Import rpm: e337f39e4ebd7c425f983cd4d98fbfaf382ba14d

This commit is contained in:
James Antill 2023-02-23 12:40:13 -05:00
parent c3495693f1
commit 8de74a0feb
6 changed files with 2334 additions and 30 deletions

View File

@ -1 +1 @@
SHA512 (toolbox-0.0.99.3-vendored.tar.xz) = 4a94c40986de497c53bb3307ca12bea7e86f0a90a1e5d978f59ef4c2157426525f11f6eff196b682e7bcbba4a5f2ec8de163368791bb626c553e1adabaf6b0d5 SHA1 (toolbox-0.0.99.3-vendored.tar.xz) = ae6e6ac18c0d350eeabe9392a37ddc70cd60b52f

View File

@ -1,4 +1,4 @@
From 565947a7df6f4d18cb2f2d3a172b79391880288a Mon Sep 17 00:00:00 2001 From 495760a8e4a193f8403d67e503b4b8156dc859a8 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org> From: Debarshi Ray <rishi@fedoraproject.org>
Date: Wed, 18 Aug 2021 17:55:21 +0200 Date: Wed, 18 Aug 2021 17:55:21 +0200
Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST
@ -22,10 +22,10 @@ index 5954eac55fad..ca363815d4c9 100644
"--tty", "--tty",
"--user", currentUser.Username, "--user", currentUser.Username,
-- --
2.31.1 2.38.1
From fecbda4c3ea823eb04ebe392a6e1422e8ce8dd41 Mon Sep 17 00:00:00 2001 From dc5b363ff4ea53aae11b0582688dc59935539b72 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org> From: Debarshi Ray <rishi@fedoraproject.org>
Date: Fri, 10 Dec 2021 13:42:15 +0100 Date: Fri, 10 Dec 2021 13:42:15 +0100
Subject: [PATCH 2/2] test/system: Update to test the migration path for Subject: [PATCH 2/2] test/system: Update to test the migration path for
@ -97,5 +97,5 @@ index 000000000000..32d87904213e
+ skip "Testing of entering toolboxes is not implemented" + skip "Testing of entering toolboxes is not implemented"
+} +}
-- --
2.31.1 2.38.1

View File

@ -1,4 +1,4 @@
From a245af969792bafcfa86090c856a06cb23061816 Mon Sep 17 00:00:00 2001 From 024cf19e52544814cdee80693a6dc12b5a92943c Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org> From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200 Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild} for PPC64 Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild} for PPC64
@ -20,20 +20,43 @@ Note that these flags are only meant for the "ppc64" CPU architecture,
and should be kept updated to match RHEL's Go guidelines. Use and should be kept updated to match RHEL's Go guidelines. Use
'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
--- ---
src/go-build-wrapper | 3 ++- src/go-build-wrapper | 13 +++++++++----
1 file changed, 2 insertions(+), 1 deletion(-) 1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index 0d27120da052..ef1a03af750a 100755 index ef4aafc8b024..00d7e9fca0e0 100755
--- a/src/go-build-wrapper --- a/src/go-build-wrapper
+++ b/src/go-build-wrapper +++ b/src/go-build-wrapper
@@ -27,5 +27,6 @@ if ! cd "$1"; then @@ -32,9 +32,9 @@ if ! cd "$1"; then
exit 1 exit 1
fi fi
-go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" -tags=""
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
if $6; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$4" --print-file-name=libc.so); then
@@ -69,11 +69,16 @@ fi
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+unset LDFLAGS +unset LDFLAGS
+go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" +
# shellcheck disable=SC2086
go build \
+ -compiler gc \
$tags \
- -trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
+ -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
+ -a \
+ -v \
+ -x \
-o "$2/toolbox"
exit "$?" exit "$?"
-- --
2.31.1 2.31.1

View File

@ -1,4 +1,4 @@
From 05722d2861c23554b9741c059e853da9ab38282e Mon Sep 17 00:00:00 2001 From 89129bd096c8bfac4ff84fc19726898cc901c1fc Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org> From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200 Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild} Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild}
@ -20,20 +20,44 @@ Note that these flags are meant for every CPU architecture other than
PPC64, and should be kept updated to match RHEL's Go guidelines. Use PPC64, and should be kept updated to match RHEL's Go guidelines. Use
'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
--- ---
src/go-build-wrapper | 3 ++- src/go-build-wrapper | 14 ++++++++++----
1 file changed, 2 insertions(+), 1 deletion(-) 1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index 0d27120da052..f08f3218560a 100755 index ef4aafc8b024..e82e42ca8151 100755
--- a/src/go-build-wrapper --- a/src/go-build-wrapper
+++ b/src/go-build-wrapper +++ b/src/go-build-wrapper
@@ -27,5 +27,6 @@ if ! cd "$1"; then @@ -32,9 +32,9 @@ if ! cd "$1"; then
exit 1 exit 1
fi fi
-go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" -tags=""
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
if $6; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$4" --print-file-name=libc.so); then
@@ -69,11 +69,17 @@ fi
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+unset LDFLAGS +unset LDFLAGS
+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" +
# shellcheck disable=SC2086
go build \
+ -buildmode pie \
+ -compiler gc \
$tags \
- -trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
+ -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
+ -a \
+ -v \
+ -x \
-o "$2/toolbox"
exit "$?" exit "$?"
-- --
2.31.1 2.31.1

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,5 @@
%global __brp_check_rpaths %{nil}
# RHEL's RPM toolchain doesn't like the compressed DWARF data generated by the # RHEL's RPM toolchain doesn't like the compressed DWARF data generated by the
# Go toolchain. # Go toolchain.
%global _dwz_low_mem_die_limit 0 %global _dwz_low_mem_die_limit 0
@ -9,11 +11,11 @@ Version: 0.0.99.3
%global goipath github.com/containers/%{name} %global goipath github.com/containers/%{name}
%gometa %gometa
Release: 0.4%{?dist} Release: 5%{?dist}
Summary: Unprivileged development environment Summary: Tool for containerized command line environments on Linux
License: ASL 2.0 License: ASL 2.0
URL: https://github.com/containers/%{name} URL: https://containertoolbx.org/
# https://github.com/containers/%%{name}/releases/download/%%{version}/%%{name}-%%{version}.tar.xz # https://github.com/containers/%%{name}/releases/download/%%{version}/%%{name}-%%{version}.tar.xz
# A vendored tarball was created from the upstream tarball: # A vendored tarball was created from the upstream tarball:
@ -22,20 +24,22 @@ URL: https://github.com/containers/%{name}
Source0: %{name}-%{version}-vendored.tar.xz Source0: %{name}-%{version}-vendored.tar.xz
Source1: %{name}.conf Source1: %{name}.conf
# https://bugzilla.redhat.com/show_bug.cgi?id=2033280
Patch0: toolbox-Unbreak-sorting-and-clearly-identify-copied-images-in-list.patch
# RHEL specific # RHEL specific
Patch100: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch Patch100: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
Patch101: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch Patch101: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
Patch102: toolbox-cmd-run-Make-sosreport-work-by-setting-the-HOST-envi.patch Patch102: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
Patch103: toolbox-cmd-root-Suggest-a-way-forward-if-coreos-toolbox-was.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1905383 # https://bugzilla.redhat.com/show_bug.cgi?id=1905383
ExcludeArch: %{ix86} ExcludeArch: %{ix86}
BuildRequires: golang >= 1.13 BuildRequires: golang >= 1.19.1
BuildRequires: go-md2man BuildRequires: /usr/bin/go-md2man
BuildRequires: meson BuildRequires: meson >= 0.58.0
BuildRequires: pkgconfig(bash-completion) BuildRequires: pkgconfig(bash-completion)
BuildRequires: systemd BuildRequires: systemd-rpm-macros
Requires: containers-common Requires: containers-common
Requires: podman >= 1.4.0 Requires: podman >= 1.4.0
@ -51,6 +55,10 @@ other standard container technologies from OCI.
Summary: Tests for %{name} Summary: Tests for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: coreutils
Requires: gawk
Requires: grep
Requires: skopeo
%description tests %description tests
The %{name}-tests package contains system tests for %{name}. The %{name}-tests package contains system tests for %{name}.
@ -59,6 +67,8 @@ The %{name}-tests package contains system tests for %{name}.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%ifnarch ppc64 %ifnarch ppc64
%patch100 -p1 %patch100 -p1
%else %else
@ -66,7 +76,6 @@ The %{name}-tests package contains system tests for %{name}.
%endif %endif
%patch102 -p1 %patch102 -p1
%patch103 -p1
# %%gomkdir is absent from RHEL 8. # %%gomkdir is absent from RHEL 8.
GOBUILDDIR="$(pwd)/_build" GOBUILDDIR="$(pwd)/_build"
@ -89,7 +98,13 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_
ln -s src/cmd cmd ln -s src/cmd cmd
ln -s src/pkg pkg ln -s src/pkg pkg
ln -s src/vendor vendor ln -s src/vendor vendor
%meson --buildtype=plain -Dprofile_dir=%{_sysconfdir}/profile.d
%meson \
--buildtype=plain \
-Dmigration_path_for_coreos_toolbox=true \
-Dprofile_dir=%{_sysconfdir}/profile.d \
-Dtmpfiles_dir=%{_tmpfilesdir}
%meson_build %meson_build
@ -114,6 +129,33 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
%changelog %changelog
* Tue Dec 13 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-5
- Unbreak sorting and clearly identify copied images in 'list'
Resolves: #2033280
* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-4
- Rebuild for CVE-2022-27664 and CVE-2022-32189
Resolves: #2116767, #2126755
* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-3
- Rebuild for CVE-2022-1705, CVE-2022-30630, CVE-2022-30631 and CVE-2022-30632
Resolves: #2111828
* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-2
- Update to 0.0.99.3
- BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging
guidelines
- Update the Summary to match upstream
- Update the URL to point to the website
Resolves: #2047290
* Wed May 11 2022 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.6
- BuildRequires: /usr/bin/go-md2man
- Related: #2061390
* Fri Apr 08 2022 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.5
- Related: #2061390
* Mon Sep 20 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.4 * Mon Sep 20 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.4
- Switch to using the Toolbox-specific UBI image by default - Switch to using the Toolbox-specific UBI image by default
- Related: #2001445 - Related: #2001445