From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id GMqaLWESzWWiVwAA62LTzQ:P1 (envelope-from ) for ; Wed, 14 Feb 2024 20:20:01 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id GMqaLWESzWWiVwAA62LTzQ (envelope-from ) for ; Wed, 14 Feb 2024 20:20:01 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b="gq7G/HwG"; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=W7O4Eub8; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=wolfsden.cz (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1707938401; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=4cwcaANmbTQNKOuHIThYTZvwD8XQ5+RspjV6mRtlcoo=; b=NO7GxRLG+D3knPHfow8v7CrnNN6d3qu6u1sF2J8ow9Mibqfe1+olFv0Xb5aQrf4GfDoQra LLp6SlXW48NmvclMMR9m/77moI1/m/J1y6TnM3Ph3LEScrxLRbPETXsG7D8PMDwzo6v3He YLimWmCBkyxpDTxHqBJTmn0hjvlH/b3TlqGLjR9o8RW/tLlCFrzpKo06v6qT6eoRoYhLHo /j8xOdxbwW5HXcchkD4rE8IOTn2ASy3wzE0JHT/NtJJq2OlA0AMh1VocjND5qtaM9ab7pb cQX6exQuIkjDKC4/UaOcCvKk6LNJmlbHurjBSNuoFA13gBBPKAXI/UD/WQrpPQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b="gq7G/HwG"; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=W7O4Eub8; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=wolfsden.cz (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1707938401; a=rsa-sha256; cv=none; b=tjG4GD7KhBcbX5ItufPbemetCqQq3Be03hW5TpU2Ge0wzpR/FDomTU0zrqkVikw0lKddjC jLy1KM5ZlD2iB/j1YePozXE6rIv4cqQnN7oy6m2V00aC66ubeP9ngSR6bWrHf1ZS6jszqb ONEh7LIP9gu01ezAnq6QmPvMsg7TzJGGzBJZhPKnUka+X4hkYo/KQ9AM/hkMZ2q5ho0FLF L0cMny4nHMdNSCXZZZexjYn9Kq8YNmN1+n61EgqhrddYuS3ikVQ/G/0IntzaYoupCmR44j S3AaQLLrkj7TVH9+0OjCdkwMdbXBbxj4BrgPriKc/sUWbQEzxdIi06v+SPmlLw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4A6313EBEE for ; Wed, 14 Feb 2024 20:20:00 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1raKnJ-0003UG-KJ; Wed, 14 Feb 2024 14:19:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1raKnI-0003Tw-9d for guix-patches@gnu.org; Wed, 14 Feb 2024 14:19:44 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1raKnH-0001h6-U2 for guix-patches@gnu.org; Wed, 14 Feb 2024 14:19:43 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1raKna-0000sQ-2k for guix-patches@gnu.org; Wed, 14 Feb 2024 14:20:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#69131] [PATCH 2/2] gnu: podman: Update to 4.9.3. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 14 Feb 2024 19:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 69131 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 69131@debbugs.gnu.org Cc: Tomas Volf <~@wolfsden.cz> Received: via spool by 69131-submit@debbugs.gnu.org id=B69131.17079383783332 (code B ref 69131); Wed, 14 Feb 2024 19:20:02 +0000 Received: (at 69131) by debbugs.gnu.org; 14 Feb 2024 19:19:38 +0000 Received: from localhost ([127.0.0.1]:53117 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1raKnB-0000rg-C9 for submit@debbugs.gnu.org; Wed, 14 Feb 2024 14:19:38 -0500 Received: from wolfsden.cz ([37.205.8.62]:57720) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1raKn9-0000rV-TV for 69131@debbugs.gnu.org; Wed, 14 Feb 2024 14:19:36 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id 3835A28B631; Wed, 14 Feb 2024 19:19:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1707938356; bh=2JJOGxPInSJcEgHlZOQWO7yNBtJdN6TTKGqNVHr3P68=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=gq7G/HwG/H3EhnJznAP1+qTcgSaUL3ANRewhR8dfInQeOQDc8B3II23uQZA+BtXAG Ex/VuOWmFvuvOxnNDtgrQIB/nlMhoyz+NmugnVasLYmUPMJ1Tc0YuMbJx42plZDiyo XLjJmWniAhvg28WVYbMPszrDPz9kdzCw2qTa9vOd7l/XNiqE+TcE1hvMsGoJHlmDNb 9WK+munR0nnD8fAGBD1iL8xEBjiNon6XuEoCbIlQ941Nmn6I3K71whtCFNDYNayFOh hgLxzVwnYbsKOXDa4IIWwYZ9F6ba48LA+ajEVQDcEWi5aHNJCAxb+PpQT3mIpvx8i+ QaEAeN+tJng1Xks3+f6KeDH13zfzDWxYTx9BLUI2caUD0T01MIx9bfA540kBWi+QIm d2tvbSpkAttBO/rdmNXlo6SDNPRnQe8c1bjzjTLe3dZEcmxhb1LA1pCJoj8eAxuJ18 z90tT6UaqWpdlJTOl4AhyMND6gQVXFRufPPc3WgeWTgjF0FWgMRst4UC6xZcuaiQHj ByeeOTbyw/8Lr6NfkZWZbbyVEx8zu/rd7wCF7WQWNc6L2kX3eaPHwODQv/3C5wvhyv ZvVBsNmSsiDYcPAlsTEnja0FFs5bWqnBh6X+gQMU16mSwkQ96FYB8HXbQNHXASF7VU JD20b7gBOKSEdMuXxz1eRYQI= Received: from localhost (unknown [146.70.134.169]) by wolfsden.cz (Postfix) with ESMTPSA id 5593228BBB1; Wed, 14 Feb 2024 19:19:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1707938355; bh=2JJOGxPInSJcEgHlZOQWO7yNBtJdN6TTKGqNVHr3P68=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=W7O4Eub8BSnjlRbqAI6K+CW3sFEmMyi0SdeYgIoK9+zo0aOfH3/tQGnsYFCND/dQ8 XtMcCt/h63zCQ5y9HNNKyvyp49YpLny5uW+nbJDwFj7zk910Q7pluZ14Dit2XfbpVS yk6/6SuPKQnCB4rGIzAZ8/9n0xurvjIei2+G3snz7lebfxEy9CLW+Xiidkf8NZNEvS rCjSI7MN+zEUR+Nr6NVY+9UYM2rthueHAhRecVBNBcjutOd6PHfOWFVp1EzcBiOy9X Y1NCxoOotzuP16rosnrpOX+Iej6cLYyuIN8+vQNJhI+Grqqn/gQNy7rg8s7Pkq1/sK riJYw3af4kUXDIU62RTqK5pXxjD1x6LX/rDS3j4JapAqvXazEGRTKE2XejZ2wteonD V1qaWu5hDnL/jNFdef9qDkJaljToRCvQBUSXqWC+bEK11qanMFUw8vYpju3NlyOnVp zvmTDAE87rbbe4NmKhJ+1/qYUWkBk8aVYB+CZ1c9liSmKCbvTiNlXH3uulCuXEFtXN vS3IZzEuUIlZdKPLLzS5FDfl36norheO2CKKDXV8Drc45RmBzoDlypAfkuqyIlp0VC cTrDrlyEEESPzLhBTVvdY69/OY4odRuluLkXNA4koQlpv3qzvf2SJkot3Bsfenpd9Q YF3/D/47Cq4VAQX8QnHNcO/c= From: Tomas Volf <~@wolfsden.cz> Date: Wed, 14 Feb 2024 20:19:13 +0100 Message-ID: <564fa27db3acf9ab25ebb8887023c34a0f41930c.1707938222.git.~@wolfsden.cz> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -3.87 X-Spam-Score: -3.87 X-Migadu-Queue-Id: 4A6313EBEE X-Migadu-Scanner: mx11.migadu.com X-TUID: EydK9Cp5Ayxv * gnu/packages/containers.scm (podman): Update to 4.9.3. Change-Id: If764e8456a697d16b76cd4ba1243cc5f633a6049 --- gnu/local.mk | 1 + gnu/packages/containers.scm | 24 ++-- ...earch-for-binaries-to-fit-Guix-model.patch | 120 ++++++++++++++++++ 3 files changed, 137 insertions(+), 8 deletions(-) create mode 100644 gnu/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch diff --git a/gnu/local.mk b/gnu/local.mk index ab690795a7..bdd9338ebc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1785,6 +1785,7 @@ dist_patch_DATA = \ %D%/packages/patches/plasp-fix-normalization.patch \ %D%/packages/patches/plasp-include-iostream.patch \ %D%/packages/patches/pocketfft-cpp-prefer-preprocessor-if.patch \ + %D%/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch \ %D%/packages/patches/pokerth-boost.patch \ %D%/packages/patches/ppsspp-disable-upgrade-and-gold.patch \ %D%/packages/patches/procps-strtod-test.patch \ diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm index 5cd81e85a6..f958f46fca 100644 --- a/gnu/packages/containers.scm +++ b/gnu/packages/containers.scm @@ -354,7 +354,7 @@ (define-public cni-plugins (define-public podman (package (name "podman") - (version "4.4.1") + (version "4.9.3") (source (origin (method git-fetch) @@ -365,8 +365,11 @@ (define-public podman ;; FIXME: Btrfs libraries not detected by these scripts. (snippet '(substitute* "Makefile" ((".*hack/btrfs.*") ""))) + (patches + (search-patches + "podman-Modify-search-for-binaries-to-fit-Guix-model.patch")) (sha256 - (base32 "0qbr6rbyig3c2hvdvmd94jjkg820hpdz6j7dgyv62dl6wfwvj5jj")) + (base32 "17g7n09ndxhpjr39s9qwxdcv08wavjj0g5nmnrvrkz2wgdqigl1x")) (file-name (git-file-name name version)))) (build-system gnu-build-system) @@ -393,10 +396,11 @@ (define-public podman (invoke "make" "remotesystem")))) (add-after 'unpack 'fix-hardcoded-paths (lambda _ - (substitute* (find-files "libpod" "\\.go") - (("exec.LookPath[(][\"]slirp4netns[\"][)]") - (string-append "exec.LookPath(\"" - (which "slirp4netns") "\")"))) + (substitute* "vendor/github.com/containers/common/pkg/config/config.go" + (("@SLIRP4NETNS_DIR@") + (string-append #$slirp4netns "/bin")) + (("@PASST_DIR@") + (string-append #$passt "/bin"))) (substitute* "hack/install_catatonit.sh" (("CATATONIT_PATH=\"[^\"]+\"") (string-append "CATATONIT_PATH=" (which "true")))) @@ -426,11 +430,12 @@ (define-public podman libassuan libseccomp libselinux + passt slirp4netns)) (native-inputs (list bats git - go-1.19 + go-1.21 ; strace ; XXX debug pkg-config python)) @@ -439,7 +444,10 @@ (define-public podman (description "Podman (the POD MANager) is a tool for managing containers and images, volumes mounted into those containers, and pods made from groups of -containers.") +containers. + +The @code{machine} subcommand is not supported due to gvproxy not being +packaged.") (license license:asl2.0))) (define-public buildah diff --git a/gnu/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch b/gnu/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch new file mode 100644 index 0000000000..27a9421285 --- /dev/null +++ b/gnu/packages/patches/podman-Modify-search-for-binaries-to-fit-Guix-model.patch @@ -0,0 +1,120 @@ +From 914aed3e04f71453fbdc30f4287e13ca3ce63a36 Mon Sep 17 00:00:00 2001 +From: Tomas Volf <~@wolfsden.cz> +Date: Wed, 14 Feb 2024 20:02:03 +0100 +Subject: [PATCH] Modify search for binaries to fit Guix model + +Podman basically looked into the $PATH and into its libexec. That does not fit +Guix's model very well, to an additional option to specify additional +directories during compilation was added. + +* pkg/rootless/rootless_linux.go +(tryMappingTool): Also check /run/setuid-programs. +* vendor/github.com/containers/common/pkg/config/config.go +(extraGuixDir): New function. +(FindHelperBinary): Use it. +* vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go +(guixLookupSetuidPath): New function. +(Start): Use it. +--- + pkg/rootless/rootless_linux.go | 3 +++ + .../containers/common/pkg/config/config.go | 23 +++++++++++++++++++ + .../storage/pkg/unshare/unshare_linux.go | 14 +++++++++-- + 3 files changed, 38 insertions(+), 2 deletions(-) + +diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go +index d303c8b..0191d90 100644 +--- a/pkg/rootless/rootless_linux.go ++++ b/pkg/rootless/rootless_linux.go +@@ -102,6 +102,9 @@ func tryMappingTool(uid bool, pid int, hostID int, mappings []idtools.IDMap) err + idtype = "setgid" + } + path, err := exec.LookPath(tool) ++ if err != nil { ++ path, err = exec.LookPath("/run/setuid-programs/" + tool) ++ } + if err != nil { + return fmt.Errorf("command required for rootless mode with multiple IDs: %w", err) + } +diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go +index 75b917f..ed2f131 100644 +--- a/vendor/github.com/containers/common/pkg/config/config.go ++++ b/vendor/github.com/containers/common/pkg/config/config.go +@@ -1102,6 +1102,24 @@ func findBindir() string { + return bindirCached + } + ++func extraGuixDir(bin_name string) string { ++ if (bin_name == "slirp4netns") { ++ return "@SLIRP4NETNS_DIR@"; ++ } else if (bin_name == "pasta") { ++ return "@PASST_DIR@"; ++ } else if (strings.HasPrefix(bin_name, "qemu-")) { ++ return "@QEMU_DIR@"; ++ } else if (bin_name == "gvproxy") { ++ return "@GVPROXY_DIR@"; ++ } else if (bin_name == "netavark") { ++ return "@NETAVARK_DIR@"; ++ } else if (bin_name == "aardvark-dns") { ++ return "@AARDVARK_DNS_DIR@"; ++ } else { ++ return ""; ++ } ++} ++ + // FindHelperBinary will search the given binary name in the configured directories. + // If searchPATH is set to true it will also search in $PATH. + func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) { +@@ -1109,6 +1127,11 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) + bindirPath := "" + bindirSearched := false + ++ if dir := extraGuixDir(name); dir != "" { ++ /* If there is a Guix dir, skip the PATH search. */ ++ dirList = append([]string{dir}, dirList...) ++ } ++ + // If set, search this directory first. This is used in testing. + if dir, found := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); found { + dirList = append([]string{dir}, dirList...) +diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go +index a8dc1ba..0b0d755 100644 +--- a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go ++++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go +@@ -26,6 +26,16 @@ import ( + "github.com/syndtr/gocapability/capability" + ) + ++func guixLookupSetuidPath(prog string) (string, error) { ++ path, err := exec.LookPath(prog) ++ if err != nil { ++ path, err = exec.LookPath("/run/setuid-programs/" + prog) ++ } ++ return path, err ++} ++ ++ ++ + // Cmd wraps an exec.Cmd created by the reexec package in unshare(), and + // handles setting ID maps and other related settings by triggering + // initialization code in the child. +@@ -237,7 +247,7 @@ func (c *Cmd) Start() error { + gidmapSet := false + // Set the GID map. + if c.UseNewgidmap { +- path, err := exec.LookPath("newgidmap") ++ path, err := guixLookupSetuidPath("newgidmap") + if err != nil { + return fmt.Errorf("finding newgidmap: %w", err) + } +@@ -297,7 +307,7 @@ func (c *Cmd) Start() error { + uidmapSet := false + // Set the UID map. + if c.UseNewuidmap { +- path, err := exec.LookPath("newuidmap") ++ path, err := guixLookupSetuidPath("newuidmap") + if err != nil { + return fmt.Errorf("finding newuidmap: %w", err) + } +-- +2.41.0 + -- 2.41.0