Skarambelkar/podman buildah fullbuild/3.0 dev

SPECS-EXTENDED/buildah/buildah.signatures.json

@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "buildah-1.18.0.tar.gz": "500c82fb369fd08a9bb9a41f294c5975f17575770dbfaba5cce9a6e09b6a3fb9"
- }
+    "Signatures": {
+     "buildah-1.38.0.tar.gz": "e8ddd23e344c45afae27bf6158304300c77cd738063d99221f7534c37f195f0c"
+    }
 }

SPECS-EXTENDED/buildah/buildah.spec

@@ -1,52 +1,43 @@
-%global with_bundled 1
 %global with_debug 1
+
 %if 0%{?with_debug}
 %global _find_debuginfo_dwz_opts %{nil}
 %global _dwz_low_mem_die_limit 0
 %else
 %global debug_package   %{nil}
 %endif
-%global provider github
-%global provider_tld com
-%global project containers
-%global repo buildah
-# https://github.com/containers/buildah
-%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
-%global git0 https://%{import_path}
-# Used for comparing with latest upstream tag
-# to decide whether to autobuild (non-rawhide only)
-%define built_tag v1.18.0
-%define built_tag_strip %(b=%{built_tag}; echo ${b:1})
-%define download_url https://%{import_path}/archive/%{built_tag}.tar.gz
-Summary:        A command line tool used for creating OCI Images
-Name:           buildah
-Version:        1.18.0
-Release:        31%{?dist}
-License:        ASL 2.0
+
+%global gomodulesmode GO111MODULE=on
+
+%global git0 https://github.com/containers/%{name}
+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL:            https://%{name}.io
-Source:         %{download_url}#/%{name}-%{version}.tar.gz
-Patch0:         CVE-2022-2990.patch
-BuildRequires:  btrfs-progs-devel
-BuildRequires:  device-mapper-devel
-BuildRequires:  git
-BuildRequires:  glib2-devel
-BuildRequires:  glibc-static >= 2.38-11%{?dist}
-BuildRequires:  go-md2man
-BuildRequires:  go-rpm-macros
-BuildRequires:  golang
-BuildRequires:  gpgme-devel
-BuildRequires:  libassuan-devel
-BuildRequires:  libseccomp-static
-BuildRequires:  make
-BuildRequires:  ostree-devel
-Requires:       libcontainers-common
-Requires:       libseccomp >= 2.4.1-0
-Requires:       moby-runc
-Recommends:     container-selinux
-Recommends:     fuse-overlayfs
-Recommends:     slirp4netns >= 0.3-0
+Name:           buildah
+Version:        1.38.0
+# The `AND` needs to be uppercase in the License for SPDX compatibility
+License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0
+Release: 1%{?dist} 
+ExclusiveArch: aarch64 ppc64le s390x x86_64
+Summary: A command line tool used for creating OCI Images
+URL: https://%{name}.io
+# Tarball fetched from upstream
+Source: %{git0}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+BuildRequires: device-mapper-devel
+BuildRequires: git-core
+BuildRequires: golang >= 1.16.6
+BuildRequires: glib2-devel
+BuildRequires: glibc-static >= 2.38-11%{?dist}
+BuildRequires: go-rpm-macros
+BuildRequires: gpgme-devel
+BuildRequires: libassuan-devel
+BuildRequires: make
+BuildRequires: ostree-devel
+BuildRequires: btrfs-progs-devel
+BuildRequires: shadow-utils-subid-devel
+BuildRequires: libseccomp-static
+Requires: libseccomp >= 2.4.1-0
+Suggests: cpp
 
 %description
 The %{name} package provides a command line tool which can be used to
@@ -57,59 +48,69 @@ or
 * save container's root file system layer to create a new image
 * delete a working container or an image
 
-%package  tests
-Summary:        Tests for %{name}
-Requires:       %{name} = %{version}-%{release}
-Requires:       bats
-Requires:       bzip2
-Requires:       golang
-Requires:       httpd-tools
-Requires:       jq
-Requires:       openssl
-Requires:       podman
+%package tests
+Summary: Tests for %{name}
+
+Requires: %{name} = %{version}-%{release}
+Requires: bats
+Requires: bzip2
+Requires: podman
+Requires: golang
+Requires: jq
+Requires: httpd-tools
+Requires: openssl
+Requires: nmap-ncat
+Requires: git-daemon
 
 %description tests
 %{summary}
 
 This package contains system tests for %{name}
 
 %prep
-%autosetup -Sgit -n %{name}-%{built_tag_strip} -p1
-sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile
-sed -i '/docs install/d' Makefile
+%autosetup -Sgit -n %{name}-%{version}
 
 %build
-mkdir _build
-pushd _build
-mkdir -p src/%{provider}.%{provider_tld}/%{project}
-ln -s $(dirs +1 -l) src/%{import_path}
-popd
-
-mv vendor src
-
-export GOPATH=$(pwd)/_build:$(pwd)
-export BUILDTAGS='seccomp selinux'
-%if 0%{?centos} >= 8
-export BUILDTAGS+=' exclude_graphdriver_btrfs'
-%endif
-%gobuild -o bin/%{name} %{import_path}/cmd/%{name}
-%gobuild -o imgtype %{import_path}/tests/imgtype
-GOMD2MAN=go-md2man %{__make} -C docs
+%set_build_flags
+export CGO_CFLAGS=$CFLAGS
+
+# These extra flags present in $CFLAGS have been skipped for now as they break the build
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')
+
+export CGO_CFLAGS+=" -m64 -mtune=generic -fcf-protection=full"
+
+export CNI_VERSION=`grep '^# github.com/containernetworking/cni ' src/modules.txt | sed 's,.* ,,'`
+export LDFLAGS="-X main.buildInfo=`date +%s` -X main.cniVersion=${CNI_VERSION}"
+
+export BUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)"
+export BUILDTAGS+=" btrfs_noversion exclude_graphdriver_btrfs"
+
+%gobuild -o bin/%{name} ./cmd/%{name}
+%gobuild -o bin/imgtype ./tests/imgtype
+%gobuild -o bin/copy ./tests/copy
+%gobuild -o bin/tutorial ./tests/tutorial
+%gobuild -o bin/inet ./tests/inet
+%{__make} docs
 
 %install
-export GOPATH=$(pwd)/_build:$(pwd):%{gopath}
 make DESTDIR=%{buildroot} PREFIX=%{_prefix} install install.completions
-make DESTDIR=%{buildroot} PREFIX=%{_prefix} -C docs install
 
 install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
 cp -pav tests/. %{buildroot}/%{_datadir}/%{name}/test/system
-cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
+cp bin/imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
+cp bin/copy    %{buildroot}/%{_bindir}/%{name}-copy
+cp bin/tutorial %{buildroot}/%{_bindir}/%{name}-tutorial
+cp bin/inet     %{buildroot}/%{_bindir}/%{name}-inet
+
+rm %{buildroot}%{_datadir}/%{name}/test/system/tools/build/*
 
 #define license tag if not already defined
 %{!?_licensedir:%global license %doc}
 
 %files
-%license LICENSE
+%license LICENSE vendor/modules.txt
 %doc README.md
 %{_bindir}/%{name}
 %{_mandir}/man1/%{name}*
@@ -120,9 +121,16 @@ cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype
 %files tests
 %license LICENSE
 %{_bindir}/%{name}-imgtype
+%{_bindir}/%{name}-copy
+%{_bindir}/%{name}-tutorial
+%{_bindir}/%{name}-inet
 %{_datadir}/%{name}/test
 
 %changelog
+* Fri May 23 2025 Akarsh Chaudhary <[email protected]> - 1.38.0-1
+- Initial Azure Linux import from Fedora 41 (license: MIT).
+- License verified
+
 * Thu May 22 2025 Kanishk Bansal <[email protected]> - 1.18.0-31
 - Bump to rebuild with updated glibc
 

SPECS-EXTENDED/kernel-ipe/config

@@ -7513,10 +7513,10 @@ CONFIG_CRYPTO_ENGINE=m
 #
 CONFIG_CRYPTO_RSA=y
 CONFIG_CRYPTO_DH=m
-# CONFIG_CRYPTO_DH_RFC7919_GROUPS is not set
-CONFIG_CRYPTO_ECC=m
+CONFIG_CRYPTO_DH_RFC7919_GROUPS=y
+CONFIG_CRYPTO_ECC=y
 CONFIG_CRYPTO_ECDH=m
-# CONFIG_CRYPTO_ECDSA is not set
+CONFIG_CRYPTO_ECDSA=y
 # CONFIG_CRYPTO_ECRDSA is not set
 # CONFIG_CRYPTO_SM2 is not set
 # CONFIG_CRYPTO_CURVE25519 is not set
@@ -7684,9 +7684,9 @@ CONFIG_CRYPTO_CHACHA20_X86_64=m
 CONFIG_CRYPTO_BLAKE2S_X86=y
 # CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set
 CONFIG_CRYPTO_POLY1305_X86_64=m
-# CONFIG_CRYPTO_SHA1_SSSE3 is not set
-# CONFIG_CRYPTO_SHA256_SSSE3 is not set
-# CONFIG_CRYPTO_SHA512_SSSE3 is not set
+CONFIG_CRYPTO_SHA1_SSSE3=m
+CONFIG_CRYPTO_SHA256_SSSE3=m
+CONFIG_CRYPTO_SHA512_SSSE3=m
 # CONFIG_CRYPTO_SM3_AVX_X86_64 is not set
 # CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
 CONFIG_CRYPTO_CRC32C_INTEL=m

SPECS-EXTENDED/kernel-ipe/config_aarch64

@@ -10539,7 +10539,7 @@ CONFIG_CRYPTO_HASH=y
 CONFIG_CRYPTO_HASH2=y
 CONFIG_CRYPTO_RNG=y
 CONFIG_CRYPTO_RNG2=y
-CONFIG_CRYPTO_RNG_DEFAULT=m
+CONFIG_CRYPTO_RNG_DEFAULT=y
 CONFIG_CRYPTO_AKCIPHER2=y
 CONFIG_CRYPTO_AKCIPHER=y
 CONFIG_CRYPTO_KPP2=y
@@ -10564,10 +10564,10 @@ CONFIG_CRYPTO_ENGINE=y
 #
 CONFIG_CRYPTO_RSA=y
 CONFIG_CRYPTO_DH=m
-# CONFIG_CRYPTO_DH_RFC7919_GROUPS is not set
-CONFIG_CRYPTO_ECC=m
+CONFIG_CRYPTO_DH_RFC7919_GROUPS=y
+CONFIG_CRYPTO_ECC=y
 CONFIG_CRYPTO_ECDH=m
-# CONFIG_CRYPTO_ECDSA is not set
+CONFIG_CRYPTO_ECDSA=y
 # CONFIG_CRYPTO_ECRDSA is not set
 # CONFIG_CRYPTO_SM2 is not set
 # CONFIG_CRYPTO_CURVE25519 is not set

SPECS-EXTENDED/kernel-ipe/kernel-ipe.signatures.json

@@ -1,8 +1,8 @@
 {
   "Signatures": {
     "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b",
-    "config": "86b7c08764d8c4c4e955cdded877b2c8d387b82d375a64b4a12d8c6e611202dd",
-    "config_aarch64": "f46e12c2cfab204c8e8ea8b4250c7778e886926df4ec4849c3da58b6460213d3",
+    "config": "1ae57ff6851ef5bb2868c23f04a5794a823b4ed8412212fdbde2af1c7ff284b6",
+    "config_aarch64": "1d85b489585e2b1b332b287ceb27d9c873b96dbe06f5416007ea8ee99ed72538",
     "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985",
     "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98",
     "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",