rpms/toolbox
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 0.0.99.6

Browse Source 
Update the compiler and linker flags for RHEL 10 by incorporating the
distribution's defaults from RHEL 10.0 Beta, because RHEL 10.0 is still
early in its development cycle and the defaults may be in a state of
flux.  Some exceptions are mentioned below.

The '-z pack-relative-relocs' linker flag was left out.  It's currently
not supported on s390x, so using it would require architecture specific
patches, which is a hassle.  Support for aarch64 was recently added [1],
so hopefully s390x will also be supported soon.

The change to use the RPM's %{name}, %{version}, %{release} and the
SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to
generate the build ID annotation for the toolbox(1) binary [3] was left
out.  It will need more work to propagate the RPM's %{name}, %{version}
and %{release} to Meson.

The 'rpminspect --tests=elf' test run by the downstream CI was silenced
because toolbox(1) is only built with the '-z relro' linker flag, but
not '-z now' [4].  Otherwise, it fails with:
  /usr/bin/toolbox lost full GNU_RELRO security protection

Stop carrying the downstream patch for the compiler and linker flags for
PPC64.  The architecture was already discontinued from Fedora 29 [5],
even before the patch was added [6].  It was added purely for the sake
of completeness, and in the last four years since it was introduced, it
hasn't been tested or used.  At this point it's becoming too much of a
maintenance burden, and removing it silences the %ifarch-applied-patch
warning from rpmlint.

Fill in some of the missing Requires for the toolbox-tests sub-package.

[1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b
    https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b
    https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42
    https://issues.redhat.com/browse/RHEL-40379

[2] https://reproducible-builds.org/docs/source-date-epoch/

[3] go-rpm-macros commit 1980932bf3a21890
    https://pagure.io/go-rpm-macros/c/1980932bf3a21890
    https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds

[4] Upstream commit 83f28c52e47c2d44
    https://github.com/containers/toolbox/commit/83f28c52e47c2d44
    https://github.com/containers/toolbox/pull/1548

[5] https://fedoraproject.org/wiki/Changes/DiscontinuePPC64

[6] Fedora toolbox commit ba60453d21
    https://src.fedoraproject.org/rpms/toolbox/c/ba60453d216a9226
    https://src.fedoraproject.org/rpms/toolbox/pull-request/2

Resolves: RHEL-61579
This commit is contained in:
Debarshi Ray 2024-10-04 15:59:13 +02:00
parent 3258a3a85c
commit b78b16e24a
17 changed files with 427 additions and 1510 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -31,3 +31,4 @@
/toolbox-0.0.99.3-vendor.tar.xz
/toolbox-0.0.99.4-vendored.tar.xz
/toolbox-0.0.99.5-vendored.tar.xz
/toolbox-0.0.99.6-vendored.tar.xz

3
rpminspect.yaml
View File

@ -7,6 +7,9 @@ annocheck:
extra_opts:
hardened: --skip-run-path --skip-stack-prot
elf:
exclude_path: /usr/bin/toolbox
runpath:
allowed_paths:
- /run/host/usr/lib

2
sources
View File

@ -1 +1 @@
SHA512 (toolbox-0.0.99.5-vendored.tar.xz) = d82666e9abcbac2d01de440dfb8d57801bb97ec0854a9859c64689c47c6a1344b846fb151ffa9371d0a9a2c85c8f61c96cf8f546449ec63c9a44d85ef328b745
SHA512 (toolbox-0.0.99.6-vendored.tar.xz) = 9ecec200069e8e2536e5ece43d411f9025dba6f60573e7939a0fc26deef29f0297d405a44fd409e978879b0579ab0a79ace97228a199584854c638213fa219d7

54
toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
View File

@ -1,54 +0,0 @@
From 4f8b443ab925c84d059d894ddcfcf4dcf66a747e Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
for PPC64
The Go toolchain also doesn't like the LDFLAGS environment variable as
exported by Fedora's %{meson} RPM macro.
Note that these flags are only meant for the "ppc64" CPU architecture,
and should be kept updated to match Fedora's Go guidelines. Use
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
src/go-build-wrapper | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index c572d6dfb02b..cae2de426a96 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
exit 1
fi
-tags=""
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
if $7; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -70,11 +70,16 @@ fi
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+unset LDFLAGS
+
# shellcheck disable=SC2086
go build \
+ -compiler gc \
$tags \
- -trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -a \
+ -v \
+ -x \
-o "$2/$3"
exit "$?"
--
2.43.0

54
toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
View File

@ -1,54 +0,0 @@
From 3175ef2fab1f61f5784361070ac338dabda3c04e Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
The Go toolchain doesn't like the LDFLAGS environment variable as
exported by Fedora's %{meson} RPM macro.
Note that these flags are meant for every CPU architecture other than
PPC64, and should be kept updated to match Fedora's Go guidelines. Use
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
src/go-build-wrapper | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index c572d6dfb02b..0e6a2efa6853 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
exit 1
fi
-tags=""
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
if $7; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -70,11 +70,17 @@ fi
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+unset LDFLAGS
+
# shellcheck disable=SC2086
go build \
+ -buildmode pie \
+ -compiler gc \
$tags \
- -trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -a \
+ -v \
+ -x \
-o "$2/$3"
exit "$?"
--
2.43.0

47
toolbox-Make-the-build-flags-match-Fedora.patch Normal file
View File

@ -0,0 +1,47 @@
From 7dc70160c8ff531473004e879dd57ec303789d71 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
Note that these flags are meant for every CPU architecture other than
PPC64, and should be kept updated to match Fedora's Go guidelines. Use
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
src/go-build-wrapper | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index a5a1a6a508fb..5978422e9aed 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
exit 1
fi
-tags=""
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}"
if $7; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
# shellcheck disable=SC2086
go build \
+ -buildmode pie \
+ -compiler gc \
$tags \
-trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -a \
+ -v \
+ -x \
-o "$2/$3"
exit "$?"
--
2.46.1

71
toolbox-Make-the-build-flags-match-RHEL-10.patch Normal file
View File

@ -0,0 +1,71 @@
From f08f64c0d5f2019055381c3c00426fe8545e5e31 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags}
These reflect the defaults for RHEL 10.0 Beta, because RHEL 10.0 is
still early in its development cycle and the defaults may be in a state
of flux. Some exceptions are mentioned below.
The '-z pack-relative-relocs' linker flag was left out. It's currently
not supported on s390x, so using it would require architecture specific
patches, which is a hassle. Support for aarch64 was recently added [1],
so hopefully s390x will also be supported soon.
The change to use the RPM's %{name}, %{version}, %{release} and the
SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to
generate the build ID annotation for the toolbox(1) binary [2] was left
out. It will need more work to propagate the RPM's %{name}, %{version}
and %{release} to Meson.
Note that these flags are meant for every CPU architecture other than
PPC64, and should be kept updated to match RHEL 10's Go guidelines. Use
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
[1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b
https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b
https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42
https://issues.redhat.com/browse/RHEL-40379
[2] go-rpm-macros commit 1980932bf3a21890
https://pagure.io/go-rpm-macros/c/1980932bf3a21890
https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds
---
src/go-build-wrapper | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index a5a1a6a508fb..5978422e9aed 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
exit 1
fi
-tags=""
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}"
if $7; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
# shellcheck disable=SC2086
go build \
+ -buildmode pie \
+ -compiler gc \
$tags \
-trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -a \
+ -v \
+ -x \
-o "$2/$3"
exit "$?"
--
2.46.1

50
toolbox-Make-the-build-flags-match-RHEL-9.patch Normal file
View File

@ -0,0 +1,50 @@
From ff1320fa869f1e4952836436ab2ad928cbba0987 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags}
These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early
in its development cycle and the defaults may be in a state of flux.
Note that these flags are meant for every CPU architecture other than
PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
src/go-build-wrapper | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index a5a1a6a508fb..0a2c7526f210 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
exit 1
fi
-tags=""
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl"
if $7; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
# shellcheck disable=SC2086
go build \
+ -buildmode pie \
+ -compiler gc \
$tags \
-trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -a \
+ -v \
+ -x \
-o "$2/$3"
exit "$?"
--
2.46.1

55
toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
View File

@ -1,55 +0,0 @@
From 973600219168f3c4efeb627c103085555327eaa5 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} for
PPC64
The Go toolchain also doesn't like the LDFLAGS environment variable as
exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
like the compressed DWARF data generated by the Go toolchain.
Note that these flags are only meant for the "ppc64" CPU architecture,
and should be kept updated to match RHEL's Go guidelines. Use
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
src/go-build-wrapper | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index c572d6dfb02b..86f174716608 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
exit 1
fi
-tags=""
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
if $7; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -70,11 +70,16 @@ fi
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+unset LDFLAGS
+
# shellcheck disable=SC2086
go build \
+ -compiler gc \
$tags \
- -trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -a \
+ -v \
+ -x \
-o "$2/$3"
exit "$?"
--
2.39.2

55
toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
View File

@ -1,55 +0,0 @@
From aeaa8cd30a8c5ad33ee1fe6b9e84ecbb28f7264c Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags}
The Go toolchain doesn't like the LDFLAGS environment variable as
exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
like the compressed DWARF data generated by the Go toolchain.
Note that these flags are meant for every CPU architecture other than
PPC64, and should be kept updated to match RHEL's Go guidelines. Use
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
src/go-build-wrapper | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index c572d6dfb02b..d39764fda0c1 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
exit 1
fi
-tags=""
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
if $7; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -70,11 +70,17 @@ fi
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+unset LDFLAGS
+
# shellcheck disable=SC2086
go build \
+ -buildmode pie \
+ -compiler gc \
$tags \
- -trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -a \
+ -v \
+ -x \
-o "$2/$3"
exit "$?"
--
2.39.2

81
toolbox-Revert-Work-around-bug-in-past.patch Normal file
View File

@ -0,0 +1,81 @@
From ed14cd483ae45c5f4cf5596b11c384f4b42bb53b Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Fri, 4 Oct 2024 22:09:03 +0200
Subject: [PATCH] Revert "playbooks, test/system: Work around bug in pasta(1)
networks"
The bug in pasta(1) that necessitated this workaround has since been
fixed in passt 2024_05_10.7288448 [1]. Some host operating systems like
CentOS Stream 10 no longer have slirp4netns(1), and it's generally
better to test the defaults.
This reverts commit b58f9a51088afbfc22edb0b25776cfa2c4d8cc40.
[1] https://github.com/containers/podman/issues/22575
https://archives.passt.top/passt-dev/20240508090338.2735208-1-sbrivio@redhat.com/
https://archives.passt.top/passt-user/20240510225714.6aa8e6c0@elisabeth/
https://github.com/containers/toolbox/pull/1562
---
playbooks/dependencies-centos-9-stream.yaml | 3 +--
playbooks/dependencies-fedora.yaml | 3 +--
test/system/libs/helpers.bash | 1 -
3 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml
index 5c1194c03583..d058d314b7b3 100644
--- a/playbooks/dependencies-centos-9-stream.yaml
+++ b/playbooks/dependencies-centos-9-stream.yaml
@@ -13,7 +13,6 @@
- podman
- shadow-utils-subid-devel
- skopeo
- - slirp4netns
- systemd
- udisks2
@@ -55,7 +54,7 @@
chdir: '{{ zuul.project.src_dir }}'
- name: Check versions of crucial packages
- command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns
+ command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
- name: Show podman versions
command: podman version
diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml
index ea605135a4c2..8007ce958ddb 100644
--- a/playbooks/dependencies-fedora.yaml
+++ b/playbooks/dependencies-fedora.yaml
@@ -35,7 +35,6 @@
- podman
- shadow-utils-subid-devel
- skopeo
- - slirp4netns
- systemd
- udisks2
use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}"
@@ -56,7 +55,7 @@
chdir: '{{ zuul.project.src_dir }}'
- name: Check versions of crucial packages
- command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns
+ command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
- name: Show podman versions
command: podman version
diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash
index dfd6236c2943..2d05641f5d0a 100644
--- a/test/system/libs/helpers.bash
+++ b/test/system/libs/helpers.bash
@@ -195,7 +195,6 @@ function _setup_docker_registry() {
--env REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
--env REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
--name "${DOCKER_REG_NAME}" \
- --network slirp4netns \
--privileged \
--publish 50000:5000 \
--rm \
--
2.46.1

104
toolbox-Unbreak-downstream-Fedora-CI.patch Normal file
View File

@ -0,0 +1,104 @@
From 1e90c721858b3119702b93445f535f9c23af88e6 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Wed, 2 Oct 2024 22:43:37 +0200
Subject: [PATCH] test/system: Unbreak the downstream Fedora CI
The working directory from which bats(1) is invoked might not be part of
the Toolbx container. eg., the downstream Fedora CI invokes the tests
as:
$ cd /path/to/toolbox/test/system
$ bats .
... and it led to:
not ok 8 help: Try unknown command (forwarded to host)
# tags: commands-options
# (from function `assert_line' in file
./libs/bats-assert/src/assert.bash, line 488,
# in test file ./002-help.bats, line 135)
# `assert_line --index 0
"Error: unknown command \"foo\" for \"toolbox\""' failed
#
# -- line differs --
# index : 0
# expected : Error: unknown command "foo" for "toolbox"
# actual : Error: crun: chdir to `/usr/share/toolbox/test/system`:
No such file or directory: OCI runtime attempted to invoke a
command that was not found
# --
#
https://github.com/containers/toolbox/pull/1560
---
test/system/002-help.bats | 2 ++
test/system/501-create.bats | 2 ++
test/system/504-run.bats | 2 ++
test/system/505-enter.bats | 2 ++
4 files changed, 8 insertions(+)
diff --git a/test/system/002-help.bats b/test/system/002-help.bats
index 57e918a04d22..a8bfbc2c79d2 100644
--- a/test/system/002-help.bats
+++ b/test/system/002-help.bats
@@ -25,9 +25,11 @@ setup() {
bats_require_minimum_version 1.10.0
_setup_environment
cleanup_all
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_all
}
diff --git a/test/system/501-create.bats b/test/system/501-create.bats
index 3f50f98e6bf3..cfb676b7001b 100644
--- a/test/system/501-create.bats
+++ b/test/system/501-create.bats
@@ -25,9 +25,11 @@ setup() {
bats_require_minimum_version 1.8.0
_setup_environment
cleanup_all
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_all
}
diff --git a/test/system/504-run.bats b/test/system/504-run.bats
index cc5f6fa8bb09..6ee3e86af1ff 100644
--- a/test/system/504-run.bats
+++ b/test/system/504-run.bats
@@ -25,9 +25,11 @@ setup() {
bats_require_minimum_version 1.8.0
_setup_environment
cleanup_all
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_all
}
diff --git a/test/system/505-enter.bats b/test/system/505-enter.bats
index 405d184f145e..57e58651623d 100644
--- a/test/system/505-enter.bats
+++ b/test/system/505-enter.bats
@@ -25,9 +25,11 @@ setup() {
bats_require_minimum_version 1.8.0
_setup_environment
cleanup_all
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_all
}
--
2.46.1

30
toolbox-Update-fallback-release-to-40-for-non-fedo.patch Normal file
View File

@ -0,0 +1,30 @@
From b524f4cebd8c65746089f898e14a99c7cfded306 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Thu, 3 Oct 2024 22:08:04 +0200
Subject: [PATCH] pkg/utils: Update fallback release to 40 for non-fedora hosts
Fedora 38 reached End of Life on 21st May 2024:
https://docs.fedoraproject.org/en-US/releases/eol/
https://bugzilla.redhat.com/show_bug.cgi?id=2316312
https://github.com/containers/toolbox/pull/1561
---
src/pkg/utils/utils.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go
index eefcd1eeb2cc..37a49fedf772 100644
--- a/src/pkg/utils/utils.go
+++ b/src/pkg/utils/utils.go
@@ -64,7 +64,7 @@ const (
containerNamePrefixFallback = "fedora-toolbox"
distroFallback = "fedora"
idTruncLength = 12
- releaseFallback = "38"
+ releaseFallback = "40"
)
const (
--
2.46.1

161
toolbox-playbooks-test-system-bats-1.11-podman-5.patch
View File

@ -1,161 +0,0 @@
From 6626b11e1565412e411f585657ebe9615ec58cad Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Wed, 17 Apr 2024 16:58:32 +0200
Subject: [PATCH 1/2] playbooks: Show the Bats version
Ansible's built-in 'package' module doesn't show any details when
installing the RPMs. All that can be seen is:
TASK [Install RPM packages]
fedora-rawhide | changed
Therefore, there's no way to know what version of the packages got
installed.
In this case, not knowing the Bats version being used by the CI makes it
difficult to know why the tests are generating this spew on Fedora
Rawhide [1]:
TASK [Run system tests]
test/system/libs/helpers.bash: line 7: TEMP_BASE_DIR: readonly variable
test/system/libs/helpers.bash: line 8: TEMP_STORAGE_DIR: readonly variable
test/system/libs/helpers.bash: line 10: IMAGE_CACHE_DIR: readonly variable
test/system/libs/helpers.bash: line 11: ROOTLESS_PODMAN_STORE_DIR: readonly variable
test/system/libs/helpers.bash: line 12: ROOTLESS_PODMAN_RUNROOT_DIR: readonly variable
test/system/libs/helpers.bash: line 13: PODMAN_STORE_CONFIG_FILE: readonly variable
test/system/libs/helpers.bash: line 14: DOCKER_REG_ROOT: readonly variable
test/system/libs/helpers.bash: line 15: DOCKER_REG_CERTS_DIR: readonly variable
test/system/libs/helpers.bash: line 16: DOCKER_REG_AUTH_DIR: readonly variable
test/system/libs/helpers.bash: line 17: DOCKER_REG_URI: readonly variable
test/system/libs/helpers.bash: line 18: DOCKER_REG_NAME: readonly variable
test/system/libs/helpers.bash: line 21: PODMAN: readonly variable
test/system/libs/helpers.bash: line 22: TOOLBX: readonly variable
test/system/libs/helpers.bash: line 23: SKOPEO: readonly variable
...
fedora-rawhide | 1..340
[1] https://github.com/bats-core/bats-core/pull/904
https://github.com/containers/toolbox/pull/1482
---
playbooks/dependencies-centos-9-stream.yaml | 2 +-
playbooks/dependencies-fedora.yaml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml
index ffbc6d9903cb..d058d314b7b3 100644
--- a/playbooks/dependencies-centos-9-stream.yaml
+++ b/playbooks/dependencies-centos-9-stream.yaml
@@ -54,7 +54,7 @@
chdir: '{{ zuul.project.src_dir }}'
- name: Check versions of crucial packages
- command: rpm -qa ShellCheck codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
+ command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
- name: Show podman versions
command: podman version
diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml
index d493bd0729ea..ade169917cbe 100644
--- a/playbooks/dependencies-fedora.yaml
+++ b/playbooks/dependencies-fedora.yaml
@@ -54,7 +54,7 @@
chdir: '{{ zuul.project.src_dir }}'
- name: Check versions of crucial packages
- command: rpm -qa ShellCheck codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
+ command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
- name: Show podman versions
command: podman version
--
2.44.0
From b58f9a51088afbfc22edb0b25776cfa2c4d8cc40 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 25 Mar 2024 23:04:23 +0100
Subject: [PATCH 2/2] playbooks, test/system: Work around bug in pasta(1)
networks
Podman 5.0 switched to using pasta(1), instead of slirp4netns(1), by
default for rootless containers. This change has led to a regression
causing 'skopeo copy' to get stuck uploading an OCI image to the local
temporary Docker registry run by the tests as a Podman container [1],
which breaks the test suite on Fedora 40 onwards.
Work around this by forcing the use of slirp4netns(1).
Note that the slirp4nets package needs to be explicitly installed on
Fedora 40 onwards, because the dependency in containers-common-extra
changed from Recommends to Suggests [2].
[1] https://github.com/containers/podman/issues/22575
[2] Fedora containers-common commit 17934d87b2686ab5
Fedora containers-common commit 13c232f064113860
https://src.fedoraproject.org/rpms/containers-common/c/17934d87b2686ab5
https://src.fedoraproject.org/rpms/containers-common/c/13c232f064113860
https://github.com/containers/toolbox/pull/1468
---
playbooks/dependencies-centos-9-stream.yaml | 3 ++-
playbooks/dependencies-fedora.yaml | 3 ++-
test/system/libs/helpers.bash | 1 +
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml
index d058d314b7b3..5c1194c03583 100644
--- a/playbooks/dependencies-centos-9-stream.yaml
+++ b/playbooks/dependencies-centos-9-stream.yaml
@@ -13,6 +13,7 @@
- podman
- shadow-utils-subid-devel
- skopeo
+ - slirp4netns
- systemd
- udisks2
@@ -54,7 +55,7 @@
chdir: '{{ zuul.project.src_dir }}'
- name: Check versions of crucial packages
- command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
+ command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns
- name: Show podman versions
command: podman version
diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml
index ade169917cbe..76ce655bf9d3 100644
--- a/playbooks/dependencies-fedora.yaml
+++ b/playbooks/dependencies-fedora.yaml
@@ -35,6 +35,7 @@
- podman
- shadow-utils-subid-devel
- skopeo
+ - slirp4netns
- systemd
- udisks2
@@ -54,7 +55,7 @@
chdir: '{{ zuul.project.src_dir }}'
- name: Check versions of crucial packages
- command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
+ command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns
- name: Show podman versions
command: podman version
diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash
index 66278888cbe2..c056c601ab94 100644
--- a/test/system/libs/helpers.bash
+++ b/test/system/libs/helpers.bash
@@ -202,6 +202,7 @@ function _setup_docker_registry() {
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
+ --network slirp4netns \
-p 50000:443 \
"${IMAGES[docker-reg]}"
assert_success
--
2.44.0

208
toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch
View File

@ -1,208 +0,0 @@
From a859f73d075ec0505994d8ce0f371ec28e466983 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Tue, 13 Feb 2024 21:56:06 +0100
Subject: [PATCH 1/2] test/system: Unbreak Podman's downstream Fedora CI
The paths to bats-assert and bats-support are broken, if bats(1) is
invoked from any other location than the parent directory of the 'tests'
directory. eg., Podman's downstream Fedora CI invokes the tests as:
$ cd /path/to/toolbox/test/system
$ bats .
... and it led to [1]:
1..306
# test suite: Set up
# Missing dependencies
# Forgot to run 'git submodule init' and 'git submodule update' ?
# test suite: Tear down
not ok 1 setup_suite
# (from function `setup_suite' in test file ./setup_suite.bash, line 33)
# `return 1' failed
# bats warning: Executed 1 instead of expected 306 tests
Fallout from 2c0960660330dc6be6861502988695f9812c475a
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2263968
https://github.com/containers/toolbox/pull/1448
---
test/system/setup_suite.bash | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/system/setup_suite.bash b/test/system/setup_suite.bash
index e4edf232bcd8..01985b7f9afc 100644
--- a/test/system/setup_suite.bash
+++ b/test/system/setup_suite.bash
@@ -17,7 +17,7 @@
missing_dependencies=false
-if [ -f test/system/libs/bats-assert/load.bash ] && [ -f test/system/libs/bats-support/load.bash ]; then
+if [ -f "$BATS_TEST_DIRNAME/libs/bats-assert/load.bash" ] && [ -f "$BATS_TEST_DIRNAME/libs/bats-support/load.bash" ]; then
load 'libs/helpers'
else
missing_dependencies=true
--
2.43.0
From a183876eae2bb4ffd84bca4303fc28be6725ebc2 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Fri, 23 Feb 2024 10:38:16 +0100
Subject: [PATCH 2/2] test/system: Unbreak Podman's downstream Fedora CI (part
2)
The working directory from which bats(1) is invoked might not be part of
the Toolbx container. eg., Podman's downstream Fedora CI invokes the
tests as:
$ cd /path/to/toolbox/test/system
$ bats .
... and it led to [1]:
not ok 110 run: Smoke test with true(1)
# (from function `assert_output' in file
./libs/bats-assert/src/assert.bash, line 255,
# in test file ./104-run.bats, line 38)
# `assert_output ""' failed
#
# -- output differs --
# expected (0 lines):
#
# actual (3 lines):
# Error: crun: chdir to `/usr/share/toolbox/test/system`: No such
file or directory: OCI runtime attempted to invoke a command that
was not found
# Error: directory /usr/share/toolbox/test/system not found in
container fedora-toolbox-41
# Using /home/testuser instead.
# --
#
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2263968
https://github.com/containers/toolbox/pull/1457
---
test/system/104-run.bats | 2 ++
test/system/201-ipc.bats | 2 ++
test/system/203-network.bats | 2 ++
test/system/206-user.bats | 2 ++
test/system/210-ulimit.bats | 2 ++
test/system/211-dbus.bats | 2 ++
test/system/220-environment-variables.bats | 2 ++
7 files changed, 14 insertions(+)
diff --git a/test/system/104-run.bats b/test/system/104-run.bats
index ff11a8477062..a0cb89fdeeca 100644
--- a/test/system/104-run.bats
+++ b/test/system/104-run.bats
@@ -23,9 +23,11 @@ setup() {
bats_require_minimum_version 1.7.0
_setup_environment
cleanup_containers
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_containers
}
diff --git a/test/system/201-ipc.bats b/test/system/201-ipc.bats
index 15c791dec86d..09200b41d06c 100644
--- a/test/system/201-ipc.bats
+++ b/test/system/201-ipc.bats
@@ -23,9 +23,11 @@ setup() {
bats_require_minimum_version 1.7.0
_setup_environment
cleanup_containers
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_containers
}
diff --git a/test/system/203-network.bats b/test/system/203-network.bats
index db1ba561f314..012374e3317f 100644
--- a/test/system/203-network.bats
+++ b/test/system/203-network.bats
@@ -35,9 +35,11 @@ setup() {
bats_require_minimum_version 1.7.0
_setup_environment
cleanup_containers
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_containers
}
diff --git a/test/system/206-user.bats b/test/system/206-user.bats
index 2df7862f259e..473a6b40905a 100644
--- a/test/system/206-user.bats
+++ b/test/system/206-user.bats
@@ -23,9 +23,11 @@ setup() {
bats_require_minimum_version 1.7.0
_setup_environment
cleanup_containers
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_containers
}
diff --git a/test/system/210-ulimit.bats b/test/system/210-ulimit.bats
index ea0c46685df1..ea08feea1513 100644
--- a/test/system/210-ulimit.bats
+++ b/test/system/210-ulimit.bats
@@ -23,9 +23,11 @@ setup() {
bats_require_minimum_version 1.7.0
_setup_environment
cleanup_containers
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_containers
}
diff --git a/test/system/211-dbus.bats b/test/system/211-dbus.bats
index 295bb71b2789..61c543a56005 100644
--- a/test/system/211-dbus.bats
+++ b/test/system/211-dbus.bats
@@ -23,9 +23,11 @@ setup() {
bats_require_minimum_version 1.7.0
_setup_environment
cleanup_containers
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_containers
}
diff --git a/test/system/220-environment-variables.bats b/test/system/220-environment-variables.bats
index 5b51d17dee55..c24e07d146ee 100644
--- a/test/system/220-environment-variables.bats
+++ b/test/system/220-environment-variables.bats
@@ -23,9 +23,11 @@ setup() {
bats_require_minimum_version 1.7.0
_setup_environment
cleanup_containers
+ pushd "$HOME" || return 1
}
teardown() {
+ popd || return 1
cleanup_containers
}
--
2.43.0

894
toolbox-test-system-new.patch
View File

@ -1,894 +0,0 @@
From f51c4a4cd8ff1c51a68073a10eaddab8f16fdaf6 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Thu, 8 Feb 2024 22:18:33 +0100
Subject: [PATCH 1/4] test/system: Ensure that the user is part of a group with
the same name
https://github.com/containers/toolbox/pull/1447
---
test/system/206-user.bats | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/test/system/206-user.bats b/test/system/206-user.bats
index c295d8a61f39..cdd38c146024 100644
--- a/test/system/206-user.bats
+++ b/test/system/206-user.bats
@@ -434,6 +434,7 @@ teardown() {
run --keep-empty-lines --separate-stderr "$TOOLBOX" run cat /etc/group
assert_success
+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
assert_line --regexp "^(sudo|wheel):x:[[:digit:]]+:$USER$"
assert [ ${#lines[@]} -gt 1 ]
@@ -447,6 +448,7 @@ teardown() {
run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch cat /etc/group
assert_success
+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$"
assert [ ${#lines[@]} -gt 1 ]
@@ -460,6 +462,7 @@ teardown() {
run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 cat /etc/group
assert_success
+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$"
assert [ ${#lines[@]} -gt 1 ]
@@ -473,6 +476,7 @@ teardown() {
run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 cat /etc/group
assert_success
+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
assert_line --regexp "^wheel:x:[[:digit:]]+:$USER$"
assert [ ${#lines[@]} -gt 1 ]
@@ -486,6 +490,7 @@ teardown() {
run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 cat /etc/group
assert_success
+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$"
assert [ ${#lines[@]} -gt 1 ]
@@ -499,6 +504,7 @@ teardown() {
run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 cat /etc/group
assert_success
+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$"
assert [ ${#lines[@]} -gt 1 ]
@@ -512,6 +518,7 @@ teardown() {
run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 cat /etc/group
assert_success
+ assert_line --regexp "^$USER:x:[[:digit:]]+:$USER$"
assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$"
assert [ ${#lines[@]} -gt 1 ]
--
2.43.0
From b2d64fad1a23a07919efdb70de9247645e44f973 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Thu, 8 Feb 2024 22:51:43 +0100
Subject: [PATCH 2/4] test/system: Ensure that process started by 'podman exec'
has all groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit 15173f8c25c81244 exposed a bug in crun(1) [1] where the process
started directly by 'podman exec --user ...' inside the Toolbx container
would not have the supplementary groups attached to the user by the
entry point.
This could be observed by differences in id(1):
⬢$ id
uid=1000(user) gid=1000(user) groups=1000(user)
⬢$ id user
uid=1000(user) gid=1000(user) groups=1000(user),10(wheel)
... and could be worked around by starting a new session with sudo(8).
[1] crun commit 9effaebb429a1aed
https://github.com/containers/crun/commit/9effaebb429a1aed
https://github.com/containers/crun/issues/644
https://github.com/containers/podman/issues/9986
https://github.com/containers/toolbox/issues/608
---
test/system/206-user.bats | 231 ++++++++++++++++++++++++++++++++++++++
1 file changed, 231 insertions(+)
diff --git a/test/system/206-user.bats b/test/system/206-user.bats
index cdd38c146024..2df7862f259e 100644
--- a/test/system/206-user.bats
+++ b/test/system/206-user.bats
@@ -525,3 +525,234 @@ teardown() {
# shellcheck disable=SC2154
assert [ ${#stderr_lines[@]} -eq 0 ]
}
+
+@test "user: id(1) for $USER inside the default container" {
+ create_default_container
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run id
+
+ assert_success
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ local output_id="${lines[0]}"
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run id "$USER"
+
+ assert_success
+ assert_line --index 0 "$output_id"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside Arch Linux" {
+ create_distro_container arch latest arch-toolbox-latest
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch id
+
+ assert_success
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ local output_id="${lines[0]}"
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch id "$USER"
+
+ assert_success
+ assert_line --index 0 "$output_id"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside Fedora 34" {
+ create_distro_container fedora 34 fedora-toolbox-34
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 id
+
+ assert_success
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ local output_id="${lines[0]}"
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 id "$USER"
+
+ assert_success
+ assert_line --index 0 "$output_id"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside RHEL 8.7" {
+ create_distro_container rhel 8.7 rhel-toolbox-8.7
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 id
+
+ assert_success
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ local output_id="${lines[0]}"
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 id "$USER"
+
+ assert_success
+ assert_line --index 0 "$output_id"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside Ubuntu 16.04" {
+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 id
+
+ assert_success
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ local output_id="${lines[0]}"
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 id "$USER"
+
+ assert_success
+ assert_line --index 0 "$output_id"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside Ubuntu 18.04" {
+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 id
+
+ assert_success
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ local output_id="${lines[0]}"
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 id "$USER"
+
+ assert_success
+ assert_line --index 0 "$output_id"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "user: id(1) for $USER inside Ubuntu 20.04" {
+ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 id
+
+ assert_success
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ local output_id="${lines[0]}"
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 id "$USER"
+
+ assert_success
+ assert_line --index 0 "$output_id"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ # shellcheck disable=SC2154
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
--
2.43.0
From da2555d04f9ff677b3f2033ff36390f75c3a509d Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Thu, 18 Jan 2024 19:53:02 +0100
Subject: [PATCH 3/4] test/system: Group by higher-level objective, not
distribution
Fallout from 51ffd2793d882ffab45ace44c03edfdaeb3f138c
https://github.com/containers/toolbox/pull/1436
---
test/system/220-environment-variables.bats | 152 ++++++++++-----------
1 file changed, 76 insertions(+), 76 deletions(-)
diff --git a/test/system/220-environment-variables.bats b/test/system/220-environment-variables.bats
index 0e1356654468..dd74b1dc5142 100644
--- a/test/system/220-environment-variables.bats
+++ b/test/system/220-environment-variables.bats
@@ -1,6 +1,6 @@
# shellcheck shell=bats
#
-# Copyright © 2023 Red Hat, Inc.
+# Copyright © 2023 2024 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -57,25 +57,24 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTSIZE inside the default container" {
- skip "https://pagure.io/setup/pull-request/48"
-
- create_default_container
+@test "environment variables: HISTFILESIZE inside Arch Linux" {
+ create_distro_container arch latest arch-toolbox-latest
- if [ "$HISTSIZE" = "" ]; then
+ # shellcheck disable=SC2031
+ if [ "$HISTFILESIZE" = "" ]; then
# shellcheck disable=SC2030
- HISTSIZE=1001
+ HISTFILESIZE=1001
else
- ((HISTSIZE++))
+ ((HISTFILESIZE++))
fi
- export HISTSIZE
+ export HISTFILESIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run bash -c 'echo "$HISTSIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTFILESIZE"'
assert_success
- assert_line --index 0 "$HISTSIZE"
+ assert_line --index 0 "$HISTFILESIZE"
if check_bats_version 1.10.0; then
assert [ ${#lines[@]} -eq 1 ]
@@ -87,8 +86,8 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTFILESIZE inside Arch Linux" {
- create_distro_container arch latest arch-toolbox-latest
+@test "environment variables: HISTFILESIZE inside Fedora 34" {
+ create_distro_container fedora 34 fedora-toolbox-34
# shellcheck disable=SC2031
if [ "$HISTFILESIZE" = "" ]; then
@@ -101,7 +100,7 @@ teardown() {
export HISTFILESIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTFILESIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTFILESIZE"'
assert_success
assert_line --index 0 "$HISTFILESIZE"
@@ -116,24 +115,24 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTSIZE inside Arch Linux" {
- create_distro_container arch latest arch-toolbox-latest
+@test "environment variables: HISTFILESIZE inside RHEL 8.7" {
+ create_distro_container rhel 8.7 rhel-toolbox-8.7
# shellcheck disable=SC2031
- if [ "$HISTSIZE" = "" ]; then
+ if [ "$HISTFILESIZE" = "" ]; then
# shellcheck disable=SC2030
- HISTSIZE=1001
+ HISTFILESIZE=1001
else
- ((HISTSIZE++))
+ ((HISTFILESIZE++))
fi
- export HISTSIZE
+ export HISTFILESIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTSIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTFILESIZE"'
assert_success
- assert_line --index 0 "$HISTSIZE"
+ assert_line --index 0 "$HISTFILESIZE"
if check_bats_version 1.10.0; then
assert [ ${#lines[@]} -eq 1 ]
@@ -145,8 +144,8 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTFILESIZE inside Fedora 34" {
- create_distro_container fedora 34 fedora-toolbox-34
+@test "environment variables: HISTFILESIZE inside Ubuntu 16.04" {
+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
# shellcheck disable=SC2031
if [ "$HISTFILESIZE" = "" ]; then
@@ -159,7 +158,8 @@ teardown() {
export HISTFILESIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTFILESIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 \
+ bash -c 'echo "$HISTFILESIZE"'
assert_success
assert_line --index 0 "$HISTFILESIZE"
@@ -174,26 +174,25 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTSIZE inside Fedora 34" {
- skip "https://pagure.io/setup/pull-request/48"
-
- create_distro_container fedora 34 fedora-toolbox-34
+@test "environment variables: HISTFILESIZE inside Ubuntu 18.04" {
+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
# shellcheck disable=SC2031
- if [ "$HISTSIZE" = "" ]; then
+ if [ "$HISTFILESIZE" = "" ]; then
# shellcheck disable=SC2030
- HISTSIZE=1001
+ HISTFILESIZE=1001
else
- ((HISTSIZE++))
+ ((HISTFILESIZE++))
fi
- export HISTSIZE
+ export HISTFILESIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTSIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 \
+ bash -c 'echo "$HISTFILESIZE"'
assert_success
- assert_line --index 0 "$HISTSIZE"
+ assert_line --index 0 "$HISTFILESIZE"
if check_bats_version 1.10.0; then
assert [ ${#lines[@]} -eq 1 ]
@@ -205,12 +204,11 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTFILESIZE inside RHEL 8.7" {
- create_distro_container rhel 8.7 rhel-toolbox-8.7
+@test "environment variables: HISTFILESIZE inside Ubuntu 20.04" {
+ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
# shellcheck disable=SC2031
if [ "$HISTFILESIZE" = "" ]; then
- # shellcheck disable=SC2030
HISTFILESIZE=1001
else
((HISTFILESIZE++))
@@ -219,7 +217,8 @@ teardown() {
export HISTFILESIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTFILESIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 \
+ bash -c 'echo "$HISTFILESIZE"'
assert_success
assert_line --index 0 "$HISTFILESIZE"
@@ -234,12 +233,11 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTSIZE inside RHEL 8.7" {
+@test "environment variables: HISTSIZE inside the default container" {
skip "https://pagure.io/setup/pull-request/48"
- create_distro_container rhel 8.7 rhel-toolbox-8.7
+ create_default_container
- # shellcheck disable=SC2031
if [ "$HISTSIZE" = "" ]; then
# shellcheck disable=SC2030
HISTSIZE=1001
@@ -250,7 +248,7 @@ teardown() {
export HISTSIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTSIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run bash -c 'echo "$HISTSIZE"'
assert_success
assert_line --index 0 "$HISTSIZE"
@@ -265,25 +263,24 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTFILESIZE inside Ubuntu 16.04" {
- create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
+@test "environment variables: HISTSIZE inside Arch Linux" {
+ create_distro_container arch latest arch-toolbox-latest
# shellcheck disable=SC2031
- if [ "$HISTFILESIZE" = "" ]; then
+ if [ "$HISTSIZE" = "" ]; then
# shellcheck disable=SC2030
- HISTFILESIZE=1001
+ HISTSIZE=1001
else
- ((HISTFILESIZE++))
+ ((HISTSIZE++))
fi
- export HISTFILESIZE
+ export HISTSIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 \
- bash -c 'echo "$HISTFILESIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HISTSIZE"'
assert_success
- assert_line --index 0 "$HISTFILESIZE"
+ assert_line --index 0 "$HISTSIZE"
if check_bats_version 1.10.0; then
assert [ ${#lines[@]} -eq 1 ]
@@ -295,8 +292,10 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTSIZE inside Ubuntu 16.04" {
- create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
+@test "environment variables: HISTSIZE inside Fedora 34" {
+ skip "https://pagure.io/setup/pull-request/48"
+
+ create_distro_container fedora 34 fedora-toolbox-34
# shellcheck disable=SC2031
if [ "$HISTSIZE" = "" ]; then
@@ -309,7 +308,7 @@ teardown() {
export HISTSIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 bash -c 'echo "$HISTSIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HISTSIZE"'
assert_success
assert_line --index 0 "$HISTSIZE"
@@ -324,25 +323,26 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTFILESIZE inside Ubuntu 18.04" {
- create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
+@test "environment variables: HISTSIZE inside RHEL 8.7" {
+ skip "https://pagure.io/setup/pull-request/48"
+
+ create_distro_container rhel 8.7 rhel-toolbox-8.7
# shellcheck disable=SC2031
- if [ "$HISTFILESIZE" = "" ]; then
+ if [ "$HISTSIZE" = "" ]; then
# shellcheck disable=SC2030
- HISTFILESIZE=1001
+ HISTSIZE=1001
else
- ((HISTFILESIZE++))
+ ((HISTSIZE++))
fi
- export HISTFILESIZE
+ export HISTSIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 \
- bash -c 'echo "$HISTFILESIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HISTSIZE"'
assert_success
- assert_line --index 0 "$HISTFILESIZE"
+ assert_line --index 0 "$HISTSIZE"
if check_bats_version 1.10.0; then
assert [ ${#lines[@]} -eq 1 ]
@@ -354,8 +354,8 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTSIZE inside Ubuntu 18.04" {
- create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
+@test "environment variables: HISTSIZE inside Ubuntu 16.04" {
+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
# shellcheck disable=SC2031
if [ "$HISTSIZE" = "" ]; then
@@ -368,7 +368,7 @@ teardown() {
export HISTSIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 bash -c 'echo "$HISTSIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 bash -c 'echo "$HISTSIZE"'
assert_success
assert_line --index 0 "$HISTSIZE"
@@ -383,24 +383,24 @@ teardown() {
assert [ ${#stderr_lines[@]} -eq 0 ]
}
-@test "environment variables: HISTFILESIZE inside Ubuntu 20.04" {
- create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
+@test "environment variables: HISTSIZE inside Ubuntu 18.04" {
+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
# shellcheck disable=SC2031
- if [ "$HISTFILESIZE" = "" ]; then
- HISTFILESIZE=1001
+ if [ "$HISTSIZE" = "" ]; then
+ # shellcheck disable=SC2030
+ HISTSIZE=1001
else
- ((HISTFILESIZE++))
+ ((HISTSIZE++))
fi
- export HISTFILESIZE
+ export HISTSIZE
# shellcheck disable=SC2016
- run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 \
- bash -c 'echo "$HISTFILESIZE"'
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 bash -c 'echo "$HISTSIZE"'
assert_success
- assert_line --index 0 "$HISTFILESIZE"
+ assert_line --index 0 "$HISTSIZE"
if check_bats_version 1.10.0; then
assert [ ${#lines[@]} -eq 1 ]
--
2.43.0
From ee2c92299d5488bab4e54cb04d9a120e0b9ed405 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Thu, 18 Jan 2024 20:17:50 +0100
Subject: [PATCH 4/4] test/system: Test that the HOSTNAME environment variable
is set
Bash automatically sets the HOSTNAME environment variable to the name of
the current host [1] as returned by gethostname(2), which is the same as
hostname(1).
However, on Fedora, from Fedora 33 onwards, /etc/profile sets the
HOSTNAME environment variable to 'hostnamectl --transient' [2], and,
from Fedora 35 onwards, it has a fallback to hostname(1) [3]. These two
approaches return different values when used inside a Toolbx container.
The former picks up the hostname of the host operating system, while the
fallback gets the name that was set when creating the container with
'podman create --hostname toolbox ...'.
Hence, the value of HOSTNAME inside a Toolbx container for Fedora
depends on whether the corresponding version of the fedora-toolbox image
contained hostnamectl(1) or not.
[1] https://www.gnu.org/software/bash/manual/html_node/Bash-Variables.html
[2] setup commit eb9cc4dce89be24f
https://pagure.io/setup/c/eb9cc4dce89be24f
https://bugzilla.redhat.com/show_bug.cgi?id=1745245
[3] setup commit ddd74b5d971a734c
https://pagure.io/setup/c/ddd74b5d971a734c
https://pagure.io/setup/pull-request/28
https://bugzilla.redhat.com/show_bug.cgi?id=1938223
https://github.com/containers/toolbox/issues/558
---
test/system/220-environment-variables.bats | 126 +++++++++++++++++++++
1 file changed, 126 insertions(+)
diff --git a/test/system/220-environment-variables.bats b/test/system/220-environment-variables.bats
index dd74b1dc5142..5b51d17dee55 100644
--- a/test/system/220-environment-variables.bats
+++ b/test/system/220-environment-variables.bats
@@ -439,3 +439,129 @@ teardown() {
# shellcheck disable=SC2154
assert [ ${#stderr_lines[@]} -eq 0 ]
}
+
+@test "environment variables: HOSTNAME inside the default container" {
+ create_default_container
+
+ # shellcheck disable=SC2016
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run bash -c 'echo "$HOSTNAME"'
+
+ assert_success
+ assert_line --index 0 --regexp "^(toolbox|$HOSTNAME)$"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "environment variables: HOSTNAME inside Arch Linux" {
+ create_distro_container arch latest arch-toolbox-latest
+
+ # shellcheck disable=SC2016
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro arch bash -c 'echo "$HOSTNAME"'
+
+ assert_success
+ assert_line --index 0 "toolbox"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "environment variables: HOSTNAME inside Fedora 34" {
+ create_distro_container fedora 34 fedora-toolbox-34
+
+ # shellcheck disable=SC2016
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro fedora --release 34 bash -c 'echo "$HOSTNAME"'
+
+ assert_success
+ assert_line --index 0 "$HOSTNAME"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "environment variables: HOSTNAME inside RHEL 8.7" {
+ create_distro_container rhel 8.7 rhel-toolbox-8.7
+
+ # shellcheck disable=SC2016
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro rhel --release 8.7 bash -c 'echo "$HOSTNAME"'
+
+ assert_success
+ assert_line --index 0 "toolbox"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "environment variables: HOSTNAME inside Ubuntu 16.04" {
+ create_distro_container ubuntu 16.04 ubuntu-toolbox-16.04
+
+ # shellcheck disable=SC2016
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 16.04 bash -c 'echo "$HOSTNAME"'
+
+ assert_success
+ assert_line --index 0 "toolbox"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "environment variables: HOSTNAME inside Ubuntu 18.04" {
+ create_distro_container ubuntu 18.04 ubuntu-toolbox-18.04
+
+ # shellcheck disable=SC2016
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 18.04 bash -c 'echo "$HOSTNAME"'
+
+ assert_success
+ assert_line --index 0 "toolbox"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
+
+@test "environment variables: HOSTNAME inside Ubuntu 20.04" {
+ create_distro_container ubuntu 20.04 ubuntu-toolbox-20.04
+
+ # shellcheck disable=SC2016
+ run --keep-empty-lines --separate-stderr "$TOOLBOX" run --distro ubuntu --release 20.04 bash -c 'echo "$HOSTNAME"'
+
+ assert_success
+ assert_line --index 0 "toolbox"
+
+ if check_bats_version 1.10.0; then
+ assert [ ${#lines[@]} -eq 1 ]
+ else
+ assert [ ${#lines[@]} -eq 2 ]
+ fi
+
+ assert [ ${#stderr_lines[@]} -eq 0 ]
+}
--
2.43.0

67
toolbox.spec
View File

@ -1,7 +1,7 @@
%global __brp_check_rpaths %{nil}
Name: toolbox
Version: 0.0.99.5
Version: 0.0.99.6
%global goipath github.com/containers/%{name}
@ -31,7 +31,7 @@ Version: 0.0.99.5
%endif
%endif
Release: 15%{?dist}
Release: 1%{?dist}
Summary: Tool for interactive command line environments on Linux
License: Apache-2.0
@ -42,17 +42,16 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version
Source1: %{name}.conf
# Upstream
Patch0: toolbox-test-system-new.patch
Patch1: toolbox-test-system-Unbreak-Podman-s-downstream-Fedora-CI.patch
Patch2: toolbox-playbooks-test-system-bats-1.11-podman-5.patch
Patch0: toolbox-Unbreak-downstream-Fedora-CI.patch
Patch1: toolbox-Update-fallback-release-to-40-for-non-fedo.patch
Patch2: toolbox-Revert-Work-around-bug-in-past.patch
# Fedora specific
Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
Patch100: toolbox-Make-the-build-flags-match-Fedora.patch
# RHEL specific
Patch200: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
Patch201: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
Patch200: toolbox-Make-the-build-flags-match-RHEL-9.patch
Patch201: toolbox-Make-the-build-flags-match-RHEL-10.patch
Patch202: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
BuildRequires: gcc
@ -65,21 +64,27 @@ BuildRequires: systemd
BuildRequires: systemd-rpm-macros
%if ! 0%{?rhel}
BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1
BuildRequires: golang-ipath(github.com/NVIDIA/go-nvlib) >= 0.6.1
BuildRequires: golang-ipath(github.com/NVIDIA/go-nvml) >= 0.12.4.0
BuildRequires: golang-ipath(github.com/NVIDIA/nvidia-container-toolkit) >= 1.16.1
BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0
BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0
BuildRequires: golang(github.com/briandowns/spinner) >= 1.18.0
BuildRequires: golang(github.com/docker/go-units) >= 0.5.0
BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1
BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.7.0
BuildRequires: golang(github.com/go-logfmt/logfmt) >= 0.5.0
BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6
BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1
BuildRequires: golang(github.com/google/renameio/v2) >= 2.0.0
BuildRequires: golang(github.com/sirupsen/logrus) >= 1.9.3
BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0
BuildRequires: golang(github.com/spf13/viper) >= 1.10.1
BuildRequires: golang(golang.org/x/sys/unix) >= 0.1.0
BuildRequires: golang-ipath(golang.org/x/sys) >= 0.22.0
BuildRequires: golang(golang.org/x/text) >= 0.3.8
BuildRequires: golang(gopkg.in/yaml.v3) >= 3.0.0
BuildRequires: golang-ipath(gopkg.in/yaml.v3) >= 3.0.1
BuildRequires: golang-ipath(tags.cncf.io/container-device-interface) >= 0.8.0
BuildRequires: pkgconfig(fish)
# for tests
# BuildRequires: codespell
# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0
# BuildRequires: golang(github.com/stretchr/testify) >= 1.9.0
# BuildRequires: ShellCheck
%endif
@ -90,13 +95,14 @@ Requires: podman >= 1.6.4
%if ! 0%{?rhel}
Requires: flatpak-session-helper
%endif
Requires: shadow-utils-subid%{?_isa}
%description
Toolbx is a tool for Linux, which allows the use of interactive command line
environments for development and troubleshooting the host operating system,
without having to install software on the host. It is built on top of Podman
and other standard container technologies from OCI.
environments for software development and troubleshooting the host operating
system, without having to install software on the host. It is built on top of
Podman and other standard container technologies from OCI.
Toolbx environments have seamless access to the user's home directory, the
Wayland and X11 sockets, networking (including Avahi), removable devices (like
@ -109,13 +115,17 @@ Summary: Tests for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: coreutils
Requires: diffutils
# for gdbus(1)
Requires: glib2
Requires: grep
# for htpasswd
# for htpasswd(1)
Requires: httpd-tools
Requires: openssl
Requires: python3
Requires: skopeo
%if ! 0%{?rhel}
Requires: bats >= 1.7.0
Requires: bats >= 1.10.0
%endif
@ -125,23 +135,20 @@ The %{name}-tests package contains system tests for %{name}.
%prep
%setup -q
%patch -P0 -p1
%patch -P1 -p1
%patch -P2 -p1
%if 0%{?fedora}
%ifnarch ppc64
%patch -P100 -p1
%else
%patch -P101 -p1
%endif
%endif
%if 0%{?rhel}
%ifnarch ppc64
%if 0%{?rhel} == 9
%patch -P200 -p1
%else
%endif
%if 0%{?rhel} == 10
%patch -P201 -p1
%endif
@ -187,7 +194,7 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
%files
%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md
%doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md
%license COPYING %{?rhel:src/vendor/modules.txt}
%{_bindir}/%{name}
%{_datadir}/bash-completion
@ -206,6 +213,10 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
%changelog
* Fri Oct 04 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-1
- Update to 0.0.99.6
Resolves: RHEL-61579
* Fri Aug 09 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-15
- Rebuild for CVE-2024-24791
Resolves: RHEL-47199