Commit Graph

77 Commits

Author SHA1 Message Date
Debarshi Ray
da83eb99bb tests: Remove redundant environment variable
There's no need to explicitly set the PODMAN environment variable to its
default value of /usr/bin/podman.

Resolves: RHEL-19772
2024-01-15 12:09:09 +01:00
Debarshi Ray
e6e959cdec Unify the build with Fedora
It clarifies that %golang_arches_future are meant for RHEL 10, and drops
the custom /etc/containers/toolbox.conf from RHEL 10.

There's no need to do a build just for this.

Resolves: RHEL-19772
2024-01-15 12:07:05 +01:00
Debarshi Ray
d4673ed8f9 Rebuild for CVE-2023-39318, CVE-2023-39319, CVE-2023-39325
... and CVE-2023-44487.

Resolves: RHEL-4435, RHEL-4439, RHEL-12694
2023-11-27 12:15:23 +01:00
Debarshi Ray
67b4d2d272 Simplify removing the user's password
Resolves: RHEL-1834
2023-10-02 11:59:54 +02:00
Debarshi Ray
20744449c4 Consolidate the post-release upstream patches for fixing the build
There's no need to do a build just for this.

Resolves: RHEL-1834
2023-10-02 11:50:08 +02:00
Debarshi Ray
2ab5b81b7a Unify the build with Fedora
Source and Patch listings should not be conditionalized, as that causes
SRPM contents to be inconsistent [1].

There's no need to do a build just for this.

[1] Fedora commit 006d4f5d81
    https://src.fedoraproject.org/rpms/toolbox/c/006d4f5d814545d8
    https://src.fedoraproject.org/rpms/toolbox/pull-request/14

Resolves: RHEL-1834
2023-10-02 11:48:14 +02:00
Debarshi Ray
f6f9b4530c Be aware of security hardened mount points
Resolves: #2222789
2023-08-11 18:04:07 +02:00
Debarshi Ray
e4ff936034 Rebuild for CVE-2023-24539, CVE-2023-24540 and CVE-2023-29400
Resolves: #2221850
2023-08-07 18:09:05 +02:00
Debarshi Ray
a1f66924b0 Add missing CVE and bug number to the %changelog
Fallout from 6845fe90fc

Resolves: #2203706
2023-06-06 16:50:39 +02:00
Debarshi Ray
6845fe90fc Rebuild for CVE-2022-41723, CVE-2023-24534, CVE-2023-24536
... and CVE-2023-24538.

Resolves: #2187337, #2187385, #2203706
2023-06-01 16:17:50 +02:00
Debarshi Ray
470e37ec61 Rebuild for CVE-2022-41724 and CVE-2022-41725
Resolves: #2179968
2023-05-16 16:21:00 +02:00
Debarshi Ray
823a1ead07 Fix the generation of the shell completions
While the test environment for the merge request set up by Zuul has
subordinate ID ranges set up [1], the CentOS Stream builders used by
'centpkg build' don't [2].

[1] https://gitlab.com/redhat/centos-stream/rpms/toolbox/-/merge_requests/59
[2] https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=2102196

Fallout from 6d8f4e2a69

Resolves: #2164984, #2165742
2023-04-04 02:06:57 +02:00
Debarshi Ray
d00efc241e Remove some leftovers
These don't seem necessary for RHEL 9 anymore.

Fallout from 6d8f4e2a69

Resolves: #2164984, #2165742
2023-04-04 01:06:42 +02:00
Debarshi Ray
6d8f4e2a69 Update to 0.0.99.4
... and fix CVE-2022-3064.

Resolves: #2164984, #2165742
2023-04-04 00:31:43 +02:00
Debarshi Ray
b1490b380c Revert "toolbox-0.0.99.3-2.el9"
There's no need to do a build just for this.

This reverts commit 2a480fd8da.

Resolves: #2165742
2023-04-03 22:09:39 +02:00
Debarshi Ray
ccb07d1722 Use %gomkdir because it's available in RHEL 9
There's no need to do a build just for this.

Resolves: #2165742
2023-04-03 21:06:01 +02:00
Debarshi Ray
6de1fe7c46 Drop redundant ExcludeArch
The %gometa RPM macro also generates a ExclusiveArch on %golang_arches
which doesn't include %ix86.

Fallout from 067c49f5d1

Resolves: #2165742
2023-04-03 19:42:27 +02:00
Debarshi Ray
fe04830ffe Use %gomodulesmode introduced in go-rpm-macros-3.0.10
There's no need to do a build just for this.

Resolves: #2165742
2023-04-03 19:26:04 +02:00
Debarshi Ray
8c0c8e65c3 Drop redundant option from %meson
There's no need to pass the --buildtype=plain option to the %meson RPM
macro, because it's one of the default options used by the macro.

There's no need to do a build just for this.

Fallout from ca4846e684

Resolves: #2165742
2023-04-03 19:19:55 +02:00
Debarshi Ray
b78b156b3f Add missing 'BuildRequires: gcc'
A C compiler is necessary to build Toolbx [1].  GCC is being pulled in
by the other BuildRequires, but it's good to explicitly list it since
GCC isn't part of the default buildroot since Fedora 29 [2] and will
prevent the compiler from unexpectedly changing to Clang.

There's no need to do a build just for this.

[1] Upstream commit c8aaed52c547e24e
    https://github.com/containers/toolbox/commit/c8aaed52c547e24e
    https://github.com/containers/toolbox/pull/923

[2] https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot

Resolves: #2165742
2023-04-03 19:13:50 +02:00
Debarshi Ray
031f4f7df3 Rebuild for CVE-2022-41717
Resolves: #2164292
2023-02-06 21:46:54 +01:00
Debarshi Ray
95ab8df3c3 Support RHEL 9 Toolbx containers
Resolves: #2163752
2023-01-30 15:24:28 +01:00
Debarshi Ray
739099e5a4 Unbreak sorting and clearly identify copied images in 'list'
Resolves: #2033282
2022-12-13 01:16:26 +01:00
Debarshi Ray
aa3d041937 Rebuild for CVE-2022-27664 and CVE-2022-32189
This commit resolves both bugs 2116786 and 2126772.  However, since the
latter doesn't have all approvals yet, it's not listed below.  Else,
the check-gitbz test will fail and block this from getting merged.

Resolves: #2116786
2022-10-14 00:42:43 +02:00
Debarshi Ray
aa1a1d24b6 Rebuild for CVE-2022-1705, CVE-2022-30630, CVE-2022-30631
... and CVE-2022-30632.

Resolves: #2111830
2022-08-16 23:23:14 +02:00
Debarshi Ray
c4cb9d3f29 Bump the minimum required golang version for added reassurance
Resolves: #2060769, #2089194
2022-06-22 13:18:00 +02:00
Tomas Pelka
f55ff2583f Fixing the correct gating test name. 2022-05-17 06:50:08 +00:00
Debarshi Ray
b5a0d2a45c Rebuild for FIPS-mode memory leak in the Go toolchain
Toolbx doesn't seem to directly use any cryptography, but go.sum does
list golang.org/x/crypto, which indicates that it's present somewhere
in the dependency chain.

Looking inside the vendored sources, there doesn't seem to be any
actual use of golang.org/x/crypto but it's still listed in the go.sum
files of some of the packages.

Interestingly, github.com/godbus/dbus does use crypto/rand and
crypto/sha1, and the former is a cryptographically secure random number
generator [1], but note that these aren't part of golang.org/x/crypto.

Anyway, it's better and easier to just rebuild the package than trying
to decipher if Toolbx is affected by the FIPS-mode memory leak in the
Go toolchain that affects cryptographic code.

[1] https://pkg.go.dev/crypto/rand

Resolves: #2060769
2022-05-16 23:22:39 +02:00
Jindrich Novy
2a480fd8da toolbox-0.0.99.3-2.el9
- BuildRequires: /usr/bin/go-md2man
- Related: #2061316

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2022-05-11 10:56:28 +02:00
Tomas Popela
c7f3708c66 rpminspec: rhel-policy -> hardened
rhel-policy was renamed to hardened in annocheck
2022-02-09 16:02:50 +01:00
Debarshi Ray
b4fb8f3c3a Silence 'rpminspect --tests=annocheck'
Note that all (default rhel-policy) flags need to be repeated. If some
configuration flags are overwritten, it will completely overwrite the
defaults (--ignore-unknown --verbose).

See:
https://gitlab.com/redhat/centos-stream/rpms/valgrind/-/blob/c9s/rpminspect.yaml

Resolves: #2000807
2021-12-17 12:40:50 +01:00
Debarshi Ray
862b07a86e Silence 'rpminspect --tests=runpath'
Resolves: #2000807
2021-12-17 01:11:05 +01:00
Debarshi Ray
06c284b9ce tests: Fix the tag of the default image
The test suite should use the latest build of the image for any given
RHEL minor release. Otherwise, it won't detect any breakage caused by
changes to the image.

Resolves: #2000807
2021-12-16 23:46:53 +01:00
Debarshi Ray
7212974445 tests: Add missing newline at end of file
Otherwise, it's difficult to read the file with cat(1).

Resolves: #2000807
2021-12-16 23:30:02 +01:00
Debarshi Ray
cd00cb09ca tests: Fix the permissions of /etc/containers/toolbox.conf
The RPM installs /etc/containers/toolbox.conf with its permissions set
to 0644, and there's no reason for the test suite to deviate from that.

Resolves: #2000807
2021-12-16 23:26:20 +01:00
Debarshi Ray
0b9dac8c68 Update to 0.0.99.3
- BuildRequire only systemd-rpm-macros as recommended by the Fedora
  packaging guidelines:
  https://docs.fedoraproject.org/en-US/packaging-guidelines/Tmpfiles.d/
  https://pagure.io/packaging-committee/issue/824

- Update the Summary to match upstream

- Update the URL to point to the website

Resolves: #2000807
2021-12-10 14:29:33 +01:00
Debarshi Ray
d4a6831d26 Suggest a way forward if coreos/toolbox was used
Resolves: #2006802
2021-09-22 16:02:35 +02:00
Debarshi Ray
3b440cd46a Use the Toolbox-specific UBI image for RHEL 9
This is RHEL 9, not RHEL 8. Hence the image for RHEL 9 should be used.

Fallout from e4faf0256c

Resolves: #2004563
2021-09-22 15:20:48 +02:00
Debarshi Ray
e4faf0256c Switch to using the Toolbox-specific UBI image by default
Resolves: #2004563
2021-09-22 14:33:18 +02:00
Oliver Gutierrez
b43ce464c3
Changed image for tests and tests parameters
Related: #2000051
2021-09-16 15:35:17 +01:00
Oliver Gutierrez
573971252e
Changed default image for tests
Related: #2000051
2021-09-16 11:45:05 +01:00
Oliver Gutierrez
d037151cc0
Added ability to force test system id and version id
Related: #2000051
2021-09-14 13:47:38 +01:00
Oliver Gutierrez
d5f960300f
Fixed test roles and changed default image path
Related: #2000051
2021-09-14 11:20:59 +01:00
Oliver Gutierrez
fcacaff8de
Version bump for rebuild
Related: rhbz#2000051
2021-09-14 10:46:27 +01:00
Oliver Gutierrez
8eac0d08fd
Added new role to setup default container image
Related: rhbz#2000051
2021-09-14 10:19:51 +01:00
Oliver Gutierrez
62a7b56985
Added missing gating tests files and patch for tests
Related: rhbz#2000051
2021-09-03 17:42:09 +01:00
Jindrich Novy
768bb82508 toolbox-0.0.99.3-0.6.git660b6970e998.el9
- re-add gating tests
- Related: #2000051

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2021-09-03 16:06:00 +02:00
Jindrich Novy
b9680ab712 toolbox-0.0.99.3-0.5.git660b6970e998.el9
- Make sosreport work by setting the HOST environment variable
- Related: #2000051

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
2021-09-03 11:31:08 +02:00
Oliver Gutierrez
38f416cd16
Fixed bogus date in changelog
Related: rhbz#1977343
2021-08-30 15:47:11 +01:00
Oliver Gutierrez
b0004b6b93
Updated bats version for gating tests
Related: rhbz#1977343
2021-08-30 15:20:24 +01:00