From aac9afd00eabf09a720f88df4bf63943a72f43ac Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 22 May 2025 10:08:22 -0400 Subject: [PATCH 1/3] Revert "remove packit jobs" This reverts commit 64aaa455fb839fc76f09f2076589835b8825e055. Signed-off-by: Lokesh Mandvekar --- .packit.yaml | 126 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) create mode 100644 .packit.yaml diff --git a/.packit.yaml b/.packit.yaml new file mode 100644 index 0000000000..637e02041b --- /dev/null +++ b/.packit.yaml @@ -0,0 +1,126 @@ +--- +# See the documentation for more information: +# https://packit.dev/docs/configuration/ + +downstream_package_name: podman +upstream_tag_template: v{version} + +packages: + podman-fedora: + pkg_tool: fedpkg + specfile_path: rpm/podman.spec + podman-centos: + pkg_tool: centpkg + specfile_path: rpm/podman.spec + podman-eln: + specfile_path: rpm/podman.spec + +srpm_build_deps: + - git-archive-all + - make + +actions: + fix-spec-file: + - "bash .packit.sh" + +jobs: + - job: copr_build + trigger: pull_request + packages: [podman-fedora] + notifications: &packit_build_failure_notification + failure_comment: + message: "Ephemeral COPR build failed. @containers/packit-build please check." + enable_net: true + targets: + - fedora-all-x86_64 + - fedora-all-aarch64 + + - job: copr_build + trigger: pull_request + packages: [podman-eln] + notifications: *packit_build_failure_notification + enable_net: true + targets: + fedora-eln-x86_64: + additional_repos: + - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/x86_64/" + fedora-eln-aarch64: + additional_repos: + - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/aarch64/" + + - job: copr_build + trigger: pull_request + packages: [podman-centos] + notifications: *packit_build_failure_notification + enable_net: true + targets: + - centos-stream-9-x86_64 + - centos-stream-9-aarch64 + - centos-stream-10-x86_64 + - centos-stream-10-aarch64 + + # Run on commit to main branch + - job: copr_build + trigger: commit + packages: [podman-fedora] + notifications: + failure_comment: + message: "podman-next COPR build failed. @containers/packit-build please check." + branch: main + owner: rhcontainerbot + project: podman-next + enable_net: true + + - job: tests + identifier: cockpit-revdeps + trigger: pull_request + packages: [podman-fedora] + notifications: + failure_comment: + message: "Cockpit tests failed for commit {commit_sha}. @martinpitt, @jelly, @mvollmer please check." + targets: + - fedora-latest-stable + - fedora-development + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/g/cockpit/main-builds/repo/fedora-$releasever/group_cockpit-main-builds-fedora-$releasever.repo + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo + tmt: + context: + revdeps: "yes" + + - job: propose_downstream + trigger: release + update_release: false + packages: [podman-fedora] + dist_git_branches: &fedora_targets + - fedora-all + + - job: propose_downstream + trigger: release + update_release: false + packages: [podman-centos] + dist_git_branches: + - c10s + + - job: koji_build + trigger: commit + packages: [podman-fedora] + sidetag_group: podman-releases + dist_git_branches: *fedora_targets + + - job: bodhi_update + trigger: koji_build + packages: [podman-fedora] + sidetag_group: podman-releases + # Dependencies are not rpm dependencies, but packages that should go in the + # same bodhi update + # Ref: https://packit.dev/docs/fedora-releases-guide/releasing-multiple-packages + dependencies: + - buildah + - containers-common + - skopeo + dist_git_branches: *fedora_targets From 7d62bcecc3d6513b14e6853b1c4caf7d78a271ed Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 13 Jun 2025 08:23:36 -0400 Subject: [PATCH 2/3] Packit/TMT: enable system tests on RHEL envs No rpms are built, tests are run directly on binaries built from Makefile targets. RHEL environments are provisioned on internal testing farm. Signed-off-by: Lokesh Mandvekar --- .packit.sh | 48 ---- .packit.yaml | 148 +++------- plans/cockpit-podman.fmf | 37 --- plans/system.fmf | 73 +++++ rpm/Makefile | 12 - rpm/podman.spec | 380 ------------------------- rpm/update-spec-version.sh | 20 -- test/system/220-healthcheck.bats | 4 + test/system/251-system-service.bats | 4 + test/system/252-quadlet.bats | 28 ++ test/system/255-auto-update.bats | 5 +- test/system/272-system-connection.bats | 4 + test/system/helpers.bash | 10 + test/tmt/main.fmf | 37 +++ test/tmt/setup.sh | 8 + 15 files changed, 207 insertions(+), 611 deletions(-) delete mode 100644 .packit.sh delete mode 100644 plans/cockpit-podman.fmf create mode 100644 plans/system.fmf delete mode 100644 rpm/Makefile delete mode 100644 rpm/podman.spec delete mode 100644 rpm/update-spec-version.sh create mode 100644 test/tmt/main.fmf create mode 100644 test/tmt/setup.sh diff --git a/.packit.sh b/.packit.sh deleted file mode 100644 index 7eb5aa002c..0000000000 --- a/.packit.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/env bash - -# This script handles any custom processing of the spec file using the `fix-spec-file` -# action in .packit.yaml. These steps only work on copr builds, not on official -# Fedora builds. - -set -eox pipefail - -PACKAGE=podman - -# Set path to rpm spec file -SPEC_FILE=rpm/$PACKAGE.spec - -# Get short sha -SHORT_SHA=$(git rev-parse --short HEAD) - -# Get Version from HEAD -VERSION=$(grep '^const RawVersion' version/rawversion/version.go | cut -d\" -f2) - -# RPM Version can't take "-" -RPM_VERSION=$(echo $VERSION | sed -e 's/-/~/') - -# Generate source tarball from HEAD -git-archive-all -C $(git rev-parse --show-toplevel) --prefix=$PACKAGE-$VERSION/ rpm/$PACKAGE-$VERSION.tar.gz - -# RPM Spec modifications - -# Use the Version from HEAD in rpm spec -sed -i "s/^Version:.*/Version: $RPM_VERSION/" $SPEC_FILE - -# Use Packit's supplied variable in the Release field in rpm spec. -sed -i "s/^Release:.*/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" $SPEC_FILE - -# Ensure last part of the release string is the git shortcommit without a -# prepended "g" -sed -i "/^Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/ s/\(.*\)g/\1/" $SPEC_FILE - -# Use above generated tarball as Source in rpm spec -sed -i "s/^Source0:.*.tar.gz/Source0: $PACKAGE-$VERSION.tar.gz/" $SPEC_FILE - -# Update setup macro to use the correct build dir -sed -i "s/^%autosetup.*/%autosetup -Sgit -n %{name}-$VERSION/" $SPEC_FILE - -# Update relevant sed entries in spec file with the actual VERSION and SHORT_SHA -# This allows podman --version to also show the SHORT_SHA along with the -# VERSION -sed -i "s/##VERSION##/$VERSION/" $SPEC_FILE -sed -i "s/##SHORT_SHA##/$SHORT_SHA/" $SPEC_FILE diff --git a/.packit.yaml b/.packit.yaml index 637e02041b..381fe8b52b 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -2,125 +2,49 @@ # See the documentation for more information: # https://packit.dev/docs/configuration/ -downstream_package_name: podman -upstream_tag_template: v{version} - -packages: - podman-fedora: - pkg_tool: fedpkg - specfile_path: rpm/podman.spec - podman-centos: - pkg_tool: centpkg - specfile_path: rpm/podman.spec - podman-eln: - specfile_path: rpm/podman.spec - -srpm_build_deps: - - git-archive-all - - make - -actions: - fix-spec-file: - - "bash .packit.sh" - jobs: - - job: copr_build + - job: tests trigger: pull_request - packages: [podman-fedora] - notifications: &packit_build_failure_notification + skip_build: true + use_internal_tf: true + notifications: &packit_failure_notification failure_comment: - message: "Ephemeral COPR build failed. @containers/packit-build please check." - enable_net: true - targets: - - fedora-all-x86_64 - - fedora-all-aarch64 + message: "Packit jobs failed. @containers/packit-build please check." + targets: &test_targets + epel-10-x86_64: + distros: [RHEL-10.0-Nightly] + epel-10-aarch64: + distros: [RHEL-10.0-Nightly] + epel-9-x86_64: + distros: [RHEL-9.6.0-Nightly] + epel-9-aarch64: + distros: [RHEL-9.6.0-Nightly] + tmt_plan: "/plans/system/root-local" + identifier: "sys-local-root" - - job: copr_build + - job: tests trigger: pull_request - packages: [podman-eln] - notifications: *packit_build_failure_notification - enable_net: true - targets: - fedora-eln-x86_64: - additional_repos: - - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/x86_64/" - fedora-eln-aarch64: - additional_repos: - - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/aarch64/" + skip_build: true + use_internal_tf: true + notifications: *packit_failure_notification + targets: *test_targets + tmt_plan: "/plans/system/rootless-local" + identifier: "sys-local-rootless" - - job: copr_build + - job: tests trigger: pull_request - packages: [podman-centos] - notifications: *packit_build_failure_notification - enable_net: true - targets: - - centos-stream-9-x86_64 - - centos-stream-9-aarch64 - - centos-stream-10-x86_64 - - centos-stream-10-aarch64 - - # Run on commit to main branch - - job: copr_build - trigger: commit - packages: [podman-fedora] - notifications: - failure_comment: - message: "podman-next COPR build failed. @containers/packit-build please check." - branch: main - owner: rhcontainerbot - project: podman-next - enable_net: true + skip_build: true + use_internal_tf: true + notifications: *packit_failure_notification + targets: *test_targets + tmt_plan: "/plans/system/root-remote" + identifier: "sys-remote-root" - job: tests - identifier: cockpit-revdeps trigger: pull_request - packages: [podman-fedora] - notifications: - failure_comment: - message: "Cockpit tests failed for commit {commit_sha}. @martinpitt, @jelly, @mvollmer please check." - targets: - - fedora-latest-stable - - fedora-development - tf_extra_params: - environments: - - artifacts: - - type: repository-file - id: https://copr.fedorainfracloud.org/coprs/g/cockpit/main-builds/repo/fedora-$releasever/group_cockpit-main-builds-fedora-$releasever.repo - - type: repository-file - id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo - tmt: - context: - revdeps: "yes" - - - job: propose_downstream - trigger: release - update_release: false - packages: [podman-fedora] - dist_git_branches: &fedora_targets - - fedora-all - - - job: propose_downstream - trigger: release - update_release: false - packages: [podman-centos] - dist_git_branches: - - c10s - - - job: koji_build - trigger: commit - packages: [podman-fedora] - sidetag_group: podman-releases - dist_git_branches: *fedora_targets - - - job: bodhi_update - trigger: koji_build - packages: [podman-fedora] - sidetag_group: podman-releases - # Dependencies are not rpm dependencies, but packages that should go in the - # same bodhi update - # Ref: https://packit.dev/docs/fedora-releases-guide/releasing-multiple-packages - dependencies: - - buildah - - containers-common - - skopeo - dist_git_branches: *fedora_targets + skip_build: true + use_internal_tf: true + notifications: *packit_failure_notification + targets: *test_targets + tmt_plan: "/plans/system/rootless-remote" + identifier: "sys-remote-rootless" diff --git a/plans/cockpit-podman.fmf b/plans/cockpit-podman.fmf deleted file mode 100644 index 94854701c5..0000000000 --- a/plans/cockpit-podman.fmf +++ /dev/null @@ -1,37 +0,0 @@ -# reverse dependency test for https://github.com/cockpit-project/cockpit-podman/ -# packit should automatically notify the cockpit maintainers on failures. -# For questions, please contact @martinpitt, @jelly, @mvollmer -enabled: false - -adjust+: - when: revdeps == yes - enabled: true - -discover: - how: fmf - url: https://github.com/cockpit-project/cockpit-podman - ref: "main" - -execute: - how: tmt - -# not relevant for testing podman -environment: - TEST_AUDIT_NO_SELINUX: 1 - TEST_ALLOW_JOURNAL_MESSAGES: ".*" - -# This has to duplicate cockpit-podman's plan structure; see https://github.com/teemtee/tmt/issues/1770 -/podman-system: - summary: Run cockpit-podman system tests - discover+: - test: /test/browser/system - -/podman-user: - summary: Run cockpit-podman user tests - discover+: - test: /test/browser/user - -/podman-misc: - summary: Run other cockpit-podman tests - discover+: - test: /test/browser/other diff --git a/plans/system.fmf b/plans/system.fmf new file mode 100644 index 0000000000..6cb768a092 --- /dev/null +++ b/plans/system.fmf @@ -0,0 +1,73 @@ +discover: + how: fmf + +execute: + how: tmt + +prepare: + - name: build and test dependencies + how: install + package: + - bzip2 + - go-md2man + - golang + - gpgme-devel + - libseccomp-devel + - netavark + - podman-catatonit + # podman-tests used only to fetch test dependencies + - podman-tests + - slirp4netns + - systemd-devel + order: 5 + - how: shell + script: modprobe null_blk nr_devices=1 + order: 5 + - how: shell + script: | + # Install bats + # https://bats-core.readthedocs.io/en/stable/installation.html + BATS_VERSION=1.12.0 + curl -L https://github.com/bats-core/bats-core/archive/refs/tags/v"$BATS_VERSION".tar.gz | tar -xz + pushd bats-core-"$BATS_VERSION" + ./install.sh /usr + popd + rm -rf bats-core-"$BATS_VERSION" + # Install parallel + # https://cgit.git.savannah.gnu.org/cgit/parallel.git/tree/README + wget https://ftpmirror.gnu.org/parallel/parallel-20250522.tar.bz2 + bzip2 -dc parallel-20250522.tar.bz2 | tar xvf - + pushd parallel-20250522 + ./configure && make && make install + popd + order: 10 + +provision: + how: artemis + hardware: + memory: ">= 16 GB" + cpu: + cores: ">= 4" + threads: ">=8" + disk: + - size: ">= 512 GB" + +/root-local: + summary: Local root system tests + discover+: + test: /test/tmt/sys-root-local + +/rootless-local: + summary: Local rootless system tests + discover+: + test: /test/tmt/sys-rootless-local + +/root-remote: + summary: Remote root system tests + discover+: + test: /test/tmt/sys-root-remote + +/rootless-remote: + summary: Remote rootless system tests + discover+: + test: /test/tmt/sys-rootless-remote diff --git a/rpm/Makefile b/rpm/Makefile deleted file mode 100644 index f45741c741..0000000000 --- a/rpm/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -.PHONY: rpm -rpm: - $(shell /usr/bin/bash ./update-spec-version.sh) - spectool -g podman.spec - rpmbuild -ba \ - --define '_sourcedir $(shell pwd)' \ - --define '_rpmdir %{_sourcedir}/RPMS' \ - --define '_srcrpmdir %{_sourcedir}/SRPMS' \ - --define '_builddir %{_sourcedir}/BUILD' \ - podman.spec - @echo ___RPMS can be found in rpm/RPMS/.___ - @echo ___Undo any changes to Version, Source0 and %autosetup in rpm/podman.spec before committing.___ diff --git a/rpm/podman.spec b/rpm/podman.spec deleted file mode 100644 index d6eaf9ae6e..0000000000 --- a/rpm/podman.spec +++ /dev/null @@ -1,380 +0,0 @@ -%global with_debug 1 - -%if 0%{?with_debug} -%global _find_debuginfo_dwz_opts %{nil} -%global _dwz_low_mem_die_limit 0 -%else -%global debug_package %{nil} -%endif - -%global gomodulesmode GO111MODULE=on - -%if %{defined fedora} -%define build_with_btrfs 1 -# qemu-system* isn't packageed for CentOS Stream / RHEL -%define qemu 1 -%endif - -%if %{defined copr_username} -%define copr_build 1 -%endif - -# Only RHEL and CentOS Stream rpms are built with fips-enabled go compiler -%if %{defined rhel} -%define fips_enabled 1 -%endif - -%global container_base_path github.com/containers -%global container_base_url https://%{container_base_path} - -# For LDFLAGS -%global ld_project %{container_base_path}/%{name}/v5 -%global ld_libpod %{ld_project}/libpod - -# %%{name} -%global git0 %{container_base_url}/%{name} - -# podman-machine subpackage will be present only on these architectures -%global machine_arches x86_64 aarch64 - -%if %{defined copr_build} -%define build_origin Copr: %{?copr_username}/%{?copr_projectname} -%else -%define build_origin %{?packager} -%endif - -Name: podman -%if %{defined copr_build} -Epoch: 102 -%else -Epoch: 5 -%endif -# DO NOT TOUCH the Version string! -# The TRUE source of this specfile is: -# https://github.com/containers/podman/blob/main/rpm/podman.spec -# If that's what you're reading, Version must be 0, and will be updated by Packit for -# copr and koji builds. -# If you're reading this on dist-git, the version is automatically filled in by Packit. -Version: 0 -# The `AND` needs to be uppercase in the License for SPDX compatibility -License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 -Release: %autorelease -%if %{defined golang_arches_future} -ExclusiveArch: %{golang_arches_future} -%else -ExclusiveArch: aarch64 ppc64le s390x x86_64 -%endif -Summary: Manage Pods, Containers and Container Images -URL: https://%{name}.io/ -# All SourceN files fetched from upstream -Source0: %{git0}/archive/v%{version_no_tilde}.tar.gz -Provides: %{name}-manpages = %{epoch}:%{version}-%{release} -BuildRequires: %{_bindir}/envsubst -%if %{defined build_with_btrfs} -BuildRequires: btrfs-progs-devel -%endif -BuildRequires: gcc -BuildRequires: glib2-devel -BuildRequires: glibc-devel -BuildRequires: glibc-static -BuildRequires: golang -BuildRequires: git-core -%if %{undefined rhel} || 0%{?rhel} >= 10 -BuildRequires: go-rpm-macros -%endif -BuildRequires: gpgme-devel -BuildRequires: libassuan-devel -BuildRequires: libgpg-error-devel -BuildRequires: libseccomp-devel -BuildRequires: libselinux-devel -BuildRequires: shadow-utils-subid-devel -BuildRequires: pkgconfig -BuildRequires: make -BuildRequires: man-db -BuildRequires: ostree-devel -BuildRequires: systemd -BuildRequires: systemd-devel -Requires: catatonit -Requires: conmon >= 2:2.1.7-2 -%if %{defined fedora} && 0%{?fedora} >= 40 -# TODO: Remove the f40 conditional after a few releases to keep conditionals to -# a minimum -# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2269148 -Requires: containers-common-extra >= 5:0.58.0-1 -%else -Requires: containers-common-extra -%endif -Obsoletes: %{name}-quadlet <= 5:4.4.0-1 -Provides: %{name}-quadlet = %{epoch}:%{version}-%{release} - -%description -%{name} (Pod Manager) is a fully featured container engine that is a simple -daemonless tool. %{name} provides a Docker-CLI comparable command line that -eases the transition from other container engines and allows the management of -pods, containers and images. Simply put: alias docker=%{name}. -Most %{name} commands can be run as a regular user, without requiring -additional privileges. - -%{name} uses Buildah(1) internally to create container images. -Both tools share image (not container) storage, hence each can use or -manipulate images (but not containers) created by the other. - - -%package docker -Summary: Emulate Docker CLI using %{name} -BuildArch: noarch -Requires: %{name} = %{epoch}:%{version}-%{release} -Conflicts: docker -Conflicts: docker-latest -Conflicts: docker-ce -Conflicts: docker-ee -Conflicts: moby-engine - -%description docker -This package installs a script named docker that emulates the Docker CLI by -executes %{name} commands, it also creates links between all Docker CLI man -pages and %{name}. - -%package tests -Summary: Tests for %{name} - -Requires: %{name} = %{epoch}:%{version}-%{release} -%if %{defined fedora} -Requires: bats -%endif -Requires: attr -Requires: jq -Requires: skopeo -Requires: nmap-ncat -Requires: httpd-tools -Requires: openssl -Requires: socat -Requires: buildah -Requires: gnupg -Requires: xfsprogs - -%description tests -%{summary} - -This package contains system tests for %{name} - -%package remote -Summary: (Experimental) Remote client for managing %{name} containers - -%description remote -Remote client for managing %{name} containers. - -This experimental remote client is under heavy development. Please do not -run %{name}-remote in production. - -%{name}-remote uses the version 2 API to connect to a %{name} client to -manage pods, containers and container images. %{name}-remote supports ssh -connections as well. - -%package -n %{name}sh -Summary: Confined login and user shell using %{name} -Requires: %{name} = %{epoch}:%{version}-%{release} -Provides: %{name}-shell = %{epoch}:%{version}-%{release} -Provides: %{name}-%{name}sh = %{epoch}:%{version}-%{release} - -%description -n %{name}sh -%{name}sh provides a confined login and user shell with access to volumes and -capabilities specified in user quadlets. - -It is a symlink to %{_bindir}/%{name} and execs into the `%{name}sh` container -when `%{_bindir}/%{name}sh` is set as a login shell or set as os.Args[0]. - -%ifarch %{machine_arches} -%package machine -Summary: Metapackage for setting up %{name} machine -Requires: %{name} = %{epoch}:%{version}-%{release} -Requires: gvisor-tap-vsock -%if %{defined qemu} -%ifarch aarch64 -Requires: qemu-system-aarch64-core -%endif -%ifarch x86_64 -Requires: qemu-system-x86-core -%endif -%else -Requires: qemu-kvm -%endif -Requires: qemu-img -Requires: virtiofsd -ExclusiveArch: x86_64 aarch64 - -%description machine -This subpackage installs the dependencies for %{name} machine, for more see: -https://docs.podman.io/en/latest/markdown/podman-machine.1.html -%endif - -%prep -%autosetup -Sgit -n %{name}-%{version_no_tilde} -sed -i 's;@@PODMAN@@\;$(BINDIR);@@PODMAN@@\;%{_bindir};' Makefile - -# cgroups-v1 is supported on rhel9 -%if 0%{?rhel} == 9 -sed -i '/DELETE ON RHEL9/,/DELETE ON RHEL9/d' libpod/runtime.go -%endif - -# These changes are only meant for copr builds -%if %{defined copr_build} -# podman --version should show short sha -sed -i "s/^const RawVersion = .*/const RawVersion = \"##VERSION##-##SHORT_SHA##\"/" version/rawversion/version.go -# use ParseTolerant to allow short sha in version -sed -i "s/^var Version.*/var Version, err = semver.ParseTolerant(rawversion.RawVersion)/" version/version.go -%endif - -%build -%set_build_flags -export CGO_CFLAGS=$CFLAGS - -# These extra flags present in $CFLAGS have been skipped for now as they break the build -CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g') -CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g') -CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g') - -%ifarch x86_64 -export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" -%endif - -export GOPROXY=direct - -LDFLAGS="-X %{ld_libpod}/define.buildInfo=${SOURCE_DATE_EPOCH:-$(date +%s)} \ - -X \"%{ld_libpod}/define.buildOrigin=%{build_origin}\" \ - -X %{ld_libpod}/config._installPrefix=%{_prefix} \ - -X %{ld_libpod}/config._etcDir=%{_sysconfdir} \ - -X %{ld_project}/pkg/systemd/quadlet._binDir=%{_bindir}" - -# build rootlessport first -%gobuild -o bin/rootlessport ./cmd/rootlessport - -export BASEBUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)" - -# libtrust_openssl buildtag switches to using the FIPS-compatible func -# `ecdsa.HashSign`. -# Ref 1: https://github.com/golang-fips/go/blob/main/patches/015-add-hash-sign-verify.patch#L22 -# Ref 2: https://github.com/containers/libtrust/blob/main/ec_key_openssl.go#L23 -%if %{defined fips_enabled} -export BASEBUILDTAGS="$BASEBUILDTAGS libtrust_openssl" -%endif - -# build %%{name} -export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh)" -%gobuild -o bin/%{name} ./cmd/%{name} - -# build %%{name}-remote -export BUILDTAGS="$BASEBUILDTAGS exclude_graphdriver_btrfs btrfs_noversion remote" -%gobuild -o bin/%{name}-remote ./cmd/%{name} - -# build quadlet -export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)" -%gobuild -o bin/quadlet ./cmd/quadlet - -# build %%{name}-testing -export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)" -%gobuild -o bin/podman-testing ./cmd/podman-testing - -# reset LDFLAGS for plugins binaries -LDFLAGS='' - -%{__make} docs docker-docs - -%install -install -dp %{buildroot}%{_unitdir} -PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} ETCDIR=%{_sysconfdir} \ - install.bin \ - install.man \ - install.systemd \ - install.completions \ - install.docker \ - install.docker-docs \ - install.remote \ - install.testing - -# See above for the iptables.conf declaration -%if %{defined fedora} && 0%{?fedora} < 41 -%{__make} DESTDIR=%{buildroot} MODULESLOADDIR=%{_modulesloaddir} install.modules-load -%endif - -sed -i 's;%{buildroot};;g' %{buildroot}%{_bindir}/docker - -# do not include docker and podman-remote man pages in main package -for file in `find %{buildroot}%{_mandir}/man[157] -type f | sed "s,%{buildroot},," | grep -v -e %{name}sh.1 -e remote -e docker`; do - echo "$file*" >> %{name}.file-list -done - -rm -f %{buildroot}%{_mandir}/man5/docker*.5 - -install -d -p %{buildroot}%{_datadir}/%{name}/test/system -cp -pav test/system %{buildroot}%{_datadir}/%{name}/test/ - -%ifarch %{machine_arches} -# symlink virtiofsd in %%{name} libexecdir for machine subpackage -ln -s ../virtiofsd %{buildroot}%{_libexecdir}/%{name} -%endif - -#define license tag if not already defined -%{!?_licensedir:%global license %doc} - -# Include empty check to silence rpmlint warning -%check - -%files -f %{name}.file-list -%license LICENSE vendor/modules.txt -%doc README.md CONTRIBUTING.md install.md transfer.md -%{_bindir}/%{name} -%dir %{_libexecdir}/%{name} -%{_libexecdir}/%{name}/rootlessport -%{_libexecdir}/%{name}/quadlet -%{_datadir}/bash-completion/completions/%{name} -# By "owning" the site-functions dir, we don't need to Require zsh -%dir %{_datadir}/zsh/site-functions -%{_datadir}/zsh/site-functions/_%{name} -%dir %{_datadir}/fish/vendor_completions.d -%{_datadir}/fish/vendor_completions.d/%{name}.fish -%{_unitdir}/%{name}* -%{_userunitdir}/%{name}* -%{_tmpfilesdir}/%{name}.conf -%{_systemdgeneratordir}/%{name}-system-generator -%{_systemdusergeneratordir}/%{name}-user-generator -# iptables modules are only needed with iptables-legacy, -# as of f41 netavark will default to nftables so do not load unessary modules -# https://fedoraproject.org/wiki/Changes/NetavarkNftablesDefault -%if %{defined fedora} && 0%{?fedora} < 41 -%{_modulesloaddir}/%{name}-iptables.conf -%endif - -%files docker -%{_bindir}/docker -%{_mandir}/man1/docker*.1* -%{_sysconfdir}/profile.d/%{name}-docker.* -%{_tmpfilesdir}/%{name}-docker.conf -%{_user_tmpfilesdir}/%{name}-docker.conf - -%files remote -%license LICENSE -%{_bindir}/%{name}-remote -%{_mandir}/man1/%{name}-remote*.* -%{_datadir}/bash-completion/completions/%{name}-remote -%dir %{_datadir}/fish/vendor_completions.d -%{_datadir}/fish/vendor_completions.d/%{name}-remote.fish -%dir %{_datadir}/zsh/site-functions -%{_datadir}/zsh/site-functions/_%{name}-remote - -%files tests -%{_bindir}/%{name}-testing -%{_datadir}/%{name}/test - -%files -n %{name}sh -%{_bindir}/%{name}sh -%{_mandir}/man1/%{name}sh.1* - -%ifarch %{machine_arches} -%files machine -%dir %{_libexecdir}/%{name} -%{_libexecdir}/%{name}/virtiofsd -%endif - -%changelog -%autochangelog diff --git a/rpm/update-spec-version.sh b/rpm/update-spec-version.sh deleted file mode 100644 index c9d6225710..0000000000 --- a/rpm/update-spec-version.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash - -# This script will update the Version field in the spec which is set to 0 by -# default. Useful for local manual rpm builds where the Version needs to be set -# correctly. - -set -eox pipefail - -PACKAGE=podman -SPEC_FILE=$PACKAGE.spec -VERSION=$(grep '^const RawVersion' ../version/rawversion/version.go | cut -d\" -f2) -RPM_VERSION=$(echo $VERSION | sed -e 's/^v//' -e 's/-/~/g') - -# Update spec file to use local changes -sed -i "s/^Version:.*/Version: $RPM_VERSION/" $SPEC_FILE -sed -i "s/^Source0:.*/Source0: $PACKAGE-$VERSION.tar.gz/" $SPEC_FILE -sed -i "s/^%autosetup.*/%autosetup -Sgit -n %{name}-$VERSION/" $SPEC_FILE - -# Generate Source0 archive from HEAD -(cd .. && git archive --format=tar.gz --prefix=$PACKAGE-$VERSION/ HEAD -o rpm/$PACKAGE-$VERSION.tar.gz) diff --git a/test/system/220-healthcheck.bats b/test/system/220-healthcheck.bats index 00b788858a..4610f1d4d0 100644 --- a/test/system/220-healthcheck.bats +++ b/test/system/220-healthcheck.bats @@ -391,6 +391,10 @@ function _check_health_log { @test "podman healthcheck --health-log-destination journal" { + if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then + skip_if_rootless "Broken on RHEL: https://github.com/containers/podman/issues/26406" + fi + skip_if_remote "We cannot read journalctl over remote." # We can't use journald on RHEL as rootless, either: rhbz#1895105 diff --git a/test/system/251-system-service.bats b/test/system/251-system-service.bats index 6048ed5353..53eb2988b9 100644 --- a/test/system/251-system-service.bats +++ b/test/system/251-system-service.bats @@ -69,6 +69,10 @@ function teardown() { # This doesn't actually test podman system service, but we require it, # so least-awful choice is to run from this test file. @test "podman --host / -H options" { + if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then + skip "Broken on RHEL: https://github.com/containers/podman/issues/26406" + fi + port=$(random_free_port) URL=tcp://127.0.0.1:$port diff --git a/test/system/252-quadlet.bats b/test/system/252-quadlet.bats index 264518b269..5e50f209e9 100644 --- a/test/system/252-quadlet.bats +++ b/test/system/252-quadlet.bats @@ -187,6 +187,10 @@ function wait_for_journal() { # bats test_tags=distro-integration @test "quadlet - basic" { + if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then + skip_if_rootless "Broken on RHEL: https://github.com/containers/podman/issues/26413" + fi + # Network=none is to work around a Pasta bug, can be removed once a patched Pasta is available. # Ref https://github.com/containers/podman/pull/21563#issuecomment-1965145324 local quadlet_file=$PODMAN_TMPDIR/basic_$(safename).container @@ -259,6 +263,10 @@ EOF } @test "quadlet - envvar" { + if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then + skip_if_rootless "Broken on RHEL: https://github.com/containers/podman/issues/26414" + fi + local quadlet_file=$PODMAN_TMPDIR/envvar_$(safename).container cat > $quadlet_file < $quadlet_file <$UNIT_DIR/podman-auto-update-$cname.timer < + bash ./setup.sh && + make -C $TMT_TREE localsystem + duration: 40m + +/sys-rootless-local: + test: > + bash ./setup.sh && + loginctl enable-linger $ROOTLESS_USER && + chown -R $ROOTLESS_USER $TMT_TREE && + su - "$ROOTLESS_USER" -c "CI_DESIRED_NETWORK=netavark make -C $TMT_TREE localsystem" + duration: 40m + +/sys-root-remote: + test: > + bash ./setup.sh && + make -C $TMT_TREE remotesystem + duration: 40m + +/sys-rootless-remote: + test: > + bash ./setup.sh && + loginctl enable-linger $ROOTLESS_USER && + chown -R $ROOTLESS_USER $TMT_TREE && + su - "$ROOTLESS_USER" -c "CI_DESIRED_NETWORK=netavark make -C $TMT_TREE remotesystem" + duration: 40m diff --git a/test/tmt/setup.sh b/test/tmt/setup.sh new file mode 100644 index 0000000000..870bdf2714 --- /dev/null +++ b/test/tmt/setup.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +set -exo pipefail + +pushd "$TMT_TREE" +make +make install +popd From 3b6d20c013777e507298505a0d65266e5bc69e5d Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 16 Jun 2025 11:16:11 -0400 Subject: [PATCH 3/3] tmp: add rootless user to wheel Signed-off-by: Lokesh Mandvekar --- test/system/220-healthcheck.bats | 6 ++-- test/system/251-system-service.bats | 6 ++-- test/system/252-quadlet.bats | 42 +++++++++++++------------- test/system/255-auto-update.bats | 6 ++-- test/system/272-system-connection.bats | 6 ++-- test/tmt/main.fmf | 2 ++ 6 files changed, 35 insertions(+), 33 deletions(-) diff --git a/test/system/220-healthcheck.bats b/test/system/220-healthcheck.bats index 4610f1d4d0..aeb9c8636c 100644 --- a/test/system/220-healthcheck.bats +++ b/test/system/220-healthcheck.bats @@ -391,9 +391,9 @@ function _check_health_log { @test "podman healthcheck --health-log-destination journal" { - if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then - skip_if_rootless "Broken on RHEL: https://github.com/containers/podman/issues/26406" - fi + #if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then + # skip_if_rootless "Broken on RHEL: https://github.com/containers/podman/issues/26406" + #fi skip_if_remote "We cannot read journalctl over remote." diff --git a/test/system/251-system-service.bats b/test/system/251-system-service.bats index 53eb2988b9..e80e620780 100644 --- a/test/system/251-system-service.bats +++ b/test/system/251-system-service.bats @@ -69,9 +69,9 @@ function teardown() { # This doesn't actually test podman system service, but we require it, # so least-awful choice is to run from this test file. @test "podman --host / -H options" { - if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then - skip "Broken on RHEL: https://github.com/containers/podman/issues/26406" - fi + #if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then + # skip "Broken on RHEL: https://github.com/containers/podman/issues/26406" + #fi port=$(random_free_port) URL=tcp://127.0.0.1:$port diff --git a/test/system/252-quadlet.bats b/test/system/252-quadlet.bats index 5e50f209e9..4726b2ef36 100644 --- a/test/system/252-quadlet.bats +++ b/test/system/252-quadlet.bats @@ -187,9 +187,9 @@ function wait_for_journal() { # bats test_tags=distro-integration @test "quadlet - basic" { - if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then - skip_if_rootless "Broken on RHEL: https://github.com/containers/podman/issues/26413" - fi + #if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then + # skip_if_rootless "Broken on RHEL: https://github.com/containers/podman/issues/26413" + #fi # Network=none is to work around a Pasta bug, can be removed once a patched Pasta is available. # Ref https://github.com/containers/podman/pull/21563#issuecomment-1965145324 @@ -263,9 +263,9 @@ EOF } @test "quadlet - envvar" { - if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then - skip_if_rootless "Broken on RHEL: https://github.com/containers/podman/issues/26414" - fi + #if [[ -n "$HOST_DISTRO_NAME" && "$HOST_DISTRO_NAME" == "rhel" ]]; then + # skip_if_rootless "Broken on RHEL: https://github.com/containers/podman/issues/26414" + #fi local quadlet_file=$PODMAN_TMPDIR/envvar_$(safename).container cat > $quadlet_file < $quadlet_file <$UNIT_DIR/podman-auto-update-$cname.timer < bash ./setup.sh && loginctl enable-linger $ROOTLESS_USER && + usermod -a -G wheel $ROOTLESS_USER && chown -R $ROOTLESS_USER $TMT_TREE && su - "$ROOTLESS_USER" -c "CI_DESIRED_NETWORK=netavark make -C $TMT_TREE localsystem" duration: 40m @@ -32,6 +33,7 @@ adjust+: test: > bash ./setup.sh && loginctl enable-linger $ROOTLESS_USER && + usermod -a -G wheel $ROOTLESS_USER && chown -R $ROOTLESS_USER $TMT_TREE && su - "$ROOTLESS_USER" -c "CI_DESIRED_NETWORK=netavark make -C $TMT_TREE remotesystem" duration: 40m