Accepting request 1067581 from home:danishprakash:branches:devel:microos

- Update to version 4.4.2:

OBS-URL: https://build.opensuse.org/request/show/1067581
OBS-URL: https://build.opensuse.org/package/show/devel:microos/podman?expand=0&rev=18

_service

@@ -2,7 +2,7 @@
   <service name="tar_scm" mode="disabled">
     <param name="url">https://github.com/containers/podman.git</param>
     <param name="scm">git</param>
-    <param name="revision">v4.4.1</param>
+    <param name="revision">v4.4.2</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/containers/podman.git</param>
-              <param name="changesrevision">34e8f3933242f2e566bbbbf343cf69b7d506c1cf</param></service></servicedata>
+              <param name="changesrevision">74afe26887f814d1c39925a1624851ef3590e79c</param></service></servicedata>

podman-4.4.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6d2b7526ade665f20d13bb1aae3364e2828c829034bdbfdea38c5a4f7ea37882
-size 8801176

podman-4.4.2.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:11ffd53834db864d08a9757514a9cc28f696cb37a0da3b0036c90707c19591d9
+size 8808284

podman.changes

@@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Fri Feb 24 02:29:18 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
+
+- Update to version 4.4.2:
+  * Bump to v4.4.2
+  * Release notes for v4.4.2
+  * Revert "CI: Temporarily disable all AWS EC2-based tasks"
+  * kube play: only enforce passthrough in Quadlet
+  * Emergency fix for man pages: check for broken includes
+  * CI: Temporarily disable all AWS EC2-based tasks
+  * quadlet system tests: add useful defaults, logging
+  * volume,container: chroot to source before exporting content
+  * install sigproxy before start/attach
+  * Update to c/image 5.24.1
+  * events + container inspect test: RHEL fixes
+  * Bump to v4.4.2-dev
+
+- Remove patches (merged upstream):
+  * volume-container-chroot-to-source-before-exporting-content.patch
+- podman.spec: add `crun` requirement for quadlet
+    (https://github.com/containers/podman/pull/17601)
+
 -------------------------------------------------------------------
 Tue Feb 21 07:40:30 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
 

podman.spec

@@ -18,7 +18,7 @@
 %{!?_user_tmpfilesdir: %global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d}
 %define project        github.com/containers/podman
 Name:           podman
-Version:        4.4.1
+Version:        4.4.2
 Release:        0
 Summary:        Daemon-less container engine for managing containers, pods and images
 License:        Apache-2.0
@@ -27,7 +27,6 @@ URL:            https://%{project}
 Source0:        %{name}-%{version}.tar.xz
 Source1:        podman.conf
 Source2:        README.SUSE.SLES
-Patch:          https://github.com/containers/podman/pull/17532.patch#/volume-container-chroot-to-source-before-exporting-content.patch
 BuildRequires:  bash-completion
 BuildRequires:  cni
 BuildRequires:  device-mapper-devel
@@ -52,6 +51,11 @@ Requires:       catatonit >= 0.1.7
 Requires:       cni
 Requires:       cni-plugins
 Requires:       conmon >= 2.0.24
+# FIXME: quadlet has a hard dependency on crun
+# until https://github.com/containers/podman/pull/17601 is merged
+# which removes the hard dependency and at which point, we should
+# remove this and let users decide which runtime to use.
+Requires:       crun
 Requires:       fuse-overlayfs
 Requires:       iptables
 Requires:       libcontainers-common >= 20210626

volume-container-chroot-to-source-before-exporting-content.patch

@@ -1,102 +0,0 @@
-From 805e94b034ceb59e10a57413c1493b7e8b7e33a0 Mon Sep 17 00:00:00 2001
-From: Aditya R <arajan@redhat.com>
-Date: Fri, 10 Feb 2023 15:16:27 +0530
-Subject: [PATCH] volume,container: chroot to source before exporting content
-
-* Utils must support higher level API to create Tar with chrooted into
-  directory
-* Volume export: use TarwithChroot instead of Tar so we can make sure no
-  symlink can be exported by tar if it exists outside of the source
-directory.
-* container export: use chroot and Tar instead of Tar so we can make sure no
-  symlink can be exported by tar if it exists outside of the mointPoint.
-
-[NO NEW TESTS NEEDED]
-[NO TESTS NEEDED]
-Race needs combination of external/in-container mechanism which is hard to repro in CI.
-
-Closes: BZ:#2168256
-CVE: https://access.redhat.com/security/cve/CVE-2023-0778
-
-Signed-off-by: Aditya R <arajan@redhat.com>
-
-<MH: Cherry-pick to v4.4>
-
-Signed-off-by: Matt Heon <mheon@redhat.com>
----
- libpod/container_internal.go |  4 ++--
- utils/utils.go               | 25 ++++++++++++++++++++++++-
- 2 files changed, 26 insertions(+), 3 deletions(-)
-
-diff --git a/libpod/container_internal.go b/libpod/container_internal.go
-index c37d6be2b1b..ee6a7b6cc2c 100644
---- a/libpod/container_internal.go
-+++ b/libpod/container_internal.go
-@@ -34,7 +34,7 @@ import (
- 	"github.com/containers/podman/v4/pkg/systemd/notifyproxy"
- 	"github.com/containers/podman/v4/pkg/util"
- 	"github.com/containers/storage"
--	"github.com/containers/storage/pkg/archive"
-+	"github.com/containers/storage/pkg/chrootarchive"
- 	"github.com/containers/storage/pkg/idtools"
- 	"github.com/containers/storage/pkg/lockfile"
- 	"github.com/containers/storage/pkg/mount"
-@@ -763,7 +763,7 @@ func (c *Container) export(out io.Writer) error {
- 		}()
- 	}
- 
--	input, err := archive.Tar(mountPoint, archive.Uncompressed)
-+	input, err := chrootarchive.Tar(mountPoint, nil, mountPoint)
- 	if err != nil {
- 		return fmt.Errorf("reading container directory %q: %w", c.ID(), err)
- 	}
-diff --git a/utils/utils.go b/utils/utils.go
-index f9f96f2835e..81b77e544a3 100644
---- a/utils/utils.go
-+++ b/utils/utils.go
-@@ -13,6 +13,7 @@ import (
- 
- 	"github.com/containers/common/pkg/cgroups"
- 	"github.com/containers/storage/pkg/archive"
-+	"github.com/containers/storage/pkg/chrootarchive"
- 	"github.com/godbus/dbus/v5"
- 	"github.com/sirupsen/logrus"
- )
-@@ -63,7 +64,7 @@ func CreateTarFromSrc(source string, dest string) error {
- 		return fmt.Errorf("could not create tarball file '%s': %w", dest, err)
- 	}
- 	defer file.Close()
--	return TarToFilesystem(source, file)
-+	return TarChrootToFilesystem(source, file)
- }
- 
- // TarToFilesystem creates a tarball from source and writes to an os.file
-@@ -87,6 +88,28 @@ func Tar(source string) (io.ReadCloser, error) {
- 	return archive.Tar(source, archive.Uncompressed)
- }
- 
-+// TarChrootToFilesystem creates a tarball from source and writes to an os.file
-+// provided while chrooted to the source.
-+func TarChrootToFilesystem(source string, tarball *os.File) error {
-+	tb, err := TarWithChroot(source)
-+	if err != nil {
-+		return err
-+	}
-+	_, err = io.Copy(tarball, tb)
-+	if err != nil {
-+		return err
-+	}
-+	logrus.Debugf("wrote tarball file %s", tarball.Name())
-+	return nil
-+}
-+
-+// TarWithChroot creates a tarball from source and returns a readcloser of it
-+// while chrooted to the source.
-+func TarWithChroot(source string) (io.ReadCloser, error) {
-+	logrus.Debugf("creating tarball of %s", source)
-+	return chrootarchive.Tar(source, nil, source)
-+}
-+
- // RemoveScientificNotationFromFloat returns a float without any
- // scientific notation if the number has any.
- // golang does not handle conversion of float64s that have scientific