Commit Graph

69 Commits

Author SHA1 Message Date
Debarshi Ray
a1f66924b0 Add missing CVE and bug number to the %changelog
Fallout from 6845fe90fc

Resolves: #2203706
2023-06-06 16:50:39 +02:00
Debarshi Ray
6845fe90fc Rebuild for CVE-2022-41723, CVE-2023-24534, CVE-2023-24536
... and CVE-2023-24538.

Resolves: #2187337, #2187385, #2203706
2023-06-01 16:17:50 +02:00
Debarshi Ray
470e37ec61 Rebuild for CVE-2022-41724 and CVE-2022-41725
Resolves: #2179968
2023-05-16 16:21:00 +02:00
Debarshi Ray
823a1ead07 Fix the generation of the shell completions
While the test environment for the merge request set up by Zuul has
subordinate ID ranges set up [1], the CentOS Stream builders used by
'centpkg build' don't [2].

[1] https://gitlab.com/redhat/centos-stream/rpms/toolbox/-/merge_requests/59
[2] https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=2102196

Fallout from 6d8f4e2a69

Resolves: #2164984, #2165742
2023-04-04 02:06:57 +02:00
Debarshi Ray
d00efc241e Remove some leftovers
These don't seem necessary for RHEL 9 anymore.

Fallout from 6d8f4e2a69

Resolves: #2164984, #2165742
2023-04-04 01:06:42 +02:00
Debarshi Ray
6d8f4e2a69 Update to 0.0.99.4
... and fix CVE-2022-3064.

Resolves: #2164984, #2165742
2023-04-04 00:31:43 +02:00
Debarshi Ray
b1490b380c Revert "toolbox-0.0.99.3-2.el9"
There's no need to do a build just for this.

This reverts commit 2a480fd8da.

Resolves: #2165742
2023-04-03 22:09:39 +02:00
Debarshi Ray
ccb07d1722 Use %gomkdir because it's available in RHEL 9
There's no need to do a build just for this.

Resolves: #2165742
2023-04-03 21:06:01 +02:00
Debarshi Ray
6de1fe7c46 Drop redundant ExcludeArch
The %gometa RPM macro also generates a ExclusiveArch on %golang_arches
which doesn't include %ix86.

Fallout from 067c49f5d1

Resolves: #2165742
2023-04-03 19:42:27 +02:00
Debarshi Ray
fe04830ffe Use %gomodulesmode introduced in go-rpm-macros-3.0.10
There's no need to do a build just for this.

Resolves: #2165742
2023-04-03 19:26:04 +02:00
Debarshi Ray
8c0c8e65c3 Drop redundant option from %meson
There's no need to pass the --buildtype=plain option to the %meson RPM
macro, because it's one of the default options used by the macro.

There's no need to do a build just for this.

Fallout from ca4846e684

Resolves: #2165742
2023-04-03 19:19:55 +02:00
Debarshi Ray
b78b156b3f Add missing 'BuildRequires: gcc'
A C compiler is necessary to build Toolbx [1].  GCC is being pulled in
by the other BuildRequires, but it's good to explicitly list it since
GCC isn't part of the default buildroot since Fedora 29 [2] and will
prevent the compiler from unexpectedly changing to Clang.

There's no need to do a build just for this.

[1] Upstream commit c8aaed52c547e24e
    https://github.com/containers/toolbox/commit/c8aaed52c547e24e
    https://github.com/containers/toolbox/pull/923

[2] https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot

Resolves: #2165742
2023-04-03 19:13:50 +02:00
Debarshi Ray
031f4f7df3 Rebuild for CVE-2022-41717
Resolves: #2164292
2023-02-06 21:46:54 +01:00
Debarshi Ray
95ab8df3c3 Support RHEL 9 Toolbx containers
Resolves: #2163752
2023-01-30 15:24:28 +01:00
Debarshi Ray
739099e5a4 Unbreak sorting and clearly identify copied images in 'list'
Resolves: #2033282
2022-12-13 01:16:26 +01:00
Debarshi Ray
aa3d041937 Rebuild for CVE-2022-27664 and CVE-2022-32189
This commit resolves both bugs 2116786 and 2126772.  However, since the
latter doesn't have all approvals yet, it's not listed below.  Else,
the check-gitbz test will fail and block this from getting merged.

Resolves: #2116786
2022-10-14 00:42:43 +02:00
Debarshi Ray
aa1a1d24b6 Rebuild for CVE-2022-1705, CVE-2022-30630, CVE-2022-30631
... and CVE-2022-30632.

Resolves: #2111830
2022-08-16 23:23:14 +02:00
Debarshi Ray
c4cb9d3f29 Bump the minimum required golang version for added reassurance
Resolves: #2060769, #2089194
2022-06-22 13:18:00 +02:00
Tomas Pelka
f55ff2583f Fixing the correct gating test name. 2022-05-17 06:50:08 +00:00
Debarshi Ray
b5a0d2a45c Rebuild for FIPS-mode memory leak in the Go toolchain
Toolbx doesn't seem to directly use any cryptography, but go.sum does
list golang.org/x/crypto, which indicates that it's present somewhere
in the dependency chain.

Looking inside the vendored sources, there doesn't seem to be any
actual use of golang.org/x/crypto but it's still listed in the go.sum
files of some of the packages.

Interestingly, github.com/godbus/dbus does use crypto/rand and
crypto/sha1, and the former is a cryptographically secure random number
generator [1], but note that these aren't part of golang.org/x/crypto.

Anyway, it's better and easier to just rebuild the package than trying
to decipher if Toolbx is affected by the FIPS-mode memory leak in the
Go toolchain that affects cryptographic code.

[1] https://pkg.go.dev/crypto/rand

Resolves: #2060769
2022-05-16 23:22:39 +02:00
Jindrich Novy
2a480fd8da toolbox-0.0.99.3-2.el9
- BuildRequires: /usr/bin/go-md2man
- Related: #2061316

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2022-05-11 10:56:28 +02:00
Tomas Popela
c7f3708c66 rpminspec: rhel-policy -> hardened
rhel-policy was renamed to hardened in annocheck
2022-02-09 16:02:50 +01:00
Debarshi Ray
b4fb8f3c3a Silence 'rpminspect --tests=annocheck'
Note that all (default rhel-policy) flags need to be repeated. If some
configuration flags are overwritten, it will completely overwrite the
defaults (--ignore-unknown --verbose).

See:
https://gitlab.com/redhat/centos-stream/rpms/valgrind/-/blob/c9s/rpminspect.yaml

Resolves: #2000807
2021-12-17 12:40:50 +01:00
Debarshi Ray
862b07a86e Silence 'rpminspect --tests=runpath'
Resolves: #2000807
2021-12-17 01:11:05 +01:00
Debarshi Ray
06c284b9ce tests: Fix the tag of the default image
The test suite should use the latest build of the image for any given
RHEL minor release. Otherwise, it won't detect any breakage caused by
changes to the image.

Resolves: #2000807
2021-12-16 23:46:53 +01:00
Debarshi Ray
7212974445 tests: Add missing newline at end of file
Otherwise, it's difficult to read the file with cat(1).

Resolves: #2000807
2021-12-16 23:30:02 +01:00
Debarshi Ray
cd00cb09ca tests: Fix the permissions of /etc/containers/toolbox.conf
The RPM installs /etc/containers/toolbox.conf with its permissions set
to 0644, and there's no reason for the test suite to deviate from that.

Resolves: #2000807
2021-12-16 23:26:20 +01:00
Debarshi Ray
0b9dac8c68 Update to 0.0.99.3
- BuildRequire only systemd-rpm-macros as recommended by the Fedora
  packaging guidelines:
  https://docs.fedoraproject.org/en-US/packaging-guidelines/Tmpfiles.d/
  https://pagure.io/packaging-committee/issue/824

- Update the Summary to match upstream

- Update the URL to point to the website

Resolves: #2000807
2021-12-10 14:29:33 +01:00
Debarshi Ray
d4a6831d26 Suggest a way forward if coreos/toolbox was used
Resolves: #2006802
2021-09-22 16:02:35 +02:00
Debarshi Ray
3b440cd46a Use the Toolbox-specific UBI image for RHEL 9
This is RHEL 9, not RHEL 8. Hence the image for RHEL 9 should be used.

Fallout from e4faf0256c

Resolves: #2004563
2021-09-22 15:20:48 +02:00
Debarshi Ray
e4faf0256c Switch to using the Toolbox-specific UBI image by default
Resolves: #2004563
2021-09-22 14:33:18 +02:00
Oliver Gutierrez
b43ce464c3
Changed image for tests and tests parameters
Related: #2000051
2021-09-16 15:35:17 +01:00
Oliver Gutierrez
573971252e
Changed default image for tests
Related: #2000051
2021-09-16 11:45:05 +01:00
Oliver Gutierrez
d037151cc0
Added ability to force test system id and version id
Related: #2000051
2021-09-14 13:47:38 +01:00
Oliver Gutierrez
d5f960300f
Fixed test roles and changed default image path
Related: #2000051
2021-09-14 11:20:59 +01:00
Oliver Gutierrez
fcacaff8de
Version bump for rebuild
Related: rhbz#2000051
2021-09-14 10:46:27 +01:00
Oliver Gutierrez
8eac0d08fd
Added new role to setup default container image
Related: rhbz#2000051
2021-09-14 10:19:51 +01:00
Oliver Gutierrez
62a7b56985
Added missing gating tests files and patch for tests
Related: rhbz#2000051
2021-09-03 17:42:09 +01:00
Jindrich Novy
768bb82508 toolbox-0.0.99.3-0.6.git660b6970e998.el9
- re-add gating tests
- Related: #2000051

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2021-09-03 16:06:00 +02:00
Jindrich Novy
b9680ab712 toolbox-0.0.99.3-0.5.git660b6970e998.el9
- Make sosreport work by setting the HOST environment variable
- Related: #2000051

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2021-09-03 11:31:08 +02:00
Oliver Gutierrez
38f416cd16
Fixed bogus date in changelog
Related: rhbz#1977343
2021-08-30 15:47:11 +01:00
Oliver Gutierrez
b0004b6b93
Updated bats version for gating tests
Related: rhbz#1977343
2021-08-30 15:20:24 +01:00
Oliver Gutierrez
188290c2ab
Version bump for rebuilding and test gating
Resolves: rhbz#1977343
2021-08-24 13:01:59 +01:00
Oliver Gutierrez
66677d233d
Added gating based on podman gating
Resolves: rhbz#1977343
2021-08-24 11:14:29 +01:00
Mohan Boddu
185b7a847f Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-10 01:07:01 +00:00
Tomas Popela
d824208ae6 Upload the fixed tarball
Related: #1970747
2021-08-04 21:50:27 +02:00
Debarshi Ray
4721e8ac6c Fix the build on CentOS Stream
Looks like centpkg can't handle the current guidelines for versioning
snapshot builds [1].

[1] https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/#_snapshots

Related: #1970747
2021-08-02 15:40:14 +02:00
Jindrich Novy
7ebedec3a3 toolbox-0.0.99.2^1.git660b6970e998-1.el9
- Add support for configuration files
- Related: #1970747

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2021-07-28 15:04:29 +02:00
Jindrich Novy
b817729eef toolbox-0.0.99.2-3.el9
- Expose the host's entire / in the container at /run/host
- Resolves: #1977343

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2021-07-10 09:03:32 +02:00
Jindrich Novy
067c49f5d1 toolbox-0.0.99.2-2.el9
- Actually apply the patch to make 'toolbox' create or fall back to a
  container if possible
- Support logging into a registry if necessary
- Resolves: #1977343

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2021-07-05 13:14:16 +02:00