diff --git a/.toolbox.metadata b/.toolbox.metadata index 44b3e7d..295195d 100644 --- a/.toolbox.metadata +++ b/.toolbox.metadata @@ -1 +1 @@ -925877d2e970cfbf315174de4ceaa921581abed6 SOURCES/toolbox-0.0.99.3-vendored.tar.xz +ae6e6ac18c0d350eeabe9392a37ddc70cd60b52f SOURCES/toolbox-0.0.99.3-vendored.tar.xz diff --git a/SOURCES/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/SOURCES/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch new file mode 100644 index 0000000..db06e9b --- /dev/null +++ b/SOURCES/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -0,0 +1,101 @@ +From 565947a7df6f4d18cb2f2d3a172b79391880288a Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 18 Aug 2021 17:55:21 +0200 +Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST + environment variable + +https://bugzilla.redhat.com/show_bug.cgi?id=1940037 +--- + src/cmd/run.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmd/run.go b/src/cmd/run.go +index 5954eac55fad..ca363815d4c9 100644 +--- a/src/cmd/run.go ++++ b/src/cmd/run.go +@@ -441,6 +441,7 @@ func constructExecArgs(container string, + execArgs = append(execArgs, detachKeys...) + + execArgs = append(execArgs, []string{ ++ "--env", "HOST=/run/host", + "--interactive", + "--tty", + "--user", currentUser.Username, +-- +2.31.1 + + +From fecbda4c3ea823eb04ebe392a6e1422e8ce8dd41 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Fri, 10 Dec 2021 13:42:15 +0100 +Subject: [PATCH 2/2] test/system: Update to test the migration path for + coreos/toolbox users + +This reverts the changes to the tests made in commit +411147988b730dabf8b9e761a5426e12d648f008 by restoring commit +ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit +3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed. +--- + test/system/002-help.bats | 11 ----------- + test/system/100-root.bats | 27 +++++++++++++++++++++++++++ + 2 files changed, 27 insertions(+), 11 deletions(-) + create mode 100644 test/system/100-root.bats + +diff --git a/test/system/002-help.bats b/test/system/002-help.bats +index 689f95e472a1..525d44431ee5 100644 +--- a/test/system/002-help.bats ++++ b/test/system/002-help.bats +@@ -8,17 +8,6 @@ setup() { + _setup_environment + } + +-@test "help: Try to run toolbox with no command" { +- run $TOOLBOX +- +- assert_failure +- assert_line --index 0 "Error: missing command" +- assert_line --index 1 "create Create a new toolbox container" +- assert_line --index 2 "enter Enter an existing toolbox container" +- assert_line --index 3 "list List all existing toolbox containers and images" +- assert_line --index 4 "Run 'toolbox --help' for usage." +-} +- + @test "help: Run command 'help'" { + if ! command -v man 2>/dev/null; then + skip "Test works only if man is in PATH" +diff --git a/test/system/100-root.bats b/test/system/100-root.bats +new file mode 100644 +index 000000000000..32d87904213e +--- /dev/null ++++ b/test/system/100-root.bats +@@ -0,0 +1,27 @@ ++#!/usr/bin/env bats ++ ++load 'libs/bats-support/load' ++load 'libs/bats-assert/load' ++load 'libs/helpers' ++ ++setup() { ++ _setup_environment ++ cleanup_containers ++} ++ ++teardown() { ++ cleanup_containers ++} ++ ++@test "root: Try to enter the default container with no containers created" { ++ run $TOOLBOX <<< "n" ++ ++ assert_success ++ assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command." ++ assert_line --index 1 "Run 'toolbox --help' for usage." ++} ++ ++# TODO: Write the test ++@test "root: Enter the default container when 1 non-default container is present" { ++ skip "Testing of entering toolboxes is not implemented" ++} +-- +2.31.1 + diff --git a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch index 19544b1..e036f7a 100644 --- a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +++ b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch @@ -1,4 +1,4 @@ -From a245af969792bafcfa86090c856a06cb23061816 Mon Sep 17 00:00:00 2001 +From 024cf19e52544814cdee80693a6dc12b5a92943c Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild} for PPC64 @@ -20,20 +20,43 @@ Note that these flags are only meant for the "ppc64" CPU architecture, and should be kept updated to match RHEL's Go guidelines. Use 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. --- - src/go-build-wrapper | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + src/go-build-wrapper | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 0d27120da052..ef1a03af750a 100755 +index ef4aafc8b024..00d7e9fca0e0 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -27,5 +27,6 @@ if ! cd "$1"; then +@@ -32,9 +32,9 @@ if ! cd "$1"; then exit 1 fi --go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" + if $6; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$4" --print-file-name=libc.so); then +@@ -69,11 +69,16 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + +unset LDFLAGS -+go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" ++ + # shellcheck disable=SC2086 + go build \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/toolbox" + exit "$?" -- 2.31.1 diff --git a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch index 10db68e..7c8aaa4 100644 --- a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch +++ b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch @@ -1,4 +1,4 @@ -From 05722d2861c23554b9741c059e853da9ab38282e Mon Sep 17 00:00:00 2001 +From 89129bd096c8bfac4ff84fc19726898cc901c1fc Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild} @@ -20,20 +20,44 @@ Note that these flags are meant for every CPU architecture other than PPC64, and should be kept updated to match RHEL's Go guidelines. Use 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. --- - src/go-build-wrapper | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + src/go-build-wrapper | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 0d27120da052..f08f3218560a 100755 +index ef4aafc8b024..e82e42ca8151 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -27,5 +27,6 @@ if ! cd "$1"; then +@@ -32,9 +32,9 @@ if ! cd "$1"; then exit 1 fi --go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" + if $6; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$4" --print-file-name=libc.so); then +@@ -69,11 +69,17 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + +unset LDFLAGS -+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" ++ + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/toolbox" + exit "$?" -- 2.31.1 diff --git a/SOURCES/toolbox-cmd-root-Suggest-a-way-forward-if-coreos-toolbox-was.patch b/SOURCES/toolbox-cmd-root-Suggest-a-way-forward-if-coreos-toolbox-was.patch deleted file mode 100644 index 258226c..0000000 --- a/SOURCES/toolbox-cmd-root-Suggest-a-way-forward-if-coreos-toolbox-was.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 6b47ff61936d2b602d29b229b079bda00dadad7e Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 2 Sep 2021 14:57:37 +0200 -Subject: [PATCH] cmd/root: Suggest a way forward if coreos/toolbox was used - -github.com/coreos/toolbox bind mounts the entire /run from the host -operating system into the toolbox container. Due to this, when run -rootful, the /run/.containerenv created by Podman inside the container -is also seen on the host. This confuses Toolbox into thinking that it's -running inside a container, even when it's running on the host. - -This is an attempt to differentiate between a toolbox container and -the host by looking at the 'container' environment variable, so that -the user can be presented with a more helpful error message. - -https://bugzilla.redhat.com/show_bug.cgi?id=1998191 ---- - src/cmd/root.go | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 5e6f5874a469..139609592218 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -130,6 +130,16 @@ func preRun(cmd *cobra.Command, args []string) error { - - if toolboxPath == "" { - if utils.IsInsideContainer() { -+ if containerType := os.Getenv("container"); containerType == "" { -+ var builder strings.Builder -+ fmt.Fprintf(&builder, "/run/.containerenv found on what looks like the host\n") -+ fmt.Fprintf(&builder, "If this is the host, then remove /run/.containerenv and try again.\n") -+ fmt.Fprintf(&builder, "Otherwise, contact your system administrator or file a bug.") -+ -+ errMsg := builder.String() -+ return errors.New(errMsg) -+ } -+ - return errors.New("TOOLBOX_PATH not set") - } - --- -2.31.1 - diff --git a/SOURCES/toolbox-cmd-run-Make-sosreport-work-by-setting-the-HOST-envi.patch b/SOURCES/toolbox-cmd-run-Make-sosreport-work-by-setting-the-HOST-envi.patch deleted file mode 100644 index 84ae242..0000000 --- a/SOURCES/toolbox-cmd-run-Make-sosreport-work-by-setting-the-HOST-envi.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 786c5065c73703ef46e13905a4672f1b4918310a Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Wed, 18 Aug 2021 17:55:21 +0200 -Subject: [PATCH] cmd/run: Make sosreport work by setting the HOST environment - variable - -https://bugzilla.redhat.com/show_bug.cgi?id=1940037 ---- - src/cmd/run.go | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/cmd/run.go b/src/cmd/run.go -index e8e96932415e..188f0f2394df 100644 ---- a/src/cmd/run.go -+++ b/src/cmd/run.go -@@ -443,6 +443,7 @@ func constructExecArgs(container string, - execArgs = append(execArgs, detachKeys...) - - execArgs = append(execArgs, []string{ -+ "--env", "HOST=/run/host", - "--interactive", - "--tty", - "--user", currentUser.Username, --- -2.31.1 - diff --git a/SPECS/toolbox.spec b/SPECS/toolbox.spec index 284cb8a..9a2b48b 100644 --- a/SPECS/toolbox.spec +++ b/SPECS/toolbox.spec @@ -1,3 +1,5 @@ +%global __brp_check_rpaths %{nil} + # RHEL's RPM toolchain doesn't like the compressed DWARF data generated by the # Go toolchain. %global _dwz_low_mem_die_limit 0 @@ -9,11 +11,11 @@ Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 0.5%{?dist} -Summary: Unprivileged development environment +Release: 4%{?dist} +Summary: Tool for containerized command line environments on Linux License: ASL 2.0 -URL: https://github.com/containers/%{name} +URL: https://containertoolbx.org/ # https://github.com/containers/%%{name}/releases/download/%%{version}/%%{name}-%%{version}.tar.xz # A vendored tarball was created from the upstream tarball: @@ -25,17 +27,16 @@ Source1: %{name}.conf # RHEL specific Patch100: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch Patch101: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch -Patch102: toolbox-cmd-run-Make-sosreport-work-by-setting-the-HOST-envi.patch -Patch103: toolbox-cmd-root-Suggest-a-way-forward-if-coreos-toolbox-was.patch +Patch102: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1905383 ExcludeArch: %{ix86} -BuildRequires: golang >= 1.17.7 -BuildRequires: go-md2man -BuildRequires: meson +BuildRequires: golang >= 1.19.1 +BuildRequires: /usr/bin/go-md2man +BuildRequires: meson >= 0.58.0 BuildRequires: pkgconfig(bash-completion) -BuildRequires: systemd +BuildRequires: systemd-rpm-macros Requires: containers-common Requires: podman >= 1.4.0 @@ -51,6 +52,10 @@ other standard container technologies from OCI. Summary: Tests for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: coreutils +Requires: gawk +Requires: grep +Requires: skopeo %description tests The %{name}-tests package contains system tests for %{name}. @@ -66,7 +71,6 @@ The %{name}-tests package contains system tests for %{name}. %endif %patch102 -p1 -%patch103 -p1 # %%gomkdir is absent from RHEL 8. GOBUILDDIR="$(pwd)/_build" @@ -89,7 +93,13 @@ export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_ ln -s src/cmd cmd ln -s src/pkg pkg ln -s src/vendor vendor -%meson --buildtype=plain -Dprofile_dir=%{_sysconfdir}/profile.d + +%meson \ + --buildtype=plain \ + -Dmigration_path_for_coreos_toolbox=true \ + -Dprofile_dir=%{_sysconfdir}/profile.d \ + -Dtmpfiles_dir=%{_tmpfilesdir} + %meson_build @@ -114,6 +124,22 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Mon Nov 07 2022 Debarshi Ray - 0.0.99.3-4 +- Rebuild for CVE-2022-27664 and CVE-2022-32189 +Resolves: #2116761, #2126749 + +* Mon Nov 07 2022 Debarshi Ray - 0.0.99.3-3 +- Rebuild for CVE-2022-1705, CVE-2022-30630, CVE-2022-30631 and CVE-2022-30632 +Resolves: #2111827 + +* Mon Nov 07 2022 Debarshi Ray - 0.0.99.3-2 +- Update to 0.0.99.3 +- BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging + guidelines +- Update the Summary to match upstream +- Update the URL to point to the website +Resolves: #2115089 + * Fri Apr 08 2022 Jindrich Novy - 0.0.99.3-0.5 - bump golang BR to 1.17.7 - Related: #2061390