diff --git a/.gitignore b/.gitignore index c77b134..e444053 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -SOURCES/conmon-fac48d0.tar.gz -SOURCES/v1.4.2-stable3.tar.gz +SOURCES/libpod-5cc9284.tar.gz diff --git a/.podman.metadata b/.podman.metadata index 4010ac0..d1ef31e 100644 --- a/.podman.metadata +++ b/.podman.metadata @@ -1,2 +1 @@ -9f8d9819e66e79e6d24b441d6f7fa4dbecb61695 SOURCES/conmon-fac48d0.tar.gz -a990e0ad09cabb092ff7350a98ad37715b433112 SOURCES/v1.4.2-stable3.tar.gz +dd35f1a00ac7860feeaa77dd5a92bc7bb310b821 SOURCES/libpod-5cc9284.tar.gz diff --git a/SOURCES/497.patch b/SOURCES/497.patch new file mode 100644 index 0000000..e79307a --- /dev/null +++ b/SOURCES/497.patch @@ -0,0 +1,60 @@ +From a6fec757c8a17f3a5b92fb766b0f2eeb3b1a208a Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Thu, 19 Dec 2019 19:06:00 +0100 +Subject: [PATCH] store: keep graph lock during Mount + +This solves a race condition where a mountpoint is created without the +home mount being present. + +The cause is that another process could be calling the graph driver +cleanup as part of store.Shutdown() causing the unmount of the +driver home directory. + +The unmount could happen between the time the rlstore is retrieved and +the actual mount, causing the driver mount to be done without a home +mount below it. + +A third process then would re-create again the home mount, shadowing +the previous mount. + +Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1757845 + +Signed-off-by: Giuseppe Scrivano +--- + store.go | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/store.go b/store.go +index 65808b8a0..272153e51 100644 +--- a/vendor/github.com/containers/storage/store.go ++++ b/vendor/github.com/containers/storage/store.go +@@ -2479,6 +2479,10 @@ func (s *store) Mount(id, mountLabel string) (string, error) { + if err != nil { + return "", err + } ++ ++ s.graphLock.Lock() ++ defer s.graphLock.Unlock() ++ + rlstore.Lock() + defer rlstore.Unlock() + if modified, err := rlstore.Modified(); modified || err != nil { +@@ -2486,6 +2490,18 @@ func (s *store) Mount(id, mountLabel string) (string, error) { + return "", err + } + } ++ ++ /* We need to make sure the home mount is present when the Mount is done. */ ++ if s.graphLock.TouchedSince(s.lastLoaded) { ++ s.graphDriver = nil ++ s.layerStore = nil ++ s.graphDriver, err = s.getGraphDriver() ++ if err != nil { ++ return "", err ++ } ++ s.lastLoaded = time.Now() ++ } ++ + if rlstore.Exists(id) { + options := drivers.MountOpts{ + MountLabel: mountLabel, diff --git a/SOURCES/podman-CVE-2019-10214.patch b/SOURCES/podman-CVE-2019-10214.patch deleted file mode 100644 index 1c78552..0000000 --- a/SOURCES/podman-CVE-2019-10214.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up ./libpod-1.4.2-stable2/vendor/github.com/containers/image/docker/docker_client.go.CVE-2019-10214 ./libpod-1.4.2-stable2/vendor/github.com/containers/image/docker/docker_client.go ---- ./libpod-1.4.2-stable2/vendor/github.com/containers/image/docker/docker_client.go.CVE-2019-10214 2019-09-12 15:17:12.911343773 +0200 -+++ ./libpod-1.4.2-stable2/vendor/github.com/containers/image/docker/docker_client.go 2019-09-12 15:17:12.912343786 +0200 -@@ -523,11 +523,7 @@ func (c *dockerClient) getBearerToken(ct - authReq.SetBasicAuth(c.username, c.password) - } - logrus.Debugf("%s %s", authReq.Method, authReq.URL.String()) -- tr := tlsclientconfig.NewTransport() -- // TODO(runcom): insecure for now to contact the external token service -- tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} -- client := &http.Client{Transport: tr} -- res, err := client.Do(authReq) -+ res, err := c.client.Do(authReq) - if err != nil { - return nil, err - } diff --git a/SPECS/podman.spec b/SPECS/podman.spec index 5b280dc..611c2e0 100644 --- a/SPECS/podman.spec +++ b/SPECS/podman.spec @@ -1,6 +1,9 @@ %global with_debug 1 %global with_check 0 +%bcond_without varlink +%global gogenerate go generate + %if 0%{?with_debug} %global _find_debuginfo_dwz_opts %{nil} %global _dwz_low_mem_die_limit 0 @@ -8,15 +11,10 @@ %global debug_package %{nil} %endif +%if 0%{?rhel} > 7 && ! 0%{?fedora} %define gobuild(o:) \ -go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; -%define gogenerate go generate - -%if 0%{?rhel} > 7 || 0%{?fedora} -%bcond_without varlink -%else -%bcond_with varlink -%endif # rhel8 and fedora varlink +go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; +%endif %global provider github %global provider_tld com @@ -25,34 +23,19 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" - # https://github.com/containers/libpod %global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} %global import_path %{provider_prefix} -%global git_podman https://%{provider}.%{provider_tld}/%{project}/%{repo} -%global commit 01aa3cbb5186ca20b4b0853e82078b8e80288c1c -%global shortcommit %(c=%{commit}; echo ${c:0:7}) -%global tag v1.4.2-stable3 -%global tag_version %(t=%{tag}; echo ${t:1}) - -%global import_path_conmon github.com/containers/conmon -%global git_conmon https://%{import_path_conmon} -%global commit_conmon fac48d034d625f5366a6526f94e362deaa14d18d -%global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) +%global git0 https://%{provider}.%{provider_tld}/%{project}/%{repo} +%global commit0 5cc92849f7fc9dd734ca2fd8f3ae8830b9a7eb26 +%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: podman -Version: 1.4.2 -Release: 6%{?dist} +Version: 1.6.4 +Release: 2%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 -URL: %{git_podman} -#Source0: %{git_podman}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz -Source0: %{git_podman}/archive/%{commit}/%{tag}.tar.gz -Source1: %{git_conmon}/archive/%{commit_conmon}/conmon-%{shortcommit_conmon}.tar.gz -Patch0: podman-CVE-2019-10214.patch - -# e.g. el6 has ppc64 arch without gcc-go, so EA tag is required -#ExclusiveArch: %%{?go_arches:%%{go_arches}}%%{!?go_arches:%%{ix86} x86_64 aarch64 %%{arm}} -ExclusiveArch: aarch64 %{arm} ppc64le s390x x86_64 -# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. -BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} -BuildRequires: device-mapper-devel +URL: https://%{name}.io/ +Source0: %{git0}/archive/%{commit0}/%{repo}-%{shortcommit0}.tar.gz +Patch0: https://patch-diff.githubusercontent.com/raw/containers/storage/pull/497.patch +BuildRequires: golang >= 1.12.12-4 BuildRequires: glib2-devel BuildRequires: glibc-devel BuildRequires: glibc-static @@ -65,19 +48,21 @@ BuildRequires: libseccomp-devel BuildRequires: libselinux-devel BuildRequires: ostree-devel BuildRequires: pkgconfig -Requires: runc +BuildRequires: make +BuildRequires: systemd +BuildRequires: systemd-devel Requires: containers-common >= 0.1.29-3 -# can't use default conmon right now, so we ship our own -#Requires: conmon Requires: containernetworking-plugins >= 0.8.1-1 Requires: iptables Requires: nftables -Requires: oci-systemd-hook +Requires: libseccomp >= 2.4.1 +Requires: conmon Requires: %{name}-manpages = %{version}-%{release} -Recommends: container-selinux -Recommends: slirp4netns -Recommends: fuse-overlayfs -Recommends: libvarlink +Requires: container-selinux +Requires: slirp4netns >= 0.4.0-1 +Requires: runc >= 1.0.0-57 +Requires: fuse-overlayfs +Requires: libvarlink # vendored libraries # awk '{print "Provides: bundled(golang("$1")) = "$2}' vendor.conf | sort @@ -87,13 +72,14 @@ Provides: bundled(golang(github.com/blang/semver)) = v3.5.0 Provides: bundled(golang(github.com/boltdb/bolt)) = master Provides: bundled(golang(github.com/buger/goterm)) = 2f8dfbc7dbbff5dd1d391ed91482c24df243b2d3 Provides: bundled(golang(github.com/BurntSushi/toml)) = v0.2.0 -Provides: bundled(golang(github.com/containerd/cgroups)) = 77e628511d924b13a77cebdc73b757a47f6d751b +Provides: bundled(golang(github.com/containerd/cgroups)) = 58556f5ad8448d99a6f7bea69ea4bdb7747cfeb0 Provides: bundled(golang(github.com/containerd/continuity)) = master -Provides: bundled(golang(github.com/containernetworking/cni)) = v0.7.0-alpha1 +#Provides: bundled(golang(github.com/containernetworking/cni)) = v0.7.0-alpha1 Provides: bundled(golang(github.com/containernetworking/plugins)) = 1562a1e60ed101aacc5e08ed9dbeba8e9f3d4ec1 -Provides: bundled(golang(github.com/containers/image)) = 134f99bed228d6297dc01d152804f6f09f185418 -Provides: bundled(golang(github.com/containers/psgo)) = 382fc951fe0a8aba62043862ce1a56f77524db87 -Provides: bundled(golang(github.com/containers/storage)) = 17c7d1fee5603ccf6dd97edc14162fc1510e7e23 +Provides: bundled(golang(github.com/containers/image)) = 85d7559d44fd71f30e46e43d809bfbf88d11d916 +Provides: bundled(golang(github.com/containers/psgo)) = 5dde6da0bc8831b35243a847625bcf18183bd1ee +Provides: bundled(golang(github.com/containers/storage)) = 243c4cd616afdf06b4a975f18c4db083d26b1641 +Provides: bundled(golang(github.com/coreos/go-iptables)) = 25d087f3cffd9aedc0c2b7eff25f23cbf3c20fe1 Provides: bundled(golang(github.com/coreos/go-systemd)) = v14 Provides: bundled(golang(github.com/cri-o/ocicni)) = master Provides: bundled(golang(github.com/cyphar/filepath-securejoin)) = v0.2.1 @@ -124,6 +110,7 @@ Provides: bundled(golang(github.com/hashicorp/go-multierror)) = 83588e72410abfbe Provides: bundled(golang(github.com/imdario/mergo)) = 0.2.2 Provides: bundled(golang(github.com/json-iterator/go)) = 1.0.0 Provides: bundled(golang(github.com/kr/pty)) = v1.0.0 +Provides: bundled(golang(github.com/mailru/easyjson)) = 03f2033d19d5860aef995fe360ac7d395cd8ce65 Provides: bundled(golang(github.com/mattn/go-runewidth)) = v0.0.1 Provides: bundled(golang(github.com/Microsoft/go-winio)) = 78439966b38d69bf38227fbf57ac8a6fee70f69a Provides: bundled(golang(github.com/Microsoft/hcsshim)) = 43f9725307998e09f2e3816c2c0c36dc98f0c982 @@ -131,18 +118,18 @@ Provides: bundled(golang(github.com/mistifyio/go-zfs)) = v2.1.1 Provides: bundled(golang(github.com/mrunalp/fileutils)) = master Provides: bundled(golang(github.com/mtrmac/gpgme)) = b2432428689ca58c2b8e8dea9449d3295cf96fc9 Provides: bundled(golang(github.com/Nvveen/Gotty)) = master -Provides: bundled(golang(github.com/opencontainers/go-digest)) = v1.0.0-rc0 +#Provides: bundled(golang(github.com/opencontainers/go-digest)) = v1.0.0-rc0 Provides: bundled(golang(github.com/opencontainers/image-spec)) = v1.0.0 Provides: bundled(golang(github.com/opencontainers/runc)) = b4e2ecb452d9ee4381137cc0a7e6715b96bed6de -Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.0 -Provides: bundled(golang(github.com/opencontainers/runtime-tools)) = 625e2322645b151a7cbb93a8b42920933e72167f +Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = d810dbc60d8c5aeeb3d054bd1132fab2121968ce +Provides: bundled(golang(github.com/opencontainers/runtime-tools)) = master Provides: bundled(golang(github.com/opencontainers/selinux)) = b6fa367ed7f534f9ba25391cc2d467085dbb445a Provides: bundled(golang(github.com/openshift/imagebuilder)) = master Provides: bundled(golang(github.com/ostreedev/ostree-go)) = master Provides: bundled(golang(github.com/pkg/errors)) = v0.8.0 Provides: bundled(golang(github.com/pmezard/go-difflib)) = 792786c7400a136282c1664665ae0a8db921c6c2 Provides: bundled(golang(github.com/pquerna/ffjson)) = d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac -Provides: bundled(golang(github.com/projectatomic/buildah)) = 35a37f36d37bf84397d7f79f6bb8649f728c19f1 +Provides: bundled(golang(github.com/projectatomic/buildah)) = af5bbde0180026ae87b7fc81c2dc124aa73ec959 Provides: bundled(golang(github.com/seccomp/containers-golang)) = master Provides: bundled(golang(github.com/seccomp/libseccomp-golang)) = v0.9.0 Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.0.0 @@ -152,8 +139,7 @@ Provides: bundled(golang(github.com/syndtr/gocapability)) = e7cb7fa329f456b38551 Provides: bundled(golang(github.com/tchap/go-patricia)) = v2.2.6 Provides: bundled(golang(github.com/ulikunitz/xz)) = v0.5.4 Provides: bundled(golang(github.com/ulule/deepcopier)) = master -# version can't have '-' -#Provides: bundled(golang(github.com/urfave/cli)) = fix-short-opts-parsing +Provides: bundled(golang(github.com/urfave/cli)) = 934abfb2f102315b5794e15ebc7949e4ca253920 Provides: bundled(golang(github.com/varlink/go)) = master Provides: bundled(golang(github.com/vbatts/tar-split)) = v0.10.2 Provides: bundled(golang(github.com/vishvananda/netlink)) = master @@ -181,38 +167,28 @@ Provides: bundled(golang(k8s.io/kube-openapi)) = 275e2ce91dec4c05a4094a7b1daee55 Provides: bundled(golang(k8s.io/utils)) = 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e %description +%{name} (Pod Manager) is a fully featured container engine that is a simple daemonless tool. %{name} provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=%{name}. Most %{name} commands can be run as a regular user, without requiring additional privileges. + +%{name} uses Buildah(1) internally to create container images. Both tools share image (not container) storage, hence each can use or manipulate images (but not containers) created by the other. + %{summary} -libpod provides a library for applications looking to use -the Container Pod concept popularized by Kubernetes. +%{repo} Simple management tool for pods, containers and images %package docker -Summary: Emulate Docker CLI using podman +Summary: Emulate Docker CLI using %{name} BuildArch: noarch Requires: %{name} = %{version}-%{release} -Recommends: %{name}-manpages = %{version}-%{release} Conflicts: docker -Provides : docker Conflicts: docker-latest Conflicts: docker-ce Conflicts: docker-ee +Conflicts: moby-engine %description docker This package installs a script named docker that emulates the Docker CLI by -executing %{name} commands, it also creates links between all Docker CLI man +executes %{name} commands, it also creates links between all Docker CLI man pages and %{name}. -%package tests -Summary: Tests for %{name} -Requires: slirp4netns -Requires: %{name} = %{version}-%{release} -#Requires: bats (which RHEL8 doesn't have. If it ever does, un-comment this) -Requires: jq - -%description tests -%{summary} - -This package contains system tests for %{name} - %package manpages Summary: Man pages for the %{name} commands BuildArch: noarch @@ -222,8 +198,6 @@ Man pages for the %{name} commands %package remote Summary: (Experimental) Remote client for managing %{name} containers -Recommends: %{name}-manpages = %{version}-%{release} -Requires: libvarlink %description remote Remote client for managing %{name} containers. @@ -235,17 +209,29 @@ run %{name}-remote in production. manage pods, containers and container images. %{name}-remote supports ssh connections as well. -%prep -%setup -q -n %{repo}-%{commit} -mv pkg/hooks/README.md pkg/hooks/README-hooks.md +%package tests +Summary: Tests for %{name} +Requires: %{name} = %{version}-%{release} +#Requires: bats (which RHEL8 doesn't have. If it ever does, un-comment this) +Requires: jq + +%description tests +%{summary} + +This package contains system tests for %{name} -# untar conmon -tar zxf %{SOURCE1} +%prep +%autosetup -Sgit -n %{repo}-%{commit0} -# fix CVE-2019-10214 -%patch0 -p2 +sed -i 's/install.bin: podman/install.bin:/' Makefile +sed -i 's/install.man: docs/install.man:/' Makefile +sed -i 's/install.remote: podman-remote/install.remote:/' Makefile +mv pkg/hooks/README.md pkg/hooks/README-hooks.md %build +export GO111MODULE=off +export GOPATH=$(pwd):$(pwd)/_build + mkdir -p $(pwd)/_build pushd $(pwd)/_build mkdir -p src/%{provider}.%{provider_tld}/%{project} @@ -253,54 +239,66 @@ ln -s ../../../../ src/%{import_path} popd ln -s vendor src -export GOPATH=$(pwd):$(pwd)/_build - +rm -rf vendor/github.com/containers/storage/drivers/register/register_btrfs.go %gogenerate ./cmd/%{name}/varlink/... -export BUILDTAGS="varlink systemd selinux seccomp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper $(hack/libdm_tag.sh)" +# build %%{name} +export BUILDTAGS="varlink systemd selinux seccomp btrfs_noversion exclude_graphdriver_devicemapper $(hack/libdm_tag.sh)" %gobuild -o bin/%{name} %{import_path}/cmd/%{name} -export BUILDTAGS="remoteclient varlink systemd selinux seccomp exclude_graphdriver_btrfs exclude_graphdriver_devicemapper $(hack/libdm_tag.sh)" + +# build %%{name}-remote +export BUILDTAGS="remoteclient $BUILDTAGS" %gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name} -# build conmon -pushd conmon-%{commit_conmon} -%{__make} all -popd +%{__make} docs +./docs/dckrman.sh ./docs/build/man/* %install -install -dp %{buildroot}{%{_unitdir} -%{__make} PREFIX=%{buildroot}%{_usr} ETCDIR=%{buildroot}%{_sysconfdir} \ +install -dp %{buildroot}%{_unitdir} +PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \ install.bin \ install.remote \ install.man \ install.cni \ install.systemd \ - install.completions \ - install.docker + install.completions # install libpod.conf install -dp %{buildroot}%{_datadir}/containers -install -p -m 644 %{repo}.conf %{buildroot}%{_datadir}/containers +install -m 644 %{repo}.conf %{buildroot}%{_datadir}/containers -# install conmon -pushd conmon-%{commit_conmon} -%{__make} LIBEXECDIR=%{buildroot}%{_libexecdir} install.%{name} -popd +# install docker-docs +install -dp %{buildroot}%{_mandir}/man1 +install -m 644 docs/build/man/docker*.1 -t %{buildroot}%{_mandir}/man1 + +# install docker symlink +install -m 755 docker %{buildroot}%{_bindir} + +# install test stuff +ln -s ./ ./vendor/src # ./vendor/src -> ./vendor +install -d -p %{buildroot}/%{_datadir}/%{name}/test/system +cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/ %check %if 0%{?with_check} +# Since we aren't packaging up the vendor directory we need to link +# back to it somehow. Hack it up so that we can add the vendor +# directory from BUILD dir as a gopath to be searched when executing +# tests from the BUILDROOT dir. ln -s ./ ./vendor/src # ./vendor/src -> ./vendor + export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} +%if ! 0%{?gotest:1} +%global gotest go test +%endif + %gotest %{import_path}/cmd/%{name} %gotest %{import_path}/libkpod %gotest %{import_path}/libpod %gotest %{import_path}/pkg/registrar %endif -install -d -p %{buildroot}/%{_datadir}/%{name}/test/system -cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/ - %triggerpostun -- %{name} < 1.1 %{_bindir}/%{name} system renumber exit 0 @@ -312,36 +310,97 @@ exit 0 %license LICENSE %doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md code-of-conduct.md transfer.md %{_bindir}/%{name} +%{_mandir}/man5/*.5* %{_datadir}/bash-completion/completions/* -%dir %{_datadir}/zsh/site-functions -%{_datadir}/zsh/site-functions/_%{name} -%dir %{_libexecdir}/%{name} -%{_libexecdir}/%{name}/conmon +# By "owning" the site-functions dir, we don't need to Require zsh +%{_datadir}/zsh/site-functions +%{_datadir}/zsh/site-functions/* %config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist %{_datadir}/containers/%{repo}.conf %{_unitdir}/io.%{name}.service %{_unitdir}/io.%{name}.socket +%{_userunitdir}/io.%{name}.service +%{_userunitdir}/io.%{name}.socket + %{_usr}/lib/tmpfiles.d/%{name}.conf %files docker %{_bindir}/docker - -%files tests -%license LICENSE -%{_datadir}/%{name}/test +%{_mandir}/man1/docker*.1* %files manpages -%{_mandir}/man1/*.1* -%{_mandir}/man5/*.5* +%{_mandir}/man1/%{name}*.1* %files remote -%license LICENSE %{_bindir}/%{name}-remote +%files tests +%license LICENSE +%{_datadir}/%{name}/test + %changelog -* Thu Nov 21 2019 Jindrich Novy - 1.4.2-6 -- update to 1.4.2-stable3 -- Resolves: #1770176 +* Fri Jan 03 2020 Jindrich Novy - 1.6.4-2 +- apply fix for bug 1757845 +- Related: RHELPLAN-25138 + +* Wed Dec 11 2019 Jindrich Novy - 1.6.4-1 +- update to 1.6.4 +- Related: RHELPLAN-25138 + +* Mon Dec 09 2019 Jindrich Novy - 1.6.3-6 +- remove BR: device-mapper-devel, minor spec file changes +- Related: RHELPLAN-25138 + +* Sat Dec 07 2019 Jindrich Novy - 1.6.3-5 +- Ensure volumes reacquire locks on state refresh (thanks Matt Heon) +- Related: RHELPLAN-25138 + +* Fri Nov 29 2019 Jindrich Novy - 1.6.3-4 +- use the file events logger backend if systemd isn't available + (thanks to Giuseppe Scrivano) +- Related: RHELPLAN-25138 + +* Thu Nov 21 2019 Jindrich Novy - 1.6.3-3 +- require slirp4netns >= 0.4.0-1 +- Related: RHELPLAN-25138 + +* Tue Nov 19 2019 Jindrich Novy - 1.6.3-2 +- apply fix to not to fail gating tests: + don't parse the config for cgroup-manager default +- don't hang while on podman run --rm - bug 1767663 + +* Mon Nov 18 2019 Jindrich Novy - 1.6.3-1 +- update to podman 1.6.3 +- addresses CVE-2019-18466 + +* Fri Nov 08 2019 Jindrich Novy - 1.6.2-6 +- fix %%gobuild macro to not to ignore BUILDTAGS + +* Tue Nov 05 2019 Jindrich Novy - 1.6.2-5 +- use btrfs_noversion to really disable BTRFS support +- amend/reuse BUILDTAGS +- still keep device-mapper-devel BR otherwise build fails + despite dm support being disabled (build scripting invokes + pkg-config for devmapper which is shipped by the dm-devel + package) + +* Mon Nov 04 2019 Jindrich Novy - 1.6.2-4 +- disable BTRFS support + +* Mon Nov 04 2019 Jindrich Novy - 1.6.2-3 +- split podman and conmon packages +- drop BR: device-mapper-devel and update BRs in general + +* Fri Nov 01 2019 Jindrich Novy - 1.6.2-2 +- drop oci-systemd-hook requirement +- drop upstreamed CVE-2019-10214 patch + +* Tue Oct 29 2019 Jindrich Novy - 1.6.2-1 +- update to podman 1.6.2 + +* Wed Oct 16 2019 Jindrich Novy - 1.4.2-6 +- fix build with --nocheck (#1721394) +- escape commented out macros * Thu Sep 12 2019 Jindrich Novy - 1.4.2-5 - Fix CVE-2019-10214 (#1734649).