podman-4.4.1-8.el8

- use ldd directly to check for static link - avoid broken file utility
- Related: #2176055

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
Jindrich Novy 2023-03-08 12:09:21 +01:00
parent 3e7c9a28d6
commit f5cc89a29d
11 changed files with 23 additions and 258 deletions

11
.gitignore vendored
View File

@ -1,10 +1 @@
SOURCES/dnsname-18822f9.tar.gz
SOURCES/gvisor-tap-vsock-fdc231ae7b8fe1aec4cf0b8777274fa21b70d789.tar.gz
SOURCES/podman-machine-cni-0749884.tar.gz
SOURCES/v0.1.7.tar.gz
SOURCES/v4.3.1-rhel-d9a6336.tar.gz
/dnsname-18822f9.tar.gz
/gvisor-tap-vsock-fdc231ae7b8fe1aec4cf0b8777274fa21b70d789.tar.gz
/podman-machine-cni-0749884.tar.gz
/v0.1.7.tar.gz
/v4.3.1-rhel-d9a6336.tar.gz
/*.tar.gz

View File

@ -1,7 +0,0 @@
# recipients: jnovy, lsm5, santiago
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

View File

@ -7,23 +7,21 @@
GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
%global import_path github.com/containers/podman
%global branch v4.3.1-rhel
%global commit0 d9a633633d23649833438faf8f2ecf7ae2be27fd
%global branch v4.4.1-rhel
%global commit0 e1703bb7f47675964852173c465769bef9ef4e1b
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
%global cataver 0.1.7
#%%global dnsnamever 1.3.0
%global commit_dnsname 18822f9a4fb35d1349eb256f4cd2bfd372474d84
%global shortcommit_dnsname %(c=%{commit_dnsname}; echo ${c:0:7})
%global gvproxyrepo gvisor-tap-vsock
%global gvproxyver 0.4.0
%global commit_gvproxy fdc231ae7b8fe1aec4cf0b8777274fa21b70d789
%global commit_mcni 0749884b8d1a455c68da30789e37811ec0809d51
%global shortcommit_mcni %(c=%{commit_mcni}; echo ${c:0:7})
%global gvproxyver 0.5.0
%global commit_gvproxy aab0ac9367fc5142f5857c36ac2352bcb3c60ab7
Epoch: 3
Name: podman
Version: 4.3.1
Release: 2%{?dist}
Version: 4.4.1
Release: 8%{?dist}
Summary: Manage Pods, Containers and Container Images
License: ASL 2.0 and GPLv3+
URL: https://%{name}.io/
@ -35,7 +33,6 @@ Source0: https://%{import_path}/archive/%{commit0}/%{name}-%{version}-%{shortcom
Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz
#Source2: https://github.com/containers/dnsname/archive/v%%{dnsnamever}.tar.gz
Source2: https://github.com/containers/dnsname/archive/%{commit_dnsname}/dnsname-%{shortcommit_dnsname}.tar.gz
Source3: https://github.com/containers/%{name}-machine-cni/archive/%{commit_mcni}/%{name}-machine-cni-%{shortcommit_mcni}.tar.gz
Source4: https://github.com/containers/gvisor-tap-vsock/archive/%{commit_gvproxy}/gvisor-tap-vsock-%{commit_gvproxy}.tar.gz
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
ExclusiveArch: %{go_arches}
@ -62,7 +59,6 @@ BuildRequires: python3
# for catatonit
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: file
BuildRequires: gcc
BuildRequires: libtool
Requires: containers-common >= 2:1-27
@ -187,7 +183,6 @@ pushd catatonit-%{cataver}
sed -i '$d' configure.ac
popd
tar fx %{SOURCE2}
tar fx %{SOURCE3}
tar fx %{SOURCE4}
# this is shipped by skopeo: containers-common subpackage
@ -202,11 +197,13 @@ CFLAGS="%{optflags} -fPIE -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURC
%{__make} %{?_smp_mflags}
# Make sure we *always* build a static binary for catatonit. Otherwise we'll break containers
# that don't have the necessary shared libs.
file catatonit | grep 'statically linked'
if [ $? != 0 ]; then
set +e
/usr/bin/ldd catatonit
if [ $? != 1 ]; then
echo "ERROR: catatonit binary must be statically linked!"
exit 1
fi
set -e
popd
export GO111MODULE=off
@ -244,6 +241,9 @@ export BUILDTAGS="seccomp btrfs_noversion exclude_graphdriver_devicemapper exclu
export BUILDTAGS="remote $BUILDTAGS"
%gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name}
# build quadlet
%gobuild -o bin/quadlet %{import_path}/cmd/quadlet
%{__make} docs
# build dnsname plugin
@ -259,17 +259,6 @@ export GOPATH=$(pwd)/_build:$(pwd)
%gobuild -o bin/dnsname github.com/containers/dnsname/plugins/meta/dnsname
popd
pushd %{name}-machine-cni-%{commit_mcni}
mkdir _build
pushd _build
mkdir -p src/github.com/containers
ln -s ../../../../ src/github.com/containers/%{name}-machine-cni
popd
ln -s vendor src
export GOPATH=$(pwd)/_build:$(pwd)
%gobuild -o bin/%{name}-machine github.com/containers/%{name}-machine-cni/plugins/meta/%{name}-machine
popd
pushd gvisor-tap-vsock-%{commit_gvproxy}
mkdir _build
pushd _build
@ -314,11 +303,6 @@ pushd dnsname-%{commit_dnsname}
%{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
popd
# install machine-cni plugin
pushd %{name}-machine-cni-%{commit_mcni}
%{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
popd
# install gvproxy
pushd gvisor-tap-vsock-%{commit_gvproxy}
install -dp %{buildroot}%{_libexecdir}/%{name}
@ -365,6 +349,7 @@ fi
%license LICENSE
%doc README.md CONTRIBUTING.md install.md transfer.md
%{_bindir}/%{name}
%{_libexecdir}/%{name}/quadlet
%{_libexecdir}/%{name}/rootlessport
%{_datadir}/bash-completion/completions/%{name}
# By "owning" the site-functions dir, we don't need to Require zsh
@ -406,12 +391,13 @@ fi
%{_libexecdir}/catatonit/catatonit
%dir %{_libexecdir}/podman
%{_libexecdir}/podman/catatonit
%{_usr}/lib/systemd/system-generators/podman-system-generator
%{_usr}/lib/systemd/user-generators/podman-user-generator
%files plugins
%license dnsname-%{commit_dnsname}/LICENSE
%doc dnsname-%{commit_dnsname}/{README.md,README_PODMAN.md}
%{_libexecdir}/cni/dnsname
%{_libexecdir}/cni/%{name}-machine
%files tests
%license LICENSE
@ -424,6 +410,10 @@ fi
%{_libexecdir}/%{name}/gvproxy
%changelog
* Wed Mar 08 2023 Jindrich Novy <jnovy@redhat.com> - 3:4.4.1-8
- use ldd directly to check for static link - avoid broken file utility
- Related: #2176055
* Thu Dec 15 2022 Jindrich Novy <jnovy@redhat.com> - 3:4.3.1-2
- update to the latest content of https://github.com/containers/podman/tree/v4.3.1-rhel
(https://github.com/containers/podman/commit/d9a6336)

View File

@ -1,3 +0,0 @@
---
annocheck:
- hardened: --skip-pie --skip-lto --ignore-unknown --verbose

View File

@ -1,5 +1,4 @@
SHA512 (dnsname-18822f9.tar.gz) = de371722fbf18cd23b31485ee7ba36bb41d0d9a932d15e50872989c3ca1ff7246da63143c3725d81089fadda3821a54c18b22150d9d16005b07df6824f5f71f8
SHA512 (gvisor-tap-vsock-fdc231ae7b8fe1aec4cf0b8777274fa21b70d789.tar.gz) = 9441a6b0dc64961994ec9c268ad81916c4b88bf5c508c32dc6b0f68a993dc0c57c92304bfaa525aafe6445107314fc6954a65dbfb53432450ac0076d7d68c1ba
SHA512 (podman-machine-cni-0749884.tar.gz) = fe5f6a69118c0d3475c76c61bf1b50f1d5772fe9a4d20b23e59010e72f8cbd7fb7d4091ce8ab43af8becf77e5234b63191e3e01932f30f8386235822de2e42f4
SHA512 (gvisor-tap-vsock-aab0ac9367fc5142f5857c36ac2352bcb3c60ab7.tar.gz) = e138125f0fad46f84afebad5769d4428cb29f24ce34e209b21689dc4409487bf2e946c9eb6551297baf36286c9be9a5310a77df4884563cfe247113980f18291
SHA512 (v0.1.7.tar.gz) = 7d3174c60e1c8bd1f4b95b7751ccbe01cac63265060f18914b53311f68f7b4c63c693604f348ccfac5db4a96939169f835fbbbd614803b18062053d94f7dca67
SHA512 (v4.3.1-rhel-d9a6336.tar.gz) = 79a6cd21f7234738edad3d6e1280db9fc318c8ce79fd2863bfeae8dda139d20f1a1d929e945768ba246b499ee0bfce72211e8ea78ba1adca00b28466a9be3cb4
SHA512 (v4.4.1-rhel-e1703bb.tar.gz) = 910dfcdb4cf09b17bac0070d923b11c92ff3ab6995f5e8e811b4ab20481b6ee91d76d10b69384f0375b53f98cf75c205190ba18645bc2a976977f9b86667f263

View File

@ -1,12 +0,0 @@
---
# Sigh; RHEL8 doesn't have BATS
- name: bats | fetch and unpack tarball
unarchive:
src: https://github.com/bats-core/bats-core/archive/v1.5.0.tar.gz
dest: /root
remote_src: true
- name: bats | install
command: ./install.sh /usr/local
args:
chdir: /root/bats-core-1.5.0

View File

@ -1,7 +0,0 @@
---
- name: create rootless user
user:
name: testuser
shell: /bin/bash
- name: enable linger
command: loginctl enable-linger testuser

View File

@ -1,72 +0,0 @@
#!/bin/bash
#
# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman
#
# This is invoked by the 'run_bats_tests' role; we assume that
# the package foo has a foo-tests subpackage which provides the
# directory /usr/share/foo/test/system, containing one or more .bats
# test files.
#
export PATH=/usr/local/bin:/usr/sbin:/usr/bin
FULL_LOG=/tmp/test.debug.log
BATS_LOG=/tmp/test.bats.log
rm -f $FULL_LOG $BATS_LOG
touch $FULL_LOG $BATS_LOG
exec &> $FULL_LOG
# Log program versions
echo "Packages:"
rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests
echo "------------------------------"
printenv | sort
testdir=/usr/share/${TEST_PACKAGE}/test/system
if ! cd $testdir; then
echo "FAIL ${TEST_NAME} : cd $testdir" >> /tmp/test.log
exit 0
fi
if [ -e /tmp/helper.sh ]; then
echo "------------------------------"
echo ". /tmp/helper.sh"
. /tmp/helper.sh
fi
if [ "$(type -t setup)" = "function" ]; then
echo "------------------------------"
echo "\$ setup"
setup
if [ $? -ne 0 ]; then
echo "FAIL ${TEST_NAME} : setup" >> /tmp/test.log
exit 0
fi
fi
echo "------------------------------"
echo "\$ bats ."
bats . &> $BATS_LOG
rc=$?
echo "------------------------------"
echo "bats completed with status $rc"
status=PASS
if [ $rc -ne 0 ]; then
status=FAIL
fi
echo "${status} ${TEST_NAME}" >> /tmp/test.log
if [ "$(type -t teardown)" = "function" ]; then
echo "------------------------------"
echo "\$ teardown"
teardown
fi
# FIXME: for CI purposes, always exit 0. This allows subsequent tests.
exit 0

View File

@ -1,37 +0,0 @@
---
# Create empty results file, world-writable
- name: initialize test.log file
copy: dest=/tmp/test.log content='' force=yes mode=0666
- name: execute tests
include: run_one_test.yml
with_items: "{{ tests }}"
loop_control:
loop_var: test
- name: pull test.log results
fetch:
src: "/tmp/test.log"
dest: "{{ artifacts }}/test.log"
flat: yes
# Copied from standard-test-basic
- name: check results
shell: grep "^FAIL" /tmp/test.log
register: test_fails
# Never fail at this step. Just store result of tests.
failed_when: False
- name: preserve results
set_fact:
role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}"
role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}"
- name: display results
vars:
msg: |
Tests failed: {{ role_result_failed|d('Undefined') }}
Tests msg: {{ role_result_msg|d('None') }}
debug:
msg: "{{ msg.split('\n') }}"
failed_when: "role_result_failed|bool"

View File

@ -1,52 +0,0 @@
---
- name: "{{ test.name }} | install test packages"
dnf: name="{{ test.package }}-tests" state=installed
- name: "{{ test.name }} | define helper variables"
set_fact:
test_name_oneword: "{{ test.name | replace(' ','-') }}"
# UGH. This is necessary because our caller sets some environment variables
# and we need to set a few more based on other caller variables; then we
# need to combine the two dicts when running the test. This seems to be
# the only way to do it in ansible.
- name: "{{ test.name }} | define local environment"
set_fact:
local_environment:
TEST_NAME: "{{ test.name }}"
TEST_PACKAGE: "{{ test.package }}"
TEST_ENV: "{{ test.environment }}"
- name: "{{ test.name }} | setup/teardown helper | see if exists"
local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh
register: helper
- name: "{{ test.name }} | setup/teardown helper | install"
copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh
when: helper.stat.exists
- name: "{{ test.name }} | run test"
script: ./run_bats_tests.sh
args:
chdir: /usr/share/{{ test.package }}/test/system
become: "{{ true if test.become is defined else false }}"
become_user: testuser
environment: "{{ local_environment | combine(test.environment) }}"
- name: "{{ test.name }} | pull logs"
fetch:
src: "/tmp/test.{{ item }}.log"
dest: "{{ artifacts }}/test.{{ test_name_oneword }}.{{ item }}.log"
flat: yes
with_items:
- bats
- debug
- name: "{{ test.name }} | remove remote logs and helpers"
file:
dest=/tmp/{{ item }}
state=absent
with_items:
- test.bats.log
- test.debug.log
- helper.sh

View File

@ -1,25 +0,0 @@
---
- hosts: localhost
tags: classic
vars:
- artifacts: ./artifacts
roles:
- role: bats_installed
- role: rootless_user
- role: run_bats_tests
tests:
- name: podman root
package: podman
environment:
PODMAN: /usr/bin/podman
- name: podman rootless
package: podman
environment:
PODMAN: /usr/bin/podman
become: true
#- name: podman-remote root
#package: podman
#environment:
# PODMAN: /usr/bin/podman-remote