Accepting request 838911 from devel:kubic

OBS-URL: https://build.opensuse.org/request/show/838911
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/podman?expand=0&rev=70

_service

@@ -4,8 +4,8 @@
 <param name="url">https://github.com/containers/podman.git</param>
 <param name="scm">git</param>
 <param name="filename">podman</param>
-<param name="versionformat">2.0.6</param>
+<param name="versionformat">2.1.1</param>
-<param name="revision">v2.0.6</param>
+<param name="revision">v2.1.1</param>
 </service>
 
 <service name="set_version" mode="disabled">

podman-2.0.6.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9c8ff7bc9729b54052ad3112c09d136571fa5b8a3f2e5d32156ebf78512501ba
-size 5254560

podman-2.1.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:87d93ff0df3a819ef2a87df5635637f31cbf672264a60ca47373a6c19a54f68a
+size 5468888

podman.changes

@@ -1,3 +1,195 @@
+-------------------------------------------------------------------
+Wed Sep 30 14:07:34 UTC 2020 - rhafer@suse.com
+- Added patch varlink.patch to disable needless varlink code
+  generation. This would cause compile failures in OBS.
+  (https://github.com/containers/podman/pull/7854)
+- Cleanup %build section a bit and no longer build in GOPATH.
+  This shouldn't be needed anymore.
+- Path BUILDFLAGS via enviroment variable to allow it being
+  appended to the corresponding Makefile variable instead of
+  completely overriding it.
+- Install new auto-update system units
+- Update to v2.1.1:
+  * Changes
+    - The `podman info` command now includes the cgroup manager
+      Podman is using.
+  * API
+    - The REST API now includes a Server header in all responses.
+    - Fixed a bug where the Libpod and Compat Attach endpoints
+      could terminate early, before sending all output from the
+      container.
+    - Fixed a bug where the Compat Create endpoint for containers
+      did not properly handle the Interactive parameter.
+    - Fixed a bug where the Compat Kill endpoint for containers
+      could continue to run after a fatal error.
+    - Fixed a bug where the Limit parameter of the Compat List
+      endpoint for Containers did not properly handle a limit of 0
+      (returning nothing, instead of all containers) [#7722].
+    - The Libpod Stats endpoint for containers is being deprecated
+      and will be replaced by a similar endpoint with additional
+      features in a future release.
+- Changes in v2.1.0
+  * Features
+    - A new command, `podman image mount`, has been added. This
+      allows for an image to be mounted, read-only, to inspect its
+      contents without creating a container from it [#1433].
+    - The `podman save` and `podman load` commands can now create
+      and load archives containing multiple images [#2669].
+    - Rootless Podman now supports all `podman network` commands,
+      and rootless containers can now be joined to networks.
+    - The performance of `podman build` on `ADD` and `COPY`
+      instructions has been greatly improved, especially when a
+      `.dockerignore` is present.
+    - The `podman run` and `podman create` commands now support a
+      new mode for the `--cgroups` option, `--cgroups=split`.
+      Podman will create two cgroups under the cgroup it was
+      launched in, one for the container and one for Conmon. This
+      mode is useful for running Podman in a systemd unit, as it
+      ensures that all processes are retained in systemd's cgroup
+      hierarchy [#6400].
+    - The `podman run` and `podman create` commands can now specify
+      options to slirp4netns by using the `--network` option as
+      follows:  `--net slirp4netns:opt1,opt2`. This allows for,
+      among other things, switching the port forwarder used by
+      slirp4netns away from rootlessport.
+    - The `podman ps` command now features a new option,
+      `--storage`, to show containers from Buildah, CRI-O and other
+      applications.
+    - The `podman run` and `podman create` commands now feature a
+      `--sdnotify` option to control the behavior of systemd's
+      sdnotify with containers, enabling improved support for
+      Podman in `Type=notify` units.
+    - The `podman run` command now features a `--preserve-fds`
+      opton to pass file descriptors from the host into the
+      container [#6458].
+    - The `podman run` and `podman create` commands can now create
+      overlay volume mounts, by adding the `:O` option to a bind
+      mount (e.g. `-v /test:/test:O`). Overlay volume mounts will
+      mount a directory into a container from the host and allow
+      changes to it, but not write those changes back to the
+      directory on the host.
+    - The `podman play kube` command now supports the Socket
+      HostPath type [#7112].
+    - The `podman play kube` command now supports read-only mounts.
+    - The `podman play kube` command now supports setting labels on
+      pods from Kubernetes metadata labels.
+    - The `podman play kube` command now supports setting container
+      restart policy [#7656].
+    - The `podman play kube` command now properly handles
+      `HostAlias` entries.
+    - The `podman generate kube` command now adds entries to
+      `/etc/hosts` from `--host-add` generated YAML as `HostAlias`
+      entries.
+    - The `podman play kube` and `podman generate kube` commands
+      now properly support `shareProcessNamespace` to share the PID
+      namespace in pods.
+    - The `podman volume ls` command now supports the `dangling`
+      filter to identify volumes that are dangling (not attached to
+      any container).
+    - The `podman run` and `podman create` commands now feature a
+      `--umask` option to set the umask of the created container.
+    - The `podman create` and `podman run` commands now feature a
+      `--tz` option to set the timezone within the container [#5128].
+    - Environment variables for Podman can now be added in the
+      `containers.conf` configuration file.
+    - The `--mount` option of `podman run` and `podman create` now
+      supports a new mount type, `type=devpts`, to add a `devpts`
+      mount to the container. This is useful for containers that
+      want to mount `/dev/` from the host into the container, but
+      still create a terminal.
+    - The `--security-opt` flag to `podman run` and `podman create`
+      now supports a new option, `proc-opts`, to specify options
+      for the container's `/proc` filesystem.
+    - Podman with the `crun` OCI runtime now supports a new option
+      to `podman run` and `podman create`, `--cgroup-conf`, which
+      allows for advanced configuration of cgroups on cgroups v2
+      systems.
+    - The `podman create` and `podman run` commands now support a
+      `--override-variant` option, to override the architecture
+      variant of the image that will be pulled and ran.
+    - A new global option has been added to Podman,
+      `--runtime-flags`, which allows for setting flags to use when
+      the OCI runtime is called.
+    - The `podman manifest add` command now supports the
+      `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify`
+      options.
+  * Security
+    - This release resolves CVE-2020-14370, in which environment
+      variables could be leaked between containers created using
+      the Varlink API.
+  * Changes
+    - Podman will now retry pulling an image 3 times if a pull
+      fails due to network errors.
+    - The `podman exec` command would previously print error
+      messages (e.g. `exec session exited with non-zero exit code
+      -1`) when the command run exited with a non-0 exit code. It
+      no longer does this. The `podman exec` command will still
+      exit with the same exit code as the command run in the
+      container did.
+    - Error messages when creating a container or pod with a name
+      that is already in use have been improved.
+    - For read-only containers running systemd init, Podman creates
+      a tmpfs filesystem at `/run`. This was previously limited to
+      65k in size and mounted `noexec`, but is now unlimited size
+      and mounted `exec`.
+    - The `podman system reset` command no longer removes
+      configuration files for rootless Podman.
+  * API
+    - The Libpod API version has been bumped to v2.0.0 due to a
+      breaking change in the Image List API.
+    - Docker-compatible Volume Endpoints (Create, Inspect, List,
+      Remove, Prune) are now available!
+    - Added an endpoint for generating systemd unit files for
+      containers.
+    - The `last` parameter to the Libpod container list endpoint
+      now has an alias, `limit` [#6413].
+    - The Libpod image list API new returns timestamps in Unix
+      format, as integer, as opposed to as strings
+    - The Compat Inspect endpoint for containers now includes port
+      information in NetworkSettings.
+    - The Compat List endpoint for images now features limited
+      support for the (deprecated) `filter` query parameter [#6797].
+    - Fixed a bug where the Compat Create endpoint for containers
+      was not correctly handling bind mounts.
+    - Fixed a bug where the Compat Create endpoint for containers
+      would not return a 404 when the requested image was not
+      present.
+    - Fixed a bug where the Compat Create endpoint for containers
+      did not properly handle Entrypoint and Command from images.
+    - Fixed a bug where name history information was not properly
+      added in the Libpod Image List endpoint.
+    - Fixed a bug where the Libpod image search endpoint improperly
+      populated the Description field of responses.
+    - Added a `noTrunc` option to the Libpod image search endpoint.
+    - Fixed a bug where the Pod List API would return null, instead
+      of an empty array, when no pods were present [#7392].
+    - Fixed a bug where endpoints that hijacked would do perform
+      the hijack too early, before being ready to send and receive
+      data [#7195].
+    - Fixed a bug where Pod endpoints that can operate on multiple
+      containers at once (e.g. Kill, Pause, Unpause, Stop) would
+      not forward errors from individual containers that failed.
+    - The Compat List endpoint for networks now supports filtering
+      results [#7462].
+    - Fixed a bug where the Top endpoint for pods would return both
+      a 500 and 404 when run on a non-existant pod.
+    - Fixed a bug where Pull endpoints did not stream progress back
+      to the client.
+    - The Version endpoints (Libpod and Compat) now provide version
+      in a format compatible with Docker.
+    - All non-hijacking responses to API requests should not
+      include headers with the version of the server.
+    - Fixed a bug where Libpod and Compat Events endpoints did not
+      send response headers until the first event occurred [#7263].
+    - Fixed a bug where the Build endpoints (Compat and Libpod) did
+      not stream progress to the client.
+    - Fixed a bug where the Stats endpoints (Compat and Libpod) did
+      not properly handle clients disconnecting.
+    - Fixed a bug where the Ignore parameter to the Libpod Stop
+      endpoint was not performing properly.
+    - Fixed a bug where the Compat Logs endpoint for containers did
+      not stream its output in the correct format [#7196].
+
 -------------------------------------------------------------------
 Tue Sep  8 13:41:21 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
 

podman.spec

@@ -16,13 +16,13 @@
 #
 
 
-%define project        github.com/containers/libpod
+%define project        github.com/containers/podman
 # Build with libostree-devel in Tumbleweed, Leap 15 and SLES 15
 %if 0%{?suse_version} >= 1500
 %define with_libostree 1
 %endif
 Name:           podman
-Version:        2.0.6
+Version:        2.1.1
 Release:        0
 Summary:        Daemon-less container engine for managing containers, pods and images
 License:        Apache-2.0
@@ -32,6 +32,7 @@ Source0:        %{name}-%{version}.tar.xz
 Source1:        podman.conf
 Source3:        %{name}-rpmlintrc
 Source4:        README.SUSE.SLES
+Patch0:         varlink.patch
 BuildRequires:  bash-completion
 BuildRequires:  cni
 BuildRequires:  device-mapper-devel
@@ -82,6 +83,7 @@ skopeo, as they all share the same datastore backend.
 
 %prep
 %setup -q
+%patch0 
 
 %package cni-config
 Summary:        Basic CNI configuration for podman
@@ -97,16 +99,8 @@ setups. In more complicated setups, users are recommended to write their own
 CNI configurations.
 
 %build
-# We can't use symlinks here because go-list gets confused by symlinks, so we
-# have to copy the source to $HOME/go and then use that as the GOPATH.
-export GOPATH=$HOME/go
-mkdir -pv $HOME/go/src/%{project}
-rm -rf $HOME/go/src/%{project}/*
-cp -avr * $HOME/go/src/%{project}
-cd $HOME/go/src/%{project}
-
 # Build podman
-make BUILDFLAGS=-buildmode=pie
+BUILDFLAGS="-buildmode=pie" make
 
 # Build manpages
 make %{?_smp_mflags} docs
@@ -150,8 +144,12 @@ install -D -m 0644 %{SOURCE4} %{buildroot}%{_docdir}/%{name}/README.SUSE
 %{_datadir}/zsh/site-functions/_podman
 %{_unitdir}/podman.service
 %{_unitdir}/podman.socket
+%{_unitdir}/podman-auto-update.service
+%{_unitdir}/podman-auto-update.timer
 %{_userunitdir}/podman.service
 %{_userunitdir}/podman.socket
+%{_userunitdir}/podman-auto-update.service
+%{_userunitdir}/podman-auto-update.timer
 %ghost /run/podman
 %ghost  %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-libpodconf
 %license LICENSE

varlink.patch

@@ -0,0 +1,11 @@
+--- ./Makefile	2020/09/30 15:55:41	1.1
++++ ./Makefile	2020/09/30 17:59:12
+@@ -615,7 +615,7 @@
+ 
+ # $BUILD_TAGS variable is used in hack/golangci-lint.sh
+ .PHONY: varlink_generate
+-ifneq (or $(findstring varlink,$(BUILDTAGS)),$(findstring varlink,$(BUILD_TAGS)))
++ifneq (,$(or $(findstring varlink,$(BUILDTAGS)),$(findstring varlink,$(BUILD_TAGS))))
+ varlink_generate: .gopathok pkg/varlink/iopodman.go ## Generate varlink
+ else
+ varlink_generate: