[CI:BUILD] Packit: add jobs for downstream Fedora package builds

Get rid of `podman.spec.rpkg` in favour of
`rpm/podman.spec` which gets synced with fedora dist-git on every
upstream release. The version in the new spec file is set to `0` by
default and gets updated by packit automatically on every packit task.

For local manual rpm builds using the spec, the helper script in the
`rpm/` subdir will update the Version field with the latest version
found in the upstream repo.

Packit will automatically create a PR on fedora dist-git on every new
upstream release. A sample PR will look like:
https://src.fedoraproject.org/rpms/container-selinux/pull-request/10#

A dry run for this can be triggered using:
`$ packit propose-downstream --local-content`

To run this command locally, you would need to have your packit
user-configuration-file set.
Ref: https://packit.dev/docs/configuration/#user-configuration-file

along with a fedora api key created at:
https://src.fedoraproject.org/settings#nav-api-tab with sufficient ACLs.

Also includes a revised `package` Makefile target which will build rpms
using `rpm/podman.spec`. Fixes: #18421.

[NO NEW TESTS NEEDED]

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>

.packit.sh

@@ -5,24 +5,33 @@
 
 set -eo pipefail
 
-# Get Version from version/version.go in HEAD
-VERSION=$(grep '^const RawVersion' version/rawversion/version.go | cut -d\" -f2 | sed -e 's/-/~/')
+# Set path to rpm spec file
+SPEC_FILE=rpm/podman.spec
+
+# Get Version from HEAD
+VERSION=$(grep '^const RawVersion' version/rawversion/version.go | cut -d\" -f2)
+
+# RPM Version can't take "-"
+RPM_VERSION=$(echo $VERSION | sed -e 's/-/~/')
 
 # Generate source tarball from HEAD
 git archive --prefix=podman-$VERSION/ -o podman-$VERSION.tar.gz HEAD
 
+# rpmbuild expects source tarball in the same dir as spec file
+mv podman-$VERSION.tar.gz rpm/
+
 # RPM Spec modifications
 
-# Use the Version from version/version.go in rpm spec
-sed -i "s/^Version:.*/Version: $VERSION/" podman.spec
+# Use the Version from HEAD in rpm spec
+sed -i "s/^Version:.*/Version: $RPM_VERSION/" $SPEC_FILE
 
 # Use Packit's supplied variable in the Release field in rpm spec.
 # podman.spec is generated using `rpkg spec --outdir ./` as mentioned in the
 # `post-upstream-clone` action in .packit.yaml.
-sed -i "s/^Release:.*/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" podman.spec
+sed -i "s/^Release:.*/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" $SPEC_FILE
 
 # Use above generated tarball as Source in rpm spec
-sed -i "s/^Source:.*.tar.gz/Source: podman-$VERSION.tar.gz/" podman.spec
+sed -i "s/^Source0:.*.tar.gz/Source0: podman-$VERSION.tar.gz/" $SPEC_FILE
 
-# Use the right build dir for autosetup stage in rpm spec
-sed -i "s/^%setup.*/%autosetup -Sgit -n %{name}-$VERSION/" podman.spec
+# Update setup macro to use the correct build dir
+sed -i "s/^%autosetup.*/%autosetup -Sgit -n %{name}-$VERSION/" $SPEC_FILE

.packit.yaml

@@ -5,7 +5,8 @@
 # Build targets can be found at:
 # https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/
 
-specfile_path: podman.spec
+specfile_path: rpm/podman.spec
+upstream_tag_template: v{version}
 
 jobs:
   - &copr
@@ -18,8 +19,6 @@ jobs:
       - make
       - rpkg
     actions:
-      post-upstream-clone:
-        - "rpkg spec --outdir ./"
       fix-spec-file:
         - "bash .packit.sh"
 
@@ -28,3 +27,24 @@ jobs:
     trigger: commit
     branch: main
     project: podman-next
+
+  - job: propose_downstream
+    trigger: release
+    update_release: false
+    dist_git_branches:
+      - fedora-all
+    #TODO use the right action to update the goimports
+    # For whatever reason, none of the actions seem to work
+    #actions:
+    #    create-patches:
+    #      - "cd rpm && bash update-spec-provides.sh"
+
+  - job: koji_build
+    trigger: commit
+    dist_git_branches:
+      - fedora-all
+
+  - job: bodhi_update
+    trigger: commit
+    dist_git_branches:
+      - fedora-branched # rawhide updates are created automatically

Makefile

@@ -770,7 +770,7 @@ win-gvproxy: test/version/version
 
 .PHONY: package
 package:  ## Build rpm packages
-	rpkg local
+	$(MAKE) -C rpm
 
 ###
 ### Installation targets

podman.spec.rpkg

@@ -1,263 +0,0 @@
-# For automatic rebuilds in COPR
-
-# The following tag is to get correct syntax highlighting for this file in vim text editor
-# vim: syntax=spec
-
-%global with_debug 1
-
-# _user_tmpfiles.d currently undefined on rhel
-%if 0%{?rhel}
-%global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d
-%endif
-
-%if 0%{?with_debug}
-%global _find_debuginfo_dwz_opts %{nil}
-%global _dwz_low_mem_die_limit 0
-%else
-%global debug_package %{nil}
-%endif
-
-# RHEL 8's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we
-# set it separately here and do not depend on RHEL 8's go-srpm-macros package.
-%if !0%{?fedora} && 0%{?rhel} <= 8
-%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
-%endif
-
-Name: {{{ git_dir_name }}}
-Epoch: 101
-Version: {{{ git_dir_version }}}
-Release: 1%{?dist}
-Summary: Manage Pods, Containers and Container Images
-License: Apache-2.0
-URL: https://github.com/containers/podman
-VCS: {{{ git_dir_vcs }}}
-Source:     {{{ git_dir_pack }}}
-%if 0%{?fedora} && ! 0%{?rhel}
-BuildRequires: btrfs-progs-devel
-%endif
-BuildRequires: gcc
-%if 0%{?fedora} >= 37
-BuildRequires: gettext-envsubst
-%else
-BuildRequires: gettext
-%endif
-BuildRequires: golang >= 1.16.6
-BuildRequires: glib2-devel
-BuildRequires: glibc-devel
-BuildRequires: glibc-static
-BuildRequires: git-core
-BuildRequires: go-md2man
-%if 0%{?fedora} || 0%{?rhel} >= 9
-BuildRequires: go-rpm-macros
-%endif
-%if 0%{?rhel} <= 8
-BuildRequires: pkgconfig(devmapper)
-BuildRequires: python3
-%endif
-BuildRequires: gpgme-devel
-BuildRequires: libassuan-devel
-BuildRequires: libgpg-error-devel
-BuildRequires: libseccomp-devel
-BuildRequires: libselinux-devel
-BuildRequires: shadow-utils-subid-devel
-BuildRequires: pkgconfig
-BuildRequires: make
-BuildRequires: ostree-devel
-%{?systemd_requires}
-BuildRequires: systemd
-BuildRequires: systemd-devel
-Requires: conmon >= 2:2.0.30-2
-Requires: containers-common-extra >= 4:1-87
-Recommends: catatonit
-Conflicts: quadlet
-Provides: %{name}-quadlet
-Obsoletes: %{name}-quadlet <= 101:0.0.git.17877.f247b4d4-1
-Provides: %{name}-quadlet = %{epoch}:%{version}-%{release}
-
-%description
-%{name} (Pod Manager) is a fully featured container engine that is a simple
-daemonless tool.  %{name} provides a Docker-CLI comparable command line that
-eases the transition from other container engines and allows the management of
-pods, containers and images.  Simply put: alias docker=%{name}.
-Most %{name} commands can be run as a regular user, without requiring
-additional privileges.
-
-%{name} uses Buildah(1) internally to create container images.
-Both tools share image (not container) storage, hence each can use or
-manipulate images (but not containers) created by the other.
-
-%package docker
-Summary: Emulate Docker CLI using %{name}
-BuildArch: noarch
-Requires: %{name} = %{epoch}:%{version}-%{release}
-Conflicts: docker
-Conflicts: docker-latest
-Conflicts: docker-ce
-Conflicts: docker-ee
-Conflicts: moby-engine
-
-%description docker
-This package installs a script named docker that emulates the Docker CLI by
-executes %{name} commands, it also creates links between all Docker CLI man
-pages and %{name}.
-
-%package tests
-Summary: Tests for %{name}
-Requires: %{name} = %{epoch}:%{version}-%{release}
-Requires: bats
-Requires: jq
-Requires: skopeo
-Requires: nmap-ncat
-Requires: httpd-tools
-Requires: openssl
-Requires: socat
-Requires: buildah
-Requires: gnupg
-
-%description tests
-%{summary}
-
-This package contains system tests for %{name}
-
-%package remote
-Summary: (Experimental) Remote client for managing %{name} containers
-
-%description remote
-Remote client for managing %{name} containers.
-
-%{name}-remote uses the libpod REST API to connect to a %{name} client to
-manage pods, containers and container images. %{name}-remote supports ssh
-connections as well.
-
-%prep
-{{{ git_dir_setup_macro }}}
-
-%build
-%set_build_flags
-%global gomodulesmode GO111MODULE=on
-export CGO_CFLAGS=$CFLAGS
-# These extra flags present in $CFLAGS have been skipped for now as they break the build
-CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
-CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
-CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')
-
-%ifarch x86_64
-export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
-%endif
-
-# build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here?
-LDFLAGS="-X ./libpod/define.buildInfo=$(date +%s)"
-
-# build rootlessport first
-%gobuild -o bin/rootlessport ./cmd/rootlessport
-
-# set base buildtags common to both %%{name} and %%{name}-remote
-export BASEBUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/selinux_tag.sh) $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)"
-
-# build %%{name}
-export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)"
-%gobuild -o bin/%{name} ./cmd/%{name}
-
-# build %%{name}-remote
-export BUILDTAGS="$BASEBUILDTAGS exclude_graphdriver_btrfs btrfs_noversion remote"
-%gobuild -o bin/%{name}-remote ./cmd/%{name}
-
-# build quadlet
-export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)"
-%gobuild -o bin/quadlet ./cmd/quadlet
-
-make docs docker-docs
-
-%install
-PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} ETCDIR=%{_sysconfdir} \
-        install.bin \
-        install.man \
-        install.systemd \
-        install.completions \
-        install.docker \
-        install.docker-docs \
-        install.remote \
-%if 0%{?fedora} || 0%{?rhel} >= 10
-        install.modules-load
-%endif
-
-# Sanitize paths in %%{_bindir}/docker
-sed -i 's;%{buildroot}%{_sysconfdir};%{_sysconfdir}/containers;g' %{buildroot}%{_bindir}/docker
-
-install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
-cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
-
-# do not include docker and %%{name}-remote man pages in main package
-for file in `find %{buildroot}%{_mandir}/man[15] -type f | sed "s,%{buildroot},," | grep -v -e remote -e docker`; do
-    echo "$file*" >> %{name}.file-list
-done
-
-%post
-if [ $1 -eq 1 ]; then
-    %{_bindir}/systemctl enable --now %{name}-restart.service
-fi
-
-%preun
-%systemd_preun %{name}-restart.service
-
-%postun
-%systemd_postun %{name}-restart.service
-
-# This lists all the files that are included in the rpm package and that
-# are going to be installed into target system where the rpm is installed.
-%files -f %{name}.file-list
-%license LICENSE
-%doc README.md CONTRIBUTING.md install.md transfer.md
-%{_bindir}/%{name}
-%dir %{_libexecdir}/%{name}
-%{_libexecdir}/%{name}/rootlessport
-%{_libexecdir}/%{name}/quadlet
-%{_systemdgeneratordir}/%{name}-system-generator
-%{_systemdusergeneratordir}/%{name}-user-generator
-%{_datadir}/bash-completion/completions/%{name}
-# By "owning" the site-functions dir, we don't need to Require zsh
-%dir %{_datadir}/zsh/site-functions
-%{_datadir}/zsh/site-functions/_%{name}
-%dir %{_datadir}/fish/vendor_completions.d
-%{_datadir}/fish/vendor_completions.d/%{name}.fish
-%{_unitdir}/%{name}-auto-update.service
-%{_unitdir}/%{name}-auto-update.timer
-%{_unitdir}/%{name}.service
-%{_unitdir}/%{name}.socket
-%{_unitdir}/%{name}-restart.service
-%{_unitdir}/%{name}-kube@.service
-%{_unitdir}/%{name}-clean-transient.service
-%{_userunitdir}/%{name}-auto-update.service
-%{_userunitdir}/%{name}-auto-update.timer
-%{_userunitdir}/%{name}.service
-%{_userunitdir}/%{name}.socket
-%{_userunitdir}/%{name}-restart.service
-%{_userunitdir}/%{name}-kube@.service
-%{_tmpfilesdir}/%{name}.conf
-%{_user_tmpfilesdir}/%{name}-docker.conf
-%if 0%{?fedora} || 0%{?rhel} >= 10
-%{_modulesloaddir}/%{name}-iptables.conf
-%endif
-
-%files docker
-%{_bindir}/docker
-%{_mandir}/man1/docker*.1*
-%{_mandir}/man5/docker*.5*
-%{_usr}/lib/tmpfiles.d/%{name}-docker.conf
-
-%files remote
-%license LICENSE
-%{_bindir}/%{name}-remote
-%{_mandir}/man1/%{name}-remote*.*
-%{_datadir}/bash-completion/completions/%{name}-remote
-%dir %{_datadir}/fish/vendor_completions.d
-%{_datadir}/fish/vendor_completions.d/%{name}-remote.fish
-%dir %{_datadir}/zsh/site-functions
-%{_datadir}/zsh/site-functions/_%{name}-remote
-
-%files tests
-%license LICENSE
-%{_datadir}/%{name}/test
-
-%changelog
-{{{ git_dir_changelog }}}

rpm/Makefile

@@ -0,0 +1,10 @@
+rpm:
+	$(shell /usr/bin/bash ./update-spec-version.sh)
+	spectool -g podman.spec
+	sudo dnf -y builddep podman.spec
+	rpmbuild -ba \
+		--define '_sourcedir $(shell pwd)' \
+		--define '_rpmdir %{_sourcedir}/RPMS' \
+		--define '_srcrpmdir %{_sourcedir}/SRPMS' \
+		--define '_builddir %{_sourcedir}/BUILD' \
+		podman.spec

rpm/podman.spec

@@ -0,0 +1,422 @@
+%global with_debug 1
+
+%if 0%{?with_debug}
+%global _find_debuginfo_dwz_opts %{nil}
+%global _dwz_low_mem_die_limit 0
+%else
+%global debug_package %{nil}
+%endif
+
+# RHEL 8's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we
+# set it separately here and do not depend on RHEL 8's go-srpm-macros package.
+%if !0%{?fedora} && 0%{?rhel} <= 8
+%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
+%endif
+
+%if 0%{?rhel}
+%bcond_with btrfs
+# _user_tmpfiles.d currently undefined on rhel
+%global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d
+%else
+%bcond_without btrfs
+%endif
+
+# RHEL 8 needs /usr/bin/python3 to build docs
+%if 0%{?rhel} == 8
+%bcond_without python3
+%else
+%bcond_with python3
+%endif
+
+%if 0%{?fedora} || 0%{?rhel} >= 10
+%bcond_without modules_load
+%else
+%bcond_with modules_load
+%endif
+
+%if 0%{?fedora} || 0%{?rhel} >= 9
+%bcond_without go_rpm_macros
+%else
+%bcond_with go_rpm_macros
+%endif
+
+# copr_username is only set on copr environments, not on others like koji
+%if "%{?copr_username}" != "rhcontainerbot"
+%bcond_with copr
+%else
+%bcond_without copr
+%endif
+
+%if 0%{?centos} <= 8
+%bcond_without changelog
+%else
+%bcond_with changelog
+%endif
+
+%if 0%{?fedora}
+%bcond_without golang_arches_future
+%else
+%bcond_with golang_arches_future
+%endif
+
+%global provider github
+%global provider_tld com
+%global project containers
+%global repo %{name}
+# https://github.com/containers/%%{name}
+%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
+%global git0 https://%{import_path}
+
+# dnsname
+%global repo_plugins dnsname
+# https://github.com/containers/dnsname
+%global import_path_plugins %{provider}.%{provider_tld}/%{project}/%{repo_plugins}
+%global git_plugins https://%{import_path_plugins}
+%global commit_plugins 18822f9a4fb35d1349eb256f4cd2bfd372474d84
+
+# gvproxy
+%global repo_gvproxy gvisor-tap-vsock
+# https://github.com/containers/gvisor-tap-vsock
+%global import_path_gvproxy %{provider}.%{provider_tld}/%{project}/%{repo_gvproxy}
+%global git_gvproxy https://%{import_path_gvproxy}
+%global commit_gvproxy aab0ac9367fc5142f5857c36ac2352bcb3c60ab7
+
+# podman
+%global git0 https://github.com/containers/%{name}
+
+Name: podman
+%if %{with copr}
+Epoch: 101
+%else
+Epoch: 5
+%endif
+# DO NOT TOUCH the Version string!
+# The TRUE source of this specfile is:
+# https://github.com/containers/podman/blob/main/rpm/podman.spec
+# If that's what you're reading, Version must be 0, and will be updated by Packit for
+# copr and koji builds.
+# If you're reading this on dist-git, the version is automatically filled in by Packit.
+Version: 0
+License: Apache-2.0 and BSD-2-Clause and BSD-3-Clause and ISC and MIT and MPL-2.0
+Release: %autorelease
+%if %{with golang_arches_future}
+ExclusiveArch: %{golang_arches_future}
+%else
+ExclusiveArch: aarch64 ppc64le s390x x86_64
+%endif
+Summary: Manage Pods, Containers and Container Images
+URL: https://%{name}.io/
+# All SourceN files fetched from upstream
+Source0: %{git0}/archive/v%{version}.tar.gz
+Source1: %{git_plugins}/archive/%{commit_plugins}/%{repo_plugins}-%{commit_plugins}.tar.gz
+Source2: %{git_gvproxy}/archive/%{commit_gvproxy}/%{repo_gvproxy}-%{commit_gvproxy}.tar.gz
+Provides: %{name}-manpages = %{epoch}:%{version}-%{release}
+BuildRequires: %{_bindir}/envsubst
+BuildRequires: go-md2man
+%if %{with btrfs}
+BuildRequires: btrfs-progs-devel
+%endif
+BuildRequires: gcc
+BuildRequires: glib2-devel
+BuildRequires: glibc-devel
+BuildRequires: glibc-static
+BuildRequires: golang
+BuildRequires: git-core
+%if %{with go_rpm_macros}
+BuildRequires: go-rpm-macros
+%endif
+BuildRequires: gpgme-devel
+BuildRequires: libassuan-devel
+BuildRequires: libgpg-error-devel
+BuildRequires: libseccomp-devel
+BuildRequires: libselinux-devel
+BuildRequires: shadow-utils-subid-devel
+BuildRequires: pkgconfig
+BuildRequires: make
+BuildRequires: ostree-devel
+BuildRequires: systemd
+BuildRequires: systemd-devel
+%if %{with python3}
+BuildRequires: python3
+%endif
+Requires: catatonit
+Requires: conmon >= 2:2.1.7-2
+%if 0%{?fedora} > 38
+Requires: containers-common-extra >= 4:1-90
+%else
+%if 0%{?fedora} == 38
+Requires: containers-common-extra >= 4:1-89
+%else
+Requires: containers-common-extra >= 4:1-82
+%endif
+%endif
+Recommends: %{name}-gvproxy = %{epoch}:%{version}-%{release}
+Provides: %{name}-quadlet
+Obsoletes: %{name}-quadlet <= 5:4.4.0-1
+Provides: %{name}-quadlet = %{epoch}:%{version}-%{release}
+# TODO: need to find the right action in packit propose-downstream to update
+# the goimports here. None of the actions seem to work so far.
+# DO NOT DELETE BELOW LINE - used for updating downstream goimports
+# vendored libraries
+
+%description
+%{name} (Pod Manager) is a fully featured container engine that is a simple
+daemonless tool.  %{name} provides a Docker-CLI comparable command line that
+eases the transition from other container engines and allows the management of
+pods, containers and images.  Simply put: alias docker=%{name}.
+Most %{name} commands can be run as a regular user, without requiring
+additional privileges.
+
+%{name} uses Buildah(1) internally to create container images.
+Both tools share image (not container) storage, hence each can use or
+manipulate images (but not containers) created by the other.
+
+%{summary}
+%{repo} Simple management tool for pods, containers and images
+
+%package docker
+Summary: Emulate Docker CLI using %{name}
+BuildArch: noarch
+Requires: %{name} = %{epoch}:%{version}-%{release}
+Conflicts: docker
+Conflicts: docker-latest
+Conflicts: docker-ce
+Conflicts: docker-ee
+Conflicts: moby-engine
+
+%description docker
+This package installs a script named docker that emulates the Docker CLI by
+executes %{name} commands, it also creates links between all Docker CLI man
+pages and %{name}.
+
+%package tests
+Summary: Tests for %{name}
+
+Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: bats
+Requires: jq
+Requires: skopeo
+Requires: nmap-ncat
+Requires: httpd-tools
+Requires: openssl
+Requires: socat
+Requires: buildah
+Requires: gnupg
+
+%description tests
+%{summary}
+
+This package contains system tests for %{name}
+
+%package remote
+Summary: (Experimental) Remote client for managing %{name} containers
+
+%description remote
+Remote client for managing %{name} containers.
+
+This experimental remote client is under heavy development. Please do not
+run %{name}-remote in production.
+
+%{name}-remote uses the version 2 API to connect to a %{name} client to
+manage pods, containers and container images. %{name}-remote supports ssh
+connections as well.
+
+%package plugins
+Summary: Plugins for %{name}
+Requires: dnsmasq
+Recommends: %{name}-gvproxy = %{epoch}:%{version}-%{release}
+
+%description plugins
+This plugin sets up the use of dnsmasq on a given CNI network so
+that Pods can resolve each other by name.  When configured,
+the pod and its IP address are added to a network specific hosts file
+that dnsmasq will read in.  Similarly, when a pod
+is removed from the network, it will remove the entry from the hosts
+file.  Each CNI network will have its own dnsmasq instance.
+
+%package gvproxy
+Summary: Go replacement for libslirp and VPNKit
+
+%description gvproxy
+A replacement for libslirp and VPNKit, written in pure Go.
+It is based on the network stack of gVisor. Compared to libslirp,
+gvisor-tap-vsock brings a configurable DNS server and
+dynamic port forwarding.
+
+%prep
+%autosetup -Sgit -n %{name}-%{version}
+sed -i 's;@@PODMAN@@\;$(BINDIR);@@PODMAN@@\;%{_bindir};' Makefile
+
+# untar dnsname
+tar zxf %{SOURCE1}
+
+# untar %%{name}-gvproxy
+tar zxf %{SOURCE2}
+
+%build
+%set_build_flags
+export CGO_CFLAGS=$CFLAGS
+# These extra flags present in $CFLAGS have been skipped for now as they break the build
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')
+
+%ifarch x86_64
+export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
+%endif
+
+export GO111MODULE=off
+export GOPATH=$(pwd)/_build:$(pwd)
+
+mkdir _build
+cd _build
+mkdir -p src/%{provider}.%{provider_tld}/%{project}
+ln -s ../../../../ src/%{import_path}
+cd ..
+ln -s vendor src
+
+# build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here?
+LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)"
+
+# build rootlessport first
+%gobuild -o bin/rootlessport %{import_path}/cmd/rootlessport
+
+export BASEBUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)"
+
+# build %%{name}
+export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh)"
+%gobuild -o bin/%{name} %{import_path}/cmd/%{name}
+
+# build %%{name}-remote
+export BUILDTAGS="$BASEBUILDTAGS exclude_graphdriver_btrfs btrfs_noversion remote"
+%gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name}
+
+# build quadlet
+export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)"
+%gobuild -o bin/quadlet %{import_path}/cmd/quadlet
+
+cd %{repo_plugins}-%{commit_plugins}
+mkdir _build
+cd _build
+mkdir -p src/%{provider}.%{provider_tld}/%{project}
+ln -s ../../../../ src/%{import_path_plugins}
+cd ..
+ln -s vendor src
+export GOPATH=$(pwd)/_build:$(pwd)
+%gobuild -o bin/dnsname %{import_path_plugins}/plugins/meta/dnsname
+cd ..
+
+cd %{repo_gvproxy}-%{commit_gvproxy}
+mkdir _build
+cd _build
+mkdir -p src/%{provider}.%{provider_tld}/%{project}
+ln -s ../../../../ src/%{import_path_gvproxy}
+cd ..
+ln -s vendor src
+export GOPATH=$(pwd)/_build:$(pwd)
+%gobuild -o bin/gvproxy %{import_path_gvproxy}/cmd/gvproxy
+cd ..
+
+%{__make} docs docker-docs
+
+%install
+install -dp %{buildroot}%{_unitdir}
+PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{_sysconfdir} \
+       install.bin \
+       install.man \
+       install.systemd \
+       install.completions \
+       install.docker \
+       install.docker-docs \
+       install.remote \
+%if %{with modules_load}
+        install.modules-load
+%endif
+
+sed -i 's;%{buildroot};;g' %{buildroot}%{_bindir}/docker
+
+# install dnsname plugin
+cd %{repo_plugins}-%{commit_plugins}
+%{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
+cd ..
+
+# install gvproxy
+cd %{repo_gvproxy}-%{commit_gvproxy}
+install -dp %{buildroot}%{_libexecdir}/%{name}
+install -p -m0755 bin/gvproxy %{buildroot}%{_libexecdir}/%{name}
+cd ..
+
+# do not include docker and podman-remote man pages in main package
+for file in `find %{buildroot}%{_mandir}/man[15] -type f | sed "s,%{buildroot},," | grep -v -e remote -e docker`; do
+    echo "$file*" >> podman.file-list
+done
+
+rm -f %{buildroot}%{_mandir}/man5/docker*.5
+
+install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
+cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
+
+#define license tag if not already defined
+%{!?_licensedir:%global license %doc}
+
+%files -f %{name}.file-list
+%license LICENSE
+%doc README.md CONTRIBUTING.md install.md transfer.md
+%{_bindir}/%{name}
+%dir %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/rootlessport
+%{_libexecdir}/%{name}/quadlet
+%{_datadir}/bash-completion/completions/%{name}
+# By "owning" the site-functions dir, we don't need to Require zsh
+%dir %{_datadir}/zsh/site-functions
+%{_datadir}/zsh/site-functions/_%{name}
+%dir %{_datadir}/fish/vendor_completions.d
+%{_datadir}/fish/vendor_completions.d/%{name}.fish
+%{_unitdir}/%{name}*
+%{_userunitdir}/%{name}*
+%{_tmpfilesdir}/%{name}.conf
+%{_systemdgeneratordir}/%{name}-system-generator
+%{_systemdusergeneratordir}/%{name}-user-generator
+%if %{with modules_load}
+%{_modulesloaddir}/%{name}-iptables.conf
+%endif
+
+%files docker
+%{_bindir}/docker
+%{_mandir}/man1/docker*.1*
+%{_tmpfilesdir}/%{name}-docker.conf
+%{_user_tmpfilesdir}/%{name}-docker.conf
+
+%files remote
+%license LICENSE
+%{_bindir}/%{name}-remote
+%{_mandir}/man1/%{name}-remote*.*
+%{_datadir}/bash-completion/completions/%{name}-remote
+%dir %{_datadir}/fish/vendor_completions.d
+%{_datadir}/fish/vendor_completions.d/%{name}-remote.fish
+%dir %{_datadir}/zsh/site-functions
+%{_datadir}/zsh/site-functions/_%{name}-remote
+
+%files tests
+%license LICENSE
+%{_datadir}/%{name}/test
+
+%files plugins
+%license %{repo_plugins}-%{commit_plugins}/LICENSE
+%doc %{repo_plugins}-%{commit_plugins}/{README.md,README_PODMAN.md}
+%dir %{_libexecdir}/cni
+%{_libexecdir}/cni/dnsname
+
+%files gvproxy
+%license %{repo_gvproxy}-%{commit_gvproxy}/LICENSE
+%doc %{repo_gvproxy}-%{commit_gvproxy}/README.md
+%dir %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/gvproxy
+
+%changelog
+%if %{with changelog}
+* Mon May 01 2023 RH Container Bot <rhcontainerbot@fedoraproject.org>
+- Placeholder changelog for envs that are not autochangelog-ready
+%else
+%autochangelog
+%endif

rpm/update-spec-provides.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+# This script will update the goimports in the rpm spec for downstream fedora
+# packaging, via the `propose-downstream` packit action.
+# The goimports don't need to be present upstream.
+
+SPEC_FILE=$(pwd)/podman.spec
+
+sed -i '/Provides: bundled(golang.*/d' $SPEC_FILE
+
+GO_IMPORTS=$(golist --imported --package-path github.com/containers/podman --skip-self | sort -u | xargs -I{} echo "Provides: bundled(golang({}))")
+
+awk -v r="$GO_IMPORTS" '/^# vendored libraries/ {print; print r; next} 1' $SPEC_FILE > temp && mv temp $SPEC_FILE

rpm/update-spec-version.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+# This script will update the Version field in the spec which is set to 0 by
+# default. Useful for local manual rpm builds where the Version needs to be set
+# correctly.
+
+SPEC_FILE=$(pwd)/podman.spec
+LATEST_TAG=$(git tag --sort=creatordate | tail -1)
+LATEST_VERSION=$(echo $LATEST_TAG | sed -e 's/^v//')
+
+sed -i "s/^Version:.*/Version: $LATEST_VERSION/" $SPEC_FILE