diff options
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/cirrus/README.md | 42 | ||||
| -rw-r--r-- | contrib/cirrus/container_test.sh | 1 | ||||
| -rwxr-xr-x | contrib/cirrus/integration_test.sh | 2 | ||||
| -rw-r--r-- | contrib/cirrus/lib.sh | 99 | ||||
| -rw-r--r-- | contrib/cirrus/packer/fedora_base-setup.sh | 21 | ||||
| -rw-r--r-- | contrib/cirrus/packer/fedora_packaging.sh | 141 | ||||
| -rw-r--r-- | contrib/cirrus/packer/fedora_setup.sh | 129 | ||||
| -rw-r--r-- | contrib/cirrus/packer/libpod_base_images.yml | 6 | ||||
| -rw-r--r-- | contrib/cirrus/packer/libpod_images.yml | 5 | ||||
| -rw-r--r-- | contrib/cirrus/packer/ubuntu_packaging.sh | 152 | ||||
| -rw-r--r-- | contrib/cirrus/packer/ubuntu_setup.sh | 157 | ||||
| -rwxr-xr-x | contrib/cirrus/setup_environment.sh | 18 | ||||
| -rw-r--r-- | contrib/dependencies.txt | 1 | ||||
| -rw-r--r-- | contrib/gate/Dockerfile | 8 | ||||
| -rw-r--r-- | contrib/podmanimage/stable/Dockerfile | 10 | ||||
| -rw-r--r-- | contrib/podmanimage/stable/manual/Containerfile | 9 | ||||
| -rw-r--r-- | contrib/podmanimage/testing/Dockerfile | 10 | ||||
| -rw-r--r-- | contrib/podmanimage/upstream/Dockerfile | 10 | ||||
| -rw-r--r-- | contrib/spec/podman.spec.in | 8 |
19 files changed, 449 insertions, 380 deletions
diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md index 709985b5b..541cf2f54 100644 --- a/contrib/cirrus/README.md +++ b/contrib/cirrus/README.md @@ -165,20 +165,34 @@ env: * Choose the *test_build_cache_images* task. * Open the *build_vm_images* script section. -### `release` Task - -Gathers up zip files uploaded by other tasks, from the local Cirrus-CI caching service. -Depending on the execution context (a PR or a branch), this task uploads the files -found to storage buckets at: - -* [https://storage.cloud.google.com/libpod-pr-releases](https://storage.cloud.google.com/libpod-pr-releases) -* [https://storage.cloud.google.com/libpod-master-releases](https://storage.cloud.google.com/libpod-master-releases) - -***Note:*** Repeated builds from the same PR or branch, will clobber previous archives - *by design*. This is intended so that the "latest" archive is always - available at a consistent URL. The precise details regarding a particular - build is encoded within the zip-archive comment. - +### `docs` Task + +Builds swagger API documentation YAML and uploads to google storage for both +PR's (for testing the process) and after a merge into any branch. For PR's +the YAML is uploaded into a [dedicated short-pruning cycle +bucket.](https://storage.googleapis.com/libpod-pr-releases/) For branches, +a [separate bucket is +used.](https://storage.googleapis.com/libpod-master-releases) +In both cases the filename includes the source +PR number or branch name. + +***Note***: [The online documentation](http://docs.podman.io/en/latest/_static/api.html) +is presented through javascript on the client-side. This requires CORS to be properly +configured on the bucket, for the `http://docs.podman.io` origin. Please see +[Configuring CORS on a bucket](https://cloud.google.com/storage/docs/configuring-cors#configure-cors-bucket) +for details. This may be performed by anybody with admin access to the google storage bucket, +using the following JSON: + +```JSON +[ + { + "origin": ["http://docs.podman.io"], + "responseHeader": ["Content-Type"], + "method": ["GET"], + "maxAgeSeconds": 600 + } +] +``` ## Base-images diff --git a/contrib/cirrus/container_test.sh b/contrib/cirrus/container_test.sh index 4624868f1..bf0a0d3f1 100644 --- a/contrib/cirrus/container_test.sh +++ b/contrib/cirrus/container_test.sh @@ -126,7 +126,6 @@ if [ $install -eq 1 ]; then make TAGS="${TAGS}" install.bin PREFIX=/usr ETCDIR=/etc make TAGS="${TAGS}" install.man PREFIX=/usr ETCDIR=/etc make TAGS="${TAGS}" install.cni PREFIX=/usr ETCDIR=/etc - make TAGS="${TAGS}" install.config PREFIX=/usr ETCDIR=/etc make TAGS="${TAGS}" install.systemd PREFIX=/usr ETCDIR=/etc fi diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh index 6341bcb4a..c92f123fd 100755 --- a/contrib/cirrus/integration_test.sh +++ b/contrib/cirrus/integration_test.sh @@ -45,12 +45,12 @@ case "$SPECIALMODE" in bindings) make make install PREFIX=/usr ETCDIR=/etc + export PATH=$PATH:`pwd`/hack cd pkg/bindings/test && ginkgo -trace -noColor -debug -r ;; none) make make install PREFIX=/usr ETCDIR=/etc - make install.config PREFIX=/usr make test-binaries if [[ "$TEST_REMOTE_CLIENT" == "true" ]] then diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 04f14eeb3..cc5a3ffa7 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -6,6 +6,11 @@ # Global details persist here source /etc/environment # not always loaded under all circumstances +# Automation environment doesn't automatically load for Ubuntu 18 +if [[ -r '/usr/share/automation/environment' ]]; then + source '/usr/share/automation/environment' +fi + # Under some contexts these values are not set, make sure they are. export USER="$(whoami)" export HOME="$(getent passwd $USER | cut -d : -f 6)" @@ -58,24 +63,30 @@ CIRRUS_BUILD_ID=${CIRRUS_BUILD_ID:-$RANDOM$(date +%s)} # must be short and uniq PACKER_VER="1.4.2" # CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json) -# Base-images rarely change, define them here so they're out of the way. -export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-32,fedora-31}" -# Manually produced base-image names (see $SCRIPT_BASE/README.md) -export UBUNTU_BASE_IMAGE="ubuntu-1910-eoan-v20200211" -export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20200218" +# List of cache imaes to build for 'CI:IMG' mode via build_vm_images.sh +# Exists to support manual single-image building in case of emergency +export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-20,ubuntu-19,fedora-32,fedora-31}" +# Google cloud provides these, we just make copies (see $SCRIPT_BASE/README.md) for use +export UBUNTU_BASE_IMAGE="ubuntu-2004-focal-v20200506" +export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1910-eoan-v20200211" # Manually produced base-image names (see $SCRIPT_BASE/README.md) -export FEDORA_BASE_IMAGE="fedora-cloud-base-32-n-0-1586202964" -export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1586202964" +export FEDORA_BASE_IMAGE="fedora-cloud-base-32-1-6-1588257430" +export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1588257430" export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}" # IN_PODMAN container image IN_PODMAN_IMAGE="quay.io/libpod/in_podman:$DEST_BRANCH" # Image for uploading releases UPLDREL_IMAGE="quay.io/libpod/upldrel:master" +# This is needed under some environments/contexts +SUDO='' +[[ "$UID" -eq 0 ]] || \ + SUDO='sudo -E' + # Avoid getting stuck waiting for user input export DEBIAN_FRONTEND="noninteractive" -SUDOAPTGET="ooe.sh sudo -E apt-get -qq --yes" -SUDOAPTADD="ooe.sh sudo -E add-apt-repository --yes" +SUDOAPTGET="$SUDO apt-get -qq --yes" +SUDOAPTADD="$SUDO add-apt-repository --yes" # Regex that finds enabled periodic apt configuration items PERIODIC_APT_RE='^(APT::Periodic::.+")1"\;' # Short-cuts for retrying/timeout calls @@ -88,7 +99,6 @@ ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(. SECRET_ENV_RE='(IRCID)|(ACCOUNT)|(GC[EP]..+)|(SSH)' SPECIALMODE="${SPECIALMODE:-none}" -MOD_LIBPOD_CONF="${MOD_LIBPOD_CONF:false}" TEST_REMOTE_CLIENT="${TEST_REMOTE_CLIENT:-false}" export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman} @@ -109,6 +119,9 @@ OS_REL_VER="${OS_RELEASE_ID}-${OS_RELEASE_VER}" # Type of filesystem used for cgroups CG_FS_TYPE="$(stat -f -c %T /sys/fs/cgroup)" +# When building images, the version of automation tooling to install +INSTALL_AUTOMATION_VERSION=1.1.3 + # Installed into cache-images, supports overrides # by user-data in case of breakage or for debugging. CUSTOM_CLOUD_CONFIG_DEFAULTS="$GOSRC/$PACKER_BASE/cloud-init/$OS_RELEASE_ID/cloud.cfg.d" @@ -354,25 +367,18 @@ setup_rootless() { die 11 "Timeout exceeded waiting for localhost ssh capability" } -# Helper/wrapper script to only show stderr/stdout on non-zero exit -install_ooe() { - req_env_var SCRIPT_BASE - echo "Installing script to mask stdout/stderr unless non-zero exit." - sudo install -D -m 755 "$GOSRC/$SCRIPT_BASE/ooe.sh" /usr/local/bin/ooe.sh -} - # Grab a newer version of git from software collections # https://www.softwarecollections.org/en/ # and use it with a wrapper install_scl_git() { echo "Installing SoftwareCollections updated 'git' version." - ooe.sh sudo yum -y install rh-git29 - cat << "EOF" | sudo tee /usr/bin/git + ooe.sh $SUDO yum -y install rh-git29 + cat << "EOF" | $SUDO tee /usr/bin/git #!/bin/bash scl enable rh-git29 -- git $@ EOF - sudo chmod 755 /usr/bin/git + $SUDO chmod 755 /usr/bin/git } install_test_configs() { @@ -414,9 +420,9 @@ remove_packaged_podman_files() { if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]] then - LISTING_CMD="sudo -E dpkg-query -L podman" + LISTING_CMD="$SUDO dpkg-query -L podman" else - LISTING_CMD='sudo rpm -ql podman' + LISTING_CMD='$SUDO rpm -ql podman' fi # yum/dnf/dpkg may list system directories, only remove files @@ -424,7 +430,7 @@ remove_packaged_podman_files() { do # Sub-directories may contain unrelated/valuable stuff if [[ -d "$fullpath" ]]; then continue; fi - ooe.sh sudo rm -vf "$fullpath" + ooe.sh $SUDO rm -vf "$fullpath" done # Be super extra sure and careful vs performant and completely safe @@ -447,43 +453,60 @@ systemd_banish() { $GOSRC/$PACKER_BASE/systemd_banish.sh } +# This can be removed when the kernel bug fix is included in Fedora +workaround_bfq_bug() { + if [[ "$OS_RELEASE_ID" == "fedora" ]] && [[ $OS_RELEASE_VER -le 32 ]]; then + warn "Switching io scheduler to 'deadline' to avoid RHBZ 1767539" + warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" + echo "mq-deadline" | sudo tee /sys/block/sda/queue/scheduler > /dev/null + echo -n "IO Scheduler set to: " + $SUDO cat /sys/block/sda/queue/scheduler + fi +} + +# Warning: DO NOT USE. +# This is called by other functions as the very last step during the VM Image build +# process. It's purpose is to "reset" the image, so all the first-boot operations +# happen at test runtime (like generating new ssh host keys, resizing partitions, etc.) _finalize() { set +e # Don't fail at the very end if [[ -d "$CUSTOM_CLOUD_CONFIG_DEFAULTS" ]] then echo "Installing custom cloud-init defaults" - sudo cp -v "$CUSTOM_CLOUD_CONFIG_DEFAULTS"/* /etc/cloud/cloud.cfg.d/ + $SUDO cp -v "$CUSTOM_CLOUD_CONFIG_DEFAULTS"/* /etc/cloud/cloud.cfg.d/ else echo "Could not find any files in $CUSTOM_CLOUD_CONFIG_DEFAULTS" fi echo "Re-initializing so next boot does 'first-boot' setup again." cd / - sudo rm -rf /var/lib/cloud/instanc* - sudo rm -rf /root/.ssh/* - sudo rm -rf /etc/ssh/*key* - sudo rm -rf /etc/ssh/moduli - sudo rm -rf /home/* - sudo rm -rf /tmp/* - sudo rm -rf /tmp/.??* - sudo sync - sudo fstrim -av + $SUDO rm -rf /var/lib/cloud/instanc* + $SUDO rm -rf /root/.ssh/* + $SUDO rm -rf /etc/ssh/*key* + $SUDO rm -rf /etc/ssh/moduli + $SUDO rm -rf /home/* + $SUDO rm -rf /tmp/* + $SUDO rm -rf /tmp/.??* + $SUDO sync + $SUDO fstrim -av } +# Called during VM Image setup, not intended for general use. rh_finalize() { set +e # Don't fail at the very end echo "Resetting to fresh-state for usage as cloud-image." PKG=$(type -P dnf || type -P yum || echo "") - sudo $PKG clean all - sudo rm -rf /var/cache/{yum,dnf} - sudo rm -f /etc/udev/rules.d/*-persistent-*.rules - sudo touch /.unconfigured # force firstboot to run + $SUDO $PKG clean all + $SUDO rm -rf /var/cache/{yum,dnf} + $SUDO rm -f /etc/udev/rules.d/*-persistent-*.rules + $SUDO touch /.unconfigured # force firstboot to run _finalize } +# Called during VM Image setup, not intended for general use. ubuntu_finalize() { set +e # Don't fail at the very end echo "Resetting to fresh-state for usage as cloud-image." $LILTO $SUDOAPTGET autoremove - sudo rm -rf /var/cache/apt + $SUDO rm -rf /var/cache/apt _finalize } diff --git a/contrib/cirrus/packer/fedora_base-setup.sh b/contrib/cirrus/packer/fedora_base-setup.sh index 29c23117f..f271abee0 100644 --- a/contrib/cirrus/packer/fedora_base-setup.sh +++ b/contrib/cirrus/packer/fedora_base-setup.sh @@ -8,16 +8,14 @@ set -e # Load in library (copied by packer, before this script was run) source $GOSRC/$SCRIPT_BASE/lib.sh -install_ooe - echo "Updating packages" -ooe.sh dnf -y update +dnf -y update echo "Installing necessary packages and google services" -ooe.sh dnf -y install rng-tools google-compute-engine-tools google-compute-engine-oslogin ethtool +dnf -y install rng-tools google-compute-engine-tools google-compute-engine-oslogin ethtool echo "Enabling services" -ooe.sh systemctl enable rngd +systemctl enable rngd # There is a race that can happen on boot between the GCE services configuring # the VM, and cloud-init trying to do similar activities. Use a customized @@ -25,6 +23,19 @@ ooe.sh systemctl enable rngd echo "Setting cloud-init service to start after google-network-daemon.service" cp -v $GOSRC/$PACKER_BASE/cloud-init/fedora/cloud-init.service /etc/systemd/system/ +# ref: https://cloud.google.com/compute/docs/startupscript +# The mechanism used by Cirrus-CI to execute tasks on the system is through an +# "agent" process launched as a GCP startup-script (from the metadata service). +# This agent is responsible for cloning the repository and executing all task +# scripts and other operations. Therefor, on SELinux-enforcing systems, the +# service must be labeled properly to ensure it's child processes can +# run with the proper contexts. +METADATA_SERVICE_CTX=unconfined_u:unconfined_r:unconfined_t:s0 +METADATA_SERVICE_PATH=systemd/system/google-startup-scripts.service +sed -r -e \ + "s/Type=oneshot/Type=oneshot\nSELinuxContext=$METADATA_SERVICE_CTX/" \ + /lib/$METADATA_SERVICE_PATH > /etc/$METADATA_SERVICE_PATH + # Ensure there are no disruptive periodic services enabled by default in image systemd_banish diff --git a/contrib/cirrus/packer/fedora_packaging.sh b/contrib/cirrus/packer/fedora_packaging.sh new file mode 100644 index 000000000..e80d48bc8 --- /dev/null +++ b/contrib/cirrus/packer/fedora_packaging.sh @@ -0,0 +1,141 @@ +#!/bin/bash + +# This script is called from fedora_setup.sh and various Dockerfiles. +# It's not intended to be used outside of those contexts. It assumes the lib.sh +# library has already been sourced, and that all "ground-up" package-related activity +# needs to be done, including repository setup and initial update. + +set -e + +echo "Updating/Installing repos and packages for $OS_REL_VER" + +source $GOSRC/$SCRIPT_BASE/lib.sh + +# Pre-req. to install automation tooing +$LILTO $SUDO dnf install -y git + +# Install common automation tooling (i.e. ooe.sh) +curl --silent --show-error --location \ + --url "https://raw.githubusercontent.com/containers/automation/master/bin/install_automation.sh" | \ + $SUDO env INSTALL_PREFIX=/usr/share /bin/bash -s - "$INSTALL_AUTOMATION_VERSION" +# Reload installed environment right now (happens automatically in a new process) +source /usr/share/automation/environment + +# Set this to 1 to NOT enable updates-testing repository +DISABLE_UPDATES_TESTING=${DISABLE_UPDATES_TESTING:0} + +# Do not enable update-stesting on the previous Fedora release +if ((DISABLE_UPDATES_TESTING!=0)); then + warn "Enabling updates-testing repository for image based on $FEDORA_BASE_IMAGE" + $LILTO $SUDO ooe.sh dnf install -y 'dnf-command(config-manager)' + $LILTO $SUDO ooe.sh dnf config-manager --set-enabled updates-testing +else + warn "NOT enabling updates-testing repository for image based on $PRIOR_FEDORA_BASE_IMAGE" +fi + +$BIGTO ooe.sh $SUDO dnf update -y + +REMOVE_PACKAGES=() +INSTALL_PACKAGES=(\ + autoconf + automake + bash-completion + bats + bridge-utils + btrfs-progs-devel + buildah + bzip2 + conmon + container-selinux + containernetworking-plugins + containers-common + criu + device-mapper-devel + dnsmasq + emacs-nox + file + findutils + fuse3 + fuse3-devel + gcc + git + glib2-devel + glibc-static + gnupg + go-md2man + golang + gpgme-devel + iproute + iptables + jq + libassuan-devel + libcap-devel + libmsi1 + libnet + libnet-devel + libnl3-devel + libseccomp + libseccomp-devel + libselinux-devel + libtool + libvarlink-util + lsof + make + msitools + nmap-ncat + ostree-devel + pandoc + podman + procps-ng + protobuf + protobuf-c + protobuf-c-devel + protobuf-devel + python + python3-dateutil + python3-psutil + python3-pytoml + rsync + selinux-policy-devel + skopeo + skopeo-containers + slirp4netns + unzip + vim + wget + which + xz + zip +) + +case "$OS_RELEASE_VER" in + 30) + INSTALL_PACKAGES+=(\ + atomic-registries + golang-github-cpuguy83-go-md2man + python2-future + runc + ) + REMOVE_PACKAGES+=(crun) + ;; + 31) + INSTALL_PACKAGES+=(crun) + REMOVE_PACKAGES+=(runc) + ;; + 32) + INSTALL_PACKAGES+=(crun) + REMOVE_PACKAGES+=(runc) + ;; + *) + bad_os_id_ver ;; +esac + +echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'" +$BIGTO ooe.sh $SUDO dnf install -y ${INSTALL_PACKAGES[@]} + +[[ ${#REMOVE_PACKAGES[@]} -eq 0 ]] || \ + $LILTO ooe.sh $SUDO dnf erase -y ${REMOVE_PACKAGES[@]} + +export GOPATH="$(mktemp -d)" +trap "$SUDO rm -rf $GOPATH" EXIT +ooe.sh $SUDO $GOSRC/hack/install_catatonit.sh diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index fcef7360b..3830b3bc4 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -6,139 +6,26 @@ set -e # Load in library (copied by packer, before this script was run) -source /tmp/libpod/$SCRIPT_BASE/lib.sh +source $GOSRC/$SCRIPT_BASE/lib.sh -req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC FEDORA_BASE_IMAGE OS_RELEASE_ID OS_RELEASE_VER +req_env_var SCRIPT_BASE PACKER_BASE INSTALL_AUTOMATION_VERSION PACKER_BUILDER_NAME GOSRC FEDORA_BASE_IMAGE OS_RELEASE_ID OS_RELEASE_VER -install_ooe - -if [[ $OS_RELEASE_VER -le 31 ]]; then - warn "Switching io scheduler to 'deadline' to avoid RHBZ 1767539" - warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" - echo "mq-deadline" | sudo tee /sys/block/sda/queue/scheduler > /dev/null - sudo cat /sys/block/sda/queue/scheduler -fi - -export GOPATH="$(mktemp -d)" -trap "sudo rm -rf $GOPATH" EXIT - -$BIGTO ooe.sh sudo dnf update -y +workaround_bfq_bug # Do not enable update-stesting on the previous Fedora release if [[ "$FEDORA_BASE_IMAGE" =~ "${OS_RELEASE_ID}-cloud-base-${OS_RELEASE_VER}" ]]; then - warn "Enabling updates-testing repository for image based on $FEDORA_BASE_IMAGE" - $LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)' - $LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing + DISABLE_UPDATES_TESTING=0 else - warn "NOT enabling updates-testing repository for image based on $PRIOR_FEDORA_BASE_IMAGE" + DISABLE_UPDATES_TESTING=1 fi -REMOVE_PACKAGES=() -INSTALL_PACKAGES=(\ - autoconf - automake - bash-completion - bats - bridge-utils - btrfs-progs-devel - buildah - bzip2 - conmon - container-selinux - containernetworking-plugins - containers-common - criu - device-mapper-devel - dnsmasq - emacs-nox - file - findutils - fuse3 - fuse3-devel - gcc - git - glib2-devel - glibc-static - gnupg - go-md2man - golang - gpgme-devel - iproute - iptables - jq - libassuan-devel - libcap-devel - libmsi1 - libnet - libnet-devel - libnl3-devel - libseccomp - libseccomp-devel - libselinux-devel - libtool - libvarlink-util - lsof - make - msitools - nmap-ncat - ostree-devel - pandoc - podman - procps-ng - protobuf - protobuf-c - protobuf-c-devel - protobuf-devel - python - python3-dateutil - python3-psutil - python3-pytoml - rsync - selinux-policy-devel - skopeo - skopeo-containers - slirp4netns - unzip - vim - wget - which - xz - zip -) - -case "$OS_RELEASE_VER" in - 30) - INSTALL_PACKAGES+=(\ - atomic-registries - golang-github-cpuguy83-go-md2man - python2-future - runc - ) - REMOVE_PACKAGES+=(crun) - ;; - 31) - INSTALL_PACKAGES+=(crun) - REMOVE_PACKAGES+=(runc) - ;; - 32) - INSTALL_PACKAGES+=(crun) - REMOVE_PACKAGES+=(runc) - ;; - *) - bad_os_id_ver ;; -esac - -echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'" -$BIGTO ooe.sh sudo dnf install -y ${INSTALL_PACKAGES[@]} - -[[ "${#REMOVE_PACKAGES[@]}" -eq "0" ]] || \ - $LILTO ooe.sh sudo dnf erase -y ${REMOVE_PACKAGES[@]} +bash $PACKER_BASE/fedora_packaging.sh +# Load installed environment right now (happens automatically in a new process) +source /usr/share/automation/environment echo "Enabling cgroup management from containers" ooe.sh sudo setsebool container_manage_cgroup true -ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh - # Ensure there are no disruptive periodic services enabled by default in image systemd_banish diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml index a66fac31c..f53bfafc5 100644 --- a/contrib/cirrus/packer/libpod_base_images.yml +++ b/contrib/cirrus/packer/libpod_base_images.yml @@ -17,9 +17,9 @@ variables: PRIOR_UBUNTU_BASE_IMAGE: # Latest Fedora release - FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/32/Cloud/x86_64/images/Fedora-Cloud-Base-32-20200406.n.0.x86_64.qcow2" - FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/32/Cloud/x86_64/images/Fedora-Cloud-32-x86_64-20200406.n.0-CHECKSUM" - FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-32-n-0' + FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/32/Cloud/x86_64/images/Fedora-Cloud-Base-32-1.6.x86_64.qcow2" + FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/32/Cloud/x86_64/images/Fedora-Cloud-32-1.6-x86_64-CHECKSUM" + FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-32-1-6' # Prior Fedora release PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2" diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml index c23439201..754626a2e 100644 --- a/contrib/cirrus/packer/libpod_images.yml +++ b/contrib/cirrus/packer/libpod_images.yml @@ -29,7 +29,7 @@ sensitive-variables: builders: # v----- is a YAML anchor, allows referencing this object by name (below) - &gce_hosted_image - name: 'ubuntu-19' + name: 'ubuntu-20' type: 'googlecompute' image_name: '{{build_name}}{{user `BUILT_IMAGE_SUFFIX`}}' image_family: '{{build_name}}-cache' @@ -46,7 +46,7 @@ builders: # v----- is a YAML alias, allows partial re-use of the anchor object - <<: *gce_hosted_image - name: 'ubuntu-18' + name: 'ubuntu-19' source_image: '{{user `PRIOR_UBUNTU_BASE_IMAGE`}}' source_image_family: 'prior-ubuntu-base' @@ -71,6 +71,7 @@ provisioners: environment_vars: - 'PACKER_BUILDER_NAME={{build_name}}' - 'GOSRC=/tmp/libpod' + - 'PACKER_BASE={{user `PACKER_BASE`}}' - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}' post-processors: diff --git a/contrib/cirrus/packer/ubuntu_packaging.sh b/contrib/cirrus/packer/ubuntu_packaging.sh new file mode 100644 index 000000000..fd0280230 --- /dev/null +++ b/contrib/cirrus/packer/ubuntu_packaging.sh @@ -0,0 +1,152 @@ +#!/bin/bash + +# This script is called from ubuntu_setup.sh and various Dockerfiles. +# It's not intended to be used outside of those contexts. It assumes the lib.sh +# library has already been sourced, and that all "ground-up" package-related activity +# needs to be done, including repository setup and initial update. + +set -e + +echo "Updating/Installing repos and packages for $OS_REL_VER" + +source $GOSRC/$SCRIPT_BASE/lib.sh + +echo "Updating/configuring package repositories." +$BIGTO $SUDOAPTGET update + +echo "Installing deps to add third-party repositories and automation tooling" +$LILTO $SUDOAPTGET install software-properties-common git curl + +# Install common automation tooling (i.e. ooe.sh) +curl --silent --show-error --location \ + --url "https://raw.githubusercontent.com/containers/automation/master/bin/install_automation.sh" | \ + $SUDO env INSTALL_PREFIX=/usr/share /bin/bash -s - "$INSTALL_AUTOMATION_VERSION" +# Reload installed environment right now (happens automatically in a new process) +source /usr/share/automation/environment + +$LILTO ooe.sh $SUDOAPTADD ppa:criu/ppa + +echo "Configuring/Instaling deps from Open build server" +VERSION_ID=$(source /etc/os-release; echo $VERSION_ID) +echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/ /" \ + | ooe.sh $SUDO tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list +ooe.sh curl -L -o /tmp/Release.key "https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key" +ooe.sh $SUDO apt-key add - < /tmp/Release.key + +INSTALL_PACKAGES=(\ + apparmor + aufs-tools + autoconf + automake + bash-completion + bats + bison + btrfs-progs + build-essential + buildah + bzip2 + conmon + containernetworking-plugins + containers-common + coreutils + cri-o-runc + criu + curl + dnsmasq + e2fslibs-dev + emacs-nox + file + fuse3 + gawk + gcc + gettext + git + go-md2man + golang + iproute2 + iptables + jq + libaio-dev + libapparmor-dev + libbtrfs-dev + libcap-dev + libdevmapper-dev + libdevmapper1.02.1 + libfuse-dev + libfuse2 + libfuse3-dev + libglib2.0-dev + libgpgme11-dev + liblzma-dev + libnet1 + libnet1-dev + libnl-3-dev + libprotobuf-c-dev + libprotobuf-dev + libseccomp-dev + libseccomp2 + libselinux-dev + libsystemd-dev + libtool + libudev-dev + libvarlink + lsof + make + netcat + openssl + pkg-config + podman + protobuf-c-compiler + protobuf-compiler + python-protobuf + python3-dateutil + python3-pip + python3-psutil + python3-pytoml + python3-setuptools + rsync + runc + scons + skopeo + slirp4netns + socat + sudo + unzip + vim + wget + xz-utils + zip + zlib1g-dev +) + +# These aren't resolvable on Ubuntu 20 +if [[ "$OS_RELEASE_VER" -le 19 ]]; then + INSTALL_PACKAGES+=(\ + python-future + python-minimal + yum-utils + ) +fi + +# Do this at the last possible moment to avoid dpkg lock conflicts +echo "Upgrading all packages" +$BIGTO ooe.sh $SUDOAPTGET upgrade + +echo "Installing general testing and system dependencies" +# Necessary to update cache of newly added repos +$LILTO ooe.sh $SUDOAPTGET update +$BIGTO ooe.sh $SUDOAPTGET install ${INSTALL_PACKAGES[@]} + +export GOPATH="$(mktemp -d)" +trap "$SUDO rm -rf $GOPATH" EXIT +echo "Installing cataonit and libseccomp.sudo" +cd $GOSRC +ooe.sh $SUDO hack/install_catatonit.sh +ooe.sh $SUDO make install.libseccomp.sudo + +CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc" +if $SUDO dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH" +then + echo "Linking $CRIO_RUNC_PATH to /usr/bin/runc for ease of testing." + $SUDO ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc" +fi diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh index 4b6e99358..2febbd265 100644 --- a/contrib/cirrus/packer/ubuntu_setup.sh +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -8,164 +8,21 @@ set -e # Load in library (copied by packer, before this script was run) source $GOSRC/$SCRIPT_BASE/lib.sh -req_env_var SCRIPT_BASE +req_env_var SCRIPT_BASE PACKER_BASE INSTALL_AUTOMATION_VERSION PACKER_BUILDER_NAME GOSRC UBUNTU_BASE_IMAGE OS_RELEASE_ID OS_RELEASE_VER -install_ooe - -export GOPATH="$(mktemp -d)" -trap "sudo rm -rf $GOPATH" EXIT +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish # Stop disruption upon boot ASAP after booting echo "Disabling all packaging activity on boot" -# Don't let sed process sed's temporary files -_FILEPATHS=$(sudo ls -1 /etc/apt/apt.conf.d) -for filename in $_FILEPATHS; do \ +for filename in $(sudo ls -1 /etc/apt/apt.conf.d); do \ echo "Checking/Patching $filename" sudo sed -i -r -e "s/$PERIODIC_APT_RE/"'\10"\;/' "/etc/apt/apt.conf.d/$filename"; done -echo "Updating/configuring package repositories." -$BIGTO $SUDOAPTGET update - -echo "Upgrading all packages" -$BIGTO $SUDOAPTGET upgrade - -echo "Adding third-party repositories and PPAs" -$LILTO $SUDOAPTGET install software-properties-common -$LILTO $SUDOAPTADD ppa:criu/ppa -if [[ "$OS_RELEASE_VER" -eq "18" ]] -then - $LILTO $SUDOAPTADD ppa:longsleep/golang-backports -fi - -echo "Configuring/Instaling deps from Open build server" -VERSION_ID=$(source /etc/os-release; echo $VERSION_ID) -echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/ /" \ - | ooe.sh sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -ooe.sh curl -L -o /tmp/Release.key "https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key" -ooe.sh sudo apt-key add - < /tmp/Release.key - -INSTALL_PACKAGES=(\ - apparmor - aufs-tools - autoconf - automake - bash-completion - bison - build-essential - buildah - bzip2 - conmon - containernetworking-plugins - containers-common - coreutils - cri-o-runc - criu - curl - dnsmasq - e2fslibs-dev - emacs-nox - file - gawk - gcc - gettext - git - go-md2man - golang - iproute2 - iptables - jq - libaio-dev - libapparmor-dev - libcap-dev - libdevmapper-dev - libdevmapper1.02.1 - libfuse-dev - libfuse2 - libglib2.0-dev - libgpgme11-dev - liblzma-dev - libnet1 - libnet1-dev - libnl-3-dev - libprotobuf-c-dev - libprotobuf-dev - libseccomp-dev - libseccomp2 - libselinux-dev - libsystemd-dev - libtool - libudev-dev - libvarlink - lsof - make - netcat - openssl - pkg-config - podman - protobuf-c-compiler - protobuf-compiler - python-future - python-minimal - python-protobuf - python3-dateutil - python3-pip - python3-psutil - python3-pytoml - python3-setuptools - rsync - runc - scons - skopeo - slirp4netns - socat - unzip - vim - wget - xz-utils - yum-utils - zip - zlib1g-dev -) - -if [[ "$OS_RELEASE_VER" -ge "19" ]] -then - INSTALL_PACKAGES+=(\ - bats - btrfs-progs - fuse3 - libbtrfs-dev - libfuse3-dev - ) -else - echo "Downloading version of bats with fix for a \$IFS related bug in 'run' command" - cd /tmp - BATS_URL='http://launchpadlibrarian.net/438140887/bats_1.1.0+git104-g1c83a1b-1_all.deb' - curl -L -O "$BATS_URL" - cd - - INSTALL_PACKAGES+=(\ - /tmp/$(basename $BATS_URL) - btrfs-tools - ) -fi - -echo "Installing general testing and system dependencies" -# Necessary to update cache of newly added repos -$LILTO $SUDOAPTGET update -$BIGTO $SUDOAPTGET install ${INSTALL_PACKAGES[@]} - -echo "Installing cataonit and libseccomp.sudo" -ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh -ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo - -# Ensure there are no disruptive periodic services enabled by default in image -systemd_banish +bash $PACKER_BASE/ubuntu_packaging.sh -CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc" -if sudo dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH" -then - echo "Linking $CRIO_RUNC_PATH to /usr/bin/runc for ease of testing." - sudo ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc" -fi +# Load installed environment right now (happens automatically in a new process) +source /usr/share/automation/environment echo "Making Ubuntu kernel to enable cgroup swap accounting as it is not the default." SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/g' diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 57c9ec52a..945b33909 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -43,16 +43,8 @@ case "${OS_RELEASE_ID}" in fedora) # All SELinux distros need this for systemd-in-a-container setsebool container_manage_cgroup true - if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then - bash "$SCRIPT_BASE/add_second_partition.sh" - fi - if [[ $OS_RELEASE_VER -le 31 ]]; then - warn "Switching io scheduler to 'deadline' to avoid RHBZ 1767539" - warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" - echo "mq-deadline" > /sys/block/sda/queue/scheduler - cat /sys/block/sda/queue/scheduler - fi + workaround_bfq_bug if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then bash "$SCRIPT_BASE/add_second_partition.sh" @@ -84,18 +76,12 @@ case "$CG_FS_TYPE" in X=$(echo "export OCI_RUNTIME=/usr/bin/crun" | \ tee -a /etc/environment) && eval "$X" && echo "$X" - if [[ "$MOD_LIBPOD_CONF" == "true" ]]; then - warn "Updating runtime setting in repo. copy of libpod.conf" - sed -i -r -e 's/^runtime = "runc"/runtime = "crun"/' $GOSRC/libpod.conf - git diff $GOSRC/libpod.conf - fi - if [[ "$OS_RELEASE_ID" == "fedora" ]]; then warn "Upgrading to the latest crun" # Normally not something to do for stable testing # but crun is new, and late-breaking fixes may be required # on short notice - dnf update -y crun + dnf update -y crun containers-common fi ;; *) diff --git a/contrib/dependencies.txt b/contrib/dependencies.txt index 5a6fa9834..f61912fde 100644 --- a/contrib/dependencies.txt +++ b/contrib/dependencies.txt @@ -2,7 +2,6 @@ btrfs-progs-devel bzip2 -container-selinux containernetworking-cni device-mapper-devel findutils diff --git a/contrib/gate/Dockerfile b/contrib/gate/Dockerfile index f7cd8f2b3..f86709b00 100644 --- a/contrib/gate/Dockerfile +++ b/contrib/gate/Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:31 +FROM fedora:32 ENV GOPATH="/var/tmp/go" \ GOBIN="/var/tmp/go/bin" \ @@ -7,11 +7,13 @@ ENV GOPATH="/var/tmp/go" \ GOSRC="/var/tmp/go/src/github.com/containers/libpod" # Only needed for installing build-time dependencies, then will be removed -COPY / $GOSRC +COPY . $GOSRC # Install packages from dependencies.txt, ignoring commented lines +# Note: adding conmon and crun so podman command checks will work RUN dnf -y install \ - $(grep "^[^#]" $GOSRC/contrib/dependencies.txt) \ + $(grep "^[^#]" $GOSRC/contrib/dependencies.txt) diffutils containers-common fuse-overlayfs conmon crun runc --exclude container-selinux; \ + sed -i -e 's|^#mount_program|mount_program|g' /etc/containers/storage.conf \ && dnf clean all # Install dependencies diff --git a/contrib/podmanimage/stable/Dockerfile b/contrib/podmanimage/stable/Dockerfile index 7aeb5bbdc..fdf461f72 100644 --- a/contrib/podmanimage/stable/Dockerfile +++ b/contrib/podmanimage/stable/Dockerfile @@ -6,17 +6,17 @@ # This image can be used to create a secured container # that runs safely with privileges within the container. # -FROM fedora:latest +FROM registry.fedoraproject.org/fedora:latest # Don't include container-selinux and remove # directories used by yum that are just taking # up space. RUN useradd podman; yum -y update; yum -y reinstall shadow-utils; yum -y install podman fuse-overlayfs --exclude container-selinux; rm -rf /var/cache /var/log/dnf* /var/log/yum.* -# Adjust storage.conf to enable Fuse storage. -RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf -RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock - ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/ +# chmod containers.conf and adjust storage.conf to enable Fuse storage. +RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf +RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock + ENV _CONTAINERS_USERNS_CONFIGURED="" diff --git a/contrib/podmanimage/stable/manual/Containerfile b/contrib/podmanimage/stable/manual/Containerfile index afc4f5ffd..79ff95956 100644 --- a/contrib/podmanimage/stable/manual/Containerfile +++ b/contrib/podmanimage/stable/manual/Containerfile @@ -17,7 +17,7 @@ # `podman push quay.io/stable:v1.7.0 docker://quay.io/podman/stable:v1.7.0` # # Start Build Process using the latest Fedora -FROM fedora:latest +FROM registry.fedoraproject.org/fedora:latest # Don't include container-selinux and remove # directories used by dnf that are just taking @@ -26,10 +26,11 @@ FROM fedora:latest COPY /tmp/podman-1.7.0-3.fc30.x86_64.rpm /tmp RUN yum -y install /tmp/podman-1.7.0-3.fc30.x86_64.rpm fuse-overlayfs --exclude container-selinux; rm -rf /var/cache /var/log/dnf* /var/log/yum.* /tmp/podman*.rpm -# Adjust storage.conf to enable Fuse storage. -RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf +ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/ + +# chmod containers.conf and adjust storage.conf to enable Fuse storage. +RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock -ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/ ENV _CONTAINERS_USERNS_CONFIGURED="" diff --git a/contrib/podmanimage/testing/Dockerfile b/contrib/podmanimage/testing/Dockerfile index 3a7a0b7f8..0124879e0 100644 --- a/contrib/podmanimage/testing/Dockerfile +++ b/contrib/podmanimage/testing/Dockerfile @@ -8,17 +8,17 @@ # This image can be used to create a secured container # that runs safely with privileges within the container. # -FROM fedora:latest +FROM registry.fedoraproject.org/fedora:latest # Don't include container-selinux and remove # directories used by yum that are just taking # up space. RUN useradd podman; yum -y update; yum -y reinstall shadow-utils; yum -y install podman fuse-overlayfs --exclude container-selinux --enablerepo updates-testing; rm -rf /var/cache /var/log/dnf* /var/log/yum.* -# Adjust storage.conf to enable Fuse storage. -RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf -RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock - ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/ +# chmod containers.conf and adjust storage.conf to enable Fuse storage. +RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf +RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock + ENV _CONTAINERS_USERNS_CONFIGURED="" diff --git a/contrib/podmanimage/upstream/Dockerfile b/contrib/podmanimage/upstream/Dockerfile index 3b2f49094..6787cfcc3 100644 --- a/contrib/podmanimage/upstream/Dockerfile +++ b/contrib/podmanimage/upstream/Dockerfile @@ -8,7 +8,7 @@ # The containers created by this image also come with a # Podman development environment in /root/podman. # -FROM fedora:latest +FROM registry.fedoraproject.org/fedora:latest ENV GOPATH=/root/podman # Install the software required to build Podman. @@ -63,10 +63,10 @@ RUN useradd podman; yum -y update; yum -y reinstall shadow-utils; yum -y install yum -y remove git golang go-md2man make; \ yum clean all; -# Adjust storage.conf to enable Fuse storage. -RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf -RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock - ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/ +# chmod containers.conf and adjust storage.conf to enable Fuse storage. +RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf +RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock + ENV _CONTAINERS_USERNS_CONFIGURED="" diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 1dfbdf208..e4415c291 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -80,13 +80,14 @@ BuildRequires: libselinux-devel BuildRequires: pkgconfig BuildRequires: make BuildRequires: systemd-devel -Requires: runc Requires: skopeo-containers Requires: containernetworking-plugins >= 0.6.0-3 Requires: iptables %if 0%{?rhel} <= 7 Requires: container-selinux %else +Requires: oci-runtime +Recommends: crun Recommends: container-selinux Recommends: slirp4netns Recommends: fuse-overlayfs @@ -423,10 +424,6 @@ PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{build mv pkg/hooks/README.md pkg/hooks/README-hooks.md -# install libpod.conf -install -dp %{buildroot}%{_datadir}/containers -install -p -m 644 %{repo}.conf %{buildroot}%{_datadir}/containers - # install conmon install -dp %{buildroot}%{_libexecdir}/%{name} install -p -m 755 conmon/bin/conmon %{buildroot}%{_libexecdir}/%{name} @@ -506,7 +503,6 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/zsh/site-functions/* %{_libexecdir}/%{name}/conmon %config(noreplace) %{_sysconfdir}/cni/net.d/87-%{name}-bridge.conflist -%{_datadir}/containers/%{repo}.conf %{_unitdir}/io.podman.service %{_unitdir}/io.podman.socket %{_usr}/lib/systemd/user/io.podman.service |