diff options
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/cirrus/lib.sh | 25 | ||||
| -rwxr-xr-x | contrib/cirrus/runner.sh | 1 | ||||
| -rwxr-xr-x | contrib/cirrus/setup_environment.sh | 12 | ||||
| -rw-r--r-- | contrib/spec/podman.spec.in | 15 | ||||
| -rw-r--r-- | contrib/systemd/auto-update/podman-auto-update.service.in (renamed from contrib/systemd/auto-update/podman-auto-update.service) | 4 | ||||
| -rw-r--r-- | contrib/systemd/system/podman-restart.service.in (renamed from contrib/systemd/system/podman-restart.service) | 5 | ||||
| -rw-r--r-- | contrib/systemd/system/podman.service.in (renamed from contrib/systemd/system/podman.service) | 2 |
7 files changed, 36 insertions, 28 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 9a7bfba8f..9b7c613f5 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -143,6 +143,8 @@ setup_rootless() { local rootless_uid local rootless_gid local env_var_val + local akfilepath + local sshcmd # Only do this once; established by setup_environment.sh # shellcheck disable=SC2154 @@ -169,24 +171,25 @@ setup_rootless() { ssh-keygen -P "" -f "$HOME/.ssh/id_rsa" msg "Allowing ssh key for $ROOTLESS_USER" + akfilepath="/home/$ROOTLESS_USER/.ssh/authorized_keys" (umask 077 && mkdir "/home/$ROOTLESS_USER/.ssh") chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0600 \ - "$HOME/.ssh/id_rsa.pub" "/home/$ROOTLESS_USER/.ssh/authorized_keys" + "$HOME/.ssh/id_rsa.pub" "$akfilepath" # Makes debugging easier - cat /root/.ssh/authorized_keys >> "/home/$ROOTLESS_USER/.ssh/authorized_keys" - - msg "Configuring subuid and subgid" - grep -q "${ROOTLESS_USER}" /etc/subuid || \ - echo "${ROOTLESS_USER}:$[rootless_uid * 100]:65536" | \ - tee -a /etc/subuid >> /etc/subgid + cat /root/.ssh/authorized_keys >> "$akfilepath" msg "Ensure the ssh daemon is up and running within 5 minutes" systemctl start sshd - lilto ssh $ROOTLESS_USER@localhost \ - -o UserKnownHostsFile=/dev/null \ - -o StrictHostKeyChecking=no \ - -o CheckHostIP=no true + sshcmd="ssh $ROOTLESS_USER@localhost + -o UserKnownHostsFile=/dev/null + -o StrictHostKeyChecking=no + -o CheckHostIP=no" + lilto $sshcmd true # retry until sshd is up + + msg "Configuring rootless user self-access to ssh to localhost" + $sshcmd ssh-keygen -P '""' -f "/home/$ROOTLESS_USER/.ssh/id_rsa" + cat "/home/$ROOTLESS_USER/.ssh/id_rsa" >> "$akfilepath" } install_test_configs() { diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh index 22a66dd08..8ef2a6e64 100755 --- a/contrib/cirrus/runner.sh +++ b/contrib/cirrus/runner.sh @@ -117,6 +117,7 @@ exec_container() { set -x # shellcheck disable=SC2154 exec podman run --rm --privileged --net=host --cgroupns=host \ + -v `mktemp -d -p /var/tmp`:/tmp:Z \ -v /dev/fuse:/dev/fuse \ -v "$GOPATH:$GOPATH:Z" \ --workdir "$GOSRC" \ diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index f2afbfef5..3786054a7 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -236,9 +236,19 @@ case "$TEST_FLAVOR" in # Use existing host bits when testing is to happen inside a container # since this script will run again in that environment. # shellcheck disable=SC2154 - if ((CONTAINER==0)) && [[ "$TEST_ENVIRON" == "host" ]]; then + if [[ "$TEST_ENVIRON" == "host" ]]; then + if ((CONTAINER)); then + die "Refusing to config. host-test in container"; + fi remove_packaged_podman_files make install PREFIX=/usr ETCDIR=/etc + elif [[ "$TEST_ENVIRON" == "container" ]]; then + if ((CONTAINER)); then + remove_packaged_podman_files + make install PREFIX=/usr ETCDIR=/etc + fi + else + die "Invalid value for $$TEST_ENVIRON=$TEST_ENVIRON" fi install_test_configs diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index fa513932f..2db8f6e67 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -3,18 +3,8 @@ %global with_check 0 %global with_unit_test 0 %bcond_without doc -%bcond_without debug -%if %{with debug} -%global _find_debuginfo_dwz_opts %{nil} -%global _dwz_low_mem_die_limit 0 -%else %global debug_package %{nil} -%endif - -%if ! 0%{?gobuild:1} -%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**}; -%endif # podman hack directory %define hackdir %{_builddir}/%{repo}-%{shortcommit0} @@ -435,7 +425,7 @@ BUILDTAGS=$BUILDTAGS make binaries %install install -dp %{buildroot}%{_unitdir} install -dp %{buildroot}%{_usr}/lib/systemd/user -PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \ +PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} ETCDIR=%{_sysconfdir} \ install.bin-nobuild \ install.remote-nobuild \ %if %{with doc} @@ -536,6 +526,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_usr}/lib/systemd/user/podman-auto-update.timer %{_usr}/lib/systemd/user/podman-restart.service %{_usr}/lib/tmpfiles.d/podman.conf +%dir %{_libexecdir}/%{name} +%{_libexecdir}/%{name}/rootlessport +%{_libexecdir}/%{name}/pause/pause %if 0%{?with_devel} %files -n libpod-devel -f devel.file-list diff --git a/contrib/systemd/auto-update/podman-auto-update.service b/contrib/systemd/auto-update/podman-auto-update.service.in index dc5fac8cf..de4460d60 100644 --- a/contrib/systemd/auto-update/podman-auto-update.service +++ b/contrib/systemd/auto-update/podman-auto-update.service.in @@ -6,8 +6,8 @@ After=network-online.target [Service] Type=oneshot -ExecStart=/usr/bin/podman auto-update -ExecStartPost=/usr/bin/podman image prune -f +ExecStart=@@PODMAN@@ auto-update +ExecStartPost=@@PODMAN@@ image prune -f [Install] WantedBy=multi-user.target default.target diff --git a/contrib/systemd/system/podman-restart.service b/contrib/systemd/system/podman-restart.service.in index baf12b3ae..46193e2c6 100644 --- a/contrib/systemd/system/podman-restart.service +++ b/contrib/systemd/system/podman-restart.service.in @@ -5,8 +5,9 @@ StartLimitIntervalSec=0 [Service] Type=oneshot +RemainAfterExit=true Environment=LOGGING="--log-level=info" -ExecStart=/usr/bin/podman $LOGGING start --all --filter restart-policy=always +ExecStart=@@PODMAN@@ $LOGGING start --all --filter restart-policy=always [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target default.target diff --git a/contrib/systemd/system/podman.service b/contrib/systemd/system/podman.service.in index cefb13ae3..132671dff 100644 --- a/contrib/systemd/system/podman.service +++ b/contrib/systemd/system/podman.service.in @@ -9,7 +9,7 @@ StartLimitIntervalSec=0 Type=exec KillMode=process Environment=LOGGING="--log-level=info" -ExecStart=/usr/bin/podman $LOGGING system service +ExecStart=@@PODMAN@@ $LOGGING system service [Install] WantedBy=multi-user.target |