commit: f6292dce964604be66ac6664900ad621f3122bb5 Author: Rahil Bhimjiani <me <AT> rahil <DOT> rocks> AuthorDate: Wed Jul 23 11:51:19 2025 +0000 Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> CommitDate: Thu Jul 24 00:30:33 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6292dce
app-containers/buildah: update to 1.41.0 * dynamically link sqlite instead of statically compiling into binary https://github.com/containers/buildah/commit/e5b8765 * cleanup of hack/btrfs_tag.sh which added btrfs_noversion tag when -btrfs https://github.com/containers/buildah/commit/7a482ac Signed-off-by: Rahil Bhimjiani <me <AT> rahil.rocks> From: https://github.com/gentoo/gentoo/pull/43118 Signed-off-by: Zac Medico <zmedico <AT> gentoo.org> app-containers/buildah/Manifest | 1 + .../{buildah-9999.ebuild => buildah-1.41.0.ebuild} | 16 ++++++++++++---- app-containers/buildah/buildah-9999.ebuild | 16 ++++++++++++---- .../buildah/files/buildah-1.41.0-disable-tests.patch | 8 ++++++++ 4 files changed, 33 insertions(+), 8 deletions(-) diff --git a/app-containers/buildah/Manifest b/app-containers/buildah/Manifest index 4abed9a63ef7..cf9070739271 100644 --- a/app-containers/buildah/Manifest +++ b/app-containers/buildah/Manifest @@ -1,3 +1,4 @@ DIST buildah-1.39.4.tar.gz 18657348 BLAKE2B 470767805ea5d2140da092aaaf0d55a78d32d1bc1bb14f3a1e6da0a751f8618b29e7d01f25c745234cee734ef4299ad442ea42e1326e186cdd9e6834152c9571 SHA512 c721660f94010a0dc8b01502db565b486c53962ee1933e03dd2297cf5d30ac9edef6c92491f41c8c61bee946302e7a39ecff55b2ad3e34ed649222c9655262c2 DIST buildah-1.40.0.tar.gz 12321438 BLAKE2B 3d923ddd249fd93476a8e88b72b1989b4bead9b282657d372c2aa04da0d787ee8e807cb74bface8a165ae0282ead791eb3da20a73751b63e3cfe7ee6ab34bd94 SHA512 bb96d04a17ab5a77e5d984dca369e3890131044c505ae3b030d95ffd66378df22da33315a50c9e500e783345ded23ebacdfa0965002a18e1d929c5fa3ce39311 DIST buildah-1.40.1.tar.gz 12329760 BLAKE2B dd5be8e27be8c37b211dd3009d8533f44d234ef6bc8f5405a258931b51f0b79a1b5dc456e3e0269ca9b4c4e981c226c97ff51876ae2f1836bc16c974838f5615 SHA512 6b37b6cc5fa3d7972800cfaef5919df8ee6c9220e8635850ee9d8356645b08afa4252d688f4316b3265e5f6aef6fa0647fb4f7602b7add292fc8b56a74c4fa1f +DIST buildah-1.41.0.tar.gz 11971274 BLAKE2B af197271bf519f84d1e7d08cbaab6a4aef3d1bdc234eaf8127f33e1fdd0c3f66c09262bf1aef9776d8d3fdfd853ae23cccd4ae6fcd06b2f86b7769d82f71617a SHA512 50be5c400a5063c12d5b97dc285d4969e50e88fa21de537f1c2317df36a1ccabf26ba70ece9e3e5c891e76ee8d85ab946029dc240de40ec88c86ad678e963823 diff --git a/app-containers/buildah/buildah-9999.ebuild b/app-containers/buildah/buildah-1.41.0.ebuild similarity index 83% copy from app-containers/buildah/buildah-9999.ebuild copy to app-containers/buildah/buildah-1.41.0.ebuild index 5418098db860..74266c13ab8f 100644 --- a/app-containers/buildah/buildah-9999.ebuild +++ b/app-containers/buildah/buildah-1.41.0.ebuild @@ -37,6 +37,7 @@ RDEPEND=" apparmor? ( sys-libs/libapparmor:= ) >=app-containers/containers-common-0.58.0-r1 app-crypt/gpgme:= + dev-db/sqlite:3= dev-libs/libgpg-error:= dev-libs/libassuan:= sys-apps/shadow:= @@ -58,7 +59,7 @@ src_prepare() { # ensure all necessary files are there local file for file in docs/Makefile hack/libsubid_tag.sh hack/apparmor_tag.sh \ - hack/systemd_tag.sh btrfs_installed_tag.sh btrfs_tag.sh; do + hack/systemd_tag.sh hack/sqlite_tag.sh btrfs_installed_tag.sh; do [[ -f "${file}" ]] || die done @@ -77,13 +78,20 @@ src_prepare() { $(usex systemd 'echo systemd' echo) EOF - echo -e "#!/usr/bin/env bash\n echo" > btrfs_installed_tag.sh || die - cat <<-EOF > btrfs_tag.sh || die + cat <<-EOF > btrfs_installed_tag.sh || die #!/usr/bin/env bash $(usex btrfs echo 'echo exclude_graphdriver_btrfs') EOF - use test || eapply "${FILESDIR}/${PN}-1.40.1-disable-tests.patch" + # instead of statically compiling sqlite into binary dynamically link it + # for better security and smaller binary size. + # Refer https://github.com/containers/buildah/commit/e5b8765 + cat <<-EOF > hack/sqlite_tag.sh || die + #!/usr/bin/env bash + echo libsqlite3 + EOF + + use test || eapply "${FILESDIR}/${PN}-1.41.0-disable-tests.patch" } src_compile() { diff --git a/app-containers/buildah/buildah-9999.ebuild b/app-containers/buildah/buildah-9999.ebuild index 5418098db860..74266c13ab8f 100644 --- a/app-containers/buildah/buildah-9999.ebuild +++ b/app-containers/buildah/buildah-9999.ebuild @@ -37,6 +37,7 @@ RDEPEND=" apparmor? ( sys-libs/libapparmor:= ) >=app-containers/containers-common-0.58.0-r1 app-crypt/gpgme:= + dev-db/sqlite:3= dev-libs/libgpg-error:= dev-libs/libassuan:= sys-apps/shadow:= @@ -58,7 +59,7 @@ src_prepare() { # ensure all necessary files are there local file for file in docs/Makefile hack/libsubid_tag.sh hack/apparmor_tag.sh \ - hack/systemd_tag.sh btrfs_installed_tag.sh btrfs_tag.sh; do + hack/systemd_tag.sh hack/sqlite_tag.sh btrfs_installed_tag.sh; do [[ -f "${file}" ]] || die done @@ -77,13 +78,20 @@ src_prepare() { $(usex systemd 'echo systemd' echo) EOF - echo -e "#!/usr/bin/env bash\n echo" > btrfs_installed_tag.sh || die - cat <<-EOF > btrfs_tag.sh || die + cat <<-EOF > btrfs_installed_tag.sh || die #!/usr/bin/env bash $(usex btrfs echo 'echo exclude_graphdriver_btrfs') EOF - use test || eapply "${FILESDIR}/${PN}-1.40.1-disable-tests.patch" + # instead of statically compiling sqlite into binary dynamically link it + # for better security and smaller binary size. + # Refer https://github.com/containers/buildah/commit/e5b8765 + cat <<-EOF > hack/sqlite_tag.sh || die + #!/usr/bin/env bash + echo libsqlite3 + EOF + + use test || eapply "${FILESDIR}/${PN}-1.41.0-disable-tests.patch" } src_compile() { diff --git a/app-containers/buildah/files/buildah-1.41.0-disable-tests.patch b/app-containers/buildah/files/buildah-1.41.0-disable-tests.patch new file mode 100644 index 000000000000..5dc44589b1df --- /dev/null +++ b/app-containers/buildah/files/buildah-1.41.0-disable-tests.patch @@ -0,0 +1,8 @@ +--- a/Makefile ++++ b/Makefile +@@ -62,1 +62,1 @@ +-all: bin/buildah bin/imgtype bin/copy bin/inet bin/tutorial bin/dumpspec bin/passwd docs ++all: bin/buildah docs +@@ -122 +122 @@ +-docs: install.tools ## build the docs on the host ++docs: ## build the docs on the host
