8 files changed, 101 insertions, 93 deletions
diff --git a/.autocopr/README b/.autocopr/README
deleted file mode 100644
index 791fe8262..000000000
--- a/.autocopr/README
+++ /dev/null
@@ -1,5 +0,0 @@
-Enable COPR:
-sudo dnf copr enable rhcontainerbot/podman-next
-
-Install podman:
-sudo dnf install podman -y
diff --git a/cni/README.md b/cni/README.md
index 12c890ce8..8bcd4327a 100644
--- a/cni/README.md
+++ b/cni/README.md
@@ -11,7 +11,7 @@ For example a basic network configuration can be achieved with:
 
 ```bash
 sudo mkdir -p /etc/cni/net.d
-curl -qsSL https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist | sudo tee /etc/cni/net.d/87-podman-bridge.conflist
+curl -qsSL https://raw.githubusercontent.com/containers/podman/main/cni/87-podman-bridge.conflist | sudo tee /etc/cni/net.d/87-podman-bridge.conflist
 ```
 
 Dependent upon your CNI configuration, you will need to install as a minimum the `port` and `bridge`  [CNI plugins](https://github.com/containernetworking/plugins) into `/opt/cni/bin` (or the directory specified by `cni_plugin_dir` in containers.conf).  Please refer to the [CNI](https://github.com/containernetworking) project page in GitHub for more information.
diff --git a/contrib/podmanimage/stable/Dockerfile b/contrib/podmanimage/stable/Dockerfile
index b0b5bb33b..a81c6fd58 100644
--- a/contrib/podmanimage/stable/Dockerfile
+++ b/contrib/podmanimage/stable/Dockerfile
@@ -19,8 +19,8 @@ RUN useradd podman; \
 echo podman:10000:5000 > /etc/subuid; \
 echo podman:10000:5000 > /etc/subgid;
 
-ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
-ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
+ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
+ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
 
 RUN mkdir -p /home/podman/.local/share/containers; chown podman:podman -R /home/podman
 
diff --git a/contrib/podmanimage/testing/Dockerfile b/contrib/podmanimage/testing/Dockerfile
index e7228ea42..0b3e077a6 100644
--- a/contrib/podmanimage/testing/Dockerfile
+++ b/contrib/podmanimage/testing/Dockerfile
@@ -19,8 +19,8 @@ RUN useradd podman; \
 echo podman:10000:5000 > /etc/subuid; \
 echo podman:10000:5000 > /etc/subgid;
 
-ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
-ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
+ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
+ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
 
 RUN mkdir -p /home/podman/.local/share/containers; chown podman:podman -R /home/podman
 
diff --git a/contrib/podmanimage/upstream/Dockerfile b/contrib/podmanimage/upstream/Dockerfile
index 864227f89..4b44c74c2 100644
--- a/contrib/podmanimage/upstream/Dockerfile
+++ b/contrib/podmanimage/upstream/Dockerfile
@@ -58,7 +58,7 @@ RUN yum -y update; rpm --restore shadow-utils 2>/dev/null;  yum -y install --exc
      mkdir -p /usr/libexec/cni; \
      \cp -fR bin/* /usr/libexec/cni; \
      mkdir -p /etc/cni/net.d; \
-     curl -qsSL https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist | tee /etc/cni/net.d/99-loopback.conf; \
+     curl -qsSL https://raw.githubusercontent.com/containers/podman/main/cni/87-podman-bridge.conflist | tee /etc/cni/net.d/99-loopback.conf; \
      mkdir -p /usr/share/containers; \
      rm -rf /root/podman/*; \
      yum -y remove git golang go-md2man make; \
@@ -68,8 +68,8 @@ RUN useradd podman; \
 echo podman:10000:5000 > /etc/subuid; \
 echo podman:10000:5000 > /etc/subgid;
 
-ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
-ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
+ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf
+ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf
 
 RUN mkdir -p /home/podman/.local/share/containers; chown podman:podman -R /home/podman
 
diff --git a/.autocopr/podman.spec b/podman.spec.rpkg
index 45f6c14d8..cff5eb3d9 100644
--- a/.autocopr/podman.spec
+++ b/podman.spec.rpkg
@@ -1,4 +1,9 @@
-%global with_debug 0
+# For automatic rebuilds in COPR
+
+# The following tag is to get correct syntax highlighting for this file in vim text editor
+# vim: syntax=spec
+
+%global with_debug 1
 
 %if 0%{?with_debug}
 %global _find_debuginfo_dwz_opts %{nil}
@@ -7,6 +12,10 @@
 %global debug_package %{nil}
 %endif
 
+%if ! 0%{?gobuild:1}
+%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**};
+%endif
+
 %global provider github
 %global provider_tld com
 %global project containers
@@ -15,68 +24,37 @@
 %global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
 %global git0 https://%{import_path}
 
-Name: podman
-Epoch: 100
-Version: 4
-%define build_datestamp %{lua: print(os.date("%Y%m%d"))}
-%define build_timestamp %{lua: print(os.date("%H%M%S"))}
-Release: %{build_datestamp}.%{build_timestamp}
+# git_dir_name returns repository name derived from remote Git repository URL
+Name:       {{{ git_dir_name }}}
+
+Epoch: 101
+
+# git_dir_version returns version based on commit and tag history of the Git project
+Version:    {{{ git_dir_version }}}
+
+# This can be useful later for adding downstream patches
+Release:    1%{?dist}
+
+# Basic description of the package
 Summary: Manage Pods, Containers and Container Images
-License: ASL 2.0
-URL: https://%{name}.io/
-Source0: %{git0}/archive/main.tar.gz
-Provides: %{name}-manpages = %{epoch}:%{version}-%{release}
-%if 0%{?fedora} && ! 0%{?rhel}
-BuildRequires: btrfs-progs-devel
-%endif
-BuildRequires: gcc
-BuildRequires: golang >= 1.16.6
-BuildRequires: glib2-devel
-BuildRequires: glibc-devel
-BuildRequires: glibc-static
-BuildRequires: git-core
-BuildRequires: golang-github-cpuguy83-md2man
-BuildRequires: go-rpm-macros
-BuildRequires: gpgme-devel
-BuildRequires: libassuan-devel
-BuildRequires: libgpg-error-devel
-BuildRequires: libseccomp-devel
-BuildRequires: libselinux-devel
-%if 0%{?fedora} >= 35
-BuildRequires: shadow-utils-subid-devel
-%endif
-BuildRequires: pkgconfig
-BuildRequires: make
-BuildRequires: ostree-devel
-BuildRequires: systemd
-BuildRequires: systemd-devel
-Requires: conmon >= 2:2.0.30-2
-%if 0%{?fedora}
-Requires: containers-common >= 4:1-21
-%else
-Requires: containers-common >= 2:1-13
-%endif
-Requires: containernetworking-plugins >= 1.0.0-15.1
-Requires: iptables
-Requires: nftables
-Recommends: %{name}-plugins
-Recommends: catatonit
-Suggests: qemu-user-static
 
-%description
-%{name} (Pod Manager) is a fully featured container engine that is a simple
-daemonless tool.  %{name} provides a Docker-CLI comparable command line that
-eases the transition from other container engines and allows the management of
-pods, containers and images.  Simply put: alias docker=%{name}.
-Most %{name} commands can be run as a regular user, without requiring
-additional privileges.
+# License. We assume GPLv2+ here.
+License:   ASL 2.0
 
-%{name} uses Buildah(1) internally to create container images.
-Both tools share image (not container) storage, hence each can use or
-manipulate images (but not containers) created by the other.
+# Home page of the project. Can also point to the public Git repository page.
+URL:        https://github.com/containers/podman
 
-%{summary}
-%{repo} Simple management tool for pods, containers and images
+# Detailed information about the source Git repository and the source commit
+# for the created rpm package
+VCS:        {{{ git_dir_vcs }}}
+
+# git_dir_pack macro places the repository content (the source files) into a tarball
+# and returns its filename. The tarball will be used to build the rpm.
+Source:     {{{ git_dir_pack }}}
+
+# More detailed description of the package
+%description
+This is a hello world package.
 
 %package docker
 Summary: Emulate Docker CLI using %{name}
@@ -124,12 +102,55 @@ run %{name}-remote in production.
 manage pods, containers and container images. %{name}-remote supports ssh
 connections as well.
 
+# The following four sections already describe the rpm build process itself.
+# prep will extract the tarball defined as Source above and descend into it.
 %prep
-%autosetup -n %{name}-main
+{{{ git_dir_setup_macro }}}
 
+# This will invoke `make` command in the directory with the extracted sources.
 %build
-make all docker-docs
+%set_build_flags
+export GO111MODULE=off
+export GOPATH=$(pwd)/_build:$(pwd)
+export CGO_CFLAGS=$CFLAGS
+# These extra flags present in $CFLAGS have been skipped for now as they break the build
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')
+
+%ifarch x86_64
+export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
+%endif
 
+mkdir _build
+pushd _build
+mkdir -p src/%{provider}.%{provider_tld}/%{project}
+ln -s ../../../../ src/%{import_path}
+popd
+ln -s vendor src
+
+# build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here?
+LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)"
+
+# build rootlessport first
+%gobuild -o bin/rootlessport %%{import_path}/cmd/rootlessport
+
+# build %%{name}
+export BUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) $(hack/selinux_tag.sh) $(hack/systemd_tag.sh)"
+%if 0%{?fedora} >= 35
+export BUILDTAGS+=" $(hack/libsubid_tag.sh)"
+%endif
+
+%gobuild -o bin/%{name} %{import_path}/cmd/%{name}
+
+# build %%{name}-remote
+export BUILDTAGS+=" exclude_graphdriver_btrfs btrfs_noversion remote"
+%gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name}
+
+make docs docker-docs
+
+# This will copy the files generated by the `make` command above into
+# the installable rpm package.
 %install
 PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \
         install.bin-nobuild \
@@ -140,23 +161,18 @@ PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} ETCDI
         install.docker-docs-nobuild \
         install.remote-nobuild \
 
-mv pkg/hooks/README.md pkg/hooks/README-hooks.md
+install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
+cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
 
+mv pkg/hooks/README.md pkg/hooks/README-hooks.md
 
 # do not include docker and podman-remote man pages in main package
 for file in `find %{buildroot}%{_mandir}/man[15] -type f | sed "s,%{buildroot},," | grep -v -e remote -e docker`; do
     echo "$file*" >> podman.file-list
 done
 
-# install tests
-install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
-cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
-
-%check
-
-#define license tag if not already defined
-%{!?_licensedir:%global license %doc}
-
+# This lists all the files that are included in the rpm package and that
+# are going to be installed into target system where the rpm is installed.
 %files -f %{name}.file-list
 %license LICENSE
 %doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md transfer.md
@@ -201,10 +217,7 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
 %license LICENSE
 %{_datadir}/%{name}/test
 
-%triggerpostun -- %{name} <= 3.2
-rm -f %{_sharedstatedir}/containers/storage/libpod/defaultCNINetExists
-exit 0
-
+# Finally, changes from the latest release of your application are generated from
+# your project's Git history. It will be empty until you make first annotated Git tag.
 %changelog
-* Fri Dec 03 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - %{version}-%{release}
-- auto copr build
+{{{ git_dir_changelog }}}
diff --git a/rootless.md b/rootless.md
index 6af449988..39c961d2a 100644
--- a/rootless.md
+++ b/rootless.md
@@ -25,8 +25,8 @@ can easily fail
   * When a container root process like YUM attempts to create a file owned by a different UID, NFS Server/GPFS denies the creation.
 * Does not work with homedirs mounted with noexec/nodev
   * User can setup storage to point to other directories they can write to that are not mounted noexec/nodev
-* Can not use overlayfs driver, but does support fuse-overlayfs
-  * Ubuntu supports non root overlay, but no other Linux distros do.
+* Support for using native overlayfs as an unprivileged user is only available for Podman version >= 3.1 on a Linux kernel version >= 5.12, otherwise the slower _fuse-overlayfs_ may be used.
+  * A few Linux distributions (e.g. Ubuntu) have supported even older Podman and Linux kernel versions by modifying the normal Linux kernel behaviour.
 * Only other supported driver is VFS.
 * Cannot use ping out of the box.
   * [(Can be fixed by setting sysctl on host)](https://github.com/containers/podman/blob/main/troubleshooting.md#5-rootless-containers-cannot-ping-hosts)
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 5e920506d..d5f7365e8 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -194,7 +194,7 @@ EOF
 
     cat >$tmpdir/Dockerfile <<EOF
 FROM $IMAGE
-ADD https://github.com/containers/podman/blob/master/README.md /tmp/
+ADD https://github.com/containers/podman/blob/main/README.md /tmp/
 EOF
     run_podman build -t add_url $tmpdir
     run_podman run --rm add_url stat /tmp/README.md