diff options
| -rw-r--r-- | .autocopr/README | 5 | ||||
| -rw-r--r-- | podman.spec.rpkg (renamed from .autocopr/podman.spec) | 167 | ||||
| -rw-r--r-- | rootless.md | 4 |
3 files changed, 92 insertions, 84 deletions
diff --git a/.autocopr/README b/.autocopr/README deleted file mode 100644 index 791fe8262..000000000 --- a/.autocopr/README +++ /dev/null @@ -1,5 +0,0 @@ -Enable COPR: -sudo dnf copr enable rhcontainerbot/podman-next - -Install podman: -sudo dnf install podman -y diff --git a/.autocopr/podman.spec b/podman.spec.rpkg index 45f6c14d8..cff5eb3d9 100644 --- a/.autocopr/podman.spec +++ b/podman.spec.rpkg @@ -1,4 +1,9 @@ -%global with_debug 0 +# For automatic rebuilds in COPR + +# The following tag is to get correct syntax highlighting for this file in vim text editor +# vim: syntax=spec + +%global with_debug 1 %if 0%{?with_debug} %global _find_debuginfo_dwz_opts %{nil} @@ -7,6 +12,10 @@ %global debug_package %{nil} %endif +%if ! 0%{?gobuild:1} +%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**}; +%endif + %global provider github %global provider_tld com %global project containers @@ -15,68 +24,37 @@ %global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global git0 https://%{import_path} -Name: podman -Epoch: 100 -Version: 4 -%define build_datestamp %{lua: print(os.date("%Y%m%d"))} -%define build_timestamp %{lua: print(os.date("%H%M%S"))} -Release: %{build_datestamp}.%{build_timestamp} +# git_dir_name returns repository name derived from remote Git repository URL +Name: {{{ git_dir_name }}} + +Epoch: 101 + +# git_dir_version returns version based on commit and tag history of the Git project +Version: {{{ git_dir_version }}} + +# This can be useful later for adding downstream patches +Release: 1%{?dist} + +# Basic description of the package Summary: Manage Pods, Containers and Container Images -License: ASL 2.0 -URL: https://%{name}.io/ -Source0: %{git0}/archive/main.tar.gz -Provides: %{name}-manpages = %{epoch}:%{version}-%{release} -%if 0%{?fedora} && ! 0%{?rhel} -BuildRequires: btrfs-progs-devel -%endif -BuildRequires: gcc -BuildRequires: golang >= 1.16.6 -BuildRequires: glib2-devel -BuildRequires: glibc-devel -BuildRequires: glibc-static -BuildRequires: git-core -BuildRequires: golang-github-cpuguy83-md2man -BuildRequires: go-rpm-macros -BuildRequires: gpgme-devel -BuildRequires: libassuan-devel -BuildRequires: libgpg-error-devel -BuildRequires: libseccomp-devel -BuildRequires: libselinux-devel -%if 0%{?fedora} >= 35 -BuildRequires: shadow-utils-subid-devel -%endif -BuildRequires: pkgconfig -BuildRequires: make -BuildRequires: ostree-devel -BuildRequires: systemd -BuildRequires: systemd-devel -Requires: conmon >= 2:2.0.30-2 -%if 0%{?fedora} -Requires: containers-common >= 4:1-21 -%else -Requires: containers-common >= 2:1-13 -%endif -Requires: containernetworking-plugins >= 1.0.0-15.1 -Requires: iptables -Requires: nftables -Recommends: %{name}-plugins -Recommends: catatonit -Suggests: qemu-user-static -%description -%{name} (Pod Manager) is a fully featured container engine that is a simple -daemonless tool. %{name} provides a Docker-CLI comparable command line that -eases the transition from other container engines and allows the management of -pods, containers and images. Simply put: alias docker=%{name}. -Most %{name} commands can be run as a regular user, without requiring -additional privileges. +# License. We assume GPLv2+ here. +License: ASL 2.0 -%{name} uses Buildah(1) internally to create container images. -Both tools share image (not container) storage, hence each can use or -manipulate images (but not containers) created by the other. +# Home page of the project. Can also point to the public Git repository page. +URL: https://github.com/containers/podman -%{summary} -%{repo} Simple management tool for pods, containers and images +# Detailed information about the source Git repository and the source commit +# for the created rpm package +VCS: {{{ git_dir_vcs }}} + +# git_dir_pack macro places the repository content (the source files) into a tarball +# and returns its filename. The tarball will be used to build the rpm. +Source: {{{ git_dir_pack }}} + +# More detailed description of the package +%description +This is a hello world package. %package docker Summary: Emulate Docker CLI using %{name} @@ -124,12 +102,55 @@ run %{name}-remote in production. manage pods, containers and container images. %{name}-remote supports ssh connections as well. +# The following four sections already describe the rpm build process itself. +# prep will extract the tarball defined as Source above and descend into it. %prep -%autosetup -n %{name}-main +{{{ git_dir_setup_macro }}} +# This will invoke `make` command in the directory with the extracted sources. %build -make all docker-docs +%set_build_flags +export GO111MODULE=off +export GOPATH=$(pwd)/_build:$(pwd) +export CGO_CFLAGS=$CFLAGS +# These extra flags present in $CFLAGS have been skipped for now as they break the build +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g') +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g') +CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g') + +%ifarch x86_64 +export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full" +%endif +mkdir _build +pushd _build +mkdir -p src/%{provider}.%{provider_tld}/%{project} +ln -s ../../../../ src/%{import_path} +popd +ln -s vendor src + +# build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here? +LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)" + +# build rootlessport first +%gobuild -o bin/rootlessport %%{import_path}/cmd/rootlessport + +# build %%{name} +export BUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) $(hack/selinux_tag.sh) $(hack/systemd_tag.sh)" +%if 0%{?fedora} >= 35 +export BUILDTAGS+=" $(hack/libsubid_tag.sh)" +%endif + +%gobuild -o bin/%{name} %{import_path}/cmd/%{name} + +# build %%{name}-remote +export BUILDTAGS+=" exclude_graphdriver_btrfs btrfs_noversion remote" +%gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name} + +make docs docker-docs + +# This will copy the files generated by the `make` command above into +# the installable rpm package. %install PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \ install.bin-nobuild \ @@ -140,23 +161,18 @@ PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} ETCDI install.docker-docs-nobuild \ install.remote-nobuild \ -mv pkg/hooks/README.md pkg/hooks/README-hooks.md +install -d -p %{buildroot}/%{_datadir}/%{name}/test/system +cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/ +mv pkg/hooks/README.md pkg/hooks/README-hooks.md # do not include docker and podman-remote man pages in main package for file in `find %{buildroot}%{_mandir}/man[15] -type f | sed "s,%{buildroot},," | grep -v -e remote -e docker`; do echo "$file*" >> podman.file-list done -# install tests -install -d -p %{buildroot}/%{_datadir}/%{name}/test/system -cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/ - -%check - -#define license tag if not already defined -%{!?_licensedir:%global license %doc} - +# This lists all the files that are included in the rpm package and that +# are going to be installed into target system where the rpm is installed. %files -f %{name}.file-list %license LICENSE %doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md transfer.md @@ -201,10 +217,7 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/ %license LICENSE %{_datadir}/%{name}/test -%triggerpostun -- %{name} <= 3.2 -rm -f %{_sharedstatedir}/containers/storage/libpod/defaultCNINetExists -exit 0 - +# Finally, changes from the latest release of your application are generated from +# your project's Git history. It will be empty until you make first annotated Git tag. %changelog -* Fri Dec 03 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - %{version}-%{release} -- auto copr build +{{{ git_dir_changelog }}} diff --git a/rootless.md b/rootless.md index bee5d337b..d95e77b94 100644 --- a/rootless.md +++ b/rootless.md @@ -25,8 +25,8 @@ can easily fail * When a container root process like YUM attempts to create a file owned by a different UID, NFS Server/GPFS denies the creation. * Does not work with homedirs mounted with noexec/nodev * User can setup storage to point to other directories they can write to that are not mounted noexec/nodev -* Can not use overlayfs driver, but does support fuse-overlayfs - * Ubuntu supports non root overlay, but no other Linux distros do. +* Support for using native overlayfs as an unprivileged user is only available for Podman version >= 3.1 on a Linux kernel version >= 5.12, otherwise the slower _fuse-overlayfs_ may be used. + * A few Linux distributions (e.g. Ubuntu) have supported even older Podman and Linux kernel versions by modifying the normal Linux kernel behaviour. * Only other supported driver is VFS. * Cannot use ping out of the box. * [(Can be fixed by setting sysctl on host)](https://github.com/containers/podman/blob/master/troubleshooting.md#5-rootless-containers-cannot-ping-hosts) |