9 files changed, 196 insertions, 129 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 5895d84f4..2031432b9 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -34,6 +34,7 @@ PACKER_BASE=${PACKER_BASE:-./contrib/cirrus/packer}
 # Important filepaths
 SETUP_MARKER_FILEPATH="${SETUP_MARKER_FILEPATH:-/var/tmp/.setup_environment_sh_complete}"
 AUTHOR_NICKS_FILEPATH="${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/git_authors_to_irc_nicks.csv"
+BUILDAH_PACKAGES_FILEPATH="./contrib/cirrus/packages.sh"  # in buildah repo.
 
 # Log remote-client system test varlink output here
 export VARLINK_LOG=/var/tmp/varlink.log
@@ -61,8 +62,8 @@ PACKER_VER="1.4.2"
 # Base-images rarely change, define them here so they're out of the way.
 export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-31,fedora-30}"
 # Manually produced base-image names (see $SCRIPT_BASE/README.md)
-export UBUNTU_BASE_IMAGE="ubuntu-1904-disco-v20190724"
-export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a"
+export UBUNTU_BASE_IMAGE="ubuntu-1910-eoan-v20200211"
+export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20200218"
 # Manually produced base-image names (see $SCRIPT_BASE/README.md)
 export FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1578586410"
 export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410"
@@ -448,6 +449,26 @@ systemd_banish() {
     $GOSRC/$PACKER_BASE/systemd_banish.sh
 }
 
+install_buildah_packages() {
+    git clone https://github.com/containers/buildah.git /tmp/buildah
+    if [[ -r "$BUILDAH_PACKAGES_FILEPATH" ]]; then
+        source "$BUILDAH_PACKAGES_FILEPATH"
+        req_env_var UBUNTU_BUILDAH_PACKAGES FEDORA_BUILDAH_PACKAGES OS_RELEASE_ID
+        case "$OS_RELEASE_ID" in
+            fedora)
+                $BIGTO ooe.sh sudo dnf install -y ${FEDORA_BUILDAH_PACKAGES[@]}
+                ;;
+            ubuntu)
+                $LILTO $SUDOAPTGET update
+                $BIGTO $SUDOAPTGET install ${UBUNTU_BUILDAH_PACKAGES[@]}
+                ;;
+            *) bad_os_id_ver ;;
+        esac
+    else
+        warn "Could not find $BUILDAH_PACKAGES_FILEPATH in buildah repository root."
+    fi
+}
+
 _finalize() {
     set +e  # Don't fail at the very end
     if [[ -d "$CUSTOM_CLOUD_CONFIG_DEFAULTS" ]]
diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh
index e0190971e..0b179591a 100755
--- a/contrib/cirrus/logcollector.sh
+++ b/contrib/cirrus/logcollector.sh
@@ -61,6 +61,7 @@ case $1 in
                 PKG_NAMES+=(\
                     container-selinux \
                     crun \
+                    libseccomp \
                     runc \
                 )
                 ;;
@@ -69,6 +70,7 @@ case $1 in
                 PKG_LST_CMD='dpkg-query --show --showformat=${Package}-${Version}-${Architecture}\n'
                 PKG_NAMES+=(\
                     cri-o-runc \
+                    libseccomp2 \
                 )
                 ;;
             *) bad_os_id_ver ;;
diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh
index 20014e5f3..81a46b13f 100644
--- a/contrib/cirrus/packer/fedora_setup.sh
+++ b/contrib/cirrus/packer/fedora_setup.sh
@@ -26,7 +26,6 @@ else
     warn "NOT enabling updates-testing repository for image based on $PRIOR_FEDORA_BASE_IMAGE"
 fi
 
-echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'"
 REMOVE_PACKAGES=()
 INSTALL_PACKAGES=(\
     autoconf
@@ -74,6 +73,7 @@ INSTALL_PACKAGES=(\
     make
     msitools
     nmap-ncat
+    ostree-devel
     pandoc
     podman
     procps-ng
@@ -86,11 +86,15 @@ INSTALL_PACKAGES=(\
     python3-dateutil
     python3-psutil
     python3-pytoml
+    rsync
+    runc
     selinux-policy-devel
     skopeo
+    skopeo-containers
     slirp4netns
     unzip
     vim
+    wget
     which
     xz
     zip
@@ -112,16 +116,23 @@ case "$OS_RELEASE_VER" in
     *)
         bad_os_id_ver ;;
 esac
+
+echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'"
 $BIGTO ooe.sh sudo dnf install -y ${INSTALL_PACKAGES[@]}
 
+install_buildah_packages
+
 [[ "${#REMOVE_PACKAGES[@]}" -eq "0" ]] || \
     $LILTO ooe.sh sudo dnf erase -y ${REMOVE_PACKAGES[@]}
 
-# Ensure there are no disruptive periodic services enabled by default in image
-systemd_banish
+echo "Enabling cgroup management from containers"
+ooe.sh sudo setsebool container_manage_cgroup true
 
 ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh
 
+# Ensure there are no disruptive periodic services enabled by default in image
+systemd_banish
+
 rh_finalize
 
 echo "SUCCESS!"
diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh
index 7c39a76f8..46e7a620f 100644
--- a/contrib/cirrus/packer/ubuntu_setup.sh
+++ b/contrib/cirrus/packer/ubuntu_setup.sh
@@ -15,9 +15,6 @@ install_ooe
 export GOPATH="$(mktemp -d)"
 trap "sudo rm -rf $GOPATH" EXIT
 
-# Ensure there are no disruptive periodic services enabled by default in image
-systemd_banish
-
 # Stop disruption upon boot ASAP after booting
 echo "Disabling all packaging activity on boot"
 # Don't let sed process sed's temporary files
@@ -32,98 +29,123 @@ $BIGTO $SUDOAPTGET update
 echo "Upgrading all packages"
 $BIGTO $SUDOAPTGET upgrade
 
-echo "Adding PPAs"
+echo "Adding third-party repositories and PPAs"
 $LILTO $SUDOAPTGET install software-properties-common
-$LILTO $SUDOAPTADD ppa:projectatomic/ppa
 $LILTO $SUDOAPTADD ppa:criu/ppa
 if [[ "$OS_RELEASE_VER" -eq "18" ]]
 then
     $LILTO $SUDOAPTADD ppa:longsleep/golang-backports
 fi
 
-$LILTO $SUDOAPTGET update
-
-echo "Installing general testing and system dependencies"
-$BIGTO $SUDOAPTGET install \
-    apparmor \
-    aufs-tools \
-    autoconf \
-    automake \
-    bash-completion \
-    bats \
-    bison \
-    btrfs-tools \
-    build-essential \
-    containernetworking-plugins \
-    containers-common \
-    cri-o-runc \
-    criu \
-    curl \
-    conmon \
-    dnsmasq \
-    e2fslibs-dev \
-    emacs-nox \
-    file \
-    gawk \
-    gcc \
-    gettext \
-    go-md2man \
-    golang \
-    iproute2 \
-    iptables \
-    jq \
-    libaio-dev \
-    libapparmor-dev \
-    libcap-dev \
-    libdevmapper-dev \
-    libdevmapper1.02.1 \
-    libfuse-dev \
-    libfuse2 \
-    libglib2.0-dev \
-    libgpgme11-dev \
-    liblzma-dev \
-    libnet1 \
-    libnet1-dev \
-    libnl-3-dev \
-    libvarlink \
-    libprotobuf-c-dev \
-    libprotobuf-dev \
-    libseccomp-dev \
-    libseccomp2 \
-    libsystemd-dev \
-    libtool \
-    libudev-dev \
-    lsof \
-    make \
-    netcat \
-    pkg-config \
-    podman \
-    protobuf-c-compiler \
-    protobuf-compiler \
-    python-future \
-    python-minimal \
-    python-protobuf \
-    python3-dateutil \
-    python3-pip \
-    python3-psutil \
-    python3-pytoml \
-    python3-setuptools \
-    skopeo \
-    slirp4netns \
-    socat \
-    unzip \
-    vim \
-    xz-utils \
+echo "Configuring/Instaling deps from Open build server"
+VERSION_ID=$(source /etc/os-release; echo $VERSION_ID)
+echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/ /" \
+    | ooe.sh sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
+ooe.sh curl -L -o /tmp/Release.key "https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key"
+ooe.sh sudo apt-key add - < /tmp/Release.key
+
+INSTALL_PACKAGES=(\
+    apparmor
+    aufs-tools
+    autoconf
+    automake
+    bash-completion
+    bison
+    build-essential
+    bzip2
+    conmon
+    containernetworking-plugins
+    containers-common
+    coreutils
+    cri-o-runc
+    criu
+    curl
+    dnsmasq
+    e2fslibs-dev
+    emacs-nox
+    file
+    gawk
+    gcc
+    gettext
+    git
+    go-md2man
+    golang
+    iproute2
+    iptables
+    jq
+    libaio-dev
+    libapparmor-dev
+    libcap-dev
+    libdevmapper-dev
+    libdevmapper1.02.1
+    libfuse-dev
+    libfuse2
+    libglib2.0-dev
+    libgpgme11-dev
+    liblzma-dev
+    libnet1
+    libnet1-dev
+    libnl-3-dev
+    libprotobuf-c-dev
+    libprotobuf-dev
+    libseccomp-dev
+    libseccomp2
+    libselinux-dev
+    libsystemd-dev
+    libtool
+    libudev-dev
+    libvarlink
+    lsof
+    make
+    netcat
+    openssl
+    pkg-config
+    podman
+    protobuf-c-compiler
+    protobuf-compiler
+    python-future
+    python-minimal
+    python-protobuf
+    python3-dateutil
+    python3-pip
+    python3-psutil
+    python3-pytoml
+    python3-setuptools
+    rsync
+    runc
+    scons
+    skopeo
+    slirp4netns
+    socat
+    unzip
+    vim
+    wget
+    xz-utils
+    yum-utils
     zip
+    zlib1g-dev
+)
 
 if [[ "$OS_RELEASE_VER" -ge "19" ]]
 then
-    echo "Installing Ubuntu > 18 packages"
-    $LILTO $SUDOAPTGET install fuse3 libfuse3-dev libbtrfs-dev
-fi
+    INSTALL_PACKAGES+=(\
+        bats
+        btrfs-progs
+        fuse3
+        libbtrfs-dev
+        libfuse3-dev
+    )
+else
+    echo "Downloading version of bats with fix for a \$IFS related bug in 'run' command"
+    cd /tmp
+    BATS_URL='http://launchpadlibrarian.net/438140887/bats_1.1.0+git104-g1c83a1b-1_all.deb'
+    curl -L -O "$BATS_URL"
+    cd -
+    INSTALL_PACKAGES+=(\
+        /tmp/$(basename $BATS_URL)
+        btrfs-tools
+    )
 
-if [[ "$OS_RELEASE_VER" -eq "18" ]]
-then
     echo "Forced Ubuntu 18 kernel to enable cgroup swap accounting."
     SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/g'
     ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub.d/*
@@ -131,9 +153,27 @@ then
     ooe.sh sudo update-grub
 fi
 
+echo "Installing general testing and system dependencies"
+# Necessary to update cache of newly added repos
+$LILTO $SUDOAPTGET update
+$BIGTO $SUDOAPTGET install ${INSTALL_PACKAGES[@]}
+
+install_buildah_packages
+
+echo "Installing cataonit and libseccomp.sudo"
 ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh
 ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo
 
+# Ensure there are no disruptive periodic services enabled by default in image
+systemd_banish
+
+CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc"
+if sudo dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH"
+then
+    echo "Linking $CRIO_RUNC_PATH to /usr/bin/runc for ease of testing."
+    sudo ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc"
+fi
+
 ubuntu_finalize
 
 echo "SUCCESS!"
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index 5001ef4dd..eceb80b00 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -39,12 +39,6 @@ done
 cd "${GOSRC}/"
 case "${OS_RELEASE_ID}" in
     ubuntu)
-        CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc"
-        if dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH"
-        then
-            echo "Linking $CRIO_RUNC_PATH to /usr/bin/runc for ease of testing."
-            ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc"
-        fi
         ;;
     fedora)
         # All SELinux distros need this for systemd-in-a-container
@@ -58,6 +52,10 @@ case "${OS_RELEASE_ID}" in
         echo "mq-deadline" > /sys/block/sda/queue/scheduler
         cat /sys/block/sda/queue/scheduler
 
+        if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then
+            bash "$SCRIPT_BASE/add_second_partition.sh"
+        fi
+
         warn "Forcing systemd cgroup manager"
         X=$(echo "export CGROUP_MANAGER=systemd" | \
             tee -a /etc/environment) && eval "$X" && echo "$X"
diff --git a/contrib/cirrus/upload_release_archive.sh b/contrib/cirrus/upload_release_archive.sh
index a94a5cc82..e1b8937b7 100755
--- a/contrib/cirrus/upload_release_archive.sh
+++ b/contrib/cirrus/upload_release_archive.sh
@@ -19,36 +19,19 @@ then
     BUCKET="libpod-pr-releases"
 elif [[ -n "$CIRRUS_BRANCH" ]]
 then
-    # Only release binaries for tagged commit ranges, unless working on docs
-    if is_release || [[ $CIRRUS_TASK_NAME =~ "docs" ]]
+    # Only release binaries for docs
+    if [[ $CIRRUS_TASK_NAME =~ "docs" ]]
     then
         PR_OR_BRANCH="$CIRRUS_BRANCH"
         BUCKET="libpod-$CIRRUS_BRANCH-releases"
     else
-        warn "" "Skipping release processing: Commit range|CIRRUS_TAG is development tagged."
+        warn "" "Skipping release processing for non-docs task."
         exit 0
     fi
 else
     die 1 "Expecting either \$CIRRUS_PR or \$CIRRUS_BRANCH to be non-empty."
 fi
 
-echo "Parsing actual_release.txt contents: $(< actual_release.txt)"
-cd $GOSRC
-RELEASETXT=$(<actual_release.txt)  # see build_release.sh
-[[ -n "$RELEASETXT" ]] || \
-    die 3 "Could not obtain metadata from actual_release.txt"
-RELEASE_INFO=$(echo "$RELEASETXT" | grep -m 1 'X-RELEASE-INFO:' | sed -r -e 's/X-RELEASE-INFO:\s*(.+)/\1/')
-if [[ "$?" -ne "0" ]] || [[ -z "$RELEASE_INFO" ]]
-then
-    die 4 "Metadata is empty or invalid: '$RELEASETXT'"
-fi
-# Format specified in Makefile
-# e.g. libpod v1.3.1-166-g60df124e fedora 29 amd64
-# or   libpod-remote v1.3.1-166-g60df124e windows - amd64
-FIELDS="RELEASE_BASENAME RELEASE_VERSION RELEASE_DIST RELEASE_DIST_VER RELEASE_ARCH"
-read $FIELDS <<< $RELEASE_INFO
-req_env_var $FIELDS
-
 # Functional local podman required for uploading
 echo "Verifying a local, functional podman, building one if necessary."
 [[ -n "$(type -P podman)" ]] || \
@@ -64,7 +47,7 @@ echo "$RELEASE_GCPJSON" > "$TMPF"
 unset RELEASE_GCPJSON
 
 cd $GOSRC
-for filename in $(ls -1 *.tar.gz *.zip *.msi $SWAGGER_FILEPATH)
+for filename in $(ls -1 $SWAGGER_FILEPATH)
 do
     unset EXT
     EXT=$(echo "$filename" | sed -r -e 's/.+\.(.+$)/\1/g')
@@ -85,19 +68,7 @@ do
         # For doc. ref. this must always be a static filename, e.g. swagger-latest-master.yaml
         ALSO_FILENAME="swagger-latest-${PR_OR_BRANCH}.yaml"
     else
-        # Form the generic "latest" file for this branch or pr
-        TO_PREFIX="${RELEASE_BASENAME}-latest-${PR_OR_BRANCH}-${RELEASE_DIST}"
-        # Form the fully-versioned filename for historical sake
-        ALSO_PREFIX="${RELEASE_BASENAME}-${RELEASE_VERSION}-${PR_OR_BRANCH}-${RELEASE_DIST}"
-        TO_SUFFIX="${RELEASE_ARCH}.${EXT}"
-        if [[ "$RELEASE_DIST" == "windows" ]] || [[ "$RELEASE_DIST" == "darwin" ]]
-        then
-            TO_FILENAME="${TO_PREFIX}-${TO_SUFFIX}"
-            ALSO_FILENAME="${ALSO_PREFIX}-${TO_SUFFIX}"
-        else
-            TO_FILENAME="${TO_PREFIX}-${RELEASE_DIST_VER}-${TO_SUFFIX}"
-            ALSO_FILENAME="${ALSO_PREFIX}-${TO_SUFFIX}"
-        fi
+        die "Uploading non-docs files has been disabled"
     fi
 
     [[ "$OS_RELEASE_ID" == "ubuntu" ]] || \
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index 0222be7ba..817be31b7 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -48,7 +48,7 @@ Epoch: 99
 %else
 Epoch: 0
 %endif
-Version: 1.8.2
+Version: 1.8.3
 Release: #COMMITDATE#.git%{shortcommit0}%{?dist}
 Summary: Manage Pods, Containers and Container Images
 License: ASL 2.0
@@ -524,6 +524,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %{_unitdir}/io.podman.socket
 %{_usr}/lib/systemd/user/io.podman.service
 %{_usr}/lib/systemd/user/io.podman.socket
+%{_unitdir}/podman.service
+%{_unitdir}/podman.socket
+%{_usr}/lib/systemd/user/podman.service
+%{_usr}/lib/systemd/user/podman.socket
 %{_usr}/lib/tmpfiles.d/%{name}.conf
 
 %if 0%{?with_devel}
diff --git a/contrib/systemd/auto-update/podman-auto-update.service b/contrib/systemd/auto-update/podman-auto-update.service
new file mode 100644
index 000000000..b63f24230
--- /dev/null
+++ b/contrib/systemd/auto-update/podman-auto-update.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Podman auto-update service
+Documentation=man:podman-auto-update(1)
+Wants=network.target
+After=network-online.target
+
+[Service]
+ExecStart=/usr/bin/podman auto-update
+
+[Install]
+WantedBy=multi-user.target default.target
diff --git a/contrib/systemd/auto-update/podman-auto-update.timer b/contrib/systemd/auto-update/podman-auto-update.timer
new file mode 100644
index 000000000..3e50ffa9b
--- /dev/null
+++ b/contrib/systemd/auto-update/podman-auto-update.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Podman auto-update timer
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+
+[Install]
+WantedBy=timers.target