From 6a258f8e19ad114daabb08fbd88f0471edcb52a3 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 28 2021 05:23:10 +0000 Subject: import toolbox-0.0.99.2-4.module+el8.5.0+11970+401f54cf --- diff --git a/.gitignore b/.gitignore index d54aaf9..4ea1e0c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/toolbox-0.0.99-vendored.tar.xz +SOURCES/toolbox-0.0.99.2-vendored.tar.xz diff --git a/.toolbox.metadata b/.toolbox.metadata index 14085f7..cb8a203 100644 --- a/.toolbox.metadata +++ b/.toolbox.metadata @@ -1 +1 @@ -2520d76c13573ab6e543793ab8982026bcaf7882 SOURCES/toolbox-0.0.99-vendored.tar.xz +2e79016784c9c7fb117fd718c3ca3533a92a1b07 SOURCES/toolbox-0.0.99.2-vendored.tar.xz diff --git a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch index 9688a87..19544b1 100644 --- a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +++ b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch @@ -1,4 +1,4 @@ -From eac80eca4f0e54e38459438ba56d6172fda8cd32 Mon Sep 17 00:00:00 2001 +From a245af969792bafcfa86090c856a06cb23061816 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild} for PPC64 @@ -24,7 +24,7 @@ and should be kept updated to match RHEL's Go guidelines. Use 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 515e1d8a0670..3bd47ce5ae6f 100755 +index 0d27120da052..ef1a03af750a 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper @@ -27,5 +27,6 @@ if ! cd "$1"; then @@ -36,5 +36,5 @@ index 515e1d8a0670..3bd47ce5ae6f 100755 +go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" exit "$?" -- -2.29.2 +2.31.1 diff --git a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch index 7d0d717..10db68e 100644 --- a/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch +++ b/SOURCES/toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch @@ -1,4 +1,4 @@ -From 856a7f524b63f9033c47a8169fbf8a1cfdf69683 Mon Sep 17 00:00:00 2001 +From 05722d2861c23554b9741c059e853da9ab38282e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild} @@ -24,7 +24,7 @@ PPC64, and should be kept updated to match RHEL's Go guidelines. Use 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 515e1d8a0670..453b4cfa872b 100755 +index 0d27120da052..f08f3218560a 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper @@ -27,5 +27,6 @@ if ! cd "$1"; then @@ -36,5 +36,5 @@ index 515e1d8a0670..453b4cfa872b 100755 +go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" exit "$?" -- -2.29.2 +2.31.1 diff --git a/SOURCES/toolbox-cmd-create-Expose-the-host-s-entire-in-the-container.patch b/SOURCES/toolbox-cmd-create-Expose-the-host-s-entire-in-the-container.patch new file mode 100644 index 0000000..3b18c30 --- /dev/null +++ b/SOURCES/toolbox-cmd-create-Expose-the-host-s-entire-in-the-container.patch @@ -0,0 +1,76 @@ +From d03a5fee80f2f72da6a409f7ebc3b6caf21506e3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= +Date: Sat, 3 Jul 2021 20:39:49 +0200 +Subject: [PATCH] cmd/create: Expose the host's entire / in the container at + /run/host + +Having the entire host file system hierarchy mounted inside a toolbox +container gives the containers a more complete environment that's +resilient against future changes in the layout of the file system +hierarchy and the need for giving access to new paths to support new +use-cases. Otherwise, one would have to create a new container to get +access to any path that lies outside the /boot, /etc, /run, /tmp, /usr +and /var directories. + +As a nice side-effect, this also simplifies the bind mount handling +code. + +https://github.com/containers/toolbox/pull/827 +--- + src/cmd/create.go | 29 +---------------------------- + 1 file changed, 1 insertion(+), 28 deletions(-) + +diff --git a/src/cmd/create.go b/src/cmd/create.go +index ff533c26db98..297b336f6382 100644 +--- a/src/cmd/create.go ++++ b/src/cmd/create.go +@@ -265,28 +265,6 @@ func createContainer(container, image, release string, showCommandToEnter bool) + logrus.Debugf("%s canonicalized to %s", currentUser.HomeDir, homeDirEvaled) + homeDirMountArg := homeDirEvaled + ":" + homeDirEvaled + ":rslave" + +- bootMountFlags := "ro" +- isBootReadWrite, err := isPathReadWrite("/boot") +- if err != nil { +- return err +- } +- if isBootReadWrite { +- bootMountFlags = "rw" +- } +- +- bootMountArg := "/boot:/run/host/boot:" + bootMountFlags + ",rslave" +- +- usrMountFlags := "ro" +- isUsrReadWrite, err := isPathReadWrite("/usr") +- if err != nil { +- return err +- } +- if isUsrReadWrite { +- usrMountFlags = "rw" +- } +- +- usrMountArg := "/usr:/run/host/usr:" + usrMountFlags + ",rslave" +- + var avahiSocketMount []string + + avahiSocket, err := getServiceSocket("Avahi", "avahi-daemon.socket") +@@ -423,16 +401,11 @@ func createContainer(container, image, release string, showCommandToEnter bool) + createArgs = append(createArgs, []string{ + "--userns", usernsArg, + "--user", "root:root", +- "--volume", "/etc:/run/host/etc", ++ "--volume", "/:/run/host:rslave", + "--volume", "/dev:/dev:rslave", +- "--volume", "/run:/run/host/run:rslave", +- "--volume", "/tmp:/run/host/tmp:rslave", +- "--volume", "/var:/run/host/var:rslave", +- "--volume", bootMountArg, + "--volume", dbusSystemSocketMountArg, + "--volume", homeDirMountArg, + "--volume", toolboxPathMountArg, +- "--volume", usrMountArg, + "--volume", runtimeDirectoryMountArg, + }...) + +-- +2.31.1 + diff --git a/SOURCES/toolbox-cmd-create-Mention-that-private-images-require-podma.patch b/SOURCES/toolbox-cmd-create-Mention-that-private-images-require-podma.patch new file mode 100644 index 0000000..1100307 --- /dev/null +++ b/SOURCES/toolbox-cmd-create-Mention-that-private-images-require-podma.patch @@ -0,0 +1,42 @@ +From 660b6970e99873f713e2d0eb7d5c6f8b2d6113e2 Mon Sep 17 00:00:00 2001 +From: Debarshi Ray +Date: Fri, 23 Jul 2021 03:45:16 +0200 +Subject: [PATCH] cmd/create: Mention that private images require 'podman + login' + +It's not possible to programmatically detect when an image requires +logging into the registry [1]. Therefore, instead of trying to handle +'podman pull' failures due to lack of authorization, just mention that +private images require 'podman login' and that further details of the +failure can be found by using the --verbose option. + +[1] https://github.com/containers/podman/issues/10858 + +https://github.com/containers/toolbox/issues/754 +https://github.com/containers/toolbox/pull/852 +--- + src/cmd/create.go | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/cmd/create.go b/src/cmd/create.go +index 42cd0def7451..8b3136562f9e 100644 +--- a/src/cmd/create.go ++++ b/src/cmd/create.go +@@ -716,7 +716,13 @@ func pullImage(image, release string) (bool, error) { + } + + if err := podman.Pull(imageFull); err != nil { +- return false, fmt.Errorf("failed to pull image %s", imageFull) ++ var builder strings.Builder ++ fmt.Fprintf(&builder, "failed to pull image %s\n", imageFull) ++ fmt.Fprintf(&builder, "If it was a private image, log in with: podman login %s\n", domain) ++ fmt.Fprintf(&builder, "Use '%s --verbose ...' for further details.", executableBase) ++ ++ errMsg := builder.String() ++ return false, errors.New(errMsg) + } + + return true, nil +-- +2.31.1 + diff --git a/SOURCES/toolbox-cmd-root-Make-toolbox-create-or-fall-back-to-a-conta.patch b/SOURCES/toolbox-cmd-root-Make-toolbox-create-or-fall-back-to-a-conta.patch new file mode 100644 index 0000000..412db46 --- /dev/null +++ b/SOURCES/toolbox-cmd-root-Make-toolbox-create-or-fall-back-to-a-conta.patch @@ -0,0 +1,123 @@ +From 6c86cabbe5da6e542b50c5c043b4d213c6279bbc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= +Date: Fri, 25 Jun 2021 16:04:52 +0200 +Subject: [PATCH] cmd/root: Make 'toolbox' create or fall back to a container + if possible + +This makes 'toolbox', without any commands specified, behave a lot like +'toolbox enter'. When there aren't any toolbox containers, it will +offer to create a new container matching the same parameters passed to +the command. If there's just one toolbox container available, then it +will fall back to it. + +This makes the command line interface a lot similar to that of +github.com/coreos/toolbox, which makes things easier for those +switching over from it. + +Some changes by Debarshi Ray. + +https://github.com/containers/toolbox/pull/811 +--- + src/cmd/root.go | 65 +++++++++++++++++++++++++++++++++------ + test/system/002-help.bats | 8 ----- + 2 files changed, 55 insertions(+), 18 deletions(-) + +diff --git a/src/cmd/root.go b/src/cmd/root.go +index d50135b9e963..7c4aef61eee8 100644 +--- a/src/cmd/root.go ++++ b/src/cmd/root.go +@@ -177,17 +177,62 @@ func rootHelp(cmd *cobra.Command, args []string) { + } + + func rootRun(cmd *cobra.Command, args []string) error { +- var builder strings.Builder +- fmt.Fprintf(&builder, "missing command\n") +- fmt.Fprintf(&builder, "\n") +- fmt.Fprintf(&builder, "create Create a new toolbox container\n") +- fmt.Fprintf(&builder, "enter Enter an existing toolbox container\n") +- fmt.Fprintf(&builder, "list List all existing toolbox containers and images\n") +- fmt.Fprintf(&builder, "\n") +- fmt.Fprintf(&builder, "Run '%s --help' for usage.", executableBase) ++ if len(args) != 0 { ++ panic("unexpected argument: commands known or unknown shouldn't reach here") ++ } + +- errMsg := builder.String() +- return errors.New(errMsg) ++ if utils.IsInsideContainer() { ++ if !utils.IsInsideToolboxContainer() { ++ return errors.New("this is not a toolbox container") ++ } ++ ++ if _, err := utils.ForwardToHost(); err != nil { ++ return err ++ } ++ ++ return nil ++ } ++ ++ container, image, release, err := utils.ResolveContainerAndImageNames("", "", "", "") ++ if err != nil { ++ return err ++ } ++ ++ userShell := os.Getenv("SHELL") ++ if userShell == "" { ++ return errors.New("failed to get the current user's default shell") ++ } ++ ++ command := []string{userShell, "-l"} ++ ++ hostID, err := utils.GetHostID() ++ if err != nil { ++ return fmt.Errorf("failed to get the host ID: %w", err) ++ } ++ ++ hostVariantID, err := utils.GetHostVariantID() ++ if err != nil { ++ return errors.New("failed to get the host VARIANT_ID") ++ } ++ ++ var emitEscapeSequence bool ++ ++ if hostID == "fedora" && (hostVariantID == "silverblue" || hostVariantID == "workstation") { ++ emitEscapeSequence = true ++ } ++ ++ if err := runCommand(container, ++ true, ++ image, ++ release, ++ command, ++ emitEscapeSequence, ++ true, ++ false); err != nil { ++ return err ++ } ++ ++ return nil + } + + func rootUsage(cmd *cobra.Command) error { +diff --git a/test/system/002-help.bats b/test/system/002-help.bats +index 8a057ddb3818..4ff02c6215e7 100644 +--- a/test/system/002-help.bats ++++ b/test/system/002-help.bats +@@ -4,14 +4,6 @@ load 'libs/bats-support/load' + load 'libs/bats-assert/load' + load 'libs/helpers.bash' + +-@test "help: Try to run toolbox with no command (shows usage screen)" { +- run $TOOLBOX +- +- assert_failure +- assert_line --index 0 "Error: missing command" +- assert_output --partial "Run 'toolbox --help' for usage." +-} +- + @test "help: Run command 'help'" { + run $TOOLBOX help + +-- +2.31.1 + diff --git a/SPECS/toolbox.spec b/SPECS/toolbox.spec index ccf4e67..df3891f 100644 --- a/SPECS/toolbox.spec +++ b/SPECS/toolbox.spec @@ -4,12 +4,12 @@ %global _find_debuginfo_dwz_opts %{nil} Name: toolbox -Version: 0.0.99 +Version: 0.0.99.2 %global goipath github.com/containers/%{name} %gometa -Release: 1%{?dist} +Release: 4%{?dist} Summary: Unprivileged development environment License: ASL 2.0 @@ -21,9 +21,15 @@ URL: https://github.com/containers/%{name} # $ go mod vendor Source0: %{name}-%{version}-vendored.tar.xz +# Upstream +Patch0: toolbox-cmd-root-Make-toolbox-create-or-fall-back-to-a-conta.patch +Patch1: toolbox-cmd-create-Expose-the-host-s-entire-in-the-container.patch + # RHEL specific Patch100: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch Patch101: toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1940054 +Patch102: toolbox-cmd-create-Mention-that-private-images-require-podma.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1905383 ExcludeArch: %{ix86} @@ -55,12 +61,17 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q +%patch0 -p1 +%patch1 -p1 + %ifnarch ppc64 %patch100 -p1 %else %patch101 -p1 %endif +%patch102 -p1 + # %%gomkdir is absent from RHEL 8. GOBUILDDIR="$(pwd)/_build" GOSOURCEDIR="$(pwd)" @@ -105,6 +116,26 @@ ln -s src/vendor vendor %changelog +* Mon Jul 26 2021 Jindrich Novy - 0.0.99.2-4 +- Instead of offering to log into a registry, just mention 'podman login' +- Related: #1934415 + +* Sat Jul 10 2021 Jindrich Novy - 0.0.99.2-3 +- Expose the host's entire / in the container at /run/host +- Related: #1934415 + +* Mon Jul 05 2021 Jindrich Novy - 0.0.99.2-2 +- Actually apply the patch to make 'toolbox' create or fall back to a + container if possible +- Support logging into a registry if necessary +- Related: #1934415 + +* Fri Jul 02 2021 Jindrich Novy - 0.0.99.2-1 +- Update to 0.0.99.2 +- Make 'toolbox' create or fall back to a container if possible +Resolves: #1914687 +- Related: #1934415 + * Tue Jan 12 2021 Jindrich Novy - 0.0.99-1 - Update to 0.0.99 - Related: #1883490