From 32743601c9c4178ee602130e6586c682e38a29fd Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 2 Oct 2023 18:33:16 +0200 Subject: [PATCH] Consolidate the post-release upstream patches for fixing the build There's no need to do a build just for this. Resolves: RHEL-2038 --- ...generat.patch => toolbox-Build-fixes.patch | 121 +++++++++++++++--- ...se-podman-1-when-generating-the-comp.patch | 89 ------------- toolbox.spec | 6 +- 3 files changed, 108 insertions(+), 108 deletions(-) rename toolbox-Don-t-validate-subordinate-IDs-when-generat.patch => toolbox-Build-fixes.patch (51%) delete mode 100644 toolbox-Don-t-use-podman-1-when-generating-the-comp.patch diff --git a/toolbox-Don-t-validate-subordinate-IDs-when-generat.patch b/toolbox-Build-fixes.patch similarity index 51% rename from toolbox-Don-t-validate-subordinate-IDs-when-generat.patch rename to toolbox-Build-fixes.patch index 3d5812e..32164ef 100644 --- a/toolbox-Don-t-validate-subordinate-IDs-when-generat.patch +++ b/toolbox-Build-fixes.patch @@ -1,7 +1,98 @@ -From 52de8d4a933ab6a4b1b6ef1c02c7e9f1f834c4a5 Mon Sep 17 00:00:00 2001 +From 424cc42fba3cb182a360dcdda68caf20d9141ae6 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 28 Feb 2023 17:12:04 +0100 +Subject: [PATCH 1/4] cmd/root: Don't use podman(1) when generating the + completions + +Ever since commit bafbbe81c9220cb3, the shell completions are generated +while building Toolbx using the 'completion' command. This involves +running toolbox(1) itself, and hence invoking 'podman version' to decide +if 'podman system migrate' is needed or not. + +Unfortunately, some build environments, like Fedora's, are set up inside +a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may +not work because it does various things with namespaces(7) and clone(2) +that can, under certain circumstances, encounter an EPERM. + +Therefore, it's better to avoid using podman(1) when generating the +shell completions, especially, since they are generated by Cobra itself +and podman(1) is not involved at all. + +Note that podman(1) is needed when the generated shell completions are +actually used in interactive command line environments. The shell +completions invoke the hidden '__complete' command to get the results +that are presented to the user, and, if needed, 'podman system migrate' +will continue to be run as part of that. + +This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011 +because podman(1) is now only an optional runtime dependency for the +system tests. + +https://github.com/containers/podman/issues/17657 +--- + meson.build | 2 +- + src/cmd/root.go | 9 +++++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/meson.build b/meson.build +index 6f044bb204e3..653a3d3ac588 100644 +--- a/meson.build ++++ b/meson.build +@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h']) + + go = find_program('go') + go_md2man = find_program('go-md2man') +-podman = find_program('podman') + + bats = find_program('bats', required: false) + codespell = find_program('codespell', required: false) + htpasswd = find_program('htpasswd', required: false) + openssl = find_program('openssl', required: false) ++podman = find_program('podman', required: false) + shellcheck = find_program('shellcheck', required: false) + skopeo = find_program('skopeo', required: false) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 304b03dcd889..9975ccc7a4c8 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error { + + logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath) + +- if err := migrate(); err != nil { ++ if err := migrate(cmd, args); err != nil { + return err + } + +@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error { + return rootRunImpl(cmd, args) + } + +-func migrate() error { ++func migrate(cmd *cobra.Command, args []string) error { + logrus.Debug("Migrating to newer Podman") + + if utils.IsInsideContainer() { + return nil + } + ++ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { ++ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName) ++ return nil ++ } ++ + configDir, err := os.UserConfigDir() + if err != nil { + logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err) +-- +2.41.0 + + +From 0723706168a1bde708bc9acc203c5e9870bc94d5 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 1 Mar 2023 19:41:56 +0100 -Subject: [PATCH 1/3] cmd/root: Sprinkle a debug log +Subject: [PATCH 2/4] cmd/root: Sprinkle a debug log https://github.com/containers/toolbox/pull/1251 --- @@ -9,10 +100,10 @@ https://github.com/containers/toolbox/pull/1251 1 file changed, 1 insertion(+) diff --git a/src/cmd/root.go b/src/cmd/root.go -index 304b03dcd889..82fbfd651c33 100644 +index 9975ccc7a4c8..2e7428a20b24 100644 --- a/src/cmd/root.go +++ b/src/cmd/root.go -@@ -215,6 +215,7 @@ func migrate() error { +@@ -215,6 +215,7 @@ func migrate(cmd *cobra.Command, args []string) error { logrus.Debug("Migrating to newer Podman") if utils.IsInsideContainer() { @@ -21,13 +112,13 @@ index 304b03dcd889..82fbfd651c33 100644 } -- -2.39.2 +2.41.0 -From 0beab62c935cd1166d6b03f58c519bbc7b040221 Mon Sep 17 00:00:00 2001 +From 0736db58456bb635854493e28a0c36bda49988ce Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 1 Mar 2023 19:46:11 +0100 -Subject: [PATCH 2/3] cmd/root: Shuffle some code around and sprinkle some +Subject: [PATCH 3/4] cmd/root: Shuffle some code around and sprinkle some debug logs Having a separate convenience function reduces the indentation levels by @@ -42,7 +133,7 @@ https://github.com/containers/toolbox/issues/1246 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/src/cmd/root.go b/src/cmd/root.go -index 82fbfd651c33..4c740ec60d38 100644 +index 2e7428a20b24..9aafe3e0d3be 100644 --- a/src/cmd/root.go +++ b/src/cmd/root.go @@ -1,5 +1,5 @@ @@ -68,7 +159,7 @@ index 82fbfd651c33..4c740ec60d38 100644 } } -@@ -387,3 +382,24 @@ func setUpLoggers() error { +@@ -392,3 +387,24 @@ func setUpLoggers() error { return nil } @@ -94,13 +185,13 @@ index 82fbfd651c33..4c740ec60d38 100644 + return true, nil +} -- -2.39.2 +2.41.0 -From d09c9cd1de41b6e85a6953902c9982778a423f3c Mon Sep 17 00:00:00 2001 +From 02537eac420f49e96110663794ef5f2511eb6860 Mon Sep 17 00:00:00 2001 From: Jan Zerebecki Date: Wed, 1 Mar 2023 19:52:28 +0100 -Subject: [PATCH 3/3] cmd/root: Don't validate subordinate IDs when generating +Subject: [PATCH 4/4] cmd/root: Don't validate subordinate IDs when generating the completions Ever since commit bafbbe81c9220cb3, the shell completions are generated @@ -129,10 +220,10 @@ https://github.com/containers/toolbox/pull/1249 1 file changed, 5 insertions(+) diff --git a/src/cmd/root.go b/src/cmd/root.go -index 4c740ec60d38..efee8ce9990b 100644 +index 9aafe3e0d3be..aee9fe026ac3 100644 --- a/src/cmd/root.go +++ b/src/cmd/root.go -@@ -396,6 +396,11 @@ func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bo +@@ -401,6 +401,11 @@ func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bo return true, nil } @@ -145,5 +236,5 @@ index 4c740ec60d38..efee8ce9990b 100644 logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err) return false, newSubIDError() -- -2.39.2 +2.41.0 diff --git a/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch b/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch deleted file mode 100644 index 85c7289..0000000 --- a/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch +++ /dev/null @@ -1,89 +0,0 @@ -From fc5f568c5d82f4a16982268fa67092e52be91fbe Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Tue, 28 Feb 2023 17:12:04 +0100 -Subject: [PATCH] cmd/root: Don't use podman(1) when generating the completions - -Ever since commit bafbbe81c9220cb3, the shell completions are generated -while building Toolbx using the 'completion' command. This involves -running toolbox(1) itself, and hence invoking 'podman version' to decide -if 'podman system migrate' is needed or not. - -Unfortunately, some build environments, like Fedora's, are set up inside -a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may -not work because it does various things with namespaces(7) and clone(2) -that can, under certain circumstances, encounter an EPERM. - -Therefore, it's better to avoid using podman(1) when generating the -shell completions, especially, since they are generated by Cobra itself -and podman(1) is not involved at all. - -Note that podman(1) is needed when the generated shell completions are -actually used in interactive command line environments. The shell -completions invoke the hidden '__complete' command to get the results -that are presented to the user, and, if needed, 'podman system migrate' -will continue to be run as part of that. - -This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011 -because podman(1) is now only an optional runtime dependency for the -system tests. - -https://github.com/containers/podman/issues/17657 ---- - meson.build | 2 +- - src/cmd/root.go | 9 +++++++-- - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/meson.build b/meson.build -index 6f044bb204e3..653a3d3ac588 100644 ---- a/meson.build -+++ b/meson.build -@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h']) - - go = find_program('go') - go_md2man = find_program('go-md2man') --podman = find_program('podman') - - bats = find_program('bats', required: false) - codespell = find_program('codespell', required: false) - htpasswd = find_program('htpasswd', required: false) - openssl = find_program('openssl', required: false) -+podman = find_program('podman', required: false) - shellcheck = find_program('shellcheck', required: false) - skopeo = find_program('skopeo', required: false) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 304b03dcd889..9975ccc7a4c8 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error { - - logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath) - -- if err := migrate(); err != nil { -+ if err := migrate(cmd, args); err != nil { - return err - } - -@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error { - return rootRunImpl(cmd, args) - } - --func migrate() error { -+func migrate(cmd *cobra.Command, args []string) error { - logrus.Debug("Migrating to newer Podman") - - if utils.IsInsideContainer() { - return nil - } - -+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { -+ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName) -+ return nil -+ } -+ - configDir, err := os.UserConfigDir() - if err != nil { - logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err) --- -2.39.1 - diff --git a/toolbox.spec b/toolbox.spec index bfde477..e40ad89 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -16,9 +16,8 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version Source1: %{name}.conf # Upstream -Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch -Patch1: toolbox-Don-t-validate-subordinate-IDs-when-generat.patch -Patch2: toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch +Patch0: toolbox-Build-fixes.patch +Patch1: toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch # RHEL specific Patch100: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch @@ -61,7 +60,6 @@ The %{name}-tests package contains system tests for %{name}. %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 %ifnarch ppc64 %patch100 -p1