tags:
+    - classic
+    - container
+  vars:
+  - artifacts: ./artifacts
+    rootless_user: testuser
+  roles:
+  - role: rootless_user_ready
+
+  tasks:
+  # At the start of a run, clean up state. Useful for test reruns.
+  - name: local artifacts directory exists
+    local_action: file path="{{ artifacts }}" state=directory
+
+  - name: remove stale log files
+    local_action: shell rm -f {{ artifacts }}/test*.log
+
+  - name: clear test results (test.log)
+    local_action: command truncate --size=0 {{ artifacts }}/test.log
+
+  - name: clear test results (results.yml)
+    local_action: copy content="results:\n" dest={{ artifacts }}/results.yml
+
+  # These are the actual tests: set cgroups vN, then run root/rootless tests.
+  #
+  # FIXME FIXME FIXME: 2020-05-21: 'loop' should be '2, 1' but there's some
+  # nightmarish bug in CI wherein reboots hang forever. There's a bug open[1]
+  # but it seems dead. Without a working reboot, there's no way to test v1.
+  #  [1] https://redhat.service-now.com/surl.do?n=PNT0808530
+  # I'm leaving this as a 'loop' in (foolish? vain?) hope that the bug will
+  # be fixed. Let's revisit this after, say, 2020-08. If the bug persists
+  # then let's just revert the entire cgroups v1 change, and go back to
+  # using standard-test-basic.
+  - name: set cgroups and run podman tests
+    include_tasks: test_podman_cgroups_vn.yml
+    loop: [ 2 ]
+    loop_control:
+      loop_var: want_cgroups
+
+  # Postprocessing: check for FAIL or ERROR in any test, exit 1 if so
+  - name: check results
+    include_tasks: check_results.yml
--- a/tests/test_podman_cgroups_vn.yml
+++ b/tests/test_podman_cgroups_vn.yml
@ -0,0 +1,19 @@
+---
+# Requires: 'want_cgroups' variable set to 1 or 2
+- include_role:
+    name: set_cgroups
+- include_role:
+    name: run_bats_tests
+  vars:
+    tests:
+    # Yes, this is horrible duplication, but trying to refactor in ansible
+    # yields even more horrible unreadable code. This is the lesser evil.
+    - name: podman root cgroupsv{{ want_cgroups }}
+      package: podman
+      environment:
+        PODMAN: /usr/bin/podman
+    - name: podman rootless cgroupsv{{ want_cgroups }}
+      package: podman
+      environment:
+        PODMAN: /usr/bin/podman
+      become: true
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,36 +1 @@
---
- hosts: localhost
-  tags:  classic
-  vars:
-  - artifacts: ./artifacts
-  roles:
-  - role: bats_installed
-  - role: nonroot_user
-  - role: run_bats_tests
-    tests:
-    - name:    podman root
-      package: podman
-      environment:
-        PODMAN: /usr/bin/podman
-
-    - name:    podman nonroot
-      package: podman
-      environment:
-        PODMAN: /usr/bin/podman
-      become:  true
-
-      #- name:    podman-remote root
-      #package: podman
-      #environment:
-      #  PODMAN: /usr/bin/podman-remote
-
-    - name:    buildah root
-      package: buildah
-      environment:
-        BUILDAH_BINARY: /usr/bin/buildah
-        IMGTYPE_BINARY: /usr/bin/buildah-imgtype
-
-    - name:    skopeo root
-      package: skopeo
-      environment:
-        SKOPEO_BINARY: /usr/bin/skopeo
+- import_playbook: test_podman.yml