Commit graph

1143 commits

Author SHA1 Message Date
Debarshi Ray
c6760299d2 pkg/utils, test/system: Add some more tests for parsing RHEL releases
https://github.com/containers/toolbox/pull/1262
2023-03-16 22:01:45 +01:00
Debarshi Ray
e01927bfdc pkg/utils, test/system: Add some more tests for parsing Fedora releases
https://github.com/containers/toolbox/pull/1262
2023-03-16 22:01:45 +01:00
Debarshi Ray
1c320b0eb0 pkg/utils: Simplify the definition of parseRelease() unit test cases
https://github.com/containers/toolbox/pull/1267
2023-03-16 21:04:24 +01:00
Debarshi Ray
56a64a68bd pkg/utils: Remove unused error
Fallout from b5474bff84

https://github.com/containers/toolbox/pull/1267
2023-03-16 20:53:12 +01:00
Debarshi Ray
a4cc791f39 test/system: Synchronize with the parseRelease() unit tests
https://github.com/containers/toolbox/pull/1266
2023-03-16 18:41:24 +01:00
Debarshi Ray
1bd6cf17ce test/system: Split the tests for parsing releases
This will make it easier to find out exactly which test failed.

https://github.com/containers/toolbox/pull/1266
2023-03-16 18:31:12 +01:00
Debarshi Ray
6b6cb1b2f9 .zuul: Enable testing on Fedora 38
https://github.com/containers/toolbox/pull/1265
2023-03-16 17:57:46 +01:00
Debarshi Ray
e5bab51bca test/system: Shorten the names of the tests and use consistent wording
Currently, some of the names of the tests were too long, and had
inconsistent and verbose wording.  This made it difficult to look at
them and get a gist of all the scenarios being tested.  The names are
like headings.  They shouldn't be too long, should capture the primary
objective of the test and be consistent in their wording.

https://github.com/containers/toolbox/pull/1265
2023-03-16 17:57:46 +01:00
Debarshi Ray
068d22a199 test/system: Use long options, instead of their shorter aliases
The long options are easier to grep(1) for in the sources than their
shorter aliases.

https://github.com/containers/toolbox/pull/1265
2023-03-16 17:37:16 +01:00
Nieves Montero
a1c309541f Report the size of the image that will be downloaded from a registry
This uses 'skopeo inspect' to get the size of the image on the registry,
which is usually less than the size of the image in a local
containers/storage image store after download (eg., 'podman images'),
because they are kept compressed on the registry.  Skopeo >= 1.10.0 is
needed to retrieve the sizes [1].

However, this doesn't add a hard dependency on Skopeo to accommodate
size-constrained operating systems like Fedora CoreOS.  If skopeo(1) is
missing or too old, then the size of the image won't be shown, but
everything else would continue to work as before.

Some changes by Debarshi Ray.

[1] Skopeo commit d9dfc44888ff71a6
    https://github.com/containers/skopeo/commit/d9dfc44888ff71a6
    https://github.com/containers/skopeo/issues/641

https://github.com/containers/toolbox/issues/752

Signed-off-by: Nieves Montero <nmontero@redhat.com>
2023-03-14 01:05:50 +01:00
Debarshi Ray
2129e28fe6 cmd/create, cmd/root, cmd/run: Tweak the debug logs for consistency
Debug logs are sweeter when they are shorter.

https://github.com/containers/toolbox/pull/1258
2023-03-08 00:18:46 +01:00
Debarshi Ray
fb15655ace cmd/create: Simplify code
Fallout from 8e80dd5db1

https://github.com/containers/toolbox/pull/1256
2023-03-07 17:23:32 +01:00
Debarshi Ray
aeae18920b cmd/initContainer: Bind mount locations regardless of /run/host/etc
Bind mounting the locations at runtime doesn't really have anything to
do with whether /run/host/etc is present inside the Toolbx container.

The only possible exception could have been /etc/machine-id, but it
isn't, because the bind mount is only performed if the source at
/run/host/etc/machine-id is present.

This is a historical mistake that has persisted for a long time, since,
in practice, /run/host/etc will almost always exist inside the Toolbx
container.  It's time to finally correct it.

Fallout from 9436bbece0

https://github.com/containers/toolbox/pull/1255
2023-03-07 16:34:16 +01:00
Debarshi Ray
58638c5940 Deprecate the --monitor-host option of 'init-container'
The --monitor-host option was added to the 'init-container' command in
commit 8b84b5e460 to accommodate Podman versions older than 1.2.0
that didn't have the '--dns none' and '--no-hosts' options for
'podman create'.  These options are necessary to keep the Toolbx
container's /etc/resolv.conf and /etc/hosts files synchronized with
those of the host.

Note that Podman 1.2.0 was already available a few months before
commit 8b84b5e460 introduced the --monitor-host option.  The
chances of someone using an older Podman back then was already on the
decline, and it's very unlikely that a container created with such a
Podman has survived till this date.

Commit b6b484fa79 raised the minimum required Podman version to
1.4.0, and made the '--dns none' and '--no-hosts' options a hard
requirement.  The minimum required Podman version was again raised
recently in commit 8e80dd5db1 to 1.6.4.  Therefore, these days,
there's no need to separately use the --monitor-host option of
'init-container' for newly created containers to indicate that the
Podman version wasn't older than 1.2.0.

Given all this, it's time to stop using the --monitor-host option of
'init-container', and assume that it's always set.  The option is still
accepted to retain compatibility with existing Toolbx containers.

For containers that were created with the --monitor-host option, a
deprecation notice will be shown as:
  $ podman start --attach CONTAINER
  Flag --monitor-host has been deprecated, it does nothing
  ...

https://github.com/containers/toolbox/pull/617
2023-03-07 15:39:57 +01:00
Debarshi Ray
9680e4eeb2 cmd, doc: Style fixes
https://github.com/containers/toolbox/pull/1254
2023-03-07 14:58:11 +01:00
Debarshi Ray
8e80dd5db1 cmd/create, cmd/run: Rely on podman >= 1.6.4 always being present
So far the minimum required Podman version was 1.4.0, based on what used
to be available in RHEL 7.  These days, Podman 1.6.4 is old enough to be
in RHEL 7.9.  Hence it's time to bump the baseline.

https://github.com/containers/toolbox/pull/1253
2023-03-02 18:36:30 +01:00
Debarshi Ray
de652f4102 Test that toolbox(1) can be built without podman(1) and subordinate IDs
This is meant to roughly replicate the build environments used by
downstream distributors to build toolbox(1).  These can be restricted in
odd ways compared to a fully featured environment where toolbox(1) is
actually going to be used.  eg., the inability to use podman(1) in the
case of Fedora or not having subordinate user and group ID ranges in the
case of openSUSE.

It's important to ensure that toolbox(1) can be built by downstream
distributors without any unnecessary hassle.

https://github.com/containers/podman/issues/17657
https://github.com/containers/toolbox/issues/1246
2023-03-02 10:25:54 +01:00
Jan Zerebecki
f555029304 cmd/root: Don't validate subordinate IDs when generating the completions
Ever since commit bafbbe81c9, the shell completions are generated
while building Toolbx using the 'completion' command.  This involves
running toolbox(1) itself, and hence validating the subordinate user and
group ID ranges.

Unfortunately, some build environments, like openSUSE's, don't have
subordinate ID ranges set up.  Therefore, it's better to not validate
the subordinate ID ranges when generating the shell completions, since
they are generated by Cobra itself and subordinate ID ranges are not
involved at all.

Note that subordinate ID ranges may be needed when the generated shell
completions are actually used in interactive command line environments.
The shell completions invoke the hidden '__complete' command to get the
results that are presented to the user, and, if needed, the subordinate
ID ranges will continue to be used by podman(1) as part of that.

Some changes by Debarshi Ray.

https://github.com/containers/toolbox/issues/1246
https://github.com/containers/toolbox/pull/1249
2023-03-02 10:25:54 +01:00
Debarshi Ray
816a7cab9e cmd/root: Shuffle some code around and sprinkle some debug logs
Having a separate convenience function reduces the indentation levels by
at least one, and sometimes two, and makes it easy to have more detailed
debug logs.

This will make the subsequent commit easier to read.

https://github.com/containers/toolbox/issues/1246
2023-03-02 10:25:54 +01:00
dependabot[bot]
9708cbf269 build: Bump golang.org/x/sys to 0.1.0 for CVE-2022-29526
... or GHSA-p782-xgp4-8hr8.

https://github.com/containers/toolbox/pull/1245
https://github.com/containers/toolbox/security/dependabot/12

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-02 10:12:03 +01:00
Debarshi Ray
cafbca996e cmd/root: Sprinkle a debug log
https://github.com/containers/toolbox/pull/1251
2023-03-01 19:43:09 +01:00
Timothée Ravier
9506173f88 images: Don't leak NAME and VERSION into the Toolbx container
Note that there can be only one ARG per line.  Otherwise, the build may
fail with some build systems.  eg., Fedora's [1], which uses Docker, not
Podman.

Only the images for currently maintained Fedoras (ie., 36, 37, 38 & 39)
were updated.

[1] https://koji.fedoraproject.org/koji/taskinfo?taskID=98150241

https://github.com/containers/toolbox/issues/188
2023-03-01 17:06:58 +01:00
Debarshi Ray
fc5f568c5d cmd/root: Don't use podman(1) when generating the completions
Ever since commit bafbbe81c9, the shell completions are generated
while building Toolbx using the 'completion' command.  This involves
running toolbox(1) itself, and hence invoking 'podman version' to decide
if 'podman system migrate' is needed or not.

Unfortunately, some build environments, like Fedora's, are set up inside
a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may
not work because it does various things with namespaces(7) and clone(2)
that can, under certain circumstances, encounter an EPERM.

Therefore, it's better to avoid using podman(1) when generating the
shell completions, especially, since they are generated by Cobra itself
and podman(1) is not involved at all.

Note that podman(1) is needed when the generated shell completions are
actually used in interactive command line environments.  The shell
completions invoke the hidden '__complete' command to get the results
that are presented to the user, and, if needed, 'podman system migrate'
will continue to be run as part of that.

This partially reverts commit f3e005d014
because podman(1) is now only an optional runtime dependency for the
system tests.

https://github.com/containers/podman/issues/17657
2023-02-28 19:30:29 +01:00
Debarshi Ray
f7c4c7dedb Release 0.0.99.4
https://github.com/containers/toolbox/pull/1241
2023-02-20 17:02:55 +01:00
Debarshi Ray
8af015ed37 cmd/create, cmd/run: Style fixes
It's better not to use the global flag variables beyond the top-level
RunE functions, because sometimes the lower-level functions are re-used
from other files within the 'cmd' package.  In this case,
createContainer(), and hence pullImage(), is also used in src/cmd/run.go
to implement the 'run' command.  However, the 'run' command doesn't have
a --authflags option.

Since the default value of the flag is the zero value of the type, which
is a NOP in the code, it's likely that the code was still correct, but
it will be better to maintain some discipline here to highlight the
inputs needed by the lower-level functions.  Otherwise, things can get
tangled up.

Fallout from ecd1ced719

https://github.com/containers/toolbox/pull/1240
2023-02-16 15:14:33 +01:00
Debarshi Ray
48c07b8e5b doc/toolbox-create: Fix typo
The rest of the manual refers to the file passed to the --authfile
option as FILE, not AUTHFILE.

Fallout from ecd1ced719

https://github.com/containers/toolbox/pull/1240
2023-02-16 14:48:32 +01:00
Debarshi Ray
34baa10f41 pkg/utils: Update fallback release to 37 for non-fedora hosts
Fedora 34 reached End of Life on 7th June 2022:
https://docs.fedoraproject.org/en-US/releases/eol/

https://github.com/containers/toolbox/pull/1239
2023-02-16 14:12:05 +01:00
Debarshi Ray
31e01ac46b images: Add fedora-toolbox image definition for Fedora 39
This is untested because the registry.fedoraproject.org/fedora:39 base
image doesn't yet exist:
  $ podman build --squash --tag localhost/fedora-toolbox:39
    images/fedora/f39/
  STEP 1/19: FROM registry.fedoraproject.org/fedora:39
  Trying to pull registry.fedoraproject.org/fedora:39...
  Error: creating build container: initializing source
    docker://registry.fedoraproject.org/fedora:39: reading manifest 39
    in registry.fedoraproject.org/fedora: manifest unknown

https://github.com/containers/toolbox/issues/1233
2023-02-10 22:02:41 +01:00
Debarshi Ray
2a5f20e1b4 doc/toolbox, doc/toolbox-run: Refer to a newer Fedora release
Fedora 35 reached End of Life on 13th December 2022:
https://docs.fedoraproject.org/en-US/releases/eol/

https://github.com/containers/toolbox/pull/1237
2023-02-10 22:00:16 +01:00
Debarshi Ray
419e4e8cd9 .zuul: Drop testing on Fedora 35
Fedora 35 reached End of Life on 13th December 2022:
https://docs.fedoraproject.org/en-US/releases/eol/

https://github.com/containers/toolbox/pull/1237
2023-02-10 21:54:12 +01:00
Debarshi Ray
d0421dcd2b .zuul: Enable testing on Fedora 37
https://github.com/containers/toolbox/pull/1237
2023-02-10 21:46:01 +01:00
Debarshi Ray
8af80292d3 pkg/utils: Preserve the session class
In order to work with systemd-logind, a display manager is expected to
set the session class [1].  Setting the XDG_SESSION_CLASS environment
variable is one way to do that.

It's worth noting that the GNOME Display Manager (or GDM) does set
XDG_SESSION_CLASS [2] even though GNOME Shell uses other means to
differentiate between 'greeter' and 'user' sessions.

[1] https://www.freedesktop.org/wiki/Software/systemd/writing-display-managers/

[2] GDM commit 29ebbbb37bb65fad
    https://gitlab.gnome.org/GNOME/gdm/-/commit/29ebbbb37bb65fad
    https://bugzilla.gnome.org/show_bug.cgi?id=670100

https://github.com/containers/toolbox/issues/992
2023-02-10 20:18:57 +01:00
Debarshi Ray
6fcda6974f cmd/initContainer: Give access to /run/systemd/users from the host
Just like /run/systemd/sessions makes it possible to get the seat for a
session ID, /run/systemd/users can make it possible to get the seat and
the session ID for a user's UID.

The absence of /run/systemd/users inside Toolbx containers isn't
currently causing problems for any use-case, but it seems very close
to the sort of things that were necessary to run a non-nested display
server from within a Toolbx container on a virtual terminal.  It's not
impossible that in future some implementation details of the display
server stack may make /run/systemd/users necessary.

https://github.com/containers/toolbox/issues/992
2023-02-10 19:52:39 +01:00
Sebastian Wick
5de1fae219 cmd/initContainer: Make sd_booted(3) work inside Toolbx containers
Not having sd_booted(3) work inside Toolbx containers isn't currently
causing problems for any use-case.  However, it did come in handy when
investigating how to run a non-nested display server from within a
Toolbx container on a virtual terminal, because it's necessary for
'systemd --user' to realize that the host operating system was booted
with systemd.

https://github.com/containers/toolbox/issues/992

Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
2023-02-10 19:38:57 +01:00
Sebastian Wick
9979c275e8 cmd/create: Use the host's cgroup namespace for the Toolbx container
Podman creates a private cgroup namespace for containers on cgroups v2
by default.  The host's cgroupfs is mounted at /sys/fs/cgroup giving an
inconsistent view of the cgroups.  Toolbx doesn't intend to provide a
segregated security domain.  So, there is no need for a cgroup namespace
and Toolbx containers can just use the host's namespace.

Having a private cgroup namespace for containers isn't currently causing
problems for any use-case, but it did come in handy when investigating
how to run a non-nested display server from within a Toolbx container on
a virtual terminal.  Since this requires a change to the 'podman create'
arguments, it's not going to have an effect on existing containers, and
re-creating containers is annoying for users.  So, it might be better to
get ahead of the curve and do it preemptively.

https://github.com/containers/toolbox/issues/992

Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
2023-02-10 17:22:06 +01:00
Jonas Ådahl
8bb9fc6bc4 cmd/initContainer: Give access to /run/udev/tags from the host
This is needed by display servers for creating udev device enumerators
that matches against tags.

https://github.com/containers/toolbox/issues/992

Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
2023-02-09 17:38:58 +01:00
Jonas Ådahl
850ba73a7c cmd/initContainer: Enable display servers to get the seat for a session
... by giving access to /run/systemd/sessions from the host operating
system.

https://github.com/containers/toolbox/issues/992

Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
2023-02-09 17:34:27 +01:00
Debarshi Ray
e0cd693893 images: Add toolbox image definitions for RHELs 8.5, 8.6 and 8.7
This is the full definition of the UBI-based toolbox image published for
RHEL 8 >= 8.5 [1] at registry.access.redhat.com/ubi8/toolbox:8.7 and
such. Note that the Dockerfile used to build this image was already
available to the public [2], but didn't include all the files necessary
to build it.

The FROM line has been changed to registry.access.redhat.com/ubi8:8.7
and such so that it can be built outside Red Hat's build system and
always points to the desired RHEL version.

[1] https://catalog.redhat.com/software/containers/ubi8/toolbox/611bd665bd674341b5c5ed46

[2] https://catalog.redhat.com/software/containers/ubi8/toolbox/611bd665bd674341b5c5ed46?container-tabs=dockerfile

https://github.com/containers/toolbox/pull/1232
2023-02-07 22:19:59 +01:00
Debarshi Ray
735eca63b7 images: Add toolbox image definition for RHEL 9.1
This is the full definition of the UBI-based toolbox image published for
RHEL 9.1 [1] at registry.access.redhat.com/ubi9/toolbox:9.1.  Note that
the Dockerfile used to build this image was already available to the
public [2], but didn't include all the files necessary to build it.

However, this has some minor deviations from the published image.  The
FROM line has been changed to registry.access.redhat.com/ubi9:9.1 so
that it can be built outside Red Hat's build system and always points to
the desired RHEL version.  The extra-packages file doesn't have
gnupg2-smime because it doesn't seem to be actually part of the UBI RPM
repositories, and it's not clear how it works inside Red Hat's build
system.  Otherwise, 'podman build' fails with:
  STEP 11/14: RUN dnf -y install $(<extra-packages)
  ...
  Last metadata expiration check: 0:00:23 ago on Tue Feb  7 18:50:13...
  ...
  No match for argument: gnupg2-smime
  ...
  Error: Unable to find a match: gnupg2-smime
  Error: building at STEP "RUN dnf -y install $(<extra-packages)": while
    running runtime: exit status 1

[1] https://catalog.redhat.com/software/containers/ubi9/toolbox/61532d7dd2c7f84a4d2ed86b

[2] https://catalog.redhat.com/software/containers/ubi9/toolbox/61532d7dd2c7f84a4d2ed86b?container-tabs=dockerfile

https://github.com/containers/toolbox/pull/1232
2023-02-07 22:19:54 +01:00
Debarshi Ray
470a15ff71 images: Synchronize README.md
The canonical copy of README.md contains banners and labels in the
header that aren't useful when the file is shipped as part of the
images.  Hence, those were removed.

Only the images for currently maintained Fedoras (ie., 36, 37 and 38)
were updated.

https://github.com/containers/toolbox/pull/1231
2023-02-07 20:46:38 +01:00
Debarshi Ray
6a3c5ce8d1 images/fedora/f37, images/fedora/f38: Replace jwhois with whois
Since Fedora 37, the whois package has replaced jwhois as the default
whois(1) implementation [1] on Fedora Silverblue and Workstation.

[1] fedora-comps commit e4bf2706306c219a
    https://pagure.io/fedora-comps/c/e4bf2706306c219a
    https://pagure.io/fedora-comps/pull-request/729
    https://fedoraproject.org/wiki/Changes/Replace_jwhois_with_whois_in_Fedora_Workstation

https://github.com/containers/toolbox/pull/1228
2023-02-02 20:15:12 +01:00
Debarshi Ray
707607d839 images: Ensure that the gpg2(1), gnupg2(7), etc. manuals are available
It turns out that at least since Fedora 30 [1], the gnupg2 package has
been part of the fedora base image, because it's required by the dnf
package:
  dnf -> python3-dnf -> python3-libdnf -> libdnf -> gpgme -> gnupg2

Hence, the need to restore the gnupg2 documentation that was stripped
out in the base image.

Only the images for currently maintained Fedoras (ie., 36, 37 and 38)
were updated.

[1] It's difficult to find out if the gnupg2 package wasn't part of the
    fedora base image before Fedora 30, because those images are no
    longer available from registry.fedoraproject.org.

https://github.com/containers/toolbox/pull/1228
2023-02-02 17:25:31 +01:00
Debarshi Ray
d22fa5b731 images: Use the package name instead of a virtual Provides for gnupg2
The package for GnuPG 2.0 has always been called gnupg2 [1], so this
must have been a mistake.

Only the images for currently maintained Fedoras (ie., 36, 37 and 38)
were updated.

Fallout from 34bfd0317d

[1] https://pagure.io/fedora-comps/blob/main/f/comps-f21.xml.in

https://github.com/containers/toolbox/pull/1228
2023-02-02 16:52:45 +01:00
Debarshi Ray
4f907d32f3 images: Ensure that the kill(1), mount(8), etc. manuals are available
Note that in the past, it was observed that the util-linux package was
no longer part of the fedora base images starting from Fedora 35 [1],
and indeed it wasn't [2].  However, later the util-linux-core subset was
restored from Fedora 36 onwards [3].  Hence, the need to restore the
util-linux-core documentation that was stripped out in the base image.

Only the images for currently maintained Fedoras (ie., 36, 37 and 38)
were updated.

Original patch from Jens Petersen for Fedora [4].

[1] Commit df05e276b2
    https://github.com/containers/toolbox/issues/929

[2] fedora-kickstarts commit 1f3645b72d46a0a7
    https://pagure.io/fedora-kickstarts/c/1f3645b72d46a0a7
    https://bugzilla.redhat.com/show_bug.cgi?id=1951111

[3] fedora-kickstarts commit 4477181faf75e105
    https://pagure.io/fedora-kickstarts/c/4477181faf75e105

[4] Fedora fedora-toolbox commit 805dc32c280b10f3
    https://src.fedoraproject.org/container/fedora-toolbox/c/805dc32c280b10f3

https://github.com/containers/toolbox/pull/1227
2023-02-01 21:57:01 +01:00
Debarshi Ray
a2ef3a292c images: Ensure that the cat(1), cp(1), ls(1), etc. manuals are available
Only the images for currently maintained Fedoras (ie., 36, 37 and 38)
were updated.

Original patch from Jens Petersen for Fedora [1].

[1] Fedora fedora-toolbox commit 98d9106a1f2f7a30
    https://src.fedoraproject.org/container/fedora-toolbox/c/98d9106a1f2f7a30

https://github.com/containers/toolbox/pull/1226
2023-02-01 19:26:36 +01:00
Debarshi Ray
ff1212e103 images: Ensure that the desired manuals are indeed present
Building an OCI image leads to so much spew that it's hard to notice if
something unexpected happened, and as seen in the previous commit [1],
unexpected things do happen.

Therefore, this adds a built-in test to ensure that the desired files
are actually present in the final image.  Right now it only checks the
presence of some representative manuals to ensure that the packages
listed in the 'missing-docs' file really do get reinstalled, and the
documentation that was stripped out in the base image really does get
restored.

Only the images for currently maintained Fedoras (ie., 36, 37 and 38)
were updated.

[1] Commit 1fc50176c9
    https://github.com/containers/toolbox/pull/1226

https://github.com/containers/toolbox/pull/1226
2023-02-01 19:21:59 +01:00
Debarshi Ray
1fc50176c9 images: Avoid unexpected DNF behaviour when reinstalling or swapping
The RPM packages in the base 'fedora' image can be older than the those
currently available in the DNF 'updates' repository [1], but at the same
time newer than those available in the DNF 'fedora' repository [1].  The
first part happens because the base image isn't updated as often as the
individual packages, so the 'updates' repository can have newer RPMs.
The second part happens because the base image does get updated after a
stable Fedora has been released, and hence can have newer RPMs than the
'fedora' repository.

This is complicated by the fact that packages can get pulled directly
from Fedora's Koji build system into the base 'fedora' image before
they make it to one of the well-known repositories like 'fedora' or
'updates' [1].  These packages are marked as having come from the
koji-override-0 repository.

All that combined can lead to unexpected behaviour when DNF is invoked
to reinstall or swap the RPM packages in the base image.  Some examples
below.

The base fedora:36 image contains glibc-minimal-langpack-2.35-20.fc36
that came from koji-override-0, while 'fedora' and 'updates' have
glibc-all-langpacks-2.35-4.fc36 and glibc-all-langpacks-2.35-22.fc36
respectively.  This leads to:
  STEP 8/15: RUN dnf -y swap glibc-minimal-langpack glibc-all-langpacks
  Last metadata expiration check: 0:00:03 ago on Wed Feb  1 12:37:04...
  Dependencies resolved.
  ======================================================================
   Package                   Arch      Version          Repository
  ======================================================================
  Installing:
   glibc-all-langpacks       x86_64    2.35-4.fc36      fedora
  Removing:
   glibc-minimal-langpack    x86_64    2.35-20.fc36     @koji-override-0
  Downgrading:
   glibc                     x86_64    2.35-4.fc36      fedora
   glibc-common              x86_64    2.35-4.fc36      fedora

That's unexpected.  Instead of upgrading all the glibc sub-packages to
the latest version from 'updates', it's downgrading them to the older
version from 'fedora'.

Similarly, the base fedora:36 image has bash-5.2.9-2.fc36.x86_64 from
koji-override-0, and there is bash-5.2.15-1.fc36.x86_64 in 'updates'.
This leads to:
  STEP 10/15: RUN dnf -y reinstall $(<missing-docs)
  Last metadata expiration check: 0:00:06 ago on Wed Feb  1 12:37:04...
  Package acl available, but not installed.
  No match for argument: acl
  Installed package bash-5.2.9-2.fc36.x86_64 (from koji-override-0) not
    available.

That's unexpected.  Instead of upgrading bash to the latest version from
'updates', it's simply skipping the 'reinstall', which means that the
documentation that was stripped out in the base image doesn't get
restored.

Updating all the RPM packages in the base 'fedora' image to match the
contents of the 'updates' repository before making any changes to the
image's package set will avoid such unexpected behaviour.

Only the images for currently maintained Fedoras (ie., 36, 37 and 38)
were updated.

[1] https://docs.fedoraproject.org/en-US/quick-docs/repositories/

https://github.com/containers/toolbox/pull/1226
2023-02-01 19:17:14 +01:00
Debarshi Ray
0fa328dec2 images/fedora/f36: Pull in the i18n and l10n fixes from f37 and f38
This is a combination of the following commits:
  * e6a27d7926
  * f5388cfc06
  * 5b4a4449b0
  * 42dbd8e182

https://github.com/containers/toolbox/issues/60
2023-02-01 01:05:26 +01:00
Debarshi Ray
42dbd8e182 images/fedora/f37, images/fedora/f38: Fix typos
Fallout from f5388cfc06

https://github.com/containers/toolbox/issues/60
2023-02-01 01:03:18 +01:00
Debarshi Ray
5b4a4449b0 images/fedora/f37, images/fedora/f38: Configure RPM before using DNF
Changes to the RPM configuration should happen before DNF is used.
Otherwise, those changes won't affect the DNF invocations.

Fallout from f5388cfc06

https://github.com/containers/toolbox/issues/60
2023-02-01 01:02:49 +01:00