Import rpm: e337f39e4ebd7c425f983cd4d98fbfaf382ba14d

2023-02-23 12:40:13 -05:00 · 2023-02-23 12:40:13 -05:00 · 8de74a0feb
commit 8de74a0feb
parent c3495693f1
6 changed files with 2334 additions and 30 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (toolbox-0.0.99.3-vendored.tar.xz) = 4a94c40986de497c53bb3307ca12bea7e86f0a90a1e5d978f59ef4c2157426525f11f6eff196b682e7bcbba4a5f2ec8de163368791bb626c553e1adabaf6b0d5
+SHA1 (toolbox-0.0.99.3-vendored.tar.xz) = ae6e6ac18c0d350eeabe9392a37ddc70cd60b52f
--- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
+++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
@ -1,4 +1,4 @@
-From 565947a7df6f4d18cb2f2d3a172b79391880288a Mon Sep 17 00:00:00 2001
+From 495760a8e4a193f8403d67e503b4b8156dc859a8 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Wed, 18 Aug 2021 17:55:21 +0200
 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST
@ -22,10 +22,10 @@ index 5954eac55fad..ca363815d4c9 100644
 		"--tty",
 		"--user", currentUser.Username,
 -- 
-2.31.1
+2.38.1


-From fecbda4c3ea823eb04ebe392a6e1422e8ce8dd41 Mon Sep 17 00:00:00 2001
+From dc5b363ff4ea53aae11b0582688dc59935539b72 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Fri, 10 Dec 2021 13:42:15 +0100
 Subject: [PATCH 2/2] test/system: Update to test the migration path for
@ -97,5 +97,5 @@ index 000000000000..32d87904213e
 +  skip "Testing of entering toolboxes is not implemented"
 +}
 -- 
-2.31.1
+2.38.1

--- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
@ -1,4 +1,4 @@
-From a245af969792bafcfa86090c856a06cb23061816 Mon Sep 17 00:00:00 2001
+From 024cf19e52544814cdee80693a6dc12b5a92943c Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild} for PPC64
@ -20,20 +20,43 @@ Note that these flags are only meant for the "ppc64" CPU architecture,
 and should be kept updated to match RHEL's Go guidelines. Use
 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
 ---
- src/go-build-wrapper | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
+ src/go-build-wrapper | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)

 diff --git a/src/go-build-wrapper b/src/go-build-wrapper
-index 0d27120da052..ef1a03af750a 100755
+index ef4aafc8b024..00d7e9fca0e0 100755
 --- a/src/go-build-wrapper
 +++ b/src/go-build-wrapper
-@@ -27,5 +27,6 @@ if ! cd "$1"; then
+@@ -32,9 +32,9 @@ if ! cd "$1"; then
     exit 1
 fi
 
-go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox"
+-tags=""
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
+ if $6; then
+-    tags="-tags migration_path_for_coreos_toolbox"
+    tags="$tags,migration_path_for_coreos_toolbox"
+ fi
+ 
+ if ! libc_dir=$("$4" --print-file-name=libc.so); then
+@@ -69,11 +69,16 @@ fi
+ 
+ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+ 
 +unset LDFLAGS
-+go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox"
+
+ # shellcheck disable=SC2086
+ go build \
+        -compiler gc \
+         $tags \
+-        -trimpath \
+-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
+        -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
+        -a \
+        -v \
+        -x \
+         -o "$2/toolbox"
+ 
 exit "$?"
 -- 
 2.31.1
--- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
@ -1,4 +1,4 @@
-From 05722d2861c23554b9741c059e853da9ab38282e Mon Sep 17 00:00:00 2001
+From 89129bd096c8bfac4ff84fc19726898cc901c1fc Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild}
@ -20,20 +20,44 @@ Note that these flags are meant for every CPU architecture other than
 PPC64, and should be kept updated to match RHEL's Go guidelines. Use
 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
 ---
- src/go-build-wrapper | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
+ src/go-build-wrapper | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)

 diff --git a/src/go-build-wrapper b/src/go-build-wrapper
-index 0d27120da052..f08f3218560a 100755
+index ef4aafc8b024..e82e42ca8151 100755
 --- a/src/go-build-wrapper
 +++ b/src/go-build-wrapper
-@@ -27,5 +27,6 @@ if ! cd "$1"; then
+@@ -32,9 +32,9 @@ if ! cd "$1"; then
     exit 1
 fi
 
-go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox"
+-tags=""
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
+ if $6; then
+-    tags="-tags migration_path_for_coreos_toolbox"
+    tags="$tags,migration_path_for_coreos_toolbox"
+ fi
+ 
+ if ! libc_dir=$("$4" --print-file-name=libc.so); then
+@@ -69,11 +69,17 @@ fi
+ 
+ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+ 
 +unset LDFLAGS
-+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox"
+
+ # shellcheck disable=SC2086
+ go build \
+        -buildmode pie \
+        -compiler gc \
+         $tags \
+-        -trimpath \
+-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
+        -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
+        -a \
+        -v \
+        -x \
+         -o "$2/toolbox"
+ 
 exit "$?"
 -- 
 2.31.1
--- a/toolbox-Unbreak-sorting-and-clearly-identify-copied-images-in-list.patch
+++ b/toolbox-Unbreak-sorting-and-clearly-identify-copied-images-in-list.patch
--- a/toolbox.spec
+++ b/toolbox.spec
@ -1,3 +1,5 @@
+%global __brp_check_rpaths %{nil}
+
 # RHEL's RPM toolchain doesn't like the compressed DWARF data generated by the
 # Go toolchain.
 %global _dwz_low_mem_die_limit 0
@ -9,11 +11,11 @@ Version:       0.0.99.3
 %global goipath github.com/containers/%{name}
 %gometa

-Release:       0.4%{?dist}
-Summary:       Unprivileged development environment
+Release:       5%{?dist}
+Summary:       Tool for containerized command line environments on Linux

 License:       ASL 2.0
-URL:           https://github.com/containers/%{name}
+URL:           https://containertoolbx.org/

 # https://github.com/containers/%%{name}/releases/download/%%{version}/%%{name}-%%{version}.tar.xz
 # A vendored tarball was created from the upstream tarball:
@ -22,20 +24,22 @@ URL:           https://github.com/containers/%{name}
 Source0:       %{name}-%{version}-vendored.tar.xz
 Source1:       %{name}.conf

+# https://bugzilla.redhat.com/show_bug.cgi?id=2033280
+Patch0:        toolbox-Unbreak-sorting-and-clearly-identify-copied-images-in-list.patch
+
 # RHEL specific
 Patch100:      toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
 Patch101:      toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
-Patch102:      toolbox-cmd-run-Make-sosreport-work-by-setting-the-HOST-envi.patch
-Patch103:      toolbox-cmd-root-Suggest-a-way-forward-if-coreos-toolbox-was.patch
+Patch102:      toolbox-Add-migration-paths-for-coreos-toolbox-users.patch

 # https://bugzilla.redhat.com/show_bug.cgi?id=1905383
 ExcludeArch:   %{ix86}

-BuildRequires: golang >= 1.13
-BuildRequires: go-md2man
-BuildRequires: meson
+BuildRequires: golang >= 1.19.1
+BuildRequires: /usr/bin/go-md2man
+BuildRequires: meson >= 0.58.0
 BuildRequires: pkgconfig(bash-completion)
-BuildRequires: systemd
+BuildRequires: systemd-rpm-macros

 Requires:      containers-common
 Requires:      podman >= 1.4.0
@ -51,6 +55,10 @@ other standard container technologies from OCI.
 Summary:       Tests for %{name}

 Requires:      %{name}%{?_isa} = %{version}-%{release}
+Requires:      coreutils
+Requires:      gawk
+Requires:      grep
+Requires:      skopeo

 %description   tests
 The %{name}-tests package contains system tests for %{name}.
@ -59,6 +67,8 @@ The %{name}-tests package contains system tests for %{name}.
 %prep
 %setup -q

+%patch0 -p1
+
 %ifnarch ppc64
 %patch100 -p1
 %else
@ -66,7 +76,6 @@ The %{name}-tests package contains system tests for %{name}.
 %endif

 %patch102 -p1
-%patch103 -p1

 # %%gomkdir is absent from RHEL 8.
 GOBUILDDIR="$(pwd)/_build"
@ -89,7 +98,13 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_
 ln -s src/cmd cmd
 ln -s src/pkg pkg
 ln -s src/vendor vendor
-%meson --buildtype=plain -Dprofile_dir=%{_sysconfdir}/profile.d
+
+%meson \
+    --buildtype=plain \
+    -Dmigration_path_for_coreos_toolbox=true \
+    -Dprofile_dir=%{_sysconfdir}/profile.d \
+    -Dtmpfiles_dir=%{_tmpfilesdir}
+
 %meson_build


@ -114,6 +129,33 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf


 %changelog
+* Tue Dec 13 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-5
+- Unbreak sorting and clearly identify copied images in 'list'
+Resolves: #2033280
+
+* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-4
+- Rebuild for CVE-2022-27664 and CVE-2022-32189
+Resolves: #2116767, #2126755
+
+* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-3
+- Rebuild for CVE-2022-1705, CVE-2022-30630, CVE-2022-30631 and CVE-2022-30632
+Resolves: #2111828
+
+* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-2
+- Update to 0.0.99.3
+- BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging
+  guidelines
+- Update the Summary to match upstream
+- Update the URL to point to the website
+Resolves: #2047290
+
+* Wed May 11 2022 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.6
+- BuildRequires: /usr/bin/go-md2man
+- Related: #2061390
+
+* Fri Apr 08 2022 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.5
+- Related: #2061390
+
 * Mon Sep 20 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.4
 - Switch to using the Toolbox-specific UBI image by default
 - Related: #2001445