Compare commits
No commits in common. 'c9' and 'c8-stream-2.0' have entirely different histories.
c9
...
c8-stream-
@ -1 +1 @@
|
||||
SOURCES/toolbox-0.0.99.4-vendored.tar.xz
|
||||
SOURCES/0.0.7.tar.gz
|
||||
|
||||
@ -1 +1 @@
|
||||
3a2506e53c44cab54d476ee38af7197175e8af10 SOURCES/toolbox-0.0.99.4-vendored.tar.xz
|
||||
c4f1c5b9391558c4626c7bc5882afa9bbe095a9b SOURCES/0.0.7.tar.gz
|
||||
|
||||
@ -1,101 +0,0 @@
|
||||
From d461caa5b1a278124d039df93140d2d5bf4eabe7 Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||||
Date: Wed, 18 Aug 2021 17:55:21 +0200
|
||||
Subject: [PATCH 1/2] cmd/run: Make sosreport work by setting the HOST
|
||||
environment variable
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1940037
|
||||
---
|
||||
src/cmd/run.go | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/cmd/run.go b/src/cmd/run.go
|
||||
index 7657ffa50821..23d422623b14 100644
|
||||
--- a/src/cmd/run.go
|
||||
+++ b/src/cmd/run.go
|
||||
@@ -501,6 +501,7 @@ func constructExecArgs(container, preserveFDs string,
|
||||
execArgs = append(execArgs, envOptions...)
|
||||
|
||||
execArgs = append(execArgs, []string{
|
||||
+ "--env", "HOST=/run/host",
|
||||
"--interactive",
|
||||
"--preserve-fds", preserveFDs,
|
||||
}...)
|
||||
--
|
||||
2.39.2
|
||||
|
||||
|
||||
From 3c2c67752e8f88f72058799cbce3612fc937b230 Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||||
Date: Fri, 10 Dec 2021 13:42:15 +0100
|
||||
Subject: [PATCH 2/2] test/system: Update to test the migration path for
|
||||
coreos/toolbox users
|
||||
|
||||
This reverts the changes to the tests made in commit
|
||||
411147988b730dabf8b9e761a5426e12d648f008 by restoring commit
|
||||
ca899c8a561f357ae32c6ba6813520fd8b682abb and the parts of commit
|
||||
3aeb7cf288319e35eb9c5e26ea18d97452462c1e that were removed.
|
||||
---
|
||||
test/system/002-help.bats | 11 -----------
|
||||
test/system/100-root.bats | 27 +++++++++++++++++++++++++++
|
||||
2 files changed, 27 insertions(+), 11 deletions(-)
|
||||
create mode 100644 test/system/100-root.bats
|
||||
|
||||
diff --git a/test/system/002-help.bats b/test/system/002-help.bats
|
||||
index 7e4565e9d23d..58a4c2c87ece 100644
|
||||
--- a/test/system/002-help.bats
|
||||
+++ b/test/system/002-help.bats
|
||||
@@ -23,17 +23,6 @@ setup() {
|
||||
_setup_environment
|
||||
}
|
||||
|
||||
-@test "help: Try to run toolbox with no command" {
|
||||
- run $TOOLBOX
|
||||
-
|
||||
- assert_failure
|
||||
- assert_line --index 0 "Error: missing command"
|
||||
- assert_line --index 1 "create Create a new toolbox container"
|
||||
- assert_line --index 2 "enter Enter an existing toolbox container"
|
||||
- assert_line --index 3 "list List all existing toolbox containers and images"
|
||||
- assert_line --index 4 "Run 'toolbox --help' for usage."
|
||||
-}
|
||||
-
|
||||
@test "help: Run command 'help'" {
|
||||
if ! command -v man 2>/dev/null; then
|
||||
skip "Test works only if man is in PATH"
|
||||
diff --git a/test/system/100-root.bats b/test/system/100-root.bats
|
||||
new file mode 100644
|
||||
index 000000000000..32d87904213e
|
||||
--- /dev/null
|
||||
+++ b/test/system/100-root.bats
|
||||
@@ -0,0 +1,27 @@
|
||||
+#!/usr/bin/env bats
|
||||
+
|
||||
+load 'libs/bats-support/load'
|
||||
+load 'libs/bats-assert/load'
|
||||
+load 'libs/helpers'
|
||||
+
|
||||
+setup() {
|
||||
+ _setup_environment
|
||||
+ cleanup_containers
|
||||
+}
|
||||
+
|
||||
+teardown() {
|
||||
+ cleanup_containers
|
||||
+}
|
||||
+
|
||||
+@test "root: Try to enter the default container with no containers created" {
|
||||
+ run $TOOLBOX <<< "n"
|
||||
+
|
||||
+ assert_success
|
||||
+ assert_line --index 0 "No toolbox containers found. Create now? [y/N] A container can be created later with the 'create' command."
|
||||
+ assert_line --index 1 "Run 'toolbox --help' for usage."
|
||||
+}
|
||||
+
|
||||
+# TODO: Write the test
|
||||
+@test "root: Enter the default container when 1 non-default container is present" {
|
||||
+ skip "Testing of entering toolboxes is not implemented"
|
||||
+}
|
||||
--
|
||||
2.39.2
|
||||
|
||||
@ -1,89 +0,0 @@
|
||||
From fc5f568c5d82f4a16982268fa67092e52be91fbe Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||||
Date: Tue, 28 Feb 2023 17:12:04 +0100
|
||||
Subject: [PATCH] cmd/root: Don't use podman(1) when generating the completions
|
||||
|
||||
Ever since commit bafbbe81c9220cb3, the shell completions are generated
|
||||
while building Toolbx using the 'completion' command. This involves
|
||||
running toolbox(1) itself, and hence invoking 'podman version' to decide
|
||||
if 'podman system migrate' is needed or not.
|
||||
|
||||
Unfortunately, some build environments, like Fedora's, are set up inside
|
||||
a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may
|
||||
not work because it does various things with namespaces(7) and clone(2)
|
||||
that can, under certain circumstances, encounter an EPERM.
|
||||
|
||||
Therefore, it's better to avoid using podman(1) when generating the
|
||||
shell completions, especially, since they are generated by Cobra itself
|
||||
and podman(1) is not involved at all.
|
||||
|
||||
Note that podman(1) is needed when the generated shell completions are
|
||||
actually used in interactive command line environments. The shell
|
||||
completions invoke the hidden '__complete' command to get the results
|
||||
that are presented to the user, and, if needed, 'podman system migrate'
|
||||
will continue to be run as part of that.
|
||||
|
||||
This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011
|
||||
because podman(1) is now only an optional runtime dependency for the
|
||||
system tests.
|
||||
|
||||
https://github.com/containers/podman/issues/17657
|
||||
---
|
||||
meson.build | 2 +-
|
||||
src/cmd/root.go | 9 +++++++--
|
||||
2 files changed, 8 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/meson.build b/meson.build
|
||||
index 6f044bb204e3..653a3d3ac588 100644
|
||||
--- a/meson.build
|
||||
+++ b/meson.build
|
||||
@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h'])
|
||||
|
||||
go = find_program('go')
|
||||
go_md2man = find_program('go-md2man')
|
||||
-podman = find_program('podman')
|
||||
|
||||
bats = find_program('bats', required: false)
|
||||
codespell = find_program('codespell', required: false)
|
||||
htpasswd = find_program('htpasswd', required: false)
|
||||
openssl = find_program('openssl', required: false)
|
||||
+podman = find_program('podman', required: false)
|
||||
shellcheck = find_program('shellcheck', required: false)
|
||||
skopeo = find_program('skopeo', required: false)
|
||||
|
||||
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
||||
index 304b03dcd889..9975ccc7a4c8 100644
|
||||
--- a/src/cmd/root.go
|
||||
+++ b/src/cmd/root.go
|
||||
@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error {
|
||||
|
||||
logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath)
|
||||
|
||||
- if err := migrate(); err != nil {
|
||||
+ if err := migrate(cmd, args); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error {
|
||||
return rootRunImpl(cmd, args)
|
||||
}
|
||||
|
||||
-func migrate() error {
|
||||
+func migrate(cmd *cobra.Command, args []string) error {
|
||||
logrus.Debug("Migrating to newer Podman")
|
||||
|
||||
if utils.IsInsideContainer() {
|
||||
return nil
|
||||
}
|
||||
|
||||
+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName {
|
||||
+ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName)
|
||||
+ return nil
|
||||
+ }
|
||||
+
|
||||
configDir, err := os.UserConfigDir()
|
||||
if err != nil {
|
||||
logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err)
|
||||
--
|
||||
2.39.1
|
||||
|
||||
@ -1,55 +0,0 @@
|
||||
From 973600219168f3c4efeb627c103085555327eaa5 Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||||
Date: Mon, 29 Jun 2020 17:57:47 +0200
|
||||
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} for
|
||||
PPC64
|
||||
|
||||
The Go toolchain also doesn't like the LDFLAGS environment variable as
|
||||
exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
|
||||
like the compressed DWARF data generated by the Go toolchain.
|
||||
|
||||
Note that these flags are only meant for the "ppc64" CPU architecture,
|
||||
and should be kept updated to match RHEL's Go guidelines. Use
|
||||
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
|
||||
---
|
||||
src/go-build-wrapper | 13 +++++++++----
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
|
||||
index c572d6dfb02b..86f174716608 100755
|
||||
--- a/src/go-build-wrapper
|
||||
+++ b/src/go-build-wrapper
|
||||
@@ -33,9 +33,9 @@ if ! cd "$1"; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
-tags=""
|
||||
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
|
||||
if $7; then
|
||||
- tags="-tags migration_path_for_coreos_toolbox"
|
||||
+ tags="$tags,migration_path_for_coreos_toolbox"
|
||||
fi
|
||||
|
||||
if ! libc_dir=$("$5" --print-file-name=libc.so); then
|
||||
@@ -70,11 +70,16 @@ fi
|
||||
|
||||
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
|
||||
|
||||
+unset LDFLAGS
|
||||
+
|
||||
# shellcheck disable=SC2086
|
||||
go build \
|
||||
+ -compiler gc \
|
||||
$tags \
|
||||
- -trimpath \
|
||||
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
|
||||
+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
|
||||
+ -a \
|
||||
+ -v \
|
||||
+ -x \
|
||||
-o "$2/$3"
|
||||
|
||||
exit "$?"
|
||||
--
|
||||
2.39.2
|
||||
|
||||
@ -1,55 +0,0 @@
|
||||
From aeaa8cd30a8c5ad33ee1fe6b9e84ecbb28f7264c Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||||
Date: Mon, 29 Jun 2020 17:57:47 +0200
|
||||
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags}
|
||||
|
||||
The Go toolchain doesn't like the LDFLAGS environment variable as
|
||||
exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
|
||||
like the compressed DWARF data generated by the Go toolchain.
|
||||
|
||||
Note that these flags are meant for every CPU architecture other than
|
||||
PPC64, and should be kept updated to match RHEL's Go guidelines. Use
|
||||
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
|
||||
---
|
||||
src/go-build-wrapper | 14 ++++++++++----
|
||||
1 file changed, 10 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
|
||||
index c572d6dfb02b..d39764fda0c1 100755
|
||||
--- a/src/go-build-wrapper
|
||||
+++ b/src/go-build-wrapper
|
||||
@@ -33,9 +33,9 @@ if ! cd "$1"; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
-tags=""
|
||||
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
|
||||
if $7; then
|
||||
- tags="-tags migration_path_for_coreos_toolbox"
|
||||
+ tags="$tags,migration_path_for_coreos_toolbox"
|
||||
fi
|
||||
|
||||
if ! libc_dir=$("$5" --print-file-name=libc.so); then
|
||||
@@ -70,11 +70,17 @@ fi
|
||||
|
||||
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
|
||||
|
||||
+unset LDFLAGS
|
||||
+
|
||||
# shellcheck disable=SC2086
|
||||
go build \
|
||||
+ -buildmode pie \
|
||||
+ -compiler gc \
|
||||
$tags \
|
||||
- -trimpath \
|
||||
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
|
||||
+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
|
||||
+ -a \
|
||||
+ -v \
|
||||
+ -x \
|
||||
-o "$2/$3"
|
||||
|
||||
exit "$?"
|
||||
--
|
||||
2.39.2
|
||||
|
||||
@ -1,76 +0,0 @@
|
||||
From 1cc9e07b7c36fe9f9784b40b58f0a2a3694dd328 Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||||
Date: Thu, 13 Jul 2023 13:08:40 +0200
|
||||
Subject: [PATCH] cmd/initContainer: Be aware of security hardened mount points
|
||||
|
||||
Sometimes locations such as /var/lib/flatpak, /var/lib/systemd/coredump
|
||||
and /var/log/journal sit on security hardened mount points that are
|
||||
marked as 'nosuid,nodev,noexec' [1]. In such cases, when Toolbx is used
|
||||
rootless, an attempt to bind mount these locations read-only at runtime
|
||||
with mount(8) fails because of permission problems:
|
||||
# mount --rbind -o ro <source> <containerPath>
|
||||
mount: <containerPath>: filesystem was mounted, but any subsequent
|
||||
operation failed: Unknown error 5005.
|
||||
|
||||
(Note that the above error message from mount(8) was subsequently
|
||||
improved to show something more meaningful than 'Unknown error' [2].)
|
||||
|
||||
The problem is that 'init-container' is running inside the container's
|
||||
mount and user namespace, and the source paths were mounted inside the
|
||||
host's namespace with 'nosuid,nodev,noexec'. The above mount(8) call
|
||||
tries to remove the 'nosuid,nodev,noexec' flags from the mount point and
|
||||
replace them with only 'ro', which is something that can't be done from
|
||||
a child namespace.
|
||||
|
||||
Note that this doesn't fail when Toolbx is running as root. This is
|
||||
because the container uses the host's user namespace and is able to
|
||||
remove the 'nosuid,nodev,noexec' flags from the mount point and replace
|
||||
them with only 'ro'. Even though it doesn't fail, the flags shouldn't
|
||||
get replaced like that inside the container, because it removes the
|
||||
security hardening of those mount points.
|
||||
|
||||
There's actually no benefit in bind mounting these paths as read-only.
|
||||
It was historically done this way 'just to be safe' because a user isn't
|
||||
expected to write to these locations from inside a container. However,
|
||||
Toolbx doesn't intend to provide any heightened security beyond what's
|
||||
already available on the host.
|
||||
|
||||
Hence, it's better to get out of the way and leave it to the permissions
|
||||
on the source location from the host operating system to guard the
|
||||
castle. This is accomplished by not passing any file system options to
|
||||
mount(8) [1].
|
||||
|
||||
Based on an idea from Si.
|
||||
|
||||
[1] https://man7.org/linux/man-pages/man8/mount.8.html
|
||||
|
||||
[2] util-linux commit 9420ca34dc8b6f0f
|
||||
https://github.com/util-linux/util-linux/commit/9420ca34dc8b6f0f
|
||||
https://github.com/util-linux/util-linux/pull/2376
|
||||
|
||||
https://github.com/containers/toolbox/issues/911
|
||||
---
|
||||
src/cmd/initContainer.go | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go
|
||||
index 222aa42e1036..41b825b33f58 100644
|
||||
--- a/src/cmd/initContainer.go
|
||||
+++ b/src/cmd/initContainer.go
|
||||
@@ -62,10 +62,10 @@ var (
|
||||
{"/run/udev/data", "/run/host/run/udev/data", ""},
|
||||
{"/run/udev/tags", "/run/host/run/udev/tags", ""},
|
||||
{"/tmp", "/run/host/tmp", "rslave"},
|
||||
- {"/var/lib/flatpak", "/run/host/var/lib/flatpak", "ro"},
|
||||
+ {"/var/lib/flatpak", "/run/host/var/lib/flatpak", ""},
|
||||
{"/var/lib/libvirt", "/run/host/var/lib/libvirt", ""},
|
||||
- {"/var/lib/systemd/coredump", "/run/host/var/lib/systemd/coredump", "ro"},
|
||||
- {"/var/log/journal", "/run/host/var/log/journal", "ro"},
|
||||
+ {"/var/lib/systemd/coredump", "/run/host/var/lib/systemd/coredump", ""},
|
||||
+ {"/var/log/journal", "/run/host/var/log/journal", ""},
|
||||
{"/var/mnt", "/run/host/var/mnt", "rslave"},
|
||||
}
|
||||
)
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,17 +0,0 @@
|
||||
[general]
|
||||
# Create a toolbox container for a different operating system distro than the
|
||||
# host. Cannot be used with 'image'.
|
||||
## distro = "fedora"
|
||||
|
||||
# Create a toolbox container for a different operating system release than the
|
||||
# host. Cannot be used with 'image'.
|
||||
## release = "33"
|
||||
|
||||
# Change the name of the image used to create the toolbox container. This is
|
||||
# useful for creating containers from custom-built images. Cannot be used with
|
||||
# 'distro' or 'release'.
|
||||
#
|
||||
# If the name does not contain a registry, the local image storage will be
|
||||
# consulted, and if it's not present there then it will be pulled from a
|
||||
# suitable remote registry.
|
||||
image = "registry.access.redhat.com/ubi9/toolbox:latest"
|
||||
@ -0,0 +1,54 @@
|
||||
Name: toolbox
|
||||
Version: 0.0.7
|
||||
Release: 1%{?dist}
|
||||
Summary: Script to launch privileged container with podman
|
||||
|
||||
License: ASL 2.0
|
||||
URL: https://github.com/coreos/toolbox
|
||||
Source0: https://github.com/coreos/%{name}/archive/%{version}.tar.gz
|
||||
Requires: podman
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
toolbox is a small script that launches a container to let
|
||||
you bring in your favorite debugging or admin tools.
|
||||
|
||||
%define debug_package %{nil}
|
||||
|
||||
%prep
|
||||
%autosetup
|
||||
|
||||
%build
|
||||
# No building required
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
install -d $RPM_BUILD_ROOT/%{_bindir}
|
||||
install -m 755 rhcos-toolbox $RPM_BUILD_ROOT/%{_bindir}/toolbox
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README.md NOTICE
|
||||
%{_bindir}/toolbox
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Mar 24 2020 Jindrich Novy <jnovy@redhat.com> - 0.0.7-1
|
||||
- New upstream release 0.0.7
|
||||
- Resolves: #1816287
|
||||
|
||||
* Fri Jun 14 2019 Yu Qi Zhang <jerzhang@redhat.com> - 0.0.4-1.el8
|
||||
- Update for rhel8.1 container-tools module
|
||||
|
||||
* Tue May 21 2019 Steve Milner <smilner@redhat.com> - 0.0.4-1.rhaos4.2.el8
|
||||
- Add help switch per RHBZ#1684258
|
||||
- Spec fixes found by rpmlint
|
||||
|
||||
* Thu May 2 2019 Micah Abbott <miabbott@redhat.com> - 0.0.3-1.rhaos4.1.el8
|
||||
- Use rhel8/support-tools
|
||||
|
||||
* Sat Jan 26 2019 Yu Qi Zhang <jerzhang@redhat.com> - 0.0.2-1.rhaos4.1.el8
|
||||
- Add runlabel options and fix default image
|
||||
|
||||
* Thu Sep 6 2018 Yu Qi Zhang <jerzhang@redhat.com> - 0.0.1-1.rhaos4.1.el8
|
||||
- Initial Specfile for Red Hat CoreOS Toolbox
|
||||
@ -1,417 +0,0 @@
|
||||
%global __brp_check_rpaths %{nil}
|
||||
|
||||
Name: toolbox
|
||||
Version: 0.0.99.4
|
||||
|
||||
%global goipath github.com/containers/%{name}
|
||||
|
||||
%if 0%{?rhel} == 9
|
||||
%gometa
|
||||
%else
|
||||
%gometa -f
|
||||
%endif
|
||||
|
||||
Release: 6%{?dist}
|
||||
Summary: Tool for containerized command line environments on Linux
|
||||
|
||||
License: ASL 2.0
|
||||
URL: https://containertoolbx.org/
|
||||
Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}-vendored.tar.xz
|
||||
%if 0%{?rhel}
|
||||
Source1: %{name}.conf
|
||||
%endif
|
||||
|
||||
# Upstream
|
||||
Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch
|
||||
Patch1: toolbox-Don-t-validate-subordinate-IDs-when-generat.patch
|
||||
Patch2: toolbox-cmd-initContainer-Be-aware-of-security-hardened-moun.patch
|
||||
|
||||
# RHEL specific
|
||||
Patch100: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
|
||||
Patch101: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch
|
||||
%if 0%{?rhel}
|
||||
Patch102: toolbox-Add-migration-paths-for-coreos-toolbox-users.patch
|
||||
%endif
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: go-md2man
|
||||
BuildRequires: golang >= 1.20.10
|
||||
BuildRequires: meson >= 0.58.0
|
||||
BuildRequires: pkgconfig(bash-completion)
|
||||
BuildRequires: shadow-utils-subid-devel
|
||||
BuildRequires: systemd
|
||||
BuildRequires: systemd-rpm-macros
|
||||
%if ! 0%{?rhel}
|
||||
BuildRequires: golang(github.com/HarryMichal/go-version) >= 1.0.1
|
||||
BuildRequires: golang(github.com/acobaugh/osrelease) >= 0.1.0
|
||||
BuildRequires: golang(github.com/briandowns/spinner) >= 1.17.0
|
||||
BuildRequires: golang(github.com/docker/go-units) >= 0.4.0
|
||||
BuildRequires: golang(github.com/fsnotify/fsnotify) >= 1.5.1
|
||||
BuildRequires: golang(github.com/godbus/dbus) >= 5.0.6
|
||||
BuildRequires: golang(github.com/sirupsen/logrus) >= 1.8.1
|
||||
BuildRequires: golang(github.com/spf13/cobra) >= 1.3.0
|
||||
BuildRequires: golang(github.com/spf13/viper) >= 1.10.1
|
||||
BuildRequires: golang(golang.org/x/sys/unix)
|
||||
BuildRequires: golang(golang.org/x/term)
|
||||
BuildRequires: pkgconfig(fish)
|
||||
# for tests
|
||||
# BuildRequires: codespell
|
||||
# BuildRequires: golang(github.com/stretchr/testify) >= 1.7.0
|
||||
# BuildRequires: ShellCheck
|
||||
%endif
|
||||
|
||||
Requires: containers-common
|
||||
Requires: podman >= 1.4.0
|
||||
%if ! 0%{?rhel}
|
||||
Requires: flatpak-session-helper
|
||||
%endif
|
||||
|
||||
|
||||
%description
|
||||
Toolbox is a tool for Linux operating systems, which allows the use of
|
||||
containerized command line environments. It is built on top of Podman and
|
||||
other standard container technologies from OCI.
|
||||
|
||||
|
||||
%package tests
|
||||
Summary: Tests for %{name}
|
||||
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Requires: coreutils
|
||||
Requires: gawk
|
||||
Requires: grep
|
||||
Requires: skopeo
|
||||
%if ! 0%{?rhel}
|
||||
Requires: bats
|
||||
%endif
|
||||
|
||||
%description tests
|
||||
The %{name}-tests package contains system tests for %{name}.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%ifnarch ppc64
|
||||
%patch100 -p1
|
||||
%else
|
||||
%patch101 -p1
|
||||
%endif
|
||||
|
||||
%if 0%{?rhel}
|
||||
%patch102 -p1
|
||||
%endif
|
||||
|
||||
%gomkdir -s %{_builddir}/%{extractdir}/src %{?rhel:-k}
|
||||
|
||||
|
||||
%build
|
||||
export %{gomodulesmode}
|
||||
export GOPATH=%{gobuilddir}:%{gopath}
|
||||
export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
|
||||
|
||||
%meson \
|
||||
%if 0%{?rhel}
|
||||
-Dfish_completions_dir=%{_datadir}/fish/vendor_completions.d \
|
||||
-Dmigration_path_for_coreos_toolbox=true \
|
||||
%endif
|
||||
-Dprofile_dir=%{_sysconfdir}/profile.d \
|
||||
-Dtmpfiles_dir=%{_tmpfilesdir} \
|
||||
-Dzsh_completions_dir=%{_datadir}/zsh/site-functions
|
||||
|
||||
%meson_build
|
||||
|
||||
|
||||
# %%check
|
||||
# %%meson_test
|
||||
|
||||
|
||||
%install
|
||||
%meson_install
|
||||
|
||||
%if 0%{?rhel}
|
||||
install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/%{name}.conf
|
||||
%endif
|
||||
|
||||
|
||||
%files
|
||||
%doc CODE-OF-CONDUCT.md NEWS README.md SECURITY.md
|
||||
%license COPYING %{?rhel:src/vendor/modules.txt}
|
||||
%{_bindir}/%{name}
|
||||
%{_datadir}/bash-completion
|
||||
%{_datadir}/fish
|
||||
%{_datadir}/zsh
|
||||
%{_mandir}/man1/%{name}.1*
|
||||
%{_mandir}/man1/%{name}-*.1*
|
||||
%{_mandir}/man5/%{name}.conf.5*
|
||||
%config(noreplace) %{_sysconfdir}/containers/%{name}.conf
|
||||
%{_sysconfdir}/profile.d/%{name}.sh
|
||||
%{_tmpfilesdir}/%{name}.conf
|
||||
|
||||
%files tests
|
||||
%{_datadir}/%{name}
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Oct 14 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-6
|
||||
- Rebuild for CVE-2023-39325 and CVE-2023-44487
|
||||
Resolves: RHEL-12693
|
||||
|
||||
* Fri Aug 11 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-5
|
||||
- Be aware of security hardened mount points
|
||||
Resolves: #2222789
|
||||
|
||||
* Mon Aug 07 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-4
|
||||
- Rebuild for CVE-2023-24539, CVE-2023-24540 and CVE-2023-29400
|
||||
Resolves: #2221850
|
||||
|
||||
* Tue May 16 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-3
|
||||
- Rebuild for CVE-2022-41723, CVE-2023-24534, CVE-2023-24536 and
|
||||
CVE-2023-24538
|
||||
Resolves: #2187337, #2187385, #2203706
|
||||
|
||||
* Tue May 16 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-2
|
||||
- Rebuild for CVE-2022-41724 and CVE-2022-41725
|
||||
Resolves: #2179968
|
||||
|
||||
* Mon Apr 03 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.4-1
|
||||
- Update to 0.0.99.4
|
||||
Resolves: #2165742
|
||||
|
||||
* Mon Feb 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-9
|
||||
- Rebuild for CVE-2022-41717
|
||||
Resolves: #2164292
|
||||
|
||||
* Mon Jan 30 2023 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-8
|
||||
- Support RHEL 9 Toolbx containers
|
||||
Resolves: #2163752
|
||||
|
||||
* Tue Dec 13 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-7
|
||||
- Unbreak sorting and clearly identify copied images in 'list'
|
||||
Resolves: #2033282
|
||||
|
||||
* Fri Oct 14 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-6
|
||||
- Rebuild for CVE-2022-27664 and CVE-2022-32189
|
||||
Resolves: #2116786
|
||||
|
||||
* Tue Aug 16 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-5
|
||||
- Rebuild for CVE-2022-1705, CVE-2022-30630, CVE-2022-30631 and CVE-2022-30632
|
||||
Resolves: #2111830
|
||||
|
||||
* Tue May 17 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-4
|
||||
- Bump the minimum required golang version for added reassurance
|
||||
Resolves: #2060769, #2089194
|
||||
|
||||
* Mon May 16 2022 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-3
|
||||
- Rebuild for FIPS-mode memory leak in the Go toolchain
|
||||
Resolves: #2060769
|
||||
|
||||
* Wed May 11 2022 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-2
|
||||
- BuildRequires: /usr/bin/go-md2man
|
||||
- Related: #2061316
|
||||
|
||||
* Fri Dec 10 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-1
|
||||
- Update to 0.0.99.3
|
||||
- BuildRequire only systemd-rpm-macros as recommended by the Fedora packaging
|
||||
guidelines
|
||||
- Update the Summary to match upstream
|
||||
- Update the URL to point to the website
|
||||
Resolves: #2000807
|
||||
|
||||
* Wed Sep 22 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-0.14.git660b6970e998
|
||||
- Suggest a way forward if coreos/toolbox was used
|
||||
Resolves: #2006802
|
||||
|
||||
* Wed Sep 22 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-0.13.git660b6970e998
|
||||
- Switch to using the Toolbox-specific UBI image by default
|
||||
Resolves: #2004563
|
||||
|
||||
* Thu Sep 16 2021 Oliver Gutiérrez <ogutierrez@redhat.com> - 0.0.99.3-0.12.git660b6970e998
|
||||
- Changed image for tests and tests parameters to fix gating
|
||||
Related: #2000051
|
||||
|
||||
* Thu Sep 16 2021 Oliver Gutiérrez <ogutierrez@redhat.com> - 0.0.99.3-0.11.git660b6970e998
|
||||
- Changed image for tests and added /etc/containers dir check
|
||||
Related: #2000051
|
||||
|
||||
* Tue Sep 14 2021 Oliver Gutiérrez <ogutierrez@redhat.com> - 0.0.99.3-0.10.git660b6970e998
|
||||
- Added ability to force test system id and version id
|
||||
Related: #2000051
|
||||
|
||||
* Tue Sep 14 2021 Oliver Gutiérrez <ogutierrez@redhat.com> - 0.0.99.3-0.9.git660b6970e998
|
||||
- Fixed test roles and changed default image path
|
||||
Related: #2000051
|
||||
|
||||
* Tue Sep 14 2021 Oliver Gutiérrez <ogutierrez@redhat.com> - 0.0.99.3-0.8.git660b6970e998
|
||||
- Added default container image configuration for tests
|
||||
Related: #2000051
|
||||
|
||||
* Fri Sep 03 2021 Oliver Gutiérrez <ogutierrez@redhat.com> - 0.0.99.3-0.7.git660b6970e998
|
||||
- Added missing gating tests files and patch for tests
|
||||
Related: #2000051
|
||||
|
||||
* Fri Sep 03 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.6.git660b6970e998
|
||||
- re-add gating tests
|
||||
- Related: #2000051
|
||||
|
||||
* Fri Sep 03 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.3-0.5.git660b6970e998
|
||||
- Make sosreport work by setting the HOST environment variable
|
||||
- Related: #2000051
|
||||
|
||||
* Mon Aug 30 2021 Oliver Gutiérrez <ogutierrez@redhat.com> - 0.0.99.3-0.4.git660b6970e998
|
||||
- Fixed gating tests bats version
|
||||
Related: rhbz#1977343
|
||||
|
||||
* Tue Aug 24 2021 Oliver Gutiérrez <ogutierrez@redhat.com> - 0.0.99.3-0.3.git660b6970e998
|
||||
- Rebuilt for gating checks
|
||||
Related: rhbz#1977343
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.0.99.3-0.2.git660b6970e998
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Mon Aug 02 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.3-0.1.git660b6970e998
|
||||
- Fix the build on CentOS Stream
|
||||
Related: #1970747
|
||||
|
||||
* Wed Jul 28 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2^1.git660b6970e998-1
|
||||
- Add support for configuration files
|
||||
- Related: #1970747
|
||||
|
||||
* Sat Jul 10 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-3
|
||||
- Expose the host's entire / in the container at /run/host
|
||||
- Resolves: #1977343
|
||||
|
||||
* Mon Jul 05 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-2
|
||||
- Actually apply the patch to make 'toolbox' create or fall back to a
|
||||
container if possible
|
||||
- Support logging into a registry if necessary
|
||||
- Resolves: #1977343
|
||||
|
||||
* Fri Jul 02 2021 Jindrich Novy <jnovy@redhat.com> - 0.0.99.2-1
|
||||
- update to 0.99.2
|
||||
- Resolves: #1977343
|
||||
|
||||
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 0.0.99.1-4
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
|
||||
* Thu Apr 29 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.1-3
|
||||
- Fix FTBFS
|
||||
Resolves: #1912983
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.0.99.1-2
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Tue Feb 23 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99.1-1
|
||||
- Update to 0.0.99.1
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.99-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Tue Jan 12 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.99-1
|
||||
- Update to 0.0.99
|
||||
|
||||
* Mon Jan 11 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.98.1-2
|
||||
- Harden the binary by using the same CGO_CFLAGS as on RHEL 8
|
||||
|
||||
* Thu Jan 07 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.98.1-1
|
||||
- Update to 0.0.98.1
|
||||
|
||||
* Tue Jan 05 2021 Debarshi Ray <rishi@fedoraproject.org> - 0.0.98-1
|
||||
- Update to 0.0.98
|
||||
|
||||
* Wed Nov 25 2020 Ondřej Míchal <harrymichal@seznam.cz> - 0.0.97-2
|
||||
- Move krb5-libs from -support to -experience, and update the list of packages
|
||||
in -experience
|
||||
|
||||
* Tue Nov 03 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.97-1
|
||||
- Update to 0.0.97
|
||||
|
||||
* Thu Oct 01 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.96-1
|
||||
- Update to 0.0.96
|
||||
|
||||
* Sun Aug 30 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.95-1
|
||||
- Update to 0.0.95
|
||||
|
||||
* Mon Aug 24 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.94-1
|
||||
- Update to 0.0.94
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.93-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Sat Jul 25 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.93-1
|
||||
- Update to 0.0.93
|
||||
|
||||
* Fri Jul 03 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.92-1
|
||||
- Update to 0.0.92
|
||||
|
||||
* Fri Jul 03 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.91-2
|
||||
- Fix the 'toolbox --version' output
|
||||
|
||||
* Tue Jun 30 2020 Harry Míchal <harrymichal@seznam.cz> - 0.0.91-1
|
||||
- Update to 0.0.91
|
||||
|
||||
* Sat Jun 27 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.18-5
|
||||
- Remove ExclusiveArch to match Podman
|
||||
|
||||
* Wed Jun 10 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.18-4
|
||||
- Sync the "experience" packages with the current Dockerfile
|
||||
- Make "experience" Require "support"
|
||||
|
||||
* Fri Apr 03 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.18-3
|
||||
- Drop compatibility Obsoletes and Provides for fedora-toolbox
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.18-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Tue Jan 14 2020 Debarshi Ray <rishi@fedoraproject.org> - 0.0.18-1
|
||||
- Update to 0.0.18
|
||||
|
||||
* Wed Nov 20 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.17-1
|
||||
- Update to 0.0.17
|
||||
|
||||
* Tue Oct 29 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.16-1
|
||||
- Update to 0.0.16
|
||||
|
||||
* Mon Sep 30 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.15-1
|
||||
- Update to 0.0.15
|
||||
|
||||
* Wed Sep 18 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.14-1
|
||||
- Update to 0.0.14
|
||||
|
||||
* Thu Sep 05 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.13-1
|
||||
- Update to 0.0.13
|
||||
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.12-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Mon Jul 22 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.12-1
|
||||
- Update to 0.0.12
|
||||
|
||||
* Tue Jun 25 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.11-2
|
||||
- Require flatpak-session-helper
|
||||
|
||||
* Fri Jun 21 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.11-1
|
||||
- Update to 0.0.11
|
||||
|
||||
* Tue May 21 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.10-1
|
||||
- Update to 0.0.10
|
||||
|
||||
* Tue Apr 30 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.9-1
|
||||
- Update to 0.0.9
|
||||
|
||||
* Tue Apr 16 2019 Adam Williamson <awilliam@redhat.com> - 0.0.8-2
|
||||
- Rebuild with Meson fix for #1699099
|
||||
|
||||
* Fri Apr 12 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.8-1
|
||||
- Update to 0.0.8
|
||||
|
||||
* Thu Mar 14 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.7-1
|
||||
- Update to 0.0.7
|
||||
|
||||
* Fri Feb 22 2019 Debarshi Ray <rishi@fedoraproject.org> - 0.0.6-1
|
||||
- Initial build after rename from fedora-toolbox
|
||||
Loading…
Reference in new issue