import UBI toolbox-0.3-2.el9_8

2026-05-19 20:35:17 -04:00 · 2026-05-19 20:35:17 -04:00 · 59d1cea32e
commit 59d1cea32e
parent b249bc69a0
8 changed files with 340 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/toolbox-0.2-vendored.tar.xz
+SOURCES/toolbox-0.3-vendored.tar.xz
--- a/.toolbox.metadata
+++ b/.toolbox.metadata
@ -1 +1 @@
-c9b65b536ecd89d7edc12211cb10ba96bcf60c41 SOURCES/toolbox-0.2-vendored.tar.xz
+33dfd6f8af6a5a426b4d66593863a7521f6ff694 SOURCES/toolbox-0.3-vendored.tar.xz
--- a/SOURCES/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
+++ b/SOURCES/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
@ -1,4 +1,4 @@
-From b0f4d55b16e59375012ea0ffbfe31086cbef2fef Mon Sep 17 00:00:00 2001
+From 85481653d2fdbb8a23ec7552d1a2f589b5ed4694 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Wed, 18 Aug 2021 17:55:21 +0200
 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST
@ -10,10 +10,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037
 1 file changed, 1 insertion(+)

 diff --git a/src/cmd/run.go b/src/cmd/run.go
-index 389ea1615234..2e78a3ba3ecd 100644
+index ceb277a3640a..72b673f506b3 100644
 --- a/src/cmd/run.go
 +++ b/src/cmd/run.go
-@@ -573,6 +573,7 @@ func constructExecArgs(container, preserveFDs string,
+@@ -576,6 +576,7 @@ func constructExecArgs(container, preserveFDs string,
 	execArgs = append(execArgs, envOptions...)
 
 	execArgs = append(execArgs, []string{
@ -22,10 +22,10 @@ index 389ea1615234..2e78a3ba3ecd 100644
 		"--preserve-fds", preserveFDs,
 	}...)
 -- 
-2.50.1
+2.53.0


-From d4e03324f5d263fdb7c9b10270dd7ed251d5aa9e Mon Sep 17 00:00:00 2001
+From a1df0b1a13f45f086e66631a87fe94d711e41075 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Fri, 10 Dec 2021 13:42:15 +0100
 Subject: [PATCH 2/2] test/system: Update to test the migration path for
@ -100,5 +100,5 @@ index 000000000000..cf35d60ac25c
 +  skip "Testing of entering toolboxes is not implemented"
 +}
 -- 
-2.50.1
+2.53.0

--- a/SOURCES/toolbox-Fall-back-to-getent-passwd-when-SHELL-is-unset.patch
+++ b/SOURCES/toolbox-Fall-back-to-getent-passwd-when-SHELL-is-unset.patch
@ -0,0 +1,297 @@
+From 2aef63319f5cb66df492efe8409b8748be22a625 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Fri, 6 Mar 2026 21:07:54 +0100
+Subject: [PATCH 1/2] doc, cmd: Tweak the wording and error messages for
+ consistency
+
+The useradd(8) and usermod(8) manuals use the term 'login shell', except
+one instance in useradd(8) where it says 'default login shell' [1,2].
+The toolbox-init-container(1) manual and the 'init-container' command
+already use 'login shell', and it's shorter than 'default shell'.  So,
+it wins.
+
+Fallout from the following:
+  * 6c86cabbe5da6e542b50c5c043b4d213c6279bbc
+  * 59055cf9eb03d69a53b7f59a91b8def171da2fef
+  * 662bd899314d74977f8b973989d2548c1bf80fea
+  * 8f30d718066facb0c3db946db07e9c17f38741b7
+
+[1] https://man7.org/linux/man-pages/man8/useradd.8.html
+
+[2] https://man7.org/linux/man-pages/man8/usermod.8.html
+
+https://github.com/containers/toolbox/pull/1767
+---
+ doc/toolbox-enter.1.md       | 4 ++--
+ src/cmd/create.go            | 2 +-
+ src/cmd/enter.go             | 2 +-
+ src/cmd/rootMigrationPath.go | 2 +-
+ 4 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/doc/toolbox-enter.1.md b/doc/toolbox-enter.1.md
+index 4061ef8233ab..2769a6b968f9 100644
+--- a/doc/toolbox-enter.1.md
+++ b/doc/toolbox-enter.1.md
+@@ -11,8 +11,8 @@ toolbox\-enter - Enter a Toolbx container for interactive use
+ ## DESCRIPTION
+ 
+ Spawns an interactive shell inside a Toolbx container that was created using
+-the `toolbox create` command. It tries to spawn the user's default shell, but
+-if it's not available inside the container then it falls back to `/bin/bash`.
+the `toolbox create` command. It tries to spawn the user's login shell, but if
+it's not available inside the container then it falls back to `/bin/bash`.
+ 
+ When invoked without any options, `toolbox enter` will try to enter the default
+ Toolbx container for the host, or if there's only one container available then
+diff --git a/src/cmd/create.go b/src/cmd/create.go
+index 531721b60f2d..c0ac138aa8d7 100644
+--- a/src/cmd/create.go
+++ b/src/cmd/create.go
+@@ -406,7 +406,7 @@ func createContainer(container, image, release, authFile string, showCommandToEn
+ 
+ 	userShell := os.Getenv("SHELL")
+ 	if userShell == "" {
+-		return errors.New("failed to get the current user's default shell")
+		return errors.New("failed to get the current user's login shell")
+ 	}
+ 
+ 	entryPoint := []string{
+diff --git a/src/cmd/enter.go b/src/cmd/enter.go
+index 8602b744ba35..1fc32e8a65d3 100644
+--- a/src/cmd/enter.go
+++ b/src/cmd/enter.go
+@@ -116,7 +116,7 @@ func enter(cmd *cobra.Command, args []string) error {
+ 
+ 	userShell := os.Getenv("SHELL")
+ 	if userShell == "" {
+-		return errors.New("failed to get the current user's default shell")
+		return errors.New("failed to get the current user's login shell")
+ 	}
+ 
+ 	command := []string{userShell, "-l"}
+diff --git a/src/cmd/rootMigrationPath.go b/src/cmd/rootMigrationPath.go
+index 38b5d4956515..1c689c829088 100644
+--- a/src/cmd/rootMigrationPath.go
+++ b/src/cmd/rootMigrationPath.go
+@@ -63,7 +63,7 @@ func rootRunImpl(cmd *cobra.Command, args []string) error {
+ 
+ 	userShell := os.Getenv("SHELL")
+ 	if userShell == "" {
+-		return errors.New("failed to get the current user's default shell")
+		return errors.New("failed to get the current user's login shell")
+ 	}
+ 
+ 	command := []string{userShell, "-l"}
+-- 
+2.53.0
+
+
+From 92eaafa5cc3e32d90f44d79144c30820f5557799 Mon Sep 17 00:00:00 2001
+From: Rolv-Apneseth <rolv.apneseth@gmail.com>
+Date: Thu, 19 Feb 2026 16:32:04 +0000
+Subject: [PATCH 2/2] cmd, test/system: Fall back to 'getent passwd' when SHELL
+ is unset
+
+The SHELL environment variable is supposed to be set during login, as
+the case may be, by the GNOME Display Manager (or GDM) [1], OpenSSH [2],
+login(1) [3], su(1) [4], systemd [5], etc.
+
+During the GNOME login sequence, GDM and the Pluggable Authentication
+Modules for Linux (or PAM) creates a session with gnome-session(1) as
+the session leader, and sets the SHELL environment variable on it.  Then
+the session leader sets it in the 'systemd --user' unit activation
+environment.  Meanwhile, the system-wide user@.service has already set
+SHELL on 'systemd --user', and this gets propagated into the per-user
+service manager's unit activation environment.  This gets overwritten by
+the same value by gnome-session(1).
+
+However, sometimes it's unexpectedly missing.  eg., the runtime
+environment of the GitHub Actions workflow [6]; and it has been reported
+missing on some occasions in Fedora CoreOS, and in RHEL CoreOS spawned
+by 'oc debug ...' in Red Hat OpenShift clusters.  The reasons for these
+are unclear.
+
+Therefore, it's worth falling back to 'getent passwd' in those cases to
+avoid completely breaking the 'create' and 'enter' commands.
+
+[1] GDM commit 48dfb0c6fc683eb0
+    https://gitlab.gnome.org/GNOME/gdm/-/commit/48dfb0c6fc683eb0
+
+[2] OpenSSH commit d4a8b7e34dd619a4
+    https://github.com/openssh/openssh-portable/commit/d4a8b7e34dd619a4
+
+[3] https://man7.org/linux/man-pages/man1/login.1.html
+
+[4] https://man7.org/linux/man-pages/man1/su.1.html
+
+[5] https://www.freedesktop.org/software/systemd/man/run0.html
+    https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+
+[6] Commit c22b09d095c7a8ac
+    https://github.com/containers/toolbox/commit/c22b09d095c7a8ac
+    https://github.com/containers/toolbox/pull/1507
+    https://github.com/orgs/community/discussions/59413
+
+https://github.com/containers/toolbox/issues/1615
+https://issues.redhat.com/browse/OCPBUGS-76557
+
+Signed-off-by: Rolv-Apneseth <rolv.apneseth@gmail.com>
+---
+ src/cmd/create.go            |  6 +++---
+ src/cmd/enter.go             |  6 +++---
+ src/cmd/rootMigrationPath.go |  6 +++---
+ src/cmd/utils.go             | 39 ++++++++++++++++++++++++++++++++++++
+ test/system/101-create.bats  | 29 +++++++++++++++++++++++++++
+ 5 files changed, 77 insertions(+), 9 deletions(-)
+
+diff --git a/src/cmd/create.go b/src/cmd/create.go
+index c0ac138aa8d7..908e8f240fba 100644
+--- a/src/cmd/create.go
+++ b/src/cmd/create.go
+@@ -404,9 +404,9 @@ func createContainer(container, image, release, authFile string, showCommandToEn
+ 
+ 	logLevelString := podman.LogLevel.String()
+ 
+-	userShell := os.Getenv("SHELL")
+-	if userShell == "" {
+-		return errors.New("failed to get the current user's login shell")
+	userShell, err := getCurrentUserShell()
+	if err != nil {
+		return err
+ 	}
+ 
+ 	entryPoint := []string{
+diff --git a/src/cmd/enter.go b/src/cmd/enter.go
+index 1fc32e8a65d3..51be3c4b8daa 100644
+--- a/src/cmd/enter.go
+++ b/src/cmd/enter.go
+@@ -114,9 +114,9 @@ func enter(cmd *cobra.Command, args []string) error {
+ 		return err
+ 	}
+ 
+-	userShell := os.Getenv("SHELL")
+-	if userShell == "" {
+-		return errors.New("failed to get the current user's login shell")
+	userShell, err := getCurrentUserShell()
+	if err != nil {
+		return err
+ 	}
+ 
+ 	command := []string{userShell, "-l"}
+diff --git a/src/cmd/rootMigrationPath.go b/src/cmd/rootMigrationPath.go
+index 1c689c829088..9861320b39a4 100644
+--- a/src/cmd/rootMigrationPath.go
+++ b/src/cmd/rootMigrationPath.go
+@@ -61,9 +61,9 @@ func rootRunImpl(cmd *cobra.Command, args []string) error {
+ 		return err
+ 	}
+ 
+-	userShell := os.Getenv("SHELL")
+-	if userShell == "" {
+-		return errors.New("failed to get the current user's login shell")
+	userShell, err := getCurrentUserShell()
+	if err != nil {
+		return err
+ 	}
+ 
+ 	command := []string{userShell, "-l"}
+diff --git a/src/cmd/utils.go b/src/cmd/utils.go
+index 250184f0c4c9..12a5e87a50b6 100644
+--- a/src/cmd/utils.go
+++ b/src/cmd/utils.go
+@@ -31,6 +31,7 @@ import (
+ 	"strings"
+ 	"syscall"
+ 
+	"github.com/containers/toolbox/pkg/shell"
+ 	"github.com/containers/toolbox/pkg/utils"
+ 	"github.com/sirupsen/logrus"
+ 	"golang.org/x/sys/unix"
+@@ -383,6 +384,44 @@ func getCurrentUserHomeDir() string {
+ 	return currentUser.HomeDir
+ }
+ 
+func getCurrentUserShell() (string, error) {
+	if currentUser == nil {
+		panic("current user unknown")
+	}
+
+	if userShell := os.Getenv("SHELL"); userShell != "" {
+		return userShell, nil
+	}
+
+	logrus.Debug("Getting the current user's login shell: failed to read SHELL")
+	logrus.Debug("Using 'getent passwd' instead")
+
+	var stderr strings.Builder
+	var stdout strings.Builder
+
+	if err := shell.Run("getent", nil, &stdout, &stderr, "passwd", currentUser.Uid); err != nil {
+		errString := stderr.String()
+		logrus.Debugf("Getting the current user's login shell failed: %s", errString)
+		return "", fmt.Errorf("failed to get the current user's login shell: %w", err)
+	}
+
+	output := stdout.String()
+	passwdLine := strings.TrimSpace(output)
+	if len(passwdLine) == 0 {
+		return "", errors.New("failed to get the current user's login shell: no getent(1) output")
+	}
+
+	passwdLineParts := strings.Split(passwdLine, ":")
+	passwdLinePartsCount := len(passwdLineParts)
+	if passwdLinePartsCount != 7 {
+		logrus.Debugf("Getting the current user's login shell: failed to parse getent(1) output: %s",
+			passwdLine)
+		return "", errors.New("failed to get the current user's login shell: invalid getent(1) output")
+	}
+
+	return passwdLineParts[passwdLinePartsCount-1], nil
+}
+
+ func getUsageForCommonCommands() string {
+ 	var builder strings.Builder
+ 	builder.WriteString("create    Create a new Toolbx container\n")
+diff --git a/test/system/101-create.bats b/test/system/101-create.bats
+index 58068e4222a7..a31cb12dfa1f 100644
+--- a/test/system/101-create.bats
+++ b/test/system/101-create.bats
+@@ -60,6 +60,35 @@ teardown() {
+   assert_output "true"
+ }
+ 
+@test "create: Smoke test with SHELL unset" {
+  local default_container
+  default_container="$(get_system_id)-toolbox-$(get_system_version)"
+
+  pull_default_image
+  unset SHELL
+
+  run --keep-empty-lines --separate-stderr "$TOOLBX" create
+
+  assert_success
+  assert_line --index 0 "Created container: $default_container"
+  assert_line --index 1 "Enter with: toolbox enter"
+  assert [ ${#lines[@]} -eq 2 ]
+  assert [ ${#stderr_lines[@]} -eq 0 ]
+
+  run podman ps --all
+
+  assert_success
+  assert_output --regexp "Created[[:blank:]]+$default_container"
+
+  run podman inspect \
+        --format '{{index .Config.Labels "com.github.containers.toolbox"}}' \
+        --type container \
+        "$default_container"
+
+  assert_success
+  assert_output "true"
+}
+
+ @test "create: With a custom name (using option --container)" {
+   pull_default_image
+ 
+-- 
+2.53.0
+
--- a/SOURCES/toolbox-Make-the-build-flags-match-Fedora.patch
+++ b/SOURCES/toolbox-Make-the-build-flags-match-Fedora.patch
@ -1,4 +1,4 @@
-From 2ad3ed22992dd74c3deb697bdf165bf1e37479ae Mon Sep 17 00:00:00 2001
+From a1bb7d53fab70899c991feb9276cf93a12280750 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
@ -58,5 +58,5 @@ index a5a1a6a508fb..5978422e9aed 100755
 
 exit "$?"
 -- 
-2.50.1
+2.51.0

--- a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-10.patch
+++ b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-10.patch
@ -1,4 +1,4 @@
-From e39af9ab2105d7d7b49b22d22895b3799efee2ef Mon Sep 17 00:00:00 2001
+From f79f96fb8f3ec528952b9719f356e871837987df Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags}
@ -67,5 +67,5 @@ index a5a1a6a508fb..5978422e9aed 100755
 
 exit "$?"
 -- 
-2.50.1
+2.51.0

--- a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-9.patch
+++ b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-9.patch
@ -1,4 +1,4 @@
-From 26bef6542102509a9706bf97122a7ff2130383f8 Mon Sep 17 00:00:00 2001
+From 2d1b4b2492c65abd0d0bf0c71c971f550447412d Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags}
@ -46,5 +46,5 @@ index a5a1a6a508fb..0a2c7526f210 100755
 
 exit "$?"
 -- 
-2.50.1
+2.51.0

--- a/SPECS/toolbox.spec
+++ b/SPECS/toolbox.spec
@ -1,7 +1,16 @@
 %global __brp_check_rpaths %{nil}

+%if 0%{?rhel}
+%if 0%{?rhel} <= 9
+%{!?bash_completions_dir: %global bash_completions_dir %{_datadir}/bash-completion/completions}
+%{!?fish_completions_dir: %global fish_completions_dir %{_datadir}/fish/vendor_completions.d}
+%{!?zsh_completions_dir: %global zsh_completions_dir %{_datadir}/zsh/site-functions}
+%endif
+%endif
+
+
 Name:          toolbox
-Version:       0.2
+Version:       0.3

 %global goipath github.com/containers/%{name}

@ -20,7 +29,7 @@ Version:       0.2
 %global toolbx_go 1.22

 %if 0%{?fedora}
-%global toolbx_go 1.23.9
+%global toolbx_go 1.24.7
 %endif

 %if 0%{?rhel}
@ -29,7 +38,7 @@ Version:       0.2
 %elif 0%{?rhel} == 10
 %global toolbx_go 1.22.5
 %elif 0%{?rhel} > 10
-%global toolbx_go 1.24.3
+%global toolbx_go 1.24.4
 %endif
 %endif

@ -43,6 +52,9 @@ Source0:       https://github.com/containers/%{name}/releases/download/%{version
 # RHEL specific
 Source1:       %{name}.conf

+# Upstream
+Patch0:        toolbox-Fall-back-to-getent-passwd-when-SHELL-is-unset.patch
+
 # Fedora specific
 Patch100:      toolbox-Make-the-build-flags-match-Fedora.patch

@ -115,6 +127,7 @@ The %{name}-tests package contains system tests for %{name}.

 %prep
 %setup -q
+%patch -P0 -p1

 %if 0%{?fedora}
 %patch -P100 -p1
@ -142,14 +155,14 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_

 %meson \
 %if 0%{?rhel}
-    -Dfish_completions_dir=%{_datadir}/fish/vendor_completions.d \
+    -Dfish_completions_dir=%{fish_completions_dir} \
 %if 0%{?rhel} <= 9
    -Dmigration_path_for_coreos_toolbox=true \
 %endif
 %endif
    -Dprofile_dir=%{_sysconfdir}/profile.d \
    -Dtmpfiles_dir=%{_tmpfilesdir} \
-    -Dzsh_completions_dir=%{_datadir}/zsh/site-functions
+    -Dzsh_completions_dir=%{zsh_completions_dir}

 %meson_build

@ -172,15 +185,15 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
 %doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md
 %license COPYING src/vendor/modules.txt
 %{_bindir}/%{name}
-%{_datadir}/bash-completion/completions/%{name}.bash
-%{_datadir}/fish/vendor_completions.d/%{name}.fish
-%{_datadir}/zsh/site-functions/_%{name}
 %{_mandir}/man1/%{name}.1*
 %{_mandir}/man1/%{name}-*.1*
 %{_mandir}/man5/%{name}.conf.5*
 %config(noreplace) %{_sysconfdir}/containers/%{name}.conf
 %{_sysconfdir}/profile.d/%{name}.sh
 %{_tmpfilesdir}/%{name}.conf
+%{bash_completions_dir}/%{name}.bash
+%{fish_completions_dir}/%{name}.fish
+%{zsh_completions_dir}/_%{name}


 %files tests
@ -188,6 +201,14 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf


 %changelog
+* Mon Mar 16 2026 Debarshi Ray <rishi@fedoraproject.org> - 0.3-2
+- Fall back to 'getent passwd' when SHELL is unset
+Resolves: RHEL-152801
+
+* Tue Oct 07 2025 Debarshi Ray <rishi@fedoraproject.org> - 0.3-1
+- Update to 0.3
+Resolves: RHEL-117475
+
 * Mon Aug 11 2025 Debarshi Ray <rishi@fedoraproject.org> - 0.2-2
 - Update to 0.2
 - Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787