podman

1
%global with_debug 1
2

3
%if 0%{?with_debug}
4
%global _find_debuginfo_dwz_opts %{nil}
5
%global _dwz_low_mem_die_limit 0
6
%else
7
%global debug_package %{nil}
8
%endif
9

10
# RHEL's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we
11
# set it separately here and do not depend on RHEL's go-[s]rpm-macros package
12
# until that's fixed.
13
# c9s bz: https://bugzilla.redhat.com/show_bug.cgi?id=2227328
14
%if %{defined rhel} && 0%{?rhel} < 10
15
%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
16
%endif
17

18
%global gomodulesmode GO111MODULE=on
19

20
%if %{defined rhel}
21
# _user_tmpfiles.d currently undefined on rhel
22
%global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d
23
%endif
24

25
%if %{defined fedora}
26
%define build_with_btrfs 1
27
%endif
28

29
%if %{defined copr_username}
30
%define copr_build 1
31
%endif
32

33
%global container_base_path github.com/containers
34
%global container_base_url https://%{container_base_path}
35

36
# For LDFLAGS
37
%global ld_project %{container_base_path}/%{name}/v5
38
%global ld_libpod %{ld_project}/libpod
39

40
# %%{name}
41
%global git0 %{container_base_url}/%{name}
42

43
Name: podman
44
%if %{defined copr_build}
45
Epoch: 102
46
%else
47
Epoch: 5
48
%endif
49
# DO NOT TOUCH the Version string!
50
# The TRUE source of this specfile is:
51
# https://github.com/containers/podman/blob/main/rpm/podman.spec
52
# If that's what you're reading, Version must be 0, and will be updated by Packit for
53
# copr and koji builds.
54
# If you're reading this on dist-git, the version is automatically filled in by Packit.
55
Version: 0
56
# The `AND` needs to be uppercase in the License for SPDX compatibility
57
License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0
58
Release: %autorelease
59
%if %{defined golang_arches_future}
60
ExclusiveArch: %{golang_arches_future}
61
%else
62
ExclusiveArch: aarch64 ppc64le s390x x86_64
63
%endif
64
Summary: Manage Pods, Containers and Container Images
65
URL: https://%{name}.io/
66
# All SourceN files fetched from upstream
67
Source0: %{git0}/archive/v%{version_no_tilde}.tar.gz
68
Provides: %{name}-manpages = %{epoch}:%{version}-%{release}
69
BuildRequires: %{_bindir}/envsubst
70
%if %{defined build_with_btrfs}
71
BuildRequires: btrfs-progs-devel
72
%endif
73
BuildRequires: gcc
74
BuildRequires: glib2-devel
75
BuildRequires: glibc-devel
76
BuildRequires: glibc-static
77
BuildRequires: golang
78
BuildRequires: git-core
79
%if %{undefined rhel} || 0%{?rhel} >= 10
80
BuildRequires: go-rpm-macros
81
%endif
82
BuildRequires: gpgme-devel
83
BuildRequires: libassuan-devel
84
BuildRequires: libgpg-error-devel
85
BuildRequires: libseccomp-devel
86
BuildRequires: libselinux-devel
87
BuildRequires: shadow-utils-subid-devel
88
BuildRequires: pkgconfig
89
BuildRequires: make
90
BuildRequires: man-db
91
BuildRequires: ostree-devel
92
BuildRequires: systemd
93
BuildRequires: systemd-devel
94
Requires: catatonit
95
Requires: conmon >= 2:2.1.7-2
96
%if %{defined fedora} && 0%{?fedora} >= 40
97
# TODO: Remove the f40 conditional after a few releases to keep conditionals to
98
# a minimum
99
# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2269148
100
Requires: containers-common-extra >= 5:0.58.0-1
101
%else
102
Requires: containers-common-extra
103
%endif
104
%if %{defined rhel} && !%{defined eln}
105
Recommends: gvisor-tap-vsock-gvforwarder
106
%else
107
Requires: gvisor-tap-vsock-gvforwarder
108
%endif
109
Recommends: gvisor-tap-vsock
110
Provides: %{name}-quadlet
111
Obsoletes: %{name}-quadlet <= 5:4.4.0-1
112
Provides: %{name}-quadlet = %{epoch}:%{version}-%{release}
113

114
%description
115
%{name} (Pod Manager) is a fully featured container engine that is a simple
116
daemonless tool.  %{name} provides a Docker-CLI comparable command line that
117
eases the transition from other container engines and allows the management of
118
pods, containers and images.  Simply put: alias docker=%{name}.
119
Most %{name} commands can be run as a regular user, without requiring
120
additional privileges.
121

122
%{name} uses Buildah(1) internally to create container images.
123
Both tools share image (not container) storage, hence each can use or
124
manipulate images (but not containers) created by the other.
125

126
%{summary}
127
%{repo} Simple management tool for pods, containers and images
128

129
%package docker
130
Summary: Emulate Docker CLI using %{name}
131
BuildArch: noarch
132
Requires: %{name} = %{epoch}:%{version}-%{release}
133
Conflicts: docker
134
Conflicts: docker-latest
135
Conflicts: docker-ce
136
Conflicts: docker-ee
137
Conflicts: moby-engine
138

139
%description docker
140
This package installs a script named docker that emulates the Docker CLI by
141
executes %{name} commands, it also creates links between all Docker CLI man
142
pages and %{name}.
143

144
%package tests
145
Summary: Tests for %{name}
146

147
Requires: %{name} = %{epoch}:%{version}-%{release}
148
Requires: bats
149
Requires: jq
150
Requires: skopeo
151
Requires: nmap-ncat
152
Requires: httpd-tools
153
Requires: openssl
154
Requires: socat
155
Requires: buildah
156
Requires: gnupg
157

158
%description tests
159
%{summary}
160

161
This package contains system tests for %{name}
162

163
%package remote
164
Summary: (Experimental) Remote client for managing %{name} containers
165

166
%description remote
167
Remote client for managing %{name} containers.
168

169
This experimental remote client is under heavy development. Please do not
170
run %{name}-remote in production.
171

172
%{name}-remote uses the version 2 API to connect to a %{name} client to
173
manage pods, containers and container images. %{name}-remote supports ssh
174
connections as well.
175

176
%package -n %{name}sh
177
Summary: Confined login and user shell using %{name}
178
Requires: %{name} = %{epoch}:%{version}-%{release}
179
Provides: %{name}-shell = %{epoch}:%{version}-%{release}
180
Provides: %{name}-%{name}sh = %{epoch}:%{version}-%{release}
181

182
%description -n %{name}sh
183
%{name}sh provides a confined login and user shell with access to volumes and
184
capabilities specified in user quadlets.
185

186
It is a symlink to %{_bindir}/%{name} and execs into the `%{name}sh` container
187
when `%{_bindir}/%{name}sh` is set as a login shell or set as os.Args[0].
188

189
%prep
190
%autosetup -Sgit -n %{name}-%{version_no_tilde}
191
sed -i 's;@@PODMAN@@\;$(BINDIR);@@PODMAN@@\;%{_bindir};' Makefile
192

193
# cgroups-v1 is supported on rhel9
194
%if 0%{?rhel} == 9
195
sed -i '/DELETE ON RHEL9/,/DELETE ON RHEL9/d' libpod/runtime.go
196
%endif
197

198
# These changes are only meant for copr builds
199
%if %{defined copr_build}
200
# podman --version should show short sha
201
sed -i "s/^const RawVersion = .*/const RawVersion = \"##VERSION##-##SHORT_SHA##\"/" version/rawversion/version.go
202
# use ParseTolerant to allow short sha in version
203
sed -i "s/^var Version.*/var Version, err = semver.ParseTolerant(rawversion.RawVersion)/" version/version.go
204
%endif
205

206
%build
207
%set_build_flags
208
export CGO_CFLAGS=$CFLAGS
209

210
# These extra flags present in $CFLAGS have been skipped for now as they break the build
211
CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
212
CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
213
CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')
214

215
%ifarch x86_64
216
export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
217
%endif
218

219
export GOPROXY=direct
220

221
LDFLAGS="-X %{ld_libpod}/define.buildInfo=${SOURCE_DATE_EPOCH:-$(date +%s)} \
222
         -X %{ld_libpod}/config._installPrefix=%{_prefix} \
223
         -X %{ld_libpod}/config._etcDir=%{_sysconfdir} \
224
         -X %{ld_project}/pkg/systemd/quadlet._binDir=%{_bindir}"
225

226
# build rootlessport first
227
%gobuild -o bin/rootlessport ./cmd/rootlessport
228

229
export BASEBUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)"
230

231
# build %%{name}
232
export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh)"
233
%gobuild -o bin/%{name} ./cmd/%{name}
234

235
# build %%{name}-remote
236
export BUILDTAGS="$BASEBUILDTAGS exclude_graphdriver_btrfs btrfs_noversion remote"
237
%gobuild -o bin/%{name}-remote ./cmd/%{name}
238

239
# build quadlet
240
export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)"
241
%gobuild -o bin/quadlet ./cmd/quadlet
242

243
# reset LDFLAGS for plugins binaries
244
LDFLAGS=''
245

246
%{__make} docs docker-docs
247

248
%install
249
install -dp %{buildroot}%{_unitdir}
250
PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} ETCDIR=%{_sysconfdir} \
251
       install.bin \
252
       install.man \
253
       install.systemd \
254
       install.completions \
255
       install.docker \
256
       install.docker-docs \
257
       install.remote \
258
%if %{defined _modulesloaddir}
259
        install.modules-load
260
%endif
261

262
sed -i 's;%{buildroot};;g' %{buildroot}%{_bindir}/docker
263

264
# do not include docker and podman-remote man pages in main package
265
for file in `find %{buildroot}%{_mandir}/man[15] -type f | sed "s,%{buildroot},," | grep -v -e %{name}sh.1 -e remote -e docker`; do
266
    echo "$file*" >> %{name}.file-list
267
done
268

269
rm -f %{buildroot}%{_mandir}/man5/docker*.5
270

271
install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
272
cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
273

274
#define license tag if not already defined
275
%{!?_licensedir:%global license %doc}
276

277
%files -f %{name}.file-list
278
%license LICENSE vendor/modules.txt
279
%doc README.md CONTRIBUTING.md install.md transfer.md
280
%{_bindir}/%{name}
281
%dir %{_libexecdir}/%{name}
282
%{_libexecdir}/%{name}/rootlessport
283
%{_libexecdir}/%{name}/quadlet
284
%{_datadir}/bash-completion/completions/%{name}
285
# By "owning" the site-functions dir, we don't need to Require zsh
286
%dir %{_datadir}/zsh/site-functions
287
%{_datadir}/zsh/site-functions/_%{name}
288
%dir %{_datadir}/fish/vendor_completions.d
289
%{_datadir}/fish/vendor_completions.d/%{name}.fish
290
%{_unitdir}/%{name}*
291
%{_userunitdir}/%{name}*
292
%{_tmpfilesdir}/%{name}.conf
293
%{_systemdgeneratordir}/%{name}-system-generator
294
%{_systemdusergeneratordir}/%{name}-user-generator
295
%if %{defined _modulesloaddir}
296
%{_modulesloaddir}/%{name}-iptables.conf
297
%endif
298

299
%files docker
300
%{_bindir}/docker
301
%{_mandir}/man1/docker*.1*
302
%{_sysconfdir}/profile.d/%{name}-docker.*
303
%{_tmpfilesdir}/%{name}-docker.conf
304
%{_user_tmpfilesdir}/%{name}-docker.conf
305

306
%files remote
307
%license LICENSE
308
%{_bindir}/%{name}-remote
309
%{_mandir}/man1/%{name}-remote*.*
310
%{_datadir}/bash-completion/completions/%{name}-remote
311
%dir %{_datadir}/fish/vendor_completions.d
312
%{_datadir}/fish/vendor_completions.d/%{name}-remote.fish
313
%dir %{_datadir}/zsh/site-functions
314
%{_datadir}/zsh/site-functions/_%{name}-remote
315

316
%files tests
317
%{_datadir}/%{name}/test
318

319
%files -n %{name}sh
320
%{_bindir}/%{name}sh
321
%{_mandir}/man1/%{name}sh.1*
322

323
%changelog
324
%if %{defined autochangelog}
325
%autochangelog
326
%else
327
* Mon May 01 2023 RH Container Bot <rhcontainerbot@fedoraproject.org>
328
- Placeholder changelog for envs that are not autochangelog-ready
329
%endif
330