From d941641ad45e4bc5c09aed8c82f9f41ec8028a75 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Wed, 3 Mar 2021 10:47:45 -0500 Subject: [PATCH] import podman-1.0.0-8.git921f98f.module+el8.3.0+10171+12421f43 --- .gitignore | 2 + .podman.metadata | 2 + ...-drop-all-caps-in-exec-when-non-root.patch | 31 + SOURCES/podman-1882267.patch | 23 + SOURCES/podman-CVE-2020-10696.patch | 48 ++ SOURCES/podman-CVE-2021-20188.patch | 319 +++++++++++ SPECS/podman.spec | 540 ++++++++++++++++++ 7 files changed, 965 insertions(+) create mode 100644 .gitignore create mode 100644 .podman.metadata create mode 100644 SOURCES/0001-Only-drop-all-caps-in-exec-when-non-root.patch create mode 100644 SOURCES/podman-1882267.patch create mode 100644 SOURCES/podman-CVE-2020-10696.patch create mode 100644 SOURCES/podman-CVE-2021-20188.patch create mode 100644 SPECS/podman.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8960372 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/cri-o-9b1f0a0.tar.gz +SOURCES/libpod-921f98f.tar.gz diff --git a/.podman.metadata b/.podman.metadata new file mode 100644 index 0000000..ab33ce6 --- /dev/null +++ b/.podman.metadata @@ -0,0 +1,2 @@ +b53ff7dd655dec8ddab85b7782a2d41e6bdcb301 SOURCES/cri-o-9b1f0a0.tar.gz +14fa9349a6277355aa6a4f079a131059d194fd99 SOURCES/libpod-921f98f.tar.gz diff --git a/SOURCES/0001-Only-drop-all-caps-in-exec-when-non-root.patch b/SOURCES/0001-Only-drop-all-caps-in-exec-when-non-root.patch new file mode 100644 index 0000000..52c7cdb --- /dev/null +++ b/SOURCES/0001-Only-drop-all-caps-in-exec-when-non-root.patch @@ -0,0 +1,31 @@ +From fbc96cdd1741021f3d18e49eac3757297aaba851 Mon Sep 17 00:00:00 2001 +From: Matthew Heon +Date: Fri, 19 Feb 2021 11:34:39 -0500 +Subject: [PATCH] Only drop all caps in exec when non-root + +We were dropping too many capabilities otherwise, which broke +some critical system tools (e.g. useradd) in exec sessions. + +Fix RHBZ#1930552 + +Signed-off-by: Matthew Heon +--- + libpod/oci_conmon_linux.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go +index d5973a1a6..18ede031e 100644 +--- a/libpod/oci.go ++++ b/libpod/oci.go +@@ -1107,7 +1107,7 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se + pspec.Capabilities.Effective = []string{} + if privileged { + pspec.Capabilities.Bounding = allCaps +- } else { ++ } else if execUser.Uid != 0 { + pspec.Capabilities.Bounding = []string{} + } + pspec.Capabilities.Inheritable = pspec.Capabilities.Bounding +-- +2.29.2 + diff --git a/SOURCES/podman-1882267.patch b/SOURCES/podman-1882267.patch new file mode 100644 index 0000000..f0fd7b0 --- /dev/null +++ b/SOURCES/podman-1882267.patch @@ -0,0 +1,23 @@ +From bc5be3ca10cd4c147955fadd2586b5dd8ad0eeea Mon Sep 17 00:00:00 2001 +From: Matthew Heon +Date: Thu, 24 Sep 2020 10:42:13 -0400 +Subject: [PATCH] Fix https://bugzilla.redhat.com/show_bug.cgi?id=1882267 + +Signed-off-by: Matthew Heon +--- + cmd/podman/sigproxy.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cmd/podman/sigproxy.go b/cmd/podman/sigproxy.go +index 16861bad04..92d7f4e4a9 100644 +--- a/cmd/podman/sigproxy.go ++++ b/cmd/podman/sigproxy.go +@@ -19,7 +19,7 @@ func ProxySignals(ctr *libpod.Container) { + for s := range sigBuffer { + // Ignore SIGCHLD and SIGPIPE - these are mostly likely + // intended for the podman command itself. +- if s == signal.SIGCHLD || s == signal.SIGPIPE { ++ if s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG { + continue + } + diff --git a/SOURCES/podman-CVE-2020-10696.patch b/SOURCES/podman-CVE-2020-10696.patch new file mode 100644 index 0000000..be12aca --- /dev/null +++ b/SOURCES/podman-CVE-2020-10696.patch @@ -0,0 +1,48 @@ +From 840e7dad513b86f454573ad415701c0199f78d30 Mon Sep 17 00:00:00 2001 +From: TomSweeneyRedHat +Date: Tue, 24 Mar 2020 20:10:22 -0400 +Subject: [PATCH] Fix potential CVE in tarfile w/ symlink + +Stealing @nalind 's workaround to avoid refetching +content after a file read failure. Under the right +circumstances that could be a symlink to a file meant +to overwrite a good file with bad data. + +Testing: +``` +goodstuff + +[1] 14901 + +127.0.0.1 - - [24/Mar/2020 20:15:50] "GET / HTTP/1.1" 200 - +127.0.0.1 - - [24/Mar/2020 20:15:50] "GET / HTTP/1.1" 200 - +no FROM statement found + +goodstuff +``` + +Signed-off-by: TomSweeneyRedHat +--- + imagebuildah/util.go | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff -up a/imagebuildah/util.go.CVE-2020-10696 b/imagebuildah/util.go +--- a/vendor/github.com/containers//buildah/imagebuildah/util.go.CVE-2020-10696 ++++ b/vendor/github.com/containers//buildah/imagebuildah/util.go +@@ -12,6 +12,7 @@ import ( + + "github.com/containers/buildah" + "github.com/containers/storage/pkg/chrootarchive" ++ "github.com/containers/storage/pkg/ioutils" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" + ) +@@ -47,7 +48,7 @@ func downloadToDirectory(url, dir string + } + dockerfile := filepath.Join(dir, "Dockerfile") + // Assume this is a Dockerfile +- if err := ioutil.WriteFile(dockerfile, body, 0600); err != nil { ++ if err := ioutils.AtomicWriteFile(dockerfile, body, 0600); err != nil { + return errors.Wrapf(err, "Failed to write %q to %q", url, dockerfile) + } + } diff --git a/SOURCES/podman-CVE-2021-20188.patch b/SOURCES/podman-CVE-2021-20188.patch new file mode 100644 index 0000000..e2a6ea5 --- /dev/null +++ b/SOURCES/podman-CVE-2021-20188.patch @@ -0,0 +1,319 @@ +From 69daa67c436a8fdeb0149aa5cb0112f03fdb699f Mon Sep 17 00:00:00 2001 +From: Matthew Heon +Date: Mon, 25 Jan 2021 14:18:07 -0500 +Subject: [PATCH] Correct handling of capabilities + +Ensure that capabilities are properly handled for non-root users +in privileged containers. We do not want to give full caps, but +instead only CapInh and CapEff (others should be all-zeroes). + +Fixing `podman run` is easy - the same code as the Podman 1.6 fix +works there. The `podman exec` command is far more challenging. +Exec received a complete rewrite to use Conmon at some point +before Podman 1.6, and gained many capabilities in the process. +One of those was the ability to actually tweak the capabilities +of the exec process - 1.0 did not have that. Since it was needed +to resolve this CVE, I was forced to backport a large bit of the +1.0 -> 1.6 exec changes (passing a Process block to the OCI +runtime, and using `prepareProcessExec()` to prepare said block). +I am honestly uncomfortable with the size and scope of this +change but I don't see another way around this. + +Fixes CVE-2021-20188 + +Signed-off-by: Matthew Heon +--- + libpod/container_api.go | 24 +------ + libpod/oci.go | 148 ++++++++++++++++++++++++++++++++-------- + pkg/spec/spec.go | 8 +++ + 3 files changed, 132 insertions(+), 48 deletions(-) + +diff -up libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/libpod/container_api.go.orig libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/libpod/container_api.go +--- libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/libpod/container_api.go.orig 2019-02-11 16:26:46.000000000 +0100 ++++ libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/libpod/container_api.go 2021-02-12 10:38:48.767172399 +0100 +@@ -2,7 +2,6 @@ package libpod + + import ( + "context" +- "fmt" + "io/ioutil" + "os" + "strconv" +@@ -11,9 +10,7 @@ import ( + + "github.com/containers/libpod/libpod/driver" + "github.com/containers/libpod/pkg/inspect" +- "github.com/containers/libpod/pkg/lookup" + "github.com/containers/storage/pkg/stringid" +- "github.com/docker/docker/daemon/caps" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" + "k8s.io/apimachinery/pkg/util/wait" +@@ -263,8 +260,6 @@ func (c *Container) Kill(signal uint) er + // TODO allow specifying streams to attach to + // TODO investigate allowing exec without attaching + func (c *Container) Exec(tty, privileged bool, env, cmd []string, user, workDir string) error { +- var capList []string +- + locked := false + if !c.batched { + locked = true +@@ -287,22 +282,8 @@ func (c *Container) Exec(tty, privileged + if conState != ContainerStateRunning { + return errors.Errorf("cannot exec into container that is not running") + } +- if privileged || c.config.Privileged { +- capList = caps.GetAllCapabilities() +- } + +- // If user was set, look it up in the container to get a UID to use on +- // the host +- hostUser := "" +- if user != "" { +- execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, user, nil) +- if err != nil { +- return err +- } +- +- // runc expects user formatted as uid:gid +- hostUser = fmt.Sprintf("%d:%d", execUser.Uid, execUser.Gid) +- } ++ isPrivileged := privileged || c.config.Privileged + + // Generate exec session ID + // Ensure we don't conflict with an existing session ID +@@ -324,10 +305,11 @@ func (c *Container) Exec(tty, privileged + + logrus.Debugf("Creating new exec session in container %s with session id %s", c.ID(), sessionID) + +- execCmd, err := c.runtime.ociRuntime.execContainer(c, cmd, capList, env, tty, workDir, hostUser, sessionID) ++ execCmd, processFile, err := c.runtime.ociRuntime.execContainer(c, cmd, env, tty, workDir, user, sessionID, isPrivileged) + if err != nil { + return errors.Wrapf(err, "error exec %s", c.ID()) + } ++ defer os.Remove(processFile) + chWait := make(chan error) + go func() { + chWait <- execCmd.Wait() +diff -up libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/libpod/oci.go.orig libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/libpod/oci.go +--- libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/libpod/oci.go.orig 2019-02-11 16:26:46.000000000 +0100 ++++ libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/libpod/oci.go 2021-02-12 10:38:48.768172416 +0100 +@@ -15,10 +15,12 @@ import ( + "syscall" + "time" + ++ "github.com/containers/libpod/pkg/lookup" + "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/pkg/util" + "github.com/coreos/go-systemd/activation" + "github.com/cri-o/ocicni/pkg/ocicni" ++ "github.com/docker/docker/daemon/caps" + spec "github.com/opencontainers/runtime-spec/specs-go" + "github.com/opencontainers/selinux/go-selinux" + "github.com/opencontainers/selinux/go-selinux/label" +@@ -735,18 +737,23 @@ func (r *OCIRuntime) unpauseContainer(ct + // TODO: Add --detach support + // TODO: Convert to use conmon + // TODO: add --pid-file and use that to generate exec session tracking +-func (r *OCIRuntime) execContainer(c *Container, cmd, capAdd, env []string, tty bool, cwd, user, sessionID string) (*exec.Cmd, error) { ++func (r *OCIRuntime) execContainer(c *Container, cmd, env []string, tty bool, cwd, user, sessionID string, privileged bool) (*exec.Cmd, string, error) { + if len(cmd) == 0 { +- return nil, errors.Wrapf(ErrInvalidArg, "must provide a command to execute") ++ return nil, "", errors.Wrapf(ErrInvalidArg, "must provide a command to execute") + } + + if sessionID == "" { +- return nil, errors.Wrapf(ErrEmptyID, "must provide a session ID for exec") ++ return nil, "", errors.Wrapf(ErrEmptyID, "must provide a session ID for exec") + } + + runtimeDir, err := util.GetRootlessRuntimeDir() + if err != nil { +- return nil, err ++ return nil, "", err ++ } ++ ++ processFile, err := prepareProcessExec(c, cmd, env, tty, cwd, user, sessionID, privileged) ++ if err != nil { ++ return nil, "", err + } + + args := []string{} +@@ -756,34 +763,14 @@ func (r *OCIRuntime) execContainer(c *Co + + args = append(args, "exec") + +- if cwd != "" { +- args = append(args, "--cwd", cwd) +- } ++ args = append(args, "--process", processFile) + + args = append(args, "--pid-file", c.execPidPath(sessionID)) + +- if tty { +- args = append(args, "--tty") +- } else { +- args = append(args, "--tty=false") +- } +- +- if user != "" { +- args = append(args, "--user", user) +- } +- + if c.config.Spec.Process.NoNewPrivileges { + args = append(args, "--no-new-privs") + } + +- for _, cap := range capAdd { +- args = append(args, "--cap", cap) +- } +- +- for _, envVar := range env { +- args = append(args, "--env", envVar) +- } +- + // Append container ID and command + args = append(args, c.ID()) + args = append(args, cmd...) +@@ -797,10 +784,10 @@ func (r *OCIRuntime) execContainer(c *Co + execCmd.Env = append(execCmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)) + + if err := execCmd.Start(); err != nil { +- return nil, errors.Wrapf(err, "cannot start container %s", c.ID()) ++ return nil, "", errors.Wrapf(err, "cannot start container %s", c.ID()) + } + +- return execCmd, nil ++ return execCmd, processFile, nil + } + + // execStopContainer stops all active exec sessions in a container +@@ -892,3 +879,110 @@ func (r *OCIRuntime) checkpointContainer + args = append(args, ctr.ID()) + return utils.ExecCmdWithStdStreams(os.Stdin, os.Stdout, os.Stderr, nil, r.path, args...) + } ++ ++// prepareProcessExec returns the path of the process.json used in runc exec -p. ++// Returns path to the created exec process file. This will need to be removed ++// by the caller when they're done, best effort. ++func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, sessionID string, privileged bool) (string, error) { ++ filename := filepath.Join(c.bundlePath(), fmt.Sprintf("exec-process-%s", sessionID)) ++ f, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0600) ++ if err != nil { ++ return "", err ++ } ++ defer f.Close() ++ ++ pspec := c.config.Spec.Process ++ pspec.SelinuxLabel = c.config.ProcessLabel ++ pspec.Args = cmd ++ // We need to default this to false else it will inherit terminal as true ++ // from the container. ++ pspec.Terminal = false ++ if tty { ++ pspec.Terminal = true ++ } ++ if len(env) > 0 { ++ pspec.Env = append(pspec.Env, env...) ++ } ++ ++ if cwd != "" { ++ pspec.Cwd = cwd ++ ++ } ++ ++ var addGroups []string ++ var sgids []uint32 ++ ++ // if the user is empty, we should inherit the user that the container is currently running with ++ if user == "" { ++ user = c.config.User ++ addGroups = c.config.Groups ++ } ++ ++ execUser, err := lookup.GetUserGroupInfo(c.state.Mountpoint, user, nil) ++ if err != nil { ++ return "", err ++ } ++ ++ if len(addGroups) > 0 { ++ sgids, err = lookup.GetContainerGroups(addGroups, c.state.Mountpoint, nil) ++ if err != nil { ++ return "", errors.Wrapf(err, "error looking up supplemental groups for container %s exec session %s", c.ID(), sessionID) ++ } ++ } ++ ++ // If user was set, look it up in the container to get a UID to use on ++ // the host ++ if user != "" || len(sgids) > 0 { ++ if user != "" { ++ for _, sgid := range execUser.Sgids { ++ sgids = append(sgids, uint32(sgid)) ++ } ++ } ++ processUser := spec.User{ ++ UID: uint32(execUser.Uid), ++ GID: uint32(execUser.Gid), ++ AdditionalGids: sgids, ++ } ++ ++ pspec.User = processUser ++ } ++ ++ allCaps := caps.GetAllCapabilities() ++ pspec.Capabilities.Effective = []string{} ++ if privileged { ++ pspec.Capabilities.Bounding = allCaps ++ } else { ++ pspec.Capabilities.Bounding = []string{} ++ } ++ pspec.Capabilities.Inheritable = pspec.Capabilities.Bounding ++ if execUser.Uid == 0 { ++ pspec.Capabilities.Effective = pspec.Capabilities.Bounding ++ pspec.Capabilities.Permitted = pspec.Capabilities.Bounding ++ pspec.Capabilities.Ambient = pspec.Capabilities.Bounding ++ } else { ++ pspec.Capabilities.Permitted = pspec.Capabilities.Effective ++ pspec.Capabilities.Ambient = pspec.Capabilities.Effective ++ } ++ ++ hasHomeSet := false ++ for _, s := range pspec.Env { ++ if strings.HasPrefix(s, "HOME=") { ++ hasHomeSet = true ++ break ++ } ++ } ++ if !hasHomeSet { ++ pspec.Env = append(pspec.Env, fmt.Sprintf("HOME=%s", execUser.Home)) ++ } ++ ++ processJSON, err := json.Marshal(pspec) ++ if err != nil { ++ return "", err ++ } ++ ++ if err := ioutil.WriteFile(filename, processJSON, 0644); err != nil { ++ return "", err ++ } ++ ++ return filename, nil ++} +diff -up libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/pkg/spec/spec.go.orig libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/pkg/spec/spec.go +--- libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/pkg/spec/spec.go.orig 2019-02-11 16:26:46.000000000 +0100 ++++ libpod-921f98f8795eb9fcb19ce581020cfdeff6dee09f/pkg/spec/spec.go 2021-02-12 10:38:48.768172416 +0100 +@@ -325,6 +325,14 @@ func CreateConfigToOCISpec(config *Creat + } + } else { + g.SetupPrivileged(true) ++ if config.User != "" { ++ user := strings.SplitN(config.User, ":", 2)[0] ++ if user != "root" && user != "0" { ++ g.Spec().Process.Capabilities.Effective = []string{} ++ g.Spec().Process.Capabilities.Permitted = []string{} ++ g.Spec().Process.Capabilities.Ambient = []string{} ++ } ++ } + } + + // HANDLE SECCOMP diff --git a/SPECS/podman.spec b/SPECS/podman.spec new file mode 100644 index 0000000..9b397aa --- /dev/null +++ b/SPECS/podman.spec @@ -0,0 +1,540 @@ +%global with_debug 1 +%global with_check 0 + +%if 0%{?with_debug} +%global _find_debuginfo_dwz_opts %{nil} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +%define gobuild(o:) \ +go build -buildmode pie -compiler gc -tags="rpm_crashtraceback no_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; +%define gogenerate go generate + +%if 0%{?rhel} > 7 || 0%{?fedora} +%bcond_without varlink +%else +%bcond_with varlink +%endif + +%global provider github +%global provider_tld com +%global project containers +%global repo libpod +# https://github.com/containers/libpod +%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} +%global import_path %{provider_prefix} +%global git_podman https://%{provider}.%{provider_tld}/%{project}/%{repo} +%global commit 921f98f8795eb9fcb19ce581020cfdeff6dee09f +%global shortcommit %(c=%{commit}; echo ${c:0:7}) + +%global import_path_conmon github.com/kubernetes-sigs/cri-o +%global git_conmon https://%{import_path_conmon} +%global commit_conmon 9b1f0a08285a7f74b21cc9b6bfd98a48905a7ba2 +%global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) + +Name: podman +Version: 1.0.0 +Release: 8.git%{shortcommit}%{?dist} +Summary: Manage Pods, Containers and Container Images +License: ASL 2.0 +URL: %{git_podman} +Source0: %{git_podman}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz +Source1: %{git_conmon}/archive/%{commit_conmon}/cri-o-%{shortcommit_conmon}.tar.gz +# tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696 +# backported: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed.patch +Patch0: podman-CVE-2020-10696.patch +# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1882267 +# patch: https://github.com/mheon/libpod/commit/bc5be3ca10cd4c147955fadd2586b5dd8ad0eeea.patch +Patch1: podman-1882267.patch +# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1918285 +Patch2: podman-CVE-2021-20188.patch +# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1930552 +Patch3: 0001-Only-drop-all-caps-in-exec-when-non-root.patch + +# e.g. el6 has ppc64 arch without gcc-go, so EA tag is required +#ExclusiveArch: %%{?go_arches:%%{go_arches}}%%{!?go_arches:%%{ix86} x86_64 aarch64 %%{arm}} +ExclusiveArch: aarch64 %{arm} ppc64le s390x x86_64 +# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. +BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} +BuildRequires: device-mapper-devel +BuildRequires: glib2-devel +BuildRequires: glibc-devel +BuildRequires: glibc-static +BuildRequires: git +BuildRequires: go-md2man +BuildRequires: gpgme-devel +BuildRequires: libassuan-devel +BuildRequires: libgpg-error-devel +BuildRequires: libseccomp-devel +BuildRequires: libselinux-devel +BuildRequires: ostree-devel +BuildRequires: pkgconfig +Requires: runc +Requires: containers-common >= 0.1.29-3 +# can't use default conmon right now, so we ship our own +#Requires: conmon +Requires: containernetworking-plugins >= 0.7.3-5 +Requires: iptables +Requires: nftables +Requires: oci-systemd-hook +Recommends: container-selinux +Recommends: slirp4netns +Recommends: fuse-overlayfs + +# vendored libraries +# awk '{print "Provides: bundled(golang("$1")) = "$2}' vendor.conf | sort +# [thanks to Carl George for containerd.spec] +Provides: bundled(golang(github.com/Azure/go-ansiterm)) = 19f72df4d05d31cbe1c56bfc8045c96babff6c7e +Provides: bundled(golang(github.com/blang/semver)) = v3.5.0 +Provides: bundled(golang(github.com/boltdb/bolt)) = master +Provides: bundled(golang(github.com/buger/goterm)) = 2f8dfbc7dbbff5dd1d391ed91482c24df243b2d3 +Provides: bundled(golang(github.com/BurntSushi/toml)) = v0.2.0 +Provides: bundled(golang(github.com/containerd/cgroups)) = 77e628511d924b13a77cebdc73b757a47f6d751b +Provides: bundled(golang(github.com/containerd/continuity)) = master +Provides: bundled(golang(github.com/containernetworking/cni)) = v0.7.0-alpha1 +Provides: bundled(golang(github.com/containernetworking/plugins)) = 1562a1e60ed101aacc5e08ed9dbeba8e9f3d4ec1 +Provides: bundled(golang(github.com/containers/image)) = 134f99bed228d6297dc01d152804f6f09f185418 +Provides: bundled(golang(github.com/containers/psgo)) = 382fc951fe0a8aba62043862ce1a56f77524db87 +Provides: bundled(golang(github.com/containers/storage)) = 17c7d1fee5603ccf6dd97edc14162fc1510e7e23 +Provides: bundled(golang(github.com/coreos/go-systemd)) = v14 +Provides: bundled(golang(github.com/cri-o/ocicni)) = master +Provides: bundled(golang(github.com/cyphar/filepath-securejoin)) = v0.2.1 +Provides: bundled(golang(github.com/davecgh/go-spew)) = v1.1.0 +Provides: bundled(golang(github.com/docker/distribution)) = 7a8efe719e55bbfaff7bc5718cdf0ed51ca821df +Provides: bundled(golang(github.com/docker/docker)) = 86f080cff0914e9694068ed78d503701667c4c00 +Provides: bundled(golang(github.com/docker/docker-credential-helpers)) = d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 +Provides: bundled(golang(github.com/docker/go-connections)) = 3ede32e2033de7505e6500d6c868c2b9ed9f169d +Provides: bundled(golang(github.com/docker/go-units)) = v0.3.2 +Provides: bundled(golang(github.com/docker/libtrust)) = aabc10ec26b754e797f9028f4589c5b7bd90dc20 +Provides: bundled(golang(github.com/docker/spdystream)) = ed496381df8283605c435b86d4fdd6f4f20b8c6e +Provides: bundled(golang(github.com/fatih/camelcase)) = f6a740d52f961c60348ebb109adde9f4635d7540 +Provides: bundled(golang(github.com/fsnotify/fsnotify)) = 7d7316ed6e1ed2de075aab8dfc76de5d158d66e1 +Provides: bundled(golang(github.com/fsouza/go-dockerclient)) = master +Provides: bundled(golang(github.com/ghodss/yaml)) = 04f313413ffd65ce25f2541bfd2b2ceec5c0908c +Provides: bundled(golang(github.com/godbus/dbus)) = a389bdde4dd695d414e47b755e95e72b7826432c +Provides: bundled(golang(github.com/gogo/protobuf)) = c0656edd0d9eab7c66d1eb0c568f9039345796f7 +Provides: bundled(golang(github.com/golang/glog)) = 23def4e6c14b4da8ac2ed8007337bc5eb5007998 +Provides: bundled(golang(github.com/golang/groupcache)) = b710c8433bd175204919eb38776e944233235d03 +Provides: bundled(golang(github.com/golang/protobuf)) = 4bd1920723d7b7c925de087aa32e2187708897f7 +Provides: bundled(golang(github.com/googleapis/gnostic)) = 0c5108395e2debce0d731cf0287ddf7242066aba +Provides: bundled(golang(github.com/google/gofuzz)) = 44d81051d367757e1c7c6a5a86423ece9afcf63c +Provides: bundled(golang(github.com/gorilla/context)) = v1.1 +Provides: bundled(golang(github.com/gorilla/mux)) = v1.3.0 +Provides: bundled(golang(github.com/hashicorp/errwrap)) = 7554cd9344cec97297fa6649b055a8c98c2a1e55 +Provides: bundled(golang(github.com/hashicorp/golang-lru)) = 0a025b7e63adc15a622f29b0b2c4c3848243bbf6 +Provides: bundled(golang(github.com/hashicorp/go-multierror)) = 83588e72410abfbe4df460eeb6f30841ae47d4c4 +Provides: bundled(golang(github.com/imdario/mergo)) = 0.2.2 +Provides: bundled(golang(github.com/json-iterator/go)) = 1.0.0 +Provides: bundled(golang(github.com/kr/pty)) = v1.0.0 +Provides: bundled(golang(github.com/mattn/go-runewidth)) = v0.0.1 +Provides: bundled(golang(github.com/Microsoft/go-winio)) = 78439966b38d69bf38227fbf57ac8a6fee70f69a +Provides: bundled(golang(github.com/Microsoft/hcsshim)) = 43f9725307998e09f2e3816c2c0c36dc98f0c982 +Provides: bundled(golang(github.com/mistifyio/go-zfs)) = v2.1.1 +Provides: bundled(golang(github.com/mrunalp/fileutils)) = master +Provides: bundled(golang(github.com/mtrmac/gpgme)) = b2432428689ca58c2b8e8dea9449d3295cf96fc9 +Provides: bundled(golang(github.com/Nvveen/Gotty)) = master +Provides: bundled(golang(github.com/opencontainers/go-digest)) = v1.0.0-rc0 +Provides: bundled(golang(github.com/opencontainers/image-spec)) = v1.0.0 +Provides: bundled(golang(github.com/opencontainers/runc)) = b4e2ecb452d9ee4381137cc0a7e6715b96bed6de +Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.0 +Provides: bundled(golang(github.com/opencontainers/runtime-tools)) = 625e2322645b151a7cbb93a8b42920933e72167f +Provides: bundled(golang(github.com/opencontainers/selinux)) = b6fa367ed7f534f9ba25391cc2d467085dbb445a +Provides: bundled(golang(github.com/openshift/imagebuilder)) = master +Provides: bundled(golang(github.com/ostreedev/ostree-go)) = master +Provides: bundled(golang(github.com/pkg/errors)) = v0.8.0 +Provides: bundled(golang(github.com/pmezard/go-difflib)) = 792786c7400a136282c1664665ae0a8db921c6c2 +Provides: bundled(golang(github.com/pquerna/ffjson)) = d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac +Provides: bundled(golang(github.com/projectatomic/buildah)) = 35a37f36d37bf84397d7f79f6bb8649f728c19f1 +Provides: bundled(golang(github.com/seccomp/containers-golang)) = master +Provides: bundled(golang(github.com/seccomp/libseccomp-golang)) = v0.9.0 +Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.0.0 +Provides: bundled(golang(github.com/spf13/pflag)) = 9ff6c6923cfffbcd502984b8e0c80539a94968b7 +Provides: bundled(golang(github.com/stretchr/testify)) = 4d4bfba8f1d1027c4fdbe371823030df51419987 +Provides: bundled(golang(github.com/syndtr/gocapability)) = e7cb7fa329f456b3855136a2642b197bad7366ba +Provides: bundled(golang(github.com/tchap/go-patricia)) = v2.2.6 +Provides: bundled(golang(github.com/ulikunitz/xz)) = v0.5.4 +Provides: bundled(golang(github.com/ulule/deepcopier)) = master +# version can't have '-' +#Provides: bundled(golang(github.com/urfave/cli)) = fix-short-opts-parsing +Provides: bundled(golang(github.com/varlink/go)) = master +Provides: bundled(golang(github.com/vbatts/tar-split)) = v0.10.2 +Provides: bundled(golang(github.com/vishvananda/netlink)) = master +Provides: bundled(golang(github.com/vishvananda/netns)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonpointer)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonreference)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonschema)) = master +Provides: bundled(golang(golang.org/x/crypto)) = 81e90905daefcd6fd217b62423c0908922eadb30 +Provides: bundled(golang(golang.org/x/net)) = c427ad74c6d7a814201695e9ffde0c5d400a7674 +Provides: bundled(golang(golang.org/x/sys)) = master +Provides: bundled(golang(golang.org/x/text)) = f72d8390a633d5dfb0cc84043294db9f6c935756 +Provides: bundled(golang(golang.org/x/time)) = f51c12702a4d776e4c1fa9b0fabab841babae631 +Provides: bundled(golang(google.golang.org/grpc)) = v1.0.4 +Provides: bundled(golang(gopkg.in/cheggaaa/pb.v1)) = v1.0.7 +Provides: bundled(golang(gopkg.in/inf.v0)) = v0.9.0 +Provides: bundled(golang(gopkg.in/mgo.v2)) = v2 +Provides: bundled(golang(gopkg.in/square/go-jose.v2)) = v2.1.3 +Provides: bundled(golang(gopkg.in/yaml.v2)) = v2 +Provides: bundled(golang(k8s.io/api)) = 5ce4aa0bf2f097f6021127b3d879eeda82026be8 +Provides: bundled(golang(k8s.io/apiextensions-apiserver)) = 1b31e26d82f1ec2e945c560790e98f34bb5f2e63 +Provides: bundled(golang(k8s.io/apimachinery)) = 616b23029fa3dc3e0ccefd47963f5651a6543d94 +Provides: bundled(golang(k8s.io/apiserver)) = 4d1163080139f1f9094baf8a3a6099e85e1867f6 +Provides: bundled(golang(k8s.io/client-go)) = 7cd1d3291b7d9b1e2d54d4b69eb65995eaf8888e +Provides: bundled(golang(k8s.io/kube-openapi)) = 275e2ce91dec4c05a4094a7b1daee5560b555ac9 +Provides: bundled(golang(k8s.io/utils)) = 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e + +%description +%{summary} +libpod provides a library for applications looking to use +the Container Pod concept popularized by Kubernetes. + +%package docker +Summary: Emulate Docker CLI using podman +BuildArch: noarch +Requires: %{name} = %{version}-%{release} +Conflicts: docker +Provides : docker +Conflicts: docker-latest +Conflicts: docker-ce +Conflicts: docker-ee + +%description docker +This package installs a script named docker that emulates the Docker CLI by +executing %{name} commands, it also creates links between all Docker CLI man +pages and %{name}. + +%prep +%autosetup -Sgit -n %{repo}-%{commit} +mv pkg/hooks/README.md pkg/hooks/README-hooks.md + +# untar cri-o +tar zxf %{SOURCE1} + +%build +mkdir -p $(pwd)/_build +pushd $(pwd)/_build +mkdir -p src/%{provider}.%{provider_tld}/%{project} +ln -s ../../../../ src/%{import_path} +popd +ln -s vendor src + +export GOPATH=$(pwd):$(pwd)/_build +export BUILDTAGS="selinux seccomp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper $(hack/libdm_tag.sh)" +%gobuild -o bin/%{name} %{import_path}/cmd/%{name} + +# build conmon +pushd cri-o-%{commit_conmon} +mkdir _output +pushd _output +mkdir -p src/%{provider}.%{provider_tld}/{kubernetes-sigs,opencontainers} +ln -s $(dirs +1 -l) src/%{import_path_conmon} +popd + +ln -s vendor src +export GOPATH=$(pwd):$(pwd)/_output +export BUILDTAGS="selinux seccomp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper $(hack/libdm_tag.sh)" +%gobuild -o bin/crio-config %{import_path_conmon}/cmd/crio-config +cd conmon && ../bin/crio-config +%{__make} all +popd + +%install +install -dp %{buildroot}{%{_unitdir} +%{__make} PREFIX=%{buildroot}%{_usr} ETCDIR=%{buildroot}%{_sysconfdir} \ + install.bin \ + install.man \ + install.cni \ + install.systemd \ + install.completions \ + install.docker + +# install libpod.conf +install -dp %{buildroot}%{_datadir}/containers +install -p -m 644 %{repo}.conf %{buildroot}%{_datadir}/containers + +# install conmon +install -dp %{buildroot}%{_libexecdir}/%{name} +install -p -m 755 cri-o-%{commit_conmon}/bin/conmon %{buildroot}%{_libexecdir}/%{name} + +%check +%if 0%{?with_check} +ln -s ./ ./vendor/src # ./vendor/src -> ./vendor +export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} + +%gotest %{import_path}/cmd/%{name} +%gotest %{import_path}/libkpod +%gotest %{import_path}/libpod +%gotest %{import_path}/pkg/registrar +%endif + +#define license tag if not already defined +%{!?_licensedir:%global license %doc} + +%files +%license LICENSE +%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md code-of-conduct.md transfer.md +%{_bindir}/%{name} +%{_mandir}/man1/podman*.1* +%{_mandir}/man5/*.5* +%{_datadir}/bash-completion/completions/* +%{_libexecdir}/%{name}/conmon +%config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist +%{_datadir}/containers/%{repo}.conf +%{_unitdir}/io.%{name}.service +%{_unitdir}/io.%{name}.socket +%{_usr}/lib/tmpfiles.d/%{name}.conf + +%files docker +%{_bindir}/docker +%{_mandir}/man1/docker*.1* + +%changelog +* Mon Mar 01 2021 Jindrich Novy - 1.0.0-8.git921f98f +- fix "podman can not create user inside of container" regression introduced by + patch for CVE-2021-20188 +- Related: #1918285 + +* Fri Feb 12 2021 Jindrich Novy - 1.0.0-7.git921f98f +- fix CVE-2021-20188 +- Resolves: #1918285 + +* Thu Sep 24 2020 Jindrich Novy - 1.0.0-6.git921f98f +- fix "podman run errors out/segfaults in container-tools-1.0-8.3.0" +- Resolves: #1882267 + +* Fri Jun 26 2020 Jindrich Novy - 1.0.0-5.git921f98f +- bump release to preserve upgrade path +- Resolves: #1821193 + +* Fri Apr 03 2020 Jindrich Novy - 1.0.0-4.git921f98f +- fix "CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process" +- Resolves: #1818122 + +* Thu Nov 28 2019 Jindrich Novy - 1.0.0-3.git921f98f +- rebuild because of CVE-2019-9512 and CVE-2019-9514 +- Resolves: #1766294, #1766322 + +* Mon Feb 11 2019 Frantisek Kluknavsky - 1.0.0-2.git921f98f +- rebase + +* Tue Jan 15 2019 Frantisek Kluknavsky - 1.0.0-1.git82e8011 +- rebase to v1, yay! +- rebase conmon to 9b1f0a08285a7f74b21cc9b6bfd98a48905a7ba2 +- Resolves:#1623282 +- python interface removed, moved to https://github.com/containers/python-podman/ + +* Tue Dec 18 2018 Frantisek Kluknavsky - 0.12.1.2-4.git9551f6b +- re-enable debuginfo + +* Mon Dec 17 2018 Frantisek Kluknavsky - 0.12.1.2-3.git9551f6b +- python libraries added +- resolves: #1657180 + +* Mon Dec 17 2018 Frantisek Kluknavsky - 0.12.1.2-2.git9551f6b +- rebase + +* Mon Dec 17 2018 Frantisek Kluknavsky - 0.11.1.1-3.git594495d +- go tools not in scl anymore + +* Mon Nov 19 2018 Frantisek Kluknavsky - 0.11.1.1-2.git594495d +- fedora-like buildrequires go toolset + +* Sat Nov 17 2018 Lokesh Mandvekar - 0.11.1.1-1.git594495d +- Resolves: #1636230 - build with FIPS enabled golang toolchain +- bump to v0.11.1.1 +- built commit 594495d + +* Fri Nov 16 2018 Frantisek Kluknavsky - 0.11.1-3.gita4adfe5 +- podman-docker provides docker +- Resolves: #1650355 + +* Thu Nov 15 2018 Lumír Balhar - 0.11.1-2.gita4adfe5 +- Require platform-python-setuptools instead of python3-setuptools +- Resolves: rhbz#1650144 + +* Tue Nov 13 2018 Lokesh Mandvekar - 0.11.1-1.gita4adfe5 +- bump to v0.11.1 +- built libpod commit a4adfe5 +- built conmon from cri-o commit 464dba6 + +* Fri Oct 19 2018 Lokesh Mandvekar - 0.10.1.3-5.gitdb08685 +- Resolves: #1625384 - keep BR: device-mapper-devel but don't build with it +- not having device-mapper-devel seems to have brew not recognize %%{_unitdir} + +* Thu Oct 18 2018 Lokesh Mandvekar - 0.10.1.3-4.gitdb08685 +- Resolves: #1625384 - correctly add buildtags to remove devmapper + +* Thu Oct 18 2018 Lokesh Mandvekar - 0.10.1.3-3.gitdb08685 +- Resolves: #1625384 - build without device-mapper-devel (no podman support) and lvm2 + +* Wed Oct 17 2018 Lokesh Mandvekar - 0.10.1.3-2.gitdb08685 +- Resolves: #1625384 - depend on lvm2 + +* Wed Oct 17 2018 Lokesh Mandvekar - 0.10.1.3-1.gitdb08685 +- Resolves: #1640298 - update vendored buildah to allow building when there are +running containers +- bump to v0.10.1.3 +- built podman commit db08685 + +* Wed Oct 17 2018 Lokesh Mandvekar - 0.10.1.2-1.git2b4f8d1 +- Resolves: #1625378 +- bump to v0.10.1.2 +- built podman commit 2b4f8d1 + +* Tue Oct 16 2018 Lokesh Mandvekar - 0.10.1.1-1.git4bea3e9 +- bump to v0.10.1.1 +- built podman commit 4bea3e9 + +* Thu Oct 11 2018 Lokesh Mandvekar - 0.10.1-1.gite4a1553 +- bump podman to v0.10.1 +- built podman commit e4a1553 +- built conmon from cri-o commit a30f93c + +* Tue Oct 09 2018 Frantisek Kluknavsky - 0.9.3.1-4.git1cd906d +- rebased cri-o to 1.11.6 + +* Wed Sep 26 2018 Frantisek Kluknavsky - 0.9.3.1-3.git1cd906d +- rebase + +* Tue Sep 18 2018 Frantisek Kluknavsky - 0.9.2-2.git37a2afe +- rebase to podman 0.9.2 +- rebase to cri-o 0.11.4 + +* Tue Sep 11 2018 Frantisek Kluknavsky - 0.9.1.1-2.git123de30 +- rebase + +* Mon Aug 27 2018 Lokesh Mandvekar - 0.8.4-1.git9f9b8cf +- bump to v0.8.4 +- built commit 9f9b8cf +- upstream username changed from projectatomic to containers +- use containernetworking-plugins >= 0.7.3-5 + +* Mon Aug 13 2018 Lokesh Mandvekar - 0.8.2.1-2.git7a526bb +- Resolves: #1615607 - rebuild with gobuild tag 'no_openssl' + +* Sun Aug 12 2018 Dan Walsh - 0.8.2.1-1.git7a526bb +- Upstream 0.8.2.1 release +- Add support for podman-docker +Resolves: rhbz#1615104 + +* Fri Aug 10 2018 Lokesh Mandvekar - 0.8.2-1.dev.git8b2d38e +- Resolves: #1614710 - podman search name includes registry +- bump to v0.8.2-dev +- built libpod commit 8b2d38e +- built conmon from cri-o commit acc0ee7 + +* Wed Aug 8 2018 Dan Walsh - 0.8.1-2.git6b4ab2a +- Add recommends for slirp4netns and container-selinux + +* Tue Aug 07 2018 Lokesh Mandvekar - 0.8.1-2.git6b4ab2a +- bump to v0.8.1 +- use %%go{build,generate} instead of go build and go generate +- update go deps to use scl-ized builds +- No need for Makefile patch for python installs + +* Sat Aug 4 2018 Dan Walsh - 0.8.1-1.git6b4ab2a +- Bump to v0.8.1 + +* Wed Aug 1 2018 Dan Walsh - 0.7.4-2.git079121 +- podman should not require atomic-registries + +* Tue Jul 24 2018 Lokesh Mandvekar - 0.7.4-1.dev.git9a18681 +- bump to v0.7.4-dev +- built commit 9a18681 + +* Sat Jul 21 2018 Dan Walsh - 0.7.3-2.git079121 +- Turn on ostree support +- Upstream 0.7.3 + +* Sat Jul 14 2018 Dan Walsh - 0.7.2-2.git4ca4c5f +- Upstream 0.7.2 release + +* Wed Jul 11 2018 Frantisek Kluknavsky - 0.7.1-3.git84cfdb2 +- rebuilt + +* Wed Jul 11 2018 Frantisek Kluknavsky - 0.7.1-2.git84cfdb2 +- rebase to 84cfdb2 + +* Sun Jul 08 2018 Dan Walsh - 0.7.1-1.git802d4f2 +- Upstream 0.7.1 release + +* Mon Jun 25 2018 Lokesh Mandvekar - 0.6.4-2.gitd5beb2f +- disable devel and unittest subpackages +- include conditionals for rhel-8.0 + +* Fri Jun 22 2018 Dan Walsh - 0.6.4-1.gitd5beb2f +- do not compress debuginfo with dwz to support delve debugger + +* Mon Jun 04 2018 Lokesh Mandvekar - 0.6.1-3.git3e0ff12 +- do not compress debuginfo with dwz to support delve debugger + +* Mon Jun 04 2018 Lokesh Mandvekar - 0.6.1-2.git3e0ff12 +- bash completion shouldn't have shebang + +* Mon Jun 04 2018 Lokesh Mandvekar - 0.6.1-1.git3e0ff12 +- Resolves: #1584429 - drop capabilities when running a container as non-root +- bump to v0.6.1 +- built podman commit 3e0ff12 +- built conmon from cri-o commit 1c0c3b0 +- drop containernetworking-plugins subpackage, it's now split out into a standalone +package + +* Fri Apr 27 2018 Lokesh Mandvekar - 0.4.1-4.gitb51d327 +- Resolves: #1572538 - build host-device and portmap plugins + +* Thu Apr 12 2018 Lokesh Mandvekar - 0.4.1-3.gitb51d327 +- correct dep on containernetworking-plugins + +* Thu Apr 12 2018 Lokesh Mandvekar - 0.4.1-2.gitb51d327 +- add containernetworking-plugins v0.7.0 as a subpackage (podman dep) +- release tag for the containernetworking-plugins is actually gotten from +podman release tag. + +* Wed Apr 11 2018 Lokesh Mandvekar - 0.4.1-1.gitb51d327 +- bump to v0.4.1 +- built commit b51d327 + +* Wed Mar 14 2018 Lokesh Mandvekar - 0.3.3-1.dev.gitbc358eb +- built podman commit bc358eb +- built conmon from cri-o commit 712f3b8 + +* Fri Mar 09 2018 baude - 0.3.2-1.gitf79a39a +- Release 0.3.2-1 + +* Sun Mar 04 2018 baude - 0.3.1-2.git98b95ff +- Correct RPM version + +* Fri Mar 02 2018 baude - 0.3.1-1-gitc187538 +- Release 0.3.1-1 + +* Sun Feb 25 2018 Peter Robinson 0.2.2-2.git525e3b1 +- Build on ARMv7 too (Fedora supports containers on that arch too) + +* Fri Feb 23 2018 baude - 0.2.2-1.git525e3b1 +- Release 0.2.2 + +* Fri Feb 16 2018 baude - 0.2.1-1.git3d0100b +- Release 0.2.1 + +* Wed Feb 14 2018 baude - 0.2-3.git3d0100b +- Add dep for atomic-registries + +* Tue Feb 13 2018 baude - 0.2-2.git3d0100b +- Add more 64bit arches +- Add containernetworking-cni dependancy +- Add iptables dependancy + +* Mon Feb 12 2018 baude - 0-2.1.git3d0100 +- Release 0.2 + +* Tue Feb 06 2018 Lokesh Mandvekar - 0-0.3.git367213a +- Resolves: #1541554 - first official build +- built commit 367213a + +* Fri Feb 02 2018 Lokesh Mandvekar - 0-0.2.git0387f69 +- built commit 0387f69 + +* Wed Jan 10 2018 Frantisek Kluknavsky - 0-0.1.gitc1b2278 +- First package for Fedora +