summaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorzhangguanzhang <guanzhangzhang@gmail.com>2020-06-12 19:54:10 +0800
committerGitHub <noreply@github.com>2020-06-12 19:54:10 +0800
commit64eae15aa7905dd49f4a348f6b4765dfb4d9dd91 (patch)
tree2914c20a2e0e15383da50334cad89b9b85b209a1 /contrib
parent3218736cff4b718b8fe855759687cb66f19d6e1e (diff)
parent8aa5cf3d45998bc92eaafd67ab2a59e3722bade4 (diff)
downloadpodman-64eae15aa7905dd49f4a348f6b4765dfb4d9dd91.tar.gz
podman-64eae15aa7905dd49f4a348f6b4765dfb4d9dd91.tar.bz2
podman-64eae15aa7905dd49f4a348f6b4765dfb4d9dd91.zip
Merge pull request #1 from containers/master
# sync
Diffstat (limited to 'contrib')
-rw-r--r--contrib/cirrus/README.md62
-rwxr-xr-xcontrib/cirrus/check_image.sh42
-rwxr-xr-xcontrib/cirrus/integration_test.sh15
-rw-r--r--contrib/cirrus/lib.sh13
-rw-r--r--contrib/cirrus/packer/fedora_packaging.sh85
-rw-r--r--contrib/cirrus/packer/fedora_setup.sh8
-rw-r--r--contrib/cirrus/packer/ubuntu_packaging.sh31
-rwxr-xr-xcontrib/cirrus/rootless_test.sh22
-rwxr-xr-xcontrib/cirrus/setup_environment.sh19
-rw-r--r--contrib/cirrus/swagger_stack_trace.pngbin0 -> 42799 bytes
-rw-r--r--contrib/spec/podman.spec.in3
11 files changed, 191 insertions, 109 deletions
diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md
index 541cf2f54..c8ec766e7 100644
--- a/contrib/cirrus/README.md
+++ b/contrib/cirrus/README.md
@@ -167,26 +167,50 @@ env:
### `docs` Task
-Builds swagger API documentation YAML and uploads to google storage for both
-PR's (for testing the process) and after a merge into any branch. For PR's
+Builds swagger API documentation YAML and uploads to google storage (an online
+service for storing unstructured data) for both
+PR's (for testing the process) and the master branch. For PR's
the YAML is uploaded into a [dedicated short-pruning cycle
-bucket.](https://storage.googleapis.com/libpod-pr-releases/) For branches,
-a [separate bucket is
-used.](https://storage.googleapis.com/libpod-master-releases)
-In both cases the filename includes the source
-PR number or branch name.
-
-***Note***: [The online documentation](http://docs.podman.io/en/latest/_static/api.html)
-is presented through javascript on the client-side. This requires CORS to be properly
-configured on the bucket, for the `http://docs.podman.io` origin. Please see
-[Configuring CORS on a bucket](https://cloud.google.com/storage/docs/configuring-cors#configure-cors-bucket)
-for details. This may be performed by anybody with admin access to the google storage bucket,
-using the following JSON:
+bucket.](https://storage.googleapis.com/libpod-pr-releases/) for testing purposes
+only. For the master branch, a [separate bucket is
+used](https://storage.googleapis.com/libpod-master-releases) and provides the
+content rendered on [the API Reference page](https://docs.podman.io/en/latest/_static/api.html)
+
+The online API reference is presented by javascript to the client. To prevent hijacking
+of the client by malicious data, the [javascript utilises CORS](https://cloud.google.com/storage/docs/cross-origin).
+This CORS metadata is served by `https://storage.googleapis.com` when configured correctly.
+It will appear in [the request and response headers from the
+client](https://cloud.google.com/storage/docs/configuring-cors#troubleshooting) when accessing
+the API reference page.
+
+However, when the CORS metadata is missing or incorrectly configured, clients will receive an
+error-message similar to:
+
+![Javascript Stack Trace Image](swagger_stack_trace.png)
+
+For documentation built by Read The Docs from the master branch, CORS metadata is
+set on the `libpod-master-releases` storage bucket. Viewing or setting the CORS
+metadata on the bucket requires having locally [installed and
+configured the google-cloud SDK](https://cloud.google.com/sdk/docs). It also requires having
+admin access to the google-storage bucket. Contact a project owner for help if you are
+unsure of your permissions or need help resolving an error similar to the picture above.
+
+Assuming the SDK is installed, and you have the required admin access, the following command
+will display the current CORS metadata:
+
+```
+gsutil cors get gs://libpod-master-releases
+```
+
+To function properly (allow client "trust" of content from `storage.googleapis.com`) the followiing
+metadata JSON should be used. Following the JSON, is an example of the command used to set this
+metadata on the libpod-master-releases bucket. For additional information about configuring CORS
+please referr to [the google-storage documentation](https://cloud.google.com/storage/docs/configuring-cors).
```JSON
[
{
- "origin": ["http://docs.podman.io"],
+ "origin": ["http://docs.podman.io", "https://docs.podman.io"],
"responseHeader": ["Content-Type"],
"method": ["GET"],
"maxAgeSeconds": 600
@@ -194,6 +218,14 @@ using the following JSON:
]
```
+```
+gsutil cors set /path/to/file.json gs://libpod-master-releases
+```
+
+***Note:*** The CORS metadata does _NOT_ change after the `docs` task uploads a new swagger YAML
+file. Therefore, if it is not functioning or misconfigured, a person must have altered it or
+changes were made to the referring site (e.g. `docs.podman.io`).
+
## Base-images
Base-images are VM disk-images specially prepared for executing as GCE VMs.
diff --git a/contrib/cirrus/check_image.sh b/contrib/cirrus/check_image.sh
index 5423f67d6..0d33e55bf 100755
--- a/contrib/cirrus/check_image.sh
+++ b/contrib/cirrus/check_image.sh
@@ -6,7 +6,7 @@ source $(dirname $0)/lib.sh
EVIL_UNITS="$($CIRRUS_WORKING_DIR/$PACKER_BASE/systemd_banish.sh --list)"
-req_env_var PACKER_BUILDER_NAME TEST_REMOTE_CLIENT EVIL_UNITS OS_RELEASE_ID
+req_env_var PACKER_BUILDER_NAME TEST_REMOTE_CLIENT EVIL_UNITS OS_RELEASE_ID CG_FS_TYPE
NFAILS=0
echo "Validating VM image"
@@ -22,7 +22,8 @@ item_test 'Minimum available memory' $MEM_FREE -ge $MIN_MEM_MB || let "NFAILS+=1
# We're testing a custom-built podman; make sure there isn't a distro-provided
# binary anywhere; that could potentially taint our results.
-item_test "remove_packaged_podman_files() did it's job" -z "$(type -P podman)" || let "NFAILS+=1"
+remove_packaged_podman_files
+item_test "remove_packaged_podman_files() does it's job" -z "$(type -P podman)" || let "NFAILS+=1"
# Integration Tests require varlink in Fedora
item_test "The varlink executable is present" -x "$(type -P varlink)" || let "NFAILS+=1"
@@ -39,8 +40,10 @@ for REQ_UNIT in google-accounts-daemon.service \
google-shutdown-scripts.service \
google-startup-scripts.service
do
- item_test "required $REQ_UNIT enabled" \
- "$(systemctl list-unit-files --no-legend $REQ_UNIT)" = "$REQ_UNIT enabled" || let "NFAILS+=1"
+ # enabled/disabled appears at the end of the line, on some Ubuntu's it appears twice
+ service_status=$(systemctl list-unit-files --no-legend $REQ_UNIT | tac -s ' ' | head -1)
+ item_test "required $REQ_UNIT status is enabled" \
+ "$service_status" = "enabled" || let "NFAILS+=1"
done
for evil_unit in $EVIL_UNITS
@@ -50,19 +53,28 @@ do
item_test "No $evil_unit unit is present or active:" "$unit_status" -ne "0" || let "NFAILS+=1"
done
-if [[ "$OS_RELEASE_ID" == "ubuntu" ]] && [[ -x "/usr/lib/cri-o-runc/sbin/runc" ]]
-then
- SAMESAME=$(diff --brief /usr/lib/cri-o-runc/sbin/runc /usr/bin/runc &> /dev/null; echo $?)
- item_test "On ubuntu /usr/bin/runc is /usr/lib/cri-o-runc/sbin/runc" "$SAMESAME" -eq "0" || let "NFAILS+=1"
-fi
-
-if [[ "$OS_RELEASE_ID" == "ubuntu" ]]
-then
- item_test "On ubuntu, no periodic apt crap is enabled" -z "$(egrep $PERIODIC_APT_RE /etc/apt/apt.conf.d/*)"
-fi
-
echo "Checking items specific to ${PACKER_BUILDER_NAME}${BUILT_IMAGE_SUFFIX}"
case "$PACKER_BUILDER_NAME" in
+ ubuntu*)
+ item_test "On ubuntu, no periodic apt crap is enabled" -z "$(egrep $PERIODIC_APT_RE /etc/apt/apt.conf.d/*)"
+ ;;
+ fedora*)
+ # Only runc -OR- crun should be installed, never both
+ case "$CG_FS_TYPE" in
+ tmpfs)
+ HAS=runc
+ HAS_NOT=crun
+ ;;
+ cgroup2fs)
+ HAS=crun
+ HAS_NOT=runc
+ ;;
+ esac
+ HAS_RC=$(rpm -qV $HAS &> /dev/null; echo $?)
+ HAS_NOT_RC=$(rpm -qV $HAS_NOT &> /dev/null; echo $?)
+ item_test "With a cgroups-fs type $CG_FS_TYPE, the $HAS package is installed" $HAS_RC -eq 0
+ item_test "With a cgroups-fs type $CG_FS_TYPE, the $HAS_NOT package is not installed" $HAS_NOT_RC -ne 0
+ ;;
xfedora*)
echo "Kernel Command-line: $(cat /proc/cmdline)"
item_test \
diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh
index 1aef678d4..33e9fbc6b 100755
--- a/contrib/cirrus/integration_test.sh
+++ b/contrib/cirrus/integration_test.sh
@@ -6,6 +6,11 @@ source $(dirname $0)/lib.sh
req_env_var GOSRC SCRIPT_BASE OS_RELEASE_ID OS_RELEASE_VER CONTAINER_RUNTIME VARLINK_LOG
+LOCAL_OR_REMOTE=local
+if [[ "$TEST_REMOTE_CLIENT" = "true" ]]; then
+ LOCAL_OR_REMOTE=remote
+fi
+
# Our name must be of the form xxxx_test or xxxx_test.sh, where xxxx is
# the test suite to run; currently (2019-05) the only option is 'integration'
# but pr2947 intends to add 'system'.
@@ -34,7 +39,7 @@ case "$SPECIALMODE" in
req_env_var ROOTLESS_USER
ssh $ROOTLESS_USER@localhost \
-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
- -o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE}
+ -o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE} ${LOCAL_OR_REMOTE}
;;
endpoint)
make
@@ -52,12 +57,8 @@ case "$SPECIALMODE" in
make
make install PREFIX=/usr ETCDIR=/etc
make test-binaries
- if [[ "$TEST_REMOTE_CLIENT" == "true" ]]
- then
- make remote${TESTSUITE} VARLINK_LOG=$VARLINK_LOG
- else
- make local${TESTSUITE}
- fi
+ make .install.bats
+ make ${LOCAL_OR_REMOTE}${TESTSUITE} PODMAN_SERVER_LOG=$PODMAN_SERVER_LOG
;;
*)
die 110 "Unsupported \$SPECIALMODE: $SPECIALMODE"
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index cc5a3ffa7..66e8060cf 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -39,6 +39,8 @@ PACKER_BASE=${PACKER_BASE:-./contrib/cirrus/packer}
# Important filepaths
SETUP_MARKER_FILEPATH="${SETUP_MARKER_FILEPATH:-/var/tmp/.setup_environment_sh_complete}"
AUTHOR_NICKS_FILEPATH="${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/git_authors_to_irc_nicks.csv"
+# Downloaded, but not installed packages.
+PACKAGE_DOWNLOAD_DIR=/var/cache/download
# Log remote-client system test varlink output here
export VARLINK_LOG=/var/tmp/varlink.log
@@ -422,7 +424,7 @@ remove_packaged_podman_files() {
then
LISTING_CMD="$SUDO dpkg-query -L podman"
else
- LISTING_CMD='$SUDO rpm -ql podman'
+ LISTING_CMD="$SUDO rpm -ql podman"
fi
# yum/dnf/dpkg may list system directories, only remove files
@@ -437,6 +439,14 @@ remove_packaged_podman_files() {
sync && echo 3 > /proc/sys/vm/drop_caches
}
+# The version of CRI-O and Kubernetes must always match
+get_kubernetes_version(){
+ # TODO: Look up the kube RPM/DEB version installed, or in $PACKAGE_DOWNLOAD_DIR
+ # and retrieve the major-minor version directly.
+ local KUBERNETES_VERSION="1.15"
+ echo "$KUBERNETES_VERSION"
+}
+
canonicalize_image_names() {
req_env_var IMGNAMES
echo "Adding all current base images to \$IMGNAMES for timestamp update"
@@ -479,6 +489,7 @@ _finalize() {
fi
echo "Re-initializing so next boot does 'first-boot' setup again."
cd /
+ $SUDO rm -rf $GOPATH/src # Actual source will be cloned at runtime
$SUDO rm -rf /var/lib/cloud/instanc*
$SUDO rm -rf /root/.ssh/*
$SUDO rm -rf /etc/ssh/*key*
diff --git a/contrib/cirrus/packer/fedora_packaging.sh b/contrib/cirrus/packer/fedora_packaging.sh
index e80d48bc8..aecaaef93 100644
--- a/contrib/cirrus/packer/fedora_packaging.sh
+++ b/contrib/cirrus/packer/fedora_packaging.sh
@@ -11,6 +11,8 @@ echo "Updating/Installing repos and packages for $OS_REL_VER"
source $GOSRC/$SCRIPT_BASE/lib.sh
+req_env_var GOSRC SCRIPT_BASE BIGTO INSTALL_AUTOMATION_VERSION FEDORA_BASE_IMAGE PRIOR_FEDORA_BASE_IMAGE
+
# Pre-req. to install automation tooing
$LILTO $SUDO dnf install -y git
@@ -35,7 +37,7 @@ fi
$BIGTO ooe.sh $SUDO dnf update -y
-REMOVE_PACKAGES=()
+REMOVE_PACKAGES=(runc)
INSTALL_PACKAGES=(\
autoconf
automake
@@ -50,8 +52,11 @@ INSTALL_PACKAGES=(\
containernetworking-plugins
containers-common
criu
+ crun
+ curl
device-mapper-devel
dnsmasq
+ e2fsprogs-devel
emacs-nox
file
findutils
@@ -60,16 +65,26 @@ INSTALL_PACKAGES=(\
gcc
git
glib2-devel
+ glibc-devel
glibc-static
gnupg
go-md2man
golang
+ gpgme
gpgme-devel
+ grubby
+ hostname
iproute
iptables
jq
+ krb5-workstation
+ libassuan
libassuan-devel
+ libblkid-devel
libcap-devel
+ libffi-devel
+ libgpg-error-devel
+ libguestfs-tools
libmsi1
libnet
libnet-devel
@@ -79,56 +94,60 @@ INSTALL_PACKAGES=(\
libselinux-devel
libtool
libvarlink-util
+ libxml2-devel
+ libxslt-devel
lsof
make
+ mlocate
msitools
+ nfs-utils
nmap-ncat
+ openssl
+ openssl-devel
ostree-devel
pandoc
+ pkgconfig
podman
+ policycoreutils
procps-ng
protobuf
protobuf-c
protobuf-c-devel
protobuf-devel
- python
+ python2
+ python3-PyYAML
python3-dateutil
python3-psutil
python3-pytoml
+ python3-libsemanage
+ python3-libselinux
+ python3-libvirt
+ redhat-rpm-config
+ rpcbind
rsync
+ sed
selinux-policy-devel
skopeo
skopeo-containers
slirp4netns
+ socat
+ tar
unzip
vim
wget
which
xz
zip
+ zlib-devel
+)
+DOWNLOAD_PACKAGES=(\
+ "cri-o-$(get_kubernetes_version)*"
+ cri-tools
+ "kubernetes-$(get_kubernetes_version)*"
+ runc
+ oci-umount
+ parallel
)
-
-case "$OS_RELEASE_VER" in
- 30)
- INSTALL_PACKAGES+=(\
- atomic-registries
- golang-github-cpuguy83-go-md2man
- python2-future
- runc
- )
- REMOVE_PACKAGES+=(crun)
- ;;
- 31)
- INSTALL_PACKAGES+=(crun)
- REMOVE_PACKAGES+=(runc)
- ;;
- 32)
- INSTALL_PACKAGES+=(crun)
- REMOVE_PACKAGES+=(runc)
- ;;
- *)
- bad_os_id_ver ;;
-esac
echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'"
$BIGTO ooe.sh $SUDO dnf install -y ${INSTALL_PACKAGES[@]}
@@ -136,6 +155,18 @@ $BIGTO ooe.sh $SUDO dnf install -y ${INSTALL_PACKAGES[@]}
[[ ${#REMOVE_PACKAGES[@]} -eq 0 ]] || \
$LILTO ooe.sh $SUDO dnf erase -y ${REMOVE_PACKAGES[@]}
-export GOPATH="$(mktemp -d)"
-trap "$SUDO rm -rf $GOPATH" EXIT
-ooe.sh $SUDO $GOSRC/hack/install_catatonit.sh
+if [[ ${#DOWNLOAD_PACKAGES[@]} -gt 0 ]]; then
+ echo "Downloading packages for optional installation at runtime, as needed."
+ # Required for cri-o
+ ooe.sh $SUDO dnf -y module enable cri-o:$(get_kubernetes_version)
+ $SUDO mkdir -p "$PACKAGE_DOWNLOAD_DIR"
+ cd "$PACKAGE_DOWNLOAD_DIR"
+ $LILTO ooe.sh $SUDO dnf download -y --resolve ${DOWNLOAD_PACKAGES[@]}
+ ls -la "$PACKAGE_DOWNLOAD_DIR/"
+fi
+
+echo "Installing runtime tooling"
+# Save some runtime by having these already available
+cd $GOSRC
+$SUDO make install.tools
+$SUDO $GOSRC/hack/install_catatonit.sh
diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh
index 3830b3bc4..25b568e8a 100644
--- a/contrib/cirrus/packer/fedora_setup.sh
+++ b/contrib/cirrus/packer/fedora_setup.sh
@@ -12,11 +12,11 @@ req_env_var SCRIPT_BASE PACKER_BASE INSTALL_AUTOMATION_VERSION PACKER_BUILDER_NA
workaround_bfq_bug
-# Do not enable update-stesting on the previous Fedora release
-if [[ "$FEDORA_BASE_IMAGE" =~ "${OS_RELEASE_ID}-cloud-base-${OS_RELEASE_VER}" ]]; then
- DISABLE_UPDATES_TESTING=0
-else
+# Do not enable updates-testing on the previous Fedora release
+if [[ "$PRIOR_FEDORA_BASE_IMAGE" =~ "${OS_RELEASE_ID}-cloud-base-${OS_RELEASE_VER}" ]]; then
DISABLE_UPDATES_TESTING=1
+else
+ DISABLE_UPDATES_TESTING=0
fi
bash $PACKER_BASE/fedora_packaging.sh
diff --git a/contrib/cirrus/packer/ubuntu_packaging.sh b/contrib/cirrus/packer/ubuntu_packaging.sh
index fd0280230..09f9aab9f 100644
--- a/contrib/cirrus/packer/ubuntu_packaging.sh
+++ b/contrib/cirrus/packer/ubuntu_packaging.sh
@@ -11,6 +11,8 @@ echo "Updating/Installing repos and packages for $OS_REL_VER"
source $GOSRC/$SCRIPT_BASE/lib.sh
+req_env_var GOSRC SCRIPT_BASE BIGTO SUDOAPTGET INSTALL_AUTOMATION_VERSION
+
echo "Updating/configuring package repositories."
$BIGTO $SUDOAPTGET update
@@ -99,6 +101,7 @@ INSTALL_PACKAGES=(\
protobuf-c-compiler
protobuf-compiler
python-protobuf
+ python2
python3-dateutil
python3-pip
python3-psutil
@@ -118,6 +121,11 @@ INSTALL_PACKAGES=(\
zip
zlib1g-dev
)
+DOWNLOAD_PACKAGES=(\
+ cri-o-$(get_kubernetes_version)
+ cri-tools
+ parallel
+)
# These aren't resolvable on Ubuntu 20
if [[ "$OS_RELEASE_VER" -le 19 ]]; then
@@ -137,16 +145,15 @@ echo "Installing general testing and system dependencies"
$LILTO ooe.sh $SUDOAPTGET update
$BIGTO ooe.sh $SUDOAPTGET install ${INSTALL_PACKAGES[@]}
-export GOPATH="$(mktemp -d)"
-trap "$SUDO rm -rf $GOPATH" EXIT
-echo "Installing cataonit and libseccomp.sudo"
-cd $GOSRC
-ooe.sh $SUDO hack/install_catatonit.sh
-ooe.sh $SUDO make install.libseccomp.sudo
-
-CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc"
-if $SUDO dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH"
-then
- echo "Linking $CRIO_RUNC_PATH to /usr/bin/runc for ease of testing."
- $SUDO ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc"
+if [[ ${#DOWNLOAD_PACKAGES[@]} -gt 0 ]]; then
+ echo "Downloading packages for optional installation at runtime, as needed."
+ $SUDO ln -s /var/cache/apt/archives "$PACKAGE_DOWNLOAD_DIR"
+ $LILTO ooe.sh $SUDOAPTGET install --download-only ${DOWNLOAD_PACKAGES[@]}
+ ls -la "$PACKAGE_DOWNLOAD_DIR/"
fi
+
+echo "Installing runtime tooling"
+cd $GOSRC
+$SUDO hack/install_catatonit.sh
+$SUDO make install.libseccomp.sudo
+$SUDO make install.tools
diff --git a/contrib/cirrus/rootless_test.sh b/contrib/cirrus/rootless_test.sh
index 3f45aac84..9e1b1d911 100755
--- a/contrib/cirrus/rootless_test.sh
+++ b/contrib/cirrus/rootless_test.sh
@@ -2,14 +2,6 @@
set -e
-remote=0
-
-# The TEST_REMOTE_CLIENT environment variable decides whether
-# to test varlink
-if [[ "$TEST_REMOTE_CLIENT" == "true" ]]; then
- remote=1
-fi
-
source $(dirname $0)/lib.sh
if [[ "$UID" == "0" ]]
@@ -18,11 +10,8 @@ then
exit 1
fi
-# Which set of tests to run; possible alternative is "system"
-TESTSUITE=integration
-if [[ -n "$*" ]]; then
- TESTSUITE="$1"
-fi
+TESTSUITE=${1?Missing TESTSUITE argument (arg1)}
+LOCAL_OR_REMOTE=${2?Missing LOCAL_OR_REMOTE argument (arg2)}
# Ensure environment setup correctly
req_env_var GOSRC ROOTLESS_USER
@@ -31,7 +20,6 @@ echo "."
echo "Hello, my name is $USER and I live in $PWD can I be your friend?"
echo "."
-export PODMAN_VARLINK_ADDRESS=unix:/tmp/podman-$(id -u)
show_env_vars
set -x
@@ -39,8 +27,4 @@ cd "$GOSRC"
make
make varlink_generate
make test-binaries
-if [ $remote -eq 0 ]; then
- make local${TESTSUITE}
-else
- make remote${TESTSUITE}
-fi
+make ${LOCAL_OR_REMOTE}${TESTSUITE}
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index 25b7ff941..323e7c35b 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -39,6 +39,17 @@ done
cd "${GOSRC}/"
case "${OS_RELEASE_ID}" in
ubuntu)
+ apt-get update
+ apt-get install -y containers-common
+ sed -ie 's/^\(# \)\?apparmor_profile =.*/apparmor_profile = ""/' /etc/containers/containers.conf
+ if [[ "$OS_RELEASE_VER" == "19" ]]; then
+ apt-get purge -y --auto-remove golang*
+ apt-get install -y golang-1.13
+ ln -s /usr/lib/go-1.13/bin/go /usr/bin/go
+ fi
+ if [[ "$OS_RELEASE_VER" == "20" ]]; then
+ apt-get install -y python-is-python3
+ fi
;;
fedora)
# All SELinux distros need this for systemd-in-a-container
@@ -78,14 +89,6 @@ case "$CG_FS_TYPE" in
warn "Forcing testing with crun instead of runc"
X=$(echo "export OCI_RUNTIME=/usr/bin/crun" | \
tee -a /etc/environment) && eval "$X" && echo "$X"
-
- if [[ "$OS_RELEASE_ID" == "fedora" ]]; then
- warn "Upgrading to the latest crun"
- # Normally not something to do for stable testing
- # but crun is new, and late-breaking fixes may be required
- # on short notice
- dnf update -y crun containers-common
- fi
;;
*)
die 110 "Unsure how to handle cgroup filesystem type '$CG_FS_TYPE'"
diff --git a/contrib/cirrus/swagger_stack_trace.png b/contrib/cirrus/swagger_stack_trace.png
new file mode 100644
index 000000000..6aa063bab
--- /dev/null
+++ b/contrib/cirrus/swagger_stack_trace.png
Binary files differ
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index 8d3cba612..260de7b20 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -77,8 +77,9 @@ BuildRequires: systemd-devel
Requires: skopeo-containers
Requires: containernetworking-plugins >= 0.6.0-3
Requires: iptables
-%if 0%{?rhel} <= 7
+%if 0%{?rhel} < 8 || 0%{?centos} < 8
Requires: container-selinux
+Requires: runc
%else
%if 0%{?rhel} || 0%{?centos}
Requires: runc