Compare commits

...

No commits in common. "c8-stream-2.0" and "c8-beta-stream-rhel8" have entirely different histories.

8 changed files with 503 additions and 56 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/0.0.7.tar.gz
SOURCES/toolbox-0.0.99.5-vendored.tar.xz

View File

@ -1 +1 @@
c4f1c5b9391558c4626c7bc5882afa9bbe095a9b SOURCES/0.0.7.tar.gz
9b8595f66d8dd76636c308426919bb81cba5498a SOURCES/toolbox-0.0.99.5-vendored.tar.xz

View File

@ -0,0 +1,104 @@
From 4587b6e9240bf936b760e901435c4cfdd9c582b6 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Wed, 18 Aug 2021 17:55:21 +0200
Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST
environment variable
https://bugzilla.redhat.com/show_bug.cgi?id=1940037
---
src/cmd/run.go | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/cmd/run.go b/src/cmd/run.go
index e2e31d9da4e6..84ad46518bfc 100644
--- a/src/cmd/run.go
+++ b/src/cmd/run.go
@@ -498,6 +498,7 @@ func constructExecArgs(container, preserveFDs string,
execArgs = append(execArgs, envOptions...)
execArgs = append(execArgs, []string{
+ "--env", "HOST=/run/host",
"--interactive",
"--preserve-fds", preserveFDs,
}...)
--
2.43.0
From 892c33ed75443de90a2caa90959387bbc270c564 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Fri, 10 Dec 2021 13:42:15 +0100
Subject: [PATCH 2/2] test/system: Update to test the migration path for
coreos/toolbox users
This reverts the changes to the tests made in commit
411147988b730dabf8b9e761a5426e12d648f008 by restoring commit
ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit
3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed.
---
test/system/002-help.bats | 14 --------------
test/system/100-root.bats | 27 +++++++++++++++++++++++++++
2 files changed, 27 insertions(+), 14 deletions(-)
create mode 100644 test/system/100-root.bats
diff --git a/test/system/002-help.bats b/test/system/002-help.bats
index 695c51f92e7e..5fa4c6fe0b4c 100644
--- a/test/system/002-help.bats
+++ b/test/system/002-help.bats
@@ -23,20 +23,6 @@ setup() {
_setup_environment
}
-@test "help: Smoke test" {
- run --keep-empty-lines --separate-stderr "$TOOLBOX"
-
- assert_failure
- assert [ ${#lines[@]} -eq 0 ]
- lines=("${stderr_lines[@]}")
- assert_line --index 0 "Error: missing command"
- assert_line --index 2 "create Create a new toolbox container"
- assert_line --index 3 "enter Enter an existing toolbox container"
- assert_line --index 4 "list List all existing toolbox containers and images"
- assert_line --index 6 "Run 'toolbox --help' for usage."
- assert [ ${#stderr_lines[@]} -eq 7 ]
-}
-
@test "help: Command 'help'" {
if ! command -v man 2>/dev/null; then
skip "not found man(1)"
diff --git a/test/system/100-root.bats b/test/system/100-root.bats
new file mode 100644
index 000000000000..32d87904213e
--- /dev/null
+++ b/test/system/100-root.bats
@@ -0,0 +1,27 @@
+#!/usr/bin/env bats
+
+load 'libs/bats-support/load'
+load 'libs/bats-assert/load'
+load 'libs/helpers'
+
+setup() {
+ _setup_environment
+ cleanup_containers
+}
+
+teardown() {
+ cleanup_containers
+}
+
+@test "root: Try to enter the default container with no containers created" {
+ run $TOOLBOX <<< "n"
+
+ assert_success
+ assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command."
+ assert_line --index 1 "Run 'toolbox --help' for usage."
+}
+
+# TODO: Write the test
+@test "root: Enter the default container when 1 non-default container is present" {
+ skip "Testing of entering toolboxes is not implemented"
+}
--
2.43.0

View File

@ -0,0 +1,55 @@
From 3b5b5b2ca2e284d83275ffb73bc413c9234d7b0a Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} for
PPC64
The Go toolchain also doesn't like the LDFLAGS environment variable as
exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
like the compressed DWARF data generated by the Go toolchain.
Note that these flags are only meant for the "ppc64" CPU architecture,
and should be kept updated to match RHEL's Go guidelines. Use
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
src/go-build-wrapper | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index c572d6dfb02b..1addef1f186b 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
exit 1
fi
-tags=""
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
if $7; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -70,11 +70,16 @@ fi
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+unset LDFLAGS
+
# shellcheck disable=SC2086
go build \
+ -compiler gc \
$tags \
- -trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -a \
+ -v \
+ -x \
-o "$2/$3"
exit "$?"
--
2.43.0

View File

@ -0,0 +1,55 @@
From 2ecd1ac4d83844d5b6314762587fc2347adfdd0f Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags}
The Go toolchain doesn't like the LDFLAGS environment variable as
exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
like the compressed DWARF data generated by the Go toolchain.
Note that these flags are meant for every CPU architecture other than
PPC64, and should be kept updated to match RHEL's Go guidelines. Use
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
src/go-build-wrapper | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index c572d6dfb02b..c492a4e73445 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
exit 1
fi
-tags=""
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
if $7; then
- tags="-tags migration_path_for_coreos_toolbox"
+ tags="$tags,migration_path_for_coreos_toolbox"
fi
if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -70,11 +70,17 @@ fi
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
+unset LDFLAGS
+
# shellcheck disable=SC2086
go build \
+ -buildmode pie \
+ -compiler gc \
$tags \
- -trimpath \
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+ -a \
+ -v \
+ -x \
-o "$2/$3"
exit "$?"
--
2.43.0

17
SOURCES/toolbox.conf Normal file
View File

@ -0,0 +1,17 @@
[general]
# Create a toolbox container for a different operating system distro than the
# host. Cannot be used with 'image'.
## distro = "fedora"
# Create a toolbox container for a different operating system release than the
# host. Cannot be used with 'image'.
## release = "33"
# Change the name of the image used to create the toolbox container. This is
# useful for creating containers from custom-built images. Cannot be used with
# 'distro' or 'release'.
#
# If the name does not contain a registry, the local image storage will be
# consulted, and if it's not present there then it will be pulled from a
# suitable remote registry.
image = "registry.access.redhat.com/ubi8/toolbox:latest"

View File

@ -1,54 +0,0 @@
Name: toolbox
Version: 0.0.7
Release: 1%{?dist}
Summary: Script to launch privileged container with podman
License: ASL 2.0
URL: https://github.com/coreos/toolbox
Source0: https://github.com/coreos/%{name}/archive/%{version}.tar.gz
Requires: podman
BuildArch: noarch
%description
toolbox is a small script that launches a container to let
you bring in your favorite debugging or admin tools.
%define debug_package %{nil}
%prep
%autosetup
%build
# No building required
%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/%{_bindir}
install -m 755 rhcos-toolbox $RPM_BUILD_ROOT/%{_bindir}/toolbox
%files
%license LICENSE
%doc README.md NOTICE
%{_bindir}/toolbox
%changelog
* Tue Mar 24 2020 Jindrich Novy <jnovy@redhat.com> - 0.0.7-1
- New upstream release 0.0.7
- Resolves: #1816287
* Fri Jun 14 2019 Yu Qi Zhang <jerzhang@redhat.com> - 0.0.4-1.el8
- Update for rhel8.1 container-tools module
* Tue May 21 2019 Steve Milner <smilner@redhat.com> - 0.0.4-1.rhaos4.2.el8
- Add help switch per RHBZ#1684258
- Spec fixes found by rpmlint
* Thu May 2 2019 Micah Abbott <miabbott@redhat.com> - 0.0.3-1.rhaos4.1.el8
- Use rhel8/support-tools
* Sat Jan 26 2019 Yu Qi Zhang <jerzhang@redhat.com> - 0.0.2-1.rhaos4.1.el8
- Add runlabel options and fix default image
* Thu Sep 6 2018 Yu Qi Zhang <jerzhang@redhat.com> - 0.0.1-1.rhaos4.1.el8
- Initial Specfile for Red Hat CoreOS Toolbox

270
SPECS/toolbox.spec Normal file
View File

@ -0,0 +1,270 @@
%global __brp_check_rpaths %{nil}
Name: toolbox
Version: 0.0.99.5
%global goipath github.com/containers/%{name}
%gometa
Release: 2%{?dist}
Summary: Tool for interactive command line environments on Linux
License: ASL 2.0
URL: https://containertoolbx.org/
Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz
Source1: %{name}.conf
# RHEL specific
Patch100: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
Patch101: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
Patch102: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
BuildRequires: gcc
BuildRequires: golang >= 1.21.7
BuildRequires: /usr/bin/go-md2man
BuildRequires: meson >= 0.58.0
BuildRequires: pkgconfig(bash-completion)
BuildRequires: shadow-utils-subid-devel
BuildRequires: systemd
BuildRequires: systemd-rpm-macros
Recommends: skopeo
Recommends: subscription-manager
Requires: containers-common
Requires: podman >= 1.6.4
%description
Toolbx is a tool for Linux, which allows the use of interactive command line
environments for development and troubleshooting the host operating system,
without having to install software on the host. It is built on top of Podman
and other standard container technologies from OCI.
Toolbx environments have seamless access to the user's home directory, the
Wayland and X11 sockets, networking (including Avahi), removable devices (like
USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
database, etc..
%package tests
Summary: Tests for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: coreutils
Requires: grep
Requires: httpd-tools
Requires: openssl
Requires: skopeo
%description tests
The %{name}-tests package contains system tests for %{name}.
%prep
%setup -q
%ifnarch ppc64
%patch100 -p1
%else
%patch101 -p1
%endif
%patch102 -p1
# %%gomkdir is absent from RHEL 8.
GOBUILDDIR="$(pwd)/_build"
GOSOURCEDIR="$(pwd)"
if [[ ! -e "$GOBUILDDIR/bin" ]] ; then
install -m 0755 -vd "$GOBUILDDIR/bin"
fi
if [[ ! -e "$GOBUILDDIR/src/%{goipath}" ]] ; then
install -m 0755 -vd "$(dirname $GOBUILDDIR/src/%{goipath})"
ln -fs "$GOSOURCEDIR" "$GOBUILDDIR/src/%{goipath}"
fi
cd "$GOBUILDDIR/src/%{goipath}"
%build
export GO111MODULE=off
GOBUILDDIR="$(pwd)/_build"
export GOPATH="$GOBUILDDIR:%{gopath}"
export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
ln -s src/cmd cmd
ln -s src/pkg pkg
ln -s src/vendor vendor
%meson \
-Dfish_completions_dir=%{_datadir}/fish/vendor_completions.d \
-Dmigration_path_for_coreos_toolbox=true \
-Dprofile_dir=%{_sysconfdir}/profile.d \
-Dtmpfiles_dir=%{_tmpfilesdir} \
-Dzsh_completions_dir=%{_datadir}/zsh/site-functions
%meson_build
%install
%meson_install
install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
%files
%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md
%license COPYING src/vendor/modules.txt
%{_bindir}/%{name}
%{_datadir}/bash-completion
%{_datadir}/fish
%{_datadir}/zsh
%{_mandir}/man1/%{name}.1*
%{_mandir}/man1/%{name}-*.1*
%{_mandir}/man5/%{name}.conf.5*
%config(noreplace) %{_sysconfdir}/containers/%{name}.conf
%{_sysconfdir}/profile.d/%{name}.sh
%{_tmpfilesdir}/%{name}.conf
%files tests
%{_datadir}/%{name}
%changelog
* Mon Feb 19 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-2
- Rebuild for CVE-2023-39326
Resolves: RHEL-18393
* Mon Jan 15 2024 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.5-1
- Update to 0.0.99.5
Resolves: RHEL-19773
* Fri Dec 08 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-8
- Rebuild for CVE-2023-39325 and CVE-2023-44487
Resolves: RHEL-12620
* Mon Nov 27 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-7
- Rebuild for CVE-2023-29406, CVE-2023-39318 and CVE-2023-39319
Resolves: RHEL-4231, RHEL-4475, RHEL-4502
* Mon Oct 02 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-6
- Simplify removing the user's password
Resolves: RHEL-2038
* Fri Aug 11 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-5
- Be aware of security hardened mount points
Resolves: #2144541
* Mon Aug 07 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-4
- Rebuild for CVE-2023-24539, CVE-2023-24540 and CVE-2023-29400
Resolves: #2207514
* Mon Jul 10 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-3
- Rebuild for CVE-2022-41723, CVE-2023-24534, CVE-2023-24536 and
CVE-2023-24538
Resolves: #2187345, #2187368, #2203690
* Mon Jul 10 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-2
- Rebuild for CVE-2022-41724 and CVE-2022-41725
Resolves: #2179952
* Tue Apr 04 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-1
- Update to 0.0.99.4
- Fix CVE-2022-3064
Resolves: #2164981, #2165744
* Mon Feb 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-7
- Rebuild for CVE-2022-41717
Resolves: #2163743
* Mon Jan 30 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-6
- Support RHEL 9 Toolbx containers
Resolves: #2163759
* Tue Dec 13 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-5
- Unbreak sorting and clearly identify copied images in 'list'
Resolves: #2033280
* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-4
- Rebuild for CVE-2022-27664 and CVE-2022-32189
Resolves: #2116767, #2126755
* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-3
- Rebuild for CVE-2022-1705, CVE-2022-30630, CVE-2022-30631 and CVE-2022-30632
Resolves: #2111828
* Mon Nov 07 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-2
- Update to 0.0.99.3
- BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging
guidelines
- Update the Summary to match upstream
- Update the URL to point to the website
Resolves: #2047290
* Wed May 11 2022 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.6
- BuildRequires: /usr/bin/go-md2man
- Related: #2061390
* Fri Apr 08 2022 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.5
- Related: #2061390
* Mon Sep 20 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.4
- Switch to using the Toolbox-specific UBI image by default
- Related: #2001445
* Thu Sep 02 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-0.3
- Suggest a way forward if coreos/toolbox was used
Resolves: #1998191, #2000914
* Thu Aug 26 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.2
- Make sosreport work by setting the HOST environment variable
- Related: #1934415
* Wed Aug 11 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.1
- change release to 0.x so it is obvious it is devel version
- Related: #1934415
* Thu Aug 05 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-1
- Fix the build on CentOS Stream
- Related: #1934415
* Wed Jul 28 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2^1.git660b6970e998-1
- Add support for configuration files
Resolves: #1940082
- Related: #1934415
* Mon Jul 26 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-4
- Instead of offering to log into a registry, just mention 'podman login'
- Related: #1934415
* Sat Jul 10 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-3
- Expose the host's entire / in the container at /run/host
- Related: #1934415
* Mon Jul 05 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-2
- Actually apply the patch to make 'toolbox' create or fall back to a
container if possible
- Support logging into a registry if necessary
- Related: #1934415
* Fri Jul 02 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-1
- Update to 0.0.99.2
- Make 'toolbox' create or fall back to a container if possible
Resolves: #1914687
- Related: #1934415
* Tue Jan 12 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99-1
- Update to 0.0.99
- Related: #1883490
* Tue Jan 12 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.98.1-3
- remove bats as it's not present in RHEL
- Related: #1883490
* Mon Jan 11 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.98.1-2
- harden the toolbox binary
- minor fixes
- Related: #1883490
* Fri Jan 08 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.98.1-1
- Rebase to github.com/containers/toolbox