Update 0.0.99.6

Update the compiler and linker flags for RHEL 9 by keeping '-trimpath'. Switch to using the GO_BUILDTAGS and GO_LDFLAGS environment variables, because their unprefixed counterparts have been deprecated [1]. The 'rpminspect --tests=elf' test run by the downstream CI was silenced because toolbox(1) is only built with the '-z relro' linker flag, but not '-z now' [2]. Otherwise, it fails with: /usr/bin/toolbox lost full GNU_RELRO security protection Stop carrying the downstream patch for the compiler and linker flags for PPC64. The architecture was already discontinued from Fedora 29 [3], even before the patch was added [4]. It was added purely for the sake of completeness, and in the last four years since it was introduced, it hasn't been tested or used. At this point it's becoming too much of a maintenance burden, and removing it silences the %ifarch-applied-patch warning from rpmlint. Fill in some of the missing Requires for the toolbox-tests sub-package. [1] go-rpm-macros commit bc7e5cc55c4709e8 https://pagure.io/go-rpm-macros/c/bc7e5cc55c4709e8 [2] Upstream commit 83f28c52e47c2d44 https://github.com/containers/toolbox/commit/83f28c52e47c2d44 https://github.com/containers/toolbox/pull/1548 [3] https://fedoraproject.org/wiki/Changes/DiscontinuePPC64 [4] Fedora toolbox commit ba60453d21 https://src.fedoraproject.org/rpms/toolbox/c/ba60453d216a9226 https://src.fedoraproject.org/rpms/toolbox/pull-request/2 Resolves: RHEL-61578
2024-10-06 23:30:17 +02:00 · 2024-10-06 23:30:17 +02:00 · e4c38fd245
commit e4c38fd245
parent e3bdb645b0
15 changed files with 453 additions and 264 deletions
--- a/rpminspect.yaml
+++ b/rpminspect.yaml
@ -8,6 +8,9 @@ annocheck:
    extra_opts:
        hardened: --skip-run-path --skip-stack-prot
 elf:
    exclude_path: /usr/bin/toolbox
 runpath:
    allowed_paths:
        - /run/host/usr/lib
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (toolbox-0.0.99.5-vendored.tar.xz) = d82666e9abcbac2d01de440dfb8d57801bb97ec0854a9859c64689c47c6a1344b846fb151ffa9371d0a9a2c85c8f61c96cf8f546449ec63c9a44d85ef328b745
+SHA512 (toolbox-0.0.99.6-vendored.tar.xz) = 9ecec200069e8e2536e5ece43d411f9025dba6f60573e7939a0fc26deef29f0297d405a44fd409e978879b0579ab0a79ace97228a199584854c638213fa219d7
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -12,5 +12,5 @@
    - name:    toolbox
      package: toolbox
      environment:
-        TOOLBOX_TEST_DEFAULT_CONTAINER_NAME: toolbox-container-8.5
+        TOOLBX_TEST_DEFAULT_CONTAINER_NAME: toolbox-container-8.5
      become:  true
--- a/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
+++ b/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
@ -1,4 +1,4 @@
-From 4587b6e9240bf936b760e901435c4cfdd9c582b6 Mon Sep 17 00:00:00 2001
+From c25ad44b7cb50d470b1533931b7808cc194f0d50 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Wed, 18 Aug 2021 17:55:21 +0200
 Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST
@ -10,10 +10,10 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1940037
 1 file changed, 1 insertion(+)
 diff --git a/src/cmd/run.go b/src/cmd/run.go
-index e2e31d9da4e6..84ad46518bfc 100644
+index 719c0d6abb20..92a097283f38 100644
 --- a/src/cmd/run.go
 +++ b/src/cmd/run.go
-@@ -498,6 +498,7 @@ func constructExecArgs(container, preserveFDs string,
+@@ -566,6 +566,7 @@ func constructExecArgs(container, preserveFDs string,
 	execArgs = append(execArgs, envOptions...)
 	execArgs = append(execArgs, []string{
@ -22,10 +22,10 @@ index e2e31d9da4e6..84ad46518bfc 100644
 		"--preserve-fds", preserveFDs,
 	}...)
 -- 
-2.43.0
+2.46.1
-From 892c33ed75443de90a2caa90959387bbc270c564 Mon Sep 17 00:00:00 2001
+From e7877a4d1d38dc35aa6da6c012ec9a23397b7aa4 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Fri, 10 Dec 2021 13:42:15 +0100
 Subject: [PATCH 2/2] test/system: Update to test the migration path for
@ -42,23 +42,23 @@ ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit
 create mode 100644 test/system/100-root.bats
 diff --git a/test/system/002-help.bats b/test/system/002-help.bats
-index 695c51f92e7e..5fa4c6fe0b4c 100644
+index a8bfbc2c79d2..5dd14025ea0b 100644
 --- a/test/system/002-help.bats
 +++ b/test/system/002-help.bats
-@@ -23,20 +23,6 @@ setup() {
+@@ -33,20 +33,6 @@ teardown() {
-   _setup_environment
+   cleanup_all
 }
 -@test "help: Smoke test" {
-  run --keep-empty-lines --separate-stderr "$TOOLBOX"
+-  run --keep-empty-lines --separate-stderr "$TOOLBX"
 -
 -  assert_failure
 -  assert [ ${#lines[@]} -eq 0 ]
 -  lines=("${stderr_lines[@]}")
 -  assert_line --index 0 "Error: missing command"
-  assert_line --index 2 "create    Create a new toolbox container"
+-  assert_line --index 2 "create    Create a new Toolbx container"
-  assert_line --index 3 "enter     Enter an existing toolbox container"
+-  assert_line --index 3 "enter     Enter an existing Toolbx container"
-  assert_line --index 4 "list      List all existing toolbox containers and images"
+-  assert_line --index 4 "list      List all existing Toolbx containers and images"
 -  assert_line --index 6 "Run 'toolbox --help' for usage."
 -  assert [ ${#stderr_lines[@]} -eq 7 ]
 -}
@ -68,7 +68,7 @@ index 695c51f92e7e..5fa4c6fe0b4c 100644
     skip "not found man(1)"
 diff --git a/test/system/100-root.bats b/test/system/100-root.bats
 new file mode 100644
-index 000000000000..32d87904213e
+index 000000000000..cf35d60ac25c
 --- /dev/null
 +++ b/test/system/100-root.bats
@@ -0,0 +1,27 @@
@ -80,15 +80,15 @@ index 000000000000..32d87904213e
 +
 +setup() {
 +  _setup_environment
-+  cleanup_containers
+  cleanup_all
 +}
 +
 +teardown() {
-+  cleanup_containers
+  cleanup_all
 +}
 +
 +@test "root: Try to enter the default container with no containers created" {
-+  run $TOOLBOX <<< "n"
+  run "$TOOLBX" <<< "n"
 +
 +  assert_success
 +  assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command."
@ -100,5 +100,5 @@ index 000000000000..32d87904213e
 +  skip "Testing of entering toolboxes is not implemented"
 +}
 -- 
-2.43.0
+2.46.1
--- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
@ -1,54 +0,0 @@
 From 4f8b443ab925c84d059d894ddcfcf4dcf66a747e Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
 for PPC64
 The Go toolchain also doesn't like the LDFLAGS environment variable as
 exported by Fedora's %{meson} RPM macro.
 Note that these flags are only meant for the "ppc64" CPU architecture,
 and should be kept updated to match Fedora's Go guidelines. Use
 'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
 ---
 src/go-build-wrapper | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)
 diff --git a/src/go-build-wrapper b/src/go-build-wrapper
 index c572d6dfb02b..cae2de426a96 100755
 --- a/src/go-build-wrapper
 +++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
     exit 1
 fi
 -tags=""
 +tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
 if $7; then
 -    tags="-tags migration_path_for_coreos_toolbox"
 +    tags="$tags,migration_path_for_coreos_toolbox"
 fi
 if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -70,11 +70,16 @@ fi
 dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
 +unset LDFLAGS
 +
 # shellcheck disable=SC2086
 go build \
 +        -compiler gc \
         $tags \
 -        -trimpath \
 -        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -a \
 +        -v \
 +        -x \
         -o "$2/$3"
 exit "$?"
 -- 
 2.43.0
--- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
@ -1,54 +0,0 @@
 From 3175ef2fab1f61f5784361070ac338dabda3c04e Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
 The Go toolchain doesn't like the LDFLAGS environment variable as
 exported by Fedora's %{meson} RPM macro.
 Note that these flags are meant for every CPU architecture other than
 PPC64, and should be kept updated to match Fedora's Go guidelines. Use
 'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
 ---
 src/go-build-wrapper | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)
 diff --git a/src/go-build-wrapper b/src/go-build-wrapper
 index c572d6dfb02b..0e6a2efa6853 100755
 --- a/src/go-build-wrapper
 +++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
     exit 1
 fi
 -tags=""
 +tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
 if $7; then
 -    tags="-tags migration_path_for_coreos_toolbox"
 +    tags="$tags,migration_path_for_coreos_toolbox"
 fi
 if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -70,11 +70,17 @@ fi
 dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
 +unset LDFLAGS
 +
 # shellcheck disable=SC2086
 go build \
 +        -buildmode pie \
 +        -compiler gc \
         $tags \
 -        -trimpath \
 -        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -a \
 +        -v \
 +        -x \
         -o "$2/$3"
 exit "$?"
 -- 
 2.43.0
--- a/toolbox-Make-the-build-flags-match-Fedora.patch
+++ b/toolbox-Make-the-build-flags-match-Fedora.patch
@ -0,0 +1,47 @@
 From 7dc70160c8ff531473004e879dd57ec303789d71 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
 Note that these flags are meant for every CPU architecture other than
 PPC64, and should be kept updated to match Fedora's Go guidelines. Use
 'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
 ---
 src/go-build-wrapper | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)
 diff --git a/src/go-build-wrapper b/src/go-build-wrapper
 index a5a1a6a508fb..5978422e9aed 100755
 --- a/src/go-build-wrapper
 +++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
     exit 1
 fi
 -tags=""
 +tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}"
 if $7; then
 -    tags="-tags migration_path_for_coreos_toolbox"
 +    tags="$tags,migration_path_for_coreos_toolbox"
 fi
 if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
 # shellcheck disable=SC2086
 go build \
 +        -buildmode pie \
 +        -compiler gc \
         $tags \
         -trimpath \
 -        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -a \
 +        -v \
 +        -x \
         -o "$2/$3"
 exit "$?"
 -- 
 2.46.1
--- a/toolbox-Make-the-build-flags-match-RHEL-10.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-10.patch
@ -0,0 +1,71 @@
 From f08f64c0d5f2019055381c3c00426fe8545e5e31 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match RHEL 10's %{gobuildflags}
 These reflect the defaults for RHEL 10.0 Beta, because RHEL 10.0 is
 still early in its development cycle and the defaults may be in a state
 of flux.  Some exceptions are mentioned below.
 The '-z pack-relative-relocs' linker flag was left out.  It's currently
 not supported on s390x, so using it would require architecture specific
 patches, which is a hassle.  Support for aarch64 was recently added [1],
 so hopefully s390x will also be supported soon.
 The change to use the RPM's %{name}, %{version}, %{release} and the
 SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to
 generate the build ID annotation for the toolbox(1) binary [2] was left
 out.  It will need more work to propagate the RPM's %{name}, %{version}
 and %{release} to Meson.
 Note that these flags are meant for every CPU architecture other than
 PPC64, and should be kept updated to match RHEL 10's Go guidelines. Use
 'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
 [1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b
    https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b
    https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42
    https://issues.redhat.com/browse/RHEL-40379
 [2] go-rpm-macros commit 1980932bf3a21890
    https://pagure.io/go-rpm-macros/c/1980932bf3a21890
    https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds
 ---
 src/go-build-wrapper | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)
 diff --git a/src/go-build-wrapper b/src/go-build-wrapper
 index a5a1a6a508fb..5978422e9aed 100755
 --- a/src/go-build-wrapper
 +++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
     exit 1
 fi
 -tags=""
 +tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}"
 if $7; then
 -    tags="-tags migration_path_for_coreos_toolbox"
 +    tags="$tags,migration_path_for_coreos_toolbox"
 fi
 if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
 # shellcheck disable=SC2086
 go build \
 +        -buildmode pie \
 +        -compiler gc \
         $tags \
         -trimpath \
 -        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -a \
 +        -v \
 +        -x \
         -o "$2/$3"
 exit "$?"
 -- 
 2.46.1
--- a/toolbox-Make-the-build-flags-match-RHEL-9.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-9.patch
@ -0,0 +1,50 @@
 From ff1320fa869f1e4952836436ab2ad928cbba0987 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags}
 These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early
 in its development cycle and the defaults may be in a state of flux.
 Note that these flags are meant for every CPU architecture other than
 PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use
 'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
 ---
 src/go-build-wrapper | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)
 diff --git a/src/go-build-wrapper b/src/go-build-wrapper
 index a5a1a6a508fb..0a2c7526f210 100755
 --- a/src/go-build-wrapper
 +++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
     exit 1
 fi
 -tags=""
 +tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl"
 if $7; then
 -    tags="-tags migration_path_for_coreos_toolbox"
 +    tags="$tags,migration_path_for_coreos_toolbox"
 fi
 if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
 # shellcheck disable=SC2086
 go build \
 +        -buildmode pie \
 +        -compiler gc \
         $tags \
         -trimpath \
 -        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -a \
 +        -v \
 +        -x \
         -o "$2/$3"
 exit "$?"
 -- 
 2.46.1
--- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
@ -1,55 +0,0 @@
 From 721c6b8d3bbbb5d451eaac4d332ddecd48f5ca85 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} for
 PPC64
 The Go toolchain also doesn't like the LDFLAGS environment variable as
 exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
 like the compressed DWARF data generated by the Go toolchain.
 Note that these flags are only meant for the "ppc64" CPU architecture,
 and should be kept updated to match RHEL's Go guidelines. Use
 'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
 ---
 src/go-build-wrapper | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)
 diff --git a/src/go-build-wrapper b/src/go-build-wrapper
 index c572d6dfb02b..86f174716608 100755
 --- a/src/go-build-wrapper
 +++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
     exit 1
 fi
 -tags=""
 +tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
 if $7; then
 -    tags="-tags migration_path_for_coreos_toolbox"
 +    tags="$tags,migration_path_for_coreos_toolbox"
 fi
 if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -70,11 +70,16 @@ fi
 dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
 +unset LDFLAGS
 +
 # shellcheck disable=SC2086
 go build \
 +        -compiler gc \
         $tags \
 -        -trimpath \
 -        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -a \
 +        -v \
 +        -x \
         -o "$2/$3"
 exit "$?"
 -- 
 2.43.0
--- a/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
+++ b/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
@ -1,55 +0,0 @@
 From 417dc7a7a378dbab6bbaafc21b9e554b60c9402f Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Mon, 29 Jun 2020 17:57:47 +0200
 Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags}
 The Go toolchain doesn't like the LDFLAGS environment variable as
 exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
 like the compressed DWARF data generated by the Go toolchain.
 Note that these flags are meant for every CPU architecture other than
 PPC64, and should be kept updated to match RHEL's Go guidelines. Use
 'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
 ---
 src/go-build-wrapper | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)
 diff --git a/src/go-build-wrapper b/src/go-build-wrapper
 index c572d6dfb02b..d39764fda0c1 100755
 --- a/src/go-build-wrapper
 +++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
     exit 1
 fi
 -tags=""
 +tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
 if $7; then
 -    tags="-tags migration_path_for_coreos_toolbox"
 +    tags="$tags,migration_path_for_coreos_toolbox"
 fi
 if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -70,11 +70,17 @@ fi
 dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
 +unset LDFLAGS
 +
 # shellcheck disable=SC2086
 go build \
 +        -buildmode pie \
 +        -compiler gc \
         $tags \
 -        -trimpath \
 -        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
 +        -a \
 +        -v \
 +        -x \
         -o "$2/$3"
 exit "$?"
 -- 
 2.43.0
--- a/toolbox-Revert-Work-around-bug-in-past.patch
+++ b/toolbox-Revert-Work-around-bug-in-past.patch
@ -0,0 +1,81 @@
 From ed14cd483ae45c5f4cf5596b11c384f4b42bb53b Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Fri, 4 Oct 2024 22:09:03 +0200
 Subject: [PATCH] Revert "playbooks, test/system: Work around bug in pasta(1)
 networks"
 The bug in pasta(1) that necessitated this workaround has since been
 fixed in passt 2024_05_10.7288448 [1].  Some host operating systems like
 CentOS Stream 10 no longer have slirp4netns(1), and it's generally
 better to test the defaults.
 This reverts commit b58f9a51088afbfc22edb0b25776cfa2c4d8cc40.
 [1] https://github.com/containers/podman/issues/22575
    https://archives.passt.top/passt-dev/20240508090338.2735208-1-sbrivio@redhat.com/
    https://archives.passt.top/passt-user/20240510225714.6aa8e6c0@elisabeth/
 https://github.com/containers/toolbox/pull/1562
 ---
 playbooks/dependencies-centos-9-stream.yaml | 3 +--
 playbooks/dependencies-fedora.yaml          | 3 +--
 test/system/libs/helpers.bash               | 1 -
 3 files changed, 2 insertions(+), 5 deletions(-)
 diff --git a/playbooks/dependencies-centos-9-stream.yaml b/playbooks/dependencies-centos-9-stream.yaml
 index 5c1194c03583..d058d314b7b3 100644
 --- a/playbooks/dependencies-centos-9-stream.yaml
 +++ b/playbooks/dependencies-centos-9-stream.yaml
@@ -13,7 +13,6 @@
       - podman
       - shadow-utils-subid-devel
       - skopeo
 -      - slirp4netns
       - systemd
       - udisks2
@@ -55,7 +54,7 @@
     chdir: '{{ zuul.project.src_dir }}'
 - name: Check versions of crucial packages
 -  command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns
 +  command: rpm -qa ShellCheck bats codespell *kernel* gcc *glibc* golang golang-github-cpuguy83-md2man shadow-utils-subid-devel podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
 - name: Show podman versions
   command: podman version
 diff --git a/playbooks/dependencies-fedora.yaml b/playbooks/dependencies-fedora.yaml
 index ea605135a4c2..8007ce958ddb 100644
 --- a/playbooks/dependencies-fedora.yaml
 +++ b/playbooks/dependencies-fedora.yaml
@@ -35,7 +35,6 @@
       - podman
       - shadow-utils-subid-devel
       - skopeo
 -      - slirp4netns
       - systemd
       - udisks2
     use: "{{ 'dnf' if zuul.attempts > 1 else 'auto' }}"
@@ -56,7 +55,7 @@
     chdir: '{{ zuul.project.src_dir }}'
 - name: Check versions of crucial packages
 -  command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo slirp4netns
 +  command: rpm -qa ShellCheck bash bats codespell *kernel* gcc *glibc* shadow-utils-subid-devel golang golang-github-cpuguy83-md2man podman conmon containernetworking-plugins containers-common container-selinux crun fuse-overlayfs flatpak-session-helper skopeo
 - name: Show podman versions
   command: podman version
 diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash
 index dfd6236c2943..2d05641f5d0a 100644
 --- a/test/system/libs/helpers.bash
 +++ b/test/system/libs/helpers.bash
@@ -195,7 +195,6 @@ function _setup_docker_registry() {
     --env REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
     --env REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
     --name "${DOCKER_REG_NAME}" \
 -    --network slirp4netns \
     --privileged \
     --publish 50000:5000 \
     --rm \
 -- 
 2.46.1
--- a/toolbox-Unbreak-downstream-Fedora-CI.patch
+++ b/toolbox-Unbreak-downstream-Fedora-CI.patch
@ -0,0 +1,104 @@
 From 1e90c721858b3119702b93445f535f9c23af88e6 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Wed, 2 Oct 2024 22:43:37 +0200
 Subject: [PATCH] test/system: Unbreak the downstream Fedora CI
 The working directory from which bats(1) is invoked might not be part of
 the Toolbx container.  eg., the downstream Fedora CI invokes the tests
 as:
  $ cd /path/to/toolbox/test/system
  $ bats .
 ... and it led to:
  not ok 8 help: Try unknown command (forwarded to host)
  # tags: commands-options
  # (from function `assert_line' in file
      ./libs/bats-assert/src/assert.bash, line 488,
  #  in test file ./002-help.bats, line 135)
  #   `assert_line --index 0
        "Error: unknown command \"foo\" for \"toolbox\""' failed
  #
  # -- line differs --
  # index    : 0
  # expected : Error: unknown command "foo" for "toolbox"
  # actual   : Error: crun: chdir to `/usr/share/toolbox/test/system`:
      No such file or directory: OCI runtime attempted to invoke a
      command that was not found
  # --
  #
 https://github.com/containers/toolbox/pull/1560
 ---
 test/system/002-help.bats   | 2 ++
 test/system/501-create.bats | 2 ++
 test/system/504-run.bats    | 2 ++
 test/system/505-enter.bats  | 2 ++
 4 files changed, 8 insertions(+)
 diff --git a/test/system/002-help.bats b/test/system/002-help.bats
 index 57e918a04d22..a8bfbc2c79d2 100644
 --- a/test/system/002-help.bats
 +++ b/test/system/002-help.bats
@@ -25,9 +25,11 @@ setup() {
   bats_require_minimum_version 1.10.0
   _setup_environment
   cleanup_all
 +  pushd "$HOME" || return 1
 }
 teardown() {
 +  popd || return 1
   cleanup_all
 }
 diff --git a/test/system/501-create.bats b/test/system/501-create.bats
 index 3f50f98e6bf3..cfb676b7001b 100644
 --- a/test/system/501-create.bats
 +++ b/test/system/501-create.bats
@@ -25,9 +25,11 @@ setup() {
   bats_require_minimum_version 1.8.0
   _setup_environment
   cleanup_all
 +  pushd "$HOME" || return 1
 }
 teardown() {
 +  popd || return 1
   cleanup_all
 }
 diff --git a/test/system/504-run.bats b/test/system/504-run.bats
 index cc5f6fa8bb09..6ee3e86af1ff 100644
 --- a/test/system/504-run.bats
 +++ b/test/system/504-run.bats
@@ -25,9 +25,11 @@ setup() {
   bats_require_minimum_version 1.8.0
   _setup_environment
   cleanup_all
 +  pushd "$HOME" || return 1
 }
 teardown() {
 +  popd || return 1
   cleanup_all
 }
 diff --git a/test/system/505-enter.bats b/test/system/505-enter.bats
 index 405d184f145e..57e58651623d 100644
 --- a/test/system/505-enter.bats
 +++ b/test/system/505-enter.bats
@@ -25,9 +25,11 @@ setup() {
   bats_require_minimum_version 1.8.0
   _setup_environment
   cleanup_all
 +  pushd "$HOME" || return 1
 }
 teardown() {
 +  popd || return 1
   cleanup_all
 }
 -- 
 2.46.1
--- a/toolbox-Update-fallback-release-to-40-for-non-fedo.patch
+++ b/toolbox-Update-fallback-release-to-40-for-non-fedo.patch
@ -0,0 +1,30 @@
 From b524f4cebd8c65746089f898e14a99c7cfded306 Mon Sep 17 00:00:00 2001
 From: Debarshi Ray <rishi@fedoraproject.org>
 Date: Thu, 3 Oct 2024 22:08:04 +0200
 Subject: [PATCH] pkg/utils: Update fallback release to 40 for non-fedora hosts
 Fedora 38 reached End of Life on 21st May 2024:
 https://docs.fedoraproject.org/en-US/releases/eol/
 https://bugzilla.redhat.com/show_bug.cgi?id=2316312
 https://github.com/containers/toolbox/pull/1561
 ---
 src/pkg/utils/utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go
 index eefcd1eeb2cc..37a49fedf772 100644
 --- a/src/pkg/utils/utils.go
 +++ b/src/pkg/utils/utils.go
@@ -64,7 +64,7 @@ const (
 	containerNamePrefixFallback = "fedora-toolbox"
 	distroFallback              = "fedora"
 	idTruncLength               = 12
 -	releaseFallback             = "38"
 +	releaseFallback             = "40"
 )
 const (
 -- 
 2.46.1
--- a/toolbox.spec
+++ b/toolbox.spec
@ -1,7 +1,7 @@
 %global __brp_check_rpaths %{nil}
 Name:          toolbox
-Version:       0.0.99.5
+Version:       0.0.99.6
 %global goipath github.com/containers/%{name}
@ -31,7 +31,7 @@ Version:       0.0.99.5
 %endif
 %endif
-Release:       5%{?dist}
+Release:       1%{?dist}
 Summary:       Tool for interactive command line environments on Linux
 License:       ASL 2.0
@ -41,13 +41,17 @@ Source0:       https://github.com/containers/%{name}/releases/download/%{version
 # RHEL specific
 Source1:       %{name}.conf
 # Upstream
 Patch0:        toolbox-Unbreak-downstream-Fedora-CI.patch
 Patch1:        toolbox-Update-fallback-release-to-40-for-non-fedo.patch
 Patch2:        toolbox-Revert-Work-around-bug-in-past.patch
 # Fedora specific
-Patch100:      toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch
+Patch100:      toolbox-Make-the-build-flags-match-Fedora.patch
 Patch101:      toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch
 # RHEL specific
-Patch200:      toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
+Patch200:      toolbox-Make-the-build-flags-match-RHEL-9.patch
-Patch201:      toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
+Patch201:      toolbox-Make-the-build-flags-match-RHEL-10.patch
 Patch202:      toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
 BuildRequires: gcc
@ -60,21 +64,27 @@ BuildRequires: systemd
 BuildRequires: systemd-rpm-macros
 %if ! 0%{?rhel}
 BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1
 BuildRequires: golang-ipath(github.com/NVIDIA/go-nvlib) >= 0.6.1
 BuildRequires: golang-ipath(github.com/NVIDIA/go-nvml) >= 0.12.4.0
 BuildRequires: golang-ipath(github.com/NVIDIA/nvidia-container-toolkit) >= 1.16.1
 BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0
-BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0
+BuildRequires: golang(github.com/briandowns/spinner) >= 1.18.0
 BuildRequires: golang(github.com/docker/go-units) >= 0.5.0
-BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1
+BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.7.0
 BuildRequires: golang(github.com/go-logfmt/logfmt) >= 0.5.0
 BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6
-BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1
+BuildRequires: golang(github.com/google/renameio/v2) >= 2.0.0
 BuildRequires: golang(github.com/sirupsen/logrus) >= 1.9.3
 BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0
 BuildRequires: golang(github.com/spf13/viper) >= 1.10.1
-BuildRequires: golang(golang.org/x/sys/unix) >= 0.1.0
+BuildRequires: golang-ipath(golang.org/x/sys) >= 0.22.0
 BuildRequires: golang(golang.org/x/text) >= 0.3.8
-BuildRequires: golang(gopkg.in/yaml.v3) >= 3.0.0
+BuildRequires: golang-ipath(gopkg.in/yaml.v3) >= 3.0.1
 BuildRequires: golang-ipath(tags.cncf.io/container-device-interface) >= 0.8.0
 BuildRequires: pkgconfig(fish)
 # for tests
 # BuildRequires: codespell
-# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0
+# BuildRequires: golang(github.com/stretchr/testify) >= 1.9.0
 # BuildRequires: ShellCheck
 %endif
@ -82,6 +92,7 @@ Recommends:    skopeo
 Requires:      containers-common
 Requires:      podman >= 1.6.4
 Requires:      shadow-utils-subid%{?_isa}
 %if ! 0%{?rhel}
 Requires:      flatpak-session-helper
 %endif
@ -89,9 +100,9 @@ Requires:      flatpak-session-helper
 %description
 Toolbx is a tool for Linux, which allows the use of interactive command line
-environments for development and troubleshooting the host operating system,
+environments for software development and troubleshooting the host operating
-without having to install software on the host. It is built on top of Podman
+system, without having to install software on the host. It is built on top of
-and other standard container technologies from OCI.
+Podman and other standard container technologies from OCI.
 Toolbx environments have seamless access to the user's home directory, the
 Wayland and X11 sockets, networking (including Avahi), removable devices (like
@ -104,12 +115,17 @@ Summary:       Tests for %{name}
 Requires:      %{name}%{?_isa} = %{version}-%{release}
 Requires:      coreutils
 Requires:      diffutils
 # for gdbus(1)
 Requires:      glib2
 Requires:      grep
 # for htpasswd(1)
 Requires:      httpd-tools
 Requires:      openssl
 Requires:      python3
 Requires:      skopeo
 %if ! 0%{?rhel}
-Requires:      bats >= 1.7.0
+Requires:      bats >= 1.10.0
 %endif
@ -119,24 +135,25 @@ The %{name}-tests package contains system tests for %{name}.
 %prep
 %setup -q
 %patch -P0 -p1
 %patch -P1 -p1
 %patch -P2 -p1
 %if 0%{?fedora}
-%ifnarch ppc64
+%patch -P100 -p1
 %patch100 -p1
 %else
 %patch101 -p1
 %endif
 %endif
 %if 0%{?rhel}
-%ifnarch ppc64
+%if 0%{?rhel} == 9
-%patch200 -p1
+%patch -P200 -p1
-%else
+%endif
-%patch201 -p1
+
 %if 0%{?rhel} == 10
 %patch -P201 -p1
 %endif
 %if 0%{?rhel} <= 9
-%patch202 -p1
+%patch -P202 -p1
 %endif
 %endif
@ -177,7 +194,7 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
 %files
-%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md
+%doc CODE-OF-CONDUCT.md CONTRIBUTING.md GOALS.md NEWS README.md SECURITY.md
 %license COPYING %{?rhel:src/vendor/modules.txt}
 %{_bindir}/%{name}
 %{_datadir}/bash-completion
@ -196,6 +213,10 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
 %changelog
 * Sun Oct 06 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.6-1
 - Update to 0.0.99.6
 Resolves: RHEL-61578
 * Fri Aug 09 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-5
 - Rebuild for CVE-2024-24791
 Resolves: RHEL-47194
`@ -1 +1 @@`
	`SHA512 (toolbox-0.0.99.5-vendored.tar.xz) = d82666e9abcbac2d01de440dfb8d57801bb97ec0854a9859c64689c47c6a1344b846fb151ffa9371d0a9a2c85c8f61c96cf8f546449ec63c9a44d85ef328b745`	`SHA512 (toolbox-0.0.99.6-vendored.tar.xz) = 9ecec200069e8e2536e5ece43d411f9025dba6f60573e7939a0fc26deef29f0297d405a44fd409e978879b0579ab0a79ace97228a199584854c638213fa219d7`