commit: b86ea5f418a7dbe75847a8dc940edc114e3a17b8 Author: Rahil Bhimjiani <me <AT> rahil <DOT> rocks> AuthorDate: Wed Mar 20 11:50:37 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Mar 23 08:29:03 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b86ea5f4
app-containers/podman: update to 5.0.0 1) Podman 5 drops old, slow & insecure stack in favour of shiny new one: * slirp4netns -> passt/pasta * runc -> crun * cni-plugins -> netavark + aardvark-dns * cgroupv1 -> cgroupv2 2) remove USE flags: cgroup-hybrid, init, rootless, fuse because ... * cgroupv1 support is deprecated. * app-containers/catatonit, net-misc/passt, sys-fs/fuse-overlayfs are very minimal dependencies, <1M of installed size in <30s of compile time (ofc it varies). * These flags didn't do much except pulling in dependencies. So suppose someone goes from -init to +init they've to compile whole podman again, instead of just emerging catatonit. * Forcing fuse-overlayfs on users makes sure to have a default graph driver in rootless mode. containers-storage(5) 3) add python-any-r1.elcass to fix python-exec[-native-symlinks] Closes: https://bugs.gentoo.org/877719 Closes: https://bugs.gentoo.org/906073 Bug: https://bugs.gentoo.org/show_bug.cgi?id=927501 Bug: https://bugs.gentoo.org/show_bug.cgi?id=927500 Signed-off-by: Rahil Bhimjiani <me <AT> rahil.rocks> Signed-off-by: Sam James <sam <AT> gentoo.org> app-containers/podman/Manifest | 1 + .../podman/files/podman-auto-update-5.0.0.cron | 5 ++ .../podman/files/podman-auto-update-5.0.0_rc4.cron | 7 --- app-containers/podman/metadata.xml | 6 +- .../{podman-9999.ebuild => podman-5.0.0.ebuild} | 73 ++++++++-------------- app-containers/podman/podman-9999.ebuild | 73 ++++++++-------------- 6 files changed, 57 insertions(+), 108 deletions(-) diff --git a/app-containers/podman/Manifest b/app-containers/podman/Manifest index d21910b422e6..1f1960306d0d 100644 --- a/app-containers/podman/Manifest +++ b/app-containers/podman/Manifest @@ -1 +1,2 @@ DIST podman-4.9.3.tar.gz 21727849 BLAKE2B 9a67ba4266a8a0e20d165ba2bae00dcf146724ee976838d5e3310b094155ffa89bff526e8ae72864dc100d1e6878d5519d53581dc7e034982a4f2b364e4c8feb SHA512 395014bbe70923f1444d2f33440013a16e9c339b70be5e6a9c7026617a40795a1c0e410c08a52fba46b9f5e853d853ce4133db36167a3c5ace7d325f8b3a3327 +DIST podman-5.0.0.tar.gz 21861935 BLAKE2B 1ec7006f272f5da7f93929bc543cd8988d6f9596cb868e9561578ebef85d51cbd6baa4b66571872fc9748c639ca636ce27f6d90303707f04caa321c7b71db81a SHA512 8800d96d668cbc7a7ff85a09c71b3307a280c124513fd02fe478f415cf8db43ee47dc7e9c3b75046c6bda9f916937a2cc59887c2c4b26766c2f770abb87fd7ce diff --git a/app-containers/podman/files/podman-auto-update-5.0.0.cron b/app-containers/podman/files/podman-auto-update-5.0.0.cron new file mode 100644 index 000000000000..509146e0aa56 --- /dev/null +++ b/app-containers/podman/files/podman-auto-update-5.0.0.cron @@ -0,0 +1,5 @@ +#!/bin/sh + +# podman-auto-update(1) +# uncomment following to auto update containers according to their auto-update policy +# /usr/bin/podman auto-update && /usr/bin/podman image prune -f diff --git a/app-containers/podman/files/podman-auto-update-5.0.0_rc4.cron b/app-containers/podman/files/podman-auto-update-5.0.0_rc4.cron deleted file mode 100644 index d0a0fb54b106..000000000000 --- a/app-containers/podman/files/podman-auto-update-5.0.0_rc4.cron +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -set -e - -# mimicking behaviour of podman-auto-update.service -if [ -x /usr/bin/podman ]; then - /usr/bin/podman auto-update && /usr/bin/podman image prune -f -fi diff --git a/app-containers/podman/metadata.xml b/app-containers/podman/metadata.xml index 0ae6596fc7c4..59ab2d3ffda0 100644 --- a/app-containers/podman/metadata.xml +++ b/app-containers/podman/metadata.xml @@ -24,15 +24,11 @@ </longdescription> <use> <flag name="btrfs"> - Enables dependencies for the "btrfs" graph driver, including - necessary kernel flags. + Enables btrfs support (graph driver) in Podman </flag> <flag name="cgroup-hybrid"> Use legacy (hybrid) cgroups instead of modern (unified) cgroups </flag> - <flag name="cron"> - Runs `podman auto-update` daily. See podman-auto-update(1) - </flag> <flag name="fuse"> Enables fuse dependencies (fuse-overlayfs is especially useful for rootless mode). diff --git a/app-containers/podman/podman-9999.ebuild b/app-containers/podman/podman-5.0.0.ebuild similarity index 55% copy from app-containers/podman/podman-9999.ebuild copy to app-containers/podman/podman-5.0.0.ebuild index 2027b142f82f..b535f608f817 100644 --- a/app-containers/podman/podman-9999.ebuild +++ b/app-containers/podman/podman-5.0.0.ebuild @@ -3,7 +3,9 @@ EAPI=8 -inherit go-module tmpfiles linux-info +PYTHON_COMPAT=( python3_{11,12} ) + +inherit go-module python-any-r1 tmpfiles linux-info DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI" HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"; @@ -14,9 +16,8 @@ if [[ ${PV} == 9999* ]]; then else SRC_URI="https://github.com/containers/podman/archive/v${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz" S="${WORKDIR}/${P/_rc/-rc}" - if [[ ${PV} != *rc* ]] ; then + [[ ${PV} != *rc* ]] && \ KEYWORDS="~amd64 ~arm64 ~riscv" - fi fi # main pkg @@ -24,32 +25,28 @@ LICENSE="Apache-2.0" # deps LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0" SLOT="0" -IUSE="apparmor btrfs cgroup-hybrid cron wrapper +fuse +init +rootless +seccomp selinux systemd" +IUSE="apparmor btrfs +seccomp selinux systemd wrapper" RESTRICT="test" RDEPEND=" + app-containers/catatonit + >=app-containers/conmon-2.1.10 + >=app-containers/containers-common-0.58.0-r1 app-crypt/gpgme:= - >=app-containers/conmon-2.0.0 - >=app-containers/containers-common-0.56.0 dev-libs/libassuan:= dev-libs/libgpg-error:= sys-apps/shadow:= apparmor? ( sys-libs/libapparmor ) btrfs? ( sys-fs/btrfs-progs ) - cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6 ) - !cgroup-hybrid? ( app-containers/crun ) - cron? ( virtual/cron ) wrapper? ( !app-containers/docker-cli ) - fuse? ( sys-fs/fuse-overlayfs ) - init? ( app-containers/catatonit ) - rootless? ( app-containers/slirp4netns ) seccomp? ( sys-libs/libseccomp:= ) selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= ) systemd? ( sys-apps/systemd:= ) " DEPEND="${RDEPEND}" BDEPEND=" + ${PYTHON_DEPS} dev-go/go-md2man " @@ -64,6 +61,7 @@ CONFIG_CHECK=" pkg_setup() { use btrfs && CONFIG_CHECK+=" ~BTRFS_FS" linux-info_pkg_setup + python-any-r1_pkg_setup } src_prepare() { @@ -93,59 +91,38 @@ src_prepare() { src_compile() { export PREFIX="${EPREFIX}/usr" - # bug 906073 - use elibc_musl && export CGO_CFLAGS="-D_LARGEFILE64_SOURCE" - # For non-live versions, prevent git operations which causes sandbox violations # https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493 - [[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT="" + [[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT="" EPOCH_TEST_COMMIT="" # BUILD_SECCOMP is used in the patch to toggle seccomp - emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs) + emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" \ + all $(usev wrapper docker-docs) } src_install() { emake DESTDIR="${D}" install install.completions $(usev wrapper install.docker-full) - insinto /etc/cni/net.d - doins cni/87-podman-bridge.conflist + if use !systemd; then + newconfd "${FILESDIR}"/podman-5.0.0_rc4.confd podman + newinitd "${FILESDIR}"/podman-5.0.0_rc4.initd podman - newconfd "${FILESDIR}"/podman-5.0.0_rc4.confd podman - newinitd "${FILESDIR}"/podman-5.0.0_rc4.initd podman + newinitd "${FILESDIR}"/podman-restart-5.0.0_rc4.initd podman-restart + newconfd "${FILESDIR}"/podman-restart-5.0.0_rc4.confd podman-restart - newinitd "${FILESDIR}"/podman-restart-5.0.0_rc4.initd podman-restart - newconfd "${FILESDIR}"/podman-restart-5.0.0_rc4.confd podman-restart + newinitd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.initd podman-clean-transient + newconfd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.confd podman-clean-transient - newinitd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.initd podman-clean-transient - newconfd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.confd podman-clean-transient + exeinto /etc/cron.daily + newexe "${FILESDIR}"/podman-auto-update-5.0.0.cron podman-auto-update - use cron && \ - { exeinto /etc/cron.daily && newexe "${FILESDIR}"/podman-auto-update-5.0.0_rc4.cron podman-auto-update; } - - insinto /etc/logrotate.d - newins "${FILESDIR}/podman.logrotated" podman + insinto /etc/logrotate.d + newins "${FILESDIR}/podman.logrotated" podman + fi keepdir /var/lib/containers } -pkg_preinst() { - PODMAN_ROOTLESS_UPGRADE=false - if use rootless; then - has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true - fi -} - pkg_postinst() { tmpfiles_process podman.conf $(usev wrapper podman-docker.conf) - - local want_newline=false - if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then - ${want_newline} && elog "" - elog "For rootless operation, you need to configure subuid/subgid" - elog "for user running podman. In case subuid/subgid has only been" - elog "configured for root, run:" - elog "usermod --add-subuids 1065536-1131071 <user>" - elog "usermod --add-subgids 1065536-1131071 <user>" - want_newline=true - fi } diff --git a/app-containers/podman/podman-9999.ebuild b/app-containers/podman/podman-9999.ebuild index 2027b142f82f..b535f608f817 100644 --- a/app-containers/podman/podman-9999.ebuild +++ b/app-containers/podman/podman-9999.ebuild @@ -3,7 +3,9 @@ EAPI=8 -inherit go-module tmpfiles linux-info +PYTHON_COMPAT=( python3_{11,12} ) + +inherit go-module python-any-r1 tmpfiles linux-info DESCRIPTION="A tool for managing OCI containers and pods with Docker-compatible CLI" HOMEPAGE="https://github.com/containers/podman/ https://podman.io/"; @@ -14,9 +16,8 @@ if [[ ${PV} == 9999* ]]; then else SRC_URI="https://github.com/containers/podman/archive/v${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz" S="${WORKDIR}/${P/_rc/-rc}" - if [[ ${PV} != *rc* ]] ; then + [[ ${PV} != *rc* ]] && \ KEYWORDS="~amd64 ~arm64 ~riscv" - fi fi # main pkg @@ -24,32 +25,28 @@ LICENSE="Apache-2.0" # deps LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0" SLOT="0" -IUSE="apparmor btrfs cgroup-hybrid cron wrapper +fuse +init +rootless +seccomp selinux systemd" +IUSE="apparmor btrfs +seccomp selinux systemd wrapper" RESTRICT="test" RDEPEND=" + app-containers/catatonit + >=app-containers/conmon-2.1.10 + >=app-containers/containers-common-0.58.0-r1 app-crypt/gpgme:= - >=app-containers/conmon-2.0.0 - >=app-containers/containers-common-0.56.0 dev-libs/libassuan:= dev-libs/libgpg-error:= sys-apps/shadow:= apparmor? ( sys-libs/libapparmor ) btrfs? ( sys-fs/btrfs-progs ) - cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6 ) - !cgroup-hybrid? ( app-containers/crun ) - cron? ( virtual/cron ) wrapper? ( !app-containers/docker-cli ) - fuse? ( sys-fs/fuse-overlayfs ) - init? ( app-containers/catatonit ) - rootless? ( app-containers/slirp4netns ) seccomp? ( sys-libs/libseccomp:= ) selinux? ( sec-policy/selinux-podman sys-libs/libselinux:= ) systemd? ( sys-apps/systemd:= ) " DEPEND="${RDEPEND}" BDEPEND=" + ${PYTHON_DEPS} dev-go/go-md2man " @@ -64,6 +61,7 @@ CONFIG_CHECK=" pkg_setup() { use btrfs && CONFIG_CHECK+=" ~BTRFS_FS" linux-info_pkg_setup + python-any-r1_pkg_setup } src_prepare() { @@ -93,59 +91,38 @@ src_prepare() { src_compile() { export PREFIX="${EPREFIX}/usr" - # bug 906073 - use elibc_musl && export CGO_CFLAGS="-D_LARGEFILE64_SOURCE" - # For non-live versions, prevent git operations which causes sandbox violations # https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493 - [[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT="" + [[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT="" EPOCH_TEST_COMMIT="" # BUILD_SECCOMP is used in the patch to toggle seccomp - emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" all $(usev wrapper docker-docs) + emake BUILDFLAGS="-v -work -x" GOMD2MAN="go-md2man" BUILD_SECCOMP="$(usex seccomp)" \ + all $(usev wrapper docker-docs) } src_install() { emake DESTDIR="${D}" install install.completions $(usev wrapper install.docker-full) - insinto /etc/cni/net.d - doins cni/87-podman-bridge.conflist + if use !systemd; then + newconfd "${FILESDIR}"/podman-5.0.0_rc4.confd podman + newinitd "${FILESDIR}"/podman-5.0.0_rc4.initd podman - newconfd "${FILESDIR}"/podman-5.0.0_rc4.confd podman - newinitd "${FILESDIR}"/podman-5.0.0_rc4.initd podman + newinitd "${FILESDIR}"/podman-restart-5.0.0_rc4.initd podman-restart + newconfd "${FILESDIR}"/podman-restart-5.0.0_rc4.confd podman-restart - newinitd "${FILESDIR}"/podman-restart-5.0.0_rc4.initd podman-restart - newconfd "${FILESDIR}"/podman-restart-5.0.0_rc4.confd podman-restart + newinitd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.initd podman-clean-transient + newconfd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.confd podman-clean-transient - newinitd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.initd podman-clean-transient - newconfd "${FILESDIR}"/podman-clean-transient-5.0.0_rc6.confd podman-clean-transient + exeinto /etc/cron.daily + newexe "${FILESDIR}"/podman-auto-update-5.0.0.cron podman-auto-update - use cron && \ - { exeinto /etc/cron.daily && newexe "${FILESDIR}"/podman-auto-update-5.0.0_rc4.cron podman-auto-update; } - - insinto /etc/logrotate.d - newins "${FILESDIR}/podman.logrotated" podman + insinto /etc/logrotate.d + newins "${FILESDIR}/podman.logrotated" podman + fi keepdir /var/lib/containers } -pkg_preinst() { - PODMAN_ROOTLESS_UPGRADE=false - if use rootless; then - has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true - fi -} - pkg_postinst() { tmpfiles_process podman.conf $(usev wrapper podman-docker.conf) - - local want_newline=false - if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then - ${want_newline} && elog "" - elog "For rootless operation, you need to configure subuid/subgid" - elog "for user running podman. In case subuid/subgid has only been" - elog "configured for root, run:" - elog "usermod --add-subuids 1065536-1131071 <user>" - elog "usermod --add-subgids 1065536-1131071 <user>" - want_newline=true - fi }
