diff --git a/toolbox-Build-fixes.patch b/toolbox-Build-fixes.patch new file mode 100644 index 0000000..32164ef --- /dev/null +++ b/toolbox-Build-fixes.patch @@ -0,0 +1,240 @@ +From 424cc42fba3cb182a360dcdda68caf20d9141ae6 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Tue, 28 Feb 2023 17:12:04 +0100 +Subject: [PATCH 1/4] cmd/root: Don't use podman(1) when generating the + completions + +Ever since commit bafbbe81c9220cb3, the shell completions are generated +while building Toolbx using the 'completion' command. This involves +running toolbox(1) itself, and hence invoking 'podman version' to decide +if 'podman system migrate' is needed or not. + +Unfortunately, some build environments, like Fedora's, are set up inside +a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may +not work because it does various things with namespaces(7) and clone(2) +that can, under certain circumstances, encounter an EPERM. + +Therefore, it's better to avoid using podman(1) when generating the +shell completions, especially, since they are generated by Cobra itself +and podman(1) is not involved at all. + +Note that podman(1) is needed when the generated shell completions are +actually used in interactive command line environments. The shell +completions invoke the hidden '__complete' command to get the results +that are presented to the user, and, if needed, 'podman system migrate' +will continue to be run as part of that. + +This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011 +because podman(1) is now only an optional runtime dependency for the +system tests. + +https://github.com/containers/podman/issues/17657 +--- + meson.build | 2 +- + src/cmd/root.go | 9 +++++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/meson.build b/meson.build +index 6f044bb204e3..653a3d3ac588 100644 +--- a/meson.build ++++ b/meson.build +@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h']) + + go = find_program('go') + go_md2man = find_program('go-md2man') +-podman = find_program('podman') + + bats = find_program('bats', required: false) + codespell = find_program('codespell', required: false) + htpasswd = find_program('htpasswd', required: false) + openssl = find_program('openssl', required: false) ++podman = find_program('podman', required: false) + shellcheck = find_program('shellcheck', required: false) + skopeo = find_program('skopeo', required: false) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 304b03dcd889..9975ccc7a4c8 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error { + + logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath) + +- if err := migrate(); err != nil { ++ if err := migrate(cmd, args); err != nil { + return err + } + +@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error { + return rootRunImpl(cmd, args) + } + +-func migrate() error { ++func migrate(cmd *cobra.Command, args []string) error { + logrus.Debug("Migrating to newer Podman") + + if utils.IsInsideContainer() { + return nil + } + ++ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { ++ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName) ++ return nil ++ } ++ + configDir, err := os.UserConfigDir() + if err != nil { + logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err) +-- +2.41.0 + + +From 0723706168a1bde708bc9acc203c5e9870bc94d5 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 1 Mar 2023 19:41:56 +0100 +Subject: [PATCH 2/4] cmd/root: Sprinkle a debug log + +https://github.com/containers/toolbox/pull/1251 +--- + src/cmd/root.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 9975ccc7a4c8..2e7428a20b24 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -215,6 +215,7 @@ func migrate(cmd *cobra.Command, args []string) error { + logrus.Debug("Migrating to newer Podman") + + if utils.IsInsideContainer() { ++ logrus.Debug("Migration not needed: running inside a container") + return nil + } + +-- +2.41.0 + + +From 0736db58456bb635854493e28a0c36bda49988ce Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 1 Mar 2023 19:46:11 +0100 +Subject: [PATCH 3/4] cmd/root: Shuffle some code around and sprinkle some + debug logs + +Having a separate convenience function reduces the indentation levels by +at least one, and sometimes two, and makes it easy to have more detailed +debug logs. + +This will make the subsequent commit easier to read. + +https://github.com/containers/toolbox/issues/1246 +--- + src/cmd/root.go | 32 ++++++++++++++++++++++++-------- + 1 file changed, 24 insertions(+), 8 deletions(-) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 2e7428a20b24..9aafe3e0d3be 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -1,5 +1,5 @@ + /* +- * Copyright © 2019 – 2022 Red Hat Inc. ++ * Copyright © 2019 – 2023 Red Hat Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. +@@ -139,13 +139,8 @@ func preRun(cmd *cobra.Command, args []string) error { + if !utils.IsInsideContainer() { + logrus.Debugf("Running on a cgroups v%d host", cgroupsVersion) + +- if currentUser.Uid != "0" { +- logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", currentUser.Username) +- +- if _, err := utils.ValidateSubIDRanges(currentUser); err != nil { +- logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err) +- return newSubIDError() +- } ++ if _, err := validateSubIDRanges(cmd, args, currentUser); err != nil { ++ return err + } + } + +@@ -392,3 +387,24 @@ func setUpLoggers() error { + + return nil + } ++ ++func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bool, error) { ++ logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", user.Username) ++ ++ if user.Uid == "0" { ++ logrus.Debugf("Look-up not needed: user %s doesn't need them", user.Username) ++ return true, nil ++ } ++ ++ if utils.IsInsideContainer() { ++ logrus.Debug("Look-up not needed: running inside a container") ++ return true, nil ++ } ++ ++ if _, err := utils.ValidateSubIDRanges(user); err != nil { ++ logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err) ++ return false, newSubIDError() ++ } ++ ++ return true, nil ++} +-- +2.41.0 + + +From 02537eac420f49e96110663794ef5f2511eb6860 Mon Sep 17 00:00:00 2001 +From: Jan Zerebecki +Date: Wed, 1 Mar 2023 19:52:28 +0100 +Subject: [PATCH 4/4] cmd/root: Don't validate subordinate IDs when generating + the completions + +Ever since commit bafbbe81c9220cb3, the shell completions are generated +while building Toolbx using the 'completion' command. This involves +running toolbox(1) itself, and hence validating the subordinate user and +group ID ranges. + +Unfortunately, some build environments, like openSUSE's, don't have +subordinate ID ranges set up. Therefore, it's better to not validate +the subordinate ID ranges when generating the shell completions, since +they are generated by Cobra itself and subordinate ID ranges are not +involved at all. + +Note that subordinate ID ranges may be needed when the generated shell +completions are actually used in interactive command line environments. +The shell completions invoke the hidden '__complete' command to get the +results that are presented to the user, and, if needed, the subordinate +ID ranges will continue to be used by podman(1) as part of that. + +Some changes by Debarshi Ray. + +https://github.com/containers/toolbox/issues/1246 +https://github.com/containers/toolbox/pull/1249 +--- + src/cmd/root.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index 9aafe3e0d3be..aee9fe026ac3 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -401,6 +401,11 @@ func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bo + return true, nil + } + ++ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { ++ logrus.Debugf("Look-up not needed: command %s doesn't need them", cmdName) ++ return true, nil ++ } ++ + if _, err := utils.ValidateSubIDRanges(user); err != nil { + logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err) + return false, newSubIDError() +-- +2.41.0 + diff --git a/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch b/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch deleted file mode 100644 index 85c7289..0000000 --- a/toolbox-Don-t-use-podman-1-when-generating-the-comp.patch +++ /dev/null @@ -1,89 +0,0 @@ -From fc5f568c5d82f4a16982268fa67092e52be91fbe Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Tue, 28 Feb 2023 17:12:04 +0100 -Subject: [PATCH] cmd/root: Don't use podman(1) when generating the completions - -Ever since commit bafbbe81c9220cb3, the shell completions are generated -while building Toolbx using the 'completion' command. This involves -running toolbox(1) itself, and hence invoking 'podman version' to decide -if 'podman system migrate' is needed or not. - -Unfortunately, some build environments, like Fedora's, are set up inside -a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may -not work because it does various things with namespaces(7) and clone(2) -that can, under certain circumstances, encounter an EPERM. - -Therefore, it's better to avoid using podman(1) when generating the -shell completions, especially, since they are generated by Cobra itself -and podman(1) is not involved at all. - -Note that podman(1) is needed when the generated shell completions are -actually used in interactive command line environments. The shell -completions invoke the hidden '__complete' command to get the results -that are presented to the user, and, if needed, 'podman system migrate' -will continue to be run as part of that. - -This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011 -because podman(1) is now only an optional runtime dependency for the -system tests. - -https://github.com/containers/podman/issues/17657 ---- - meson.build | 2 +- - src/cmd/root.go | 9 +++++++-- - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/meson.build b/meson.build -index 6f044bb204e3..653a3d3ac588 100644 ---- a/meson.build -+++ b/meson.build -@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h']) - - go = find_program('go') - go_md2man = find_program('go-md2man') --podman = find_program('podman') - - bats = find_program('bats', required: false) - codespell = find_program('codespell', required: false) - htpasswd = find_program('htpasswd', required: false) - openssl = find_program('openssl', required: false) -+podman = find_program('podman', required: false) - shellcheck = find_program('shellcheck', required: false) - skopeo = find_program('skopeo', required: false) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 304b03dcd889..9975ccc7a4c8 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error { - - logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath) - -- if err := migrate(); err != nil { -+ if err := migrate(cmd, args); err != nil { - return err - } - -@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error { - return rootRunImpl(cmd, args) - } - --func migrate() error { -+func migrate(cmd *cobra.Command, args []string) error { - logrus.Debug("Migrating to newer Podman") - - if utils.IsInsideContainer() { - return nil - } - -+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName { -+ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName) -+ return nil -+ } -+ - configDir, err := os.UserConfigDir() - if err != nil { - logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err) --- -2.39.1 - diff --git a/toolbox-Sprinkle-a-debug-log.patch b/toolbox-Sprinkle-a-debug-log.patch deleted file mode 100644 index ba6a3dd..0000000 --- a/toolbox-Sprinkle-a-debug-log.patch +++ /dev/null @@ -1,22 +0,0 @@ -From cafbca996ec4a19f9f80bae109436e2dfc7149a4 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Wed, 1 Mar 2023 19:41:56 +0100 -Subject: [PATCH] cmd/root: Sprinkle a debug log - -https://github.com/containers/toolbox/pull/1251 ---- - src/cmd/root.go | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/cmd/root.go b/src/cmd/root.go -index 9975ccc7a..2e7428a20 100644 ---- a/src/cmd/root.go -+++ b/src/cmd/root.go -@@ -215,6 +215,7 @@ func migrate(cmd *cobra.Command, args []string) error { - logrus.Debug("Migrating to newer Podman") - - if utils.IsInsideContainer() { -+ logrus.Debug("Migration not needed: running inside a container") - return nil - } - diff --git a/toolbox.spec b/toolbox.spec index 98f59e4..9acad83 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -17,11 +17,12 @@ Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://containertoolbx.org/ Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz + +# RHEL specific Source1: %{name}.conf # Upstream -Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch -Patch1: toolbox-Sprinkle-a-debug-log.patch +Patch0: toolbox-Build-fixes.patch # Fedora specific Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -167,7 +168,6 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q %patch0 -p1 -%patch1 -p1 %if 0%{?fedora} %ifnarch ppc64