Testing `podman system check` requires that we have a way to
intentionally introduce storage corruptions. Add a hidden `podman
testing` command that provides the necessary internal logic in
subcommands. Stub out the tunnel implementation for now.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This removes the need for any `Provides: bundled()` we needed in spec
files.
The updated Provides will be visible in the build logs and can also be
verified with `rpm -q --provides $RPM_FILE`.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This commit bumps containers-common dep such that passt and netavark become hard
deps for podman on fedora 40+.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2269148
With this commit, f40+ envs will use the min name-version-release for
containers-common-extra while other deps will use whatever's available.
This change can be reverted after a few releases to keep conditionals to
a minimum.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
... and fix the style.
Currently, the podmansh(1) manual is shipped by the podman package. It
makes one wonder where the binary is, since they can read the manual.
[NO NEW TESTS NEEDED]
Fixes: 3efaffae43cb1650 ("New command: podmansh")
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
At least in all recent Fedora releases, SOURCE_DATE_EPOCH would be set. But the
build should work even if it not set, e.g. in copr builds on c8s. Add 'date +%s'
as a fallback.
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
This is a copy-paste of commit eaa62a52 in podman fedora dist-git.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Use $SOURCE_DATE_EPOCH instead of the current date
Using the current timestamp makes every build slightly different, breaking build
reproducibility.
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
This is a copy-paste of commit a87dd6f50 in podman fedora dist-git.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
The spec file had
%if %{defined rhel} && 0%{?rhel} < 10
%define gobuild(o:) ...
%endif
...
%if !%{defined gobuild}
BuildRequires: go-rpm-macros
%endif
The intent apparently was to use BR:go-rpm-macros where available, and define
%gobuild as a fallback where they are not available. This was unreliable,
because the package may have been installed already, and then %gobuild would be
defined when the srpm was being built, and then the srpm would NOT have the BR.
Instead, use the same condition to wrap the definition of %gobuild and the BR
lines to that the BR is always emitted when appropriate.
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
This is a copy-paste of commit be971d6fb in podman fedora dist-git.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Rootless users should be defaulted to point DOCKER_HOST at
$XDG_RUNTIME_DIR/podman/podman.sock
When podman-docker package is installed.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Podman v5 will not support cgroups-v1. This commit will print a warning
if it detects a cgroups-v1 system. The warning can be hidden by setting
envvar `PODMAN_CGROUPSV1_WARNING`.
This warning is patched out for RHEL 9 builds as cgroups-v1 will still
be supported on RHEL 9 systems.
Resolves: https://issues.redhat.com/browse/RUN-1957
[NO NEW TESTS NEEDED]
Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
The `version_no_tilde` rpm macro correctly handles both `vX.Y.Z` and
`vX.Y.Z-rcN` git tags. Using this macro instead of `version` will soon
allow Packit to handle RC builds correctly.
Accompanying change in Packit to land soon:
https://github.com/packit/packit/pull/2149
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
We don't have a successful rhel build of gvforwarder so far on the
podman-next copr, so any RHEL users of podman-next will have trouble
installing podman if it's a gvforwarder is a hard dep.
Switching gvforwarder to a Recommends until that's resolved.
The ELN environment is an exception as it gets dependencies updated a
lot quicker.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
This change will allow `podman --version` from COPR rpm builds to be of
the form `X.Y.Z-dev-SHORT_SHA`.
Also specify a `copr_build` macro as it feels more intuitive
than `copr_username` or `copr_project`.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
gvisor-tap-vsock is now a standalone package for Fedora 38 and higher so
we can simplify the rpm spec a lot by removing all subpackage
references.
If we need to bump podman on Fedora 37, that can be handled manually on
Fedora itself. The Packit config can be left unchanged. Any packit PRs created on
Fedora dist-git for Fedora 37 can simply be closed without merging.
Fedora 37 will go EOL soon so not much of a point to changing packit
config to exclude Fedora 37.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The lowercase `and` in the License field isn't compatible with spdx
license format.
This commit replaces all `and` with `AND` in the License field in spec.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Include dependencies in rpm/podman.spec to make it easy for end users to
build podman from source. This way users can install all build
dependencies by running `dnf -y builddep rpm/podman.spec`.
This is not usually noticeable except on container environments where
man-db often isn't installed by default.
Refs:
https://github.com/containers/podman.io/issues/157https://github.com/containers/podman.io/pull/174
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
`git describe` is lagging on main so this commit updates
`rpm/update-sepc-version.sh` to generate the expected version.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
go-md2man is fragile, especially around tables (#18678, #19278).
Podman man pages are finely tuned to look OK using v2.02, which
is what we vendor in test/tools, so we should really use it
instead of whatever is installed on the system.
This fixes 'make docs' on RHEL8, broken as of #19278.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The tests & podmansh sub-package depend on podman which already pull in the
LICENSE & doc files. According to the packaging guidelines, these files need not
be added to the subpackages.
[NO NEW TESTS NEEDED]
Signed-off-by: Dan Čermák <dcermak@suse.com>
gvproxy doesn't currently build on rawhide because of go1.21.
It can be included as a standalone package on copr.
It is currently open for review on bugzilla until which fedora releases can't
include it. Official rawhide should be able to fetch the last active build of
gvproxy, the min version requirement has been removed to allow it.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2224434
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The pre-sync action constantly breaks and is currently not possible to
reliably test until the subsequent upstream release due to limitations
in packit.
The lines being added by the action script to the downstream Fedora spec
were only meant to keep Fedora happy. But given that they provide
no tangible benefit as github notifies us of security
issues in libraries mentioned in go.mod and go.sum, along with redhat
prodsec's own magic for creating security alerts, there's absolutely
no point to having the pre-sync action run and add a layer of uncertainty.
This commit removes the pre-sync action and
`rpm/update-spec-provides.sh`.
Ref: https://github.com/containers/podman/issues/19232
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
package and package-install targets have been renamed
to rpm and rpm-install respectively for clarity.
`make rpm` will now build rpm using HEAD.
Resolves: #18817
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The downstream `pre-sync` task action script needs GOPATH to be
specified for the golist tool mentioned in the script to work.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
One of the reasons the last propose-downstream task failed for Fedora
was the `golist` tool wasn't available in the Packit environment.
This commit adds golist to the environment by downloading and extracting
the golist rpm.
This dependency could've been added in packit's upstream config but
there were a few blockers, so it's easiest to add them in our action
script.
Ref: https://github.com/containers/podman/issues/19094
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
- build dnsname the old way otherwise it fails on koji
- use the binary path for go-md2man for successful ELN builds
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
- remove .packit.sh
- remove all bcond_with[out] conditionals in favor of easier to read
alternatives
- simplify build process by removing GOPATH and related cruft
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
This commit creates a new command `podmansh` command which can be used by
administrators to provide a confined shell to their users.
The user will only have access to the volumes and capabilities for that
user.
Co-authored-by: Paul Holzinger <pholzing@redhat.com>
Co-authored-by: Daniel Walsh <dwalsh@redhat.com>
Co-authored-by: Petr Lautrbach <lautrbach@redhat.com>
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
This reverts commit ebf7474747787827b1fdc09ac58e949f1ace2d67.
With the c/storage change[1] we no longer need this workaround.
[1] https://github.com/containers/storage/pull/1637
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Because of a c/storage change[1] all we get a lot of new dependencies in
rootlessport despite not using them. Add build tags to exclude storage
drivers to make the binary smaller until it get addressed in c/storage.
This saves about 800 MB but the bloat due that change is still causing
us to gain over 2 MB. This is not ideal but we should get vendoring
going and not wait any longer.
[1] https://github.com/containers/storage/pull/1618
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Also address review concerns in pr#18675.
[NO NEW TESTS NEEDED]
Co-authored-by: Chris Evich <cevich@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Get rid of `podman.spec.rpkg` in favour of
`rpm/podman.spec` which gets synced with fedora dist-git on every
upstream release. The version in the new spec file is set to `0` by
default and gets updated by packit automatically on every packit task.
For local manual rpm builds using the spec, the helper script in the
`rpm/` subdir will update the Version field with the latest version
found in the upstream repo.
Packit will automatically create a PR on fedora dist-git on every new
upstream release. A sample PR will look like:
https://src.fedoraproject.org/rpms/container-selinux/pull-request/10#
A dry run for this can be triggered using:
`$ packit propose-downstream --local-content`
To run this command locally, you would need to have your packit
user-configuration-file set.
Ref: https://packit.dev/docs/configuration/#user-configuration-file
along with a fedora api key created at:
https://src.fedoraproject.org/settings#nav-api-tab with sufficient ACLs.
Also includes a revised `package` Makefile target which will build rpms
using `rpm/podman.spec`. Fixes: #18421.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
