Import rpm: 71cf876b6509f6864ccccb0f2ee913e2eb9dc159

.gitignore

@@ -0,0 +1 @@
+SOURCES/toolbox-0.0.99.3-vendored.tar.xz

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

rpminspect.yaml

@@ -0,0 +1,9 @@
+# https://one.redhat.com/rhel-developer-guide/#_modifying_a_per_package_rpminspect_yaml_file
+# https://github.com/rpminspect/rpminspect/blob/master/data/generic.yaml
+
+annocheck:
+    - hardened: --ignore-unknown --verbose --skip-run-path
+
+runpath:
+    allowed_paths:
+        - /run/host/usr/lib64

sources

@@ -0,0 +1 @@
+SHA1 (toolbox-0.0.99.3-vendored.tar.xz) = ae6e6ac18c0d350eeabe9392a37ddc70cd60b52f

tests/roles/bats_installed/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+# Sigh; RHEL8 doesn't have BATS
+- name: bats | fetch and unpack tarball
+  unarchive:
+    src: https://github.com/bats-core/bats-core/archive/v1.4.1.tar.gz
+    dest: /root
+    remote_src: true
+
+- name: bats | install
+  command: ./install.sh /usr/local
+  args:
+    chdir: /root/bats-core-1.4.1

tests/roles/nonroot_user/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+- name: create nonroot user
+  user:
+    name: testuser
+    shell: /bin/bash
+- name: enable linger
+  command: loginctl enable-linger testuser

tests/roles/run_bats_tests/files/run_bats_tests.sh

@@ -0,0 +1,72 @@
+#!/bin/bash
+#
+# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman
+#
+# This is invoked by the 'run_bats_tests' role; we assume that
+# the package foo has a foo-tests subpackage which provides the
+# directory /usr/share/foo/test/system, containing one or more .bats
+# test files.
+#
+
+export PATH=/usr/local/bin:/usr/sbin:/usr/bin
+
+FULL_LOG=/tmp/test.debug.log
+BATS_LOG=/tmp/test.bats.log
+rm -f $FULL_LOG $BATS_LOG
+touch $FULL_LOG $BATS_LOG
+
+exec &> $FULL_LOG
+
+# Log program versions
+echo "Packages:"
+rpm -q ${TEST_PACKAGE} ${TEST_PACKAGE}-tests
+
+echo "------------------------------"
+printenv | sort
+
+testdir=/usr/share/${TEST_PACKAGE}/test/system
+
+if ! cd $testdir; then
+    echo "FAIL ${TEST_NAME} : cd $testdir"      >> /tmp/test.log
+    exit 0
+fi
+
+if [ -e /tmp/helper.sh ]; then
+    echo "------------------------------"
+    echo ". /tmp/helper.sh"
+    . /tmp/helper.sh
+fi
+
+if [ "$(type -t setup)" = "function" ]; then
+    echo "------------------------------"
+    echo "\$ setup"
+    setup
+    if [ $? -ne 0 ]; then
+        echo "FAIL ${TEST_NAME} : setup"       >> /tmp/test.log
+        exit 0
+    fi
+fi
+
+echo "------------------------------"
+echo "\$ bats ."
+bats . &> $BATS_LOG
+rc=$?
+
+echo "------------------------------"
+echo "bats completed with status $rc"
+
+status=PASS
+if [ $rc -ne 0 ]; then
+    status=FAIL
+fi
+
+echo "${status} ${TEST_NAME}" >> /tmp/test.log
+
+if [ "$(type -t teardown)" = "function" ]; then
+    echo "------------------------------"
+    echo "\$ teardown"
+    teardown
+fi
+
+# FIXME: for CI purposes, always exit 0. This allows subsequent tests.
+exit 0

tests/roles/run_bats_tests/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+# Create empty results file, world-writable
+- name: initialize test.log file
+  copy: dest=/tmp/test.log content='' force=yes mode=0666
+
+- name: execute tests
+  include: run_one_test.yml
+  with_items: "{{ tests }}"
+  loop_control:
+    loop_var: test
+
+- name: pull test.log results
+  fetch:
+    src: "/tmp/test.log"
+    dest: "{{ artifacts }}/test.log"
+    flat: yes
+
+# Copied from standard-test-basic
+- name: check results
+  shell: grep "^FAIL" /tmp/test.log
+  register: test_fails
+  # Never fail at this step. Just store result of tests.
+  failed_when: False
+
+- name: preserve results
+  set_fact:
+    role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}"
+    role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}"
+
+- name: display results
+  vars:
+    msg: |
+       Tests failed: {{ role_result_failed|d('Undefined') }}
+       Tests msg: {{ role_result_msg|d('None') }}
+  debug:
+    msg: "{{ msg.split('\n') }}"
+  failed_when: "role_result_failed|bool"

tests/roles/run_bats_tests/tasks/run_one_test.yml

@@ -0,0 +1,52 @@
+---
+- name: "{{ test.name }} | install test packages"
+  dnf: name="{{ test.package }}-tests" state=installed
+
+- name: "{{ test.name }} | define helper variables"
+  set_fact:
+    test_name_oneword: "{{ test.name | replace(' ','-') }}"
+
+# UGH. This is necessary because our caller sets some environment variables
+# and we need to set a few more based on other caller variables; then we
+# need to combine the two dicts when running the test. This seems to be
+# the only way to do it in ansible.
+- name: "{{ test.name }} | define local environment"
+  set_fact:
+    local_environment:
+      TEST_NAME:    "{{ test.name }}"
+      TEST_PACKAGE: "{{ test.package }}"
+      TEST_ENV:     "{{ test.environment }}"
+
+- name: "{{ test.name }} | setup/teardown helper | see if exists"
+  local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh
+  register: helper
+
+- name: "{{ test.name }} | setup/teardown helper | install"
+  copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh
+  when: helper.stat.exists
+
+- name: "{{ test.name }} | run test"
+  script: ./run_bats_tests.sh
+  args:
+    chdir: /usr/share/{{ test.package }}/test/system
+  become: "{{ true if test.become is defined else false }}"
+  become_user: testuser
+  environment: "{{ local_environment | combine(test.environment) }}"
+
+- name: "{{ test.name }} | pull logs"
+  fetch:
+    src: "/tmp/test.{{ item }}.log"
+    dest: "{{ artifacts }}/test.{{ test_name_oneword }}.{{ item }}.log"
+    flat: yes
+  with_items:
+    - bats
+    - debug
+
+- name: "{{ test.name }} | remove remote logs and helpers"
+  file:
+    dest=/tmp/{{ item }}
+    state=absent
+  with_items:
+    - test.bats.log
+    - test.debug.log
+    - helper.sh

tests/roles/set_image/files/toolbox.conf

@@ -0,0 +1,17 @@
+[general]
+# Create a toolbox container for a different operating system distro than the
+# host. Cannot be used with 'image'.
+## distro = "fedora"
+
+# Create a toolbox container for a different operating system release than the
+# host. Cannot be used with 'image'.
+## release = "33"
+
+# Change the name of the image used to create the toolbox container. This is
+# useful for creating containers from custom-built images. Cannot be used with
+# 'distro' or 'release'.
+#
+# If the name does not contain a registry, the local image storage will be
+# consulted, and if it's not present there then it will be pulled from a
+# suitable remote registry.
+image = "registry-proxy.engineering.redhat.com/rh-osbs/toolbox-container:8.5"

tests/roles/set_image/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+# Copy the toolbox.conf file to /etc/containers/
+- name: Check containers directory exists
+  file:
+    path: /etc/containers
+    state: directory
+- name: Copy toolbox.conf file to set default image
+  copy: src={{ role_path }}/files/toolbox.conf dest=/etc/containers/toolbox.conf force=yes mode=0644

tests/tests.yml

@@ -0,0 +1,17 @@
+---
+- hosts: localhost
+  tags:  classic
+  vars:
+  - artifacts: ./artifacts
+  roles:
+  - role: bats_installed
+  - role: set_image
+  - role: nonroot_user
+  - role: run_bats_tests
+    tests:
+    - name:    toolbox
+      package: toolbox
+      environment:
+        PODMAN: /usr/bin/podman
+        TOOLBOX_TEST_DEFAULT_CONTAINER_NAME: toolbox-container-8.5
+      become:  true

toolbox-Add-migration-paths-for-coreos-toolbox-users.patch

@@ -0,0 +1,101 @@
+From 565947a7df6f4d18cb2f2d3a172b79391880288a Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Wed, 18 Aug 2021 17:55:21 +0200
+Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST
+ environment variable
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1940037
+---
+ src/cmd/run.go | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/cmd/run.go b/src/cmd/run.go
+index 5954eac55fad..ca363815d4c9 100644
+--- a/src/cmd/run.go
++++ b/src/cmd/run.go
+@@ -441,6 +441,7 @@ func constructExecArgs(container string,
+ 	execArgs = append(execArgs, detachKeys...)
+ 
+ 	execArgs = append(execArgs, []string{
++		"--env", "HOST=/run/host",
+ 		"--interactive",
+ 		"--tty",
+ 		"--user", currentUser.Username,
+-- 
+2.31.1
+
+
+From fecbda4c3ea823eb04ebe392a6e1422e8ce8dd41 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Fri, 10 Dec 2021 13:42:15 +0100
+Subject: [PATCH 2/2] test/system: Update to test the migration path for
+ coreos/toolbox users
+
+This reverts the changes to the tests made in commit
+411147988b730dabf8b9e761a5426e12d648f008 by restoring commit
+ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit
+3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed.
+---
+ test/system/002-help.bats | 11 -----------
+ test/system/100-root.bats | 27 +++++++++++++++++++++++++++
+ 2 files changed, 27 insertions(+), 11 deletions(-)
+ create mode 100644 test/system/100-root.bats
+
+diff --git a/test/system/002-help.bats b/test/system/002-help.bats
+index 689f95e472a1..525d44431ee5 100644
+--- a/test/system/002-help.bats
++++ b/test/system/002-help.bats
+@@ -8,17 +8,6 @@ setup() {
+   _setup_environment
+ }
+ 
+-@test "help: Try to run toolbox with no command" {
+-  run $TOOLBOX
+-
+-  assert_failure
+-  assert_line --index 0 "Error: missing command"
+-  assert_line --index 1 "create    Create a new toolbox container"
+-  assert_line --index 2 "enter     Enter an existing toolbox container"
+-  assert_line --index 3 "list      List all existing toolbox containers and images"
+-  assert_line --index 4 "Run 'toolbox --help' for usage."
+-}
+-
+ @test "help: Run command 'help'" {
+   if ! command -v man 2>/dev/null; then
+     skip "Test works only if man is in PATH"
+diff --git a/test/system/100-root.bats b/test/system/100-root.bats
+new file mode 100644
+index 000000000000..32d87904213e
+--- /dev/null
++++ b/test/system/100-root.bats
+@@ -0,0 +1,27 @@
++#!/usr/bin/env bats
++
++load 'libs/bats-support/load'
++load 'libs/bats-assert/load'
++load 'libs/helpers'
++
++setup() {
++  _setup_environment
++  cleanup_containers
++}
++
++teardown() {
++  cleanup_containers
++}
++
++@test "root: Try to enter the default container with no containers created" {
++  run $TOOLBOX <<< "n"
++
++  assert_success
++  assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command."
++  assert_line --index 1 "Run 'toolbox --help' for usage."
++}
++
++# TODO: Write the test
++@test "root: Enter the default container when 1 non-default container is present" {
++  skip "Testing of entering toolboxes is not implemented"
++}
+-- 
+2.31.1
+

toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch

@@ -0,0 +1,63 @@
+From 024cf19e52544814cdee80693a6dc12b5a92943c Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Mon, 29 Jun 2020 17:57:47 +0200
+Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild} for PPC64
+
+The Go toolchain doesn't play well with passing compiler and linker
+flags via environment variables. The linker flags require a second
+level of quoting, which leaves the build system without a quote level
+to assign the flags to an environment variable like GOFLAGS.
+
+This is one reason why RHEL doesn't have a RPM macro with only the
+flags. The %{gobuild} RPM macro includes the entire 'go build ...'
+invocation.
+
+The Go toolchain also doesn't like the LDFLAGS environment variable as
+exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
+like the compressed DWARF data generated by the Go toolchain.
+
+Note that these flags are only meant for the "ppc64" CPU architecture,
+and should be kept updated to match RHEL's Go guidelines. Use
+'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
+---
+ src/go-build-wrapper | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/go-build-wrapper b/src/go-build-wrapper
+index ef4aafc8b024..00d7e9fca0e0 100755
+--- a/src/go-build-wrapper
++++ b/src/go-build-wrapper
+@@ -32,9 +32,9 @@ if ! cd "$1"; then
+     exit 1
+ fi
+ 
+-tags=""
++tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
+ if $6; then
+-    tags="-tags migration_path_for_coreos_toolbox"
++    tags="$tags,migration_path_for_coreos_toolbox"
+ fi
+ 
+ if ! libc_dir=$("$4" --print-file-name=libc.so); then
+@@ -69,11 +69,16 @@ fi
+ 
+ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+ 
++unset LDFLAGS
++
+ # shellcheck disable=SC2086
+ go build \
++        -compiler gc \
+         $tags \
+-        -trimpath \
+-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
++        -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
++        -a \
++        -v \
++        -x \
+         -o "$2/toolbox"
+ 
+ exit "$?"
+-- 
+2.31.1
+

toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch

@@ -0,0 +1,64 @@
+From 89129bd096c8bfac4ff84fc19726898cc901c1fc Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Mon, 29 Jun 2020 17:57:47 +0200
+Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild}
+
+The Go toolchain doesn't play well with passing compiler and linker
+flags via environment variables. The linker flags require a second
+level of quoting, which leaves the build system without a quote level
+to assign the flags to an environment variable like GOFLAGS.
+
+This is one reason why RHEL doesn't have a RPM macro with only the
+flags. The %{gobuild} RPM macro includes the entire 'go build ...'
+invocation.
+
+The Go toolchain also doesn't like the LDFLAGS environment variable as
+exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
+like the compressed DWARF data generated by the Go toolchain.
+
+Note that these flags are meant for every CPU architecture other than
+PPC64, and should be kept updated to match RHEL's Go guidelines. Use
+'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
+---
+ src/go-build-wrapper | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/go-build-wrapper b/src/go-build-wrapper
+index ef4aafc8b024..e82e42ca8151 100755
+--- a/src/go-build-wrapper
++++ b/src/go-build-wrapper
+@@ -32,9 +32,9 @@ if ! cd "$1"; then
+     exit 1
+ fi
+ 
+-tags=""
++tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
+ if $6; then
+-    tags="-tags migration_path_for_coreos_toolbox"
++    tags="$tags,migration_path_for_coreos_toolbox"
+ fi
+ 
+ if ! libc_dir=$("$4" --print-file-name=libc.so); then
+@@ -69,11 +69,17 @@ fi
+ 
+ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+ 
++unset LDFLAGS
++
+ # shellcheck disable=SC2086
+ go build \
++        -buildmode pie \
++        -compiler gc \
+         $tags \
+-        -trimpath \
+-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
++        -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
++        -a \
++        -v \
++        -x \
+         -o "$2/toolbox"
+ 
+ exit "$?"
+-- 
+2.31.1
+

toolbox-Support-RHEL-9-containers.patch

@@ -0,0 +1,211 @@
+From 9bffb4630b2fc026fe32ddcb2674499c863aac32 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= <harrymichal@seznam.cz>
+Date: Sat, 8 Jan 2022 19:53:53 +0200
+Subject: [PATCH 1/3] pkg/utils: Use new UBI toolbox image
+
+Red Hat has published a new UBI image made specificaly for Toolbx.
+Make use of it from now on.
+
+Fixes: https://github.com/containers/toolbox/issues/961
+
+https://github.com/containers/toolbox/issues/976
+(cherry picked from commit f456c173b6fd69ad390a419d23dafcf3f25b15a8)
+---
+ src/pkg/utils/utils.go        | 2 +-
+ test/system/libs/helpers.bash | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go
+index ab59afc22283..3119fee74375 100644
+--- a/src/pkg/utils/utils.go
++++ b/src/pkg/utils/utils.go
+@@ -104,7 +104,7 @@ var (
+ 		},
+ 		"rhel": {
+ 			"rhel-toolbox",
+-			"ubi",
++			"toolbox",
+ 			parseReleaseRHEL,
+ 			"registry.access.redhat.com",
+ 			"ubi8",
+diff --git a/test/system/libs/helpers.bash b/test/system/libs/helpers.bash
+index 548c4c0e745f..e29273a644dd 100644
+--- a/test/system/libs/helpers.bash
++++ b/test/system/libs/helpers.bash
+@@ -18,7 +18,7 @@ readonly SKOPEO=$(command -v skopeo)
+ # Images
+ declare -Ag IMAGES=([busybox]="quay.io/toolbox_tests/busybox" \
+                    [fedora]="registry.fedoraproject.org/fedora-toolbox" \
+-                   [rhel]="registry.access.redhat.com/ubi8")
++                   [rhel]="registry.access.redhat.com/ubi8/toolbox")
+ 
+ 
+ function cleanup_all() {
+-- 
+2.39.1
+
+
+From 643384caf11050a1e8d694176a6e09d732461975 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Sun, 29 Jan 2023 09:41:16 +0100
+Subject: [PATCH 2/3] pkg/utils: Be more strict about what is acceptable
+
+https://github.com/containers/toolbox/issues/1065
+(cherry picked from commit 262c90e06fdb91e0b693fae33a519eb2756de75b)
+---
+ src/pkg/utils/utils.go | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go
+index 3119fee74375..b4c012e8fe3a 100644
+--- a/src/pkg/utils/utils.go
++++ b/src/pkg/utils/utils.go
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright © 2019 – 2021 Red Hat Inc.
++ * Copyright © 2019 – 2023 Red Hat Inc.
+  *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+@@ -278,6 +278,19 @@ func GetEnvOptionsForPreservedVariables() []string {
+ func GetFullyQualifiedImageFromDistros(image, release string) (string, error) {
+ 	logrus.Debugf("Resolving fully qualified name for image %s from known registries", image)
+ 
++	if image == "" {
++		panic("image not specified")
++	}
++
++	if release == "" {
++		panic("release not specified")
++	}
++
++	if tag := ImageReferenceGetTag(image); tag != "" && release != tag {
++		panicMsg := fmt.Sprintf("image %s does not match release %s", image, release)
++		panic(panicMsg)
++	}
++
+ 	if ImageReferenceHasDomain(image) {
+ 		return image, nil
+ 	}
+-- 
+2.39.1
+
+
+From 1ce213fabb3321937421404350e57f376cb9134d Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <rishi@fedoraproject.org>
+Date: Sun, 29 Jan 2023 09:47:13 +0100
+Subject: [PATCH 3/3] pkg/utils: Support RHEL 9 Toolbx containers
+
+The URLs for the RHEL Toolbx images based on the Red Hat Universal Base
+Images (or UBI) are a bit more complicated to construct, in comparison
+to the URLs for Fedora's fedora-toolbox images.  It's not enough to just
+concatenate the registry, the image's basename and the release.  Some
+parts of the URL depend on the release's major number, which requires
+custom code.
+
+So far, the release's major number was hard coded to 8 since only RHEL 8
+Toolbx containers were supported.
+
+To support other RHEL major releases, it's necessary to have custom code
+to construct the URLs for the Toolbx images.
+
+https://github.com/containers/toolbox/issues/1065
+(cherry picked from commit 0a29b374e649437126d8bbe12707fb44d20073d3)
+---
+ src/pkg/utils/utils.go | 47 +++++++++++++++++++++---------------------
+ 1 file changed, 23 insertions(+), 24 deletions(-)
+
+diff --git a/src/pkg/utils/utils.go b/src/pkg/utils/utils.go
+index b4c012e8fe3a..4e4abeca4817 100644
+--- a/src/pkg/utils/utils.go
++++ b/src/pkg/utils/utils.go
+@@ -38,15 +38,14 @@ import (
+ 	"golang.org/x/sys/unix"
+ )
+ 
++type GetFullyQualifiedImageFunc func(string, string) string
+ type ParseReleaseFunc func(string) (string, error)
+ 
+ type Distro struct {
+ 	ContainerNamePrefix    string
+ 	ImageBasename          string
++	GetFullyQualifiedImage GetFullyQualifiedImageFunc
+ 	ParseRelease           ParseReleaseFunc
+-	Registry               string
+-	Repository             string
+-	RepositoryNeedsRelease bool
+ }
+ 
+ const (
+@@ -97,18 +96,14 @@ var (
+ 		"fedora": {
+ 			"fedora-toolbox",
+ 			"fedora-toolbox",
++			getFullyQualifiedImageFedora,
+ 			parseReleaseFedora,
+-			"registry.fedoraproject.org",
+-			"",
+-			false,
+ 		},
+ 		"rhel": {
+ 			"rhel-toolbox",
+ 			"toolbox",
++			getFullyQualifiedImageRHEL,
+ 			parseReleaseRHEL,
+-			"registry.access.redhat.com",
+-			"ubi8",
+-			false,
+ 		},
+ 	}
+ )
+@@ -305,21 +300,8 @@ func GetFullyQualifiedImageFromDistros(image, release string) (string, error) {
+ 			continue
+ 		}
+ 
+-		var repository string
+-
+-		if distroObj.RepositoryNeedsRelease {
+-			repository = fmt.Sprintf(distroObj.Repository, release)
+-		} else {
+-			repository = distroObj.Repository
+-		}
+-
+-		imageFull := distroObj.Registry
+-
+-		if repository != "" {
+-			imageFull = imageFull + "/" + repository
+-		}
+-
+-		imageFull = imageFull + "/" + image
++		getFullyQualifiedImageImpl := distroObj.GetFullyQualifiedImage
++		imageFull := getFullyQualifiedImageImpl(image, release)
+ 
+ 		logrus.Debugf("Resolved image %s to %s", image, imageFull)
+ 
+@@ -329,6 +311,23 @@ func GetFullyQualifiedImageFromDistros(image, release string) (string, error) {
+ 	return "", fmt.Errorf("failed to resolve image %s", image)
+ }
+ 
++func getFullyQualifiedImageFedora(image, release string) string {
++	imageFull := "registry.fedoraproject.org/" + image
++	return imageFull
++}
++
++func getFullyQualifiedImageRHEL(image, release string) string {
++	i := strings.IndexRune(release, '.')
++	if i == -1 {
++		panicMsg := fmt.Sprintf("release %s not in '<major>.<minor>' format", release)
++		panic(panicMsg)
++	}
++
++	releaseMajor := release[:i]
++	imageFull := "registry.access.redhat.com/ubi" + releaseMajor + "/" + image
++	return imageFull
++}
++
+ // GetGroupForSudo returns the name of the sudoers group.
+ //
+ // Some distros call it 'sudo' (eg. Ubuntu) and some call it 'wheel' (eg. Fedora).
+-- 
+2.39.1
+

toolbox.conf

@@ -0,0 +1,17 @@
+[general]
+# Create a toolbox container for a different operating system distro than the
+# host. Cannot be used with 'image'.
+## distro = "fedora"
+
+# Create a toolbox container for a different operating system release than the
+# host. Cannot be used with 'image'.
+## release = "33"
+
+# Change the name of the image used to create the toolbox container. This is
+# useful for creating containers from custom-built images. Cannot be used with
+# 'distro' or 'release'.
+#
+# If the name does not contain a registry, the local image storage will be
+# consulted, and if it's not present there then it will be pulled from a
+# suitable remote registry.
+image = "registry.access.redhat.com/ubi8/toolbox:latest"

toolbox.spec

@@ -0,0 +1,206 @@
+%global __brp_check_rpaths %{nil}
+
+# RHEL's RPM toolchain doesn't like the compressed DWARF data generated by the
+# Go toolchain.
+%global _dwz_low_mem_die_limit 0
+%global _find_debuginfo_dwz_opts %{nil}
+
+Name:          toolbox
+Version:       0.0.99.3
+
+%global goipath github.com/containers/%{name}
+%gometa
+
+Release:       4%{?dist}
+Summary:       Tool for containerized command line environments on Linux
+
+License:       ASL 2.0
+URL:           https://containertoolbx.org/
+
+# https://github.com/containers/%%{name}/releases/download/%%{version}/%%{name}-%%{version}.tar.xz
+# A vendored tarball was created from the upstream tarball:
+# $ cd src
+# $ go mod vendor
+Source0:       %{name}-%{version}-vendored.tar.xz
+Source1:       %{name}.conf
+
+# RHEL specific
+Patch100:      toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
+Patch101:      toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
+Patch102:      toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1905383
+ExcludeArch:   %{ix86}
+
+BuildRequires: golang >= 1.19.1
+BuildRequires: /usr/bin/go-md2man
+BuildRequires: meson >= 0.58.0
+BuildRequires: pkgconfig(bash-completion)
+BuildRequires: systemd-rpm-macros
+
+Requires:      containers-common
+Requires:      podman >= 1.4.0
+
+
+%description
+Toolbox is a tool for Linux operating systems, which allows the use of
+containerized command line environments. It is built on top of Podman and
+other standard container technologies from OCI.
+
+
+%package       tests
+Summary:       Tests for %{name}
+
+Requires:      %{name}%{?_isa} = %{version}-%{release}
+Requires:      coreutils
+Requires:      gawk
+Requires:      grep
+Requires:      skopeo
+
+%description   tests
+The %{name}-tests package contains system tests for %{name}.
+
+
+%prep
+%setup -q
+
+%ifnarch ppc64
+%patch100 -p1
+%else
+%patch101 -p1
+%endif
+
+%patch102 -p1
+
+# %%gomkdir is absent from RHEL 8.
+GOBUILDDIR="$(pwd)/_build"
+GOSOURCEDIR="$(pwd)"
+if [[ ! -e "$GOBUILDDIR/bin" ]] ; then
+  install -m 0755 -vd "$GOBUILDDIR/bin"
+fi
+if [[ ! -e "$GOBUILDDIR/src/%{goipath}" ]] ; then
+  install -m 0755 -vd "$(dirname $GOBUILDDIR/src/%{goipath})"
+  ln -fs "$GOSOURCEDIR" "$GOBUILDDIR/src/%{goipath}"
+fi
+cd "$GOBUILDDIR/src/%{goipath}"
+
+
+%build
+export GO111MODULE=off
+GOBUILDDIR="$(pwd)/_build"
+export GOPATH="$GOBUILDDIR:%{gopath}"
+export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
+ln -s src/cmd cmd
+ln -s src/pkg pkg
+ln -s src/vendor vendor
+
+%meson \
+    --buildtype=plain \
+    -Dmigration_path_for_coreos_toolbox=true \
+    -Dprofile_dir=%{_sysconfdir}/profile.d \
+    -Dtmpfiles_dir=%{_tmpfilesdir}
+
+%meson_build
+
+
+%install
+%meson_install
+install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
+
+
+%files
+%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md
+%license COPYING
+%{_bindir}/%{name}
+%{_datadir}/bash-completion
+%{_mandir}/man1/%{name}.1*
+%{_mandir}/man1/%{name}-*.1*
+%config(noreplace) %{_sysconfdir}/containers/%{name}.conf
+%{_sysconfdir}/profile.d/%{name}.sh
+%{_tmpfilesdir}/%{name}.conf
+
+%files tests
+%{_datadir}/%{name}
+
+
+%changelog
+* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-4
+- Rebuild for CVE-2022-27664 and CVE-2022-32189
+Resolves: #2116761, #2126749
+
+* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-3
+- Rebuild for CVE-2022-1705, CVE-2022-30630, CVE-2022-30631 and CVE-2022-30632
+Resolves: #2111827
+
+* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-2
+- Update to 0.0.99.3
+- BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging
+  guidelines
+- Update the Summary to match upstream
+- Update the URL to point to the website
+Resolves: #2115089
+
+* Fri Apr 08 2022 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.5
+- bump golang BR to 1.17.7
+- Related: #2061390
+
+* Mon Sep 20 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.4
+- Switch to using the Toolbox-specific UBI image by default
+- Related: #2001445
+
+* Thu Sep 02 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-0.3
+- Suggest a way forward if coreos/toolbox was used
+Resolves: #1998191, #2000914
+
+* Thu Aug 26 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.2
+- Make sosreport work by setting the HOST environment variable
+- Related: #1934415
+
+* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.1
+- change release to 0.x so it is obvious it is devel version
+- Related: #1934415
+
+* Thu Aug 05 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-1
+- Fix the build on CentOS Stream
+- Related: #1934415
+
+* Wed Jul 28 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2^1.git660b6970e998-1
+- Add support for configuration files
+Resolves: #1940082
+- Related: #1934415
+
+* Mon Jul 26 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-4
+- Instead of offering to log into a registry, just mention 'podman login'
+- Related: #1934415
+
+* Sat Jul 10 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-3
+- Expose the host's entire / in the container at /run/host
+- Related: #1934415
+
+* Mon Jul 05 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-2
+- Actually apply the patch to make 'toolbox' create or fall back to a
+  container if possible
+- Support logging into a registry if necessary
+- Related: #1934415
+
+* Fri Jul 02 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-1
+- Update to 0.0.99.2
+- Make 'toolbox' create or fall back to a container if possible
+Resolves: #1914687
+- Related: #1934415
+
+* Tue Jan 12 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99-1
+- Update to 0.0.99
+- Related: #1883490
+
+* Tue Jan 12 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.98.1-3
+- remove bats as it's not present in RHEL
+- Related: #1883490
+
+* Mon Jan 11 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.98.1-2
+- harden the toolbox binary
+- minor fixes
+- Related: #1883490
+
+* Fri Jan 08 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.98.1-1
+- Rebase to github.com/containers/toolbox