diff --git a/.gitignore b/.gitignore index 92b8423..5a62b85 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ +SOURCES/dnsname-18822f9.tar.gz SOURCES/podman-machine-cni-0749884.tar.gz SOURCES/v0.1.0.tar.gz SOURCES/v0.1.7.tar.gz -SOURCES/v1.3.0.tar.gz -SOURCES/v3.4-63134a1.tar.gz +SOURCES/v4.0-rhel-bb1e6e6.tar.gz diff --git a/.podman.metadata b/.podman.metadata index c8ff1f7..fce998e 100644 --- a/.podman.metadata +++ b/.podman.metadata @@ -1,5 +1,5 @@ +00c35447384f51ccc2360965b80868fc91293711 SOURCES/dnsname-18822f9.tar.gz 70b08b173bdf0d1325fce035c186b43085865587 SOURCES/podman-machine-cni-0749884.tar.gz d2be14e364fef2d95c61cdac528219548640f6d4 SOURCES/v0.1.0.tar.gz 94419a237f932ff2a79c91f6e3005034d9c367a5 SOURCES/v0.1.7.tar.gz -667dcf5bea5992e18963bac6b833053a0d8b1eaa SOURCES/v1.3.0.tar.gz -6ca6091f4f21ae2e3f5990d97281e61c72a0c917 SOURCES/v3.4-63134a1.tar.gz +188ffd5d89ff6b21fa45425a7cb183554a3bba9e SOURCES/v4.0-rhel-bb1e6e6.tar.gz diff --git a/SPECS/podman.spec b/SPECS/podman.spec index 827abcb..c01e58b 100644 --- a/SPECS/podman.spec +++ b/SPECS/podman.spec @@ -6,21 +6,17 @@ %global _find_debuginfo_dwz_opts %{nil} %global _dwz_low_mem_die_limit 0 -%if 0%{?rhel} > 7 && ! 0%{?fedora} %define gobuild(o:) \ -go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**}; -%else -%if ! 0%{?gobuild:1} -%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**}; -%endif -%endif +GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**}; %global import_path github.com/containers/podman -%global branch v3.4 -%global commit0 63134a1ef8e85395fb0aedbe966fb6b4f1d91470 +%global branch v4.0-rhel +%global commit0 bb1e6e6b7bebed89a5a2e9653e1447aa5a3c79e0 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global cataver 0.1.7 -%global dnsnamever 1.3.0 +#%%global dnsnamever 1.3.0 +%global commit_dnsname 18822f9a4fb35d1349eb256f4cd2bfd372474d84 +%global shortcommit_dnsname %(c=%{commit_dnsname}; echo ${c:0:7}) %global gvproxyrepo gvisor-tap-vsock %global gvproxyver 0.1.0 %global commit_mcni 0749884b8d1a455c68da30789e37811ec0809d51 @@ -28,8 +24,8 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl Epoch: 2 Name: podman -Version: 3.4.5 -Release: 0.7%{?dist} +Version: 4.0.2 +Release: 4%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 and GPLv3+ URL: https://%{name}.io/ @@ -39,19 +35,20 @@ Source0: https://%{import_path}/tarball/%{commit0}/%{branch}-%{shortcommit0}.tar Source0: https://%{import_path}/archive/%{commit0}/%{name}-%{version}-%{shortcommit0}.tar.gz %endif Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz -Source2: https://github.com/containers/dnsname/archive/v%{dnsnamever}.tar.gz +#Source2: https://github.com/containers/dnsname/archive/v%%{dnsnamever}.tar.gz +Source2: https://github.com/containers/dnsname/archive/%{commit_dnsname}/dnsname-%{shortcommit_dnsname}.tar.gz Source3: https://github.com/containers/%{name}-machine-cni/archive/%{commit_mcni}/%{name}-machine-cni-%{shortcommit_mcni}.tar.gz Source4: https://github.com/containers/%{gvproxyrepo}/archive/v%{gvproxyver}.tar.gz # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures ExclusiveArch: %{go_arches} Provides: %{name}-manpages = %{epoch}:%{version}-%{release} Obsoletes: %{name}-manpages < %{epoch}:%{version}-%{release} -BuildRequires: golang >= 1.16.6 +BuildRequires: golang >= 1.17.7 BuildRequires: glib2-devel BuildRequires: glibc-devel BuildRequires: glibc-static BuildRequires: git-core -BuildRequires: go-md2man +BuildRequires: /usr/bin/go-md2man BuildRequires: gpgme-devel BuildRequires: libassuan-devel BuildRequires: libgpg-error-devel @@ -69,7 +66,7 @@ BuildRequires: automake BuildRequires: file BuildRequires: gcc BuildRequires: libtool -Requires: containers-common >= 2:1-2 +Requires: containers-common >= 2:1-27 Requires: containernetworking-plugins >= 0.9.1-1 Requires: iptables Requires: nftables @@ -182,7 +179,11 @@ dynamic port forwarding. %else %autosetup -Sgit -n %{name}-%{commit0} %endif +sed -i 's;@@PODMAN@@\;$(BINDIR);@@PODMAN@@\;%{_bindir};' Makefile tar fx %{SOURCE1} +pushd catatonit-%{cataver} +sed -i '$d' configure.ac +popd tar fx %{SOURCE2} tar fx %{SOURCE3} tar fx %{SOURCE4} @@ -193,9 +194,32 @@ mv pkg/hooks/README.md pkg/hooks/README-hooks.md rm -rf docs/source/markdown/containers-mounts.conf.5.md %build +# build catatonit first because C code +pushd catatonit-%{cataver} +autoreconf -fi +%configure +CFLAGS="%{optflags} -fPIE -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" +%{__make} %{?_smp_mflags} +# Make sure we *always* build a static binary for catatonit. Otherwise we'll break containers +# that don't have the necessary shared libs. +file catatonit | grep 'statically linked' +if [ $? != 0 ]; then + echo "ERROR: catatonit binary must be statically linked!" + exit 1 +fi +popd + export GO111MODULE=off -export GOPATH=$(pwd):$(pwd)/_build -export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" +export GOPATH=$(pwd)/_build:$(pwd) +CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" +# These extra flags present in $CFLAGS have been skipped for now as they break the build +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g') +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g') +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g') + +%ifarch x86_64 +export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" +%endif mkdir _build pushd _build @@ -206,9 +230,14 @@ ln -s vendor src rm -rf vendor/github.com/containers/storage/drivers/register/register_btrfs.go -export BUILDTAGS="systemd selinux seccomp btrfs_noversion exclude_graphdriver_devicemapper $(hack/libdm_tag.sh) $(hack/libsubid_tag.sh)" +unset LDFLAGS # build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here? LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)" + +# build rootlessport +%gobuild -o bin/rootlessport %{import_path}/cmd/rootlessport + +export BUILDTAGS="seccomp btrfs_noversion exclude_graphdriver_devicemapper exclude_graphdriver_btrfs $(hack/libdm_tag.sh) $(hack/selinux_tag.sh) $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)" %gobuild -o bin/%{name} %{import_path}/cmd/%{name} # build %%{name}-remote @@ -217,25 +246,9 @@ export BUILDTAGS="remote $BUILDTAGS" %{__make} docs -# build catatonit -unset LDFLAGS -CFLAGS="%{optflags} -fPIE -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" -pushd catatonit-%{cataver} -autoreconf -fi -%configure -%{__make} %{?_smp_mflags} -# Make sure we *always* build a static binary for catatonit. Otherwise we'll break containers -# that don't have the necessary shared libs. -file catatonit | grep 'statically linked' -if [ $? != 0 ]; then - echo "ERROR: catatonit binary must be statically linked!" - exit 1 -fi -popd - # build dnsname plugin unset LDFLAGS -pushd dnsname-%{dnsnamever} +pushd dnsname-%{commit_dnsname} mkdir _build pushd _build mkdir -p src/github.com/containers @@ -247,7 +260,6 @@ export GOPATH=$(pwd)/_build:$(pwd) popd pushd %{name}-machine-cni-%{commit_mcni} -unset LDFLAGS mkdir _build pushd _build mkdir -p src/github.com/containers @@ -259,7 +271,6 @@ export GOPATH=$(pwd)/_build:$(pwd) popd pushd %{gvproxyrepo}-%{gvproxyver} -unset LDFLAGS mkdir _build pushd _build mkdir -p src/github.com/containers @@ -271,11 +282,10 @@ export GOPATH=$(pwd)/_build:$(pwd) popd %install -PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} \ - ETCDIR=%{buildroot}%{_sysconfdir} \ - install.bin-nobuild \ - install.remote-nobuild \ - install.man-nobuild \ +PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \ + install.bin \ + install.remote \ + install.man \ install.systemd \ install.completions \ install.docker @@ -300,7 +310,7 @@ install -p catatonit-%{cataver}/COPYING %{buildroot}%{_datadir}/licenses/podman- ln -s %{_libexecdir}/catatonit/catatonit %{buildroot}%{_libexecdir}/podman/catatonit # install dnsname plugin -pushd dnsname-%{dnsnamever} +pushd dnsname-%{commit_dnsname} %{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install popd @@ -346,6 +356,7 @@ exit 0 %license LICENSE %doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md transfer.md %{_bindir}/%{name} +%{_libexecdir}/%{name}/rootlessport %{_datadir}/bash-completion/completions/%{name} # By "owning" the site-functions dir, we don't need to Require zsh %dir %{_datadir}/zsh/site-functions @@ -387,8 +398,8 @@ exit 0 %{_libexecdir}/podman/catatonit %files plugins -%license dnsname-%{dnsnamever}/LICENSE -%doc dnsname-%{dnsnamever}/{README.md,README_PODMAN.md} +%license dnsname-%{commit_dnsname}/LICENSE +%doc dnsname-%{commit_dnsname}/{README.md,README_PODMAN.md} %{_libexecdir}/cni/dnsname %{_libexecdir}/cni/%{name}-machine @@ -403,6 +414,114 @@ exit 0 %{_libexecdir}/%{name}/gvproxy %changelog +* Thu Mar 24 2022 Jindrich Novy - 2:4.0.2-4 +- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel + (https://github.com/containers/podman/commit/bb1e6e6) +- Resolves: #2066501 + +* Mon Mar 21 2022 Jindrich Novy - 2:4.0.2-3 +- rebuild with golang >= 1.17.5 (CVE-2021-44716, CVE-2021-44717) +- rebuild with golang >= 1.17.7 to fix FIPS issues +- Related: #1975396 + +* Tue Mar 15 2022 Jindrich Novy - 2:4.0.2-2 +- update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel + (https://github.com/containers/podman/commit/9237d75) +- Related: #2062835 + +* Wed Mar 02 2022 Jindrich Novy - 2:4.0.2-1 +- update to https://github.com/containers/podman/releases/tag/v4.0.2 +- Related: #2059681 + +* Mon Feb 28 2022 Jindrich Novy - 2:4.0.1-1 +- update to https://github.com/containers/podman/releases/tag/v4.0.1 +- Related: #2000051 + +* Tue Feb 22 2022 Lokesh Mandvekar - 2:4.0.0-6 +- set catatonit cflags after configure step, don't explicitly set ldflags +- Related: #2054115 + +* Tue Feb 22 2022 Lokesh Mandvekar - 2:4.0.0-5 +- revert previous change and run `set_build_flags` before the build process +- Related: #2054115 + +* Tue Feb 22 2022 Lokesh Mandvekar - 2:4.0.0-4 +- add -D_FORTIFY_SOURCE=2 for podman-catatonit +- Related: #2054115 + +* Tue Feb 22 2022 Lokesh Mandvekar - 2:4.0.0-3 +- depend on containers-common >= 2:1-28 +- Related: #2000051 + +* Mon Feb 21 2022 Lokesh Mandvekar - 2:4.0.0-2 +- use correct commit 49f8da72 for podman, previous commit said 4.0.1-dev +- Related: #2000051 + +* Fri Feb 18 2022 Jindrich Novy - 2:4.0.0-1 +- update to podman-4.0.0 release +- Related: #2000051 + +* Thu Feb 17 2022 Jindrich Novy - 2:4.0.0-0.32 +- update to the latest content of https://github.com/containers/podman/tree/v4.0 + (https://github.com/containers/podman/commit/a34f279) +- Related: #2000051 + +* Tue Feb 15 2022 Jindrich Novy - 2:4.0.0-0.31 +- update to the latest content of https://github.com/containers/podman/tree/v4.0 + (https://github.com/containers/podman/commit/ab3e566) +- Related: #2000051 + +* Mon Feb 14 2022 Jindrich Novy - 2:4.0.0-0.30 +- fix linker flags to assure -D_FORTIFY_SOURCE=2 is present at the command line +- Related: #2000051 + +* Mon Feb 14 2022 Jindrich Novy - 2:4.0.0-0.29 +- update to the latest content of https://github.com/containers/podman/tree/v4.0 + (https://github.com/containers/podman/commit/b0a445e) +- Related: #2000051 + +* Fri Feb 11 2022 Jindrich Novy - 2:4.0.0-0.28 +- update to the latest content of https://github.com/containers/podman/tree/v4.0 + (https://github.com/containers/podman/commit/c4a9aa7) +- Related: #2000051 + +* Thu Feb 10 2022 Jindrich Novy - 2:4.0.0-0.27 +- update to the latest content of https://github.com/containers/podman/tree/v4.0 + (https://github.com/containers/podman/commit/5b2d96f) +- Related: #2000051 + +* Wed Feb 09 2022 Jindrich Novy - 2:4.0.0-0.26 +- set CGO_CFLAGS explicitly +- Related: #2000051 + +* Tue Feb 08 2022 Jindrich Novy - 2:4.0.0-0.25 +- bump to 0.25 to have highest NVR +- Related: #2000051 + +* Tue Feb 08 2022 Jindrich Novy - 2:4.0.0-0.4 +- rebuilt +- Related: #2000051 + +* Mon Feb 07 2022 Jindrich Novy - 2:4.0.0-0.3 +- update to the latest content of https://github.com/containers/podman/tree/v4.0 + (https://github.com/containers/podman/commit/2dca7b2) +- Related: #2000051 + +* Fri Feb 04 2022 Jindrich Novy - 2:4.0.0-0.2 +- update to the latest content of https://github.com/containers/podman/tree/v4.0 + (https://github.com/containers/podman/commit/4ad9e00) +- Related: #2000051 + +* Fri Feb 04 2022 Jindrich Novy - 2:4.0.0-0.1 +- update to the latest content of https://github.com/containers/podman/tree/v4.0 + (https://github.com/containers/podman/commit/337f706) +- Related: #2000051 + +* Thu Jan 27 2022 Jindrich Novy - 2:3.4.5-0.8 +- update to the latest content of https://github.com/containers/podman/tree/v3.4 + (https://github.com/containers/podman/commit/a54320a) +- Related: #2000051 + * Wed Jan 19 2022 Jindrich Novy - 2:3.4.5-0.7 - add rootless_role (Ed Santiago) - Related: #2000051