From 76857c77676753ca2e9fd6d9c91498b11f772d35 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 3 Apr 2024 15:35:21 +0300 Subject: [PATCH] import toolbox-0.0.99.5-2.module+el8.10.0+21341+ff0b5f89 --- .gitignore | 1 + .toolbox.metadata | 1 + ...ation-paths-for-coreos-toolbox-users.patch | 104 +++++++ ...flags-match-RHEL-s-gobuild-for-PPC64.patch | 55 ++++ ...the-build-flags-match-RHEL-s-gobuild.patch | 55 ++++ SOURCES/toolbox.conf | 17 ++ SPECS/toolbox.spec | 270 ++++++++++++++++++ 7 files changed, 503 insertions(+) create mode 100644 .gitignore create mode 100644 .toolbox.metadata create mode 100644 SOURCES/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch create mode 100644 SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch create mode 100644 SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch create mode 100644 SOURCES/toolbox.conf create mode 100644 SPECS/toolbox.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3d03030 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/toolbox-0.0.99.5-vendored.tar.xz diff --git a/.toolbox.metadata b/.toolbox.metadata new file mode 100644 index 0000000..4b7410d --- /dev/null +++ b/.toolbox.metadata @@ -0,0 +1 @@ +9b8595f66d8dd76636c308426919bb81cba5498a SOURCES/toolbox-0.0.99.5-vendored.tar.xz diff --git a/SOURCES/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch b/SOURCES/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch new file mode 100644 index 0000000..1e3e254 --- /dev/null +++ b/SOURCES/toolbox-Add-migration-paths-for-coreos-toolbox-users.patch @@ -0,0 +1,104 @@ +From 4587b6e9240bf936b760e901435c4cfdd9c582b6 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Wed, 18 Aug 2021 17:55:21 +0200 +Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST + environment variable + +https://bugzilla.redhat.com/show_bug.cgi?id=1940037 +--- + src/cmd/run.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmd/run.go b/src/cmd/run.go +index e2e31d9da4e6..84ad46518bfc 100644 +--- a/src/cmd/run.go ++++ b/src/cmd/run.go +@@ -498,6 +498,7 @@ func constructExecArgs(container, preserveFDs string, + execArgs = append(execArgs, envOptions...) + + execArgs = append(execArgs, []string{ ++ "--env", "HOST=/run/host", + "--interactive", + "--preserve-fds", preserveFDs, + }...) +-- +2.43.0 + + +From 892c33ed75443de90a2caa90959387bbc270c564 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Fri, 10 Dec 2021 13:42:15 +0100 +Subject: [PATCH 2/2] test/system: Update to test the migration path for + coreos/toolbox users + +This reverts the changes to the tests made in commit +411147988b730dabf8b9e761a5426e12d648f008 by restoring commit +ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit +3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed. +--- + test/system/002-help.bats | 14 -------------- + test/system/100-root.bats | 27 +++++++++++++++++++++++++++ + 2 files changed, 27 insertions(+), 14 deletions(-) + create mode 100644 test/system/100-root.bats + +diff --git a/test/system/002-help.bats b/test/system/002-help.bats +index 695c51f92e7e..5fa4c6fe0b4c 100644 +--- a/test/system/002-help.bats ++++ b/test/system/002-help.bats +@@ -23,20 +23,6 @@ setup() { + _setup_environment + } + +-@test "help: Smoke test" { +- run --keep-empty-lines --separate-stderr "$TOOLBOX" +- +- assert_failure +- assert [ ${#lines[@]} -eq 0 ] +- lines=("${stderr_lines[@]}") +- assert_line --index 0 "Error: missing command" +- assert_line --index 2 "create Create a new toolbox container" +- assert_line --index 3 "enter Enter an existing toolbox container" +- assert_line --index 4 "list List all existing toolbox containers and images" +- assert_line --index 6 "Run 'toolbox --help' for usage." +- assert [ ${#stderr_lines[@]} -eq 7 ] +-} +- + @test "help: Command 'help'" { + if ! command -v man 2>/dev/null; then + skip "not found man(1)" +diff --git a/test/system/100-root.bats b/test/system/100-root.bats +new file mode 100644 +index 000000000000..32d87904213e +--- /dev/null ++++ b/test/system/100-root.bats +@@ -0,0 +1,27 @@ ++#!/usr/bin/env bats ++ ++load 'libs/bats-support/load' ++load 'libs/bats-assert/load' ++load 'libs/helpers' ++ ++setup() { ++ _setup_environment ++ cleanup_containers ++} ++ ++teardown() { ++ cleanup_containers ++} ++ ++@test "root: Try to enter the default container with no containers created" { ++ run $TOOLBOX <<< "n" ++ ++ assert_success ++ assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command." ++ assert_line --index 1 "Run 'toolbox --help' for usage." ++} ++ ++# TODO: Write the test ++@test "root: Enter the default container when 1 non-default container is present" { ++ skip "Testing of entering toolboxes is not implemented" ++} +-- +2.43.0 + diff --git a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch new file mode 100644 index 0000000..40ace44 --- /dev/null +++ b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch @@ -0,0 +1,55 @@ +From 3b5b5b2ca2e284d83275ffb73bc413c9234d7b0a Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} for + PPC64 + +The Go toolchain also doesn't like the LDFLAGS environment variable as +exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't +like the compressed DWARF data generated by the Go toolchain. + +Note that these flags are only meant for the "ppc64" CPU architecture, +and should be kept updated to match RHEL's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. +--- + src/go-build-wrapper | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index c572d6dfb02b..1addef1f186b 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -70,11 +70,16 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + ++unset LDFLAGS ++ + # shellcheck disable=SC2086 + go build \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.43.0 + diff --git a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch new file mode 100644 index 0000000..c373c7a --- /dev/null +++ b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch @@ -0,0 +1,55 @@ +From 2ecd1ac4d83844d5b6314762587fc2347adfdd0f Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Mon, 29 Jun 2020 17:57:47 +0200 +Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} + +The Go toolchain doesn't like the LDFLAGS environment variable as +exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't +like the compressed DWARF data generated by the Go toolchain. + +Note that these flags are meant for every CPU architecture other than +PPC64, and should be kept updated to match RHEL's Go guidelines. Use +'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. +--- + src/go-build-wrapper | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/go-build-wrapper b/src/go-build-wrapper +index c572d6dfb02b..c492a4e73445 100755 +--- a/src/go-build-wrapper ++++ b/src/go-build-wrapper +@@ -33,9 +33,9 @@ if ! cd "$1"; then + exit 1 + fi + +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" + if $7; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$5" --print-file-name=libc.so); then +@@ -70,11 +70,17 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + ++unset LDFLAGS ++ + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/$3" + + exit "$?" +-- +2.43.0 + diff --git a/SOURCES/toolbox.conf b/SOURCES/toolbox.conf new file mode 100644 index 0000000..f934f2b --- /dev/null +++ b/SOURCES/toolbox.conf @@ -0,0 +1,17 @@ +[general] +# Create a toolbox container for a different operating system distro than the +# host. Cannot be used with 'image'. +## distro = "fedora" + +# Create a toolbox container for a different operating system release than the +# host. Cannot be used with 'image'. +## release = "33" + +# Change the name of the image used to create the toolbox container. This is +# useful for creating containers from custom-built images. Cannot be used with +# 'distro' or 'release'. +# +# If the name does not contain a registry, the local image storage will be +# consulted, and if it's not present there then it will be pulled from a +# suitable remote registry. +image = "registry.access.redhat.com/ubi8/toolbox:latest" diff --git a/SPECS/toolbox.spec b/SPECS/toolbox.spec new file mode 100644 index 0000000..700180e --- /dev/null +++ b/SPECS/toolbox.spec @@ -0,0 +1,270 @@ +%global __brp_check_rpaths %{nil} + +Name: toolbox +Version: 0.0.99.5 + +%global goipath github.com/containers/%{name} +%gometa + +Release: 2%{?dist} +Summary: Tool for interactive command line environments on Linux + +License: ASL 2.0 +URL: https://containertoolbx.org/ + +Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz +Source1: %{name}.conf + +# RHEL specific +Patch100: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch +Patch101: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +Patch102: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch + +BuildRequires: gcc +BuildRequires: golang >= 1.21.7 +BuildRequires: /usr/bin/go-md2man +BuildRequires: meson >= 0.58.0 +BuildRequires: pkgconfig(bash-completion) +BuildRequires: shadow-utils-subid-devel +BuildRequires: systemd +BuildRequires: systemd-rpm-macros + +Recommends: skopeo +Recommends: subscription-manager + +Requires: containers-common +Requires: podman >= 1.6.4 + + +%description +Toolbx is a tool for Linux, which allows the use of interactive command line +environments for development and troubleshooting the host operating system, +without having to install software on the host. It is built on top of Podman +and other standard container technologies from OCI. + +Toolbx environments have seamless access to the user's home directory, the +Wayland and X11 sockets, networking (including Avahi), removable devices (like +USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev +database, etc.. + + +%package tests +Summary: Tests for %{name} + +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: coreutils +Requires: grep +Requires: httpd-tools +Requires: openssl +Requires: skopeo + + +%description tests +The %{name}-tests package contains system tests for %{name}. + + +%prep +%setup -q + +%ifnarch ppc64 +%patch100 -p1 +%else +%patch101 -p1 +%endif + +%patch102 -p1 + +# %%gomkdir is absent from RHEL 8. +GOBUILDDIR="$(pwd)/_build" +GOSOURCEDIR="$(pwd)" +if [[ ! -e "$GOBUILDDIR/bin" ]] ; then + install -m 0755 -vd "$GOBUILDDIR/bin" +fi +if [[ ! -e "$GOBUILDDIR/src/%{goipath}" ]] ; then + install -m 0755 -vd "$(dirname $GOBUILDDIR/src/%{goipath})" + ln -fs "$GOSOURCEDIR" "$GOBUILDDIR/src/%{goipath}" +fi +cd "$GOBUILDDIR/src/%{goipath}" + + +%build +export GO111MODULE=off +GOBUILDDIR="$(pwd)/_build" +export GOPATH="$GOBUILDDIR:%{gopath}" +export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" +ln -s src/cmd cmd +ln -s src/pkg pkg +ln -s src/vendor vendor + +%meson \ + -Dfish_completions_dir=%{_datadir}/fish/vendor_completions.d \ + -Dmigration_path_for_coreos_toolbox=true \ + -Dprofile_dir=%{_sysconfdir}/profile.d \ + -Dtmpfiles_dir=%{_tmpfilesdir} \ + -Dzsh_completions_dir=%{_datadir}/zsh/site-functions + +%meson_build + + +%install +%meson_install +install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf + + +%files +%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md +%license COPYING src/vendor/modules.txt +%{_bindir}/%{name} +%{_datadir}/bash-completion +%{_datadir}/fish +%{_datadir}/zsh +%{_mandir}/man1/%{name}.1* +%{_mandir}/man1/%{name}-*.1* +%{_mandir}/man5/%{name}.conf.5* +%config(noreplace) %{_sysconfdir}/containers/%{name}.conf +%{_sysconfdir}/profile.d/%{name}.sh +%{_tmpfilesdir}/%{name}.conf + + +%files tests +%{_datadir}/%{name} + + +%changelog +* Mon Feb 19 2024 Debarshi Ray - 0.0.99.5-2 +- Rebuild for CVE-2023-39326 +Resolves: RHEL-18393 + +* Mon Jan 15 2024 Debarshi Ray - 0.0.99.5-1 +- Update to 0.0.99.5 +Resolves: RHEL-19773 + +* Fri Dec 08 2023 Debarshi Ray - 0.0.99.4-8 +- Rebuild for CVE-2023-39325 and CVE-2023-44487 +Resolves: RHEL-12620 + +* Mon Nov 27 2023 Debarshi Ray - 0.0.99.4-7 +- Rebuild for CVE-2023-29406, CVE-2023-39318 and CVE-2023-39319 +Resolves: RHEL-4231, RHEL-4475, RHEL-4502 + +* Mon Oct 02 2023 Debarshi Ray - 0.0.99.4-6 +- Simplify removing the user's password +Resolves: RHEL-2038 + +* Fri Aug 11 2023 Debarshi Ray - 0.0.99.4-5 +- Be aware of security hardened mount points +Resolves: #2144541 + +* Mon Aug 07 2023 Debarshi Ray - 0.0.99.4-4 +- Rebuild for CVE-2023-24539, CVE-2023-24540 and CVE-2023-29400 +Resolves: #2207514 + +* Mon Jul 10 2023 Debarshi Ray - 0.0.99.4-3 +- Rebuild for CVE-2022-41723, CVE-2023-24534, CVE-2023-24536 and + CVE-2023-24538 +Resolves: #2187345, #2187368, #2203690 + +* Mon Jul 10 2023 Debarshi Ray - 0.0.99.4-2 +- Rebuild for CVE-2022-41724 and CVE-2022-41725 +Resolves: #2179952 + +* Tue Apr 04 2023 Debarshi Ray - 0.0.99.4-1 +- Update to 0.0.99.4 +- Fix CVE-2022-3064 +Resolves: #2164981, #2165744 + +* Mon Feb 06 2023 Debarshi Ray - 0.0.99.3-7 +- Rebuild for CVE-2022-41717 +Resolves: #2163743 + +* Mon Jan 30 2023 Debarshi Ray - 0.0.99.3-6 +- Support RHEL 9 Toolbx containers +Resolves: #2163759 + +* Tue Dec 13 2022 Debarshi Ray - 0.0.99.3-5 +- Unbreak sorting and clearly identify copied images in 'list' +Resolves: #2033280 + +* Mon Nov 07 2022 Debarshi Ray - 0.0.99.3-4 +- Rebuild for CVE-2022-27664 and CVE-2022-32189 +Resolves: #2116767, #2126755 + +* Mon Nov 07 2022 Debarshi Ray - 0.0.99.3-3 +- Rebuild for CVE-2022-1705, CVE-2022-30630, CVE-2022-30631 and CVE-2022-30632 +Resolves: #2111828 + +* Mon Nov 07 2022 Debarshi Ray - 0.0.99.3-2 +- Update to 0.0.99.3 +- BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging + guidelines +- Update the Summary to match upstream +- Update the URL to point to the website +Resolves: #2047290 + +* Wed May 11 2022 Jindrich Novy - 0.0.99.3-0.6 +- BuildRequires: /usr/bin/go-md2man +- Related: #2061390 + +* Fri Apr 08 2022 Jindrich Novy - 0.0.99.3-0.5 +- Related: #2061390 + +* Mon Sep 20 2021 Jindrich Novy - 0.0.99.3-0.4 +- Switch to using the Toolbox-specific UBI image by default +- Related: #2001445 + +* Thu Sep 02 2021 Debarshi Ray - 0.0.99.3-0.3 +- Suggest a way forward if coreos/toolbox was used +Resolves: #1998191, #2000914 + +* Thu Aug 26 2021 Jindrich Novy - 0.0.99.3-0.2 +- Make sosreport work by setting the HOST environment variable +- Related: #1934415 + +* Wed Aug 11 2021 Jindrich Novy - 0.0.99.3-0.1 +- change release to 0.x so it is obvious it is devel version +- Related: #1934415 + +* Thu Aug 05 2021 Jindrich Novy - 0.0.99.3-1 +- Fix the build on CentOS Stream +- Related: #1934415 + +* Wed Jul 28 2021 Jindrich Novy - 0.0.99.2^1.git660b6970e998-1 +- Add support for configuration files +Resolves: #1940082 +- Related: #1934415 + +* Mon Jul 26 2021 Jindrich Novy - 0.0.99.2-4 +- Instead of offering to log into a registry, just mention 'podman login' +- Related: #1934415 + +* Sat Jul 10 2021 Jindrich Novy - 0.0.99.2-3 +- Expose the host's entire / in the container at /run/host +- Related: #1934415 + +* Mon Jul 05 2021 Jindrich Novy - 0.0.99.2-2 +- Actually apply the patch to make 'toolbox' create or fall back to a + container if possible +- Support logging into a registry if necessary +- Related: #1934415 + +* Fri Jul 02 2021 Jindrich Novy - 0.0.99.2-1 +- Update to 0.0.99.2 +- Make 'toolbox' create or fall back to a container if possible +Resolves: #1914687 +- Related: #1934415 + +* Tue Jan 12 2021 Jindrich Novy - 0.0.99-1 +- Update to 0.0.99 +- Related: #1883490 + +* Tue Jan 12 2021 Jindrich Novy - 0.0.98.1-3 +- remove bats as it's not present in RHEL +- Related: #1883490 + +* Mon Jan 11 2021 Jindrich Novy - 0.0.98.1-2 +- harden the toolbox binary +- minor fixes +- Related: #1883490 + +* Fri Jan 08 2021 Debarshi Ray - 0.0.98.1-1 +- Rebase to github.com/containers/toolbox