c91cdf0ad7
This pulls in an extra patch [1] that's necessary to fix the build on only CentOS Stream 9, not Fedora. While not needed, it also doesn't hurt Fedora and has the added benefit of keeping the build unified with RHEL. There's no need to do a build just for this. [1] Upstream commit f555029304415a06 https://github.com/containers/toolbox/commit/f555029304415a06 https://github.com/containers/toolbox/issues/1246
241 lines
8.0 KiB
Diff
241 lines
8.0 KiB
Diff
From 424cc42fba3cb182a360dcdda68caf20d9141ae6 Mon Sep 17 00:00:00 2001
|
||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||
Date: Tue, 28 Feb 2023 17:12:04 +0100
|
||
Subject: [PATCH 1/4] cmd/root: Don't use podman(1) when generating the
|
||
completions
|
||
|
||
Ever since commit bafbbe81c9220cb3, the shell completions are generated
|
||
while building Toolbx using the 'completion' command. This involves
|
||
running toolbox(1) itself, and hence invoking 'podman version' to decide
|
||
if 'podman system migrate' is needed or not.
|
||
|
||
Unfortunately, some build environments, like Fedora's, are set up inside
|
||
a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may
|
||
not work because it does various things with namespaces(7) and clone(2)
|
||
that can, under certain circumstances, encounter an EPERM.
|
||
|
||
Therefore, it's better to avoid using podman(1) when generating the
|
||
shell completions, especially, since they are generated by Cobra itself
|
||
and podman(1) is not involved at all.
|
||
|
||
Note that podman(1) is needed when the generated shell completions are
|
||
actually used in interactive command line environments. The shell
|
||
completions invoke the hidden '__complete' command to get the results
|
||
that are presented to the user, and, if needed, 'podman system migrate'
|
||
will continue to be run as part of that.
|
||
|
||
This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011
|
||
because podman(1) is now only an optional runtime dependency for the
|
||
system tests.
|
||
|
||
https://github.com/containers/podman/issues/17657
|
||
---
|
||
meson.build | 2 +-
|
||
src/cmd/root.go | 9 +++++++--
|
||
2 files changed, 8 insertions(+), 3 deletions(-)
|
||
|
||
diff --git a/meson.build b/meson.build
|
||
index 6f044bb204e3..653a3d3ac588 100644
|
||
--- a/meson.build
|
||
+++ b/meson.build
|
||
@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h'])
|
||
|
||
go = find_program('go')
|
||
go_md2man = find_program('go-md2man')
|
||
-podman = find_program('podman')
|
||
|
||
bats = find_program('bats', required: false)
|
||
codespell = find_program('codespell', required: false)
|
||
htpasswd = find_program('htpasswd', required: false)
|
||
openssl = find_program('openssl', required: false)
|
||
+podman = find_program('podman', required: false)
|
||
shellcheck = find_program('shellcheck', required: false)
|
||
skopeo = find_program('skopeo', required: false)
|
||
|
||
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
||
index 304b03dcd889..9975ccc7a4c8 100644
|
||
--- a/src/cmd/root.go
|
||
+++ b/src/cmd/root.go
|
||
@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error {
|
||
|
||
logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath)
|
||
|
||
- if err := migrate(); err != nil {
|
||
+ if err := migrate(cmd, args); err != nil {
|
||
return err
|
||
}
|
||
|
||
@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error {
|
||
return rootRunImpl(cmd, args)
|
||
}
|
||
|
||
-func migrate() error {
|
||
+func migrate(cmd *cobra.Command, args []string) error {
|
||
logrus.Debug("Migrating to newer Podman")
|
||
|
||
if utils.IsInsideContainer() {
|
||
return nil
|
||
}
|
||
|
||
+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName {
|
||
+ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName)
|
||
+ return nil
|
||
+ }
|
||
+
|
||
configDir, err := os.UserConfigDir()
|
||
if err != nil {
|
||
logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err)
|
||
--
|
||
2.41.0
|
||
|
||
|
||
From 0723706168a1bde708bc9acc203c5e9870bc94d5 Mon Sep 17 00:00:00 2001
|
||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||
Date: Wed, 1 Mar 2023 19:41:56 +0100
|
||
Subject: [PATCH 2/4] cmd/root: Sprinkle a debug log
|
||
|
||
https://github.com/containers/toolbox/pull/1251
|
||
---
|
||
src/cmd/root.go | 1 +
|
||
1 file changed, 1 insertion(+)
|
||
|
||
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
||
index 9975ccc7a4c8..2e7428a20b24 100644
|
||
--- a/src/cmd/root.go
|
||
+++ b/src/cmd/root.go
|
||
@@ -215,6 +215,7 @@ func migrate(cmd *cobra.Command, args []string) error {
|
||
logrus.Debug("Migrating to newer Podman")
|
||
|
||
if utils.IsInsideContainer() {
|
||
+ logrus.Debug("Migration not needed: running inside a container")
|
||
return nil
|
||
}
|
||
|
||
--
|
||
2.41.0
|
||
|
||
|
||
From 0736db58456bb635854493e28a0c36bda49988ce Mon Sep 17 00:00:00 2001
|
||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||
Date: Wed, 1 Mar 2023 19:46:11 +0100
|
||
Subject: [PATCH 3/4] cmd/root: Shuffle some code around and sprinkle some
|
||
debug logs
|
||
|
||
Having a separate convenience function reduces the indentation levels by
|
||
at least one, and sometimes two, and makes it easy to have more detailed
|
||
debug logs.
|
||
|
||
This will make the subsequent commit easier to read.
|
||
|
||
https://github.com/containers/toolbox/issues/1246
|
||
---
|
||
src/cmd/root.go | 32 ++++++++++++++++++++++++--------
|
||
1 file changed, 24 insertions(+), 8 deletions(-)
|
||
|
||
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
||
index 2e7428a20b24..9aafe3e0d3be 100644
|
||
--- a/src/cmd/root.go
|
||
+++ b/src/cmd/root.go
|
||
@@ -1,5 +1,5 @@
|
||
/*
|
||
- * Copyright © 2019 – 2022 Red Hat Inc.
|
||
+ * Copyright © 2019 – 2023 Red Hat Inc.
|
||
*
|
||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||
* you may not use this file except in compliance with the License.
|
||
@@ -139,13 +139,8 @@ func preRun(cmd *cobra.Command, args []string) error {
|
||
if !utils.IsInsideContainer() {
|
||
logrus.Debugf("Running on a cgroups v%d host", cgroupsVersion)
|
||
|
||
- if currentUser.Uid != "0" {
|
||
- logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", currentUser.Username)
|
||
-
|
||
- if _, err := utils.ValidateSubIDRanges(currentUser); err != nil {
|
||
- logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
|
||
- return newSubIDError()
|
||
- }
|
||
+ if _, err := validateSubIDRanges(cmd, args, currentUser); err != nil {
|
||
+ return err
|
||
}
|
||
}
|
||
|
||
@@ -392,3 +387,24 @@ func setUpLoggers() error {
|
||
|
||
return nil
|
||
}
|
||
+
|
||
+func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bool, error) {
|
||
+ logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", user.Username)
|
||
+
|
||
+ if user.Uid == "0" {
|
||
+ logrus.Debugf("Look-up not needed: user %s doesn't need them", user.Username)
|
||
+ return true, nil
|
||
+ }
|
||
+
|
||
+ if utils.IsInsideContainer() {
|
||
+ logrus.Debug("Look-up not needed: running inside a container")
|
||
+ return true, nil
|
||
+ }
|
||
+
|
||
+ if _, err := utils.ValidateSubIDRanges(user); err != nil {
|
||
+ logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
|
||
+ return false, newSubIDError()
|
||
+ }
|
||
+
|
||
+ return true, nil
|
||
+}
|
||
--
|
||
2.41.0
|
||
|
||
|
||
From 02537eac420f49e96110663794ef5f2511eb6860 Mon Sep 17 00:00:00 2001
|
||
From: Jan Zerebecki <jan.suse@zerebecki.de>
|
||
Date: Wed, 1 Mar 2023 19:52:28 +0100
|
||
Subject: [PATCH 4/4] cmd/root: Don't validate subordinate IDs when generating
|
||
the completions
|
||
|
||
Ever since commit bafbbe81c9220cb3, the shell completions are generated
|
||
while building Toolbx using the 'completion' command. This involves
|
||
running toolbox(1) itself, and hence validating the subordinate user and
|
||
group ID ranges.
|
||
|
||
Unfortunately, some build environments, like openSUSE's, don't have
|
||
subordinate ID ranges set up. Therefore, it's better to not validate
|
||
the subordinate ID ranges when generating the shell completions, since
|
||
they are generated by Cobra itself and subordinate ID ranges are not
|
||
involved at all.
|
||
|
||
Note that subordinate ID ranges may be needed when the generated shell
|
||
completions are actually used in interactive command line environments.
|
||
The shell completions invoke the hidden '__complete' command to get the
|
||
results that are presented to the user, and, if needed, the subordinate
|
||
ID ranges will continue to be used by podman(1) as part of that.
|
||
|
||
Some changes by Debarshi Ray.
|
||
|
||
https://github.com/containers/toolbox/issues/1246
|
||
https://github.com/containers/toolbox/pull/1249
|
||
---
|
||
src/cmd/root.go | 5 +++++
|
||
1 file changed, 5 insertions(+)
|
||
|
||
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
||
index 9aafe3e0d3be..aee9fe026ac3 100644
|
||
--- a/src/cmd/root.go
|
||
+++ b/src/cmd/root.go
|
||
@@ -401,6 +401,11 @@ func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bo
|
||
return true, nil
|
||
}
|
||
|
||
+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName {
|
||
+ logrus.Debugf("Look-up not needed: command %s doesn't need them", cmdName)
|
||
+ return true, nil
|
||
+ }
|
||
+
|
||
if _, err := utils.ValidateSubIDRanges(user); err != nil {
|
||
logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
|
||
return false, newSubIDError()
|
||
--
|
||
2.41.0
|
||
|