diff --git a/rpminspect.yaml b/rpminspect.yaml index 626b073..bd29ebe 100644 --- a/rpminspect.yaml +++ b/rpminspect.yaml @@ -8,6 +8,9 @@ annocheck: extra_opts: hardened: --skip-run-path --skip-stack-prot +elf: + exclude_path: /usr/bin/toolbox + runpath: allowed_paths: - /run/host/usr/lib diff --git a/sources b/sources index df91c99..a7670e1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.5-vendored.tar.xz) = d82666e9abcbac2d01de440dfb8d57801bb97ec0854a9859c64689c47c6a1344b846fb151ffa9371d0a9a2c85c8f61c96cf8f546449ec63c9a44d85ef328b745 +SHA512 (toolbox-0.0.99.6-vendored.tar.xz) = 9ecec200069e8e2536e5ece43d411f9025dba6f60573e7939a0fc26deef29f0297d405a44fd409e978879b0579ab0a79ace97228a199584854c638213fa219d7 diff --git a/tests/tests.yml b/tests/tests.yml index 80ac749..ee70334 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -12,5 +12,5 @@ - name: toolbox package: toolbox environment: - TOOLBOX_TEST_DEFAULT_CONTAINER_NAME: toolbox-container-8.5 + TOOLBX_TEST_DEFAULT_CONTAINER_NAME: toolbox-container-8.5 become: true diff --git a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch index 1e3e254..9f470cd 100644 --- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch +++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -1,4 +1,4 @@ -From 4587b6e9240bf936b760e901435c4cfdd9c582b6 Mon Sep 17 00:00:00 2001 +From c25ad44b7cb50d470b1533931b7808cc194f0d50 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 18 Aug 2021 17:55:21 +0200 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST @@ -10,10 +10,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037 1 file changed, 1 insertion(+) diff --git a/src/cmd/run.go b/src/cmd/run.go -index e2e31d9da4e6..84ad46518bfc 100644 +index 719c0d6abb20..92a097283f38 100644 --- a/src/cmd/run.go +++ b/src/cmd/run.go -@@ -498,6 +498,7 @@ func constructExecArgs(container, preserveFDs string, +@@ -566,6 +566,7 @@ func constructExecArgs(container, preserveFDs string, execArgs = append(execArgs, envOptions...) execArgs = append(execArgs, []string{ @@ -22,10 +22,10 @@ index e2e31d9da4e6..84ad46518bfc 100644 "--preserve-fds", preserveFDs, }...) -- -2.43.0 +2.46.1 -From 892c33ed75443de90a2caa90959387bbc270c564 Mon Sep 17 00:00:00 2001 +From e7877a4d1d38dc35aa6da6c012ec9a23397b7aa4 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Fri, 10 Dec 2021 13:42:15 +0100 Subject: [PATCH 2/2] test/system: Update to test the migration path for @@ -42,23 +42,23 @@ ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit create mode 100644 test/system/100-root.bats diff --git a/test/system/002-help.bats b/test/system/002-help.bats -index 695c51f92e7e..5fa4c6fe0b4c 100644 +index a8bfbc2c79d2..5dd14025ea0b 100644 --- a/test/system/002-help.bats +++ b/test/system/002-help.bats -@@ -23,20 +23,6 @@ setup() { - _setup_environment +@@ -33,20 +33,6 @@ teardown() { + cleanup_all } -@test "help: Smoke test" { -- run --keep-empty-lines --separate-stderr "$TOOLBOX" +- run --keep-empty-lines --separate-stderr "$TOOLBX" - - assert_failure - assert [ ${#lines[@]} -eq 0 ] - lines=("${stderr_lines[@]}") - assert_line --index 0 "Error: missing command" -- assert_line --index 2 "create Create a new toolbox container" -- assert_line --index 3 "enter Enter an existing toolbox container" -- assert_line --index 4 "list List all existing toolbox containers and images" +- assert_line --index 2 "create Create a new Toolbx container" +- assert_line --index 3 "enter Enter an existing Toolbx container" +- assert_line --index 4 "list List all existing Toolbx containers and images" - assert_line --index 6 "Run 'toolbox --help' for usage." - assert [ ${#stderr_lines[@]} -eq 7 ] -} @@ -68,7 +68,7 @@ index 695c51f92e7e..5fa4c6fe0b4c 100644 skip "not found man(1)" diff --git a/test/system/100-root.bats b/test/system/100-root.bats new file mode 100644 -index 000000000000..32d87904213e +index 000000000000..cf35d60ac25c --- /dev/null +++ b/test/system/100-root.bats @@ -0,0 +1,27 @@ @@ -80,15 +80,15 @@ index 000000000000..32d87904213e + +setup() { + _setup_environment -+ cleanup_containers ++ cleanup_all +} + +teardown() { -+ cleanup_containers ++ cleanup_all +} + +@test "root: Try to enter the default container with no containers created" { -+ run $TOOLBOX <<< "n" ++ run "$TOOLBX" <<< "n" + + assert_success + assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command." @@ -100,5 +100,5 @@ index 000000000000..32d87904213e + skip "Testing of entering toolboxes is not implemented" +} -- -2.43.0 +2.46.1 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch deleted file mode 100644 index 35ecc83..0000000 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 4f8b443ab925c84d059d894ddcfcf4dcf66a747e Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} - for PPC64 - -The Go toolchain also doesn't like the LDFLAGS environment variable as -exported by Fedora's %{meson} RPM macro. - -Note that these flags are only meant for the "ppc64" CPU architecture, -and should be kept updated to match Fedora's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..cae2de426a96 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,16 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.43.0 - diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch deleted file mode 100644 index c290d36..0000000 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 3175ef2fab1f61f5784361070ac338dabda3c04e Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} - -The Go toolchain doesn't like the LDFLAGS environment variable as -exported by Fedora's %{meson} RPM macro. - -Note that these flags are meant for every CPU architecture other than -PPC64, and should be kept updated to match Fedora's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..0e6a2efa6853 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,17 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -buildmode pie \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.43.0 - diff --git a/toolbox-Make-the-build-flags-match-Fedora.patch b/toolbox-Make-the-build-flags-match-Fedora.patch new file mode 100644 index 0000000..27fd99d --- /dev/null +++ b/toolbox-Make-the-build-flags-match-Fedora.patch @@ -0,0 +1,47 @@ +From 7dc70160c8ff531473004e879dd57ec303789d71 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags} + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match Fedora's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..5978422e9aed 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.46.1 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-10.patch b/toolbox-Make-the-build-flags-match-RHEL-10.patch new file mode 100644 index 0000000..e43e0eb --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch @@ -0,0 +1,71 @@ +From f08f64c0d5f2019055381c3c00426fe8545e5e31 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags} + +These reflect the defaults for RHEL 10.0 Beta, because RHEL 10.0 is +still early in its development cycle and the defaults may be in a state +of flux. Some exceptions are mentioned below. + +The '-z pack-relative-relocs' linker flag was left out. It's currently +not supported on s390x, so using it would require architecture specific +patches, which is a hassle. Support for aarch64 was recently added [1], +so hopefully s390x will also be supported soon. + +The change to use the RPM's %{name}, %{version}, %{release} and the +SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to +generate the build ID annotation for the toolbox(1) binary [2] was left +out. It will need more work to propagate the RPM's %{name}, %{version} +and %{release} to Meson. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL 10's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. + +[1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b + https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b + https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42 + https://issues.redhat.com/browse/RHEL-40379 + +[2] go-rpm-macros commit 1980932bf3a21890 + https://pagure.io/go-rpm-macros/c/1980932bf3a21890 + https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..5978422e9aed 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.46.1 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-9.patch b/toolbox-Make-the-build-flags-match-RHEL-9.patch new file mode 100644 index 0000000..2c15142 --- /dev/null +++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch @@ -0,0 +1,50 @@ +From ff1320fa869f1e4952836436ab2ad928cbba0987 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags} + +These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early +in its development cycle and the defaults may be in a state of flux. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. +--- + src/go-build-wrapper | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index a5a1a6a508fb..0a2c7526f210 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen + + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ + -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.46.1 + diff --git a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch deleted file mode 100644 index d458e9e..0000000 --- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 721c6b8d3bbbb5d451eaac4d332ddecd48f5ca85 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} for - PPC64 - -The Go toolchain also doesn't like the LDFLAGS environment variable as -exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't -like the compressed DWARF data generated by the Go toolchain. - -Note that these flags are only meant for the "ppc64" CPU architecture, -and should be kept updated to match RHEL's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..86f174716608 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,16 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.43.0 - diff --git a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch deleted file mode 100644 index d5d47e4..0000000 --- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 417dc7a7a378dbab6bbaafc21b9e554b60c9402f Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 29 Jun 2020 17:57:47 +0200 -Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} - -The Go toolchain doesn't like the LDFLAGS environment variable as -exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't -like the compressed DWARF data generated by the Go toolchain. - -Note that these flags are meant for every CPU architecture other than -PPC64, and should be kept updated to match RHEL's Go guidelines. Use -'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. ---- - src/go-build-wrapper | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index c572d6dfb02b..d39764fda0c1 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -33,9 +33,9 @@ if ! cd "$1"; then - exit 1 - fi - --tags="" -+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" - if $7; then -- tags="-tags migration_path_for_coreos_toolbox" -+ tags="$tags,migration_path_for_coreos_toolbox" - fi - - if ! libc_dir=$("$5" --print-file-name=libc.so); then -@@ -70,11 +70,17 @@ fi - - dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" - -+unset LDFLAGS -+ - # shellcheck disable=SC2086 - go build \ -+ -buildmode pie \ -+ -compiler gc \ - $tags \ -- -trimpath \ -- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ -+ -a \ -+ -v \ -+ -x \ - -o "$2/$3" - - exit "$?" --- -2.43.0 - diff --git a/toolbox-Revert-Work-around-bug-in-past.patch b/toolbox-Revert-Work-around-bug-in-past.patch new file mode 100644 index 0000000..5597a9f --- /dev/null +++ b/toolbox-Revert-Work-around-bug-in-past.patch @@ -0,0 +1,81 @@ +From ed14cd483ae45c5f4cf5596b11c384f4b42bb53b Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Fri, 4 Oct 2024 22:09:03 +0200 +Subject: [PATCH] Revert "playbooks, test/system: Work around bug in pasta(1) + networks" + +The bug in pasta(1) that necessitated this workaround has since been +fixed in passt 2024_05_10.7288448 [1]. Some host operating systems like +CentOS Stream 10 no longer have slirp4netns(1), and it's generally +better to test the defaults. + +This reverts commit b58f9a51088afbfc22edb0b25776cfa2c4d8cc40. + +[1] https://github.com/containers/podman/issues/22575 + https://archives.passt.top/passt-dev/20240508090338.2735208-1-sbrivio@redhat.com/ + https://archives.passt.top/passt-user/20240510225714.6aa8e6c0@elisabeth/ + +https://github.com/containers/toolbox/pull/1562 +--- + playbooks/dependencies-centos-9-stream.yaml | 3 +-- + playbooks/dependencies-fedora.yaml | 3 +-- + test/system/libs/helpers.bash | 1 - + 3 files changed, 2 insertions(+), 5 deletions(-) + +diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml +index 5c1194c03583..d058d314b7b3 100644 +--- a/playbooks/dependencies-centos-9-stream.yaml ++++ b/playbooks/dependencies-centos-9-stream.yaml +@@ -13,7 +13,6 @@ + - podman + - shadow-utils-subid-devel + - skopeo +- - slirp4netns + - systemd + - udisks2 + +@@ -55,7 +54,7 @@ + chdir: '{{ zuul.project.src_dir }}' + + - name: Check versions of crucial packages +- command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns ++ command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo + + - name: Show podman versions + command: podman version +diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml +index ea605135a4c2..8007ce958ddb 100644 +--- a/playbooks/dependencies-fedora.yaml ++++ b/playbooks/dependencies-fedora.yaml +@@ -35,7 +35,6 @@ + - podman + - shadow-utils-subid-devel + - skopeo +- - slirp4netns + - systemd + - udisks2 + use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}" +@@ -56,7 +55,7 @@ + chdir: '{{ zuul.project.src_dir }}' + + - name: Check versions of crucial packages +- command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns ++ command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo + + - name: Show podman versions + command: podman version +diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash +index dfd6236c2943..2d05641f5d0a 100644 +--- a/test/system/libs/helpers.bash ++++ b/test/system/libs/helpers.bash +@@ -195,7 +195,6 @@ function _setup_docker_registry() { + --env REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ + --env REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ + --name "${DOCKER_REG_NAME}" \ +- --network slirp4netns \ + --privileged \ + --publish 50000:5000 \ + --rm \ +-- +2.46.1 + diff --git a/toolbox-Unbreak-downstream-Fedora-CI.patch b/toolbox-Unbreak-downstream-Fedora-CI.patch new file mode 100644 index 0000000..b743f2d --- /dev/null +++ b/toolbox-Unbreak-downstream-Fedora-CI.patch @@ -0,0 +1,104 @@ +From 1e90c721858b3119702b93445f535f9c23af88e6 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 2 Oct 2024 22:43:37 +0200 +Subject: [PATCH] test/system: Unbreak the downstream Fedora CI + +The working directory from which bats(1) is invoked might not be part of +the Toolbx container. eg., the downstream Fedora CI invokes the tests +as: + $ cd /path/to/toolbox/test/system + $ bats . + +... and it led to: + not ok 8 help: Try unknown command (forwarded to host) + # tags: commands-options + # (from function `assert_line' in file + ./libs/bats-assert/src/assert.bash, line 488, + # in test file ./002-help.bats, line 135) + # `assert_line --index 0 + "Error: unknown command \"foo\" for \"toolbox\""' failed + # + # -- line differs -- + # index : 0 + # expected : Error: unknown command "foo" for "toolbox" + # actual : Error: crun: chdir to `/usr/share/toolbox/test/system`: + No such file or directory: OCI runtime attempted to invoke a + command that was not found + # -- + # + +https://github.com/containers/toolbox/pull/1560 +--- + test/system/002-help.bats | 2 ++ + test/system/501-create.bats | 2 ++ + test/system/504-run.bats | 2 ++ + test/system/505-enter.bats | 2 ++ + 4 files changed, 8 insertions(+) + +diff --git a/test/system/002-help.bats b/test/system/002-help.bats +index 57e918a04d22..a8bfbc2c79d2 100644 +--- a/test/system/002-help.bats ++++ b/test/system/002-help.bats +@@ -25,9 +25,11 @@ setup() { + bats_require_minimum_version 1.10.0 + _setup_environment + cleanup_all ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_all + } + +diff --git a/test/system/501-create.bats b/test/system/501-create.bats +index 3f50f98e6bf3..cfb676b7001b 100644 +--- a/test/system/501-create.bats ++++ b/test/system/501-create.bats +@@ -25,9 +25,11 @@ setup() { + bats_require_minimum_version 1.8.0 + _setup_environment + cleanup_all ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_all + } + +diff --git a/test/system/504-run.bats b/test/system/504-run.bats +index cc5f6fa8bb09..6ee3e86af1ff 100644 +--- a/test/system/504-run.bats ++++ b/test/system/504-run.bats +@@ -25,9 +25,11 @@ setup() { + bats_require_minimum_version 1.8.0 + _setup_environment + cleanup_all ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_all + } + +diff --git a/test/system/505-enter.bats b/test/system/505-enter.bats +index 405d184f145e..57e58651623d 100644 +--- a/test/system/505-enter.bats ++++ b/test/system/505-enter.bats +@@ -25,9 +25,11 @@ setup() { + bats_require_minimum_version 1.8.0 + _setup_environment + cleanup_all ++ pushd "$HOME" || return 1 + } + + teardown() { ++ popd || return 1 + cleanup_all + } + +-- +2.46.1 + diff --git a/toolbox-Update-fallback-release-to-40-for-non-fedo.patch b/toolbox-Update-fallback-release-to-40-for-non-fedo.patch new file mode 100644 index 0000000..7bad62f --- /dev/null +++ b/toolbox-Update-fallback-release-to-40-for-non-fedo.patch @@ -0,0 +1,30 @@ +From b524f4cebd8c65746089f898e14a99c7cfded306 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Thu, 3 Oct 2024 22:08:04 +0200 +Subject: [PATCH] pkg/utils: Update fallback release to 40 for non-fedora hosts + +Fedora 38 reached End of Life on 21st May 2024: +https://docs.fedoraproject.org/en-US/releases/eol/ + +https://bugzilla.redhat.com/show_bug.cgi?id=2316312 +https://github.com/containers/toolbox/pull/1561 +--- + src/pkg/utils/utils.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go +index eefcd1eeb2cc..37a49fedf772 100644 +--- a/src/pkg/utils/utils.go ++++ b/src/pkg/utils/utils.go +@@ -64,7 +64,7 @@ const ( + containerNamePrefixFallback = "fedora-toolbox" + distroFallback = "fedora" + idTruncLength = 12 +- releaseFallback = "38" ++ releaseFallback = "40" + ) + + const ( +-- +2.46.1 + diff --git a/toolbox.spec b/toolbox.spec index b58a9b7..6f5dd97 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,7 +1,7 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.0.99.5 +Version: 0.0.99.6 %global goipath github.com/containers/%{name} @@ -31,7 +31,7 @@ Version: 0.0.99.5 %endif %endif -Release: 5%{?dist} +Release: 1%{?dist} Summary: Tool for interactive command line environments on Linux License: ASL 2.0 @@ -41,13 +41,17 @@ Source0: https://github.com/containers/%{name}/releases/download/%{version # RHEL specific Source1: %{name}.conf +# Upstream +Patch0: toolbox-Unbreak-downstream-Fedora-CI.patch +Patch1: toolbox-Update-fallback-release-to-40-for-non-fedo.patch +Patch2: toolbox-Revert-Work-around-bug-in-past.patch + # Fedora specific -Patch100: toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch -Patch101: toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +Patch100: toolbox-Make-the-build-flags-match-Fedora.patch # RHEL specific -Patch200: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch -Patch201: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +Patch200: toolbox-Make-the-build-flags-match-RHEL-9.patch +Patch201: toolbox-Make-the-build-flags-match-RHEL-10.patch Patch202: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch BuildRequires: gcc @@ -60,21 +64,27 @@ BuildRequires: systemd BuildRequires: systemd-rpm-macros %if ! 0%{?rhel} BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1 +BuildRequires: golang-ipath(github.com/NVIDIA/go-nvlib) >= 0.6.1 +BuildRequires: golang-ipath(github.com/NVIDIA/go-nvml) >= 0.12.4.0 +BuildRequires: golang-ipath(github.com/NVIDIA/nvidia-container-toolkit) >= 1.16.1 BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0 -BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0 +BuildRequires: golang(github.com/briandowns/spinner) >= 1.18.0 BuildRequires: golang(github.com/docker/go-units) >= 0.5.0 -BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1 +BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.7.0 +BuildRequires: golang(github.com/go-logfmt/logfmt) >= 0.5.0 BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6 -BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1 +BuildRequires: golang(github.com/google/renameio/v2) >= 2.0.0 +BuildRequires: golang(github.com/sirupsen/logrus) >= 1.9.3 BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0 BuildRequires: golang(github.com/spf13/viper) >= 1.10.1 -BuildRequires: golang(golang.org/x/sys/unix) >= 0.1.0 +BuildRequires: golang-ipath(golang.org/x/sys) >= 0.22.0 BuildRequires: golang(golang.org/x/text) >= 0.3.8 -BuildRequires: golang(gopkg.in/yaml.v3) >= 3.0.0 +BuildRequires: golang-ipath(gopkg.in/yaml.v3) >= 3.0.1 +BuildRequires: golang-ipath(tags.cncf.io/container-device-interface) >= 0.8.0 BuildRequires: pkgconfig(fish) # for tests # BuildRequires: codespell -# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0 +# BuildRequires: golang(github.com/stretchr/testify) >= 1.9.0 # BuildRequires: ShellCheck %endif @@ -82,6 +92,7 @@ Recommends: skopeo Requires: containers-common Requires: podman >= 1.6.4 +Requires: shadow-utils-subid%{?_isa} %if ! 0%{?rhel} Requires: flatpak-session-helper %endif @@ -89,9 +100,9 @@ Requires: flatpak-session-helper %description Toolbx is a tool for Linux, which allows the use of interactive command line -environments for development and troubleshooting the host operating system, -without having to install software on the host. It is built on top of Podman -and other standard container technologies from OCI. +environments for software development and troubleshooting the host operating +system, without having to install software on the host. It is built on top of +Podman and other standard container technologies from OCI. Toolbx environments have seamless access to the user's home directory, the Wayland and X11 sockets, networking (including Avahi), removable devices (like @@ -104,12 +115,17 @@ Summary: Tests for %{name} Requires: %{name}%{?_isa} = %{version}-%{release} Requires: coreutils +Requires: diffutils +# for gdbus(1) +Requires: glib2 Requires: grep +# for htpasswd(1) Requires: httpd-tools Requires: openssl +Requires: python3 Requires: skopeo %if ! 0%{?rhel} -Requires: bats >= 1.7.0 +Requires: bats >= 1.10.0 %endif @@ -119,24 +135,25 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q +%patch -P0 -p1 +%patch -P1 -p1 +%patch -P2 -p1 %if 0%{?fedora} -%ifnarch ppc64 -%patch100 -p1 -%else -%patch101 -p1 -%endif +%patch -P100 -p1 %endif %if 0%{?rhel} -%ifnarch ppc64 -%patch200 -p1 -%else -%patch201 -p1 +%if 0%{?rhel} == 9 +%patch -P200 -p1 +%endif + +%if 0%{?rhel} == 10 +%patch -P201 -p1 %endif %if 0%{?rhel} <= 9 -%patch202 -p1 +%patch -P202 -p1 %endif %endif @@ -177,7 +194,7 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %files -%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md +%doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md %license COPYING %{?rhel:src/vendor/modules.txt} %{_bindir}/%{name} %{_datadir}/bash-completion @@ -196,6 +213,10 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf %changelog +* Sun Oct 06 2024 Debarshi Ray - 0.0.99.6-1 +- Update to 0.0.99.6 +Resolves: RHEL-61578 + * Fri Aug 09 2024 Debarshi Ray - 0.0.99.5-5 - Rebuild for CVE-2024-24791 Resolves: RHEL-47194