From 08f687ebe2136806a06207e75fbec2ad0656092f Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Dec 10 2021 03:47:38 +0000 Subject: Update to 0.0.99.3 --- diff --git a/.gitignore b/.gitignore index 03742d2..66d6df6 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ /toolbox-0.0.99.2^1.git9820550c82bb.tar.xz /toolbox-0.0.99.2^2.git40fbd377ed0b.tar.xz /toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz +/toolbox-0.0.99.3.tar.xz diff --git a/sources b/sources index 529eaaf..64d6d65 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (toolbox-0.0.99.2^3.git075b9a8d2779.tar.xz) = e9ebb306fa3fe72dede4d08e1428dbfde12fe44274b4ea7cd356cba28a90daff728c4182f13e20f8a05603aeefb4cf484611805dac2776ab38c37764e6069c5d +SHA512 (toolbox-0.0.99.3.tar.xz) = d9e4bd1cc7667b6ecdcf25a2c3ad7d7d67cc997168a41e668c936d2de24db774331a78a1b4a06b63e7cef8e0dc4ac5651591b6d9cec0d8e81be2b2dd64854dca diff --git a/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch b/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch deleted file mode 100644 index 21892d0..0000000 --- a/toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch +++ /dev/null @@ -1,537 +0,0 @@ -From 452dc797f7ef12235e4ede83735f5d554f54b012 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 21 Oct 2021 18:59:45 +0200 -Subject: [PATCH 1/5] tmpfiles.d: Style fix - -The subsequent commit will add an entry to create a /run/host symbolic -link on the host that points to /, and it will require explicitly -skipping some of the columns. Doing the same for the existing entry -will make the file more readable. - -https://github.com/containers/toolbox/issues/821 ---- - data/tmpfiles.d/toolbox.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/data/tmpfiles.d/toolbox.conf b/data/tmpfiles.d/toolbox.conf -index f22b64a0f97c..bdffe7c09639 100644 ---- a/data/tmpfiles.d/toolbox.conf -+++ b/data/tmpfiles.d/toolbox.conf -@@ -1 +1 @@ --d /run/media 0755 root root -+d /run/media 0755 root root - - --- -2.31.1 - - -From 6063eb27b98939942e316771224c5653a9b2e59b Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Thu, 21 Oct 2021 20:22:11 +0200 -Subject: [PATCH 2/5] build: Ensure that binaries are run against their - build-time ABI - -The /usr/bin/toolbox binary is not only used to interact with toolbox -containers and images from the host. It's also used as the entry point -of the containers by bind mounting the binary from the host into the -container. This means that the /usr/bin/toolbox binary on the host must -also work inside the container, even if they have different operating -systems. - -In the past, this worked perfectly well with the POSIX shell -implementation because it got intepreted by whichever /bin/sh was -available. However, the Go implementation, can run into ABI -compatibility issues because binaries built on newer toolchains aren't -meant to be run against older runtimes. - -The previous approach [1] of restricting the versions of the glibc -symbols that are linked against isn't actually supported by glibc, and -breaks if the early process start-up code changes. This is seen in -glibc-2.34, which is used by Fedora 35 onwards, where a new version of -the __libc_start_main symbol [2] was added as part of some security -hardening: - $ objdump -T ./usr/bin/toolbox | grep GLIBC_2.34 - 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 - __libc_start_main - 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 - pthread_detach - 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 - pthread_create - 0000000000000000 DF *UND* 0000000000000000 GLIBC_2.34 - pthread_attr_getstacksize - -This means that /usr/bin/toolbox binaries built against glibc-2.34 on -newer Fedoras fail to run against older glibcs in older Fedoras. - -Another option is to make the host's runtime available inside the -toolbox container and ensure that the binary always runs against it. - -Luckily, almost all supported containers have the host's /usr available -at /run/host/usr. This is exploited by embedding RPATHs or RUNPATHs to -/run/host/usr/lib and /run/host/usr/lib64 in the binary, and changing -the path of the dynamic linker (ie., PT_INTERP) to the one inside -/run/host. - -Unfortunately, there can only be one PT_INTERP entry inside the -binary, so there must be a /run/host on the host too. Therefore, a -/run/host symbolic link is created on the host that points to the -host's /. - -Based on ideas from Alexander Larsson and Ray Strode. - -[1] Commit 6ad9c631806961f3 - https://github.com/containers/toolbox/pull/534 - -[2] glibc commit 035c012e32c11e84 - https://sourceware.org/git/?p=glibc.git;a=commit;h=035c012e32c11e84 - https://sourceware.org/bugzilla/show_bug.cgi?id=23323 - -https://github.com/containers/toolbox/issues/821 ---- - data/tmpfiles.d/toolbox.conf | 1 + - meson.build | 8 ++---- - playbooks/setup-env.yaml | 1 + - src/go-build-wrapper | 17 ++++++++++--- - src/libc-wrappers/libc-wrappers.c | 42 ------------------------------- - src/libc-wrappers/meson.build | 8 ------ - src/meson.build | 4 --- - 7 files changed, 18 insertions(+), 63 deletions(-) - delete mode 100644 src/libc-wrappers/libc-wrappers.c - delete mode 100644 src/libc-wrappers/meson.build - -diff --git a/data/tmpfiles.d/toolbox.conf b/data/tmpfiles.d/toolbox.conf -index bdffe7c09639..0ddb1f08830d 100644 ---- a/data/tmpfiles.d/toolbox.conf -+++ b/data/tmpfiles.d/toolbox.conf -@@ -1 +1,2 @@ - d /run/media 0755 root root - - -+L /run/host - - - - ../ -diff --git a/meson.build b/meson.build -index b580c10fe7d8..ae228ee287d5 100644 ---- a/meson.build -+++ b/meson.build -@@ -1,17 +1,13 @@ - project( - 'toolbox', -- 'c', - version: '0.0.99.2', - license: 'ASL 2.0', -- meson_version: '>= 0.42.0', -+ meson_version: '>= 0.53.0', - ) - --cc = meson.get_compiler('c') --add_project_arguments('-pthread', language: 'c') --add_project_link_arguments('-pthread', language: 'c') -- - go = find_program('go') - go_md2man = find_program('go-md2man') -+patchelf = find_program('patchelf') - shellcheck = find_program('shellcheck', required: false) - skopeo = find_program('skopeo', required: false) - -diff --git a/playbooks/setup-env.yaml b/playbooks/setup-env.yaml -index 5644f1ab01b4..7ac9b46ee3ad 100644 ---- a/playbooks/setup-env.yaml -+++ b/playbooks/setup-env.yaml -@@ -13,6 +13,7 @@ - - golang-github-cpuguy83-md2man - - meson - - ninja-build -+ - patchelf - - podman - - skopeo - - systemd -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 0d27120da052..677dca94bd5a 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -16,9 +16,9 @@ - # - - --if [ "$#" -ne 4 ]; then -+if [ "$#" -ne 3 ]; then - echo "go-build-wrapper: wrong arguments" >&2 -- echo "Usage: go-build-wrapper [SOURCE DIR] [OUTPUT DIR] [VERSION] [libc-wrappers.a]" >&2 -+ echo "Usage: go-build-wrapper [SOURCE DIR] [OUTPUT DIR] [VERSION]" >&2 - exit 1 - fi - -@@ -27,5 +27,16 @@ if ! cd "$1"; then - exit 1 - fi - --go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" -+go build -trimpath -ldflags "-extldflags '-Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" -+ -+if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then -+ echo "go-build-wrapper: failed to read PT_INTERP from $2/toolbox" >&2 -+ exit 1 -+fi -+ -+if ! patchelf --set-interpreter "/run/host$interpreter" "$2/toolbox"; then -+ echo "go-build-wrapper: failed to change PT_INTERP of $2/toolbox to /run/host$interpreter" >&2 -+ exit 1 -+fi -+ - exit "$?" -diff --git a/src/libc-wrappers/libc-wrappers.c b/src/libc-wrappers/libc-wrappers.c -deleted file mode 100644 -index 7b402bc2fe78..000000000000 ---- a/src/libc-wrappers/libc-wrappers.c -+++ /dev/null -@@ -1,42 +0,0 @@ --/* -- * Copyright © 2020 – 2021 Red Hat Inc. -- * -- * Licensed under the Apache License, Version 2.0 (the "License"); -- * you may not use this file except in compliance with the License. -- * You may obtain a copy of the License at -- * -- * http://www.apache.org/licenses/LICENSE-2.0 -- * -- * Unless required by applicable law or agreed to in writing, software -- * distributed under the License is distributed on an "AS IS" BASIS, -- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- * See the License for the specific language governing permissions and -- * limitations under the License. -- */ -- -- --#include -- -- --#if defined __aarch64__ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.17"); --#elif defined __arm__ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.4"); --#elif defined __i386__ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.0"); --#elif defined __powerpc64__ && _CALL_ELF == 2 /* ppc64le */ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.17"); --#elif defined __s390x__ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.2"); --#elif defined __x86_64__ --__asm__(".symver pthread_sigmask,pthread_sigmask@GLIBC_2.2.5"); --#else --#error "Please specify symbol version for pthread_sigmask" --#endif -- -- --int --__wrap_pthread_sigmask (int how, const sigset_t *set, sigset_t *oldset) --{ -- return pthread_sigmask (how, set, oldset); --} -diff --git a/src/libc-wrappers/meson.build b/src/libc-wrappers/meson.build -deleted file mode 100644 -index 3984ce449c57..000000000000 ---- a/src/libc-wrappers/meson.build -+++ /dev/null -@@ -1,8 +0,0 @@ --sources = files( -- 'libc-wrappers.c', --) -- --libc_wrappers = static_library( -- 'c-wrappers', -- sources, --) -diff --git a/src/meson.build b/src/meson.build -index f76606da3271..759db1f1e900 100644 ---- a/src/meson.build -+++ b/src/meson.build -@@ -1,5 +1,3 @@ --subdir('libc-wrappers') -- - go_build_wrapper_file = files('go-build-wrapper') - go_build_wrapper_program = find_program('go-build-wrapper') - -@@ -28,9 +26,7 @@ custom_target( - meson.current_source_dir(), - meson.current_build_dir(), - meson.project_version(), -- libc_wrappers.full_path(), - ], -- depends: libc_wrappers, - input: sources, - install: true, - install_dir: get_option('bindir'), --- -2.31.1 - - -From c33075f3e1c0bad9883caa8d8f7c8ca3d947d2ea Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= -Date: Fri, 22 Oct 2021 15:21:41 +0300 -Subject: [PATCH 3/5] playbooks: Unify test setup for system & unit tests - -There is no significant benefit in keeping this configuration separated. -Now the to-be installed packages are tracked in a single place and the -test playbooks only call the relevant tests. - -This was pointed out by in 6063eb27b98939942e316771224c5653a9b2e59b - -https://github.com/containers/toolbox/pull/898 ---- - .zuul.yaml | 1 + - playbooks/setup-env.yaml | 18 ++++++++++++++++++ - playbooks/system-test.yaml | 24 +----------------------- - playbooks/unit-test.yaml | 21 --------------------- - 4 files changed, 20 insertions(+), 44 deletions(-) - -diff --git a/.zuul.yaml b/.zuul.yaml -index 1ec2f59738eb..1543b8a04b51 100644 ---- a/.zuul.yaml -+++ b/.zuul.yaml -@@ -7,6 +7,7 @@ - nodes: - - name: ci-node-33 - label: cloud-fedora-33-small -+ pre-run: playbooks/setup-env.yaml - run: playbooks/unit-test.yaml - - - job: -diff --git a/playbooks/setup-env.yaml b/playbooks/setup-env.yaml -index 7ac9b46ee3ad..460ca9977a9e 100644 ---- a/playbooks/setup-env.yaml -+++ b/playbooks/setup-env.yaml -@@ -40,3 +40,21 @@ - - - name: Show podman debug information - command: podman info --debug -+ -+ - name: Set up build directory -+ command: meson builddir -+ args: -+ chdir: '{{ zuul.project.src_dir }}' -+ -+ - name: Build Toolbox -+ command: ninja -C builddir -+ args: -+ chdir: '{{ zuul.project.src_dir }}' -+ creates: builddir/src/toolbox -+ -+ - name: Install Toolbox -+ become: yes -+ command: ninja -C builddir install -+ args: -+ chdir: '{{ zuul.project.src_dir }}' -+ creates: /usr/local/bin/toolbox -diff --git a/playbooks/system-test.yaml b/playbooks/system-test.yaml -index c2eff3f0d77a..0249548acc5d 100644 ---- a/playbooks/system-test.yaml -+++ b/playbooks/system-test.yaml -@@ -1,32 +1,10 @@ - --- - - hosts: all -- -- vars: -- toolbox_bin: '/usr/local/bin/toolbox' -- - tasks: -- - name: Set up build directory -- command: meson builddir -- args: -- chdir: '{{ zuul.project.src_dir }}' -- -- - name: Build Toolbox -- command: ninja -C builddir -- args: -- chdir: '{{ zuul.project.src_dir }}' -- creates: builddir/src/toolbox -- -- - name: Install Toolbox -- become: yes -- command: ninja -C builddir install -- args: -- chdir: '{{ zuul.project.src_dir }}' -- creates: '{{ toolbox_bin }}' -- - - name: Run system tests - command: bats --timing ./test/system - environment: - PODMAN: '/usr/bin/podman' -- TOOLBOX: '{{ toolbox_bin }}' -+ TOOLBOX: '/usr/local/bin/toolbox' - args: - chdir: '{{ zuul.project.src_dir }}' -diff --git a/playbooks/unit-test.yaml b/playbooks/unit-test.yaml -index 9be98e7bd86a..2212521c5b9e 100644 ---- a/playbooks/unit-test.yaml -+++ b/playbooks/unit-test.yaml -@@ -1,27 +1,6 @@ - --- - - hosts: all - tasks: -- - name: Install requirements -- become: yes -- package: -- name: -- - golang -- - golang-github-cpuguy83-md2man -- - ninja-build -- - meson -- - ShellCheck -- -- - name: Set up build directory -- command: meson builddir -- args: -- chdir: '{{ zuul.project.src_dir }}' -- -- - name: Build Toolbox -- command: ninja -C builddir -- args: -- chdir: '{{ zuul.project.src_dir }}' -- creates: builddir/src/toolbox -- - - name: Test - command: ninja -C builddir test - args: --- -2.31.1 - - -From 69ffc888ca9d481f9f208179949c179d12078501 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Ond=C5=99ej=20M=C3=ADchal?= -Date: Fri, 22 Oct 2021 15:25:20 +0300 -Subject: [PATCH 4/5] playbooks: Fix CI for #897 - -PR #897 made adjustmnets to the Toolbx binary that it requires presence -of /run/host in both the host filesystem and the filesystem in -a container. - -The presence of the directory is assured by systemd-tmpfiles by -running it before the binary is started for the first time. For the run -to be effective 'data/tmpfiles.d/toolbox.conf' has to be installed in -a location visible to systemd-tmpfiles. Therefore, the call to -'systemd-tmpfiles --create' had to be placed after the install step. - -https://github.com/containers/toolbox/pull/898 ---- - playbooks/setup-env.yaml | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/playbooks/setup-env.yaml b/playbooks/setup-env.yaml -index 460ca9977a9e..2f858bcf722c 100644 ---- a/playbooks/setup-env.yaml -+++ b/playbooks/setup-env.yaml -@@ -26,14 +26,8 @@ - args: - chdir: '{{ zuul.project.src_dir }}' - -- - name: Setup environment -- become: yes -- command: -- cmd: systemd-tmpfiles --create -- creates: /run/media -- - - name: Check versions of crucial packages -- command: rpm -qa *kernel* *glibc* golang podman conmon containernetworking-plugins containers-common container-selinux crun runc fuse-overlayfs flatpak-session-helper -+ command: rpm -qa *kernel* *glibc* golang podman conmon containernetworking-plugins containers-common container-selinux crun runc fuse-overlayfs flatpak-session-helper patchelf - - - name: Show podman versions - command: podman version -@@ -58,3 +52,10 @@ - args: - chdir: '{{ zuul.project.src_dir }}' - creates: /usr/local/bin/toolbox -+ -+ - name: Setup environment -+ become: yes -+ command: -+ cmd: systemd-tmpfiles --create -+ creates: /run/media -+ creates: /run/host --- -2.31.1 - - -From 5429d5e099af96f7af1f9be58ba354fe332b59e9 Mon Sep 17 00:00:00 2001 -From: Debarshi Ray -Date: Mon, 25 Oct 2021 02:55:09 +0200 -Subject: [PATCH 5/5] build: Restore backwards compatibility with existing - containers - -The path of the dynamic linker (ie., PT_INTERP), as specified in an -architecture's ABI, often starts with /lib or /lib64, not /usr/lib or -/usr/lib64. eg., it's /lib/ld-linux-aarch64.so.1 for aarch64 and -/lib64/ld-linux-x86-64.so.2 for x86_64. - -Unfortunately, until very recently [1], only the host's /usr was -present inside a toolbox container's /run/host, not /lib or /lib64. -Therefore, simply prepending /run/host to the /usr/bin/toolbox -binary's existing PT_INTERP entry wouldn't locate the host's dynamic -linker inside the toolbox container. This broke backwards compatibility -with every container out there, except the ones created with the -current development version in Git. - -To restore backwards compatibility, the /lib and /lib64 symbolic links -must be resolved to their respective locations inside /usr. - -The following caveats must be noted: - - * With glibc, even the basename of the path of the dynamic linker as - specified in an architecture's ABI, is a symbolic link to a file - named ld-.so. However, this file can't be used as - the PT_INTERP entry, because its name will change when glibc is - updated and the PT_INTERP entry will become invalid until the - /usr/bin/toolbox binary is rebuilt. - - * On Debian, a path like /lib64/ld-linux-x86-64.so.2 doesn't resolve - to something inside /usr/lib64. Instead it ends up inside - /usr/lib/x86_64-linux-gnu through a series of symbolic links: - - /lib64 -> usr/lib64 - - /usr/lib64/ld-linux-x86-64.so.2 - -> /lib/x86_64-linux-gnu/ld-2.28.so - - /lib -> usr/lib - - * It's assumed that a symbolic link with the basename specified in - the ABI lives in the same directory as the actual dynamic linker - binary named ld-.so. - -Fallout from 6063eb27b98939942e316771224c5653a9b2e59b - -[1] Commit d03a5fee80f2f72d - https://github.com/containers/toolbox/pull/827 - -https://github.com/containers/toolbox/issues/821 ---- - src/go-build-wrapper | 21 +++++++++++++++++++-- - 1 file changed, 19 insertions(+), 2 deletions(-) - -diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 677dca94bd5a..24eac674c9ac 100755 ---- a/src/go-build-wrapper -+++ b/src/go-build-wrapper -@@ -34,8 +34,25 @@ if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then - exit 1 - fi - --if ! patchelf --set-interpreter "/run/host$interpreter" "$2/toolbox"; then -- echo "go-build-wrapper: failed to change PT_INTERP of $2/toolbox to /run/host$interpreter" >&2 -+if ! interpreter_canonical=$(readlink --canonicalize "$interpreter"); then -+ echo "go-build-wrapper: failed to canonicalize PT_INTERP" >&2 -+ exit 1 -+fi -+ -+if ! interpreter_basename=$(basename "$interpreter"); then -+ echo "go-build-wrapper: failed to read the basename of PT_INTERP" >&2 -+ exit 1 -+fi -+ -+if ! interpreter_canonical_dirname=$(dirname "$interpreter_canonical"); then -+ echo "go-build-wrapper: failed to read the dirname of the canonicalized PT_INTERP" >&2 -+ exit 1 -+fi -+ -+interpreter="/run/host$interpreter_canonical_dirname/$interpreter_basename" -+ -+if ! patchelf --set-interpreter "$interpreter" "$2/toolbox"; then -+ echo "go-build-wrapper: failed to change PT_INTERP of $2/toolbox to $interpreter" >&2 - exit 1 - fi - --- -2.31.1 - diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch index d464eea..a1d92a5 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild-for-PPC64.patch @@ -1,4 +1,4 @@ -From df2d42ec5aee27f9f92ce7825d020425c2dac885 Mon Sep 17 00:00:00 2001 +From 32aa30a17358598f568991a5375f6182e4135648 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} for @@ -20,23 +20,44 @@ Note that these flags are only meant for the "ppc64" CPU architecture, and should be kept updated to match Fedora's Go guidelines. Use 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. --- - src/go-build-wrapper | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + src/go-build-wrapper | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 677dca94bd5a..e6e9caf1049e 100755 +index ef4aafc8b024..f8ea8370792c 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -27,7 +27,8 @@ if ! cd "$1"; then +@@ -32,9 +32,9 @@ if ! cd "$1"; then exit 1 fi --go build -trimpath -ldflags "-extldflags '-Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" + if $6; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$4" --print-file-name=libc.so); then +@@ -69,11 +69,16 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + +unset LDFLAGS -+go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" ++ + # shellcheck disable=SC2086 + go build \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/toolbox" - if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then - echo "go-build-wrapper: failed to read PT_INTERP from $2/toolbox" >&2 + exit "$?" -- 2.31.1 diff --git a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch index 4aa1e11..2e4cbfd 100644 --- a/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch +++ b/toolbox-Make-the-build-flags-match-Fedora-s-gobuild.patch @@ -1,4 +1,4 @@ -From 18cbc514c8b776c855a24cdcf8b326d592322d44 Mon Sep 17 00:00:00 2001 +From 6d913f1fbd6e609957bb01273504b2f479e1b546 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} @@ -19,23 +19,45 @@ Note that these flags are meant for every CPU architecture other than PPC64, and should be kept updated to match Fedora's Go guidelines. Use 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. --- - src/go-build-wrapper | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) + src/go-build-wrapper | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper -index 677dca94bd5a..581d5c82cf2f 100755 +index ef4aafc8b024..4354beceb215 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper -@@ -27,7 +27,8 @@ if ! cd "$1"; then +@@ -32,9 +32,9 @@ if ! cd "$1"; then exit 1 fi --go build -trimpath -ldflags "-extldflags '-Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox" +-tags="" ++tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" + if $6; then +- tags="-tags migration_path_for_coreos_toolbox" ++ tags="$tags,migration_path_for_coreos_toolbox" + fi + + if ! libc_dir=$("$4" --print-file-name=libc.so); then +@@ -69,11 +69,17 @@ fi + + dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" + +unset LDFLAGS -+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-rpath,/run/host/usr/lib -Wl,-rpath,/run/host/usr/lib64' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox" ++ + # shellcheck disable=SC2086 + go build \ ++ -buildmode pie \ ++ -compiler gc \ + $tags \ +- -trimpath \ +- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \ ++ -a \ ++ -v \ ++ -x \ + -o "$2/toolbox" - if ! interpreter=$(patchelf --print-interpreter "$2/toolbox"); then - echo "go-build-wrapper: failed to read PT_INTERP from $2/toolbox" >&2 + exit "$?" -- 2.31.1 diff --git a/toolbox.spec b/toolbox.spec index c4f7f4b..8f1a942 100644 --- a/toolbox.spec +++ b/toolbox.spec @@ -1,23 +1,18 @@ %global __brp_check_rpaths %{nil} Name: toolbox -Version: 0.0.99.2^3.git075b9a8d2779 +Version: 0.0.99.3 %global goipath github.com/containers/%{name} %gometa -Release: 9%{?dist} +Release: 1%{?dist} Summary: Tool for containerized command line environments on Linux License: ASL 2.0 URL: https://github.com/containers/%{name} -# https://github.com/containers/%%{name}/releases/download/%%{version}/%%{name}-%%{version}.tar.xz -# Snapshot tarball -Source0: %{name}-%{version}.tar.xz - -# https://bugzilla.redhat.com/show_bug.cgi?id=1995439 -Patch0: toolbox-Ensure-that-binaries-are-run-against-their-build-time-ABI.patch +Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz # Fedora specific Patch100: toolbox-Don-t-use-Go-s-semantic-import-versioning.patch @@ -39,7 +34,6 @@ BuildRequires: golang(github.com/sirupsen/logrus) >= 1.4.2 BuildRequires: golang(github.com/spf13/cobra) >= 0.0.5 BuildRequires: golang(golang.org/x/sys/unix) BuildRequires: meson -BuildRequires: patchelf BuildRequires: pkgconfig(bash-completion) BuildRequires: systemd @@ -61,6 +55,7 @@ Summary: Required packages for the container image to support %{name} # These are really required to make the image work with toolbox Requires: passwd Requires: shadow-utils +Requires: util-linux Requires: vte-profile %description support @@ -97,7 +92,6 @@ Requires: less Requires: lsof Requires: man-db Requires: man-pages -Requires: mlocate Requires: mtr Requires: nano-default-editor Requires: nss-mdns @@ -143,7 +137,6 @@ The %{name}-tests package contains system tests for %{name}. %prep %setup -q -%patch0 -p1 %patch100 -p1 %ifnarch ppc64 @@ -193,6 +186,9 @@ ln -s src/pkg pkg %changelog +* Fri Dec 10 2021 Debarshi Ray - 0.0.99.3-1 +- Update to 0.0.99.3 + * Mon Oct 25 2021 Debarshi Ray - 0.0.99.2^3.git075b9a8d2779-9 - Restore backwards compatibility with existing containers