From: "Zac Medico" <zmedico@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-containers/podman/
Date: Thu, 2 Nov 2023 02:13:10 +0000 (UTC) [thread overview]
Message-ID: <1698890976.03f5ccbab4a7ea143eada03ac833948fda5a5ce6.zmedico@gentoo> (raw)
commit: 03f5ccbab4a7ea143eada03ac833948fda5a5ce6
Author: Rahil Bhimjiani <rahil3108 <AT> gmail <DOT> com>
AuthorDate: Tue Oct 31 15:09:01 2023 +0000
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Thu Nov 2 02:09:36 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03f5ccba
app-containers/podman: add 4.7.2, drop 4.7.{0,1}, update live
4.7.2 fixes security issue
https://github.com/moby/moby/security/advisories/GHSA-jq35-85cj-fj4p
Just to be safe removing 4.7.0 and 4.7.1 as well.
For non-live versions, prevent git operations which causes sandbox violations
https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493
Signed-off-by: Rahil Bhimjiani <rahil3108 <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/33607
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>
app-containers/podman/Manifest | 3 +-
app-containers/podman/podman-4.7.0.ebuild | 122 ---------------------
.../{podman-4.7.1.ebuild => podman-4.7.2.ebuild} | 19 +++-
app-containers/podman/podman-9999.ebuild | 19 +++-
4 files changed, 31 insertions(+), 132 deletions(-)
diff --git a/app-containers/podman/Manifest b/app-containers/podman/Manifest
index 2be1c3640e72..c5c4bef92c86 100644
--- a/app-containers/podman/Manifest
+++ b/app-containers/podman/Manifest
@@ -1,3 +1,2 @@
DIST podman-4.5.0.tar.gz 17423692 BLAKE2B ba28e77626bb4bcdb85b20031e12cf93f2eb3174b678cb8e99557df13e2cdf377ea402eb373a51ea44302f878f8e1cdedda14a2f3ad8c9e88895754fc50c272e SHA512 8a699dc01fc3d7c4a9e5ef4f166170303fc30e0f6695c61f763944e1cb755e75896108e0c4166d184fe49e3a6859f045aa3883047ebba9290e851fc128d77cac
-DIST podman-4.7.0.tar.gz 20554573 BLAKE2B a98e52ec9fe48d5b70489ed6bd6961877cf67735048425ad30fe9de3e163f8266d6510c37b0c43effa90cc8ce1b39bdc46c5add90dabd8f78c79602824f132a6 SHA512 4cab8698a819cd42de4cb588978c94c91b0c85693db2476aa6d20d7f4e4a7674d417703f70bdbb5a0e94b678fd585ae03a95ff0e5b7eb2682d9f400b92915742
-DIST podman-4.7.1.tar.gz 20557503 BLAKE2B f34cc0e2c9bd46d8f538c51b7353b36aea3380233f998467f26aeee6c35850bc26ca25234d39426ae7e4951fb40bc9cf1b8218b1db92fc95bb4ce0f221827dbf SHA512 cb89a687900bdc8ab9aec01d11c4e3062d8735122aa03639fa6eeecde10ea4bc3633381bce1e65955bf112d4fda330182f81d81054916b1eca8b7354c0f55c14
+DIST podman-4.7.2.tar.gz 20554551 BLAKE2B a53bbe6b21145ab394b4a9bc540d4335ca6cdd0e0a98e741e5cfb8aa19aaeb2801ca8d117d42b0d66f618018a2d4b1d736fc851b58b661cbae6ee815712fb936 SHA512 1873a158f2e0527b6e57929f391c4ea5adee5fba33e861eb7744cd0ac845f7296f6149b5e824142e701e5b4db95466585206f37402298301f99cc40b781a51ba
diff --git a/app-containers/podman/podman-4.7.0.ebuild b/app-containers/podman/podman-4.7.0.ebuild
deleted file mode 100644
index 2c7ededf36fd..000000000000
--- a/app-containers/podman/podman-4.7.0.ebuild
+++ /dev/null
@@ -1,122 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit go-module tmpfiles linux-info
-
-DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI"
-HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"
-if [[ ${PV} == *9999* ]]; then
- inherit git-r3
- EGIT_REPO_URI="https://github.com/containers/podman.git"
-else
- SRC_URI="https://github.com/containers/podman/archive/v${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~amd64 ~arm64 ~riscv"
-fi
-LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
-SLOT="0"
-IUSE="apparmor btrfs cgroup-hybrid wrapper +fuse +init +rootless +seccomp selinux systemd"
-RESTRICT="test"
-
-RDEPEND="
- app-crypt/gpgme:=
- >=app-containers/conmon-2.0.0
- >=app-containers/containers-common-0.56.0
- dev-libs/libassuan:=
- dev-libs/libgpg-error:=
- sys-apps/shadow:=
-
- apparmor? ( sys-libs/libapparmor )
- btrfs? ( sys-fs/btrfs-progs )
- cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6 )
- !cgroup-hybrid? ( app-containers/crun )
- wrapper? ( !app-containers/docker-cli )
- fuse? ( sys-fs/fuse-overlayfs )
- init? ( app-containers/catatonit )
- rootless? ( app-containers/slirp4netns )
- seccomp? ( sys-libs/libseccomp:= )
- selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= )
- systemd? ( sys-apps/systemd:= )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="
- dev-go/go-md2man
-"
-
-PATCHES=(
- "${FILESDIR}/seccomp-toggle-4.7.0.patch"
-)
-
-CONFIG_CHECK="
- ~USER_NS
-"
-
-pkg_setup() {
- use btrfs && CONFIG_CHECK+=" ~BTRFS_FS"
- linux-info_pkg_setup
-}
-
-src_prepare() {
- default
- local file
- for file in apparmor_tag btrfs_installed_tag btrfs_tag selinux_tag systemd_tag; do
- [[ -f hack/"${file}".sh ]] || die
- done
-
- local feature
- for feature in apparmor selinux systemd; do
- cat <<-EOF > hack/"${feature}"_tag.sh || die
- #!/usr/bin/env bash
- $(usex ${feature} "echo ${feature}" echo)
-EOF
- done
-
- echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
- cat <<-EOF > hack/btrfs_tag.sh || die
- #!/usr/bin/env bash
- $(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
-EOF
-}
-
-src_compile() {
- export PREFIX="${EPREFIX}/usr"
- emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs)
-}
-
-src_install() {
- emake DESTDIR="${D}" install install.completions $(usev wrapper install.docker-full)
-
- insinto /etc/cni/net.d
- doins cni/87-podman-bridge.conflist
-
- newconfd "${FILESDIR}"/podman.confd podman
- newinitd "${FILESDIR}"/podman.initd podman
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}/podman.logrotated" podman
-
- keepdir /var/lib/containers
-}
-
-pkg_preinst() {
- PODMAN_ROOTLESS_UPGRADE=false
- if use rootless; then
- has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true
- fi
-}
-
-pkg_postinst() {
- tmpfiles_process podman.conf $(usev wrapper podman-docker.conf)
-
- local want_newline=false
- if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then
- ${want_newline} && elog ""
- elog "For rootless operation, you need to configure subuid/subgid"
- elog "for user running podman. In case subuid/subgid has only been"
- elog "configured for root, run:"
- elog "usermod --add-subuids 1065536-1131071 <user>"
- elog "usermod --add-subgids 1065536-1131071 <user>"
- want_newline=true
- fi
-}
diff --git a/app-containers/podman/podman-4.7.1.ebuild b/app-containers/podman/podman-4.7.2.ebuild
similarity index 87%
rename from app-containers/podman/podman-4.7.1.ebuild
rename to app-containers/podman/podman-4.7.2.ebuild
index f10c9b0ec10a..85842e6a4f69 100644
--- a/app-containers/podman/podman-4.7.1.ebuild
+++ b/app-containers/podman/podman-4.7.2.ebuild
@@ -8,7 +8,7 @@ inherit go-module tmpfiles linux-info
DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI"
HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"
-if [[ ${PV} == *9999* ]]; then
+if [[ ${PV} == 9999* ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/containers/podman.git"
else
@@ -16,7 +16,10 @@ else
KEYWORDS="~amd64 ~arm64 ~riscv"
fi
-LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
+# main pkg
+LICENSE="Apache-2.0"
+# deps
+LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
SLOT="0"
IUSE="apparmor btrfs cgroup-hybrid wrapper +fuse +init +rootless +seccomp selinux systemd"
RESTRICT="test"
@@ -61,6 +64,8 @@ pkg_setup() {
src_prepare() {
default
+
+ # assure necessary files are present
local file
for file in apparmor_tag btrfs_installed_tag btrfs_tag systemd_tag; do
[[ -f hack/"${file}".sh ]] || die
@@ -71,18 +76,24 @@ src_prepare() {
cat <<-EOF > hack/"${feature}"_tag.sh || die
#!/usr/bin/env bash
$(usex ${feature} "echo ${feature}" echo)
-EOF
+ EOF
done
echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
cat <<-EOF > hack/btrfs_tag.sh || die
#!/usr/bin/env bash
$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
-EOF
+ EOF
}
src_compile() {
export PREFIX="${EPREFIX}/usr"
+
+ # For non-live versions, prevent git operations which causes sandbox violations
+ # https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493
+ [[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT=""
+
+ # BUILD_SECCOMP is used in the patch to toggle seccomp
emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs)
}
diff --git a/app-containers/podman/podman-9999.ebuild b/app-containers/podman/podman-9999.ebuild
index f10c9b0ec10a..85842e6a4f69 100644
--- a/app-containers/podman/podman-9999.ebuild
+++ b/app-containers/podman/podman-9999.ebuild
@@ -8,7 +8,7 @@ inherit go-module tmpfiles linux-info
DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI"
HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"
-if [[ ${PV} == *9999* ]]; then
+if [[ ${PV} == 9999* ]]; then
inherit git-r3
EGIT_REPO_URI="https://github.com/containers/podman.git"
else
@@ -16,7 +16,10 @@ else
KEYWORDS="~amd64 ~arm64 ~riscv"
fi
-LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
+# main pkg
+LICENSE="Apache-2.0"
+# deps
+LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
SLOT="0"
IUSE="apparmor btrfs cgroup-hybrid wrapper +fuse +init +rootless +seccomp selinux systemd"
RESTRICT="test"
@@ -61,6 +64,8 @@ pkg_setup() {
src_prepare() {
default
+
+ # assure necessary files are present
local file
for file in apparmor_tag btrfs_installed_tag btrfs_tag systemd_tag; do
[[ -f hack/"${file}".sh ]] || die
@@ -71,18 +76,24 @@ src_prepare() {
cat <<-EOF > hack/"${feature}"_tag.sh || die
#!/usr/bin/env bash
$(usex ${feature} "echo ${feature}" echo)
-EOF
+ EOF
done
echo -e "#!/usr/bin/env bash\n echo" > hack/btrfs_installed_tag.sh || die
cat <<-EOF > hack/btrfs_tag.sh || die
#!/usr/bin/env bash
$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
-EOF
+ EOF
}
src_compile() {
export PREFIX="${EPREFIX}/usr"
+
+ # For non-live versions, prevent git operations which causes sandbox violations
+ # https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493
+ [[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT=""
+
+ # BUILD_SECCOMP is used in the patch to toggle seccomp
emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs)
}
next reply other threads:[~2023-11-02 2:13 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-02 2:13 Zac Medico [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-11-26 22:09 [gentoo-commits] repo/gentoo:master commit in: app-containers/podman/ Zac Medico
2024-11-26 3:17 Sam James
2024-11-26 2:56 Sam James
2024-11-13 23:23 Zac Medico
2024-10-31 3:56 Zac Medico
2024-10-24 19:53 Zac Medico
2024-10-16 2:12 Sam James
2024-10-11 21:59 Zac Medico
2024-08-22 8:55 WANG Xuerui
2024-08-22 8:55 WANG Xuerui
2024-06-13 19:10 Zac Medico
2024-05-26 23:31 Zac Medico
2024-05-12 20:49 Zac Medico
2024-04-18 4:12 Zac Medico
2024-04-18 4:12 Zac Medico
2024-04-01 16:06 Zac Medico
2024-03-31 23:51 Zac Medico
2024-03-31 19:07 Arthur Zamarin
2024-03-31 16:47 Jakov Smolić
2024-03-27 3:02 Zac Medico
2024-03-23 8:29 Sam James
2024-03-16 23:35 Zac Medico
2024-03-15 19:47 Sam James
2024-03-15 19:28 Sam James
2024-03-08 3:25 Zac Medico
2024-03-07 2:28 Zac Medico
2024-03-02 23:47 Andreas K. Hüttel
2024-02-28 9:12 Florian Schmaus
2024-02-15 5:15 Zac Medico
2024-02-10 5:04 Zac Medico
2024-02-10 4:15 Zac Medico
2024-02-08 3:17 Zac Medico
2024-02-02 6:37 Zac Medico
2024-01-08 8:13 Zac Medico
2024-01-04 10:02 Sam James
2024-01-04 10:02 Sam James
2024-01-03 18:19 Zac Medico
2024-01-03 18:19 Zac Medico
2023-12-18 5:36 Zac Medico
2023-12-18 5:36 Zac Medico
2023-12-06 6:35 Zac Medico
2023-12-06 6:35 Zac Medico
2023-11-28 5:32 Arthur Zamarin
2023-11-28 5:32 Arthur Zamarin
2023-11-28 3:16 Zac Medico
2023-11-22 5:21 Zac Medico
2023-10-31 17:19 Mike Gilbert
2023-10-06 3:58 Zac Medico
2023-09-27 15:00 Yixun Lan
2023-09-25 4:48 Sam James
2023-09-25 3:45 Zac Medico
2023-09-25 3:45 Zac Medico
2023-06-10 4:20 Sam James
2023-06-09 18:09 Arthur Zamarin
2023-05-09 5:16 Zac Medico
2023-03-22 1:20 Sam James
2023-02-18 1:15 Zac Medico
2023-01-06 22:34 Zac Medico
2023-01-06 22:23 Sam James
2023-01-06 20:03 Arthur Zamarin
2022-11-22 1:19 Zac Medico
2022-10-20 0:03 Zac Medico
2022-10-07 23:23 Zac Medico
2022-09-18 23:47 Zac Medico
2022-08-15 19:28 Sam James
2022-08-12 20:01 Zac Medico
2022-06-18 20:36 Zac Medico
2022-06-05 15:13 Zac Medico
2022-06-04 19:51 Jakov Smolić
2022-06-03 21:30 Jakov Smolić
2022-05-07 16:10 Zac Medico
2022-04-10 17:09 Zac Medico
2022-04-09 21:32 Jason Zaman
2022-04-09 19:47 Arthur Zamarin
2022-04-07 20:58 Jakov Smolić
2022-04-01 17:55 Zac Medico
2022-03-26 1:41 Zac Medico
2022-03-25 4:01 Zac Medico
2022-03-25 3:53 Zac Medico
2022-03-25 3:01 Zac Medico
2022-03-25 2:43 Zac Medico
2022-03-10 3:22 Yixun Lan
2022-03-05 18:56 Zac Medico
2022-02-25 9:25 Yixun Lan
2022-02-24 3:03 Zac Medico
2022-02-18 18:46 Zac Medico
2021-12-27 3:30 Zac Medico
2021-12-25 17:28 Arthur Zamarin
2021-12-25 1:00 Sam James
2021-12-24 22:34 Zac Medico
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1698890976.03f5ccbab4a7ea143eada03ac833948fda5a5ce6.zmedico@gentoo \
--to=zmedico@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox