Use the Go toolchain to cross-compile the "This image is designed to be
run as a confidential workload using libkrun." entrypoint that we add to
confidential workload images. It's bigger than it was before, but
easier to port and can be built from source every time when desired.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
run: after we've picked up the exit status of the "main" process that
we're running, reap anything that was reparented to us before returning.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add a dummy "runtime" that just dumps its runtime config, either the
entirety of it, or a section of it corresponding to each command line
argument. Tests can use it to ensure that we set the right thing in the
configuration without also depending on the runtime to do as its asked,
which isn't always something we have control over.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This commit adds TMT jobs for system tests triggered via Packit for
all active Fedora and CentOS Stream releases on x86_64.
TODO: enable aarch64 tests.
Official Fedora and CentOS Stream spec and gating test configs can be
synced from upstream by Packit, effectively upstreaming almost all
mainteenance.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The default gobuild macro on RHEL now includes support for BUILDTAGS. So
we don't need to redefine it here.
`libtrust_openssl` buildtag will be set in the spec file for RHEL environments.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
rpmautospec is now supported on all active Fedora and CentOS Stream
envs. So we don't need these conditionals anymore.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Use a listener helper to bind to an available-according-to-the-kernel
listening port and run a command with its stdio more or less tied to the
connection instead of trying to launch a git daemon directly using a
port number that we can only guess is available.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This removes the need for any `Provides: bundled()` we needed in spec
files.
The updated Provides will be visible in the build logs and can also be
verified with `rpm -q --provides $RPM_FILE`.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
rpkg is now deprecated. This commit makes the rpm target consistent with
the one in Podman.
Using skip-ci as we don't need to run cirrus tests for this change.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
The lowercase `and` in the License field isn't compatible with spdx
license format.
This commit replaces all `and` with `AND` in the License field in spec.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
buildtags mentioned as $(hack/foobar.sh) need double quotes to get
correctly read.
Fixes: #4944
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The pre-sync action constantly breaks and is currently not possible to
reliably test until the subsequent upstream release due to limitations
in packit.
The lines being added by the action script to the downstream Fedora spec
were only meant to keep Fedora happy. But given that they provide
no tangible benefit as github notifies us of security
issues in libraries mentioned in go.mod and go.sum, along with redhat
prodsec's own magic for creating security alerts, there's absolutely
no point to having the pre-sync action run and add a layer of uncertainty.
This commit removes the pre-sync action and
`rpm/update-spec-provides.sh`.
Ref: https://github.com/containers/podman/issues/19232
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
One of the reasons the last propose-downstream task failed for Fedora
was the `golist` tool wasn't available in the Packit environment.
This commit adds golist to the environment by downloading and extracting
the golist rpm.
This dependency could've been added in packit's upstream config but
there were a few blockers, so it's easiest to add them in our action
script.
Ref: https://github.com/containers/buildah/issues/4904
Also make go-md2man dependency in rpm/buildah.spec more generic
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Get rid of `buildah.spec.rpkg` in favour of
`rpm/buildah.spec` which gets synced with fedora dist-git on every
upstream release. The version in the new spec file is set to `0` by
default and gets updated by packit automatically on every packit task.
Packit will automatically create a PR on fedora dist-git on every new
upstream release. A sample PR will look like:
https://src.fedoraproject.org/rpms/container-selinux/pull-request/10#
A dry run for this can be triggered using:
`$ packit propose-downstream --local-content`
To run this command locally, you would need to have your packit
user-configuration-file set.
Ref: https://packit.dev/docs/configuration/#user-configuration-file
along with a fedora api key created at:
https://src.fedoraproject.org/settings#nav-api-tab with sufficient ACLs.
This patch incurs zero additional cost to upstream as the downstream
tasks occur only after upstream release and do not block anything
upstream.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
