podman-4.4.1-8.el8

- use ldd directly to check for static link - avoid broken file utility - Related: #2176055 Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2023-03-08 12:09:21 +01:00 · 2023-03-08 12:09:21 +01:00 · f5cc89a29d
commit f5cc89a29d
parent 3e7c9a28d6
11 changed files with 23 additions and 258 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,10 +1 @@
-SOURCES/dnsname-18822f9.tar.gz
-SOURCES/gvisor-tap-vsock-fdc231ae7b8fe1aec4cf0b8777274fa21b70d789.tar.gz
-SOURCES/podman-machine-cni-0749884.tar.gz
-SOURCES/v0.1.7.tar.gz
-SOURCES/v4.3.1-rhel-d9a6336.tar.gz
-/dnsname-18822f9.tar.gz
-/gvisor-tap-vsock-fdc231ae7b8fe1aec4cf0b8777274fa21b70d789.tar.gz
-/podman-machine-cni-0749884.tar.gz
-/v0.1.7.tar.gz
-/v4.3.1-rhel-d9a6336.tar.gz
+/*.tar.gz
--- a/gating.yaml
+++ b/gating.yaml
@ -1,7 +0,0 @@
-# recipients: jnovy, lsm5, santiago
--- !Policy
-product_versions:
-  - rhel-9
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/podman.spec
+++ b/podman.spec
@ -7,23 +7,21 @@
 GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};

 %global import_path github.com/containers/podman
-%global branch v4.3.1-rhel
-%global commit0 d9a633633d23649833438faf8f2ecf7ae2be27fd
+%global branch v4.4.1-rhel
+%global commit0 e1703bb7f47675964852173c465769bef9ef4e1b
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
 %global cataver 0.1.7
 #%%global dnsnamever 1.3.0
 %global commit_dnsname 18822f9a4fb35d1349eb256f4cd2bfd372474d84
 %global shortcommit_dnsname %(c=%{commit_dnsname}; echo ${c:0:7})
 %global gvproxyrepo gvisor-tap-vsock
-%global gvproxyver 0.4.0
-%global commit_gvproxy fdc231ae7b8fe1aec4cf0b8777274fa21b70d789
-%global commit_mcni 0749884b8d1a455c68da30789e37811ec0809d51
-%global shortcommit_mcni %(c=%{commit_mcni}; echo ${c:0:7})
+%global gvproxyver 0.5.0
+%global commit_gvproxy aab0ac9367fc5142f5857c36ac2352bcb3c60ab7

 Epoch: 3
 Name: podman
-Version: 4.3.1
-Release: 2%{?dist}
+Version: 4.4.1
+Release: 8%{?dist}
 Summary: Manage Pods, Containers and Container Images
 License: ASL 2.0 and GPLv3+
 URL: https://%{name}.io/
@ -35,7 +33,6 @@ Source0: https://%{import_path}/archive/%{commit0}/%{name}-%{version}-%{shortcom
 Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz
 #Source2: https://github.com/containers/dnsname/archive/v%%{dnsnamever}.tar.gz
 Source2: https://github.com/containers/dnsname/archive/%{commit_dnsname}/dnsname-%{shortcommit_dnsname}.tar.gz
-Source3: https://github.com/containers/%{name}-machine-cni/archive/%{commit_mcni}/%{name}-machine-cni-%{shortcommit_mcni}.tar.gz
 Source4: https://github.com/containers/gvisor-tap-vsock/archive/%{commit_gvproxy}/gvisor-tap-vsock-%{commit_gvproxy}.tar.gz
 # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
 ExclusiveArch: %{go_arches}
@ -62,7 +59,6 @@ BuildRequires: python3
 # for catatonit
 BuildRequires: autoconf
 BuildRequires: automake
-BuildRequires: file
 BuildRequires: gcc
 BuildRequires: libtool
 Requires: containers-common >= 2:1-27
@ -187,7 +183,6 @@ pushd catatonit-%{cataver}
 sed -i '$d' configure.ac
 popd
 tar fx %{SOURCE2}
-tar fx %{SOURCE3}
 tar fx %{SOURCE4}

 # this is shipped by skopeo: containers-common subpackage
@ -202,11 +197,13 @@ CFLAGS="%{optflags} -fPIE -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURC
 %{__make} %{?_smp_mflags}
 # Make sure we *always* build a static binary for catatonit. Otherwise we'll break containers
 # that don't have the necessary shared libs.
-file catatonit | grep 'statically linked'
-if [ $? != 0 ]; then
+set +e
+/usr/bin/ldd catatonit
+if [ $? != 1 ]; then
   echo "ERROR: catatonit binary must be statically linked!"
   exit 1
 fi
+set -e
 popd

 export GO111MODULE=off
@ -244,6 +241,9 @@ export BUILDTAGS="seccomp btrfs_noversion exclude_graphdriver_devicemapper exclu
 export BUILDTAGS="remote $BUILDTAGS"
 %gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name}

+# build quadlet
+%gobuild -o bin/quadlet %{import_path}/cmd/quadlet
+
 %{__make} docs

 # build dnsname plugin
@ -259,17 +259,6 @@ export GOPATH=$(pwd)/_build:$(pwd)
 %gobuild -o bin/dnsname github.com/containers/dnsname/plugins/meta/dnsname
 popd

-pushd %{name}-machine-cni-%{commit_mcni}
-mkdir _build
-pushd _build
-mkdir -p src/github.com/containers
-ln -s ../../../../ src/github.com/containers/%{name}-machine-cni
-popd
-ln -s vendor src
-export GOPATH=$(pwd)/_build:$(pwd)
-%gobuild -o bin/%{name}-machine github.com/containers/%{name}-machine-cni/plugins/meta/%{name}-machine
-popd
-
 pushd gvisor-tap-vsock-%{commit_gvproxy}
 mkdir _build
 pushd _build
@ -314,11 +303,6 @@ pushd dnsname-%{commit_dnsname}
 %{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
 popd

-# install machine-cni plugin
-pushd %{name}-machine-cni-%{commit_mcni}
-%{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
-popd
-
 # install gvproxy
 pushd gvisor-tap-vsock-%{commit_gvproxy}
 install -dp %{buildroot}%{_libexecdir}/%{name}
@ -365,6 +349,7 @@ fi
 %license LICENSE
 %doc README.md CONTRIBUTING.md install.md transfer.md
 %{_bindir}/%{name}
+%{_libexecdir}/%{name}/quadlet
 %{_libexecdir}/%{name}/rootlessport
 %{_datadir}/bash-completion/completions/%{name}
 # By "owning" the site-functions dir, we don't need to Require zsh
@ -406,12 +391,13 @@ fi
 %{_libexecdir}/catatonit/catatonit
 %dir %{_libexecdir}/podman
 %{_libexecdir}/podman/catatonit
+%{_usr}/lib/systemd/system-generators/podman-system-generator
+%{_usr}/lib/systemd/user-generators/podman-user-generator

 %files plugins
 %license dnsname-%{commit_dnsname}/LICENSE
 %doc dnsname-%{commit_dnsname}/{README.md,README_PODMAN.md}
 %{_libexecdir}/cni/dnsname
-%{_libexecdir}/cni/%{name}-machine

 %files tests
 %license LICENSE
@ -424,6 +410,10 @@ fi
 %{_libexecdir}/%{name}/gvproxy

 %changelog
+* Wed Mar 08 2023 Jindrich Novy <jnovy@redhat.com> - 3:4.4.1-8
+- use ldd directly to check for static link - avoid broken file utility
+- Related: #2176055
+
 * Thu Dec 15 2022 Jindrich Novy <jnovy@redhat.com> - 3:4.3.1-2
 - update to the latest content of https://github.com/containers/podman/tree/v4.3.1-rhel
  (https://github.com/containers/podman/commit/d9a6336)
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -1,3 +0,0 @@
---
-annocheck:
-  - hardened: --skip-pie --skip-lto --ignore-unknown --verbose
--- a/5
+++ b/5
@ -1,5 +1,4 @@
 SHA512 (dnsname-18822f9.tar.gz) = de371722fbf18cd23b31485ee7ba36bb41d0d9a932d15e50872989c3ca1ff7246da63143c3725d81089fadda3821a54c18b22150d9d16005b07df6824f5f71f8
-SHA512 (gvisor-tap-vsock-fdc231ae7b8fe1aec4cf0b8777274fa21b70d789.tar.gz) = 9441a6b0dc64961994ec9c268ad81916c4b88bf5c508c32dc6b0f68a993dc0c57c92304bfaa525aafe6445107314fc6954a65dbfb53432450ac0076d7d68c1ba
-SHA512 (podman-machine-cni-0749884.tar.gz) = fe5f6a69118c0d3475c76c61bf1b50f1d5772fe9a4d20b23e59010e72f8cbd7fb7d4091ce8ab43af8becf77e5234b63191e3e01932f30f8386235822de2e42f4
+SHA512 (gvisor-tap-vsock-aab0ac9367fc5142f5857c36ac2352bcb3c60ab7.tar.gz) = e138125f0fad46f84afebad5769d4428cb29f24ce34e209b21689dc4409487bf2e946c9eb6551297baf36286c9be9a5310a77df4884563cfe247113980f18291
 SHA512 (v0.1.7.tar.gz) = 7d3174c60e1c8bd1f4b95b7751ccbe01cac63265060f18914b53311f68f7b4c63c693604f348ccfac5db4a96939169f835fbbbd614803b18062053d94f7dca67
-SHA512 (v4.3.1-rhel-d9a6336.tar.gz) = 79a6cd21f7234738edad3d6e1280db9fc318c8ce79fd2863bfeae8dda139d20f1a1d929e945768ba246b499ee0bfce72211e8ea78ba1adca00b28466a9be3cb4
+SHA512 (v4.4.1-rhel-e1703bb.tar.gz) = 910dfcdb4cf09b17bac0070d923b11c92ff3ab6995f5e8e811b4ab20481b6ee91d76d10b69384f0375b53f98cf75c205190ba18645bc2a976977f9b86667f263
--- a/tests/roles/bats_installed/tasks/main.yml
+++ b/tests/roles/bats_installed/tasks/main.yml
@ -1,12 +0,0 @@
---
-# Sigh; RHEL8 doesn't have BATS
- name: bats | fetch and unpack tarball
-  unarchive:
-    src: https://github.com/bats-core/bats-core/archive/v1.5.0.tar.gz
-    dest: /root
-    remote_src: true
-
- name: bats | install
-  command: ./install.sh /usr/local
-  args:
-    chdir: /root/bats-core-1.5.0
--- a/tests/roles/rootless_user/tasks/main.yml
+++ b/tests/roles/rootless_user/tasks/main.yml
@ -1,7 +0,0 @@
---
- name: create rootless user
-  user:
-    name: testuser
-    shell: /bin/bash
- name: enable linger
-  command: loginctl enable-linger testuser
--- a/tests/roles/run_bats_tests/files/run_bats_tests.sh
+++ b/tests/roles/run_bats_tests/files/run_bats_tests.sh
@ -1,72 +0,0 @@
-#!/bin/bash
-#
-# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman
-#
-# This is invoked by the 'run_bats_tests' role; we assume that
-# the package foo has a foo-tests subpackage which provides the
-# directory /usr/share/foo/test/system, containing one or more .bats
-# test files.
-#
-
-export PATH=/usr/local/bin:/usr/sbin:/usr/bin
-
-FULL_LOG=/tmp/test.debug.log
-BATS_LOG=/tmp/test.bats.log
-rm -f $FULL_LOG $BATS_LOG
-touch $FULL_LOG $BATS_LOG
-
-exec &> $FULL_LOG
-
-# Log program versions
-echo "Packages:"
-rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests
-
-echo "------------------------------"
-printenv | sort
-
-testdir=/usr/share/${TEST_PACKAGE}/test/system
-
-if ! cd $testdir; then
-    echo "FAIL ${TEST_NAME} : cd $testdir"      >> /tmp/test.log
-    exit 0
-fi
-
-if [ -e /tmp/helper.sh ]; then
-    echo "------------------------------"
-    echo ". /tmp/helper.sh"
-    . /tmp/helper.sh
-fi
-
-if [ "$(type -t setup)" = "function" ]; then
-    echo "------------------------------"
-    echo "\$ setup"
-    setup
-    if [ $? -ne 0 ]; then
-        echo "FAIL ${TEST_NAME} : setup"       >> /tmp/test.log
-        exit 0
-    fi
-fi
-
-echo "------------------------------"
-echo "\$ bats ."
-bats . &> $BATS_LOG
-rc=$?
-
-echo "------------------------------"
-echo "bats completed with status $rc"
-
-status=PASS
-if [ $rc -ne 0 ]; then
-    status=FAIL
-fi
-
-echo "${status} ${TEST_NAME}" >> /tmp/test.log
-
-if [ "$(type -t teardown)" = "function" ]; then
-    echo "------------------------------"
-    echo "\$ teardown"
-    teardown
-fi
-
-# FIXME: for CI purposes, always exit 0. This allows subsequent tests.
-exit 0
--- a/tests/roles/run_bats_tests/tasks/main.yml
+++ b/tests/roles/run_bats_tests/tasks/main.yml
@ -1,37 +0,0 @@
---
-# Create empty results file, world-writable
- name: initialize test.log file
-  copy: dest=/tmp/test.log content='' force=yes mode=0666
-
- name: execute tests
-  include: run_one_test.yml
-  with_items: "{{ tests }}"
-  loop_control:
-    loop_var: test
-
- name: pull test.log results
-  fetch:
-    src: "/tmp/test.log"
-    dest: "{{ artifacts }}/test.log"
-    flat: yes
-
-# Copied from standard-test-basic
- name: check results
-  shell: grep "^FAIL" /tmp/test.log
-  register: test_fails
-  # Never fail at this step. Just store result of tests.
-  failed_when: False
-
- name: preserve results
-  set_fact:
-    role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}"
-    role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}"
-
- name: display results
-  vars:
-    msg: |
-       Tests failed: {{ role_result_failed|d('Undefined') }}
-       Tests msg: {{ role_result_msg|d('None') }}
-  debug:
-    msg: "{{ msg.split('\n') }}"
-  failed_when: "role_result_failed|bool"
--- a/tests/roles/run_bats_tests/tasks/run_one_test.yml
+++ b/tests/roles/run_bats_tests/tasks/run_one_test.yml
@ -1,52 +0,0 @@
---
- name: "{{ test.name }} | install test packages"
-  dnf: name="{{ test.package }}-tests" state=installed
-
- name: "{{ test.name }} | define helper variables"
-  set_fact:
-    test_name_oneword: "{{ test.name | replace(' ','-') }}"
-
-# UGH. This is necessary because our caller sets some environment variables
-# and we need to set a few more based on other caller variables; then we
-# need to combine the two dicts when running the test. This seems to be
-# the only way to do it in ansible.
- name: "{{ test.name }} | define local environment"
-  set_fact:
-    local_environment:
-      TEST_NAME:    "{{ test.name }}"
-      TEST_PACKAGE: "{{ test.package }}"
-      TEST_ENV:     "{{ test.environment }}"
-
- name: "{{ test.name }} | setup/teardown helper | see if exists"
-  local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh
-  register: helper
-
- name: "{{ test.name }} | setup/teardown helper | install"
-  copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh
-  when: helper.stat.exists
-
- name: "{{ test.name }} | run test"
-  script: ./run_bats_tests.sh
-  args:
-    chdir: /usr/share/{{ test.package }}/test/system
-  become: "{{ true if test.become is defined else false }}"
-  become_user: testuser
-  environment: "{{ local_environment | combine(test.environment) }}"
-
- name: "{{ test.name }} | pull logs"
-  fetch:
-    src: "/tmp/test.{{ item }}.log"
-    dest: "{{ artifacts }}/test.{{ test_name_oneword }}.{{ item }}.log"
-    flat: yes
-  with_items:
-    - bats
-    - debug
-
- name: "{{ test.name }} | remove remote logs and helpers"
-  file:
-    dest=/tmp/{{ item }}
-    state=absent
-  with_items:
-    - test.bats.log
-    - test.debug.log
-    - helper.sh
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,25 +0,0 @@
---
- hosts: localhost
-  tags:  classic
-  vars:
-  - artifacts: ./artifacts
-  roles:
-  - role: bats_installed
-  - role: rootless_user
-  - role: run_bats_tests
-    tests:
-    - name:    podman root
-      package: podman
-      environment:
-        PODMAN: /usr/bin/podman
-
-    - name:    podman rootless
-      package: podman
-      environment:
-        PODMAN: /usr/bin/podman
-      become:  true
-
-      #- name:    podman-remote root
-      #package: podman
-      #environment:
-      #  PODMAN: /usr/bin/podman-remote